4 * Apache server module for FastCGI.
6 * $Id: mod_fastcgi.c,v 1.156 2004/01/07 01:56:00 robs Exp $
8 * Copyright (c) 1995-1996 Open Market, Inc.
10 * See the file "LICENSE.TERMS" for information on usage and redistribution
11 * of this file, and for a DISCLAIMER OF ALL WARRANTIES.
14 * Patches for Apache-1.1 provided by
18 * Patches for Linux provided by
20 * <langles@vote-smart.org>
22 * Patches for suexec handling by
23 * Brian Grossman <brian@SoftHome.net> and
24 * Rob Saccoccio <robs@ipass.net>
28 * Module design notes.
32 * mod_fastcgi spawns several processes: one process manager process
33 * and several application processes. None of these processes
34 * handle SIGHUP, so they just go away when the Web server performs
35 * a restart (as Apache does every time it starts.)
37 * In order to allow the process manager to properly cleanup the
38 * running fastcgi processes (without being disturbed by Apache),
39 * an intermediate process was introduced. The diagram is as follows;
41 * ApacheWS --> MiddleProc --> ProcMgr --> FCGI processes
43 * On a restart, ApacheWS sends a SIGKILL to MiddleProc and then
44 * collects it via waitpid(). The ProcMgr periodically checks for
45 * its parent (via getppid()) and if it does not have one, as in
46 * case when MiddleProc has terminated, ProcMgr issues a SIGTERM
47 * to all FCGI processes, waitpid()s on them and then exits, so it
48 * can be collected by init(1). Doing it any other way (short of
49 * changing Apache API), results either in inconsistent results or
50 * in generation of zombie processes.
52 * XXX: How does Apache 1.2 implement "gentle" restart
53 * that does not disrupt current connections? How does
54 * gentle restart interact with restart cleanup?
56 * 2. Request timeouts.
58 * Earlier versions of this module used ap_soft_timeout() rather than
59 * ap_hard_timeout() and ate FastCGI server output until it completed.
60 * This precluded the FastCGI server from having to implement a
61 * SIGPIPE handler, but meant hanging the application longer than
62 * necessary. SIGPIPE handler now must be installed in ALL FastCGI
63 * applications. The handler should abort further processing and go
64 * back into the accept() loop.
66 * Although using ap_soft_timeout() is better than ap_hard_timeout()
67 * we have to be more careful about SIGINT handling and subsequent
68 * processing, so, for now, make it hard.
89 #define timersub(a, b, result) \
91 (result)->tv_sec = (a)->tv_sec - (b)->tv_sec; \
92 (result)->tv_usec = (a)->tv_usec - (b)->tv_usec; \
93 if ((result)->tv_usec < 0) { \
95 (result)->tv_usec += 1000000; \
104 pool
*fcgi_config_pool
; /* the config pool */
105 server_rec
*fcgi_apache_main_server
;
107 const char *fcgi_wrapper
= NULL
; /* wrapper path */
108 uid_t fcgi_user_id
; /* the run uid of Apache & PM */
109 gid_t fcgi_group_id
; /* the run gid of Apache & PM */
111 fcgi_server
*fcgi_servers
= NULL
; /* AppClasses */
113 char *fcgi_socket_dir
= NULL
; /* default FastCgiIpcDir */
115 char *fcgi_dynamic_dir
= NULL
; /* directory for the dynamic
116 * fastcgi apps' sockets */
120 #pragma warning( disable : 4706 4100 4127)
121 fcgi_pm_job
*fcgi_dynamic_mbox
= NULL
;
122 HANDLE
*fcgi_dynamic_mbox_mutex
= NULL
;
123 HANDLE fcgi_pm_thread
= INVALID_HANDLE_VALUE
;
127 int fcgi_pm_pipe
[2] = { -1, -1 };
128 pid_t fcgi_pm_pid
= -1;
132 char *fcgi_empty_env
= NULL
;
134 u_int dynamicMaxProcs
= FCGI_DEFAULT_MAX_PROCS
;
135 int dynamicMinProcs
= FCGI_DEFAULT_MIN_PROCS
;
136 int dynamicMaxClassProcs
= FCGI_DEFAULT_MAX_CLASS_PROCS
;
137 u_int dynamicKillInterval
= FCGI_DEFAULT_KILL_INTERVAL
;
138 u_int dynamicUpdateInterval
= FCGI_DEFAULT_UPDATE_INTERVAL
;
139 float dynamicGain
= FCGI_DEFAULT_GAIN
;
140 int dynamicThreshold1
= FCGI_DEFAULT_THRESHOLD_1
;
141 int dynamicThresholdN
= FCGI_DEFAULT_THRESHOLD_N
;
142 u_int dynamicPleaseStartDelay
= FCGI_DEFAULT_START_PROCESS_DELAY
;
143 u_int dynamicAppConnectTimeout
= FCGI_DEFAULT_APP_CONN_TIMEOUT
;
144 char **dynamicEnvp
= &fcgi_empty_env
;
145 u_int dynamicProcessSlack
= FCGI_DEFAULT_PROCESS_SLACK
;
146 int dynamicAutoRestart
= FCGI_DEFAULT_RESTART_DYNAMIC
;
147 int dynamicAutoUpdate
= FCGI_DEFAULT_AUTOUPDATE
;
148 int dynamicFlush
= FCGI_FLUSH
;
149 u_int dynamicListenQueueDepth
= FCGI_DEFAULT_LISTEN_Q
;
150 u_int dynamicInitStartDelay
= DEFAULT_INIT_START_DELAY
;
151 u_int dynamicRestartDelay
= FCGI_DEFAULT_RESTART_DELAY
;
152 array_header
*dynamic_pass_headers
= NULL
;
153 u_int dynamic_idle_timeout
= FCGI_DEFAULT_IDLE_TIMEOUT
;
154 int dynamicMinServerLife
= FCGI_DEFAULT_MIN_SERVER_LIFE
;
156 /*******************************************************************************
157 * Construct a message and write it to the pm_pipe.
159 static void send_to_pm(const char id
, const char * const fs_path
,
160 const char *user
, const char * const group
, const unsigned long q_usec
,
161 const unsigned long req_usec
)
164 fcgi_pm_job
*job
= NULL
;
166 if (!(job
= (fcgi_pm_job
*) malloc(sizeof(fcgi_pm_job
))))
169 static int failed_count
= 0;
171 char buf
[FCGI_MAX_MSG_LEN
];
174 if (strlen(fs_path
) > FCGI_MAXPATH
) {
175 ap_log_error(FCGI_LOG_ERR_NOERRNO
, fcgi_apache_main_server
,
176 "FastCGI: the path \"%s\" is too long (>%d) for a dynamic server", fs_path
, FCGI_MAXPATH
);
182 case FCGI_SERVER_START_JOB
:
183 case FCGI_SERVER_RESTART_JOB
:
186 job
->fs_path
= strdup(fs_path
);
187 job
->user
= strdup(user
);
188 job
->group
= strdup(group
);
190 job
->start_time
= 0L;
192 buflen
= sprintf(buf
, "%c %s %s %s*", id
, fs_path
, user
, group
);
196 case FCGI_REQUEST_TIMEOUT_JOB
:
199 job
->fs_path
= strdup(fs_path
);
200 job
->user
= strdup(user
);
201 job
->group
= strdup(group
);
203 job
->start_time
= 0L;
205 buflen
= sprintf(buf
, "%c %s %s %s*", id
, fs_path
, user
, group
);
209 case FCGI_REQUEST_COMPLETE_JOB
:
212 job
->fs_path
= strdup(fs_path
);
214 job
->start_time
= req_usec
;
215 job
->user
= strdup(user
);
216 job
->group
= strdup(group
);
218 buflen
= sprintf(buf
, "%c %s %s %s %lu %lu*", id
, fs_path
, user
, group
, q_usec
, req_usec
);
224 if (fcgi_pm_add_job(job
)) return;
226 SetEvent(fcgi_event_handles
[MBOX_EVENT
]);
228 ASSERT(buflen
<= FCGI_MAX_MSG_LEN
);
230 /* There is no apache flag or function that can be used to id
231 * restart/shutdown pending so ignore the first few failures as
232 * once it breaks it will stay broke */
233 if (write(fcgi_pm_pipe
[1], (const void *)buf
, buflen
) != buflen
234 && failed_count
++ > 10)
236 ap_log_error(FCGI_LOG_WARN
, fcgi_apache_main_server
,
237 "FastCGI: write() to PM failed (ignore if a restart or shutdown is pending)");
243 *----------------------------------------------------------------------
247 * An Apache module initializer, called by the Apache core
248 * after reading the server config.
250 * Start the process manager no matter what, since there may be a
251 * request for dynamic FastCGI applications without any being
252 * configured as static applications. Also, check for the existence
253 * and create if necessary a subdirectory into which all dynamic
256 *----------------------------------------------------------------------
259 static apcb_t
init_module(apr_pool_t
* p
, apr_pool_t
* plog
,
260 apr_pool_t
* tp
, server_rec
* s
)
262 static apcb_t
init_module(server_rec
*s
, pool
*p
)
269 /* Register to reset to default values when the config pool is cleaned */
271 ap_register_cleanup(p
, NULL
, fcgi_config_reset_globals
, ap_null_cleanup
);
275 ap_add_version_component(p
, "mod_fastcgi/" MOD_FASTCGI_VERSION
);
277 ap_add_version_component("mod_fastcgi/" MOD_FASTCGI_VERSION
);
280 fcgi_config_set_fcgi_uid_n_gid(1);
282 /* keep these handy */
283 fcgi_config_pool
= p
;
284 fcgi_apache_main_server
= s
;
287 if (fcgi_socket_dir
== NULL
)
288 fcgi_socket_dir
= DEFAULT_SOCK_DIR
;
289 fcgi_dynamic_dir
= ap_pstrcat(p
, fcgi_socket_dir
, "dynamic", NULL
);
292 if (fcgi_socket_dir
== NULL
)
293 fcgi_socket_dir
= ap_server_root_relative(p
, DEFAULT_SOCK_DIR
);
295 /* Create Unix/Domain socket directory */
296 if ((err
= fcgi_config_make_dir(p
, fcgi_socket_dir
)))
297 ap_log_error(FCGI_LOG_ERR
, s
, "FastCGI: %s", err
);
299 /* Create Dynamic directory */
300 if ((err
= fcgi_config_make_dynamic_dir(p
, 1)))
301 ap_log_error(FCGI_LOG_ERR
, s
, "FastCGI: %s", err
);
303 /* Spawn the PM only once. Under Unix, Apache calls init() routines
304 * twice, once before detach() and once after. Win32 doesn't detach.
305 * Under DSO, DSO modules are unloaded between the two init() calls.
306 * Under Unix, the -X switch causes two calls to init() but no detach
307 * (but all subprocesses are wacked so the PM is toasted anyway)! */
312 apr_pool_userdata_get(&first_pass
, "mod_fastcgi", s
->process
->pool
);
313 if (first_pass
== NULL
)
315 apr_pool_userdata_set((const void *)1, "mod_fastcgi",
316 apr_pool_cleanup_null
, s
->process
->pool
);
322 if (ap_standalone
&& ap_restart_time
== 0)
327 /* Create the pipe for comm with the PM */
328 if (pipe(fcgi_pm_pipe
) < 0) {
329 ap_log_error(FCGI_LOG_ERR
, s
, "FastCGI: pipe() failed");
332 /* Start the Process Manager */
336 apr_proc_t
* proc
= apr_palloc(p
, sizeof(*proc
));
339 rv
= apr_proc_fork(proc
, tp
);
341 if (rv
== APR_INCHILD
)
347 else if (rv
!= APR_INPARENT
)
354 apr_pool_note_subprocess(p
, proc
, APR_KILL_ONLY_ONCE
);
358 fcgi_pm_pid
= ap_spawn_child(p
, fcgi_pm_main
, NULL
, kill_only_once
, NULL
, NULL
, NULL
);
359 if (fcgi_pm_pid
<= 0) {
360 ap_log_error(FCGI_LOG_ALERT
, s
,
361 "FastCGI: can't start the process manager, spawn_child() failed");
364 #endif /* !APACHE2 */
366 close(fcgi_pm_pipe
[0]);
375 static apcb_t
fcgi_child_exit(void * dc
)
377 static apcb_t
fcgi_child_exit(server_rec
*dc0
, pool
*dc1
)
380 /* Signal the PM thread to exit*/
381 SetEvent(fcgi_event_handles
[TERM_EVENT
]);
383 /* Waiting on pm thread to exit */
384 WaitForSingleObject(fcgi_pm_thread
, INFINITE
);
391 static void fcgi_child_init(apr_pool_t
* p
, server_rec
* dc
)
393 static void fcgi_child_init(server_rec
*dc
, pool
*p
)
397 /* Create the MBOX, TERM, and WAKE event handlers */
398 fcgi_event_handles
[0] = CreateEvent(NULL
, FALSE
, FALSE
, NULL
);
399 if (fcgi_event_handles
[0] == NULL
) {
400 ap_log_error(FCGI_LOG_ALERT
, fcgi_apache_main_server
,
401 "FastCGI: CreateEvent() failed");
403 fcgi_event_handles
[1] = CreateEvent(NULL
, FALSE
, FALSE
, NULL
);
404 if (fcgi_event_handles
[1] == NULL
) {
405 ap_log_error(FCGI_LOG_ALERT
, fcgi_apache_main_server
,
406 "FastCGI: CreateEvent() failed");
408 fcgi_event_handles
[2] = CreateEvent(NULL
, FALSE
, FALSE
, NULL
);
409 if (fcgi_event_handles
[2] == NULL
) {
410 ap_log_error(FCGI_LOG_ALERT
, fcgi_apache_main_server
,
411 "FastCGI: CreateEvent() failed");
414 /* Create the mbox mutex (PM - request threads) */
415 fcgi_dynamic_mbox_mutex
= CreateMutex(NULL
, FALSE
, NULL
);
416 if (fcgi_dynamic_mbox_mutex
== NULL
) {
417 ap_log_error(FCGI_LOG_ALERT
, fcgi_apache_main_server
,
418 "FastCGI: CreateMutex() failed");
421 /* Spawn of the process manager thread */
422 fcgi_pm_thread
= (HANDLE
) _beginthread(fcgi_pm_main
, 0, NULL
);
423 if (fcgi_pm_thread
== (HANDLE
) -1) {
424 ap_log_error(FCGI_LOG_ALERT
, fcgi_apache_main_server
,
425 "_beginthread() failed to spawn the process manager");
429 apr_pool_cleanup_register(p
, NULL
, fcgi_child_exit
, fcgi_child_exit
);
435 *----------------------------------------------------------------------
439 * Terminate a line: scan to the next newline, scan back to the
440 * first non-space character and store a terminating zero. Return
441 * the next character past the end of the newline.
443 * If the end of the string is reached, ASSERT!
445 * If the FIRST character(s) in the line are '\n' or "\r\n", the
446 * first character is replaced with a NULL and next character
447 * past the newline is returned. NOTE: this condition supercedes
448 * the processing of RFC-822 continuation lines.
450 * If continuation is set to 'TRUE', then it parses a (possible)
451 * sequence of RFC-822 continuation lines.
457 * Termination byte stored in string.
459 *----------------------------------------------------------------------
461 static char *get_header_line(char *start
, int continuation
)
466 if(p
[0] == '\r' && p
[1] == '\n') { /* If EOL in 1st 2 chars */
467 p
++; /* point to \n and stop */
468 } else if(*p
!= '\n') {
471 if(*p
== '\n' && p
[1] != ' ' && p
[1] != '\t')
476 while(*p
!= '\0' && *p
!= '\n') {
487 * Trim any trailing whitespace.
489 while(isspace((unsigned char)p
[-1]) && p
> start
) {
499 static int set_nonblocking(const fcgi_request
* fr
, int nonblocking
)
501 if (fr
->using_npipe_io
)
505 DWORD mode
= PIPE_NOWAIT
| PIPE_READMODE_BYTE
;
506 if (SetNamedPipeHandleState((HANDLE
) fr
->fd
, &mode
, NULL
, NULL
) == 0)
508 ap_log_rerror(FCGI_LOG_ERR
, fr
->r
,
509 "FastCGI: SetNamedPipeHandleState() failed");
516 unsigned long ioctl_arg
= (nonblocking
) ? 1 : 0;
517 if (ioctlsocket(fr
->fd
, FIONBIO
, &ioctl_arg
) != 0)
519 errno
= WSAGetLastError();
520 ap_log_rerror(FCGI_LOG_ERR_ERRNO
, fr
->r
,
521 "FastCGI: ioctlsocket() failed");
531 static int set_nonblocking(const fcgi_request
* fr
, int nonblocking
)
534 int fd_flags
= fcntl(fr
->fd
, F_GETFL
, 0);
536 if (fd_flags
< 0) return -1;
538 #if defined(O_NONBLOCK)
539 nb_flag
= O_NONBLOCK
;
540 #elif defined(O_NDELAY)
542 #elif defined(FNDELAY)
545 #error "TODO - don't read from app until all data from client is posted."
548 fd_flags
= (nonblocking
) ? (fd_flags
| nb_flag
) : (fd_flags
& ~nb_flag
);
550 return fcntl(fr
->fd
, F_SETFL
, fd_flags
);
555 /*******************************************************************************
556 * Close the connection to the FastCGI server. This is normally called by
557 * do_work(), but may also be called as in request pool cleanup.
559 static void close_connection_to_fs(fcgi_request
*fr
)
563 if (fr
->fd
!= INVALID_SOCKET
)
565 set_nonblocking(fr
, FALSE
);
567 if (fr
->using_npipe_io
)
569 CloseHandle((HANDLE
) fr
->fd
);
573 /* abort the connection entirely */
574 struct linger linger
= {0, 0};
575 setsockopt(fr
->fd
, SOL_SOCKET
, SO_LINGER
, (void *) &linger
, sizeof(linger
));
579 fr
->fd
= INVALID_SOCKET
;
585 struct linger linger
= {0, 0};
586 set_nonblocking(fr
, FALSE
);
587 /* abort the connection entirely */
588 setsockopt(fr
->fd
, SOL_SOCKET
, SO_LINGER
, &linger
, sizeof(linger
));
594 if (fr
->dynamic
&& fr
->keepReadingFromFcgiApp
== FALSE
)
596 /* XXX FCGI_REQUEST_COMPLETE_JOB is only sent for requests which complete
597 * normally WRT the fcgi app. There is no data sent for
598 * connect() timeouts or requests which complete abnormally.
599 * KillDynamicProcs() and RemoveRecords() need to be looked at
600 * to be sure they can reasonably handle these cases before
601 * sending these sort of stats - theres some funk in there.
603 if (fcgi_util_ticks(&fr
->completeTime
) < 0)
605 /* there's no point to aborting the request, just log it */
606 ap_log_error(FCGI_LOG_ERR
, fr
->r
->server
, "FastCGI: can't get time of day");
614 *----------------------------------------------------------------------
618 * Call with r->parseHeader == SCAN_CGI_READING_HEADERS
619 * and initial script output in fr->header.
621 * If the initial script output does not include the header
622 * terminator ("\r\n\r\n") process_headers returns with no side
623 * effects, to be called again when more script output
624 * has been appended to fr->header.
626 * If the initial script output includes the header terminator,
627 * process_headers parses the headers and determines whether or
628 * not the remaining script output will be sent to the client.
629 * If so, process_headers sends the HTTP response headers to the
630 * client and copies any non-header script output to the output
637 * May set r->parseHeader to:
638 * SCAN_CGI_FINISHED -- headers parsed, returning script response
639 * SCAN_CGI_BAD_HEADER -- malformed header from script
640 * SCAN_CGI_INT_REDIRECT -- handler should perform internal redirect
641 * SCAN_CGI_SRV_REDIRECT -- handler should return REDIRECT
643 *----------------------------------------------------------------------
646 static const char *process_headers(request_rec
*r
, fcgi_request
*fr
)
648 char *p
, *next
, *name
, *value
;
650 int hasContentType
, hasStatus
, hasLocation
;
652 ASSERT(fr
->parseHeader
== SCAN_CGI_READING_HEADERS
);
654 if (fr
->header
== NULL
)
658 * Do we have the entire header? Scan for the blank line that
659 * terminates the header.
661 p
= (char *)fr
->header
->elts
;
662 len
= fr
->header
->nelts
;
664 while(len
-- && flag
< 2) {
674 name
= "Invalid Character";
683 /* Return (to be called later when we have more data)
684 * if we don't have an entire header. */
689 * Parse all the headers.
691 fr
->parseHeader
= SCAN_CGI_FINISHED
;
692 hasContentType
= hasStatus
= hasLocation
= FALSE
;
693 next
= (char *)fr
->header
->elts
;
695 next
= get_header_line(name
= next
, TRUE
);
699 if ((p
= strchr(name
, ':')) == NULL
) {
703 while (p
!= name
&& isspace((unsigned char)*(p
- 1))) {
710 if (strpbrk(name
, " \t") != NULL
) {
714 while (isspace((unsigned char)*value
)) {
718 if (strcasecmp(name
, "Status") == 0) {
719 int statusValue
= strtol(value
, NULL
, 10);
722 goto DuplicateNotAllowed
;
724 if (statusValue
< 0) {
725 fr
->parseHeader
= SCAN_CGI_BAD_HEADER
;
726 return ap_psprintf(r
->pool
, "invalid Status '%s'", value
);
729 r
->status
= statusValue
;
730 r
->status_line
= ap_pstrdup(r
->pool
, value
);
734 if (fr
->role
== FCGI_RESPONDER
) {
735 if (strcasecmp(name
, "Content-type") == 0) {
736 if (hasContentType
) {
737 goto DuplicateNotAllowed
;
739 hasContentType
= TRUE
;
740 r
->content_type
= ap_pstrdup(r
->pool
, value
);
744 if (strcasecmp(name
, "Location") == 0) {
746 goto DuplicateNotAllowed
;
749 ap_table_set(r
->headers_out
, "Location", value
);
753 /* If the script wants them merged, it can do it */
754 ap_table_add(r
->err_headers_out
, name
, value
);
758 ap_table_add(fr
->authHeaders
, name
, value
);
762 if (fr
->role
!= FCGI_RESPONDER
)
766 * Who responds, this handler or Apache?
769 const char *location
= ap_table_get(r
->headers_out
, "Location");
771 * Based on internal redirect handling in mod_cgi.c...
773 * If a script wants to produce its own Redirect
774 * body, it now has to explicitly *say* "Status: 302"
776 if (r
->status
== 200) {
777 if(location
[0] == '/') {
779 * Location is an relative path. This handler will
780 * consume all script output, then have Apache perform an
783 fr
->parseHeader
= SCAN_CGI_INT_REDIRECT
;
787 * Location is an absolute URL. If the script didn't
788 * produce a Content-type header, this handler will
789 * consume all script output and then have Apache generate
790 * its standard redirect response. Otherwise this handler
791 * will transmit the script's response.
793 fr
->parseHeader
= SCAN_CGI_SRV_REDIRECT
;
799 * We're responding. Send headers, buffer excess script output.
801 ap_send_http_header(r
);
803 /* We need to reinstate our timeout, send_http_header() kill()s it */
804 ap_hard_timeout("FastCGI request processing", r
);
806 if (r
->header_only
) {
807 /* we've got all we want from the server */
808 close_connection_to_fs(fr
);
809 fr
->exitStatusSet
= 1;
810 fcgi_buf_reset(fr
->clientOutputBuffer
);
811 fcgi_buf_reset(fr
->serverOutputBuffer
);
815 len
= fr
->header
->nelts
- (next
- fr
->header
->elts
);
818 ASSERT(BufferLength(fr
->clientOutputBuffer
) == 0);
820 if (BufferFree(fr
->clientOutputBuffer
) < len
) {
821 fr
->clientOutputBuffer
= fcgi_buf_new(r
->pool
, len
);
824 ASSERT(BufferFree(fr
->clientOutputBuffer
) >= len
);
828 sent
= fcgi_buf_add_block(fr
->clientOutputBuffer
, next
, len
);
835 /* Log first line of a multi-line header */
836 if ((p
= strpbrk(name
, "\r\n")) != NULL
)
838 fr
->parseHeader
= SCAN_CGI_BAD_HEADER
;
839 return ap_psprintf(r
->pool
, "malformed header '%s'", name
);
842 fr
->parseHeader
= SCAN_CGI_BAD_HEADER
;
843 return ap_psprintf(r
->pool
, "duplicate header '%s'", name
);
847 * Read from the client filling both the FastCGI server buffer and the
848 * client buffer with the hopes of buffering the client data before
849 * making the connect() to the FastCGI server. This prevents slow
850 * clients from keeping the FastCGI server in processing longer than is
853 static int read_from_client_n_queue(fcgi_request
*fr
)
859 while (BufferFree(fr
->clientInputBuffer
) > 0 || BufferFree(fr
->serverOutputBuffer
) > 0) {
860 fcgi_protocol_queue_client_buffer(fr
);
862 if (fr
->expectingClientContent
<= 0)
865 fcgi_buf_get_free_block_info(fr
->clientInputBuffer
, &end
, &count
);
869 if ((countRead
= ap_get_client_block(fr
->r
, end
, count
)) < 0)
871 /* set the header scan state to done to prevent logging an error
872 * - hokey approach - probably should be using a unique value */
873 fr
->parseHeader
= SCAN_CGI_FINISHED
;
877 if (countRead
== 0) {
878 fr
->expectingClientContent
= 0;
881 fcgi_buf_add_update(fr
->clientInputBuffer
, countRead
);
882 ap_reset_timeout(fr
->r
);
888 static int write_to_client(fcgi_request
*fr
)
895 apr_bucket_brigade
* bde
;
896 apr_bucket_alloc_t
* const bkt_alloc
= fr
->r
->connection
->bucket_alloc
;
899 fcgi_buf_get_block_info(fr
->clientOutputBuffer
, &begin
, &count
);
903 /* If fewer than count bytes are written, an error occured.
904 * ap_bwrite() typically forces a flushed write to the client, this
905 * effectively results in a block (and short packets) - it should
906 * be fixed, but I didn't win much support for the idea on new-httpd.
907 * So, without patching Apache, the best way to deal with this is
908 * to size the fcgi_bufs to hold all of the script output (within
909 * reason) so the script can be released from having to wait around
910 * for the transmission to the client to complete. */
914 bde
= apr_brigade_create(fr
->r
->pool
, bkt_alloc
);
915 bkt
= apr_bucket_transient_create(begin
, count
, bkt_alloc
);
916 APR_BRIGADE_INSERT_TAIL(bde
, bkt
);
918 if (fr
->fs
? fr
->fs
->flush
: dynamicFlush
)
920 bkt
= apr_bucket_flush_create(bkt_alloc
);
921 APR_BRIGADE_INSERT_TAIL(bde
, bkt
);
924 rv
= ap_pass_brigade(fr
->r
->output_filters
, bde
);
926 #elif defined(RUSSIAN_APACHE)
928 rv
= (ap_rwrite(begin
, count
, fr
->r
) != count
);
932 rv
= (ap_bwrite(fr
->r
->connection
->client
, begin
, count
) != count
);
938 ap_log_rerror(FCGI_LOG_INFO_NOERRNO
, fr
->r
,
939 "FastCGI: client stopped connection before send body completed");
945 ap_reset_timeout(fr
->r
);
947 /* Don't bother with a wrapped buffer, limiting exposure to slow
948 * clients. The BUFF routines don't allow a writev from above,
949 * and don't always memcpy to minimize small write()s, this should
950 * be fixed, but I didn't win much support for the idea on
951 * new-httpd - I'll have to _prove_ its a problem first.. */
953 /* The default behaviour used to be to flush with every write, but this
954 * can tie up the FastCGI server longer than is necessary so its an option now */
956 if (fr
->fs
? fr
->fs
->flush
: dynamicFlush
)
958 #ifdef RUSSIAN_APACHE
959 rv
= ap_rflush(fr
->r
);
961 rv
= ap_bflush(fr
->r
->connection
->client
);
966 ap_log_rerror(FCGI_LOG_INFO_NOERRNO
, fr
->r
,
967 "FastCGI: client stopped connection before send body completed");
971 ap_reset_timeout(fr
->r
);
974 #endif /* !APACHE2 */
976 fcgi_buf_toss(fr
->clientOutputBuffer
, count
);
981 get_request_identity(request_rec
* const r
,
988 #elif defined(APACHE2)
989 ap_unix_identity_t
* identity
= ap_run_get_suexec_identity(r
);
992 *uid
= identity
->uid
;
993 *gid
= identity
->gid
;
1001 *uid
= r
->server
->server_uid
;
1002 *gid
= r
->server
->server_gid
;
1006 /*******************************************************************************
1007 * Determine the user and group the wrapper should be called with.
1008 * Based on code in Apache's create_argv_cmd() (util_script.c).
1010 static void set_uid_n_gid(request_rec
*r
, const char **user
, const char **group
)
1012 if (fcgi_wrapper
== NULL
) {
1018 if (strncmp("/~", r
->uri
, 2) == 0) {
1019 /* its a user dir uri, just send the ~user, and leave it to the PM */
1020 char *end
= strchr(r
->uri
+ 2, '/');
1023 *user
= memcpy(ap_pcalloc(r
->pool
, end
- r
->uri
), r
->uri
+ 1, end
- r
->uri
- 1);
1025 *user
= ap_pstrdup(r
->pool
, r
->uri
+ 1);
1032 get_request_identity(r
, &uid
, &gid
);
1034 *user
= ap_psprintf(r
->pool
, "%ld", (long) uid
);
1035 *group
= ap_psprintf(r
->pool
, "%ld", (long) gid
);
1039 static void send_request_complete(fcgi_request
*fr
)
1041 if (fr
->completeTime
.tv_sec
)
1043 struct timeval qtime
, rtime
;
1045 timersub(&fr
->queueTime
, &fr
->startTime
, &qtime
);
1046 timersub(&fr
->completeTime
, &fr
->queueTime
, &rtime
);
1048 send_to_pm(FCGI_REQUEST_COMPLETE_JOB
, fr
->fs_path
,
1049 fr
->user
, fr
->group
,
1050 qtime
.tv_sec
* 1000000 + qtime
.tv_usec
,
1051 rtime
.tv_sec
* 1000000 + rtime
.tv_usec
);
1056 /*******************************************************************************
1057 * Connect to the FastCGI server.
1059 static int open_connection_to_fs(fcgi_request
*fr
)
1061 struct timeval tval
;
1062 fd_set write_fds
, read_fds
;
1064 request_rec
* const r
= fr
->r
;
1065 pool
* const rp
= r
->pool
;
1066 const char *socket_path
= NULL
;
1067 struct sockaddr
*socket_addr
= NULL
;
1068 int socket_addr_len
= 0;
1070 const char *err
= NULL
;
1073 /* Create the connection point */
1076 socket_path
= fcgi_util_socket_hash_filename(rp
, fr
->fs_path
, fr
->user
, fr
->group
);
1077 socket_path
= fcgi_util_socket_make_path_absolute(rp
, socket_path
, 1);
1080 err
= fcgi_util_socket_make_domain_addr(rp
, (struct sockaddr_un
**)&socket_addr
,
1081 &socket_addr_len
, socket_path
);
1083 ap_log_rerror(FCGI_LOG_ERR
, r
,
1084 "FastCGI: failed to connect to (dynamic) server \"%s\": "
1085 "%s", fr
->fs_path
, err
);
1093 if (fr
->fs
->dest_addr
!= NULL
) {
1094 socket_addr
= fr
->fs
->dest_addr
;
1096 else if (fr
->fs
->socket_addr
) {
1097 socket_addr
= fr
->fs
->socket_addr
;
1100 socket_path
= fr
->fs
->socket_path
;
1103 socket_addr
= fr
->fs
->socket_addr
;
1105 socket_addr_len
= fr
->fs
->socket_addr_len
;
1111 if (fr
->fs
&& fr
->fs
->restartTime
)
1113 struct stat sock_stat
;
1115 if (stat(socket_path
, &sock_stat
) == 0)
1119 if (dynamicAutoUpdate
)
1121 struct stat app_stat
;
1123 /* TODO: follow sym links */
1125 if (stat(fr
->fs_path
, &app_stat
) == 0)
1128 if (fr
->fs
->startTime
< app_stat
.st_mtime
)
1130 if (sock_stat
.st_mtime
< app_stat
.st_mtime
)
1134 struct timeval tv
= {1, 0};
1137 * There's a newer one, request a restart.
1139 send_to_pm(FCGI_SERVER_RESTART_JOB
, fr
->fs_path
, fr
->user
, fr
->group
, 0, 0);
1144 /* Avoid sleep/alarm interactions */
1145 ap_select(0, NULL
, NULL
, NULL
, &tv
);
1155 send_to_pm(FCGI_SERVER_START_JOB
, fr
->fs_path
, fr
->user
, fr
->group
, 0, 0);
1157 /* wait until it looks like its running - this shouldn't take
1158 * very long at all - the exception is when the sockets are
1159 * removed out from under a running application - the loop
1160 * limit addresses this (preventing spinning) */
1162 for (i
= 10; i
> 0; i
--)
1167 fr
->fs
= fcgi_util_fs_get_by_id(fr
->fs_path
, 0, 0);
1169 if (fr
->fs
&& fr
->fs
->restartTime
)
1171 struct timeval tv
= {0, 500000};
1173 /* Avoid sleep/alarm interactions */
1174 ap_select(0, NULL
, NULL
, NULL
, &tv
);
1176 if (stat(socket_path
, &sock_stat
) == 0)
1185 ap_log_rerror(FCGI_LOG_ALERT
, r
,
1186 "FastCGI: failed to connect to (dynamic) server \"%s\": "
1187 "something is seriously wrong, any chance the "
1188 "socket/named_pipe directory was removed?, see the "
1189 "FastCgiIpcDir directive", fr
->fs_path
);
1201 HANDLE wait_npipe_mutex
;
1203 DWORD max_connect_time
= FCGI_NAMED_PIPE_CONNECT_TIMEOUT
;
1205 fr
->using_npipe_io
= TRUE
;
1209 interval
= dynamicPleaseStartDelay
* 1000;
1211 if (dynamicAppConnectTimeout
) {
1212 max_connect_time
= dynamicAppConnectTimeout
;
1217 interval
= FCGI_NAMED_PIPE_CONNECT_TIMEOUT
* 1000;
1219 if (fr
->fs
->appConnectTimeout
) {
1220 max_connect_time
= fr
->fs
->appConnectTimeout
;
1224 fcgi_util_ticks(&fr
->startTime
);
1227 /* xxx this handle should live somewhere (see CloseHandle()s below too) */
1228 char * wait_npipe_mutex_name
, * cp
;
1229 wait_npipe_mutex_name
= cp
= ap_pstrdup(rp
, socket_path
);
1230 while ((cp
= strchr(cp
, '\\'))) *cp
= '/';
1232 wait_npipe_mutex
= CreateMutex(NULL
, FALSE
, wait_npipe_mutex_name
);
1235 if (wait_npipe_mutex
== NULL
)
1237 ap_log_rerror(FCGI_LOG_ERR
, r
,
1238 "FastCGI: failed to connect to server \"%s\": "
1239 "can't create the WaitNamedPipe mutex", fr
->fs_path
);
1243 SetLastError(ERROR_SUCCESS
);
1245 rv
= WaitForSingleObject(wait_npipe_mutex
, max_connect_time
* 1000);
1247 if (rv
== WAIT_TIMEOUT
|| rv
== WAIT_FAILED
)
1251 send_to_pm(FCGI_REQUEST_TIMEOUT_JOB
, fr
->fs_path
, fr
->user
, fr
->group
, 0, 0);
1253 ap_log_rerror(FCGI_LOG_ERR_NOERRNO
, r
,
1254 "FastCGI: failed to connect to server \"%s\": "
1255 "wait for a npipe instance failed", fr
->fs_path
);
1256 FCGIDBG3("interval=%d, max_connect_time=%d", interval
, max_connect_time
);
1257 CloseHandle(wait_npipe_mutex
);
1261 fcgi_util_ticks(&fr
->queueTime
);
1263 connect_time
= fr
->queueTime
.tv_sec
- fr
->startTime
.tv_sec
;
1267 if (connect_time
>= interval
)
1269 send_to_pm(FCGI_REQUEST_TIMEOUT_JOB
, fr
->fs_path
, fr
->user
, fr
->group
, 0, 0);
1270 FCGIDBG4("connect_time=%d, interval=%d, max_connect_time=%d", connect_time
, interval
, max_connect_time
);
1272 if (max_connect_time
- connect_time
< interval
)
1274 interval
= max_connect_time
- connect_time
;
1279 interval
-= connect_time
* 1000;
1284 ready
= WaitNamedPipe(socket_path
, interval
);
1288 fr
->fd
= (SOCKET
) CreateFile(socket_path
,
1289 GENERIC_READ
| GENERIC_WRITE
,
1290 FILE_SHARE_READ
| FILE_SHARE_WRITE
,
1291 NULL
, /* no security attributes */
1292 OPEN_EXISTING
, /* opens existing pipe */
1293 FILE_FLAG_OVERLAPPED
,
1294 NULL
); /* no template file */
1296 if (fr
->fd
!= (SOCKET
) INVALID_HANDLE_VALUE
)
1298 ReleaseMutex(wait_npipe_mutex
);
1299 CloseHandle(wait_npipe_mutex
);
1300 fcgi_util_ticks(&fr
->queueTime
);
1301 FCGIDBG2("got npipe connect: %s", fr
->fs_path
);
1305 if (GetLastError() != ERROR_PIPE_BUSY
1306 && GetLastError() != ERROR_FILE_NOT_FOUND
)
1308 ap_log_rerror(FCGI_LOG_ERR
, r
,
1309 "FastCGI: failed to connect to server \"%s\": "
1310 "CreateFile() failed", fr
->fs_path
);
1314 FCGIDBG2("missed npipe connect: %s", fr
->fs_path
);
1319 send_to_pm(FCGI_REQUEST_TIMEOUT_JOB
, fr
->fs_path
, fr
->user
, fr
->group
, 0, 0);
1322 fcgi_util_ticks(&fr
->queueTime
);
1324 connect_time
= fr
->queueTime
.tv_sec
- fr
->startTime
.tv_sec
;
1326 FCGIDBG5("interval=%d, max_connect_time=%d, connect_time=%d, ready=%d", interval
, max_connect_time
, connect_time
, ready
);
1328 if (connect_time
>= max_connect_time
)
1330 ap_log_rerror(FCGI_LOG_ERR
, r
,
1331 "FastCGI: failed to connect to server \"%s\": "
1332 "CreateFile()/WaitNamedPipe() timed out", fr
->fs_path
);
1337 ReleaseMutex(wait_npipe_mutex
);
1338 CloseHandle(wait_npipe_mutex
);
1339 fr
->fd
= INVALID_SOCKET
;
1345 /* Create the socket */
1346 fr
->fd
= socket(socket_addr
->sa_family
, SOCK_STREAM
, 0);
1349 if (fr
->fd
== INVALID_SOCKET
) {
1350 errno
= WSAGetLastError(); /* Not sure this is going to work as expected */
1354 ap_log_rerror(FCGI_LOG_ERR_ERRNO
, r
,
1355 "FastCGI: failed to connect to server \"%s\": "
1356 "socket() failed", fr
->fs_path
);
1361 if (fr
->fd
>= FD_SETSIZE
) {
1362 ap_log_rerror(FCGI_LOG_ERR
, r
,
1363 "FastCGI: failed to connect to server \"%s\": "
1364 "socket file descriptor (%u) is larger than "
1365 "FD_SETSIZE (%u), you probably need to rebuild Apache with a "
1366 "larger FD_SETSIZE", fr
->fs_path
, fr
->fd
, FD_SETSIZE
);
1371 /* If appConnectTimeout is non-zero, setup do a non-blocking connect */
1372 if ((fr
->dynamic
&& dynamicAppConnectTimeout
) || (!fr
->dynamic
&& fr
->fs
->appConnectTimeout
)) {
1373 set_nonblocking(fr
, TRUE
);
1377 fcgi_util_ticks(&fr
->startTime
);
1381 if (connect(fr
->fd
, (struct sockaddr
*)socket_addr
, socket_addr_len
) == 0)
1382 goto ConnectionComplete
;
1386 errno
= WSAGetLastError();
1387 if (errno
!= WSAEWOULDBLOCK
) {
1388 ap_log_rerror(FCGI_LOG_ERR_ERRNO
, r
,
1389 "FastCGI: failed to connect to server \"%s\": "
1390 "connect() failed", fr
->fs_path
);
1396 /* ECONNREFUSED means the listen queue is full (or there isn't one).
1397 * With dynamic I can at least make sure the PM knows this is occuring */
1398 if (fr
->dynamic
&& errno
== ECONNREFUSED
) {
1399 /* @@@ This might be better as some other "kind" of message */
1400 send_to_pm(FCGI_REQUEST_TIMEOUT_JOB
, fr
->fs_path
, fr
->user
, fr
->group
, 0, 0);
1402 errno
= ECONNREFUSED
;
1405 if (errno
!= EINPROGRESS
) {
1406 ap_log_rerror(FCGI_LOG_ERR
, r
,
1407 "FastCGI: failed to connect to server \"%s\": "
1408 "connect() failed", fr
->fs_path
);
1414 /* The connect() is non-blocking */
1420 FD_ZERO(&write_fds
);
1421 FD_SET(fr
->fd
, &write_fds
);
1422 read_fds
= write_fds
;
1423 tval
.tv_sec
= dynamicPleaseStartDelay
;
1426 status
= ap_select((fr
->fd
+1), &read_fds
, &write_fds
, NULL
, &tval
);
1430 fcgi_util_ticks(&fr
->queueTime
);
1435 /* select() timed out */
1436 send_to_pm(FCGI_REQUEST_TIMEOUT_JOB
, fr
->fs_path
, fr
->user
, fr
->group
, 0, 0);
1437 } while ((fr
->queueTime
.tv_sec
- fr
->startTime
.tv_sec
) < (int)dynamicAppConnectTimeout
);
1439 /* XXX These can be moved down when dynamic vars live is a struct */
1441 ap_log_rerror(FCGI_LOG_ERR_NOERRNO
, r
,
1442 "FastCGI: failed to connect to server \"%s\": "
1443 "connect() timed out (appConnTimeout=%dsec)",
1444 fr
->fs_path
, dynamicAppConnectTimeout
);
1449 tval
.tv_sec
= fr
->fs
->appConnectTimeout
;
1451 FD_ZERO(&write_fds
);
1452 FD_SET(fr
->fd
, &write_fds
);
1453 read_fds
= write_fds
;
1455 status
= ap_select((fr
->fd
+1), &read_fds
, &write_fds
, NULL
, &tval
);
1458 ap_log_rerror(FCGI_LOG_ERR_NOERRNO
, r
,
1459 "FastCGI: failed to connect to server \"%s\": "
1460 "connect() timed out (appConnTimeout=%dsec)",
1461 fr
->fs_path
, dynamicAppConnectTimeout
);
1468 errno
= WSAGetLastError();
1470 ap_log_rerror(FCGI_LOG_ERR_ERRNO
, r
,
1471 "FastCGI: failed to connect to server \"%s\": "
1472 "select() failed", fr
->fs_path
);
1476 if (FD_ISSET(fr
->fd
, &write_fds
) || FD_ISSET(fr
->fd
, &read_fds
)) {
1478 NET_SIZE_T len
= sizeof(error
);
1480 if (getsockopt(fr
->fd
, SOL_SOCKET
, SO_ERROR
, (char *)&error
, &len
) < 0) {
1481 /* Solaris pending error */
1483 errno
= WSAGetLastError();
1485 ap_log_rerror(FCGI_LOG_ERR_ERRNO
, r
,
1486 "FastCGI: failed to connect to server \"%s\": "
1487 "select() failed (Solaris pending error)", fr
->fs_path
);
1492 /* Berkeley-derived pending error */
1494 ap_log_rerror(FCGI_LOG_ERR_ERRNO
, r
,
1495 "FastCGI: failed to connect to server \"%s\": "
1496 "select() failed (pending error)", fr
->fs_path
);
1502 errno
= WSAGetLastError();
1504 ap_log_rerror(FCGI_LOG_ERR_ERRNO
, r
,
1505 "FastCGI: failed to connect to server \"%s\": "
1506 "select() error - THIS CAN'T HAPPEN!", fr
->fs_path
);
1511 /* Return to blocking mode if it was set up */
1512 if ((fr
->dynamic
&& dynamicAppConnectTimeout
) || (!fr
->dynamic
&& fr
->fs
->appConnectTimeout
)) {
1513 set_nonblocking(fr
, FALSE
);
1517 if (socket_addr
->sa_family
== AF_INET
) {
1518 /* We shouldn't be sending small packets and there's no application
1519 * level ack of the data we send, so disable Nagle */
1521 setsockopt(fr
->fd
, IPPROTO_TCP
, TCP_NODELAY
, (char *)&set
, sizeof(set
));
1528 static void sink_client_data(fcgi_request
*fr
)
1533 fcgi_buf_reset(fr
->clientInputBuffer
);
1534 fcgi_buf_get_free_block_info(fr
->clientInputBuffer
, &base
, &size
);
1535 while (ap_get_client_block(fr
->r
, base
, size
) > 0);
1538 static apcb_t
cleanup(void *data
)
1540 fcgi_request
* const fr
= (fcgi_request
*) data
;
1542 if (fr
== NULL
) return APCB_OK
;
1544 /* its more than likely already run, but... */
1545 close_connection_to_fs(fr
);
1547 send_request_complete(fr
);
1549 if (fr
->fs_stderr_len
) {
1550 ap_log_rerror(FCGI_LOG_ERR_NOERRNO
, fr
->r
,
1551 "FastCGI: server \"%s\" stderr: %s", fr
->fs_path
, fr
->fs_stderr
);
1558 static int npipe_io(fcgi_request
* const fr
)
1560 request_rec
* const r
= fr
->r
;
1570 state
= STATE_ENV_SEND
;
1571 env_status env_status
;
1573 int dynamic_first_recv
= fr
->dynamic
;
1574 int idle_timeout
= fr
->dynamic
? dynamic_idle_timeout
: fr
->fs
->idle_timeout
;
1575 int send_pending
= 0;
1576 int recv_pending
= 0;
1577 int client_send
= 0;
1579 OVERLAPPED rov
= { 0 };
1580 OVERLAPPED sov
= { 0 };
1582 struct timeval timeout
;
1583 struct timeval dynamic_last_io_time
= {0, 0};
1585 pool
* const rp
= r
->pool
;
1586 int is_connected
= 0;
1588 DWORD recv_count
= 0;
1590 if (fr
->role
== FCGI_RESPONDER
)
1592 client_recv
= (fr
->expectingClientContent
!= 0);
1595 idle_timeout
= fr
->dynamic
? dynamic_idle_timeout
: fr
->fs
->idle_timeout
;
1597 env_status
.envp
= NULL
;
1599 events
[0] = CreateEvent(NULL
, TRUE
, FALSE
, NULL
);
1600 events
[1] = CreateEvent(NULL
, TRUE
, FALSE
, NULL
);
1601 sov
.hEvent
= events
[0];
1602 rov
.hEvent
= events
[1];
1606 dynamic_last_io_time
= fr
->startTime
;
1608 if (dynamicAppConnectTimeout
)
1610 struct timeval qwait
;
1611 timersub(&fr
->queueTime
, &fr
->startTime
, &qwait
);
1612 dynamic_first_recv
= qwait
.tv_sec
/ dynamicPleaseStartDelay
+ 1;
1616 ap_hard_timeout("FastCGI request processing", r
);
1618 while (state
!= STATE_CLIENT_SEND
)
1624 case STATE_ENV_SEND
:
1626 if (fcgi_protocol_queue_env(r
, fr
, &env_status
) == 0)
1631 state
= STATE_CLIENT_RECV
;
1635 case STATE_CLIENT_RECV
:
1637 if (read_from_client_n_queue(fr
) != OK
)
1639 state
= STATE_ERROR
;
1645 state
= STATE_SERVER_SEND
;
1652 case STATE_SERVER_SEND
:
1656 if (open_connection_to_fs(fr
) != FCGI_OK
)
1659 return HTTP_INTERNAL_SERVER_ERROR
;
1665 if (! send_pending
&& BufferLength(fr
->serverOutputBuffer
))
1667 Buffer
* b
= fr
->serverOutputBuffer
;
1670 len
= min(b
->length
, b
->data
+ b
->size
- b
->begin
);
1672 if (WriteFile((HANDLE
) fr
->fd
, b
->begin
, len
, &sent
, &sov
))
1674 /* sov.hEvent is set */
1675 fcgi_buf_removed(b
, sent
);
1677 else if (GetLastError() == ERROR_IO_PENDING
)
1683 ap_log_rerror(FCGI_LOG_ERR
, r
, "FastCGI: comm with server "
1684 "\"%s\" aborted: WriteFile() failed", fr
->fs_path
);
1685 state
= STATE_ERROR
;
1692 case STATE_SERVER_RECV
:
1695 * Only get more data when the serverInputBuffer is empty.
1696 * Otherwise we may already have the END_REQUEST buffered
1697 * (but not processed) and a read on a closed named pipe
1698 * results in an error that is normally abnormal.
1700 if (! recv_pending
&& BufferLength(fr
->serverInputBuffer
) == 0)
1702 Buffer
* b
= fr
->serverInputBuffer
;
1705 len
= min(b
->size
- b
->length
, b
->data
+ b
->size
- b
->end
);
1707 if (ReadFile((HANDLE
) fr
->fd
, b
->end
, len
, &rcvd
, &rov
))
1709 fcgi_buf_added(b
, rcvd
);
1711 ResetEvent(rov
.hEvent
);
1712 if (dynamic_first_recv
)
1714 dynamic_first_recv
= 0;
1717 else if (GetLastError() == ERROR_IO_PENDING
)
1721 else if (GetLastError() == ERROR_HANDLE_EOF
)
1723 fr
->keepReadingFromFcgiApp
= FALSE
;
1724 state
= STATE_CLIENT_SEND
;
1725 ResetEvent(rov
.hEvent
);
1728 else if (GetLastError() == ERROR_NO_DATA
)
1734 ap_log_rerror(FCGI_LOG_ERR
, r
, "FastCGI: comm with server "
1735 "\"%s\" aborted: ReadFile() failed", fr
->fs_path
);
1736 state
= STATE_ERROR
;
1743 case STATE_CLIENT_SEND
:
1745 if (client_send
|| ! BufferFree(fr
->clientOutputBuffer
))
1747 if (write_to_client(fr
))
1749 state
= STATE_ERROR
;
1763 if (state
== STATE_ERROR
)
1768 /* setup the io timeout */
1770 if (BufferLength(fr
->clientOutputBuffer
))
1772 /* don't let client data sit too long, it might be a push */
1774 timeout
.tv_usec
= 100000;
1776 else if (dynamic_first_recv
)
1779 struct timeval qwait
;
1781 fcgi_util_ticks(&fr
->queueTime
);
1785 /* a send() succeeded last pass */
1786 dynamic_last_io_time
= fr
->queueTime
;
1790 /* timed out last pass */
1791 struct timeval idle_time
;
1793 timersub(&fr
->queueTime
, &dynamic_last_io_time
, &idle_time
);
1795 if (idle_time
.tv_sec
> idle_timeout
)
1797 send_to_pm(FCGI_REQUEST_TIMEOUT_JOB
, fr
->fs_path
, fr
->user
, fr
->group
, 0, 0);
1798 ap_log_rerror(FCGI_LOG_ERR_NOERRNO
, r
, "FastCGI: comm "
1799 "with (dynamic) server \"%s\" aborted: (first read) "
1800 "idle timeout (%d sec)", fr
->fs_path
, idle_timeout
);
1801 state
= STATE_ERROR
;
1806 timersub(&fr
->queueTime
, &fr
->startTime
, &qwait
);
1808 delay
= dynamic_first_recv
* dynamicPleaseStartDelay
;
1810 if (qwait
.tv_sec
< delay
)
1812 timeout
.tv_sec
= delay
;
1813 timeout
.tv_usec
= 100000; /* fudge for select() slop */
1814 timersub(&timeout
, &qwait
, &timeout
);
1818 /* Killed time somewhere.. client read? */
1819 send_to_pm(FCGI_REQUEST_TIMEOUT_JOB
, fr
->fs_path
, fr
->user
, fr
->group
, 0, 0);
1820 dynamic_first_recv
= qwait
.tv_sec
/ dynamicPleaseStartDelay
+ 1;
1821 timeout
.tv_sec
= dynamic_first_recv
* dynamicPleaseStartDelay
;
1822 timeout
.tv_usec
= 100000; /* fudge for select() slop */
1823 timersub(&timeout
, &qwait
, &timeout
);
1828 timeout
.tv_sec
= idle_timeout
;
1829 timeout
.tv_usec
= 0;
1832 /* require a pended recv otherwise the app can deadlock */
1835 msec_timeout
= timeout
.tv_sec
* 1000 + timeout
.tv_usec
/ 1000;
1837 rv
= WaitForMultipleObjects(2, events
, FALSE
, msec_timeout
);
1839 if (rv
== WAIT_TIMEOUT
)
1843 if (BufferLength(fr
->clientOutputBuffer
))
1847 else if (dynamic_first_recv
)
1849 struct timeval qwait
;
1851 fcgi_util_ticks(&fr
->queueTime
);
1852 timersub(&fr
->queueTime
, &fr
->startTime
, &qwait
);
1854 send_to_pm(FCGI_REQUEST_TIMEOUT_JOB
, fr
->fs_path
, fr
->user
, fr
->group
, 0, 0);
1856 dynamic_first_recv
= qwait
.tv_sec
/ dynamicPleaseStartDelay
+ 1;
1860 ap_log_rerror(FCGI_LOG_ERR_NOERRNO
, r
, "FastCGI: comm with "
1861 "server \"%s\" aborted: idle timeout (%d sec)",
1862 fr
->fs_path
, idle_timeout
);
1863 state
= STATE_ERROR
;
1869 int i
= rv
- WAIT_OBJECT_0
;
1879 if (GetOverlappedResult((HANDLE
) fr
->fd
, &sov
, &sent
, FALSE
))
1882 fcgi_buf_removed(fr
->serverOutputBuffer
, sent
);
1886 ap_log_rerror(FCGI_LOG_ERR
, r
, "FastCGI: comm with server "
1887 "\"%s\" aborted: GetOverlappedResult() failed", fr
->fs_path
);
1888 state
= STATE_ERROR
;
1893 ResetEvent(sov
.hEvent
);
1902 ResetEvent(rov
.hEvent
);
1904 if (GetOverlappedResult((HANDLE
) fr
->fd
, &rov
, &rcvd
, FALSE
))
1906 fcgi_buf_added(fr
->serverInputBuffer
, rcvd
);
1907 if (dynamic_first_recv
)
1909 dynamic_first_recv
= 0;
1914 ap_log_rerror(FCGI_LOG_ERR
, r
, "FastCGI: comm with server "
1915 "\"%s\" aborted: GetOverlappedResult() failed", fr
->fs_path
);
1916 state
= STATE_ERROR
;
1923 if (fcgi_protocol_dequeue(rp
, fr
))
1925 state
= STATE_ERROR
;
1929 if (fr
->parseHeader
== SCAN_CGI_READING_HEADERS
)
1931 const char * err
= process_headers(r
, fr
);
1934 ap_log_rerror(FCGI_LOG_ERR_NOERRNO
, r
,
1935 "FastCGI: comm with server \"%s\" aborted: "
1936 "error parsing headers: %s", fr
->fs_path
, err
);
1937 state
= STATE_ERROR
;
1942 if (fr
->exitStatusSet
)
1944 fr
->keepReadingFromFcgiApp
= FALSE
;
1945 state
= STATE_CLIENT_SEND
;
1950 if (! fr
->exitStatusSet
|| ! fr
->eofSent
)
1952 CancelIo((HANDLE
) fr
->fd
);
1955 CloseHandle(rov
.hEvent
);
1956 CloseHandle(sov
.hEvent
);
1958 return (state
== STATE_ERROR
);
1962 static int socket_io(fcgi_request
* const fr
)
1975 state
= STATE_ENV_SEND
;
1977 request_rec
* const r
= fr
->r
;
1979 struct timeval timeout
;
1980 struct timeval dynamic_last_io_time
= {0, 0};
1984 int select_status
= 1;
1987 int dynamic_first_recv
= fr
->dynamic
? 1 : 0;
1988 int client_send
= FALSE
;
1989 int client_recv
= FALSE
;
1992 int is_connected
= 0;
1994 if (fr
->role
== FCGI_RESPONDER
)
1996 client_recv
= (fr
->expectingClientContent
!= 0);
1999 idle_timeout
= fr
->dynamic
? dynamic_idle_timeout
: fr
->fs
->idle_timeout
;
2005 dynamic_last_io_time
= fr
->startTime
;
2007 if (dynamicAppConnectTimeout
)
2009 struct timeval qwait
;
2010 timersub(&fr
->queueTime
, &fr
->startTime
, &qwait
);
2011 dynamic_first_recv
= qwait
.tv_sec
/ dynamicPleaseStartDelay
+ 1;
2015 ap_hard_timeout("FastCGI request processing", r
);
2020 FD_ZERO(&write_set
);
2024 case STATE_ENV_SEND
:
2026 if (fcgi_protocol_queue_env(r
, fr
, &env
) == 0)
2031 state
= STATE_CLIENT_RECV
;
2035 case STATE_CLIENT_RECV
:
2037 if (read_from_client_n_queue(fr
))
2039 state
= STATE_CLIENT_ERROR
;
2045 state
= STATE_SERVER_SEND
;
2052 case STATE_SERVER_SEND
:
2056 if (open_connection_to_fs(fr
) != FCGI_OK
)
2059 return HTTP_INTERNAL_SERVER_ERROR
;
2062 set_nonblocking(fr
, TRUE
);
2067 if (BufferLength(fr
->serverOutputBuffer
))
2069 FD_SET(fr
->fd
, &write_set
);
2073 ASSERT(fr
->eofSent
);
2074 state
= STATE_SERVER_RECV
;
2079 case STATE_SERVER_RECV
:
2081 FD_SET(fr
->fd
, &read_set
);
2085 case STATE_CLIENT_SEND
:
2087 if (client_send
|| ! BufferFree(fr
->clientOutputBuffer
))
2089 if (write_to_client(fr
))
2091 state
= STATE_CLIENT_ERROR
;
2101 case STATE_CLIENT_ERROR
:
2110 if (state
== STATE_CLIENT_ERROR
|| state
== STATE_ERROR
)
2115 /* setup the io timeout */
2117 if (BufferLength(fr
->clientOutputBuffer
))
2119 /* don't let client data sit too long, it might be a push */
2121 timeout
.tv_usec
= 100000;
2123 else if (dynamic_first_recv
)
2126 struct timeval qwait
;
2128 fcgi_util_ticks(&fr
->queueTime
);
2132 /* a send() succeeded last pass */
2133 dynamic_last_io_time
= fr
->queueTime
;
2137 /* timed out last pass */
2138 struct timeval idle_time
;
2140 timersub(&fr
->queueTime
, &dynamic_last_io_time
, &idle_time
);
2142 if (idle_time
.tv_sec
> idle_timeout
)
2144 send_to_pm(FCGI_REQUEST_TIMEOUT_JOB
, fr
->fs_path
, fr
->user
, fr
->group
, 0, 0);
2145 ap_log_rerror(FCGI_LOG_ERR_NOERRNO
, r
, "FastCGI: comm "
2146 "with (dynamic) server \"%s\" aborted: (first read) "
2147 "idle timeout (%d sec)", fr
->fs_path
, idle_timeout
);
2148 state
= STATE_ERROR
;
2153 timersub(&fr
->queueTime
, &fr
->startTime
, &qwait
);
2155 delay
= dynamic_first_recv
* dynamicPleaseStartDelay
;
2157 FCGIDBG5("qwait=%ld.%06ld delay=%d first_recv=%d", qwait
.tv_sec
, qwait
.tv_usec
, delay
, dynamic_first_recv
);
2159 if (qwait
.tv_sec
< delay
)
2161 timeout
.tv_sec
= delay
;
2162 timeout
.tv_usec
= 100000; /* fudge for select() slop */
2163 timersub(&timeout
, &qwait
, &timeout
);
2167 /* Killed time somewhere.. client read? */
2168 send_to_pm(FCGI_REQUEST_TIMEOUT_JOB
, fr
->fs_path
, fr
->user
, fr
->group
, 0, 0);
2169 dynamic_first_recv
= qwait
.tv_sec
/ dynamicPleaseStartDelay
+ 1;
2170 timeout
.tv_sec
= dynamic_first_recv
* dynamicPleaseStartDelay
;
2171 timeout
.tv_usec
= 100000; /* fudge for select() slop */
2172 timersub(&timeout
, &qwait
, &timeout
);
2177 timeout
.tv_sec
= idle_timeout
;
2178 timeout
.tv_usec
= 0;
2181 /* wait on the socket */
2182 select_status
= ap_select(nfds
, &read_set
, &write_set
, NULL
, &timeout
);
2184 if (select_status
< 0)
2186 ap_log_rerror(FCGI_LOG_ERR_ERRNO
, r
, "FastCGI: comm with server "
2187 "\"%s\" aborted: select() failed", fr
->fs_path
);
2188 state
= STATE_ERROR
;
2192 if (select_status
== 0)
2194 /* select() timeout */
2196 if (BufferLength(fr
->clientOutputBuffer
))
2198 if (fr
->role
== FCGI_RESPONDER
)
2203 else if (dynamic_first_recv
)
2205 struct timeval qwait
;
2207 fcgi_util_ticks(&fr
->queueTime
);
2208 timersub(&fr
->queueTime
, &fr
->startTime
, &qwait
);
2210 send_to_pm(FCGI_REQUEST_TIMEOUT_JOB
, fr
->fs_path
, fr
->user
, fr
->group
, 0, 0);
2212 dynamic_first_recv
= qwait
.tv_sec
/ dynamicPleaseStartDelay
+ 1;
2217 ap_log_rerror(FCGI_LOG_ERR_NOERRNO
, r
, "FastCGI: comm with "
2218 "server \"%s\" aborted: idle timeout (%d sec)",
2219 fr
->fs_path
, idle_timeout
);
2220 state
= STATE_ERROR
;
2224 if (FD_ISSET(fr
->fd
, &write_set
))
2226 /* send to the server */
2228 rv
= fcgi_buf_socket_send(fr
->serverOutputBuffer
, fr
->fd
);
2232 ap_log_rerror(FCGI_LOG_ERR
, r
, "FastCGI: comm with server "
2233 "\"%s\" aborted: write failed", fr
->fs_path
);
2234 state
= STATE_ERROR
;
2239 if (FD_ISSET(fr
->fd
, &read_set
))
2241 /* recv from the server */
2243 if (dynamic_first_recv
)
2245 dynamic_first_recv
= 0;
2246 fcgi_util_ticks(&fr
->queueTime
);
2249 rv
= fcgi_buf_socket_recv(fr
->serverInputBuffer
, fr
->fd
);
2253 ap_log_rerror(FCGI_LOG_ERR
, r
, "FastCGI: comm with server "
2254 "\"%s\" aborted: read failed", fr
->fs_path
);
2255 state
= STATE_ERROR
;
2261 fr
->keepReadingFromFcgiApp
= FALSE
;
2262 state
= STATE_CLIENT_SEND
;
2267 if (fcgi_protocol_dequeue(rp
, fr
))
2269 state
= STATE_ERROR
;
2273 if (fr
->parseHeader
== SCAN_CGI_READING_HEADERS
)
2275 const char * err
= process_headers(r
, fr
);
2278 ap_log_rerror(FCGI_LOG_ERR_NOERRNO
, r
,
2279 "FastCGI: comm with server \"%s\" aborted: "
2280 "error parsing headers: %s", fr
->fs_path
, err
);
2281 state
= STATE_ERROR
;
2286 if (fr
->exitStatusSet
)
2288 fr
->keepReadingFromFcgiApp
= FALSE
;
2289 state
= STATE_CLIENT_SEND
;
2294 return (state
== STATE_ERROR
);
2298 /*----------------------------------------------------------------------
2299 * This is the core routine for moving data between the FastCGI
2300 * application and the Web server's client.
2302 static int do_work(request_rec
* const r
, fcgi_request
* const fr
)
2307 fcgi_protocol_queue_begin_request(fr
);
2309 if (fr
->role
== FCGI_RESPONDER
)
2311 rv
= ap_setup_client_block(r
, REQUEST_CHUNKED_ERROR
);
2318 fr
->expectingClientContent
= ap_should_client_block(r
);
2322 ap_register_cleanup(rp
, (void *)fr
, cleanup
, ap_null_cleanup
);
2323 ap_unblock_alarms();
2326 if (fr
->using_npipe_io
)
2336 /* comm with the server is done */
2337 close_connection_to_fs(fr
);
2339 if (fr
->role
== FCGI_RESPONDER
)
2341 sink_client_data(fr
);
2344 while (rv
== 0 && (BufferLength(fr
->serverInputBuffer
) || BufferLength(fr
->clientOutputBuffer
)))
2346 if (fcgi_protocol_dequeue(rp
, fr
))
2348 rv
= HTTP_INTERNAL_SERVER_ERROR
;
2351 if (fr
->parseHeader
== SCAN_CGI_READING_HEADERS
)
2353 const char * err
= process_headers(r
, fr
);
2356 ap_log_rerror(FCGI_LOG_ERR_NOERRNO
, r
,
2357 "FastCGI: comm with server \"%s\" aborted: "
2358 "error parsing headers: %s", fr
->fs_path
, err
);
2359 rv
= HTTP_INTERNAL_SERVER_ERROR
;
2363 if (fr
->role
== FCGI_RESPONDER
)
2365 if (write_to_client(fr
))
2372 fcgi_buf_reset(fr
->clientOutputBuffer
);
2376 switch (fr
->parseHeader
)
2378 case SCAN_CGI_FINISHED
:
2380 if (fr
->role
== FCGI_RESPONDER
)
2382 /* RUSSIAN_APACHE requires rflush() over bflush() */
2385 ap_bgetopt(r
->connection
->client
, BO_BYTECT
, &r
->bytes_sent
);
2391 case SCAN_CGI_INT_REDIRECT
:
2392 case SCAN_CGI_SRV_REDIRECT
:
2396 case SCAN_CGI_READING_HEADERS
:
2398 ap_log_rerror(FCGI_LOG_ERR_NOERRNO
, r
, "FastCGI: incomplete headers "
2399 "(%d bytes) received from server \"%s\"", fr
->header
->nelts
, fr
->fs_path
);
2403 case SCAN_CGI_BAD_HEADER
:
2405 rv
= HTTP_INTERNAL_SERVER_ERROR
;
2411 rv
= HTTP_INTERNAL_SERVER_ERROR
;
2419 create_fcgi_request(request_rec
* const r
,
2420 const char * const path
,
2421 fcgi_request
** const frP
)
2423 const char *fs_path
;
2424 pool
* const p
= r
->pool
;
2426 fcgi_request
* const fr
= (fcgi_request
*)ap_pcalloc(p
, sizeof(fcgi_request
));
2430 fs_path
= path
? path
: r
->filename
;
2432 get_request_identity(r
, &uid
, &gid
);
2434 fs
= fcgi_util_fs_get_by_id(fs_path
, uid
, gid
);
2439 struct stat
*my_finfo
;
2446 /* AP2: its bogus that we don't make use of r->finfo, but
2447 * its an apr_finfo_t and there is no apr_os_finfo_get() */
2449 my_finfo
= &r
->finfo
;
2454 my_finfo
= (struct stat
*) ap_palloc(p
, sizeof(struct stat
));
2456 if (stat(fs_path
, my_finfo
) < 0)
2458 ap_log_rerror(FCGI_LOG_ERR_ERRNO
, r
,
2459 "FastCGI: stat() of \"%s\" failed", fs_path
);
2460 return HTTP_NOT_FOUND
;
2464 err
= fcgi_util_fs_is_path_ok(p
, fs_path
, my_finfo
);
2467 ap_log_rerror(FCGI_LOG_ERR_NOERRNO
, r
,
2468 "FastCGI: invalid (dynamic) server \"%s\": %s", fs_path
, err
);
2469 return HTTP_FORBIDDEN
;
2473 fr
->serverInputBuffer
= fcgi_buf_new(p
, SERVER_BUFSIZE
);
2474 fr
->serverOutputBuffer
= fcgi_buf_new(p
, SERVER_BUFSIZE
);
2475 fr
->clientInputBuffer
= fcgi_buf_new(p
, SERVER_BUFSIZE
);
2476 fr
->clientOutputBuffer
= fcgi_buf_new(p
, SERVER_BUFSIZE
);
2477 fr
->erBufPtr
= fcgi_buf_new(p
, sizeof(FCGI_EndRequestBody
) + 1);
2478 fr
->gotHeader
= FALSE
;
2479 fr
->parseHeader
= SCAN_CGI_READING_HEADERS
;
2480 fr
->header
= ap_make_array(p
, 1, 1);
2481 fr
->fs_stderr
= NULL
;
2483 fr
->readingEndRequestBody
= FALSE
;
2485 fr
->exitStatusSet
= FALSE
;
2486 fr
->requestId
= 1; /* anything but zero is OK here */
2487 fr
->eofSent
= FALSE
;
2488 fr
->role
= FCGI_RESPONDER
;
2489 fr
->expectingClientContent
= FALSE
;
2490 fr
->keepReadingFromFcgiApp
= TRUE
;
2492 fr
->fs_path
= fs_path
;
2493 fr
->authHeaders
= ap_make_table(p
, 10);
2495 fr
->fd
= INVALID_SOCKET
;
2496 fr
->dynamic
= ((fs
== NULL
) || (fs
->directive
== APP_CLASS_DYNAMIC
)) ? TRUE
: FALSE
;
2497 fr
->using_npipe_io
= (! fr
->dynamic
&& (fs
->dest_addr
|| fs
->socket_addr
)) ? 0 : 1;
2499 fr
->dynamic
= (fs
== NULL
) ? TRUE
: FALSE
;
2503 set_uid_n_gid(r
, &fr
->user
, &fr
->group
);
2511 *----------------------------------------------------------------------
2515 * This routine gets called for a request that corresponds to
2516 * a FastCGI connection. It performs the request synchronously.
2519 * Final status of request: OK or NOT_FOUND or HTTP_INTERNAL_SERVER_ERROR.
2522 * Request performed.
2524 *----------------------------------------------------------------------
2527 /* Stolen from mod_cgi.c..
2528 * KLUDGE --- for back-combatibility, we don't have to check ExecCGI
2529 * in ScriptAliased directories, which means we need to know if this
2530 * request came through ScriptAlias or not... so the Alias module
2531 * leaves a note for us.
2533 static int apache_is_scriptaliased(request_rec
*r
)
2535 const char *t
= ap_table_get(r
->notes
, "alias-forced-type");
2536 return t
&& (!strcasecmp(t
, "cgi-script"));
2539 /* If a script wants to produce its own Redirect body, it now
2540 * has to explicitly *say* "Status: 302". If it wants to use
2541 * Apache redirects say "Status: 200". See process_headers().
2543 static int post_process_for_redirects(request_rec
* const r
,
2544 const fcgi_request
* const fr
)
2546 switch(fr
->parseHeader
) {
2547 case SCAN_CGI_INT_REDIRECT
:
2549 /* @@@ There are still differences between the handling in
2550 * mod_cgi and mod_fastcgi. This needs to be revisited.
2552 /* We already read the message body (if any), so don't allow
2553 * the redirected request to think it has one. We can ignore
2554 * Transfer-Encoding, since we used REQUEST_CHUNKED_ERROR.
2557 r
->method_number
= M_GET
;
2558 ap_table_unset(r
->headers_in
, "Content-length");
2560 ap_internal_redirect_handler(ap_table_get(r
->headers_out
, "Location"), r
);
2563 case SCAN_CGI_SRV_REDIRECT
:
2564 return HTTP_MOVED_TEMPORARILY
;
2571 /******************************************************************************
2572 * Process fastcgi-script requests. Based on mod_cgi::cgi_handler().
2574 static int content_handler(request_rec
*r
)
2576 fcgi_request
*fr
= NULL
;
2580 if (strcmp(r
->handler
, FASTCGI_HANDLER_NAME
))
2584 /* Setup a new FastCGI request */
2585 ret
= create_fcgi_request(r
, NULL
, &fr
);
2591 /* If its a dynamic invocation, make sure scripts are OK here */
2592 if (fr
->dynamic
&& ! (ap_allow_options(r
) & OPT_EXECCGI
)
2593 && ! apache_is_scriptaliased(r
))
2595 ap_log_rerror(FCGI_LOG_ERR_NOERRNO
, r
,
2596 "FastCGI: \"ExecCGI Option\" is off in this directory: %s", r
->uri
);
2597 return HTTP_FORBIDDEN
;
2600 /* Process the fastcgi-script request */
2601 if ((ret
= do_work(r
, fr
)) != OK
)
2604 /* Special case redirects */
2605 ret
= post_process_for_redirects(r
, fr
);
2611 static int post_process_auth_passed_header(table
*t
, const char *key
, const char * const val
)
2613 if (strncasecmp(key
, "Variable-", 9) == 0)
2616 ap_table_setn(t
, key
, val
);
2620 static int post_process_auth_passed_compat_header(table
*t
, const char *key
, const char * const val
)
2622 if (strncasecmp(key
, "Variable-", 9) == 0)
2623 ap_table_setn(t
, key
+ 9, val
);
2628 static int post_process_auth_failed_header(table
* const t
, const char * const key
, const char * const val
)
2630 ap_table_setn(t
, key
, val
);
2634 static void post_process_auth(fcgi_request
* const fr
, const int passed
)
2636 request_rec
* const r
= fr
->r
;
2638 /* Restore the saved subprocess_env because we muddied ours up */
2639 r
->subprocess_env
= fr
->saved_subprocess_env
;
2642 if (fr
->auth_compat
) {
2643 ap_table_do((int (*)(void *, const char *, const char *))post_process_auth_passed_compat_header
,
2644 (void *)r
->subprocess_env
, fr
->authHeaders
, NULL
);
2647 ap_table_do((int (*)(void *, const char *, const char *))post_process_auth_passed_header
,
2648 (void *)r
->subprocess_env
, fr
->authHeaders
, NULL
);
2652 ap_table_do((int (*)(void *, const char *, const char *))post_process_auth_failed_header
,
2653 (void *)r
->err_headers_out
, fr
->authHeaders
, NULL
);
2656 /* @@@ Restore these.. its a hack until I rewrite the header handling */
2657 r
->status
= HTTP_OK
;
2658 r
->status_line
= NULL
;
2661 static int check_user_authentication(request_rec
*r
)
2663 int res
, authenticated
= 0;
2664 const char *password
;
2666 const fcgi_dir_config
* const dir_config
=
2667 (const fcgi_dir_config
*)ap_get_module_config(r
->per_dir_config
, &fastcgi_module
);
2669 if (dir_config
->authenticator
== NULL
)
2672 /* Get the user password */
2673 if ((res
= ap_get_basic_auth_pw(r
, &password
)) != OK
)
2676 res
= create_fcgi_request(r
, dir_config
->authenticator
, &fr
);
2682 /* Save the existing subprocess_env, because we're gonna muddy it up */
2683 fr
->saved_subprocess_env
= ap_copy_table(r
->pool
, r
->subprocess_env
);
2685 ap_table_setn(r
->subprocess_env
, "REMOTE_PASSWD", password
);
2686 ap_table_setn(r
->subprocess_env
, "FCGI_APACHE_ROLE", "AUTHENTICATOR");
2688 /* The FastCGI Protocol doesn't differentiate authentication */
2689 fr
->role
= FCGI_AUTHORIZER
;
2691 /* Do we need compatibility mode? */
2692 fr
->auth_compat
= (dir_config
->authenticator_options
& FCGI_COMPAT
);
2694 if ((res
= do_work(r
, fr
)) != OK
)
2695 goto AuthenticationFailed
;
2697 authenticated
= (r
->status
== 200);
2698 post_process_auth(fr
, authenticated
);
2700 /* A redirect shouldn't be allowed during the authentication phase */
2701 if (ap_table_get(r
->headers_out
, "Location") != NULL
) {
2702 ap_log_rerror(FCGI_LOG_ERR_NOERRNO
, r
,
2703 "FastCGI: FastCgiAuthenticator \"%s\" redirected (not allowed)",
2704 dir_config
->authenticator
);
2705 goto AuthenticationFailed
;
2711 AuthenticationFailed
:
2712 if (!(dir_config
->authenticator_options
& FCGI_AUTHORITATIVE
))
2715 /* @@@ Probably should support custom_responses */
2716 ap_note_basic_auth_failure(r
);
2717 ap_log_rerror(FCGI_LOG_ERR_NOERRNO
, r
,
2718 "FastCGI: authentication failed for user \"%s\": %s",
2722 r
->connection
->user
, r
->uri
);
2725 return (res
== OK
) ? HTTP_UNAUTHORIZED
: res
;
2728 static int check_user_authorization(request_rec
*r
)
2730 int res
, authorized
= 0;
2732 const fcgi_dir_config
* const dir_config
=
2733 (const fcgi_dir_config
*)ap_get_module_config(r
->per_dir_config
, &fastcgi_module
);
2735 if (dir_config
->authorizer
== NULL
)
2738 /* @@@ We should probably honor the existing parameters to the require directive
2739 * as well as allow the definition of new ones (or use the basename of the
2740 * FastCGI server and pass the rest of the directive line), but for now keep
2743 res
= create_fcgi_request(r
, dir_config
->authorizer
, &fr
);
2749 /* Save the existing subprocess_env, because we're gonna muddy it up */
2750 fr
->saved_subprocess_env
= ap_copy_table(r
->pool
, r
->subprocess_env
);
2752 ap_table_setn(r
->subprocess_env
, "FCGI_APACHE_ROLE", "AUTHORIZER");
2754 fr
->role
= FCGI_AUTHORIZER
;
2756 /* Do we need compatibility mode? */
2757 fr
->auth_compat
= (dir_config
->authorizer_options
& FCGI_COMPAT
);
2759 if ((res
= do_work(r
, fr
)) != OK
)
2760 goto AuthorizationFailed
;
2762 authorized
= (r
->status
== 200);
2763 post_process_auth(fr
, authorized
);
2765 /* A redirect shouldn't be allowed during the authorization phase */
2766 if (ap_table_get(r
->headers_out
, "Location") != NULL
) {
2767 ap_log_rerror(FCGI_LOG_ERR_NOERRNO
, r
,
2768 "FastCGI: FastCgiAuthorizer \"%s\" redirected (not allowed)",
2769 dir_config
->authorizer
);
2770 goto AuthorizationFailed
;
2776 AuthorizationFailed
:
2777 if (!(dir_config
->authorizer_options
& FCGI_AUTHORITATIVE
))
2780 /* @@@ Probably should support custom_responses */
2781 ap_note_basic_auth_failure(r
);
2782 ap_log_rerror(FCGI_LOG_ERR_NOERRNO
, r
,
2783 "FastCGI: authorization failed for user \"%s\": %s",
2787 r
->connection
->user
, r
->uri
);
2790 return (res
== OK
) ? HTTP_UNAUTHORIZED
: res
;
2793 static int check_access(request_rec
*r
)
2795 int res
, access_allowed
= 0;
2797 const fcgi_dir_config
* const dir_config
=
2798 (fcgi_dir_config
*)ap_get_module_config(r
->per_dir_config
, &fastcgi_module
);
2800 if (dir_config
== NULL
|| dir_config
->access_checker
== NULL
)
2803 res
= create_fcgi_request(r
, dir_config
->access_checker
, &fr
);
2809 /* Save the existing subprocess_env, because we're gonna muddy it up */
2810 fr
->saved_subprocess_env
= ap_copy_table(r
->pool
, r
->subprocess_env
);
2812 ap_table_setn(r
->subprocess_env
, "FCGI_APACHE_ROLE", "ACCESS_CHECKER");
2814 /* The FastCGI Protocol doesn't differentiate access control */
2815 fr
->role
= FCGI_AUTHORIZER
;
2817 /* Do we need compatibility mode? */
2818 fr
->auth_compat
= (dir_config
->access_checker_options
& FCGI_COMPAT
);
2820 if ((res
= do_work(r
, fr
)) != OK
)
2823 access_allowed
= (r
->status
== 200);
2824 post_process_auth(fr
, access_allowed
);
2826 /* A redirect shouldn't be allowed during the access check phase */
2827 if (ap_table_get(r
->headers_out
, "Location") != NULL
) {
2828 ap_log_rerror(FCGI_LOG_ERR_NOERRNO
, r
,
2829 "FastCGI: FastCgiAccessChecker \"%s\" redirected (not allowed)",
2830 dir_config
->access_checker
);
2838 if (!(dir_config
->access_checker_options
& FCGI_AUTHORITATIVE
))
2841 /* @@@ Probably should support custom_responses */
2842 ap_log_rerror(FCGI_LOG_ERR_NOERRNO
, r
, "FastCGI: access denied: %s", r
->uri
);
2843 return (res
== OK
) ? HTTP_FORBIDDEN
: res
;
2847 fixups(request_rec
* r
)
2852 get_request_identity(r
, &uid
, &gid
);
2854 if (fcgi_util_fs_get_by_id(r
->filename
, uid
, gid
))
2856 r
->handler
= FASTCGI_HANDLER_NAME
;
2865 # define AP_INIT_RAW_ARGS(directive, func, mconfig, where, help) \
2866 { directive, func, mconfig, where, RAW_ARGS, help }
2867 # define AP_INIT_TAKE1(directive, func, mconfig, where, help) \
2868 { directive, func, mconfig, where, TAKE1, help }
2869 # define AP_INIT_TAKE12(directive, func, mconfig, where, help) \
2870 { directive, func, mconfig, where, TAKE12, help }
2871 # define AP_INIT_FLAG(directive, func, mconfig, where, help) \
2872 { directive, func, mconfig, where, FLAG, help }
2876 static const command_rec fastcgi_cmds
[] =
2878 AP_INIT_RAW_ARGS("AppClass", fcgi_config_new_static_server
, NULL
, RSRC_CONF
, NULL
),
2879 AP_INIT_RAW_ARGS("FastCgiServer", fcgi_config_new_static_server
, NULL
, RSRC_CONF
, NULL
),
2881 AP_INIT_RAW_ARGS("ExternalAppClass", fcgi_config_new_external_server
, NULL
, RSRC_CONF
, NULL
),
2882 AP_INIT_RAW_ARGS("FastCgiExternalServer", fcgi_config_new_external_server
, NULL
, RSRC_CONF
, NULL
),
2884 AP_INIT_TAKE1("FastCgiIpcDir", fcgi_config_set_socket_dir
, NULL
, RSRC_CONF
, NULL
),
2886 AP_INIT_TAKE1("FastCgiSuexec", fcgi_config_set_wrapper
, NULL
, RSRC_CONF
, NULL
),
2887 AP_INIT_TAKE1("FastCgiWrapper", fcgi_config_set_wrapper
, NULL
, RSRC_CONF
, NULL
),
2889 AP_INIT_RAW_ARGS("FCGIConfig", fcgi_config_set_config
, NULL
, RSRC_CONF
, NULL
),
2890 AP_INIT_RAW_ARGS("FastCgiConfig", fcgi_config_set_config
, NULL
, RSRC_CONF
, NULL
),
2892 AP_INIT_TAKE12("FastCgiAuthenticator", fcgi_config_new_auth_server
,
2893 (void *)FCGI_AUTH_TYPE_AUTHENTICATOR
, ACCESS_CONF
,
2894 "a fastcgi-script path (absolute or relative to ServerRoot) followed by an optional -compat"),
2895 AP_INIT_FLAG("FastCgiAuthenticatorAuthoritative", fcgi_config_set_authoritative_slot
,
2896 (void *)XtOffsetOf(fcgi_dir_config
, authenticator_options
), ACCESS_CONF
,
2897 "Set to 'off' to allow authentication to be passed along to lower modules upon failure"),
2899 AP_INIT_TAKE12("FastCgiAuthorizer", fcgi_config_new_auth_server
,
2900 (void *)FCGI_AUTH_TYPE_AUTHORIZER
, ACCESS_CONF
,
2901 "a fastcgi-script path (absolute or relative to ServerRoot) followed by an optional -compat"),
2902 AP_INIT_FLAG("FastCgiAuthorizerAuthoritative", fcgi_config_set_authoritative_slot
,
2903 (void *)XtOffsetOf(fcgi_dir_config
, authorizer_options
), ACCESS_CONF
,
2904 "Set to 'off' to allow authorization to be passed along to lower modules upon failure"),
2906 AP_INIT_TAKE12("FastCgiAccessChecker", fcgi_config_new_auth_server
,
2907 (void *)FCGI_AUTH_TYPE_ACCESS_CHECKER
, ACCESS_CONF
,
2908 "a fastcgi-script path (absolute or relative to ServerRoot) followed by an optional -compat"),
2909 AP_INIT_FLAG("FastCgiAccessCheckerAuthoritative", fcgi_config_set_authoritative_slot
,
2910 (void *)XtOffsetOf(fcgi_dir_config
, access_checker_options
), ACCESS_CONF
,
2911 "Set to 'off' to allow access control to be passed along to lower modules upon failure"),
2917 static void register_hooks(apr_pool_t
* p
)
2919 /* ap_hook_pre_config(x_pre_config, NULL, NULL, APR_HOOK_MIDDLE); */
2920 ap_hook_post_config(init_module
, NULL
, NULL
, APR_HOOK_MIDDLE
);
2921 ap_hook_child_init(fcgi_child_init
, NULL
, NULL
, APR_HOOK_MIDDLE
);
2922 ap_hook_handler(content_handler
, NULL
, NULL
, APR_HOOK_MIDDLE
);
2923 ap_hook_check_user_id(check_user_authentication
, NULL
, NULL
, APR_HOOK_MIDDLE
);
2924 ap_hook_access_checker(check_access
, NULL
, NULL
, APR_HOOK_MIDDLE
);
2925 ap_hook_auth_checker(check_user_authorization
, NULL
, NULL
, APR_HOOK_MIDDLE
);
2926 ap_hook_fixups(fixups
, NULL
, NULL
, APR_HOOK_MIDDLE
);
2929 module AP_MODULE_DECLARE_DATA fastcgi_module
=
2931 STANDARD20_MODULE_STUFF
,
2932 fcgi_config_create_dir_config
, /* per-directory config creator */
2933 NULL
, /* dir config merger */
2934 NULL
, /* server config creator */
2935 NULL
, /* server config merger */
2936 fastcgi_cmds
, /* command table */
2937 register_hooks
, /* set up other request processing hooks */
2940 #else /* !APACHE2 */
2942 handler_rec fastcgi_handlers
[] = {
2943 { FCGI_MAGIC_TYPE
, content_handler
},
2944 { FASTCGI_HANDLER_NAME
, content_handler
},
2948 module MODULE_VAR_EXPORT fastcgi_module
= {
2949 STANDARD_MODULE_STUFF
,
2950 init_module
, /* initializer */
2951 fcgi_config_create_dir_config
, /* per-dir config creator */
2952 NULL
, /* per-dir config merger (default: override) */
2953 NULL
, /* per-server config creator */
2954 NULL
, /* per-server config merger (default: override) */
2955 fastcgi_cmds
, /* command table */
2956 fastcgi_handlers
, /* [9] content handlers */
2957 NULL
, /* [2] URI-to-filename translation */
2958 check_user_authentication
, /* [5] authenticate user_id */
2959 check_user_authorization
, /* [6] authorize user_id */
2960 check_access
, /* [4] check access (based on src & http headers) */
2961 NULL
, /* [7] check/set MIME type */
2962 fixups
, /* [8] fixups */
2963 NULL
, /* [10] logger */
2964 NULL
, /* [3] header-parser */
2965 fcgi_child_init
, /* process initialization */
2967 fcgi_child_exit
, /* process exit/cleanup */
2971 NULL
/* [1] post read-request handling */
2974 #endif /* !APACHE2 */