[build] build network_*.c into lighttpd executable
[lighttpd.git] / src / http-header-glue.c
blobbeee2bfb68b46372303438c90d4df0ee032d3809
1 #include "first.h"
3 #include "base.h"
4 #include "array.h"
5 #include "buffer.h"
6 #include "log.h"
7 #include "etag.h"
8 #include "http_chunk.h"
9 #include "response.h"
10 #include "stat_cache.h"
12 #include <string.h>
13 #include <errno.h>
15 #include <time.h>
18 * This was 'borrowed' from tcpdump.
21 * This is fun.
23 * In older BSD systems, socket addresses were fixed-length, and
24 * "sizeof (struct sockaddr)" gave the size of the structure.
25 * All addresses fit within a "struct sockaddr".
27 * In newer BSD systems, the socket address is variable-length, and
28 * there's an "sa_len" field giving the length of the structure;
29 * this allows socket addresses to be longer than 2 bytes of family
30 * and 14 bytes of data.
32 * Some commercial UNIXes use the old BSD scheme, some use the RFC 2553
33 * variant of the old BSD scheme (with "struct sockaddr_storage" rather
34 * than "struct sockaddr"), and some use the new BSD scheme.
36 * Some versions of GNU libc use neither scheme, but has an "SA_LEN()"
37 * macro that determines the size based on the address family. Other
38 * versions don't have "SA_LEN()" (as it was in drafts of RFC 2553
39 * but not in the final version). On the latter systems, we explicitly
40 * check the AF_ type to determine the length; we assume that on
41 * all those systems we have "struct sockaddr_storage".
44 #ifdef HAVE_IPV6
45 # ifndef SA_LEN
46 # ifdef HAVE_SOCKADDR_SA_LEN
47 # define SA_LEN(addr) ((addr)->sa_len)
48 # else /* HAVE_SOCKADDR_SA_LEN */
49 # ifdef HAVE_STRUCT_SOCKADDR_STORAGE
50 static size_t get_sa_len(const struct sockaddr *addr) {
51 switch (addr->sa_family) {
53 # ifdef AF_INET
54 case AF_INET:
55 return (sizeof (struct sockaddr_in));
56 # endif
58 # ifdef AF_INET6
59 case AF_INET6:
60 return (sizeof (struct sockaddr_in6));
61 # endif
63 default:
64 return (sizeof (struct sockaddr));
68 # define SA_LEN(addr) (get_sa_len(addr))
69 # else /* HAVE_SOCKADDR_STORAGE */
70 # define SA_LEN(addr) (sizeof (struct sockaddr))
71 # endif /* HAVE_SOCKADDR_STORAGE */
72 # endif /* HAVE_SOCKADDR_SA_LEN */
73 # endif /* SA_LEN */
74 #endif
79 int response_header_insert(server *srv, connection *con, const char *key, size_t keylen, const char *value, size_t vallen) {
80 data_string *ds;
82 UNUSED(srv);
84 if (NULL == (ds = (data_string *)array_get_unused_element(con->response.headers, TYPE_STRING))) {
85 ds = data_response_init();
87 buffer_copy_string_len(ds->key, key, keylen);
88 buffer_copy_string_len(ds->value, value, vallen);
90 array_insert_unique(con->response.headers, (data_unset *)ds);
92 return 0;
95 int response_header_overwrite(server *srv, connection *con, const char *key, size_t keylen, const char *value, size_t vallen) {
96 data_string *ds;
98 UNUSED(srv);
100 /* if there already is a key by this name overwrite the value */
101 if (NULL != (ds = (data_string *)array_get_element(con->response.headers, key))) {
102 buffer_copy_string(ds->value, value);
104 return 0;
107 return response_header_insert(srv, con, key, keylen, value, vallen);
110 int response_header_append(server *srv, connection *con, const char *key, size_t keylen, const char *value, size_t vallen) {
111 data_string *ds;
113 UNUSED(srv);
115 /* if there already is a key by this name append the value */
116 if (NULL != (ds = (data_string *)array_get_element(con->response.headers, key))) {
117 buffer_append_string_len(ds->value, CONST_STR_LEN(", "));
118 buffer_append_string_len(ds->value, value, vallen);
119 return 0;
122 return response_header_insert(srv, con, key, keylen, value, vallen);
125 int http_response_redirect_to_directory(server *srv, connection *con) {
126 buffer *o;
128 o = buffer_init();
130 buffer_copy_buffer(o, con->uri.scheme);
131 buffer_append_string_len(o, CONST_STR_LEN("://"));
132 if (!buffer_is_empty(con->uri.authority)) {
133 buffer_append_string_buffer(o, con->uri.authority);
134 } else {
135 /* get the name of the currently connected socket */
136 struct hostent *he;
137 #ifdef HAVE_IPV6
138 char hbuf[256];
139 #endif
140 sock_addr our_addr;
141 socklen_t our_addr_len;
143 our_addr_len = sizeof(our_addr);
145 if (-1 == getsockname(con->fd, (struct sockaddr *)&our_addr, &our_addr_len)
146 || our_addr_len > (socklen_t)sizeof(our_addr)) {
147 con->http_status = 500;
149 log_error_write(srv, __FILE__, __LINE__, "ss",
150 "can't get sockname", strerror(errno));
152 buffer_free(o);
153 return 0;
157 /* Lookup name: secondly try to get hostname for bind address */
158 switch(our_addr.plain.sa_family) {
159 #ifdef HAVE_IPV6
160 case AF_INET6:
161 if (0 != getnameinfo((const struct sockaddr *)(&our_addr.ipv6),
162 SA_LEN((const struct sockaddr *)&our_addr.ipv6),
163 hbuf, sizeof(hbuf), NULL, 0, 0)) {
165 char dst[INET6_ADDRSTRLEN];
167 log_error_write(srv, __FILE__, __LINE__,
168 "SSS", "NOTICE: getnameinfo failed: ",
169 strerror(errno), ", using ip-address instead");
171 buffer_append_string_len(o, CONST_STR_LEN("["));
172 buffer_append_string(o,
173 inet_ntop(AF_INET6, (char *)&our_addr.ipv6.sin6_addr,
174 dst, sizeof(dst)));
175 buffer_append_string_len(o, CONST_STR_LEN("]"));
176 } else {
177 buffer_append_string(o, hbuf);
179 break;
180 #endif
181 case AF_INET:
182 if (NULL == (he = gethostbyaddr((char *)&our_addr.ipv4.sin_addr, sizeof(struct in_addr), AF_INET))) {
183 log_error_write(srv, __FILE__, __LINE__,
184 "SdS", "NOTICE: gethostbyaddr failed: ",
185 h_errno, ", using ip-address instead");
187 buffer_append_string(o, inet_ntoa(our_addr.ipv4.sin_addr));
188 } else {
189 buffer_append_string(o, he->h_name);
191 break;
192 default:
193 log_error_write(srv, __FILE__, __LINE__,
194 "S", "ERROR: unsupported address-type");
196 buffer_free(o);
197 return -1;
201 unsigned short default_port = 80;
202 if (buffer_is_equal_caseless_string(con->uri.scheme, CONST_STR_LEN("https"))) {
203 default_port = 443;
205 if (default_port != srv->srvconf.port) {
206 buffer_append_string_len(o, CONST_STR_LEN(":"));
207 buffer_append_int(o, srv->srvconf.port);
211 buffer_append_string_encoded(o, CONST_BUF_LEN(con->uri.path), ENCODING_REL_URI);
212 buffer_append_string_len(o, CONST_STR_LEN("/"));
213 if (!buffer_string_is_empty(con->uri.query)) {
214 buffer_append_string_len(o, CONST_STR_LEN("?"));
215 buffer_append_string_buffer(o, con->uri.query);
218 response_header_insert(srv, con, CONST_STR_LEN("Location"), CONST_BUF_LEN(o));
220 con->http_status = 301;
221 con->file_finished = 1;
223 buffer_free(o);
225 return 0;
228 buffer * strftime_cache_get(server *srv, time_t last_mod) {
229 struct tm *tm;
230 size_t i;
232 for (i = 0; i < FILE_CACHE_MAX; i++) {
233 /* found cache-entry */
234 if (srv->mtime_cache[i].mtime == last_mod) return srv->mtime_cache[i].str;
236 /* found empty slot */
237 if (srv->mtime_cache[i].mtime == 0) break;
240 if (i == FILE_CACHE_MAX) {
241 i = 0;
244 srv->mtime_cache[i].mtime = last_mod;
245 buffer_string_prepare_copy(srv->mtime_cache[i].str, 1023);
246 tm = gmtime(&(srv->mtime_cache[i].mtime));
247 buffer_append_strftime(srv->mtime_cache[i].str, "%a, %d %b %Y %H:%M:%S GMT", tm);
249 return srv->mtime_cache[i].str;
253 int http_response_handle_cachable(server *srv, connection *con, buffer *mtime) {
254 int head_or_get =
255 ( HTTP_METHOD_GET == con->request.http_method
256 || HTTP_METHOD_HEAD == con->request.http_method);
257 UNUSED(srv);
260 * 14.26 If-None-Match
261 * [...]
262 * If none of the entity tags match, then the server MAY perform the
263 * requested method as if the If-None-Match header field did not exist,
264 * but MUST also ignore any If-Modified-Since header field(s) in the
265 * request. That is, if no entity tags match, then the server MUST NOT
266 * return a 304 (Not Modified) response.
269 if (con->request.http_if_none_match) {
270 /* use strong etag checking for now: weak comparison must not be used
271 * for ranged requests
273 if (etag_is_equal(con->physical.etag, con->request.http_if_none_match, 0)) {
274 if (head_or_get) {
275 con->http_status = 304;
276 return HANDLER_FINISHED;
277 } else {
278 con->http_status = 412;
279 con->mode = DIRECT;
280 return HANDLER_FINISHED;
283 } else if (con->request.http_if_modified_since && head_or_get) {
284 /* last-modified handling */
285 size_t used_len;
286 char *semicolon;
288 if (NULL == (semicolon = strchr(con->request.http_if_modified_since, ';'))) {
289 used_len = strlen(con->request.http_if_modified_since);
290 } else {
291 used_len = semicolon - con->request.http_if_modified_since;
294 if (0 == strncmp(con->request.http_if_modified_since, mtime->ptr, used_len)) {
295 if ('\0' == mtime->ptr[used_len]) con->http_status = 304;
296 return HANDLER_FINISHED;
297 } else {
298 char buf[sizeof("Sat, 23 Jul 2005 21:20:01 GMT")];
299 time_t t_header, t_file;
300 struct tm tm;
302 /* convert to timestamp */
303 if (used_len >= sizeof(buf)) return HANDLER_GO_ON;
305 strncpy(buf, con->request.http_if_modified_since, used_len);
306 buf[used_len] = '\0';
308 if (NULL == strptime(buf, "%a, %d %b %Y %H:%M:%S GMT", &tm)) {
310 * parsing failed, let's get out of here
312 return HANDLER_GO_ON;
314 tm.tm_isdst = 0;
315 t_header = mktime(&tm);
317 strptime(mtime->ptr, "%a, %d %b %Y %H:%M:%S GMT", &tm);
318 tm.tm_isdst = 0;
319 t_file = mktime(&tm);
321 if (t_file > t_header) return HANDLER_GO_ON;
323 con->http_status = 304;
324 return HANDLER_FINISHED;
328 return HANDLER_GO_ON;
332 static int http_response_parse_range(server *srv, connection *con, buffer *path, stat_cache_entry *sce) {
333 int multipart = 0;
334 int error;
335 off_t start, end;
336 const char *s, *minus;
337 char *boundary = "fkj49sn38dcn3";
338 data_string *ds;
339 buffer *content_type = NULL;
341 start = 0;
342 end = sce->st.st_size - 1;
344 con->response.content_length = 0;
346 if (NULL != (ds = (data_string *)array_get_element(con->response.headers, "Content-Type"))) {
347 content_type = ds->value;
350 for (s = con->request.http_range, error = 0;
351 !error && *s && NULL != (minus = strchr(s, '-')); ) {
352 char *err;
353 off_t la, le;
355 if (s == minus) {
356 /* -<stop> */
358 le = strtoll(s, &err, 10);
360 if (le == 0) {
361 /* RFC 2616 - 14.35.1 */
363 con->http_status = 416;
364 error = 1;
365 } else if (*err == '\0') {
366 /* end */
367 s = err;
369 end = sce->st.st_size - 1;
370 start = sce->st.st_size + le;
371 } else if (*err == ',') {
372 multipart = 1;
373 s = err + 1;
375 end = sce->st.st_size - 1;
376 start = sce->st.st_size + le;
377 } else {
378 error = 1;
381 } else if (*(minus+1) == '\0' || *(minus+1) == ',') {
382 /* <start>- */
384 la = strtoll(s, &err, 10);
386 if (err == minus) {
387 /* ok */
389 if (*(err + 1) == '\0') {
390 s = err + 1;
392 end = sce->st.st_size - 1;
393 start = la;
395 } else if (*(err + 1) == ',') {
396 multipart = 1;
397 s = err + 2;
399 end = sce->st.st_size - 1;
400 start = la;
401 } else {
402 error = 1;
404 } else {
405 /* error */
406 error = 1;
408 } else {
409 /* <start>-<stop> */
411 la = strtoll(s, &err, 10);
413 if (err == minus) {
414 le = strtoll(minus+1, &err, 10);
416 /* RFC 2616 - 14.35.1 */
417 if (la > le) {
418 error = 1;
421 if (*err == '\0') {
422 /* ok, end*/
423 s = err;
425 end = le;
426 start = la;
427 } else if (*err == ',') {
428 multipart = 1;
429 s = err + 1;
431 end = le;
432 start = la;
433 } else {
434 /* error */
436 error = 1;
438 } else {
439 /* error */
441 error = 1;
445 if (!error) {
446 if (start < 0) start = 0;
448 /* RFC 2616 - 14.35.1 */
449 if (end > sce->st.st_size - 1) end = sce->st.st_size - 1;
451 if (start > sce->st.st_size - 1) {
452 error = 1;
454 con->http_status = 416;
458 if (!error) {
459 if (multipart) {
460 /* write boundary-header */
461 buffer *b = buffer_init();
463 buffer_copy_string_len(b, CONST_STR_LEN("\r\n--"));
464 buffer_append_string(b, boundary);
466 /* write Content-Range */
467 buffer_append_string_len(b, CONST_STR_LEN("\r\nContent-Range: bytes "));
468 buffer_append_int(b, start);
469 buffer_append_string_len(b, CONST_STR_LEN("-"));
470 buffer_append_int(b, end);
471 buffer_append_string_len(b, CONST_STR_LEN("/"));
472 buffer_append_int(b, sce->st.st_size);
474 buffer_append_string_len(b, CONST_STR_LEN("\r\nContent-Type: "));
475 buffer_append_string_buffer(b, content_type);
477 /* write END-OF-HEADER */
478 buffer_append_string_len(b, CONST_STR_LEN("\r\n\r\n"));
480 con->response.content_length += buffer_string_length(b);
481 chunkqueue_append_buffer(con->write_queue, b);
482 buffer_free(b);
485 chunkqueue_append_file(con->write_queue, path, start, end - start + 1);
486 con->response.content_length += end - start + 1;
490 /* something went wrong */
491 if (error) return -1;
493 if (multipart) {
494 /* add boundary end */
495 buffer *b = buffer_init();
497 buffer_copy_string_len(b, "\r\n--", 4);
498 buffer_append_string(b, boundary);
499 buffer_append_string_len(b, "--\r\n", 4);
501 con->response.content_length += buffer_string_length(b);
502 chunkqueue_append_buffer(con->write_queue, b);
503 buffer_free(b);
505 /* set header-fields */
507 buffer_copy_string_len(srv->tmp_buf, CONST_STR_LEN("multipart/byteranges; boundary="));
508 buffer_append_string(srv->tmp_buf, boundary);
510 /* overwrite content-type */
511 response_header_overwrite(srv, con, CONST_STR_LEN("Content-Type"), CONST_BUF_LEN(srv->tmp_buf));
512 } else {
513 /* add Content-Range-header */
515 buffer_copy_string_len(srv->tmp_buf, CONST_STR_LEN("bytes "));
516 buffer_append_int(srv->tmp_buf, start);
517 buffer_append_string_len(srv->tmp_buf, CONST_STR_LEN("-"));
518 buffer_append_int(srv->tmp_buf, end);
519 buffer_append_string_len(srv->tmp_buf, CONST_STR_LEN("/"));
520 buffer_append_int(srv->tmp_buf, sce->st.st_size);
522 response_header_insert(srv, con, CONST_STR_LEN("Content-Range"), CONST_BUF_LEN(srv->tmp_buf));
525 /* ok, the file is set-up */
526 return 0;
530 void http_response_send_file (server *srv, connection *con, buffer *path) {
531 stat_cache_entry *sce = NULL;
532 buffer *mtime = NULL;
533 data_string *ds;
534 int allow_caching = (0 == con->http_status || 200 == con->http_status);
536 if (HANDLER_ERROR == stat_cache_get_entry(srv, con, path, &sce)) {
537 con->http_status = (errno == ENOENT) ? 404 : 403;
539 log_error_write(srv, __FILE__, __LINE__, "sbsb",
540 "not a regular file:", con->uri.path,
541 "->", path);
543 return;
546 /* we only handline regular files */
547 #ifdef HAVE_LSTAT
548 if ((sce->is_symlink == 1) && !con->conf.follow_symlink) {
549 con->http_status = 403;
551 if (con->conf.log_request_handling) {
552 log_error_write(srv, __FILE__, __LINE__, "s", "-- access denied due symlink restriction");
553 log_error_write(srv, __FILE__, __LINE__, "sb", "Path :", path);
556 return;
558 #endif
559 if (!S_ISREG(sce->st.st_mode)) {
560 con->http_status = 403;
562 if (con->conf.log_file_not_found) {
563 log_error_write(srv, __FILE__, __LINE__, "sbsb",
564 "not a regular file:", con->uri.path,
565 "->", sce->name);
568 return;
571 /* mod_compress might set several data directly, don't overwrite them */
573 /* set response content-type, if not set already */
575 if (NULL == array_get_element(con->response.headers, "Content-Type")) {
576 if (buffer_string_is_empty(sce->content_type)) {
577 /* we are setting application/octet-stream, but also announce that
578 * this header field might change in the seconds few requests
580 * This should fix the aggressive caching of FF and the script download
581 * seen by the first installations
583 response_header_overwrite(srv, con, CONST_STR_LEN("Content-Type"), CONST_STR_LEN("application/octet-stream"));
585 allow_caching = 0;
586 } else {
587 response_header_overwrite(srv, con, CONST_STR_LEN("Content-Type"), CONST_BUF_LEN(sce->content_type));
591 if (con->conf.range_requests) {
592 response_header_overwrite(srv, con, CONST_STR_LEN("Accept-Ranges"), CONST_STR_LEN("bytes"));
595 if (allow_caching) {
596 if (con->etag_flags != 0 && !buffer_string_is_empty(sce->etag)) {
597 if (NULL == array_get_element(con->response.headers, "ETag")) {
598 /* generate e-tag */
599 etag_mutate(con->physical.etag, sce->etag);
601 response_header_overwrite(srv, con, CONST_STR_LEN("ETag"), CONST_BUF_LEN(con->physical.etag));
605 /* prepare header */
606 if (NULL == (ds = (data_string *)array_get_element(con->response.headers, "Last-Modified"))) {
607 mtime = strftime_cache_get(srv, sce->st.st_mtime);
608 response_header_overwrite(srv, con, CONST_STR_LEN("Last-Modified"), CONST_BUF_LEN(mtime));
609 } else {
610 mtime = ds->value;
613 if (HANDLER_FINISHED == http_response_handle_cachable(srv, con, mtime)) {
614 return;
618 if (con->request.http_range && con->conf.range_requests
619 && (200 == con->http_status || 0 == con->http_status)
620 && NULL == array_get_element(con->response.headers, "Content-Encoding")) {
621 int do_range_request = 1;
622 /* check if we have a conditional GET */
624 if (NULL != (ds = (data_string *)array_get_element(con->request.headers, "If-Range"))) {
625 /* if the value is the same as our ETag, we do a Range-request,
626 * otherwise a full 200 */
628 if (ds->value->ptr[0] == '"') {
630 * client wants a ETag
632 if (!con->physical.etag) {
633 do_range_request = 0;
634 } else if (!buffer_is_equal(ds->value, con->physical.etag)) {
635 do_range_request = 0;
637 } else if (!mtime) {
639 * we don't have a Last-Modified and can match the If-Range:
641 * sending all
643 do_range_request = 0;
644 } else if (!buffer_is_equal(ds->value, mtime)) {
645 do_range_request = 0;
649 if (do_range_request) {
650 /* content prepared, I'm done */
651 con->file_finished = 1;
653 if (0 == http_response_parse_range(srv, con, path, sce)) {
654 con->http_status = 206;
656 return;
660 /* if we are still here, prepare body */
662 /* we add it here for all requests
663 * the HEAD request will drop it afterwards again
665 if (0 == sce->st.st_size || 0 == http_chunk_append_file(srv, con, path)) {
666 con->http_status = 200;
667 con->file_finished = 1;
668 } else {
669 con->http_status = 403;
673 void http_response_xsendfile (server *srv, connection *con, buffer *path, const array *xdocroot) {
674 const int status = con->http_status;
675 int valid = 1;
677 con->file_started = 1;
679 /* reset Content-Length, if set by backend
680 * Content-Length might later be set to size of X-Sendfile static file,
681 * determined by open(), fstat() to reduces race conditions if the file
682 * is modified between stat() (stat_cache_get_entry()) and open(). */
683 if (con->parsed_response & HTTP_CONTENT_LENGTH) {
684 data_string *ds = (data_string *) array_get_element(con->response.headers, "Content-Length");
685 if (ds) buffer_reset(ds->value);
686 con->parsed_response &= ~HTTP_CONTENT_LENGTH;
687 con->response.content_length = -1;
690 buffer_urldecode_path(path);
691 buffer_path_simplify(path, path);
692 if (con->conf.force_lowercase_filenames) {
693 buffer_to_lower(path);
696 /* check that path is under xdocroot(s)
697 * - xdocroot should have trailing slash appended at config time
698 * - con->conf.force_lowercase_filenames is not a server-wide setting,
699 * and so can not be definitively applied to xdocroot at config time*/
700 if (xdocroot->used) {
701 size_t i, xlen = buffer_string_length(path);
702 for (i = 0; i < xdocroot->used; ++i) {
703 data_string *ds = (data_string *)xdocroot->data[i];
704 size_t dlen = buffer_string_length(ds->value);
705 if (dlen <= xlen
706 && (!con->conf.force_lowercase_filenames
707 ? 0 == memcmp(path->ptr, ds->value->ptr, dlen)
708 : 0 == strncasecmp(path->ptr, ds->value->ptr, dlen))) {
709 break;
712 if (i == xdocroot->used) {
713 log_error_write(srv, __FILE__, __LINE__, "SBs",
714 "X-Sendfile (", path,
715 ") not under configured x-sendfile-docroot(s)");
716 con->http_status = 403;
717 valid = 0;
721 if (valid) http_response_send_file(srv, con, path);
723 if (con->http_status >= 400 && status < 300) {
724 con->mode = DIRECT;
725 } else if (0 != status && 200 != status) {
726 con->http_status = status;
730 void http_response_backend_error (server *srv, connection *con) {
731 UNUSED(srv);
732 if (con->file_started) {
733 /*(response might have been already started, kill the connection)*/
734 /*(mode == DIRECT to avoid later call to http_response_backend_done())*/
735 con->mode = DIRECT; /*(avoid sending final chunked block)*/
736 con->keep_alive = 0; /*(no keep-alive; final chunked block not sent)*/
737 con->file_finished = 1;
738 } /*(else error status set later by http_response_backend_done())*/
741 void http_response_backend_done (server *srv, connection *con) {
742 /* (not CON_STATE_ERROR and not CON_STATE_RESPONSE_END,
743 * i.e. not called from handle_connection_close or connection_reset
744 * hooks, except maybe from errdoc handler, which later resets state)*/
745 switch (con->state) {
746 case CON_STATE_HANDLE_REQUEST:
747 case CON_STATE_READ_POST:
748 if (!con->file_started) {
749 /* Send an error if we haven't sent any data yet */
750 con->http_status = 500;
751 con->mode = DIRECT;
752 break;
753 } /* else fall through */
754 case CON_STATE_WRITE:
755 if (!con->file_finished) {
756 http_chunk_close(srv, con);
757 con->file_finished = 1;
759 default:
760 break;
765 int http_cgi_headers (server *srv, connection *con, http_cgi_opts *opts, http_cgi_header_append_cb cb, void *vdata) {
767 /* CGI-SPEC 6.1.2, FastCGI spec 6.3 and SCGI spec */
769 int rc = 0;
770 unsigned short port;
771 server_socket *srv_sock = con->srv_socket;
772 const char *s;
773 size_t n;
774 char buf[LI_ITOSTRING_LENGTH];
775 #ifdef HAVE_IPV6
776 char b2[INET6_ADDRSTRLEN + 1];
777 #endif
778 sock_addr *addr;
779 sock_addr addrbuf;
781 /* (CONTENT_LENGTH must be first for SCGI) */
782 if (!opts->authorizer) {
783 li_itostrn(buf, sizeof(buf), con->request.content_length);
784 rc |= cb(vdata, CONST_STR_LEN("CONTENT_LENGTH"), buf, strlen(buf));
787 if (!buffer_string_is_empty(con->uri.query)) {
788 rc |= cb(vdata, CONST_STR_LEN("QUERY_STRING"),
789 CONST_BUF_LEN(con->uri.query));
790 } else {
791 rc |= cb(vdata, CONST_STR_LEN("QUERY_STRING"),
792 CONST_STR_LEN(""));
794 if (!buffer_string_is_empty(opts->strip_request_uri)) {
796 * /app1/index/list
798 * stripping /app1 or /app1/ should lead to
800 * /index/list
803 size_t len = buffer_string_length(opts->strip_request_uri);
804 if ('/' == opts->strip_request_uri->ptr[len-1]) {
805 --len;
808 if (buffer_string_length(con->request.orig_uri) >= len
809 && 0 == memcmp(con->request.orig_uri->ptr,
810 opts->strip_request_uri->ptr, len)
811 && con->request.orig_uri->ptr[len] == '/') {
812 rc |= cb(vdata, CONST_STR_LEN("REQUEST_URI"),
813 con->request.orig_uri->ptr+len,
814 buffer_string_length(con->request.orig_uri) - len);
815 } else {
816 rc |= cb(vdata, CONST_STR_LEN("REQUEST_URI"),
817 CONST_BUF_LEN(con->request.orig_uri));
819 } else {
820 rc |= cb(vdata, CONST_STR_LEN("REQUEST_URI"),
821 CONST_BUF_LEN(con->request.orig_uri));
823 if (!buffer_is_equal(con->request.uri, con->request.orig_uri)) {
824 rc |= cb(vdata, CONST_STR_LEN("REDIRECT_URI"),
825 CONST_BUF_LEN(con->request.uri));
827 /* set REDIRECT_STATUS for php compiled with --force-redirect
828 * (if REDIRECT_STATUS has not already been set by error handler) */
829 if (0 == con->error_handler_saved_status) {
830 rc |= cb(vdata, CONST_STR_LEN("REDIRECT_STATUS"),
831 CONST_STR_LEN("200"));
835 * SCRIPT_NAME, PATH_INFO and PATH_TRANSLATED according to
836 * http://cgi-spec.golux.com/draft-coar-cgi-v11-03-clean.html
837 * (6.1.14, 6.1.6, 6.1.7)
839 if (!opts->authorizer) {
840 rc |= cb(vdata, CONST_STR_LEN("SCRIPT_NAME"),
841 CONST_BUF_LEN(con->uri.path));
842 if (!buffer_string_is_empty(con->request.pathinfo)) {
843 rc |= cb(vdata, CONST_STR_LEN("PATH_INFO"),
844 CONST_BUF_LEN(con->request.pathinfo));
845 /* PATH_TRANSLATED is only defined if PATH_INFO is set */
846 if (!buffer_string_is_empty(opts->docroot)) {
847 buffer_copy_buffer(srv->tmp_buf, opts->docroot);
848 } else {
849 buffer_copy_buffer(srv->tmp_buf, con->physical.basedir);
851 buffer_append_string_buffer(srv->tmp_buf, con->request.pathinfo);
852 rc |= cb(vdata, CONST_STR_LEN("PATH_TRANSLATED"),
853 CONST_BUF_LEN(srv->tmp_buf));
858 * SCRIPT_FILENAME and DOCUMENT_ROOT for php
859 * The PHP manual http://www.php.net/manual/en/reserved.variables.php
860 * treatment of PATH_TRANSLATED is different from the one of CGI specs.
861 * (see php.ini cgi.fix_pathinfo = 1 config parameter)
864 if (!buffer_string_is_empty(opts->docroot)) {
865 /* alternate docroot, e.g. for remote FastCGI or SCGI server */
866 buffer_copy_buffer(srv->tmp_buf, opts->docroot);
867 buffer_append_string_buffer(srv->tmp_buf, con->uri.path);
868 rc |= cb(vdata, CONST_STR_LEN("SCRIPT_FILENAME"),
869 CONST_BUF_LEN(srv->tmp_buf));
870 rc |= cb(vdata, CONST_STR_LEN("DOCUMENT_ROOT"),
871 CONST_BUF_LEN(opts->docroot));
872 } else {
873 if (opts->break_scriptfilename_for_php) {
874 /* php.ini config cgi.fix_pathinfo = 1 need a broken SCRIPT_FILENAME
875 * to find out what PATH_INFO is itself
877 * see src/sapi/cgi_main.c, init_request_info()
879 buffer_copy_buffer(srv->tmp_buf, con->physical.path);
880 buffer_append_string_buffer(srv->tmp_buf, con->request.pathinfo);
881 rc |= cb(vdata, CONST_STR_LEN("SCRIPT_FILENAME"),
882 CONST_BUF_LEN(srv->tmp_buf));
883 } else {
884 rc |= cb(vdata, CONST_STR_LEN("SCRIPT_FILENAME"),
885 CONST_BUF_LEN(con->physical.path));
887 rc |= cb(vdata, CONST_STR_LEN("DOCUMENT_ROOT"),
888 CONST_BUF_LEN(con->physical.basedir));
891 s = get_http_method_name(con->request.http_method);
892 force_assert(s);
893 rc |= cb(vdata, CONST_STR_LEN("REQUEST_METHOD"), s, strlen(s));
895 s = get_http_version_name(con->request.http_version);
896 force_assert(s);
897 rc |= cb(vdata, CONST_STR_LEN("SERVER_PROTOCOL"), s, strlen(s));
899 rc |= cb(vdata, CONST_STR_LEN("SERVER_SOFTWARE"),
900 CONST_BUF_LEN(con->conf.server_tag));
902 rc |= cb(vdata, CONST_STR_LEN("GATEWAY_INTERFACE"),
903 CONST_STR_LEN("CGI/1.1"));
905 if (buffer_is_equal_caseless_string(con->uri.scheme,
906 CONST_STR_LEN("https"))) {
907 rc |= cb(vdata, CONST_STR_LEN("HTTPS"), CONST_STR_LEN("on"));
910 addr = &srv_sock->addr;
911 #ifdef HAVE_IPV6
912 port = addr->plain.sa_family == AF_INET6
913 ? addr->ipv6.sin6_port
914 : addr->ipv4.sin_port;
915 #else
916 port = addr->ipv4.sin_port;
917 #endif
918 li_utostrn(buf, sizeof(buf), ntohs(port));
919 rc |= cb(vdata, CONST_STR_LEN("SERVER_PORT"), buf, strlen(buf));
921 switch (addr->plain.sa_family) {
922 #ifdef HAVE_IPV6
923 case AF_INET6:
924 if (0 ==memcmp(&addr->ipv6.sin6_addr,&in6addr_any,sizeof(in6addr_any))){
925 socklen_t addrlen = sizeof(addrbuf);
926 if (0 == getsockname(con->fd,(struct sockaddr *)&addrbuf,&addrlen)){
927 addr = &addrbuf;
928 } else {
929 s = "";
930 break;
933 s = inet_ntop(AF_INET6, (const void *) &(addr->ipv6.sin6_addr),
934 b2, sizeof(b2)-1);
935 break;
936 #endif
937 case AF_INET:
938 if (srv_sock->addr.ipv4.sin_addr.s_addr == INADDR_ANY) {
939 socklen_t addrlen = sizeof(addrbuf);
940 if (0 == getsockname(con->fd,(struct sockaddr *)&addrbuf,&addrlen)){
941 addr = &addrbuf;
942 } else {
943 s = "";
944 break;
947 #ifdef HAVE_IPV6
948 s = inet_ntop(AF_INET, (const void *) &(addr->ipv4.sin_addr),
949 b2, sizeof(b2)-1);
950 #else
951 s = inet_ntoa(addr->ipv4.sin_addr);
952 #endif
953 break;
954 default:
955 s = "";
956 break;
958 force_assert(s);
959 rc |= cb(vdata, CONST_STR_LEN("SERVER_ADDR"), s, strlen(s));
961 if (!buffer_string_is_empty(con->server_name)) {
962 size_t len = buffer_string_length(con->server_name);
964 if (con->server_name->ptr[0] == '[') {
965 const char *colon = strstr(con->server_name->ptr, "]:");
966 if (colon) len = (colon + 1) - con->server_name->ptr;
967 } else {
968 const char *colon = strchr(con->server_name->ptr, ':');
969 if (colon) len = colon - con->server_name->ptr;
972 rc |= cb(vdata, CONST_STR_LEN("SERVER_NAME"),
973 con->server_name->ptr, len);
974 } else {
975 /* set to be same as SERVER_ADDR (above) */
976 rc |= cb(vdata, CONST_STR_LEN("SERVER_NAME"), s, strlen(s));
979 rc |= cb(vdata, CONST_STR_LEN("REMOTE_ADDR"),
980 CONST_BUF_LEN(con->dst_addr_buf));
982 #ifdef HAVE_IPV6
983 port = con->dst_addr.plain.sa_family == AF_INET6
984 ? con->dst_addr.ipv6.sin6_port
985 : con->dst_addr.ipv4.sin_port;
986 #else
987 port = con->dst_addr.ipv4.sin_port;
988 #endif
989 li_utostrn(buf, sizeof(buf), ntohs(port));
990 rc |= cb(vdata, CONST_STR_LEN("REMOTE_PORT"), buf, strlen(buf));
992 for (n = 0; n < con->request.headers->used; n++) {
993 data_string *ds = (data_string *)con->request.headers->data[n];
994 if (!buffer_is_empty(ds->value) && !buffer_is_empty(ds->key)) {
995 /* Security: Do not emit HTTP_PROXY in environment.
996 * Some executables use HTTP_PROXY to configure
997 * outgoing proxy. See also https://httpoxy.org/ */
998 if (buffer_is_equal_caseless_string(ds->key,
999 CONST_STR_LEN("Proxy"))) {
1000 continue;
1002 buffer_copy_string_encoded_cgi_varnames(srv->tmp_buf,
1003 CONST_BUF_LEN(ds->key), 1);
1004 rc |= cb(vdata, CONST_BUF_LEN(srv->tmp_buf),
1005 CONST_BUF_LEN(ds->value));
1009 #ifdef USE_OPENSSL
1010 if (con->ssl) http_cgi_ssl_env(srv, con);
1011 #endif
1013 for (n = 0; n < con->environment->used; n++) {
1014 data_string *ds = (data_string *)con->environment->data[n];
1015 if (!buffer_is_empty(ds->value) && !buffer_is_empty(ds->key)) {
1016 buffer_copy_string_encoded_cgi_varnames(srv->tmp_buf,
1017 CONST_BUF_LEN(ds->key), 0);
1018 rc |= cb(vdata, CONST_BUF_LEN(srv->tmp_buf),
1019 CONST_BUF_LEN(ds->value));
1023 return rc;
1027 #ifdef USE_OPENSSL
1028 void http_cgi_ssl_env(server *srv, connection *con) {
1029 const char *s;
1030 const SSL_CIPHER *cipher;
1031 UNUSED(srv);
1033 if (!con->ssl) return;
1035 s = SSL_get_version(con->ssl);
1036 array_set_key_value(con->environment,
1037 CONST_STR_LEN("SSL_PROTOCOL"),
1038 s, strlen(s));
1040 if ((cipher = SSL_get_current_cipher(con->ssl))) {
1041 int usekeysize, algkeysize;
1042 char buf[LI_ITOSTRING_LENGTH];
1043 s = SSL_CIPHER_get_name(cipher);
1044 array_set_key_value(con->environment,
1045 CONST_STR_LEN("SSL_CIPHER"),
1046 s, strlen(s));
1047 usekeysize = SSL_CIPHER_get_bits(cipher, &algkeysize);
1048 li_itostrn(buf, sizeof(buf), usekeysize);
1049 array_set_key_value(con->environment,
1050 CONST_STR_LEN("SSL_CIPHER_USEKEYSIZE"),
1051 buf, strlen(buf));
1052 li_itostrn(buf, sizeof(buf), algkeysize);
1053 array_set_key_value(con->environment,
1054 CONST_STR_LEN("SSL_CIPHER_ALGKEYSIZE"),
1055 buf, strlen(buf));
1058 #endif