1 #include "first.h" 2 3 #include "buffer.h" 4 #include "server.h" 5 #include "keyvalue.h" 6 #include "log.h" 7 8 #include "http_chunk.h" 9 #include "fdevent.h" 10 #include "connections.h" 11 #include "response.h" 12 #include "joblist.h" 13 14 #include "plugin.h" 15 16 #include "inet_ntop_cache.h" 17 #include "stat_cache.h" 18 #include "status_counter.h" 19 20 #include <sys/types.h> 21 #include <unistd.h> 22 #include <errno.h> 23 #include <fcntl.h> 24 #include <string.h> 25 #include <stdlib.h> 26 #include <ctype.h> 27 #include <assert.h> 28 #include <signal.h> 29 30 #ifdef HAVE_FASTCGI_FASTCGI_H 31 # include <fastcgi/fastcgi.h> 32 #else 33 # ifdef HAVE_FASTCGI_H 34 # include <fastcgi.h> 35 # else 36 # include "fastcgi.h" 37 # endif 38 #endif /* HAVE_FASTCGI_FASTCGI_H */ 39 40 #include <stdio.h> 41 42 #include "sys-socket.h" 43 44 #ifdef HAVE_SYS_UIO_H 45 #include <sys/uio.h> 46 #endif 47 #ifdef HAVE_SYS_WAIT_H 48 #include <sys/wait.h> 49 #endif 50 51 /* 52 * 53 * TODO: 54 * 55 * - add timeout for a connect to a non-fastcgi process 56 * (use state_timestamp + state) 57 * 58 */ 59 60 typedef struct fcgi_proc { 61 size_t id; /* id will be between 1 and max_procs */ 62 buffer *unixsocket; /* config.socket + "-" + id */ 63 unsigned port; /* config.port + pno */ 64 65 buffer *connection_name; /* either tcp:<host>:<port> or unix:<socket> for debugging purposes */ 66 67 pid_t pid; /* PID of the spawned process (0 if not spawned locally) */ 68 69 70 size_t load; /* number of requests waiting on this process */ 71 72 size_t requests; /* see max_requests */ 73 struct fcgi_proc *prev, *next; /* see first */ 74 75 time_t disabled_until; /* this proc is disabled until, use something else until then */ 76 77 int is_local; 78 79 enum { 80 PROC_STATE_UNSET, /* init-phase */ 81 PROC_STATE_RUNNING, /* alive */ 82 PROC_STATE_OVERLOADED, /* listen-queue is full, 83 don't send anything to this proc for the next 2 seconds */ 84 PROC_STATE_DIED_WAIT_FOR_PID, /* */ 85 PROC_STATE_DIED, /* marked as dead, should be restarted */ 86 PROC_STATE_KILLED /* was killed as we don't have the load anymore */ 87 } state; 88 } fcgi_proc; 89 90 typedef struct { 91 /* the key that is used to reference this value */ 92 buffer *id; 93 94 /* list of processes handling this extension 95 * sorted by lowest load 96 * 97 * whenever a job is done move it up in the list 98 * until it is sorted, move it down as soon as the 99 * job is started 100 */ 101 fcgi_proc *first; 102 fcgi_proc *unused_procs; 103 104 /* 105 * spawn at least min_procs, at max_procs. 106 * 107 * as soon as the load of the first entry 108 * is max_load_per_proc we spawn a new one 109 * and add it to the first entry and give it 110 * the load 111 * 112 */ 113 114 unsigned short max_procs; 115 size_t num_procs; /* how many procs are started */ 116 size_t active_procs; /* how many of them are really running, i.e. state = PROC_STATE_RUNNING */ 117 118 /* 119 * time after a disabled remote connection is tried to be re-enabled 120 * 121 * 122 */ 123 124 unsigned short disable_time; 125 126 /* 127 * some fastcgi processes get a little bit larger 128 * than wanted. max_requests_per_proc kills a 129 * process after a number of handled requests. 130 * 131 */ 132 size_t max_requests_per_proc; 133 134 135 /* config */ 136 137 /* 138 * host:port 139 * 140 * if host is one of the local IP adresses the 141 * whole connection is local 142 * 143 * if port is not 0, and host is not specified, 144 * "localhost" (INADDR_LOOPBACK) is assumed. 145 * 146 */ 147 buffer *host; 148 unsigned short port; 149 sa_family_t family; 150 151 /* 152 * Unix Domain Socket 153 * 154 * instead of TCP/IP we can use Unix Domain Sockets 155 * - more secure (you have fileperms to play with) 156 * - more control (on locally) 157 * - more speed (no extra overhead) 158 */ 159 buffer *unixsocket; 160 161 /* if socket is local we can start the fastcgi 162 * process ourself 163 * 164 * bin-path is the path to the binary 165 * 166 * check min_procs and max_procs for the number 167 * of process to start up 168 */ 169 buffer *bin_path; 170 171 /* bin-path is set bin-environment is taken to 172 * create the environement before starting the 173 * FastCGI process 174 * 175 */ 176 array *bin_env; 177 178 array *bin_env_copy; 179 180 /* 181 * docroot-translation between URL->phys and the 182 * remote host 183 * 184 * reasons: 185 * - different dir-layout if remote 186 * - chroot if local 187 * 188 */ 189 buffer *docroot; 190 191 /* 192 * check_local tells you if the phys file is stat()ed 193 * or not. FastCGI doesn't care if the service is 194 * remote. If the web-server side doesn't contain 195 * the fastcgi-files we should not stat() for them 196 * and say '404 not found'. 197 */ 198 unsigned short check_local; 199 200 /* 201 * append PATH_INFO to SCRIPT_FILENAME 202 * 203 * php needs this if cgi.fix_pathinfo is provided 204 * 205 */ 206 207 unsigned short break_scriptfilename_for_php; 208 209 /* 210 * workaround for program when prefix="/" 211 * 212 * rule to build PATH_INFO is hardcoded for when check_local is disabled 213 * enable this option to use the workaround 214 * 215 */ 216 217 unsigned short fix_root_path_name; 218 219 /* 220 * If the backend includes X-Sendfile in the response 221 * we use the value as filename and ignore the content. 222 * 223 */ 224 unsigned short xsendfile_allow; 225 array *xsendfile_docroot; 226 227 ssize_t load; /* replace by host->load */ 228 229 size_t max_id; /* corresponds most of the time to 230 num_procs. 231 232 only if a process is killed max_id waits for the process itself 233 to die and decrements it afterwards */ 234 235 buffer *strip_request_uri; 236 237 unsigned short kill_signal; /* we need a setting for this as libfcgi 238 applications prefer SIGUSR1 while the 239 rest of the world would use SIGTERM 240 *sigh* */ 241 242 int listen_backlog; 243 int refcount; 244 } fcgi_extension_host; 245 246 /* 247 * one extension can have multiple hosts assigned 248 * one host can spawn additional processes on the same 249 * socket (if we control it) 250 * 251 * ext -> host -> procs 252 * 1:n 1:n 253 * 254 * if the fastcgi process is remote that whole goes down 255 * to 256 * 257 * ext -> host -> procs 258 * 1:n 1:1 259 * 260 * in case of PHP and FCGI_CHILDREN we have again a procs 261 * but we don't control it directly. 262 * 263 */ 264 265 typedef struct { 266 buffer *key; /* like .php */ 267 268 int note_is_sent; 269 int last_used_ndx; 270 271 fcgi_extension_host **hosts; 272 273 size_t used; 274 size_t size; 275 } fcgi_extension; 276 277 typedef struct { 278 fcgi_extension **exts; 279 280 size_t used; 281 size_t size; 282 } fcgi_exts; 283 284 285 typedef struct { 286 fcgi_exts *exts; 287 fcgi_exts *exts_auth; 288 fcgi_exts *exts_resp; 289 290 array *ext_mapping; 291 292 unsigned int debug; 293 } plugin_config; 294 295 typedef struct { 296 char **ptr; 297 298 size_t size; 299 size_t used; 300 } char_array; 301 302 /* generic plugin data, shared between all connections */ 303 typedef struct { 304 PLUGIN_DATA; 305 306 buffer *fcgi_env; 307 308 buffer *statuskey; 309 310 plugin_config **config_storage; 311 312 plugin_config conf; /* this is only used as long as no handler_ctx is setup */ 313 } plugin_data; 314 315 /* connection specific data */ 316 typedef enum { 317 FCGI_STATE_INIT, 318 FCGI_STATE_CONNECT_DELAYED, 319 FCGI_STATE_PREPARE_WRITE, 320 FCGI_STATE_WRITE, 321 FCGI_STATE_READ 322 } fcgi_connection_state_t; 323 324 typedef struct { 325 fcgi_proc *proc; 326 fcgi_extension_host *host; 327 fcgi_extension *ext; 328 fcgi_extension *ext_auth; /* (might be used in future to allow multiple authorizers)*/ 329 unsigned short fcgi_mode; /* FastCGI mode: FCGI_AUTHORIZER or FCGI_RESPONDER */ 330 331 fcgi_connection_state_t state; 332 time_t state_timestamp; 333 334 chunkqueue *rb; /* read queue */ 335 chunkqueue *wb; /* write queue */ 336 off_t wb_reqlen; 337 338 buffer *response_header; 339 340 int fd; /* fd to the fastcgi process */ 341 int fde_ndx; /* index into the fd-event buffer */ 342 343 pid_t pid; 344 int got_proc; 345 int reconnects; /* number of reconnect attempts */ 346 347 int request_id; 348 int send_content_body; 349 350 plugin_config conf; 351 352 connection *remote_conn; /* dumb pointer */ 353 plugin_data *plugin_data; /* dumb pointer */ 354 } handler_ctx; 355 356 357 /* ok, we need a prototype */ 358 static handler_t fcgi_handle_fdevent(server *srv, void *ctx, int revents); 359 360 static void reset_signals(void) { 361 #ifdef SIGTTOU 362 signal(SIGTTOU, SIG_DFL); 363 #endif 364 #ifdef SIGTTIN 365 signal(SIGTTIN, SIG_DFL); 366 #endif 367 #ifdef SIGTSTP 368 signal(SIGTSTP, SIG_DFL); 369 #endif 370 signal(SIGHUP, SIG_DFL); 371 signal(SIGPIPE, SIG_DFL); 372 signal(SIGUSR1, SIG_DFL); 373 } 374 375 static void fastcgi_status_copy_procname(buffer *b, fcgi_extension_host *host, fcgi_proc *proc) { 376 buffer_copy_string_len(b, CONST_STR_LEN("fastcgi.backend.")); 377 buffer_append_string_buffer(b, host->id); 378 if (proc) { 379 buffer_append_string_len(b, CONST_STR_LEN(".")); 380 buffer_append_int(b, proc->id); 381 } 382 } 383 384 static void fcgi_proc_load_inc(server *srv, handler_ctx *hctx) { 385 plugin_data *p = hctx->plugin_data; 386 hctx->proc->load++; 387 388 status_counter_inc(srv, CONST_STR_LEN("fastcgi.active-requests")); 389 390 fastcgi_status_copy_procname(p->statuskey, hctx->host, hctx->proc); 391 buffer_append_string_len(p->statuskey, CONST_STR_LEN(".load")); 392 393 status_counter_set(srv, CONST_BUF_LEN(p->statuskey), hctx->proc->load); 394 } 395 396 static void fcgi_proc_load_dec(server *srv, handler_ctx *hctx) { 397 plugin_data *p = hctx->plugin_data; 398 hctx->proc->load--; 399 400 status_counter_dec(srv, CONST_STR_LEN("fastcgi.active-requests")); 401 402 fastcgi_status_copy_procname(p->statuskey, hctx->host, hctx->proc); 403 buffer_append_string_len(p->statuskey, CONST_STR_LEN(".load")); 404 405 status_counter_set(srv, CONST_BUF_LEN(p->statuskey), hctx->proc->load); 406 } 407 408 static void fcgi_host_assign(server *srv, handler_ctx *hctx, fcgi_extension_host *host) { 409 plugin_data *p = hctx->plugin_data; 410 hctx->host = host; 411 hctx->host->load++; 412 413 fastcgi_status_copy_procname(p->statuskey, hctx->host, NULL); 414 buffer_append_string_len(p->statuskey, CONST_STR_LEN(".load")); 415 416 status_counter_set(srv, CONST_BUF_LEN(p->statuskey), hctx->host->load); 417 } 418 419 static void fcgi_host_reset(server *srv, handler_ctx *hctx) { 420 plugin_data *p = hctx->plugin_data; 421 hctx->host->load--; 422 423 fastcgi_status_copy_procname(p->statuskey, hctx->host, NULL); 424 buffer_append_string_len(p->statuskey, CONST_STR_LEN(".load")); 425 426 status_counter_set(srv, CONST_BUF_LEN(p->statuskey), hctx->host->load); 427 428 hctx->host = NULL; 429 } 430 431 static void fcgi_host_disable(server *srv, handler_ctx *hctx) { 432 if (hctx->host->disable_time || hctx->proc->is_local) { 433 if (hctx->proc->state == PROC_STATE_RUNNING) hctx->host->active_procs--; 434 hctx->proc->disabled_until = srv->cur_ts + hctx->host->disable_time; 435 hctx->proc->state = hctx->proc->is_local ? PROC_STATE_DIED_WAIT_FOR_PID : PROC_STATE_DIED; 436 437 if (hctx->conf.debug) { 438 log_error_write(srv, __FILE__, __LINE__, "sds", 439 "backend disabled for", hctx->host->disable_time, "seconds"); 440 } 441 } 442 } 443 444 static int fastcgi_status_init(server *srv, buffer *b, fcgi_extension_host *host, fcgi_proc *proc) { 445 #define CLEAN(x) \ 446 fastcgi_status_copy_procname(b, host, proc); \ 447 buffer_append_string_len(b, CONST_STR_LEN(x)); \ 448 status_counter_set(srv, CONST_BUF_LEN(b), 0); 449 450 CLEAN(".disabled"); 451 CLEAN(".died"); 452 CLEAN(".overloaded"); 453 CLEAN(".connected"); 454 CLEAN(".load"); 455 456 #undef CLEAN 457 458 #define CLEAN(x) \ 459 fastcgi_status_copy_procname(b, host, NULL); \ 460 buffer_append_string_len(b, CONST_STR_LEN(x)); \ 461 status_counter_set(srv, CONST_BUF_LEN(b), 0); 462 463 CLEAN(".load"); 464 465 #undef CLEAN 466 467 return 0; 468 } 469 470 static handler_ctx * handler_ctx_init(void) { 471 handler_ctx * hctx; 472 473 hctx = calloc(1, sizeof(*hctx)); 474 force_assert(hctx); 475 476 hctx->fde_ndx = -1; 477 478 hctx->response_header = buffer_init(); 479 480 hctx->request_id = 0; 481 hctx->fcgi_mode = FCGI_RESPONDER; 482 hctx->state = FCGI_STATE_INIT; 483 hctx->proc = NULL; 484 485 hctx->fd = -1; 486 487 hctx->reconnects = 0; 488 hctx->send_content_body = 1; 489 490 hctx->rb = chunkqueue_init(); 491 hctx->wb = chunkqueue_init(); 492 hctx->wb_reqlen = 0; 493 494 return hctx; 495 } 496 497 static void handler_ctx_free(handler_ctx *hctx) { 498 /* caller MUST have called fcgi_backend_close(srv, hctx) if necessary */ 499 buffer_free(hctx->response_header); 500 501 chunkqueue_free(hctx->rb); 502 chunkqueue_free(hctx->wb); 503 504 free(hctx); 505 } 506 507 static void handler_ctx_clear(handler_ctx *hctx) { 508 /* caller MUST have called fcgi_backend_close(srv, hctx) if necessary */ 509 510 hctx->proc = NULL; 511 hctx->host = NULL; 512 hctx->ext = NULL; 513 /*hctx->ext_auth is intentionally preserved to flag prior authorizer*/ 514 515 hctx->fcgi_mode = FCGI_RESPONDER; 516 hctx->state = FCGI_STATE_INIT; 517 /*hctx->state_timestamp = 0;*//*(unused; left as-is)*/ 518 519 chunkqueue_reset(hctx->rb); 520 chunkqueue_reset(hctx->wb); 521 hctx->wb_reqlen = 0; 522 523 buffer_reset(hctx->response_header); 524 525 hctx->fd = -1; 526 hctx->fde_ndx = -1; 527 /*hctx->pid = -1;*//*(unused; left as-is)*/ 528 hctx->got_proc = 0; 529 hctx->reconnects = 0; 530 hctx->request_id = 0; 531 hctx->send_content_body = 1; 532 533 /*plugin_config conf;*//*(no need to reset for same request)*/ 534 535 /*hctx->remote_conn = NULL;*//*(no need to reset for same request)*/ 536 /*hctx->plugin_data = NULL;*//*(no need to reset for same request)*/ 537 } 538 539 static fcgi_proc *fastcgi_process_init(void) { 540 fcgi_proc *f; 541 542 f = calloc(1, sizeof(*f)); 543 f->unixsocket = buffer_init(); 544 f->connection_name = buffer_init(); 545 546 f->prev = NULL; 547 f->next = NULL; 548 549 return f; 550 } 551 552 static void fastcgi_process_free(fcgi_proc *f) { 553 if (!f) return; 554 555 fastcgi_process_free(f->next); 556 557 buffer_free(f->unixsocket); 558 buffer_free(f->connection_name); 559 560 free(f); 561 } 562 563 static fcgi_extension_host *fastcgi_host_init(void) { 564 fcgi_extension_host *f; 565 566 f = calloc(1, sizeof(*f)); 567 568 f->id = buffer_init(); 569 f->host = buffer_init(); 570 f->unixsocket = buffer_init(); 571 f->docroot = buffer_init(); 572 f->bin_path = buffer_init(); 573 f->bin_env = array_init(); 574 f->bin_env_copy = array_init(); 575 f->strip_request_uri = buffer_init(); 576 f->xsendfile_docroot = array_init(); 577 578 return f; 579 } 580 581 static void fastcgi_host_free(fcgi_extension_host *h) { 582 if (!h) return; 583 if (h->refcount) { 584 --h->refcount; 585 return; 586 } 587 588 buffer_free(h->id); 589 buffer_free(h->host); 590 buffer_free(h->unixsocket); 591 buffer_free(h->docroot); 592 buffer_free(h->bin_path); 593 buffer_free(h->strip_request_uri); 594 array_free(h->bin_env); 595 array_free(h->bin_env_copy); 596 array_free(h->xsendfile_docroot); 597 598 fastcgi_process_free(h->first); 599 fastcgi_process_free(h->unused_procs); 600 601 free(h); 602 603 } 604 605 static fcgi_exts *fastcgi_extensions_init(void) { 606 fcgi_exts *f; 607 608 f = calloc(1, sizeof(*f)); 609 610 return f; 611 } 612 613 static void fastcgi_extensions_free(fcgi_exts *f) { 614 size_t i; 615 616 if (!f) return; 617 618 for (i = 0; i < f->used; i++) { 619 fcgi_extension *fe; 620 size_t j; 621 622 fe = f->exts[i]; 623 624 for (j = 0; j < fe->used; j++) { 625 fcgi_extension_host *h; 626 627 h = fe->hosts[j]; 628 629 fastcgi_host_free(h); 630 } 631 632 buffer_free(fe->key); 633 free(fe->hosts); 634 635 free(fe); 636 } 637 638 free(f->exts); 639 640 free(f); 641 } 642 643 static int fastcgi_extension_insert(fcgi_exts *ext, buffer *key, fcgi_extension_host *fh) { 644 fcgi_extension *fe; 645 size_t i; 646 647 /* there is something */ 648 649 for (i = 0; i < ext->used; i++) { 650 if (buffer_is_equal(key, ext->exts[i]->key)) { 651 break; 652 } 653 } 654 655 if (i == ext->used) { 656 /* filextension is new */ 657 fe = calloc(1, sizeof(*fe)); 658 force_assert(fe); 659 fe->key = buffer_init(); 660 fe->last_used_ndx = -1; 661 buffer_copy_buffer(fe->key, key); 662 663 /* */ 664 665 if (ext->size == 0) { 666 ext->size = 8; 667 ext->exts = malloc(ext->size * sizeof(*(ext->exts))); 668 force_assert(ext->exts); 669 } else if (ext->used == ext->size) { 670 ext->size += 8; 671 ext->exts = realloc(ext->exts, ext->size * sizeof(*(ext->exts))); 672 force_assert(ext->exts); 673 } 674 ext->exts[ext->used++] = fe; 675 } else { 676 fe = ext->exts[i]; 677 } 678 679 if (fe->size == 0) { 680 fe->size = 4; 681 fe->hosts = malloc(fe->size * sizeof(*(fe->hosts))); 682 force_assert(fe->hosts); 683 } else if (fe->size == fe->used) { 684 fe->size += 4; 685 fe->hosts = realloc(fe->hosts, fe->size * sizeof(*(fe->hosts))); 686 force_assert(fe->hosts); 687 } 688 689 fe->hosts[fe->used++] = fh; 690 691 return 0; 692 693 } 694 695 INIT_FUNC(mod_fastcgi_init) { 696 plugin_data *p; 697 698 p = calloc(1, sizeof(*p)); 699 700 p->fcgi_env = buffer_init(); 701 702 p->statuskey = buffer_init(); 703 704 return p; 705 } 706 707 708 FREE_FUNC(mod_fastcgi_free) { 709 plugin_data *p = p_d; 710 711 UNUSED(srv); 712 713 buffer_free(p->fcgi_env); 714 buffer_free(p->statuskey); 715 716 if (p->config_storage) { 717 size_t i, j, n; 718 for (i = 0; i < srv->config_context->used; i++) { 719 plugin_config *s = p->config_storage[i]; 720 fcgi_exts *exts; 721 722 if (NULL == s) continue; 723 724 exts = s->exts; 725 726 if (exts) { 727 for (j = 0; j < exts->used; j++) { 728 fcgi_extension *ex; 729 730 ex = exts->exts[j]; 731 732 for (n = 0; n < ex->used; n++) { 733 fcgi_proc *proc; 734 fcgi_extension_host *host; 735 736 host = ex->hosts[n]; 737 738 for (proc = host->first; proc; proc = proc->next) { 739 if (proc->pid != 0) { 740 kill(proc->pid, host->kill_signal); 741 } 742 743 if (proc->is_local && 744 !buffer_string_is_empty(proc->unixsocket)) { 745 unlink(proc->unixsocket->ptr); 746 } 747 } 748 749 for (proc = host->unused_procs; proc; proc = proc->next) { 750 if (proc->pid != 0) { 751 kill(proc->pid, host->kill_signal); 752 } 753 if (proc->is_local && 754 !buffer_string_is_empty(proc->unixsocket)) { 755 unlink(proc->unixsocket->ptr); 756 } 757 } 758 } 759 } 760 761 fastcgi_extensions_free(s->exts); 762 fastcgi_extensions_free(s->exts_auth); 763 fastcgi_extensions_free(s->exts_resp); 764 } 765 array_free(s->ext_mapping); 766 767 free(s); 768 } 769 free(p->config_storage); 770 } 771 772 free(p); 773 774 return HANDLER_GO_ON; 775 } 776 777 static int env_add(char_array *env, const char *key, size_t key_len, const char *val, size_t val_len) { 778 char *dst; 779 size_t i; 780 781 if (!key || !val) return -1; 782 783 dst = malloc(key_len + val_len + 3); 784 memcpy(dst, key, key_len); 785 dst[key_len] = '='; 786 memcpy(dst + key_len + 1, val, val_len); 787 dst[key_len + 1 + val_len] = '\0'; 788 789 for (i = 0; i < env->used; i++) { 790 if (0 == strncmp(dst, env->ptr[i], key_len + 1)) { 791 /* don't care about free as we are in a forked child which is going to exec(...) */ 792 /* free(env->ptr[i]); */ 793 env->ptr[i] = dst; 794 return 0; 795 } 796 } 797 798 if (env->size == 0) { 799 env->size = 16; 800 env->ptr = malloc(env->size * sizeof(*env->ptr)); 801 } else if (env->size == env->used + 1) { 802 env->size += 16; 803 env->ptr = realloc(env->ptr, env->size * sizeof(*env->ptr)); 804 } 805 806 env->ptr[env->used++] = dst; 807 808 return 0; 809 } 810 811 static int parse_binpath(char_array *env, buffer *b) { 812 char *start; 813 size_t i; 814 /* search for spaces */ 815 816 start = b->ptr; 817 for (i = 0; i < buffer_string_length(b); i++) { 818 switch(b->ptr[i]) { 819 case ' ': 820 case '\t': 821 /* a WS, stop here and copy the argument */ 822 823 if (env->size == 0) { 824 env->size = 16; 825 env->ptr = malloc(env->size * sizeof(*env->ptr)); 826 } else if (env->size == env->used) { 827 env->size += 16; 828 env->ptr = realloc(env->ptr, env->size * sizeof(*env->ptr)); 829 } 830 831 b->ptr[i] = '\0'; 832 833 env->ptr[env->used++] = start; 834 835 start = b->ptr + i + 1; 836 break; 837 default: 838 break; 839 } 840 } 841 842 if (env->size == 0) { 843 env->size = 16; 844 env->ptr = malloc(env->size * sizeof(*env->ptr)); 845 } else if (env->size == env->used) { /* we need one extra for the terminating NULL */ 846 env->size += 16; 847 env->ptr = realloc(env->ptr, env->size * sizeof(*env->ptr)); 848 } 849 850 /* the rest */ 851 env->ptr[env->used++] = start; 852 853 if (env->size == 0) { 854 env->size = 16; 855 env->ptr = malloc(env->size * sizeof(*env->ptr)); 856 } else if (env->size == env->used) { /* we need one extra for the terminating NULL */ 857 env->size += 16; 858 env->ptr = realloc(env->ptr, env->size * sizeof(*env->ptr)); 859 } 860 861 /* terminate */ 862 env->ptr[env->used++] = NULL; 863 864 return 0; 865 } 866 867 #if !defined(HAVE_FORK) 868 static int fcgi_spawn_connection(server *srv, 869 plugin_data *p, 870 fcgi_extension_host *host, 871 fcgi_proc *proc) { 872 UNUSED(srv); 873 UNUSED(p); 874 UNUSED(host); 875 UNUSED(proc); 876 return -1; 877 } 878 879 #else /* -> defined(HAVE_FORK) */ 880 881 static int fcgi_spawn_connection(server *srv, 882 plugin_data *p, 883 fcgi_extension_host *host, 884 fcgi_proc *proc) { 885 int fcgi_fd; 886 int status; 887 struct timeval tv = { 0, 100 * 1000 }; 888 #ifdef HAVE_SYS_UN_H 889 struct sockaddr_un fcgi_addr_un; 890 #endif 891 #if defined(HAVE_IPV6) && defined(HAVE_INET_PTON) 892 struct sockaddr_in6 fcgi_addr_in6; 893 #endif 894 struct sockaddr_in fcgi_addr_in; 895 struct sockaddr *fcgi_addr; 896 897 socklen_t servlen; 898 899 if (p->conf.debug) { 900 log_error_write(srv, __FILE__, __LINE__, "sdb", 901 "new proc, socket:", proc->port, proc->unixsocket); 902 } 903 904 if (!buffer_string_is_empty(proc->unixsocket)) { 905 #ifdef HAVE_SYS_UN_H 906 memset(&fcgi_addr_un, 0, sizeof(fcgi_addr_un)); 907 fcgi_addr_un.sun_family = AF_UNIX; 908 if (buffer_string_length(proc->unixsocket) + 1 > sizeof(fcgi_addr_un.sun_path)) { 909 log_error_write(srv, __FILE__, __LINE__, "sB", 910 "ERROR: Unix Domain socket filename too long:", 911 proc->unixsocket); 912 return -1; 913 } 914 memcpy(fcgi_addr_un.sun_path, proc->unixsocket->ptr, buffer_string_length(proc->unixsocket) + 1); 915 916 #ifdef SUN_LEN 917 servlen = SUN_LEN(&fcgi_addr_un); 918 #else 919 /* stevens says: */ 920 servlen = buffer_string_length(proc->unixsocket) + 1 + sizeof(fcgi_addr_un.sun_family); 921 #endif 922 fcgi_addr = (struct sockaddr *) &fcgi_addr_un; 923 924 buffer_copy_string_len(proc->connection_name, CONST_STR_LEN("unix:")); 925 buffer_append_string_buffer(proc->connection_name, proc->unixsocket); 926 927 #else 928 log_error_write(srv, __FILE__, __LINE__, "s", 929 "ERROR: Unix Domain sockets are not supported."); 930 return -1; 931 #endif 932 } else if (buffer_string_is_empty(host->host)) { 933 memset(&fcgi_addr_in, 0, sizeof(fcgi_addr_in)); 934 fcgi_addr_in.sin_family = AF_INET; 935 fcgi_addr_in.sin_addr.s_addr = htonl(INADDR_LOOPBACK); 936 fcgi_addr_in.sin_port = htons(proc->port); 937 servlen = sizeof(fcgi_addr_in); 938 fcgi_addr = (struct sockaddr *) &fcgi_addr_in; 939 #if defined(HAVE_IPV6) && defined(HAVE_INET_PTON) 940 } else if (host->family == AF_INET6) { 941 memset(&fcgi_addr_in6, 0, sizeof(fcgi_addr_in6)); 942 fcgi_addr_in6.sin6_family = AF_INET6; 943 inet_pton(AF_INET6, host->host->ptr, (char *) &fcgi_addr_in6.sin6_addr); 944 fcgi_addr_in6.sin6_port = htons(proc->port); 945 servlen = sizeof(fcgi_addr_in6); 946 fcgi_addr = (struct sockaddr *) &fcgi_addr_in6; 947 #endif 948 } else { 949 memset(&fcgi_addr_in, 0, sizeof(fcgi_addr_in)); 950 fcgi_addr_in.sin_family = AF_INET; 951 #if defined(HAVE_INET_PTON) 952 inet_pton(AF_INET, host->host->ptr, (char *) &fcgi_addr_in.sin_addr); 953 #else 954 { 955 struct hostent *he; 956 957 /* set a useful default */ 958 fcgi_addr_in.sin_addr.s_addr = htonl(INADDR_LOOPBACK); 959 960 if (NULL == (he = gethostbyname(host->host->ptr))) { 961 log_error_write(srv, __FILE__, __LINE__, 962 "sdb", "gethostbyname failed: ", 963 h_errno, host->host); 964 return -1; 965 } 966 967 if (he->h_addrtype != AF_INET) { 968 log_error_write(srv, __FILE__, __LINE__, "sd", "addr-type != AF_INET: ", he->h_addrtype); 969 return -1; 970 } 971 972 if (he->h_length != sizeof(struct in_addr)) { 973 log_error_write(srv, __FILE__, __LINE__, "sd", "addr-length != sizeof(in_addr): ", he->h_length); 974 return -1; 975 } 976 977 memcpy(&(fcgi_addr_in.sin_addr.s_addr), he->h_addr_list[0], he->h_length); 978 979 } 980 #endif 981 fcgi_addr_in.sin_port = htons(proc->port); 982 servlen = sizeof(fcgi_addr_in); 983 984 fcgi_addr = (struct sockaddr *) &fcgi_addr_in; 985 } 986 987 if (buffer_string_is_empty(proc->unixsocket)) { 988 buffer_copy_string_len(proc->connection_name, CONST_STR_LEN("tcp:")); 989 if (!buffer_string_is_empty(host->host)) { 990 buffer_append_string_buffer(proc->connection_name, host->host); 991 } else { 992 buffer_append_string_len(proc->connection_name, CONST_STR_LEN("localhost")); 993 } 994 buffer_append_string_len(proc->connection_name, CONST_STR_LEN(":")); 995 buffer_append_int(proc->connection_name, proc->port); 996 } 997 998 if (-1 == (fcgi_fd = fdevent_socket_cloexec(fcgi_addr->sa_family, SOCK_STREAM, 0))) { 999 log_error_write(srv, __FILE__, __LINE__, "ss", 1000 "failed:", strerror(errno)); 1001 return -1; 1002 } 1003 1004 if (-1 == connect(fcgi_fd, fcgi_addr, servlen)) { 1005 /* server is not up, spawn it */ 1006 pid_t child; 1007 int val; 1008 1009 if (errno != ENOENT && 1010 !buffer_string_is_empty(proc->unixsocket)) { 1011 unlink(proc->unixsocket->ptr); 1012 } 1013 1014 close(fcgi_fd); 1015 1016 /* reopen socket */ 1017 if (-1 == (fcgi_fd = fdevent_socket_cloexec(fcgi_addr->sa_family, SOCK_STREAM, 0))) { 1018 log_error_write(srv, __FILE__, __LINE__, "ss", 1019 "socket failed:", strerror(errno)); 1020 return -1; 1021 } 1022 1023 val = 1; 1024 if (setsockopt(fcgi_fd, SOL_SOCKET, SO_REUSEADDR, &val, sizeof(val)) < 0) { 1025 log_error_write(srv, __FILE__, __LINE__, "ss", 1026 "socketsockopt failed:", strerror(errno)); 1027 close(fcgi_fd); 1028 return -1; 1029 } 1030 1031 /* create socket */ 1032 if (-1 == bind(fcgi_fd, fcgi_addr, servlen)) { 1033 log_error_write(srv, __FILE__, __LINE__, "sbs", 1034 "bind failed for:", 1035 proc->connection_name, 1036 strerror(errno)); 1037 close(fcgi_fd); 1038 return -1; 1039 } 1040 1041 if (-1 == listen(fcgi_fd, host->listen_backlog)) { 1042 log_error_write(srv, __FILE__, __LINE__, "ss", 1043 "listen failed:", strerror(errno)); 1044 close(fcgi_fd); 1045 return -1; 1046 } 1047 1048 switch ((child = fork())) { 1049 case 0: { 1050 size_t i = 0; 1051 char *c; 1052 char_array env; 1053 char_array arg; 1054 1055 /* create environment */ 1056 env.ptr = NULL; 1057 env.size = 0; 1058 env.used = 0; 1059 1060 arg.ptr = NULL; 1061 arg.size = 0; 1062 arg.used = 0; 1063 1064 if(fcgi_fd != FCGI_LISTENSOCK_FILENO) { 1065 dup2(fcgi_fd, FCGI_LISTENSOCK_FILENO); 1066 close(fcgi_fd); 1067 } 1068 #ifdef SOCK_CLOEXEC 1069 else 1070 (void)fcntl(fcgi_fd, F_SETFD, 0); /* clear cloexec */ 1071 #endif 1072 1073 /* we don't need the client socket */ 1074 for (i = 3; i < 256; i++) { 1075 close(i); 1076 } 1077 1078 /* build clean environment */ 1079 if (host->bin_env_copy->used) { 1080 for (i = 0; i < host->bin_env_copy->used; i++) { 1081 data_string *ds = (data_string *)host->bin_env_copy->data[i]; 1082 char *ge; 1083 1084 if (NULL != (ge = getenv(ds->value->ptr))) { 1085 env_add(&env, CONST_BUF_LEN(ds->value), ge, strlen(ge)); 1086 } 1087 } 1088 } else { 1089 char ** const e = environ; 1090 for (i = 0; e[i]; ++i) { 1091 char *eq; 1092 1093 if (NULL != (eq = strchr(e[i], '='))) { 1094 env_add(&env, e[i], eq - e[i], eq+1, strlen(eq+1)); 1095 } 1096 } 1097 } 1098 1099 /* create environment */ 1100 for (i = 0; i < host->bin_env->used; i++) { 1101 data_string *ds = (data_string *)host->bin_env->data[i]; 1102 1103 env_add(&env, CONST_BUF_LEN(ds->key), CONST_BUF_LEN(ds->value)); 1104 } 1105 1106 for (i = 0; i < env.used; i++) { 1107 /* search for PHP_FCGI_CHILDREN */ 1108 if (0 == strncmp(env.ptr[i], "PHP_FCGI_CHILDREN=", sizeof("PHP_FCGI_CHILDREN=") - 1)) break; 1109 } 1110 1111 /* not found, add a default */ 1112 if (i == env.used) { 1113 env_add(&env, CONST_STR_LEN("PHP_FCGI_CHILDREN"), CONST_STR_LEN("1")); 1114 } 1115 1116 env.ptr[env.used] = NULL; 1117 1118 parse_binpath(&arg, host->bin_path); 1119 1120 /* chdir into the base of the bin-path, 1121 * search for the last / */ 1122 if (NULL != (c = strrchr(arg.ptr[0], '/'))) { 1123 *c = '\0'; 1124 1125 /* change to the physical directory */ 1126 if (-1 == chdir(arg.ptr[0])) { 1127 *c = '/'; 1128 log_error_write(srv, __FILE__, __LINE__, "sss", "chdir failed:", strerror(errno), arg.ptr[0]); 1129 } 1130 *c = '/'; 1131 } 1132 1133 reset_signals(); 1134 1135 /* exec the cgi */ 1136 execve(arg.ptr[0], arg.ptr, env.ptr); 1137 1138 /* log_error_write(srv, __FILE__, __LINE__, "sbs", 1139 "execve failed for:", host->bin_path, strerror(errno)); */ 1140 1141 _exit(errno); 1142 1143 break; 1144 } 1145 case -1: 1146 /* error */ 1147 close(fcgi_fd); 1148 break; 1149 default: 1150 /* father */ 1151 close(fcgi_fd); 1152 1153 /* wait */ 1154 select(0, NULL, NULL, NULL, &tv); 1155 1156 switch (waitpid(child, &status, WNOHANG)) { 1157 case 0: 1158 /* child still running after timeout, good */ 1159 break; 1160 case -1: 1161 /* no PID found ? should never happen */ 1162 log_error_write(srv, __FILE__, __LINE__, "ss", 1163 "pid not found:", strerror(errno)); 1164 return -1; 1165 default: 1166 log_error_write(srv, __FILE__, __LINE__, "sbs", 1167 "the fastcgi-backend", host->bin_path, "failed to start:"); 1168 /* the child should not terminate at all */ 1169 if (WIFEXITED(status)) { 1170 log_error_write(srv, __FILE__, __LINE__, "sdb", 1171 "child exited with status", 1172 WEXITSTATUS(status), host->bin_path); 1173 log_error_write(srv, __FILE__, __LINE__, "s", 1174 "If you're trying to run your app as a FastCGI backend, make sure you're using the FastCGI-enabled version.\n" 1175 "If this is PHP on Gentoo, add 'fastcgi' to the USE flags."); 1176 } else if (WIFSIGNALED(status)) { 1177 log_error_write(srv, __FILE__, __LINE__, "sd", 1178 "terminated by signal:", 1179 WTERMSIG(status)); 1180 1181 if (WTERMSIG(status) == 11) { 1182 log_error_write(srv, __FILE__, __LINE__, "s", 1183 "to be exact: it segfaulted, crashed, died, ... you get the idea." ); 1184 log_error_write(srv, __FILE__, __LINE__, "s", 1185 "If this is PHP, try removing the bytecode caches for now and try again."); 1186 } 1187 } else { 1188 log_error_write(srv, __FILE__, __LINE__, "sd", 1189 "child died somehow:", 1190 status); 1191 } 1192 return -1; 1193 } 1194 1195 /* register process */ 1196 proc->pid = child; 1197 proc->is_local = 1; 1198 1199 break; 1200 } 1201 } else { 1202 close(fcgi_fd); 1203 proc->is_local = 0; 1204 proc->pid = 0; 1205 1206 if (p->conf.debug) { 1207 log_error_write(srv, __FILE__, __LINE__, "sb", 1208 "(debug) socket is already used; won't spawn:", 1209 proc->connection_name); 1210 } 1211 } 1212 1213 proc->state = PROC_STATE_RUNNING; 1214 host->active_procs++; 1215 1216 return 0; 1217 } 1218 1219 #endif /* HAVE_FORK */ 1220 1221 static fcgi_extension_host * unixsocket_is_dup(plugin_data *p, size_t used, buffer *unixsocket) { 1222 size_t i, j, n; 1223 for (i = 0; i < used; ++i) { 1224 fcgi_exts *exts = p->config_storage[i]->exts; 1225 if (NULL == exts) continue; 1226 for (j = 0; j < exts->used; ++j) { 1227 fcgi_extension *ex = exts->exts[j]; 1228 for (n = 0; n < ex->used; ++n) { 1229 fcgi_extension_host *host = ex->hosts[n]; 1230 if (!buffer_string_is_empty(host->unixsocket) 1231 && buffer_is_equal(host->unixsocket, unixsocket) 1232 && !buffer_string_is_empty(host->bin_path)) 1233 return host; 1234 } 1235 } 1236 } 1237 1238 return NULL; 1239 } 1240 1241 SETDEFAULTS_FUNC(mod_fastcgi_set_defaults) { 1242 plugin_data *p = p_d; 1243 data_unset *du; 1244 size_t i = 0; 1245 buffer *fcgi_mode = buffer_init(); 1246 fcgi_extension_host *host = NULL; 1247 1248 config_values_t cv[] = { 1249 { "fastcgi.server", NULL, T_CONFIG_LOCAL, T_CONFIG_SCOPE_CONNECTION }, /* 0 */ 1250 { "fastcgi.debug", NULL, T_CONFIG_INT , T_CONFIG_SCOPE_CONNECTION }, /* 1 */ 1251 { "fastcgi.map-extensions", NULL, T_CONFIG_ARRAY, T_CONFIG_SCOPE_CONNECTION }, /* 2 */ 1252 { NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET } 1253 }; 1254 1255 p->config_storage = calloc(1, srv->config_context->used * sizeof(plugin_config *)); 1256 1257 for (i = 0; i < srv->config_context->used; i++) { 1258 data_config const* config = (data_config const*)srv->config_context->data[i]; 1259 plugin_config *s; 1260 1261 s = malloc(sizeof(plugin_config)); 1262 s->exts = NULL; 1263 s->exts_auth = NULL; 1264 s->exts_resp = NULL; 1265 s->debug = 0; 1266 s->ext_mapping = array_init(); 1267 1268 cv[0].destination = s->exts; /* not used; T_CONFIG_LOCAL */ 1269 cv[1].destination = &(s->debug); 1270 cv[2].destination = s->ext_mapping; 1271 1272 p->config_storage[i] = s; 1273 1274 if (0 != config_insert_values_global(srv, config->value, cv, i == 0 ? T_CONFIG_SCOPE_SERVER : T_CONFIG_SCOPE_CONNECTION)) { 1275 goto error; 1276 } 1277 1278 /* 1279 * <key> = ( ... ) 1280 */ 1281 1282 if (NULL != (du = array_get_element(config->value, "fastcgi.server"))) { 1283 size_t j; 1284 data_array *da = (data_array *)du; 1285 1286 if (du->type != TYPE_ARRAY) { 1287 log_error_write(srv, __FILE__, __LINE__, "sss", 1288 "unexpected type for key: ", "fastcgi.server", "expected ( \"ext\" => ( \"backend-label\" => ( \"key\" => \"value\" )))"); 1289 1290 goto error; 1291 } 1292 1293 s->exts = fastcgi_extensions_init(); 1294 s->exts_auth = fastcgi_extensions_init(); 1295 s->exts_resp = fastcgi_extensions_init(); 1296 1297 /* 1298 * fastcgi.server = ( "<ext>" => ( ... ), 1299 * "<ext>" => ( ... ) ) 1300 */ 1301 1302 for (j = 0; j < da->value->used; j++) { 1303 size_t n; 1304 data_array *da_ext = (data_array *)da->value->data[j]; 1305 1306 if (da->value->data[j]->type != TYPE_ARRAY) { 1307 log_error_write(srv, __FILE__, __LINE__, "sssbs", 1308 "unexpected type for key: ", "fastcgi.server", 1309 "[", da->value->data[j]->key, "](string); expected ( \"ext\" => ( \"backend-label\" => ( \"key\" => \"value\" )))"); 1310 1311 goto error; 1312 } 1313 1314 /* 1315 * da_ext->key == name of the extension 1316 */ 1317 1318 /* 1319 * fastcgi.server = ( "<ext>" => 1320 * ( "<host>" => ( ... ), 1321 * "<host>" => ( ... ) 1322 * ), 1323 * "<ext>" => ... ) 1324 */ 1325 1326 for (n = 0; n < da_ext->value->used; n++) { 1327 data_array *da_host = (data_array *)da_ext->value->data[n]; 1328 1329 config_values_t fcv[] = { 1330 { "host", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 0 */ 1331 { "docroot", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 1 */ 1332 { "mode", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 2 */ 1333 { "socket", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 3 */ 1334 { "bin-path", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 4 */ 1335 1336 { "check-local", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 5 */ 1337 { "port", NULL, T_CONFIG_SHORT, T_CONFIG_SCOPE_CONNECTION }, /* 6 */ 1338 { "max-procs", NULL, T_CONFIG_SHORT, T_CONFIG_SCOPE_CONNECTION }, /* 7 */ 1339 { "disable-time", NULL, T_CONFIG_SHORT, T_CONFIG_SCOPE_CONNECTION }, /* 8 */ 1340 1341 { "bin-environment", NULL, T_CONFIG_ARRAY, T_CONFIG_SCOPE_CONNECTION }, /* 9 */ 1342 { "bin-copy-environment", NULL, T_CONFIG_ARRAY, T_CONFIG_SCOPE_CONNECTION }, /* 10 */ 1343 1344 { "broken-scriptfilename", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 11 */ 1345 { "allow-x-send-file", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 12 */ 1346 { "strip-request-uri", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 13 */ 1347 { "kill-signal", NULL, T_CONFIG_SHORT, T_CONFIG_SCOPE_CONNECTION }, /* 14 */ 1348 { "fix-root-scriptname", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 15 */ 1349 { "listen-backlog", NULL, T_CONFIG_INT, T_CONFIG_SCOPE_CONNECTION }, /* 16 */ 1350 { "x-sendfile", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 17 */ 1351 { "x-sendfile-docroot",NULL, T_CONFIG_ARRAY, T_CONFIG_SCOPE_CONNECTION }, /* 18 */ 1352 1353 { NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET } 1354 }; 1355 unsigned short host_mode = FCGI_RESPONDER; 1356 1357 if (da_host->type != TYPE_ARRAY) { 1358 log_error_write(srv, __FILE__, __LINE__, "ssSBS", 1359 "unexpected type for key:", 1360 "fastcgi.server", 1361 "[", da_host->key, "](string); expected ( \"ext\" => ( \"backend-label\" => ( \"key\" => \"value\" )))"); 1362 1363 goto error; 1364 } 1365 1366 host = fastcgi_host_init(); 1367 buffer_reset(fcgi_mode); 1368 1369 buffer_copy_buffer(host->id, da_host->key); 1370 1371 host->check_local = 1; 1372 host->max_procs = 4; 1373 host->disable_time = 1; 1374 host->break_scriptfilename_for_php = 0; 1375 host->xsendfile_allow = 0; 1376 host->kill_signal = SIGTERM; 1377 host->fix_root_path_name = 0; 1378 host->listen_backlog = 1024; 1379 host->refcount = 0; 1380 1381 fcv[0].destination = host->host; 1382 fcv[1].destination = host->docroot; 1383 fcv[2].destination = fcgi_mode; 1384 fcv[3].destination = host->unixsocket; 1385 fcv[4].destination = host->bin_path; 1386 1387 fcv[5].destination = &(host->check_local); 1388 fcv[6].destination = &(host->port); 1389 fcv[7].destination = &(host->max_procs); 1390 fcv[8].destination = &(host->disable_time); 1391 1392 fcv[9].destination = host->bin_env; 1393 fcv[10].destination = host->bin_env_copy; 1394 fcv[11].destination = &(host->break_scriptfilename_for_php); 1395 fcv[12].destination = &(host->xsendfile_allow); 1396 fcv[13].destination = host->strip_request_uri; 1397 fcv[14].destination = &(host->kill_signal); 1398 fcv[15].destination = &(host->fix_root_path_name); 1399 fcv[16].destination = &(host->listen_backlog); 1400 fcv[17].destination = &(host->xsendfile_allow); 1401 fcv[18].destination = host->xsendfile_docroot; 1402 1403 if (0 != config_insert_values_internal(srv, da_host->value, fcv, T_CONFIG_SCOPE_CONNECTION)) { 1404 goto error; 1405 } 1406 1407 if ((!buffer_string_is_empty(host->host) || host->port) && 1408 !buffer_string_is_empty(host->unixsocket)) { 1409 log_error_write(srv, __FILE__, __LINE__, "sbsbsbs", 1410 "either host/port or socket have to be set in:", 1411 da->key, "= (", 1412 da_ext->key, " => (", 1413 da_host->key, " ( ..."); 1414 1415 goto error; 1416 } 1417 1418 if (!buffer_string_is_empty(host->unixsocket)) { 1419 /* unix domain socket */ 1420 struct sockaddr_un un; 1421 1422 if (buffer_string_length(host->unixsocket) + 1 > sizeof(un.sun_path) - 2) { 1423 log_error_write(srv, __FILE__, __LINE__, "sbsbsbs", 1424 "unixsocket is too long in:", 1425 da->key, "= (", 1426 da_ext->key, " => (", 1427 da_host->key, " ( ..."); 1428 1429 goto error; 1430 } 1431 1432 if (!buffer_string_is_empty(host->bin_path)) { 1433 fcgi_extension_host *duplicate = unixsocket_is_dup(p, i+1, host->unixsocket); 1434 if (NULL != duplicate) { 1435 if (!buffer_is_equal(host->bin_path, duplicate->bin_path)) { 1436 log_error_write(srv, __FILE__, __LINE__, "sb", 1437 "duplicate unixsocket path:", 1438 host->unixsocket); 1439 goto error; 1440 } 1441 fastcgi_host_free(host); 1442 host = duplicate; 1443 ++host->refcount; 1444 } 1445 } 1446 1447 host->family = AF_UNIX; 1448 } else { 1449 /* tcp/ip */ 1450 1451 if (buffer_string_is_empty(host->host) && 1452 buffer_string_is_empty(host->bin_path)) { 1453 log_error_write(srv, __FILE__, __LINE__, "sbsbsbs", 1454 "host or binpath have to be set in:", 1455 da->key, "= (", 1456 da_ext->key, " => (", 1457 da_host->key, " ( ..."); 1458 1459 goto error; 1460 } else if (host->port == 0) { 1461 log_error_write(srv, __FILE__, __LINE__, "sbsbsbs", 1462 "port has to be set in:", 1463 da->key, "= (", 1464 da_ext->key, " => (", 1465 da_host->key, " ( ..."); 1466 1467 goto error; 1468 } 1469 1470 host->family = (!buffer_string_is_empty(host->host) && NULL != strchr(host->host->ptr, ':')) ? AF_INET6 : AF_INET; 1471 } 1472 1473 if (host->refcount) { 1474 /* already init'd; skip spawning */ 1475 } else if (!buffer_string_is_empty(host->bin_path)) { 1476 /* a local socket + self spawning */ 1477 size_t pno; 1478 1479 struct stat st; 1480 size_t nchars = strcspn(host->bin_path->ptr, " \t"); 1481 char c = host->bin_path->ptr[nchars]; 1482 host->bin_path->ptr[nchars] = '\0'; 1483 if (0 == nchars || 0 != stat(host->bin_path->ptr, &st) || !S_ISREG(st.st_mode) || !(st.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH))) { 1484 host->bin_path->ptr[nchars] = c; 1485 log_error_write(srv, __FILE__, __LINE__, "SSs", 1486 "invalid \"bin-path\" => \"", host->bin_path->ptr, 1487 "\" (check that file exists, is regular file, and is executable by lighttpd)"); 1488 } 1489 host->bin_path->ptr[nchars] = c; 1490 1491 if (s->debug) { 1492 log_error_write(srv, __FILE__, __LINE__, "ssbsdsbsd", 1493 "--- fastcgi spawning local", 1494 "\n\tproc:", host->bin_path, 1495 "\n\tport:", host->port, 1496 "\n\tsocket", host->unixsocket, 1497 "\n\tmax-procs:", host->max_procs); 1498 } 1499 1500 for (pno = 0; pno < host->max_procs; pno++) { 1501 fcgi_proc *proc; 1502 1503 proc = fastcgi_process_init(); 1504 proc->id = host->num_procs++; 1505 host->max_id++; 1506 1507 if (buffer_string_is_empty(host->unixsocket)) { 1508 proc->port = host->port + pno; 1509 } else { 1510 buffer_copy_buffer(proc->unixsocket, host->unixsocket); 1511 buffer_append_string_len(proc->unixsocket, CONST_STR_LEN("-")); 1512 buffer_append_int(proc->unixsocket, pno); 1513 } 1514 1515 if (s->debug) { 1516 log_error_write(srv, __FILE__, __LINE__, "ssdsbsdsd", 1517 "--- fastcgi spawning", 1518 "\n\tport:", host->port, 1519 "\n\tsocket", host->unixsocket, 1520 "\n\tcurrent:", pno, "/", host->max_procs); 1521 } 1522 1523 if (!srv->srvconf.preflight_check 1524 && fcgi_spawn_connection(srv, p, host, proc)) { 1525 log_error_write(srv, __FILE__, __LINE__, "s", 1526 "[ERROR]: spawning fcgi failed."); 1527 fastcgi_process_free(proc); 1528 goto error; 1529 } 1530 1531 fastcgi_status_init(srv, p->statuskey, host, proc); 1532 1533 proc->next = host->first; 1534 if (host->first) host->first->prev = proc; 1535 1536 host->first = proc; 1537 } 1538 } else { 1539 fcgi_proc *proc; 1540 1541 proc = fastcgi_process_init(); 1542 proc->id = host->num_procs++; 1543 host->max_id++; 1544 host->active_procs++; 1545 proc->state = PROC_STATE_RUNNING; 1546 1547 if (buffer_string_is_empty(host->unixsocket)) { 1548 proc->port = host->port; 1549 } else { 1550 buffer_copy_buffer(proc->unixsocket, host->unixsocket); 1551 } 1552 1553 fastcgi_status_init(srv, p->statuskey, host, proc); 1554 1555 host->first = proc; 1556 1557 host->max_procs = 1; 1558 } 1559 1560 if (!buffer_string_is_empty(fcgi_mode)) { 1561 if (strcmp(fcgi_mode->ptr, "responder") == 0) { 1562 host_mode = FCGI_RESPONDER; 1563 } else if (strcmp(fcgi_mode->ptr, "authorizer") == 0) { 1564 host_mode = FCGI_AUTHORIZER; 1565 } else { 1566 log_error_write(srv, __FILE__, __LINE__, "sbs", 1567 "WARNING: unknown fastcgi mode:", 1568 fcgi_mode, "(ignored, mode set to responder)"); 1569 } 1570 } 1571 1572 if (host->xsendfile_docroot->used) { 1573 size_t k; 1574 for (k = 0; k < host->xsendfile_docroot->used; ++k) { 1575 data_string *ds = (data_string *)host->xsendfile_docroot->data[k]; 1576 if (ds->type != TYPE_STRING) { 1577 log_error_write(srv, __FILE__, __LINE__, "s", 1578 "unexpected type for x-sendfile-docroot; expected: \"x-sendfile-docroot\" => ( \"/allowed/path\", ... )"); 1579 goto error; 1580 } 1581 if (ds->value->ptr[0] != '/') { 1582 log_error_write(srv, __FILE__, __LINE__, "SBs", 1583 "x-sendfile-docroot paths must begin with '/'; invalid: \"", ds->value, "\""); 1584 goto error; 1585 } 1586 buffer_path_simplify(ds->value, ds->value); 1587 buffer_append_slash(ds->value); 1588 } 1589 } 1590 1591 /* s->exts is list of exts -> hosts 1592 * s->exts now used as combined list of authorizer and responder hosts (for backend maintenance) 1593 * s->exts_auth is list of exts -> authorizer hosts 1594 * s->exts_resp is list of exts -> responder hosts 1595 * For each path/extension, there may be an independent FCGI_AUTHORIZER and FCGI_RESPONDER 1596 * (The FCGI_AUTHORIZER and FCGI_RESPONDER could be handled by the same host, 1597 * and an admin might want to do that for large uploads, since FCGI_AUTHORIZER 1598 * runs prior to receiving (potentially large) request body from client and can 1599 * authorizer or deny request prior to receiving the full upload) 1600 */ 1601 fastcgi_extension_insert(s->exts, da_ext->key, host); 1602 1603 if (host_mode == FCGI_AUTHORIZER) { 1604 ++host->refcount; 1605 fastcgi_extension_insert(s->exts_auth, da_ext->key, host); 1606 } else if (host_mode == FCGI_RESPONDER) { 1607 ++host->refcount; 1608 fastcgi_extension_insert(s->exts_resp, da_ext->key, host); 1609 } /*(else should have been rejected above)*/ 1610 1611 host = NULL; 1612 } 1613 } 1614 } 1615 } 1616 1617 buffer_free(fcgi_mode); 1618 return HANDLER_GO_ON; 1619 1620 error: 1621 if (NULL != host) fastcgi_host_free(host); 1622 buffer_free(fcgi_mode); 1623 return HANDLER_ERROR; 1624 } 1625 1626 static int fcgi_set_state(server *srv, handler_ctx *hctx, fcgi_connection_state_t state) { 1627 hctx->state = state; 1628 hctx->state_timestamp = srv->cur_ts; 1629 1630 return 0; 1631 } 1632 1633 1634 static void fcgi_backend_close(server *srv, handler_ctx *hctx) { 1635 if (hctx->fd != -1) { 1636 fdevent_event_del(srv->ev, &(hctx->fde_ndx), hctx->fd); 1637 fdevent_unregister(srv->ev, hctx->fd); 1638 fdevent_sched_close(srv->ev, hctx->fd, 1); 1639 hctx->fd = -1; 1640 hctx->fde_ndx = -1; 1641 } 1642 1643 if (hctx->host) { 1644 if (hctx->proc && hctx->got_proc) { 1645 /* after the connect the process gets a load */ 1646 fcgi_proc_load_dec(srv, hctx); 1647 1648 if (hctx->conf.debug) { 1649 log_error_write(srv, __FILE__, __LINE__, "ssdsbsd", 1650 "released proc:", 1651 "pid:", hctx->proc->pid, 1652 "socket:", hctx->proc->connection_name, 1653 "load:", hctx->proc->load); 1654 } 1655 } 1656 1657 fcgi_host_reset(srv, hctx); 1658 } 1659 } 1660 1661 static fcgi_extension_host * fcgi_extension_host_get(server *srv, connection *con, plugin_data *p, fcgi_extension *extension) { 1662 fcgi_extension_host *host; 1663 int ndx = extension->last_used_ndx + 1; 1664 if (ndx >= (int) extension->used || ndx < 0) ndx = 0; 1665 UNUSED(p); 1666 1667 /* check if the next server has no load */ 1668 host = extension->hosts[ndx]; 1669 if (host->load > 0 || host->active_procs == 0) { 1670 /* get backend with the least load */ 1671 size_t k; 1672 int used = -1; 1673 for (k = 0, ndx = -1; k < extension->used; k++) { 1674 host = extension->hosts[k]; 1675 1676 /* we should have at least one proc that can do something */ 1677 if (host->active_procs == 0) continue; 1678 1679 if (used == -1 || host->load < used) { 1680 used = host->load; 1681 ndx = k; 1682 } 1683 } 1684 } 1685 1686 if (ndx == -1) { 1687 /* all hosts are down */ 1688 /* sorry, we don't have a server alive for this ext */ 1689 con->http_status = 503; /* Service Unavailable */ 1690 con->mode = DIRECT; 1691 1692 /* only send the 'no handler' once */ 1693 if (!extension->note_is_sent) { 1694 extension->note_is_sent = 1; 1695 1696 log_error_write(srv, __FILE__, __LINE__, "sBSbsbs", 1697 "all handlers for", con->uri.path, "?", con->uri.query, 1698 "on", extension->key, 1699 "are down."); 1700 } 1701 1702 return NULL; 1703 } 1704 1705 /* found a server */ 1706 extension->last_used_ndx = ndx; 1707 return extension->hosts[ndx]; 1708 } 1709 1710 static void fcgi_connection_close(server *srv, handler_ctx *hctx) { 1711 plugin_data *p; 1712 connection *con; 1713 1714 p = hctx->plugin_data; 1715 con = hctx->remote_conn; 1716 1717 fcgi_backend_close(srv, hctx); 1718 handler_ctx_free(hctx); 1719 con->plugin_ctx[p->id] = NULL; 1720 1721 /* finish response (if not already con->file_started, con->file_finished) */ 1722 if (con->mode == p->id) { 1723 http_response_backend_done(srv, con); 1724 } 1725 } 1726 1727 static handler_t fcgi_reconnect(server *srv, handler_ctx *hctx) { 1728 fcgi_backend_close(srv, hctx); 1729 1730 hctx->host = fcgi_extension_host_get(srv, hctx->remote_conn, hctx->plugin_data, hctx->ext); 1731 if (NULL == hctx->host) return HANDLER_FINISHED; 1732 1733 fcgi_host_assign(srv, hctx, hctx->host); 1734 hctx->request_id = 0; 1735 fcgi_set_state(srv, hctx, FCGI_STATE_INIT); 1736 return HANDLER_COMEBACK; 1737 } 1738 1739 1740 static handler_t fcgi_connection_reset(server *srv, connection *con, void *p_d) { 1741 plugin_data *p = p_d; 1742 handler_ctx *hctx = con->plugin_ctx[p->id]; 1743 if (hctx) fcgi_connection_close(srv, hctx); 1744 1745 return HANDLER_GO_ON; 1746 } 1747 1748 1749 static int fcgi_env_add(void *venv, const char *key, size_t key_len, const char *val, size_t val_len) { 1750 buffer *env = venv; 1751 size_t len; 1752 char len_enc[8]; 1753 size_t len_enc_len = 0; 1754 1755 if (!key || !val) return -1; 1756 1757 len = key_len + val_len; 1758 1759 len += key_len > 127 ? 4 : 1; 1760 len += val_len > 127 ? 4 : 1; 1761 1762 if (buffer_string_length(env) + len >= FCGI_MAX_LENGTH) { 1763 /** 1764 * we can't append more headers, ignore it 1765 */ 1766 return -1; 1767 } 1768 1769 /** 1770 * field length can be 31bit max 1771 * 1772 * HINT: this can't happen as FCGI_MAX_LENGTH is only 16bit 1773 */ 1774 force_assert(key_len < 0x7fffffffu); 1775 force_assert(val_len < 0x7fffffffu); 1776 1777 buffer_string_prepare_append(env, len); 1778 1779 if (key_len > 127) { 1780 len_enc[len_enc_len++] = ((key_len >> 24) & 0xff) | 0x80; 1781 len_enc[len_enc_len++] = (key_len >> 16) & 0xff; 1782 len_enc[len_enc_len++] = (key_len >> 8) & 0xff; 1783 len_enc[len_enc_len++] = (key_len >> 0) & 0xff; 1784 } else { 1785 len_enc[len_enc_len++] = (key_len >> 0) & 0xff; 1786 } 1787 1788 if (val_len > 127) { 1789 len_enc[len_enc_len++] = ((val_len >> 24) & 0xff) | 0x80; 1790 len_enc[len_enc_len++] = (val_len >> 16) & 0xff; 1791 len_enc[len_enc_len++] = (val_len >> 8) & 0xff; 1792 len_enc[len_enc_len++] = (val_len >> 0) & 0xff; 1793 } else { 1794 len_enc[len_enc_len++] = (val_len >> 0) & 0xff; 1795 } 1796 1797 buffer_append_string_len(env, len_enc, len_enc_len); 1798 buffer_append_string_len(env, key, key_len); 1799 buffer_append_string_len(env, val, val_len); 1800 1801 return 0; 1802 } 1803 1804 static int fcgi_header(FCGI_Header * header, unsigned char type, int request_id, int contentLength, unsigned char paddingLength) { 1805 force_assert(contentLength <= FCGI_MAX_LENGTH); 1806 1807 header->version = FCGI_VERSION_1; 1808 header->type = type; 1809 header->requestIdB0 = request_id & 0xff; 1810 header->requestIdB1 = (request_id >> 8) & 0xff; 1811 header->contentLengthB0 = contentLength & 0xff; 1812 header->contentLengthB1 = (contentLength >> 8) & 0xff; 1813 header->paddingLength = paddingLength; 1814 header->reserved = 0; 1815 1816 return 0; 1817 } 1818 1819 typedef enum { 1820 CONNECTION_OK, 1821 CONNECTION_DELAYED, /* retry after event, take same host */ 1822 CONNECTION_OVERLOADED, /* disable for 1 second, take another backend */ 1823 CONNECTION_DEAD /* disable for 60 seconds, take another backend */ 1824 } connection_result_t; 1825 1826 static connection_result_t fcgi_establish_connection(server *srv, handler_ctx *hctx) { 1827 struct sockaddr *fcgi_addr; 1828 struct sockaddr_in fcgi_addr_in; 1829 #if defined(HAVE_IPV6) && defined(HAVE_INET_PTON) 1830 struct sockaddr_in6 fcgi_addr_in6; 1831 #endif 1832 #ifdef HAVE_SYS_UN_H 1833 struct sockaddr_un fcgi_addr_un; 1834 #endif 1835 socklen_t servlen; 1836 1837 fcgi_extension_host *host = hctx->host; 1838 fcgi_proc *proc = hctx->proc; 1839 int fcgi_fd = hctx->fd; 1840 1841 if (!buffer_string_is_empty(proc->unixsocket)) { 1842 #ifdef HAVE_SYS_UN_H 1843 /* use the unix domain socket */ 1844 memset(&fcgi_addr_un, 0, sizeof(fcgi_addr_un)); 1845 fcgi_addr_un.sun_family = AF_UNIX; 1846 if (buffer_string_length(proc->unixsocket) + 1 > sizeof(fcgi_addr_un.sun_path)) { 1847 log_error_write(srv, __FILE__, __LINE__, "sB", 1848 "ERROR: Unix Domain socket filename too long:", 1849 proc->unixsocket); 1850 return -1; 1851 } 1852 memcpy(fcgi_addr_un.sun_path, proc->unixsocket->ptr, buffer_string_length(proc->unixsocket) + 1); 1853 1854 #ifdef SUN_LEN 1855 servlen = SUN_LEN(&fcgi_addr_un); 1856 #else 1857 /* stevens says: */ 1858 servlen = buffer_string_length(proc->unixsocket) + 1 + sizeof(fcgi_addr_un.sun_family); 1859 #endif 1860 fcgi_addr = (struct sockaddr *) &fcgi_addr_un; 1861 1862 if (buffer_string_is_empty(proc->connection_name)) { 1863 /* on remote spawing we have to set the connection-name now */ 1864 buffer_copy_string_len(proc->connection_name, CONST_STR_LEN("unix:")); 1865 buffer_append_string_buffer(proc->connection_name, proc->unixsocket); 1866 } 1867 #else 1868 return CONNECTION_DEAD; 1869 #endif 1870 #if defined(HAVE_IPV6) && defined(HAVE_INET_PTON) 1871 } else if (host->family == AF_INET6 && !buffer_string_is_empty(host->host)) { 1872 memset(&fcgi_addr_in6, 0, sizeof(fcgi_addr_in6)); 1873 fcgi_addr_in6.sin6_family = AF_INET6; 1874 inet_pton(AF_INET6, host->host->ptr, (char *) &fcgi_addr_in6.sin6_addr); 1875 fcgi_addr_in6.sin6_port = htons(proc->port); 1876 servlen = sizeof(fcgi_addr_in6); 1877 fcgi_addr = (struct sockaddr *) &fcgi_addr_in6; 1878 #endif 1879 } else { 1880 memset(&fcgi_addr_in, 0, sizeof(fcgi_addr_in)); 1881 fcgi_addr_in.sin_family = AF_INET; 1882 if (!buffer_string_is_empty(host->host)) { 1883 if (0 == inet_aton(host->host->ptr, &(fcgi_addr_in.sin_addr))) { 1884 log_error_write(srv, __FILE__, __LINE__, "sbs", 1885 "converting IP address failed for", host->host, 1886 "\nBe sure to specify an IP address here"); 1887 1888 return CONNECTION_DEAD; 1889 } 1890 } else { 1891 fcgi_addr_in.sin_addr.s_addr = htonl(INADDR_LOOPBACK); 1892 } 1893 fcgi_addr_in.sin_port = htons(proc->port); 1894 servlen = sizeof(fcgi_addr_in); 1895 1896 fcgi_addr = (struct sockaddr *) &fcgi_addr_in; 1897 } 1898 1899 if (buffer_string_is_empty(proc->unixsocket)) { 1900 if (buffer_string_is_empty(proc->connection_name)) { 1901 /* on remote spawing we have to set the connection-name now */ 1902 buffer_copy_string_len(proc->connection_name, CONST_STR_LEN("tcp:")); 1903 if (!buffer_string_is_empty(host->host)) { 1904 buffer_append_string_buffer(proc->connection_name, host->host); 1905 } else { 1906 buffer_append_string_len(proc->connection_name, CONST_STR_LEN("localhost")); 1907 } 1908 buffer_append_string_len(proc->connection_name, CONST_STR_LEN(":")); 1909 buffer_append_int(proc->connection_name, proc->port); 1910 } 1911 } 1912 1913 if (-1 == connect(fcgi_fd, fcgi_addr, servlen)) { 1914 if (errno == EINPROGRESS || 1915 errno == EALREADY || 1916 errno == EINTR) { 1917 if (hctx->conf.debug > 2) { 1918 log_error_write(srv, __FILE__, __LINE__, "sb", 1919 "connect delayed; will continue later:", proc->connection_name); 1920 } 1921 1922 return CONNECTION_DELAYED; 1923 } else if (errno == EAGAIN) { 1924 if (hctx->conf.debug) { 1925 log_error_write(srv, __FILE__, __LINE__, "sbsd", 1926 "This means that you have more incoming requests than your FastCGI backend can handle in parallel." 1927 "It might help to spawn more FastCGI backends or PHP children; if not, decrease server.max-connections." 1928 "The load for this FastCGI backend", proc->connection_name, "is", proc->load); 1929 } 1930 1931 return CONNECTION_OVERLOADED; 1932 } else { 1933 log_error_write(srv, __FILE__, __LINE__, "sssb", 1934 "connect failed:", 1935 strerror(errno), "on", 1936 proc->connection_name); 1937 1938 return CONNECTION_DEAD; 1939 } 1940 } 1941 1942 hctx->reconnects = 0; 1943 if (hctx->conf.debug > 1) { 1944 log_error_write(srv, __FILE__, __LINE__, "sd", 1945 "connect succeeded: ", fcgi_fd); 1946 } 1947 1948 return CONNECTION_OK; 1949 } 1950 1951 static void fcgi_stdin_append(server *srv, connection *con, handler_ctx *hctx, int request_id) { 1952 FCGI_Header header; 1953 chunkqueue *req_cq = con->request_content_queue; 1954 off_t offset, weWant; 1955 const off_t req_cqlen = req_cq->bytes_in - req_cq->bytes_out; 1956 1957 /* something to send ? */ 1958 for (offset = 0; offset != req_cqlen; offset += weWant) { 1959 weWant = req_cqlen - offset > FCGI_MAX_LENGTH ? FCGI_MAX_LENGTH : req_cqlen - offset; 1960 1961 /* we announce toWrite octets 1962 * now take all request_content chunks available 1963 * */ 1964 1965 fcgi_header(&(header), FCGI_STDIN, request_id, weWant, 0); 1966 chunkqueue_append_mem(hctx->wb, (const char *)&header, sizeof(header)); 1967 hctx->wb_reqlen += sizeof(header); 1968 1969 if (hctx->conf.debug > 10) { 1970 log_error_write(srv, __FILE__, __LINE__, "soso", "tosend:", offset, "/", req_cqlen); 1971 } 1972 1973 chunkqueue_steal(hctx->wb, req_cq, weWant); 1974 /*(hctx->wb_reqlen already includes content_length)*/ 1975 } 1976 1977 if (hctx->wb->bytes_in == hctx->wb_reqlen) { 1978 /* terminate STDIN */ 1979 fcgi_header(&(header), FCGI_STDIN, request_id, 0, 0); 1980 chunkqueue_append_mem(hctx->wb, (const char *)&header, sizeof(header)); 1981 hctx->wb_reqlen += (int)sizeof(header); 1982 } 1983 } 1984 1985 static int fcgi_create_env(server *srv, handler_ctx *hctx, int request_id) { 1986 FCGI_BeginRequestRecord beginRecord; 1987 FCGI_Header header; 1988 1989 plugin_data *p = hctx->plugin_data; 1990 fcgi_extension_host *host= hctx->host; 1991 1992 connection *con = hctx->remote_conn; 1993 1994 http_cgi_opts opts = { 1995 (hctx->fcgi_mode == FCGI_AUTHORIZER), 1996 host->break_scriptfilename_for_php, 1997 host->docroot, 1998 host->strip_request_uri 1999 }; 2000 2001 /* send FCGI_BEGIN_REQUEST */ 2002 2003 fcgi_header(&(beginRecord.header), FCGI_BEGIN_REQUEST, request_id, sizeof(beginRecord.body), 0); 2004 beginRecord.body.roleB0 = hctx->fcgi_mode; 2005 beginRecord.body.roleB1 = 0; 2006 beginRecord.body.flags = 0; 2007 memset(beginRecord.body.reserved, 0, sizeof(beginRecord.body.reserved)); 2008 2009 /* send FCGI_PARAMS */ 2010 buffer_string_prepare_copy(p->fcgi_env, 1023); 2011 2012 if (0 != http_cgi_headers(srv, con, &opts, fcgi_env_add, p->fcgi_env)) { 2013 con->http_status = 400; 2014 return -1; 2015 } else { 2016 buffer *b = buffer_init(); 2017 2018 buffer_copy_string_len(b, (const char *)&beginRecord, sizeof(beginRecord)); 2019 2020 fcgi_header(&(header), FCGI_PARAMS, request_id, buffer_string_length(p->fcgi_env), 0); 2021 buffer_append_string_len(b, (const char *)&header, sizeof(header)); 2022 buffer_append_string_buffer(b, p->fcgi_env); 2023 2024 fcgi_header(&(header), FCGI_PARAMS, request_id, 0, 0); 2025 buffer_append_string_len(b, (const char *)&header, sizeof(header)); 2026 2027 hctx->wb_reqlen = buffer_string_length(b); 2028 chunkqueue_append_buffer(hctx->wb, b); 2029 buffer_free(b); 2030 } 2031 2032 hctx->wb_reqlen += con->request.content_length;/* (eventual) (minimal) total request size, not necessarily including all fcgi_headers around content length yet */ 2033 fcgi_stdin_append(srv, con, hctx, request_id); 2034 2035 return 0; 2036 } 2037 2038 static int fcgi_response_parse(server *srv, connection *con, plugin_data *p, buffer *in) { 2039 char *s, *ns; 2040 2041 handler_ctx *hctx = con->plugin_ctx[p->id]; 2042 fcgi_extension_host *host= hctx->host; 2043 int have_sendfile2 = 0; 2044 off_t sendfile2_content_length = 0; 2045 2046 UNUSED(srv); 2047 2048 /* search for \n */ 2049 for (s = in->ptr; NULL != (ns = strchr(s, '\n')); s = ns + 1) { 2050 char *key, *value; 2051 int key_len; 2052 2053 /* a good day. Someone has read the specs and is sending a \r\n to us */ 2054 2055 if (ns > in->ptr && 2056 *(ns-1) == '\r') { 2057 *(ns-1) = '\0'; 2058 } 2059 2060 ns[0] = '\0'; 2061 2062 key = s; 2063 if (NULL == (value = strchr(s, ':'))) { 2064 /* we expect: "<key>: <value>\n" */ 2065 continue; 2066 } 2067 2068 key_len = value - key; 2069 2070 value++; 2071 /* strip WS */ 2072 while (*value == ' ' || *value == '\t') value++; 2073 2074 if (hctx->fcgi_mode != FCGI_AUTHORIZER || 2075 !(con->http_status == 0 || 2076 con->http_status == 200)) { 2077 /* authorizers shouldn't affect the response headers sent back to the client */ 2078 2079 /* don't forward Status: */ 2080 if (0 != strncasecmp(key, "Status", key_len)) { 2081 data_string *ds; 2082 if (NULL == (ds = (data_string *)array_get_unused_element(con->response.headers, TYPE_STRING))) { 2083 ds = data_response_init(); 2084 } 2085 buffer_copy_string_len(ds->key, key, key_len); 2086 buffer_copy_string(ds->value, value); 2087 2088 array_insert_unique(con->response.headers, (data_unset *)ds); 2089 } 2090 } 2091 2092 if (hctx->fcgi_mode == FCGI_AUTHORIZER && 2093 key_len > 9 && 2094 0 == strncasecmp(key, CONST_STR_LEN("Variable-"))) { 2095 data_string *ds; 2096 if (NULL == (ds = (data_string *)array_get_unused_element(con->environment, TYPE_STRING))) { 2097 ds = data_response_init(); 2098 } 2099 buffer_copy_string_len(ds->key, key + 9, key_len - 9); 2100 buffer_copy_string(ds->value, value); 2101 2102 array_insert_unique(con->environment, (data_unset *)ds); 2103 } 2104 2105 switch(key_len) { 2106 case 4: 2107 if (0 == strncasecmp(key, "Date", key_len)) { 2108 con->parsed_response |= HTTP_DATE; 2109 } 2110 break; 2111 case 6: 2112 if (0 == strncasecmp(key, "Status", key_len)) { 2113 int status = strtol(value, NULL, 10); 2114 if (status >= 100 && status < 1000) { 2115 con->http_status = status; 2116 con->parsed_response |= HTTP_STATUS; 2117 } else { 2118 con->http_status = 502; 2119 } 2120 } 2121 break; 2122 case 8: 2123 if (0 == strncasecmp(key, "Location", key_len)) { 2124 con->parsed_response |= HTTP_LOCATION; 2125 } 2126 break; 2127 case 10: 2128 if (0 == strncasecmp(key, "Connection", key_len)) { 2129 con->response.keep_alive = (0 == strcasecmp(value, "Keep-Alive")) ? 1 : 0; 2130 con->parsed_response |= HTTP_CONNECTION; 2131 } 2132 break; 2133 case 11: 2134 if (host->xsendfile_allow && 0 == strncasecmp(key, "X-Sendfile2", key_len) && hctx->send_content_body) { 2135 char *pos = value; 2136 have_sendfile2 = 1; 2137 2138 while (*pos) { 2139 char *filename, *range; 2140 stat_cache_entry *sce; 2141 off_t begin_range, end_range, range_len; 2142 2143 while (' ' == *pos) pos++; 2144 if (!*pos) break; 2145 2146 filename = pos; 2147 if (NULL == (range = strchr(pos, ' '))) { 2148 /* missing range */ 2149 if (hctx->conf.debug) { 2150 log_error_write(srv, __FILE__, __LINE__, "ss", "Couldn't find range after filename:", filename); 2151 } 2152 return 502; 2153 } 2154 buffer_copy_string_len(srv->tmp_buf, filename, range - filename); 2155 2156 /* find end of range */ 2157 for (pos = ++range; *pos && *pos != ' ' && *pos != ','; pos++) ; 2158 2159 buffer_urldecode_path(srv->tmp_buf); 2160 buffer_path_simplify(srv->tmp_buf, srv->tmp_buf); 2161 if (con->conf.force_lowercase_filenames) { 2162 buffer_to_lower(srv->tmp_buf); 2163 } 2164 if (host->xsendfile_docroot->used) { 2165 size_t i, xlen = buffer_string_length(srv->tmp_buf); 2166 for (i = 0; i < host->xsendfile_docroot->used; ++i) { 2167 data_string *ds = (data_string *)host->xsendfile_docroot->data[i]; 2168 size_t dlen = buffer_string_length(ds->value); 2169 if (dlen <= xlen 2170 && (!con->conf.force_lowercase_filenames 2171 ? 0 == memcmp(srv->tmp_buf->ptr, ds->value->ptr, dlen) 2172 : 0 == strncasecmp(srv->tmp_buf->ptr, ds->value->ptr, dlen))) { 2173 break; 2174 } 2175 } 2176 if (i == host->xsendfile_docroot->used) { 2177 log_error_write(srv, __FILE__, __LINE__, "SBs", 2178 "X-Sendfile2 (", srv->tmp_buf, 2179 ") not under configured x-sendfile-docroot(s)"); 2180 return 403; 2181 } 2182 } 2183 2184 if (HANDLER_ERROR == stat_cache_get_entry(srv, con, srv->tmp_buf, &sce)) { 2185 if (hctx->conf.debug) { 2186 log_error_write(srv, __FILE__, __LINE__, "sb", 2187 "send-file error: couldn't get stat_cache entry for X-Sendfile2:", 2188 srv->tmp_buf); 2189 } 2190 return 404; 2191 } else if (!S_ISREG(sce->st.st_mode)) { 2192 if (hctx->conf.debug) { 2193 log_error_write(srv, __FILE__, __LINE__, "sb", 2194 "send-file error: wrong filetype for X-Sendfile2:", 2195 srv->tmp_buf); 2196 } 2197 return 502; 2198 } 2199 /* found the file */ 2200 2201 /* parse range */ 2202 end_range = sce->st.st_size - 1; 2203 { 2204 char *rpos = NULL; 2205 errno = 0; 2206 begin_range = strtoll(range, &rpos, 10); 2207 if (errno != 0 || begin_range < 0 || rpos == range) goto range_failed; 2208 if ('-' != *rpos++) goto range_failed; 2209 if (rpos != pos) { 2210 range = rpos; 2211 end_range = strtoll(range, &rpos, 10); 2212 if (errno != 0 || end_range < 0 || rpos == range) goto range_failed; 2213 } 2214 if (rpos != pos) goto range_failed; 2215 2216 goto range_success; 2217 2218 range_failed: 2219 if (hctx->conf.debug) { 2220 log_error_write(srv, __FILE__, __LINE__, "ss", "Couldn't decode range after filename:", filename); 2221 } 2222 return 502; 2223 2224 range_success: ; 2225 } 2226 2227 /* no parameters accepted */ 2228 2229 while (*pos == ' ') pos++; 2230 if (*pos != '\0' && *pos != ',') return 502; 2231 2232 range_len = end_range - begin_range + 1; 2233 if (range_len < 0) return 502; 2234 if (range_len != 0) { 2235 if (0 != http_chunk_append_file_range(srv, con, srv->tmp_buf, begin_range, range_len)) { 2236 return 502; 2237 } 2238 } 2239 sendfile2_content_length += range_len; 2240 2241 if (*pos == ',') pos++; 2242 } 2243 } 2244 break; 2245 case 14: 2246 if (0 == strncasecmp(key, "Content-Length", key_len)) { 2247 con->response.content_length = strtoul(value, NULL, 10); 2248 con->parsed_response |= HTTP_CONTENT_LENGTH; 2249 2250 if (con->response.content_length < 0) con->response.content_length = 0; 2251 } 2252 break; 2253 default: 2254 break; 2255 } 2256 } 2257 2258 if (have_sendfile2) { 2259 data_string *dcls; 2260 2261 /* fix content-length */ 2262 if (NULL == (dcls = (data_string *)array_get_unused_element(con->response.headers, TYPE_STRING))) { 2263 dcls = data_response_init(); 2264 } 2265 2266 buffer_copy_string_len(dcls->key, "Content-Length", sizeof("Content-Length")-1); 2267 buffer_copy_int(dcls->value, sendfile2_content_length); 2268 array_replace(con->response.headers, (data_unset *)dcls); 2269 2270 con->parsed_response |= HTTP_CONTENT_LENGTH; 2271 con->response.content_length = sendfile2_content_length; 2272 return 200; 2273 } 2274 2275 /* CGI/1.1 rev 03 - 7.2.1.2 */ 2276 if ((con->parsed_response & HTTP_LOCATION) && 2277 !(con->parsed_response & HTTP_STATUS)) { 2278 con->http_status = 302; 2279 } 2280 2281 return 0; 2282 } 2283 2284 typedef struct { 2285 buffer *b; 2286 unsigned int len; 2287 int type; 2288 int padding; 2289 int request_id; 2290 } fastcgi_response_packet; 2291 2292 static int fastcgi_get_packet(server *srv, handler_ctx *hctx, fastcgi_response_packet *packet) { 2293 chunk *c; 2294 size_t offset; 2295 size_t toread; 2296 FCGI_Header *header; 2297 2298 if (!hctx->rb->first) return -1; 2299 2300 packet->b = buffer_init(); 2301 packet->len = 0; 2302 packet->type = 0; 2303 packet->padding = 0; 2304 packet->request_id = 0; 2305 2306 offset = 0; toread = 8; 2307 /* get at least the FastCGI header */ 2308 for (c = hctx->rb->first; c; c = c->next) { 2309 size_t weHave = buffer_string_length(c->mem) - c->offset; 2310 2311 if (weHave > toread) weHave = toread; 2312 2313 buffer_append_string_len(packet->b, c->mem->ptr + c->offset, weHave); 2314 toread -= weHave; 2315 offset = weHave; /* skip offset bytes in chunk for "real" data */ 2316 2317 if (0 == toread) break; 2318 } 2319 2320 if (buffer_string_length(packet->b) < sizeof(FCGI_Header)) { 2321 /* no header */ 2322 if (hctx->conf.debug) { 2323 log_error_write(srv, __FILE__, __LINE__, "sdsds", "FastCGI: header too small:", buffer_string_length(packet->b), "bytes <", sizeof(FCGI_Header), "bytes, waiting for more data"); 2324 } 2325 2326 buffer_free(packet->b); 2327 2328 return -1; 2329 } 2330 2331 /* we have at least a header, now check how much me have to fetch */ 2332 header = (FCGI_Header *)(packet->b->ptr); 2333 2334 packet->len = (header->contentLengthB0 | (header->contentLengthB1 << 8)) + header->paddingLength; 2335 packet->request_id = (header->requestIdB0 | (header->requestIdB1 << 8)); 2336 packet->type = header->type; 2337 packet->padding = header->paddingLength; 2338 2339 /* ->b should only be the content */ 2340 buffer_string_set_length(packet->b, 0); 2341 2342 if (packet->len) { 2343 /* copy the content */ 2344 for (; c && (buffer_string_length(packet->b) < packet->len); c = c->next) { 2345 size_t weWant = packet->len - buffer_string_length(packet->b); 2346 size_t weHave = buffer_string_length(c->mem) - c->offset - offset; 2347 2348 if (weHave > weWant) weHave = weWant; 2349 2350 buffer_append_string_len(packet->b, c->mem->ptr + c->offset + offset, weHave); 2351 2352 /* we only skipped the first bytes as they belonged to the fcgi header */ 2353 offset = 0; 2354 } 2355 2356 if (buffer_string_length(packet->b) < packet->len) { 2357 /* we didn't get the full packet */ 2358 2359 buffer_free(packet->b); 2360 return -1; 2361 } 2362 2363 buffer_string_set_length(packet->b, buffer_string_length(packet->b) - packet->padding); 2364 } 2365 2366 chunkqueue_mark_written(hctx->rb, packet->len + sizeof(FCGI_Header)); 2367 2368 return 0; 2369 } 2370 2371 static int fcgi_demux_response(server *srv, handler_ctx *hctx) { 2372 int fin = 0; 2373 int toread, ret; 2374 ssize_t r = 0; 2375 2376 plugin_data *p = hctx->plugin_data; 2377 connection *con = hctx->remote_conn; 2378 int fcgi_fd = hctx->fd; 2379 fcgi_extension_host *host= hctx->host; 2380 fcgi_proc *proc = hctx->proc; 2381 2382 /* 2383 * check how much we have to read 2384 */ 2385 #if !defined(_WIN32) && !defined(__CYGWIN__) 2386 if (ioctl(hctx->fd, FIONREAD, &toread)) { 2387 if (errno == EAGAIN) { 2388 fdevent_event_add(srv->ev, &(hctx->fde_ndx), hctx->fd, FDEVENT_IN); 2389 return 0; 2390 } 2391 log_error_write(srv, __FILE__, __LINE__, "sd", 2392 "unexpected end-of-file (perhaps the fastcgi process died):", 2393 fcgi_fd); 2394 return -1; 2395 } 2396 #else 2397 toread = 4096; 2398 #endif 2399 2400 if (toread > 0) { 2401 char *mem; 2402 size_t mem_len; 2403 2404 if ((con->conf.stream_response_body & FDEVENT_STREAM_RESPONSE_BUFMIN)) { 2405 off_t cqlen = chunkqueue_length(hctx->rb); 2406 if (cqlen + toread > 65536 + (int)sizeof(FCGI_Header)) { /*(max size of FastCGI packet + 1)*/ 2407 if (cqlen < 65536 + (int)sizeof(FCGI_Header)) { 2408 toread = 65536 + (int)sizeof(FCGI_Header) - cqlen; 2409 } else { /* should not happen */ 2410 toread = toread < 1024 ? toread : 1024; 2411 } 2412 } 2413 } 2414 2415 chunkqueue_get_memory(hctx->rb, &mem, &mem_len, 0, toread); 2416 r = read(hctx->fd, mem, mem_len); 2417 chunkqueue_use_memory(hctx->rb, r > 0 ? r : 0); 2418 2419 if (-1 == r) { 2420 if (errno == EAGAIN) { 2421 fdevent_event_add(srv->ev, &(hctx->fde_ndx), hctx->fd, FDEVENT_IN); 2422 return 0; 2423 } 2424 log_error_write(srv, __FILE__, __LINE__, "sds", 2425 "unexpected end-of-file (perhaps the fastcgi process died):", 2426 fcgi_fd, strerror(errno)); 2427 return -1; 2428 } 2429 } 2430 if (0 == r) { 2431 log_error_write(srv, __FILE__, __LINE__, "ssdsb", 2432 "unexpected end-of-file (perhaps the fastcgi process died):", 2433 "pid:", proc->pid, 2434 "socket:", proc->connection_name); 2435 2436 return -1; 2437 } 2438 2439 /* 2440 * parse the fastcgi packets and forward the content to the write-queue 2441 * 2442 */ 2443 while (fin == 0) { 2444 fastcgi_response_packet packet; 2445 2446 /* check if we have at least one packet */ 2447 if (0 != fastcgi_get_packet(srv, hctx, &packet)) { 2448 /* no full packet */ 2449 break; 2450 } 2451 2452 switch(packet.type) { 2453 case FCGI_STDOUT: 2454 if (packet.len == 0) break; 2455 2456 /* is the header already finished */ 2457 if (0 == con->file_started) { 2458 char *c; 2459 data_string *ds; 2460 2461 /* search for header terminator 2462 * 2463 * if we start with \r\n check if last packet terminated with \r\n 2464 * if we start with \n check if last packet terminated with \n 2465 * search for \r\n\r\n 2466 * search for \n\n 2467 */ 2468 2469 buffer_append_string_buffer(hctx->response_header, packet.b); 2470 2471 if (NULL != (c = buffer_search_string_len(hctx->response_header, CONST_STR_LEN("\r\n\r\n")))) { 2472 char *hend = c + 4; /* header end == body start */ 2473 size_t hlen = hend - hctx->response_header->ptr; 2474 buffer_copy_string_len(packet.b, hend, buffer_string_length(hctx->response_header) - hlen); 2475 buffer_string_set_length(hctx->response_header, hlen); 2476 } else if (NULL != (c = buffer_search_string_len(hctx->response_header, CONST_STR_LEN("\n\n")))) { 2477 char *hend = c + 2; /* header end == body start */ 2478 size_t hlen = hend - hctx->response_header->ptr; 2479 buffer_copy_string_len(packet.b, hend, buffer_string_length(hctx->response_header) - hlen); 2480 buffer_string_set_length(hctx->response_header, hlen); 2481 } else { 2482 /* no luck, no header found */ 2483 /*(reuse MAX_HTTP_REQUEST_HEADER as max size for response headers from backends)*/ 2484 if (buffer_string_length(hctx->response_header) > MAX_HTTP_REQUEST_HEADER) { 2485 log_error_write(srv, __FILE__, __LINE__, "sb", "response headers too large for", con->uri.path); 2486 con->http_status = 502; /* Bad Gateway */ 2487 con->mode = DIRECT; 2488 fin = 1; 2489 } 2490 break; 2491 } 2492 2493 /* parse the response header */ 2494 if ((ret = fcgi_response_parse(srv, con, p, hctx->response_header))) { 2495 if (200 != ret) { /*(200 returned for X-Sendfile2 handled)*/ 2496 con->http_status = ret; 2497 con->mode = DIRECT; 2498 } 2499 con->file_started = 1; 2500 hctx->send_content_body = 0; 2501 fin = 1; 2502 break; 2503 } 2504 2505 con->file_started = 1; 2506 2507 if (hctx->fcgi_mode == FCGI_AUTHORIZER && 2508 (con->http_status == 0 || 2509 con->http_status == 200)) { 2510 /* a authorizer with approved the static request, ignore the content here */ 2511 hctx->send_content_body = 0; 2512 } 2513 2514 if (host->xsendfile_allow && hctx->send_content_body && 2515 (NULL != (ds = (data_string *) array_get_element(con->response.headers, "X-LIGHTTPD-send-file")) 2516 || NULL != (ds = (data_string *) array_get_element(con->response.headers, "X-Sendfile")))) { 2517 http_response_xsendfile(srv, con, ds->value, host->xsendfile_docroot); 2518 if (con->mode == DIRECT) { 2519 fin = 1; 2520 } 2521 2522 hctx->send_content_body = 0; /* ignore the content */ 2523 break; 2524 } 2525 } 2526 2527 if (hctx->send_content_body && !buffer_string_is_empty(packet.b)) { 2528 if (0 != http_chunk_append_buffer(srv, con, packet.b)) { 2529 /* error writing to tempfile; 2530 * truncate response or send 500 if nothing sent yet */ 2531 fin = 1; 2532 break; 2533 } 2534 if ((con->conf.stream_response_body & FDEVENT_STREAM_RESPONSE_BUFMIN) 2535 && chunkqueue_length(con->write_queue) > 65536 - 4096) { 2536 if (!con->is_writable) { 2537 /*(defer removal of FDEVENT_IN interest since 2538 * connection_state_machine() might be able to send data 2539 * immediately, unless !con->is_writable, where 2540 * connection_state_machine() might not loop back to call 2541 * mod_fastcgi_handle_subrequest())*/ 2542 fdevent_event_clr(srv->ev, &(hctx->fde_ndx), hctx->fd, FDEVENT_IN); 2543 } 2544 } 2545 } 2546 break; 2547 case FCGI_STDERR: 2548 if (packet.len == 0) break; 2549 2550 log_error_write_multiline_buffer(srv, __FILE__, __LINE__, packet.b, "s", 2551 "FastCGI-stderr:"); 2552 2553 break; 2554 case FCGI_END_REQUEST: 2555 fin = 1; 2556 break; 2557 default: 2558 log_error_write(srv, __FILE__, __LINE__, "sd", 2559 "FastCGI: header.type not handled: ", packet.type); 2560 break; 2561 } 2562 buffer_free(packet.b); 2563 } 2564 2565 return fin; 2566 } 2567 2568 static int fcgi_restart_dead_procs(server *srv, plugin_data *p, fcgi_extension_host *host) { 2569 fcgi_proc *proc; 2570 2571 for (proc = host->first; proc; proc = proc->next) { 2572 int status; 2573 2574 if (p->conf.debug > 2) { 2575 log_error_write(srv, __FILE__, __LINE__, "sbdddd", 2576 "proc:", 2577 proc->connection_name, 2578 proc->state, 2579 proc->is_local, 2580 proc->load, 2581 proc->pid); 2582 } 2583 2584 /* 2585 * if the remote side is overloaded, we check back after <n> seconds 2586 * 2587 */ 2588 switch (proc->state) { 2589 case PROC_STATE_KILLED: 2590 case PROC_STATE_UNSET: 2591 /* this should never happen as long as adaptive spawing is disabled */ 2592 force_assert(0); 2593 2594 break; 2595 case PROC_STATE_RUNNING: 2596 break; 2597 case PROC_STATE_OVERLOADED: 2598 if (srv->cur_ts <= proc->disabled_until) break; 2599 2600 proc->state = PROC_STATE_RUNNING; 2601 host->active_procs++; 2602 2603 log_error_write(srv, __FILE__, __LINE__, "sbdb", 2604 "fcgi-server re-enabled:", 2605 host->host, host->port, 2606 host->unixsocket); 2607 break; 2608 case PROC_STATE_DIED_WAIT_FOR_PID: 2609 /* non-local procs don't have PIDs to wait for */ 2610 if (!proc->is_local) { 2611 proc->state = PROC_STATE_DIED; 2612 } else { 2613 /* the child should not terminate at all */ 2614 2615 for ( ;; ) { 2616 switch(waitpid(proc->pid, &status, WNOHANG)) { 2617 case 0: 2618 /* child is still alive */ 2619 if (srv->cur_ts <= proc->disabled_until) break; 2620 2621 proc->state = PROC_STATE_RUNNING; 2622 host->active_procs++; 2623 2624 log_error_write(srv, __FILE__, __LINE__, "sbdb", 2625 "fcgi-server re-enabled:", 2626 host->host, host->port, 2627 host->unixsocket); 2628 break; 2629 case -1: 2630 if (errno == EINTR) continue; 2631 2632 log_error_write(srv, __FILE__, __LINE__, "sd", 2633 "child died somehow, waitpid failed:", 2634 errno); 2635 proc->state = PROC_STATE_DIED; 2636 break; 2637 default: 2638 if (WIFEXITED(status)) { 2639 #if 0 2640 log_error_write(srv, __FILE__, __LINE__, "sdsd", 2641 "child exited, pid:", proc->pid, 2642 "status:", WEXITSTATUS(status)); 2643 #endif 2644 } else if (WIFSIGNALED(status)) { 2645 log_error_write(srv, __FILE__, __LINE__, "sd", 2646 "child signaled:", 2647 WTERMSIG(status)); 2648 } else { 2649 log_error_write(srv, __FILE__, __LINE__, "sd", 2650 "child died somehow:", 2651 status); 2652 } 2653 2654 proc->state = PROC_STATE_DIED; 2655 break; 2656 } 2657 break; 2658 } 2659 } 2660 2661 /* fall through if we have a dead proc now */ 2662 if (proc->state != PROC_STATE_DIED) break; 2663 2664 case PROC_STATE_DIED: 2665 /* local procs get restarted by us, 2666 * remote ones hopefully by the admin */ 2667 2668 if (!buffer_string_is_empty(host->bin_path)) { 2669 /* we still have connections bound to this proc, 2670 * let them terminate first */ 2671 if (proc->load != 0) break; 2672 2673 /* restart the child */ 2674 2675 if (p->conf.debug) { 2676 log_error_write(srv, __FILE__, __LINE__, "ssbsdsd", 2677 "--- fastcgi spawning", 2678 "\n\tsocket", proc->connection_name, 2679 "\n\tcurrent:", 1, "/", host->max_procs); 2680 } 2681 2682 if (fcgi_spawn_connection(srv, p, host, proc)) { 2683 log_error_write(srv, __FILE__, __LINE__, "s", 2684 "ERROR: spawning fcgi failed."); 2685 return HANDLER_ERROR; 2686 } 2687 } else { 2688 if (srv->cur_ts <= proc->disabled_until) break; 2689 2690 proc->state = PROC_STATE_RUNNING; 2691 host->active_procs++; 2692 2693 log_error_write(srv, __FILE__, __LINE__, "sb", 2694 "fcgi-server re-enabled:", 2695 proc->connection_name); 2696 } 2697 break; 2698 } 2699 } 2700 2701 return 0; 2702 } 2703 2704 static handler_t fcgi_write_request(server *srv, handler_ctx *hctx) { 2705 plugin_data *p = hctx->plugin_data; 2706 fcgi_extension_host *host= hctx->host; 2707 connection *con = hctx->remote_conn; 2708 fcgi_proc *proc; 2709 2710 int ret; 2711 2712 /* we can't handle this in the switch as we have to fall through in it */ 2713 if (hctx->state == FCGI_STATE_CONNECT_DELAYED) { 2714 int socket_error; 2715 socklen_t socket_error_len = sizeof(socket_error); 2716 2717 /* try to finish the connect() */ 2718 if (0 != getsockopt(hctx->fd, SOL_SOCKET, SO_ERROR, &socket_error, &socket_error_len)) { 2719 log_error_write(srv, __FILE__, __LINE__, "ss", 2720 "getsockopt failed:", strerror(errno)); 2721 2722 fcgi_host_disable(srv, hctx); 2723 2724 return HANDLER_ERROR; 2725 } 2726 if (socket_error != 0) { 2727 if (!hctx->proc->is_local || hctx->conf.debug) { 2728 /* local procs get restarted */ 2729 2730 log_error_write(srv, __FILE__, __LINE__, "sssb", 2731 "establishing connection failed:", strerror(socket_error), 2732 "socket:", hctx->proc->connection_name); 2733 } 2734 2735 fcgi_host_disable(srv, hctx); 2736 log_error_write(srv, __FILE__, __LINE__, "sdssdsd", 2737 "backend is overloaded; we'll disable it for", hctx->host->disable_time, "seconds and send the request to another backend instead:", 2738 "reconnects:", hctx->reconnects, 2739 "load:", host->load); 2740 2741 fastcgi_status_copy_procname(p->statuskey, hctx->host, hctx->proc); 2742 buffer_append_string_len(p->statuskey, CONST_STR_LEN(".died")); 2743 2744 status_counter_inc(srv, CONST_BUF_LEN(p->statuskey)); 2745 2746 return HANDLER_ERROR; 2747 } 2748 /* go on with preparing the request */ 2749 hctx->state = FCGI_STATE_PREPARE_WRITE; 2750 } 2751 2752 2753 switch(hctx->state) { 2754 case FCGI_STATE_CONNECT_DELAYED: 2755 /* should never happen */ 2756 return HANDLER_WAIT_FOR_EVENT; 2757 case FCGI_STATE_INIT: 2758 /* do we have a running process for this host (max-procs) ? */ 2759 hctx->proc = NULL; 2760 2761 for (proc = hctx->host->first; 2762 proc && proc->state != PROC_STATE_RUNNING; 2763 proc = proc->next); 2764 2765 /* all children are dead */ 2766 if (proc == NULL) { 2767 hctx->fde_ndx = -1; 2768 2769 return HANDLER_ERROR; 2770 } 2771 2772 hctx->proc = proc; 2773 2774 /* check the other procs if they have a lower load */ 2775 for (proc = proc->next; proc; proc = proc->next) { 2776 if (proc->state != PROC_STATE_RUNNING) continue; 2777 if (proc->load < hctx->proc->load) hctx->proc = proc; 2778 } 2779 2780 if (-1 == (hctx->fd = fdevent_socket_nb_cloexec(host->family, SOCK_STREAM, 0))) { 2781 if (errno == EMFILE || 2782 errno == EINTR) { 2783 log_error_write(srv, __FILE__, __LINE__, "sd", 2784 "wait for fd at connection:", con->fd); 2785 2786 return HANDLER_WAIT_FOR_FD; 2787 } 2788 2789 log_error_write(srv, __FILE__, __LINE__, "ssdd", 2790 "socket failed:", strerror(errno), srv->cur_fds, srv->max_fds); 2791 return HANDLER_ERROR; 2792 } 2793 hctx->fde_ndx = -1; 2794 2795 srv->cur_fds++; 2796 2797 fdevent_register(srv->ev, hctx->fd, fcgi_handle_fdevent, hctx); 2798 2799 if (-1 == fdevent_fcntl_set(srv->ev, hctx->fd)) { 2800 log_error_write(srv, __FILE__, __LINE__, "ss", 2801 "fcntl failed:", strerror(errno)); 2802 2803 return HANDLER_ERROR; 2804 } 2805 2806 if (hctx->proc->is_local) { 2807 hctx->pid = hctx->proc->pid; 2808 } 2809 2810 switch (fcgi_establish_connection(srv, hctx)) { 2811 case CONNECTION_DELAYED: 2812 /* connection is in progress, wait for an event and call getsockopt() below */ 2813 2814 fdevent_event_set(srv->ev, &(hctx->fde_ndx), hctx->fd, FDEVENT_OUT); 2815 2816 fcgi_set_state(srv, hctx, FCGI_STATE_CONNECT_DELAYED); 2817 return HANDLER_WAIT_FOR_EVENT; 2818 case CONNECTION_OVERLOADED: 2819 /* cool down the backend, it is overloaded 2820 * -> EAGAIN */ 2821 2822 if (hctx->host->disable_time) { 2823 log_error_write(srv, __FILE__, __LINE__, "sdssdsd", 2824 "backend is overloaded; we'll disable it for", hctx->host->disable_time, "seconds and send the request to another backend instead:", 2825 "reconnects:", hctx->reconnects, 2826 "load:", host->load); 2827 2828 hctx->proc->disabled_until = srv->cur_ts + hctx->host->disable_time; 2829 if (hctx->proc->state == PROC_STATE_RUNNING) hctx->host->active_procs--; 2830 hctx->proc->state = PROC_STATE_OVERLOADED; 2831 } 2832 2833 fastcgi_status_copy_procname(p->statuskey, hctx->host, hctx->proc); 2834 buffer_append_string_len(p->statuskey, CONST_STR_LEN(".overloaded")); 2835 2836 status_counter_inc(srv, CONST_BUF_LEN(p->statuskey)); 2837 2838 return HANDLER_ERROR; 2839 case CONNECTION_DEAD: 2840 /* we got a hard error from the backend like 2841 * - ECONNREFUSED for tcp-ip sockets 2842 * - ENOENT for unix-domain-sockets 2843 * 2844 * for check if the host is back in hctx->host->disable_time seconds 2845 * */ 2846 2847 fcgi_host_disable(srv, hctx); 2848 2849 log_error_write(srv, __FILE__, __LINE__, "sdssdsd", 2850 "backend died; we'll disable it for", hctx->host->disable_time, "seconds and send the request to another backend instead:", 2851 "reconnects:", hctx->reconnects, 2852 "load:", host->load); 2853 2854 fastcgi_status_copy_procname(p->statuskey, hctx->host, hctx->proc); 2855 buffer_append_string_len(p->statuskey, CONST_STR_LEN(".died")); 2856 2857 status_counter_inc(srv, CONST_BUF_LEN(p->statuskey)); 2858 2859 return HANDLER_ERROR; 2860 case CONNECTION_OK: 2861 /* everything is ok, go on */ 2862 2863 fcgi_set_state(srv, hctx, FCGI_STATE_PREPARE_WRITE); 2864 2865 break; 2866 } 2867 /* fallthrough */ 2868 case FCGI_STATE_PREPARE_WRITE: 2869 /* ok, we have the connection */ 2870 2871 fcgi_proc_load_inc(srv, hctx); 2872 hctx->got_proc = 1; 2873 2874 status_counter_inc(srv, CONST_STR_LEN("fastcgi.requests")); 2875 2876 fastcgi_status_copy_procname(p->statuskey, hctx->host, hctx->proc); 2877 buffer_append_string_len(p->statuskey, CONST_STR_LEN(".connected")); 2878 2879 status_counter_inc(srv, CONST_BUF_LEN(p->statuskey)); 2880 2881 if (hctx->conf.debug) { 2882 log_error_write(srv, __FILE__, __LINE__, "ssdsbsd", 2883 "got proc:", 2884 "pid:", hctx->proc->pid, 2885 "socket:", hctx->proc->connection_name, 2886 "load:", hctx->proc->load); 2887 } 2888 2889 /* move the proc-list entry down the list */ 2890 if (hctx->request_id == 0) { 2891 hctx->request_id = 1; /* always use id 1 as we don't use multiplexing */ 2892 } else { 2893 log_error_write(srv, __FILE__, __LINE__, "sd", 2894 "fcgi-request is already in use:", hctx->request_id); 2895 } 2896 2897 if (-1 == fcgi_create_env(srv, hctx, hctx->request_id)) return HANDLER_ERROR; 2898 2899 fdevent_event_add(srv->ev, &(hctx->fde_ndx), hctx->fd, FDEVENT_IN); 2900 fcgi_set_state(srv, hctx, FCGI_STATE_WRITE); 2901 /* fall through */ 2902 case FCGI_STATE_WRITE: 2903 ret = srv->network_backend_write(srv, con, hctx->fd, hctx->wb, MAX_WRITE_LIMIT); 2904 2905 chunkqueue_remove_finished_chunks(hctx->wb); 2906 2907 if (ret < 0) { 2908 switch(errno) { 2909 case EPIPE: 2910 case ENOTCONN: 2911 case ECONNRESET: 2912 /* the connection got dropped after accept() 2913 * we don't care about that - if you accept() it, you have to handle it. 2914 */ 2915 2916 log_error_write(srv, __FILE__, __LINE__, "ssosb", 2917 "connection was dropped after accept() (perhaps the fastcgi process died),", 2918 "write-offset:", hctx->wb->bytes_out, 2919 "socket:", hctx->proc->connection_name); 2920 2921 return HANDLER_ERROR; 2922 default: 2923 log_error_write(srv, __FILE__, __LINE__, "ssd", 2924 "write failed:", strerror(errno), errno); 2925 2926 return HANDLER_ERROR; 2927 } 2928 } 2929 2930 if (hctx->wb->bytes_out == hctx->wb_reqlen) { 2931 fdevent_event_clr(srv->ev, &(hctx->fde_ndx), hctx->fd, FDEVENT_OUT); 2932 fcgi_set_state(srv, hctx, FCGI_STATE_READ); 2933 } else { 2934 off_t wblen = hctx->wb->bytes_in - hctx->wb->bytes_out; 2935 if (hctx->wb->bytes_in < hctx->wb_reqlen && wblen < 65536 - 16384) { 2936 /*(con->conf.stream_request_body & FDEVENT_STREAM_REQUEST)*/ 2937 if (!(con->conf.stream_request_body & FDEVENT_STREAM_REQUEST_POLLIN)) { 2938 con->conf.stream_request_body |= FDEVENT_STREAM_REQUEST_POLLIN; 2939 con->is_readable = 1; /* trigger optimistic read from client */ 2940 } 2941 } 2942 if (0 == wblen) { 2943 fdevent_event_clr(srv->ev, &(hctx->fde_ndx), hctx->fd, FDEVENT_OUT); 2944 } else { 2945 fdevent_event_add(srv->ev, &(hctx->fde_ndx), hctx->fd, FDEVENT_OUT); 2946 } 2947 } 2948 2949 return HANDLER_WAIT_FOR_EVENT; 2950 case FCGI_STATE_READ: 2951 /* waiting for a response */ 2952 return HANDLER_WAIT_FOR_EVENT; 2953 default: 2954 log_error_write(srv, __FILE__, __LINE__, "s", "(debug) unknown state"); 2955 return HANDLER_ERROR; 2956 } 2957 } 2958 2959 2960 /* might be called on fdevent after a connect() is delay too 2961 * */ 2962 static handler_t fcgi_send_request(server *srv, handler_ctx *hctx) { 2963 /* ok, create the request */ 2964 fcgi_extension_host *host = hctx->host; 2965 handler_t rc = fcgi_write_request(srv, hctx); 2966 if (HANDLER_ERROR != rc) { 2967 return rc; 2968 } else { 2969 plugin_data *p = hctx->plugin_data; 2970 connection *con = hctx->remote_conn; 2971 2972 if (hctx->state == FCGI_STATE_INIT || 2973 hctx->state == FCGI_STATE_CONNECT_DELAYED) { 2974 fcgi_restart_dead_procs(srv, p, host); 2975 2976 /* cleanup this request and let the request handler start this request again */ 2977 if (hctx->reconnects++ < 5) { 2978 return fcgi_reconnect(srv, hctx); 2979 } else { 2980 fcgi_connection_close(srv, hctx); 2981 con->http_status = 503; 2982 2983 return HANDLER_FINISHED; 2984 } 2985 } else { 2986 int status = con->http_status; 2987 fcgi_connection_close(srv, hctx); 2988 con->http_status = (status == 400) ? 400 : 503; 2989 2990 return HANDLER_FINISHED; 2991 } 2992 } 2993 } 2994 2995 2996 static handler_t fcgi_recv_response(server *srv, handler_ctx *hctx); 2997 2998 2999 SUBREQUEST_FUNC(mod_fastcgi_handle_subrequest) { 3000 plugin_data *p = p_d; 3001 3002 handler_ctx *hctx = con->plugin_ctx[p->id]; 3003 3004 if (NULL == hctx) return HANDLER_GO_ON; 3005 3006 /* not my job */ 3007 if (con->mode != p->id) return HANDLER_GO_ON; 3008 3009 if ((con->conf.stream_response_body & FDEVENT_STREAM_RESPONSE_BUFMIN) 3010 && con->file_started) { 3011 if (chunkqueue_length(con->write_queue) > 65536 - 4096) { 3012 fdevent_event_clr(srv->ev, &(hctx->fde_ndx), hctx->fd, FDEVENT_IN); 3013 } else if (!(fdevent_event_get_interest(srv->ev, hctx->fd) & FDEVENT_IN)) { 3014 /* optimistic read from backend, which might re-enable FDEVENT_IN */ 3015 handler_t rc = fcgi_recv_response(srv, hctx); /*(might invalidate hctx)*/ 3016 if (rc != HANDLER_GO_ON) return rc; /*(unless HANDLER_GO_ON)*/ 3017 } 3018 } 3019 3020 /* (do not receive request body before FCGI_AUTHORIZER has run or else 3021 * the request body is discarded with handler_ctx_clear() after running 3022 * the FastCGI Authorizer) */ 3023 3024 if (hctx->fcgi_mode != FCGI_AUTHORIZER 3025 && (0 == hctx->wb->bytes_in 3026 ? con->state == CON_STATE_READ_POST 3027 : hctx->wb->bytes_in < hctx->wb_reqlen)) { 3028 /*(64k - 4k to attempt to avoid temporary files 3029 * in conjunction with FDEVENT_STREAM_REQUEST_BUFMIN)*/ 3030 if (hctx->wb->bytes_in - hctx->wb->bytes_out > 65536 - 4096 3031 && (con->conf.stream_request_body & FDEVENT_STREAM_REQUEST_BUFMIN)){ 3032 con->conf.stream_request_body &= ~FDEVENT_STREAM_REQUEST_POLLIN; 3033 if (0 != hctx->wb->bytes_in) return HANDLER_WAIT_FOR_EVENT; 3034 } else { 3035 handler_t r = connection_handle_read_post_state(srv, con); 3036 chunkqueue *req_cq = con->request_content_queue; 3037 if (0 != hctx->wb->bytes_in && !chunkqueue_is_empty(req_cq)) { 3038 fcgi_stdin_append(srv, con, hctx, hctx->request_id); 3039 if (fdevent_event_get_interest(srv->ev, hctx->fd) & FDEVENT_OUT) { 3040 return (r == HANDLER_GO_ON) ? HANDLER_WAIT_FOR_EVENT : r; 3041 } 3042 } 3043 if (r != HANDLER_GO_ON) return r; 3044 3045 /* CGI environment requires that Content-Length be set. 3046 * Send 411 Length Required if Content-Length missing. 3047 * (occurs here if client sends Transfer-Encoding: chunked 3048 * and module is flagged to stream request body to backend) */ 3049 if (-1 == con->request.content_length) { 3050 return connection_handle_read_post_error(srv, con, 411); 3051 } 3052 } 3053 } 3054 3055 return ((0 == hctx->wb->bytes_in || !chunkqueue_is_empty(hctx->wb)) 3056 && hctx->state != FCGI_STATE_CONNECT_DELAYED) 3057 ? fcgi_send_request(srv, hctx) 3058 : HANDLER_WAIT_FOR_EVENT; 3059 } 3060 3061 3062 static handler_t fcgi_recv_response(server *srv, handler_ctx *hctx) { 3063 connection *con = hctx->remote_conn; 3064 plugin_data *p = hctx->plugin_data; 3065 3066 fcgi_proc *proc = hctx->proc; 3067 fcgi_extension_host *host= hctx->host; 3068 3069 switch (fcgi_demux_response(srv, hctx)) { 3070 case 0: 3071 break; 3072 case 1: 3073 3074 if (hctx->fcgi_mode == FCGI_AUTHORIZER && 3075 (con->http_status == 200 || 3076 con->http_status == 0)) { 3077 /* 3078 * If we are here in AUTHORIZER mode then a request for authorizer 3079 * was processed already, and status 200 has been returned. We need 3080 * now to handle authorized request. 3081 */ 3082 buffer *physpath = NULL; 3083 3084 if (!buffer_string_is_empty(host->docroot)) { 3085 buffer_copy_buffer(con->physical.doc_root, host->docroot); 3086 buffer_copy_buffer(con->physical.basedir, host->docroot); 3087 3088 buffer_copy_buffer(con->physical.path, host->docroot); 3089 buffer_append_string_buffer(con->physical.path, con->uri.path); 3090 physpath = con->physical.path; 3091 } 3092 3093 fcgi_backend_close(srv, hctx); 3094 handler_ctx_clear(hctx); 3095 3096 /* don't do more than 6 loops here, that normally shouldn't happen */ 3097 if (++con->loops_per_request > 5) { 3098 log_error_write(srv, __FILE__, __LINE__, "sb", "too many loops while processing request:", con->request.orig_uri); 3099 con->http_status = 500; /* Internal Server Error */ 3100 con->mode = DIRECT; 3101 return HANDLER_FINISHED; 3102 } 3103 3104 /* restart the request so other handlers can process it */ 3105 3106 if (physpath) con->physical.path = NULL; 3107 connection_response_reset(srv, con); /*(includes con->http_status = 0)*/ 3108 if (physpath) con->physical.path = physpath; /* preserve con->physical.path with modified docroot */ 3109 3110 /*(FYI: if multiple FastCGI authorizers were to be supported, 3111 * next one could be started here instead of restarting request)*/ 3112 3113 con->mode = DIRECT; 3114 return HANDLER_COMEBACK; 3115 } else { 3116 /* we are done */ 3117 fcgi_connection_close(srv, hctx); 3118 } 3119 3120 return HANDLER_FINISHED; 3121 case -1: 3122 if (proc->pid && proc->state != PROC_STATE_DIED) { 3123 int status; 3124 3125 /* only fetch the zombie if it is not already done */ 3126 3127 switch(waitpid(proc->pid, &status, WNOHANG)) { 3128 case 0: 3129 /* child is still alive */ 3130 break; 3131 case -1: 3132 break; 3133 default: 3134 /* the child should not terminate at all */ 3135 if (WIFEXITED(status)) { 3136 log_error_write(srv, __FILE__, __LINE__, "sdsd", 3137 "child exited, pid:", proc->pid, 3138 "status:", WEXITSTATUS(status)); 3139 } else if (WIFSIGNALED(status)) { 3140 log_error_write(srv, __FILE__, __LINE__, "sd", 3141 "child signaled:", 3142 WTERMSIG(status)); 3143 } else { 3144 log_error_write(srv, __FILE__, __LINE__, "sd", 3145 "child died somehow:", 3146 status); 3147 } 3148 3149 if (hctx->conf.debug) { 3150 log_error_write(srv, __FILE__, __LINE__, "ssbsdsd", 3151 "--- fastcgi spawning", 3152 "\n\tsocket", proc->connection_name, 3153 "\n\tcurrent:", 1, "/", host->max_procs); 3154 } 3155 3156 if (fcgi_spawn_connection(srv, p, host, proc)) { 3157 /* respawning failed, retry later */ 3158 proc->state = PROC_STATE_DIED; 3159 3160 log_error_write(srv, __FILE__, __LINE__, "s", 3161 "respawning failed, will retry later"); 3162 } 3163 3164 break; 3165 } 3166 } 3167 3168 if (con->file_started == 0) { 3169 /* nothing has been sent out yet, try to use another child */ 3170 3171 if (hctx->wb->bytes_out == 0 && 3172 hctx->reconnects++ < 5) { 3173 3174 log_error_write(srv, __FILE__, __LINE__, "ssbsBSBs", 3175 "response not received, request not sent", 3176 "on socket:", proc->connection_name, 3177 "for", con->uri.path, "?", con->uri.query, ", reconnecting"); 3178 3179 return fcgi_reconnect(srv, hctx); 3180 } 3181 3182 log_error_write(srv, __FILE__, __LINE__, "sosbsBSBs", 3183 "response not received, request sent:", hctx->wb->bytes_out, 3184 "on socket:", proc->connection_name, 3185 "for", con->uri.path, "?", con->uri.query, ", closing connection"); 3186 } else { 3187 log_error_write(srv, __FILE__, __LINE__, "ssbsBSBs", 3188 "response already sent out, but backend returned error", 3189 "on socket:", proc->connection_name, 3190 "for", con->uri.path, "?", con->uri.query, ", terminating connection"); 3191 } 3192 3193 http_response_backend_error(srv, con); 3194 fcgi_connection_close(srv, hctx); 3195 return HANDLER_FINISHED; 3196 } 3197 3198 return HANDLER_GO_ON; 3199 } 3200 3201 3202 static handler_t fcgi_handle_fdevent(server *srv, void *ctx, int revents) { 3203 handler_ctx *hctx = ctx; 3204 connection *con = hctx->remote_conn; 3205 3206 joblist_append(srv, con); 3207 3208 if (revents & FDEVENT_IN) { 3209 handler_t rc = fcgi_recv_response(srv, hctx);/*(might invalidate hctx)*/ 3210 if (rc != HANDLER_GO_ON) return rc; /*(unless HANDLER_GO_ON)*/ 3211 } 3212 3213 if (revents & FDEVENT_OUT) { 3214 return fcgi_send_request(srv, hctx); /*(might invalidate hctx)*/ 3215 } 3216 3217 /* perhaps this issue is already handled */ 3218 if (revents & FDEVENT_HUP) { 3219 if (hctx->state == FCGI_STATE_CONNECT_DELAYED) { 3220 /* getoptsock will catch this one (right ?) 3221 * 3222 * if we are in connect we might get an EINPROGRESS 3223 * in the first call and an FDEVENT_HUP in the 3224 * second round 3225 * 3226 * FIXME: as it is a bit ugly. 3227 * 3228 */ 3229 fcgi_send_request(srv, hctx); 3230 } else if (con->file_started) { 3231 /* drain any remaining data from kernel pipe buffers 3232 * even if (con->conf.stream_response_body 3233 * & FDEVENT_STREAM_RESPONSE_BUFMIN) 3234 * since event loop will spin on fd FDEVENT_HUP event 3235 * until unregistered. */ 3236 handler_t rc; 3237 do { 3238 rc = fcgi_recv_response(srv,hctx);/*(might invalidate hctx)*/ 3239 } while (rc == HANDLER_GO_ON); /*(unless HANDLER_GO_ON)*/ 3240 return rc; /* HANDLER_FINISHED or HANDLER_ERROR */ 3241 } else { 3242 fcgi_proc *proc = hctx->proc; 3243 log_error_write(srv, __FILE__, __LINE__, "sBSbsbsd", 3244 "error: unexpected close of fastcgi connection for", 3245 con->uri.path, "?", con->uri.query, 3246 "(no fastcgi process on socket:", proc->connection_name, "?)", 3247 hctx->state); 3248 3249 fcgi_connection_close(srv, hctx); 3250 } 3251 } else if (revents & FDEVENT_ERR) { 3252 log_error_write(srv, __FILE__, __LINE__, "s", 3253 "fcgi: got a FDEVENT_ERR. Don't know why."); 3254 3255 http_response_backend_error(srv, con); 3256 fcgi_connection_close(srv, hctx); 3257 } 3258 3259 return HANDLER_FINISHED; 3260 } 3261 3262 #define PATCH(x) \ 3263 p->conf.x = s->x; 3264 static int fcgi_patch_connection(server *srv, connection *con, plugin_data *p) { 3265 size_t i, j; 3266 plugin_config *s = p->config_storage[0]; 3267 3268 PATCH(exts); 3269 PATCH(exts_auth); 3270 PATCH(exts_resp); 3271 PATCH(debug); 3272 PATCH(ext_mapping); 3273 3274 /* skip the first, the global context */ 3275 for (i = 1; i < srv->config_context->used; i++) { 3276 data_config *dc = (data_config *)srv->config_context->data[i]; 3277 s = p->config_storage[i]; 3278 3279 /* condition didn't match */ 3280 if (!config_check_cond(srv, con, dc)) continue; 3281 3282 /* merge config */ 3283 for (j = 0; j < dc->value->used; j++) { 3284 data_unset *du = dc->value->data[j]; 3285 3286 if (buffer_is_equal_string(du->key, CONST_STR_LEN("fastcgi.server"))) { 3287 PATCH(exts); 3288 PATCH(exts_auth); 3289 PATCH(exts_resp); 3290 } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("fastcgi.debug"))) { 3291 PATCH(debug); 3292 } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("fastcgi.map-extensions"))) { 3293 PATCH(ext_mapping); 3294 } 3295 } 3296 } 3297 3298 return 0; 3299 } 3300 #undef PATCH 3301 3302 3303 static handler_t fcgi_check_extension(server *srv, connection *con, void *p_d, int uri_path_handler) { 3304 plugin_data *p = p_d; 3305 size_t s_len; 3306 size_t k; 3307 buffer *fn; 3308 fcgi_extension *extension = NULL; 3309 fcgi_extension_host *host = NULL; 3310 handler_ctx *hctx; 3311 unsigned short fcgi_mode; 3312 3313 if (con->mode != DIRECT) return HANDLER_GO_ON; 3314 3315 fn = uri_path_handler ? con->uri.path : con->physical.path; 3316 3317 if (buffer_string_is_empty(fn)) return HANDLER_GO_ON; 3318 3319 s_len = buffer_string_length(fn); 3320 3321 fcgi_patch_connection(srv, con, p); 3322 if (NULL == p->conf.exts) return HANDLER_GO_ON; 3323 3324 /* check p->conf.exts_auth list and then p->conf.ext_resp list 3325 * (skip p->conf.exts_auth if array is empty or if FCGI_AUTHORIZER already ran in this request */ 3326 hctx = con->plugin_ctx[p->id]; /*(not NULL if FCGI_AUTHORIZER ran; hctx->ext-auth check is redundant)*/ 3327 fcgi_mode = (NULL == hctx || NULL == hctx->ext_auth) 3328 ? 0 /* FCGI_AUTHORIZER p->conf.exts_auth will be searched next */ 3329 : FCGI_AUTHORIZER; /* FCGI_RESPONDER p->conf.exts_resp will be searched next */ 3330 3331 do { 3332 3333 fcgi_exts *exts; 3334 if (0 == fcgi_mode) { 3335 fcgi_mode = FCGI_AUTHORIZER; 3336 exts = p->conf.exts_auth; 3337 } else { 3338 fcgi_mode = FCGI_RESPONDER; 3339 exts = p->conf.exts_resp; 3340 } 3341 3342 if (0 == exts->used) continue; 3343 3344 /* fastcgi.map-extensions maps extensions to existing fastcgi.server entries 3345 * 3346 * fastcgi.map-extensions = ( ".php3" => ".php" ) 3347 * 3348 * fastcgi.server = ( ".php" => ... ) 3349 * 3350 * */ 3351 3352 /* check if extension-mapping matches */ 3353 for (k = 0; k < p->conf.ext_mapping->used; k++) { 3354 data_string *ds = (data_string *)p->conf.ext_mapping->data[k]; 3355 size_t ct_len; /* length of the config entry */ 3356 3357 if (buffer_is_empty(ds->key)) continue; 3358 3359 ct_len = buffer_string_length(ds->key); 3360 3361 if (s_len < ct_len) continue; 3362 3363 /* found a mapping */ 3364 if (0 == strncmp(fn->ptr + s_len - ct_len, ds->key->ptr, ct_len)) { 3365 /* check if we know the extension */ 3366 3367 /* we can reuse k here */ 3368 for (k = 0; k < exts->used; k++) { 3369 extension = exts->exts[k]; 3370 3371 if (buffer_is_equal(ds->value, extension->key)) { 3372 break; 3373 } 3374 } 3375 3376 if (k == exts->used) { 3377 /* found nothing */ 3378 extension = NULL; 3379 } 3380 break; 3381 } 3382 } 3383 3384 if (extension == NULL) { 3385 size_t uri_path_len = buffer_string_length(con->uri.path); 3386 3387 /* check if extension matches */ 3388 for (k = 0; k < exts->used; k++) { 3389 size_t ct_len; /* length of the config entry */ 3390 fcgi_extension *ext = exts->exts[k]; 3391 3392 if (buffer_is_empty(ext->key)) continue; 3393 3394 ct_len = buffer_string_length(ext->key); 3395 3396 /* check _url_ in the form "/fcgi_pattern" */ 3397 if (ext->key->ptr[0] == '/') { 3398 if ((ct_len <= uri_path_len) && 3399 (strncmp(con->uri.path->ptr, ext->key->ptr, ct_len) == 0)) { 3400 extension = ext; 3401 break; 3402 } 3403 } else if ((ct_len <= s_len) && (0 == strncmp(fn->ptr + s_len - ct_len, ext->key->ptr, ct_len))) { 3404 /* check extension in the form ".fcg" */ 3405 extension = ext; 3406 break; 3407 } 3408 } 3409 } 3410 3411 } while (NULL == extension && fcgi_mode != FCGI_RESPONDER); 3412 3413 /* extension doesn't match */ 3414 if (NULL == extension) { 3415 return HANDLER_GO_ON; 3416 } 3417 3418 /* check if we have at least one server for this extension up and running */ 3419 host = fcgi_extension_host_get(srv, con, p, extension); 3420 if (NULL == host) { 3421 return HANDLER_FINISHED; 3422 } 3423 3424 /* a note about no handler is not sent yet */ 3425 extension->note_is_sent = 0; 3426 3427 /* 3428 * if check-local is disabled, use the uri.path handler 3429 * 3430 */ 3431 3432 /* init handler-context */ 3433 if (uri_path_handler) { 3434 if (host->check_local != 0) { 3435 return HANDLER_GO_ON; 3436 } else { 3437 /* do not split path info for authorizer */ 3438 if (fcgi_mode != FCGI_AUTHORIZER) { 3439 /* the prefix is the SCRIPT_NAME, 3440 * everything from start to the next slash 3441 * this is important for check-local = "disable" 3442 * 3443 * if prefix = /admin.fcgi 3444 * 3445 * /admin.fcgi/foo/bar 3446 * 3447 * SCRIPT_NAME = /admin.fcgi 3448 * PATH_INFO = /foo/bar 3449 * 3450 * if prefix = /fcgi-bin/ 3451 * 3452 * /fcgi-bin/foo/bar 3453 * 3454 * SCRIPT_NAME = /fcgi-bin/foo 3455 * PATH_INFO = /bar 3456 * 3457 * if prefix = /, and fix-root-path-name is enable 3458 * 3459 * /fcgi-bin/foo/bar 3460 * 3461 * SCRIPT_NAME = /fcgi-bin/foo 3462 * PATH_INFO = /bar 3463 * 3464 */ 3465 char *pathinfo; 3466 3467 /* the rewrite is only done for /prefix/? matches */ 3468 if (host->fix_root_path_name && extension->key->ptr[0] == '/' && extension->key->ptr[1] == '\0') { 3469 buffer_copy_string(con->request.pathinfo, con->uri.path->ptr); 3470 buffer_string_set_length(con->uri.path, 0); 3471 } else if (extension->key->ptr[0] == '/' && 3472 buffer_string_length(con->uri.path) > buffer_string_length(extension->key) && 3473 NULL != (pathinfo = strchr(con->uri.path->ptr + buffer_string_length(extension->key), '/'))) { 3474 /* rewrite uri.path and pathinfo */ 3475 3476 buffer_copy_string(con->request.pathinfo, pathinfo); 3477 buffer_string_set_length(con->uri.path, buffer_string_length(con->uri.path) - buffer_string_length(con->request.pathinfo)); 3478 } 3479 } 3480 } 3481 } 3482 3483 if (!hctx) hctx = handler_ctx_init(); 3484 3485 hctx->remote_conn = con; 3486 hctx->plugin_data = p; 3487 hctx->proc = NULL; 3488 hctx->ext = extension; 3489 fcgi_host_assign(srv, hctx, host); 3490 3491 hctx->fcgi_mode = fcgi_mode; 3492 if (fcgi_mode == FCGI_AUTHORIZER) { 3493 hctx->ext_auth = hctx->ext; 3494 } 3495 3496 /*hctx->conf.exts = p->conf.exts;*/ 3497 /*hctx->conf.exts_auth = p->conf.exts_auth;*/ 3498 /*hctx->conf.exts_resp = p->conf.exts_resp;*/ 3499 /*hctx->conf.ext_mapping = p->conf.ext_mapping;*/ 3500 hctx->conf.debug = p->conf.debug; 3501 3502 con->plugin_ctx[p->id] = hctx; 3503 3504 con->mode = p->id; 3505 3506 if (con->conf.log_request_handling) { 3507 log_error_write(srv, __FILE__, __LINE__, "s", "handling it in mod_fastcgi"); 3508 } 3509 3510 return HANDLER_GO_ON; 3511 } 3512 3513 /* uri-path handler */ 3514 static handler_t fcgi_check_extension_1(server *srv, connection *con, void *p_d) { 3515 return fcgi_check_extension(srv, con, p_d, 1); 3516 } 3517 3518 /* start request handler */ 3519 static handler_t fcgi_check_extension_2(server *srv, connection *con, void *p_d) { 3520 return fcgi_check_extension(srv, con, p_d, 0); 3521 } 3522 3523 3524 TRIGGER_FUNC(mod_fastcgi_handle_trigger) { 3525 plugin_data *p = p_d; 3526 size_t i, j, n; 3527 3528 3529 /* perhaps we should kill a connect attempt after 10-15 seconds 3530 * 3531 * currently we wait for the TCP timeout which is 180 seconds on Linux 3532 * 3533 * 3534 * 3535 */ 3536 3537 /* check all children if they are still up */ 3538 3539 for (i = 0; i < srv->config_context->used; i++) { 3540 plugin_config *conf; 3541 fcgi_exts *exts; 3542 3543 conf = p->config_storage[i]; 3544 3545 exts = conf->exts; 3546 if (NULL == exts) continue; 3547 3548 for (j = 0; j < exts->used; j++) { 3549 fcgi_extension *ex; 3550 3551 ex = exts->exts[j]; 3552 3553 for (n = 0; n < ex->used; n++) { 3554 3555 fcgi_proc *proc; 3556 fcgi_extension_host *host; 3557 3558 host = ex->hosts[n]; 3559 3560 for (proc = host->first; proc; proc = proc->next) { 3561 int status; 3562 3563 if (proc->pid == 0) continue; 3564 3565 switch (waitpid(proc->pid, &status, WNOHANG)) { 3566 case 0: 3567 /* child still running after timeout, good */ 3568 break; 3569 case -1: 3570 if (errno != EINTR) { 3571 /* no PID found ? should never happen */ 3572 log_error_write(srv, __FILE__, __LINE__, "sddss", 3573 "pid ", proc->pid, proc->state, 3574 "not found:", strerror(errno)); 3575 } 3576 break; 3577 default: 3578 /* the child should not terminate at all */ 3579 if (WIFEXITED(status)) { 3580 if (proc->state != PROC_STATE_KILLED) { 3581 log_error_write(srv, __FILE__, __LINE__, "sdb", 3582 "child exited:", 3583 WEXITSTATUS(status), proc->connection_name); 3584 } 3585 } else if (WIFSIGNALED(status)) { 3586 if (WTERMSIG(status) != SIGTERM) { 3587 log_error_write(srv, __FILE__, __LINE__, "sd", 3588 "child signaled:", 3589 WTERMSIG(status)); 3590 } 3591 } else { 3592 log_error_write(srv, __FILE__, __LINE__, "sd", 3593 "child died somehow:", 3594 status); 3595 } 3596 proc->pid = 0; 3597 if (proc->state == PROC_STATE_RUNNING) host->active_procs--; 3598 proc->state = PROC_STATE_DIED; 3599 host->max_id--; 3600 } 3601 } 3602 3603 fcgi_restart_dead_procs(srv, p, host); 3604 3605 for (proc = host->unused_procs; proc; proc = proc->next) { 3606 int status; 3607 3608 if (proc->pid == 0) continue; 3609 3610 switch (waitpid(proc->pid, &status, WNOHANG)) { 3611 case 0: 3612 /* child still running after timeout, good */ 3613 break; 3614 case -1: 3615 if (errno != EINTR) { 3616 /* no PID found ? should never happen */ 3617 log_error_write(srv, __FILE__, __LINE__, "sddss", 3618 "pid ", proc->pid, proc->state, 3619 "not found:", strerror(errno)); 3620 3621 #if 0 3622 if (errno == ECHILD) { 3623 /* someone else has cleaned up for us */ 3624 proc->pid = 0; 3625 proc->state = PROC_STATE_UNSET; 3626 } 3627 #endif 3628 } 3629 break; 3630 default: 3631 /* the child should not terminate at all */ 3632 if (WIFEXITED(status)) { 3633 if (proc->state != PROC_STATE_KILLED) { 3634 log_error_write(srv, __FILE__, __LINE__, "sdb", 3635 "child exited:", 3636 WEXITSTATUS(status), proc->connection_name); 3637 } 3638 } else if (WIFSIGNALED(status)) { 3639 if (WTERMSIG(status) != SIGTERM) { 3640 log_error_write(srv, __FILE__, __LINE__, "sd", 3641 "child signaled:", 3642 WTERMSIG(status)); 3643 } 3644 } else { 3645 log_error_write(srv, __FILE__, __LINE__, "sd", 3646 "child died somehow:", 3647 status); 3648 } 3649 proc->pid = 0; 3650 if (proc->state == PROC_STATE_RUNNING) host->active_procs--; 3651 proc->state = PROC_STATE_UNSET; 3652 host->max_id--; 3653 } 3654 } 3655 } 3656 } 3657 } 3658 3659 return HANDLER_GO_ON; 3660 } 3661 3662 3663 int mod_fastcgi_plugin_init(plugin *p); 3664 int mod_fastcgi_plugin_init(plugin *p) { 3665 p->version = LIGHTTPD_VERSION_ID; 3666 p->name = buffer_init_string("fastcgi"); 3667 3668 p->init = mod_fastcgi_init; 3669 p->cleanup = mod_fastcgi_free; 3670 p->set_defaults = mod_fastcgi_set_defaults; 3671 p->connection_reset = fcgi_connection_reset; 3672 p->handle_uri_clean = fcgi_check_extension_1; 3673 p->handle_subrequest_start = fcgi_check_extension_2; 3674 p->handle_subrequest = mod_fastcgi_handle_subrequest; 3675 p->handle_trigger = mod_fastcgi_handle_trigger; 3676 3677 p->data = NULL; 3678 3679 return 0; 3680 } 3681