search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
[core] calloc plugin_config for consistent init
[lighttpd.git] / src / mod_cgi.c
blobee6dd7ce7fb8a36e582c8de37b5d7e9443416454
1 #include "first.h"
2
3 #include "server.h"
4 #include "stat_cache.h"
5 #include "keyvalue.h"
6 #include "log.h"
7 #include "connections.h"
8 #include "joblist.h"
9 #include "response.h"
10 #include "http_chunk.h"
11
12 #include "plugin.h"
13
14 #include <sys/types.h>
15 #include "sys-mmap.h"
16 #include "sys-socket.h"
17 # include <sys/wait.h>
18
19 #include <unistd.h>
20 #include <errno.h>
21 #include <stdlib.h>
22 #include <string.h>
23 #include <fdevent.h>
24 #include <signal.h>
25
26 #include <stdio.h>
27 #include <fcntl.h>
28
29 static int pipe_cloexec(int pipefd[2]) {
30 #ifdef HAVE_PIPE2
31 if (0 == pipe2(pipefd, O_CLOEXEC)) return 0;
32 #endif
33 return 0 == pipe(pipefd)
34 #ifdef FD_CLOEXEC
35 && 0 == fcntl(pipefd[0], F_SETFD, FD_CLOEXEC)
36 && 0 == fcntl(pipefd[1], F_SETFD, FD_CLOEXEC)
37 #endif
38 ? 0
39 : -1;
40 }
41
42 enum {EOL_UNSET, EOL_N, EOL_RN};
43
44 typedef struct {
45 char **ptr;
46
47 size_t size;
48 size_t used;
49 } char_array;
50
51 typedef struct {
52 pid_t *ptr;
53 size_t used;
54 size_t size;
55 } buffer_pid_t;
56
57 typedef struct {
58 array *cgi;
59 unsigned short execute_x_only;
60 unsigned short local_redir;
61 unsigned short xsendfile_allow;
62 array *xsendfile_docroot;
63 } plugin_config;
64
65 typedef struct {
66 PLUGIN_DATA;
67 buffer_pid_t cgi_pid;
68
69 plugin_config **config_storage;
70
71 plugin_config conf;
72 } plugin_data;
73
74 typedef struct {
75 pid_t pid;
76 int fd;
77 int fdtocgi;
78 int fde_ndx; /* index into the fd-event buffer */
79 int fde_ndx_tocgi; /* index into the fd-event buffer */
80
81 connection *remote_conn; /* dumb pointer */
82 plugin_data *plugin_data; /* dumb pointer */
83
84 buffer *response;
85 buffer *cgi_handler; /* dumb pointer */
86 http_response_opts opts;
87 plugin_config conf;
88 } handler_ctx;
89
90 static handler_ctx * cgi_handler_ctx_init(void) {
91 handler_ctx *hctx = calloc(1, sizeof(*hctx));
92
93 force_assert(hctx);
94
95 hctx->response = buffer_init();
96 hctx->fd = -1;
97 hctx->fdtocgi = -1;
98
99 return hctx;
100 }
101
102 static void cgi_handler_ctx_free(handler_ctx *hctx) {
103 buffer_free(hctx->response);
104 free(hctx);
105 }
106
107 INIT_FUNC(mod_cgi_init) {
108 plugin_data *p;
109
110 p = calloc(1, sizeof(*p));
111
112 force_assert(p);
113
114 return p;
115 }
116
117
118 FREE_FUNC(mod_cgi_free) {
119 plugin_data *p = p_d;
120 buffer_pid_t *r = &(p->cgi_pid);
121
122 UNUSED(srv);
123
124 if (p->config_storage) {
125 size_t i;
126 for (i = 0; i < srv->config_context->used; i++) {
127 plugin_config *s = p->config_storage[i];
128
129 if (NULL == s) continue;
130
131 array_free(s->cgi);
132 array_free(s->xsendfile_docroot);
133
134 free(s);
135 }
136 free(p->config_storage);
137 }
138
139
140 if (r->ptr) free(r->ptr);
141
142 free(p);
143
144 return HANDLER_GO_ON;
145 }
146
147 SETDEFAULTS_FUNC(mod_fastcgi_set_defaults) {
148 plugin_data *p = p_d;
149 size_t i = 0;
150
151 config_values_t cv[] = {
152 { "cgi.assign", NULL, T_CONFIG_ARRAY, T_CONFIG_SCOPE_CONNECTION }, /* 0 */
153 { "cgi.execute-x-only", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 1 */
154 { "cgi.x-sendfile", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 2 */
155 { "cgi.x-sendfile-docroot", NULL, T_CONFIG_ARRAY, T_CONFIG_SCOPE_CONNECTION }, /* 3 */
156 { "cgi.local-redir", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 4 */
157 { NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET}
158 };
159
160 if (!p) return HANDLER_ERROR;
161
162 p->config_storage = calloc(1, srv->config_context->used * sizeof(plugin_config *));
163 force_assert(p->config_storage);
164
165 for (i = 0; i < srv->config_context->used; i++) {
166 data_config const* config = (data_config const*)srv->config_context->data[i];
167 plugin_config *s;
168
169 s = calloc(1, sizeof(plugin_config));
170 force_assert(s);
171
172 s->cgi = array_init();
173 s->execute_x_only = 0;
174 s->local_redir = 0;
175 s->xsendfile_allow= 0;
176 s->xsendfile_docroot = array_init();
177
178 cv[0].destination = s->cgi;
179 cv[1].destination = &(s->execute_x_only);
180 cv[2].destination = &(s->xsendfile_allow);
181 cv[3].destination = s->xsendfile_docroot;
182 cv[4].destination = &(s->local_redir);
183
184 p->config_storage[i] = s;
185
186 if (0 != config_insert_values_global(srv, config->value, cv, i == 0 ? T_CONFIG_SCOPE_SERVER : T_CONFIG_SCOPE_CONNECTION)) {
187 return HANDLER_ERROR;
188 }
189
190 if (!array_is_kvstring(s->cgi)) {
191 log_error_write(srv, __FILE__, __LINE__, "s",
192 "unexpected value for cgi.assign; expected list of \"ext\" => \"exepath\"");
193 return HANDLER_ERROR;
194 }
195
196 if (s->xsendfile_docroot->used) {
197 size_t j;
198 for (j = 0; j < s->xsendfile_docroot->used; ++j) {
199 data_string *ds = (data_string *)s->xsendfile_docroot->data[j];
200 if (ds->type != TYPE_STRING) {
201 log_error_write(srv, __FILE__, __LINE__, "s",
202 "unexpected type for key cgi.x-sendfile-docroot; expected: cgi.x-sendfile-docroot = ( \"/allowed/path\", ... )");
203 return HANDLER_ERROR;
204 }
205 if (ds->value->ptr[0] != '/') {
206 log_error_write(srv, __FILE__, __LINE__, "SBs",
207 "cgi.x-sendfile-docroot paths must begin with '/'; invalid: \"", ds->value, "\"");
208 return HANDLER_ERROR;
209 }
210 buffer_path_simplify(ds->value, ds->value);
211 buffer_append_slash(ds->value);
212 }
213 }
214 }
215
216 return HANDLER_GO_ON;
217 }
218
219
220 static int cgi_pid_add(server *srv, plugin_data *p, pid_t pid) {
221 int m = -1;
222 size_t i;
223 buffer_pid_t *r = &(p->cgi_pid);
224
225 UNUSED(srv);
226
227 for (i = 0; i < r->used; i++) {
228 if (r->ptr[i] > m) m = r->ptr[i];
229 }
230
231 if (r->size == 0) {
232 r->size = 16;
233 r->ptr = malloc(sizeof(*r->ptr) * r->size);
234 force_assert(r->ptr);
235 } else if (r->used == r->size) {
236 r->size += 16;
237 r->ptr = realloc(r->ptr, sizeof(*r->ptr) * r->size);
238 force_assert(r->ptr);
239 }
240
241 r->ptr[r->used++] = pid;
242
243 return m;
244 }
245
246 static int cgi_pid_del(server *srv, plugin_data *p, pid_t pid) {
247 size_t i;
248 buffer_pid_t *r = &(p->cgi_pid);
249
250 UNUSED(srv);
251
252 for (i = 0; i < r->used; i++) {
253 if (r->ptr[i] == pid) break;
254 }
255
256 if (i != r->used) {
257 /* found */
258
259 if (i != r->used - 1) {
260 r->ptr[i] = r->ptr[r->used - 1];
261 }
262 r->used--;
263 }
264
265 return 0;
266 }
267
268
269 static void cgi_connection_close_fdtocgi(server *srv, handler_ctx *hctx) {
270 /*(closes only hctx->fdtocgi)*/
271 fdevent_event_del(srv->ev, &(hctx->fde_ndx_tocgi), hctx->fdtocgi);
272 fdevent_unregister(srv->ev, hctx->fdtocgi);
273 fdevent_sched_close(srv->ev, hctx->fdtocgi, 0);
274 hctx->fdtocgi = -1;
275 }
276
277 static void cgi_connection_close(server *srv, handler_ctx *hctx) {
278 int status;
279 pid_t pid;
280 plugin_data *p = hctx->plugin_data;
281 connection *con = hctx->remote_conn;
282
283 #ifndef __WIN32
284
285 /* the connection to the browser went away, but we still have a connection
286 * to the CGI script
287 *
288 * close cgi-connection
289 */
290
291 if (hctx->fd != -1) {
292 /* close connection to the cgi-script */
293 fdevent_event_del(srv->ev, &(hctx->fde_ndx), hctx->fd);
294 fdevent_unregister(srv->ev, hctx->fd);
295 fdevent_sched_close(srv->ev, hctx->fd, 0);
296 }
297
298 if (hctx->fdtocgi != -1) {
299 cgi_connection_close_fdtocgi(srv, hctx); /*(closes only hctx->fdtocgi)*/
300 }
301
302 pid = hctx->pid;
303
304 con->plugin_ctx[p->id] = NULL;
305
306 cgi_handler_ctx_free(hctx);
307
308 /* if waitpid hasn't been called by response.c yet, do it here */
309 if (pid) {
310 /* check if the CGI-script is already gone */
311 switch(waitpid(pid, &status, WNOHANG)) {
312 case 0:
313 /* not finished yet */
314 #if 0
315 log_error_write(srv, __FILE__, __LINE__, "sd", "(debug) child isn't done yet, pid:", pid);
316 #endif
317 break;
318 case -1:
319 /* */
320 if (errno == EINTR) break;
321
322 /*
323 * errno == ECHILD happens if _subrequest catches the process-status before
324 * we have read the response of the cgi process
325 *
326 * -> catch status
327 * -> WAIT_FOR_EVENT
328 * -> read response
329 * -> we get here with waitpid == ECHILD
330 *
331 */
332 if (errno != ECHILD) {
333 log_error_write(srv, __FILE__, __LINE__, "ss", "waitpid failed: ", strerror(errno));
334 }
335 /* anyway: don't wait for it anymore */
336 pid = 0;
337 break;
338 default:
339 if (WIFEXITED(status)) {
340 #if 0
341 log_error_write(srv, __FILE__, __LINE__, "sd", "(debug) cgi exited fine, pid:", pid);
342 #endif
343 } else {
344 log_error_write(srv, __FILE__, __LINE__, "sd", "cgi died, pid:", pid);
345 }
346
347 pid = 0;
348 break;
349 }
350
351 if (pid) {
352 kill(pid, SIGTERM);
353
354 /* cgi-script is still alive, queue the PID for removal */
355 cgi_pid_add(srv, p, pid);
356 }
357 }
358 #endif
359
360 /* finish response (if not already con->file_started, con->file_finished) */
361 if (con->mode == p->id) {
362 http_response_backend_done(srv, con);
363 }
364 }
365
366 static handler_t cgi_connection_close_callback(server *srv, connection *con, void *p_d) {
367 plugin_data *p = p_d;
368 handler_ctx *hctx = con->plugin_ctx[p->id];
369 if (hctx) cgi_connection_close(srv, hctx);
370
371 return HANDLER_GO_ON;
372 }
373
374
375 static int cgi_write_request(server *srv, handler_ctx *hctx, int fd);
376
377
378 static handler_t cgi_handle_fdevent_send (server *srv, void *ctx, int revents) {
379 handler_ctx *hctx = ctx;
380 connection *con = hctx->remote_conn;
381
382 /*(joblist only actually necessary here in mod_cgi fdevent send if returning HANDLER_ERROR)*/
383 joblist_append(srv, con);
384
385 if (revents & FDEVENT_OUT) {
386 if (0 != cgi_write_request(srv, hctx, hctx->fdtocgi)) {
387 cgi_connection_close(srv, hctx);
388 return HANDLER_ERROR;
389 }
390 /* more request body to be sent to CGI */
391 }
392
393 if (revents & FDEVENT_HUP) {
394 /* skip sending remaining data to CGI */
395 if (con->request.content_length) {
396 chunkqueue *cq = con->request_content_queue;
397 chunkqueue_mark_written(cq, chunkqueue_length(cq));
398 if (cq->bytes_in != (off_t)con->request.content_length) {
399 con->keep_alive = 0;
400 }
401 }
402
403 cgi_connection_close_fdtocgi(srv, hctx); /*(closes only hctx->fdtocgi)*/
404 } else if (revents & FDEVENT_ERR) {
405 /* kill all connections to the cgi process */
406 #if 1
407 log_error_write(srv, __FILE__, __LINE__, "s", "cgi-FDEVENT_ERR");
408 #endif
409 cgi_connection_close(srv, hctx);
410 return HANDLER_ERROR;
411 }
412
413 return HANDLER_FINISHED;
414 }
415
416
417 static int cgi_recv_response(server *srv, handler_ctx *hctx) {
418 switch (http_response_read(srv, hctx->remote_conn, &hctx->opts,
419 hctx->response, hctx->fd, &hctx->fde_ndx)) {
420 default:
421 return HANDLER_GO_ON;
422 case HANDLER_ERROR:
423 http_response_backend_error(srv, hctx->remote_conn);
424 /* fall through */
425 case HANDLER_FINISHED:
426 cgi_connection_close(srv, hctx);
427 return HANDLER_FINISHED;
428 case HANDLER_COMEBACK:
429 /* hctx->conf.local_redir */
430 connection_response_reset(srv, hctx->remote_conn); /*(includes con->http_status = 0)*/
431 plugins_call_connection_reset(srv, hctx->remote_conn);
432 /*cgi_connection_close(srv, hctx);*//*(already cleaned up and hctx is now invalid)*/
433 return HANDLER_COMEBACK;
434 }
435 }
436
437
438 static handler_t cgi_handle_fdevent(server *srv, void *ctx, int revents) {
439 handler_ctx *hctx = ctx;
440 connection *con = hctx->remote_conn;
441
442 joblist_append(srv, con);
443
444 if (revents & FDEVENT_IN) {
445 handler_t rc = cgi_recv_response(srv, hctx);/*(might invalidate hctx)*/
446 if (rc != HANDLER_GO_ON) return rc; /*(unless HANDLER_GO_ON)*/
447 }
448
449 /* perhaps this issue is already handled */
450 if (revents & FDEVENT_HUP) {
451 if (con->file_started) {
452 /* drain any remaining data from kernel pipe buffers
453 * even if (con->conf.stream_response_body
454 * & FDEVENT_STREAM_RESPONSE_BUFMIN)
455 * since event loop will spin on fd FDEVENT_HUP event
456 * until unregistered. */
457 handler_t rc;
458 do {
459 rc = cgi_recv_response(srv,hctx);/*(might invalidate hctx)*/
460 } while (rc == HANDLER_GO_ON); /*(unless HANDLER_GO_ON)*/
461 return rc; /* HANDLER_FINISHED or HANDLER_COMEBACK or HANDLER_ERROR */
462 } else if (!buffer_string_is_empty(hctx->response)) {
463 /* unfinished header package which is a body in reality */
464 con->file_started = 1;
465 if (0 != http_chunk_append_buffer(srv, con, hctx->response)) {
466 cgi_connection_close(srv, hctx);
467 return HANDLER_ERROR;
468 }
469 if (0 == con->http_status) con->http_status = 200; /* OK */
470 } else {
471 # if 0
472 log_error_write(srv, __FILE__, __LINE__, "sddd", "got HUP from cgi", con->fd, hctx->fd, revents);
473 # endif
474 }
475 cgi_connection_close(srv, hctx);
476 } else if (revents & FDEVENT_ERR) {
477 /* kill all connections to the cgi process */
478 cgi_connection_close(srv, hctx);
479 #if 1
480 log_error_write(srv, __FILE__, __LINE__, "s", "cgi-FDEVENT_ERR");
481 #endif
482 return HANDLER_ERROR;
483 }
484
485 return HANDLER_FINISHED;
486 }
487
488
489 static int cgi_env_add(void *venv, const char *key, size_t key_len, const char *val, size_t val_len) {
490 char_array *env = venv;
491 char *dst;
492
493 if (!key || !val) return -1;
494
495 dst = malloc(key_len + val_len + 2);
496 force_assert(dst);
497 memcpy(dst, key, key_len);
498 dst[key_len] = '=';
499 memcpy(dst + key_len + 1, val, val_len);
500 dst[key_len + 1 + val_len] = '\0';
501
502 if (env->size == 0) {
503 env->size = 16;
504 env->ptr = malloc(env->size * sizeof(*env->ptr));
505 force_assert(env->ptr);
506 } else if (env->size == env->used) {
507 env->size += 16;
508 env->ptr = realloc(env->ptr, env->size * sizeof(*env->ptr));
509 force_assert(env->ptr);
510 }
511
512 env->ptr[env->used++] = dst;
513
514 return 0;
515 }
516
517 /*(improved from network_write_mmap.c)*/
518 static off_t mmap_align_offset(off_t start) {
519 static off_t pagemask = 0;
520 if (0 == pagemask) {
521 long pagesize = sysconf(_SC_PAGESIZE);
522 if (-1 == pagesize) pagesize = 4096;
523 pagemask = ~((off_t)pagesize - 1); /* pagesize always power-of-2 */
524 }
525 return (start & pagemask);
526 }
527
528 /* returns: 0: continue, -1: fatal error, -2: connection reset */
529 /* similar to network_write_file_chunk_mmap, but doesn't use send on windows (because we're on pipes),
530 * also mmaps and sends complete chunk instead of only small parts - the files
531 * are supposed to be temp files with reasonable chunk sizes.
532 *
533 * Also always use mmap; the files are "trusted", as we created them.
534 */
535 static ssize_t cgi_write_file_chunk_mmap(server *srv, connection *con, int fd, chunkqueue *cq) {
536 chunk* const c = cq->first;
537 off_t offset, toSend, file_end;
538 ssize_t r;
539 size_t mmap_offset, mmap_avail;
540 char *data = NULL;
541
542 force_assert(NULL != c);
543 force_assert(FILE_CHUNK == c->type);
544 force_assert(c->offset >= 0 && c->offset <= c->file.length);
545
546 offset = c->file.start + c->offset;
547 toSend = c->file.length - c->offset;
548 file_end = c->file.start + c->file.length; /* offset to file end in this chunk */
549
550 if (0 == toSend) {
551 chunkqueue_remove_finished_chunks(cq);
552 return 0;
553 }
554
555 /*(simplified from chunk.c:chunkqueue_open_file_chunk())*/
556 UNUSED(con);
557 if (-1 == c->file.fd) {
558 if (-1 == (c->file.fd = fdevent_open_cloexec(c->file.name->ptr, O_RDONLY, 0))) {
559 log_error_write(srv, __FILE__, __LINE__, "ssb", "open failed:", strerror(errno), c->file.name);
560 return -1;
561 }
562 }
563
564 /* (re)mmap the buffer if range is not covered completely */
565 if (MAP_FAILED == c->file.mmap.start
566 || offset < c->file.mmap.offset
567 || file_end > (off_t)(c->file.mmap.offset + c->file.mmap.length)) {
568
569 if (MAP_FAILED != c->file.mmap.start) {
570 munmap(c->file.mmap.start, c->file.mmap.length);
571 c->file.mmap.start = MAP_FAILED;
572 }
573
574 c->file.mmap.offset = mmap_align_offset(offset);
575 c->file.mmap.length = file_end - c->file.mmap.offset;
576
577 if (MAP_FAILED == (c->file.mmap.start = mmap(NULL, c->file.mmap.length, PROT_READ, MAP_PRIVATE, c->file.fd, c->file.mmap.offset))) {
578 if (toSend > 65536) toSend = 65536;
579 data = malloc(toSend);
580 force_assert(data);
581 if (-1 == lseek(c->file.fd, offset, SEEK_SET)
582 || 0 >= (toSend = read(c->file.fd, data, toSend))) {
583 if (-1 == toSend) {
584 log_error_write(srv, __FILE__, __LINE__, "ssbdo", "lseek/read failed:",
585 strerror(errno), c->file.name, c->file.fd, offset);
586 } else { /*(0 == toSend)*/
587 log_error_write(srv, __FILE__, __LINE__, "sbdo", "unexpected EOF (input truncated?):",
588 c->file.name, c->file.fd, offset);
589 }
590 free(data);
591 return -1;
592 }
593 }
594 }
595
596 if (MAP_FAILED != c->file.mmap.start) {
597 force_assert(offset >= c->file.mmap.offset);
598 mmap_offset = offset - c->file.mmap.offset;
599 force_assert(c->file.mmap.length > mmap_offset);
600 mmap_avail = c->file.mmap.length - mmap_offset;
601 force_assert(toSend <= (off_t) mmap_avail);
602
603 data = c->file.mmap.start + mmap_offset;
604 }
605
606 r = write(fd, data, toSend);
607
608 if (MAP_FAILED == c->file.mmap.start) free(data);
609
610 if (r < 0) {
611 switch (errno) {
612 case EAGAIN:
613 case EINTR:
614 return 0;
615 case EPIPE:
616 case ECONNRESET:
617 return -2;
618 default:
619 log_error_write(srv, __FILE__, __LINE__, "ssd",
620 "write failed:", strerror(errno), fd);
621 return -1;
622 }
623 }
624
625 if (r >= 0) {
626 chunkqueue_mark_written(cq, r);
627 }
628
629 return r;
630 }
631
632 static int cgi_write_request(server *srv, handler_ctx *hctx, int fd) {
633 connection *con = hctx->remote_conn;
634 chunkqueue *cq = con->request_content_queue;
635 chunk *c;
636
637 /* old comment: windows doesn't support select() on pipes - wouldn't be easy to fix for all platforms.
638 * solution: if this is still a problem on windows, then substitute
639 * socketpair() for pipe() and closesocket() for close() on windows.
640 */
641
642 for (c = cq->first; c; c = cq->first) {
643 ssize_t r = -1;
644
645 switch(c->type) {
646 case FILE_CHUNK:
647 r = cgi_write_file_chunk_mmap(srv, con, fd, cq);
648 break;
649
650 case MEM_CHUNK:
651 if ((r = write(fd, c->mem->ptr + c->offset, buffer_string_length(c->mem) - c->offset)) < 0) {
652 switch(errno) {
653 case EAGAIN:
654 case EINTR:
655 /* ignore and try again */
656 r = 0;
657 break;
658 case EPIPE:
659 case ECONNRESET:
660 /* connection closed */
661 r = -2;
662 break;
663 default:
664 /* fatal error */
665 log_error_write(srv, __FILE__, __LINE__, "ss", "write failed due to: ", strerror(errno));
666 r = -1;
667 break;
668 }
669 } else if (r > 0) {
670 chunkqueue_mark_written(cq, r);
671 }
672 break;
673 }
674
675 if (0 == r) break; /*(might block)*/
676
677 switch (r) {
678 case -1:
679 /* fatal error */
680 return -1;
681 case -2:
682 /* connection reset */
683 log_error_write(srv, __FILE__, __LINE__, "s", "failed to send post data to cgi, connection closed by CGI");
684 /* skip all remaining data */
685 chunkqueue_mark_written(cq, chunkqueue_length(cq));
686 break;
687 default:
688 break;
689 }
690 }
691
692 if (cq->bytes_out == (off_t)con->request.content_length) {
693 /* sent all request body input */
694 /* close connection to the cgi-script */
695 if (-1 == hctx->fdtocgi) { /*(received request body sent in initial send to pipe buffer)*/
696 --srv->cur_fds;
697 if (close(fd)) {
698 log_error_write(srv, __FILE__, __LINE__, "sds", "cgi stdin close failed ", fd, strerror(errno));
699 }
700 } else {
701 cgi_connection_close_fdtocgi(srv, hctx); /*(closes only hctx->fdtocgi)*/
702 }
703 } else {
704 off_t cqlen = cq->bytes_in - cq->bytes_out;
705 if (cq->bytes_in != con->request.content_length && cqlen < 65536 - 16384) {
706 /*(con->conf.stream_request_body & FDEVENT_STREAM_REQUEST)*/
707 if (!(con->conf.stream_request_body & FDEVENT_STREAM_REQUEST_POLLIN)) {
708 con->conf.stream_request_body |= FDEVENT_STREAM_REQUEST_POLLIN;
709 con->is_readable = 1; /* trigger optimistic read from client */
710 }
711 }
712 if (-1 == hctx->fdtocgi) { /*(not registered yet)*/
713 hctx->fdtocgi = fd;
714 hctx->fde_ndx_tocgi = -1;
715 fdevent_register(srv->ev, hctx->fdtocgi, cgi_handle_fdevent_send, hctx);
716 }
717 if (0 == cqlen) { /*(chunkqueue_is_empty(cq))*/
718 if ((fdevent_event_get_interest(srv->ev, hctx->fdtocgi) & FDEVENT_OUT)) {
719 fdevent_event_set(srv->ev, &(hctx->fde_ndx_tocgi), hctx->fdtocgi, 0);
720 }
721 } else {
722 /* more request body remains to be sent to CGI so register for fdevents */
723 fdevent_event_set(srv->ev, &(hctx->fde_ndx_tocgi), hctx->fdtocgi, FDEVENT_OUT);
724 }
725 }
726
727 return 0;
728 }
729
730 static int cgi_create_env(server *srv, connection *con, plugin_data *p, handler_ctx *hctx, buffer *cgi_handler) {
731 pid_t pid;
732
733 int to_cgi_fds[2];
734 int from_cgi_fds[2];
735 struct stat st;
736 UNUSED(p);
737
738 #ifndef __WIN32
739
740 if (!buffer_string_is_empty(cgi_handler)) {
741 /* stat the exec file */
742 if (-1 == (stat(cgi_handler->ptr, &st))) {
743 log_error_write(srv, __FILE__, __LINE__, "sbss",
744 "stat for cgi-handler", cgi_handler,
745 "failed:", strerror(errno));
746 return -1;
747 }
748 }
749
750 if (pipe_cloexec(to_cgi_fds)) {
751 log_error_write(srv, __FILE__, __LINE__, "ss", "pipe failed:", strerror(errno));
752 return -1;
753 }
754
755 if (pipe_cloexec(from_cgi_fds)) {
756 close(to_cgi_fds[0]);
757 close(to_cgi_fds[1]);
758 log_error_write(srv, __FILE__, __LINE__, "ss", "pipe failed:", strerror(errno));
759 return -1;
760 }
761
762 /* fork, execve */
763 switch (pid = fork()) {
764 case 0: {
765 /* child */
766 char **args;
767 int argc;
768 int i = 0;
769 char_array env;
770 char *c;
771 const char *s;
772 http_cgi_opts opts = { 0, 0, NULL, NULL };
773
774 /* move stdout to from_cgi_fd[1] */
775 dup2(from_cgi_fds[1], STDOUT_FILENO);
776 #ifndef FD_CLOEXEC
777 close(from_cgi_fds[1]);
778 /* not needed */
779 close(from_cgi_fds[0]);
780 #endif
781
782 /* move the stdin to to_cgi_fd[0] */
783 dup2(to_cgi_fds[0], STDIN_FILENO);
784 #ifndef FD_CLOEXEC
785 close(to_cgi_fds[0]);
786 /* not needed */
787 close(to_cgi_fds[1]);
788 #endif
789
790 /* create environment */
791 env.ptr = NULL;
792 env.size = 0;
793 env.used = 0;
794
795 http_cgi_headers(srv, con, &opts, cgi_env_add, &env);
796
797 /* for valgrind */
798 if (NULL != (s = getenv("LD_PRELOAD"))) {
799 cgi_env_add(&env, CONST_STR_LEN("LD_PRELOAD"), s, strlen(s));
800 }
801
802 if (NULL != (s = getenv("LD_LIBRARY_PATH"))) {
803 cgi_env_add(&env, CONST_STR_LEN("LD_LIBRARY_PATH"), s, strlen(s));
804 }
805 #ifdef __CYGWIN__
806 /* CYGWIN needs SYSTEMROOT */
807 if (NULL != (s = getenv("SYSTEMROOT"))) {
808 cgi_env_add(&env, CONST_STR_LEN("SYSTEMROOT"), s, strlen(s));
809 }
810 #endif
811
812 if (env.size == env.used) {
813 env.size += 16;
814 env.ptr = realloc(env.ptr, env.size * sizeof(*env.ptr));
815 }
816
817 env.ptr[env.used] = NULL;
818
819 /* set up args */
820 argc = 3;
821 args = malloc(sizeof(*args) * argc);
822 force_assert(args);
823 i = 0;
824
825 if (!buffer_string_is_empty(cgi_handler)) {
826 args[i++] = cgi_handler->ptr;
827 }
828 args[i++] = con->physical.path->ptr;
829 args[i ] = NULL;
830
831 /* search for the last / */
832 if (NULL != (c = strrchr(con->physical.path->ptr, '/'))) {
833 /* handle special case of file in root directory */
834 const char* physdir = (c == con->physical.path->ptr) ? "/" : con->physical.path->ptr;
835
836 /* temporarily shorten con->physical.path to directory without terminating '/' */
837 *c = '\0';
838 /* change to the physical directory */
839 if (-1 == chdir(physdir)) {
840 log_error_write(srv, __FILE__, __LINE__, "ssb", "chdir failed:", strerror(errno), con->physical.path);
841 }
842 *c = '/';
843 }
844
845 /* we don't need the client socket */
846 for (i = 3; i < 256; i++) {
847 if (i != srv->errorlog_fd) close(i);
848 }
849
850 /* exec the cgi */
851 execve(args[0], args, env.ptr);
852
853 /* most log files may have been closed/redirected by this point,
854 * though stderr might still point to lighttpd.breakage.log */
855 perror(args[0]);
856 _exit(1);
857 }
858 case -1:
859 /* error */
860 log_error_write(srv, __FILE__, __LINE__, "ss", "fork failed:", strerror(errno));
861 close(from_cgi_fds[0]);
862 close(from_cgi_fds[1]);
863 close(to_cgi_fds[0]);
864 close(to_cgi_fds[1]);
865 return -1;
866 default: {
867 /* parent process */
868
869 close(from_cgi_fds[1]);
870 close(to_cgi_fds[0]);
871
872 /* register PID and wait for them asynchronously */
873
874 hctx->pid = pid;
875 hctx->fd = from_cgi_fds[0];
876 hctx->fde_ndx = -1;
877
878 ++srv->cur_fds;
879
880 if (0 == con->request.content_length) {
881 close(to_cgi_fds[1]);
882 } else {
883 /* there is content to send */
884 if (-1 == fdevent_fcntl_set_nb(srv->ev, to_cgi_fds[1])) {
885 log_error_write(srv, __FILE__, __LINE__, "ss", "fcntl failed: ", strerror(errno));
886 close(to_cgi_fds[1]);
887 cgi_connection_close(srv, hctx);
888 return -1;
889 }
890
891 if (0 != cgi_write_request(srv, hctx, to_cgi_fds[1])) {
892 close(to_cgi_fds[1]);
893 cgi_connection_close(srv, hctx);
894 return -1;
895 }
896
897 ++srv->cur_fds;
898 }
899
900 fdevent_register(srv->ev, hctx->fd, cgi_handle_fdevent, hctx);
901 if (-1 == fdevent_fcntl_set_nb(srv->ev, hctx->fd)) {
902 log_error_write(srv, __FILE__, __LINE__, "ss", "fcntl failed: ", strerror(errno));
903 cgi_connection_close(srv, hctx);
904 return -1;
905 }
906 fdevent_event_set(srv->ev, &(hctx->fde_ndx), hctx->fd, FDEVENT_IN);
907
908 break;
909 }
910 }
911
912 return 0;
913 #else
914 return -1;
915 #endif
916 }
917
918 static buffer * cgi_get_handler(array *a, buffer *fn) {
919 size_t k, s_len = buffer_string_length(fn);
920 for (k = 0; k < a->used; ++k) {
921 data_string *ds = (data_string *)a->data[k];
922 size_t ct_len = buffer_string_length(ds->key);
923
924 if (buffer_is_empty(ds->key)) continue;
925 if (s_len < ct_len) continue;
926
927 if (0 == strncmp(fn->ptr + s_len - ct_len, ds->key->ptr, ct_len)) {
928 return ds->value;
929 }
930 }
931
932 return NULL;
933 }
934
935 #define PATCH(x) \
936 p->conf.x = s->x;
937 static int mod_cgi_patch_connection(server *srv, connection *con, plugin_data *p) {
938 size_t i, j;
939 plugin_config *s = p->config_storage[0];
940
941 PATCH(cgi);
942 PATCH(execute_x_only);
943 PATCH(local_redir);
944 PATCH(xsendfile_allow);
945 PATCH(xsendfile_docroot);
946
947 /* skip the first, the global context */
948 for (i = 1; i < srv->config_context->used; i++) {
949 data_config *dc = (data_config *)srv->config_context->data[i];
950 s = p->config_storage[i];
951
952 /* condition didn't match */
953 if (!config_check_cond(srv, con, dc)) continue;
954
955 /* merge config */
956 for (j = 0; j < dc->value->used; j++) {
957 data_unset *du = dc->value->data[j];
958
959 if (buffer_is_equal_string(du->key, CONST_STR_LEN("cgi.assign"))) {
960 PATCH(cgi);
961 } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("cgi.execute-x-only"))) {
962 PATCH(execute_x_only);
963 } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("cgi.local-redir"))) {
964 PATCH(local_redir);
965 } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("cgi.x-sendfile"))) {
966 PATCH(xsendfile_allow);
967 } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("cgi.x-sendfile-docroot"))) {
968 PATCH(xsendfile_docroot);
969 }
970 }
971 }
972
973 return 0;
974 }
975 #undef PATCH
976
977 URIHANDLER_FUNC(cgi_is_handled) {
978 plugin_data *p = p_d;
979 buffer *fn = con->physical.path;
980 stat_cache_entry *sce = NULL;
981 struct stat stbuf;
982 struct stat *st;
983 buffer *cgi_handler;
984
985 if (con->mode != DIRECT) return HANDLER_GO_ON;
986
987 if (buffer_is_empty(fn)) return HANDLER_GO_ON;
988
989 mod_cgi_patch_connection(srv, con, p);
990
991 if (HANDLER_ERROR != stat_cache_get_entry(srv, con, con->physical.path, &sce)) {
992 st = &sce->st;
993 } else {
994 /* CGI might be executable even if it is not readable
995 * (stat_cache_get_entry() currently checks file is readable)*/
996 if (0 != stat(con->physical.path->ptr, &stbuf)) return HANDLER_GO_ON;
997 st = &stbuf;
998 }
999
1000 if (!S_ISREG(st->st_mode)) return HANDLER_GO_ON;
1001 if (p->conf.execute_x_only == 1 && (st->st_mode & (S_IXUSR | S_IXGRP | S_IXOTH)) == 0) return HANDLER_GO_ON;
1002
1003 if (NULL != (cgi_handler = cgi_get_handler(p->conf.cgi, fn))) {
1004 handler_ctx *hctx = cgi_handler_ctx_init();
1005 hctx->remote_conn = con;
1006 hctx->plugin_data = p;
1007 hctx->cgi_handler = cgi_handler;
1008 memcpy(&hctx->conf, &p->conf, sizeof(plugin_config));
1009 hctx->opts.fdfmt = S_IFIFO;
1010 hctx->opts.backend = BACKEND_CGI;
1011 hctx->opts.authorizer = 0;
1012 hctx->opts.local_redir = hctx->conf.local_redir;
1013 hctx->opts.xsendfile_allow = hctx->conf.xsendfile_allow;
1014 hctx->opts.xsendfile_docroot = hctx->conf.xsendfile_docroot;
1015 con->plugin_ctx[p->id] = hctx;
1016 con->mode = p->id;
1017 }
1018
1019 return HANDLER_GO_ON;
1020 }
1021
1022 TRIGGER_FUNC(cgi_trigger) {
1023 plugin_data *p = p_d;
1024 size_t ndx;
1025 /* the trigger handle only cares about lonely PID which we have to wait for */
1026 #ifndef __WIN32
1027
1028 for (ndx = 0; ndx < p->cgi_pid.used; ndx++) {
1029 int status;
1030
1031 switch(waitpid(p->cgi_pid.ptr[ndx], &status, WNOHANG)) {
1032 case 0:
1033 /* not finished yet */
1034 #if 0
1035 log_error_write(srv, __FILE__, __LINE__, "sd", "(debug) child isn't done yet, pid:", p->cgi_pid.ptr[ndx]);
1036 #endif
1037 break;
1038 case -1:
1039 if (errno == ECHILD) {
1040 /* someone else called waitpid... remove the pid to stop looping the error each time */
1041 log_error_write(srv, __FILE__, __LINE__, "s", "cgi child vanished, probably someone else called waitpid");
1042
1043 cgi_pid_del(srv, p, p->cgi_pid.ptr[ndx]);
1044 ndx--;
1045 continue;
1046 }
1047
1048 log_error_write(srv, __FILE__, __LINE__, "ss", "waitpid failed: ", strerror(errno));
1049
1050 return HANDLER_ERROR;
1051 default:
1052
1053 if (WIFEXITED(status)) {
1054 #if 0
1055 log_error_write(srv, __FILE__, __LINE__, "sd", "(debug) cgi exited fine, pid:", p->cgi_pid.ptr[ndx]);
1056 #endif
1057 } else if (WIFSIGNALED(status)) {
1058 /* FIXME: what if we killed the CGI script with a kill(..., SIGTERM) ?
1059 */
1060 if (WTERMSIG(status) != SIGTERM) {
1061 log_error_write(srv, __FILE__, __LINE__, "sd", "cleaning up CGI: process died with signal", WTERMSIG(status));
1062 }
1063 } else {
1064 log_error_write(srv, __FILE__, __LINE__, "s", "cleaning up CGI: ended unexpectedly");
1065 }
1066
1067 cgi_pid_del(srv, p, p->cgi_pid.ptr[ndx]);
1068 /* del modified the buffer structure
1069 * and copies the last entry to the current one
1070 * -> recheck the current index
1071 */
1072 ndx--;
1073 }
1074 }
1075 #endif
1076 return HANDLER_GO_ON;
1077 }
1078
1079 /*
1080 * - HANDLER_GO_ON : not our job
1081 * - HANDLER_FINISHED: got response
1082 * - HANDLER_WAIT_FOR_EVENT: waiting for response
1083 */
1084 SUBREQUEST_FUNC(mod_cgi_handle_subrequest) {
1085 plugin_data *p = p_d;
1086 handler_ctx *hctx = con->plugin_ctx[p->id];
1087 chunkqueue *cq = con->request_content_queue;
1088
1089 if (con->mode != p->id) return HANDLER_GO_ON;
1090 if (NULL == hctx) return HANDLER_GO_ON;
1091
1092 if ((con->conf.stream_response_body & FDEVENT_STREAM_RESPONSE_BUFMIN)
1093 && con->file_started) {
1094 if (chunkqueue_length(con->write_queue) > 65536 - 4096) {
1095 fdevent_event_clr(srv->ev, &(hctx->fde_ndx), hctx->fd, FDEVENT_IN);
1096 } else if (!(fdevent_event_get_interest(srv->ev, hctx->fd) & FDEVENT_IN)) {
1097 /* optimistic read from backend */
1098 handler_t rc = cgi_recv_response(srv, hctx); /*(might invalidate hctx)*/
1099 if (rc != HANDLER_GO_ON) return rc; /*(unless HANDLER_GO_ON)*/
1100 fdevent_event_add(srv->ev, &(hctx->fde_ndx), hctx->fd, FDEVENT_IN);
1101 }
1102 }
1103
1104 if (cq->bytes_in != (off_t)con->request.content_length) {
1105 /*(64k - 4k to attempt to avoid temporary files
1106 * in conjunction with FDEVENT_STREAM_REQUEST_BUFMIN)*/
1107 if (cq->bytes_in - cq->bytes_out > 65536 - 4096
1108 && (con->conf.stream_request_body & FDEVENT_STREAM_REQUEST_BUFMIN)){
1109 con->conf.stream_request_body &= ~FDEVENT_STREAM_REQUEST_POLLIN;
1110 if (-1 != hctx->fd) return HANDLER_WAIT_FOR_EVENT;
1111 } else {
1112 handler_t r = connection_handle_read_post_state(srv, con);
1113 if (!chunkqueue_is_empty(cq)) {
1114 if (fdevent_event_get_interest(srv->ev, hctx->fdtocgi) & FDEVENT_OUT) {
1115 return (r == HANDLER_GO_ON) ? HANDLER_WAIT_FOR_EVENT : r;
1116 }
1117 }
1118 if (r != HANDLER_GO_ON) return r;
1119
1120 /* CGI environment requires that Content-Length be set.
1121 * Send 411 Length Required if Content-Length missing.
1122 * (occurs here if client sends Transfer-Encoding: chunked
1123 * and module is flagged to stream request body to backend) */
1124 if (-1 == con->request.content_length) {
1125 return connection_handle_read_post_error(srv, con, 411);
1126 }
1127 }
1128 }
1129
1130 if (-1 == hctx->fd) {
1131 if (cgi_create_env(srv, con, p, hctx, hctx->cgi_handler)) {
1132 con->http_status = 500;
1133 con->mode = DIRECT;
1134
1135 return HANDLER_FINISHED;
1136 }
1137 #if 0
1138 log_error_write(srv, __FILE__, __LINE__, "sdd", "subrequest, pid =", hctx, hctx->pid);
1139 #endif
1140 } else if (!chunkqueue_is_empty(con->request_content_queue)) {
1141 if (0 != cgi_write_request(srv, hctx, hctx->fdtocgi)) {
1142 cgi_connection_close(srv, hctx);
1143 return HANDLER_ERROR;
1144 }
1145 }
1146
1147 /* if not done, wait for CGI to close stdout, so we read EOF on pipe */
1148 return HANDLER_WAIT_FOR_EVENT;
1149 }
1150
1151
1152 int mod_cgi_plugin_init(plugin *p);
1153 int mod_cgi_plugin_init(plugin *p) {
1154 p->version = LIGHTTPD_VERSION_ID;
1155 p->name = buffer_init_string("cgi");
1156
1157 p->connection_reset = cgi_connection_close_callback;
1158 p->handle_subrequest_start = cgi_is_handled;
1159 p->handle_subrequest = mod_cgi_handle_subrequest;
1160 p->handle_trigger = cgi_trigger;
1161 p->init = mod_cgi_init;
1162 p->cleanup = mod_cgi_free;
1163 p->set_defaults = mod_fastcgi_set_defaults;
1164
1165 p->data = NULL;
1166
1167 return 0;
1168 }
A fast webserver with minimal memory-footprint (lighttpd)