search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
[config] server.bsd-accept-filter option
[lighttpd.git] / src / connections.c
blob82808d41c5da2d522199e05d61140813d6c9b570
1 #include "first.h"
2
3 #include "buffer.h"
4 #include "server.h"
5 #include "log.h"
6 #include "connections.h"
7 #include "fdevent.h"
8
9 #include "configfile.h"
10 #include "request.h"
11 #include "response.h"
12 #include "network.h"
13 #include "http_chunk.h"
14 #include "stat_cache.h"
15 #include "joblist.h"
16
17 #include "plugin.h"
18
19 #include "inet_ntop_cache.h"
20
21 #include <sys/stat.h>
22
23 #include <stdlib.h>
24 #include <stdio.h>
25 #include <unistd.h>
26 #include <errno.h>
27 #include <string.h>
28 #include <fcntl.h>
29 #include <assert.h>
30
31 #ifdef USE_OPENSSL
32 # include <openssl/ssl.h>
33 # include <openssl/err.h>
34 #endif
35
36 #ifdef HAVE_SYS_FILIO_H
37 # include <sys/filio.h>
38 #endif
39
40 #include "sys-socket.h"
41
42 typedef struct {
43 PLUGIN_DATA;
44 } plugin_data;
45
46 static connection *connections_get_new_connection(server *srv) {
47 connections *conns = srv->conns;
48 size_t i;
49
50 if (conns->size == 0) {
51 conns->size = 128;
52 conns->ptr = NULL;
53 conns->ptr = malloc(sizeof(*conns->ptr) * conns->size);
54 force_assert(NULL != conns->ptr);
55 for (i = 0; i < conns->size; i++) {
56 conns->ptr[i] = connection_init(srv);
57 }
58 } else if (conns->size == conns->used) {
59 conns->size += 128;
60 conns->ptr = realloc(conns->ptr, sizeof(*conns->ptr) * conns->size);
61 force_assert(NULL != conns->ptr);
62
63 for (i = conns->used; i < conns->size; i++) {
64 conns->ptr[i] = connection_init(srv);
65 }
66 }
67
68 connection_reset(srv, conns->ptr[conns->used]);
69 #if 0
70 fprintf(stderr, "%s.%d: add: ", __FILE__, __LINE__);
71 for (i = 0; i < conns->used + 1; i++) {
72 fprintf(stderr, "%d ", conns->ptr[i]->fd);
73 }
74 fprintf(stderr, "\n");
75 #endif
76
77 conns->ptr[conns->used]->ndx = conns->used;
78 return conns->ptr[conns->used++];
79 }
80
81 static int connection_del(server *srv, connection *con) {
82 size_t i;
83 connections *conns = srv->conns;
84 connection *temp;
85
86 if (con == NULL) return -1;
87
88 if (-1 == con->ndx) return -1;
89
90 buffer_reset(con->uri.authority);
91 buffer_reset(con->uri.path);
92 buffer_reset(con->uri.query);
93 buffer_reset(con->request.orig_uri);
94
95 i = con->ndx;
96
97 /* not last element */
98
99 if (i != conns->used - 1) {
100 temp = conns->ptr[i];
101 conns->ptr[i] = conns->ptr[conns->used - 1];
102 conns->ptr[conns->used - 1] = temp;
103
104 conns->ptr[i]->ndx = i;
105 conns->ptr[conns->used - 1]->ndx = -1;
106 }
107
108 conns->used--;
109
110 con->ndx = -1;
111 #if 0
112 fprintf(stderr, "%s.%d: del: (%d)", __FILE__, __LINE__, conns->used);
113 for (i = 0; i < conns->used; i++) {
114 fprintf(stderr, "%d ", conns->ptr[i]->fd);
115 }
116 fprintf(stderr, "\n");
117 #endif
118 return 0;
119 }
120
121 static int connection_close(server *srv, connection *con) {
122 #ifdef USE_OPENSSL
123 server_socket *srv_sock = con->srv_socket;
124 #endif
125
126 #ifdef USE_OPENSSL
127 if (srv_sock->is_ssl) {
128 if (con->ssl) SSL_free(con->ssl);
129 con->ssl = NULL;
130 }
131 #endif
132
133 fdevent_event_del(srv->ev, &(con->fde_ndx), con->fd);
134 fdevent_unregister(srv->ev, con->fd);
135 #ifdef __WIN32
136 if (closesocket(con->fd)) {
137 log_error_write(srv, __FILE__, __LINE__, "sds",
138 "(warning) close:", con->fd, strerror(errno));
139 }
140 #else
141 if (close(con->fd)) {
142 log_error_write(srv, __FILE__, __LINE__, "sds",
143 "(warning) close:", con->fd, strerror(errno));
144 }
145 #endif
146 con->fd = -1;
147
148 srv->cur_fds--;
149 #if 0
150 log_error_write(srv, __FILE__, __LINE__, "sd",
151 "closed()", con->fd);
152 #endif
153
154 connection_del(srv, con);
155 connection_set_state(srv, con, CON_STATE_CONNECT);
156
157 return 0;
158 }
159
160 static void connection_handle_errdoc_init(server *srv, connection *con) {
161 /* modules that produce headers required with error response should
162 * typically also produce an error document. Make an exception for
163 * mod_auth WWW-Authenticate response header. */
164 buffer *www_auth = NULL;
165 if (401 == con->http_status) {
166 data_string *ds = (data_string *)array_get_element(con->response.headers, "WWW-Authenticate");
167 if (NULL != ds) {
168 www_auth = buffer_init_buffer(ds->value);
169 }
170 }
171
172 buffer_reset(con->physical.path);
173 array_reset(con->response.headers);
174 chunkqueue_reset(con->write_queue);
175
176 if (NULL != www_auth) {
177 response_header_insert(srv, con, CONST_STR_LEN("WWW-Authenticate"), CONST_BUF_LEN(www_auth));
178 buffer_free(www_auth);
179 }
180 }
181
182 static int connection_handle_write_prepare(server *srv, connection *con) {
183 if (con->mode == DIRECT) {
184 /* static files */
185 switch(con->request.http_method) {
186 case HTTP_METHOD_GET:
187 case HTTP_METHOD_POST:
188 case HTTP_METHOD_HEAD:
189 break;
190 case HTTP_METHOD_OPTIONS:
191 /*
192 * 400 is coming from the request-parser BEFORE uri.path is set
193 * 403 is from the response handler when noone else catched it
194 *
195 * */
196 if ((!con->http_status || con->http_status == 200) && !buffer_string_is_empty(con->uri.path) &&
197 con->uri.path->ptr[0] != '*') {
198 response_header_insert(srv, con, CONST_STR_LEN("Allow"), CONST_STR_LEN("OPTIONS, GET, HEAD, POST"));
199
200 con->response.transfer_encoding &= ~HTTP_TRANSFER_ENCODING_CHUNKED;
201 con->parsed_response &= ~HTTP_CONTENT_LENGTH;
202
203 con->http_status = 200;
204 con->file_finished = 1;
205
206 chunkqueue_reset(con->write_queue);
207 }
208 break;
209 default:
210 if (0 == con->http_status) {
211 con->http_status = 501;
212 }
213 break;
214 }
215 }
216
217 if (con->http_status == 0) {
218 con->http_status = 403;
219 }
220
221 switch(con->http_status) {
222 case 204: /* class: header only */
223 case 205:
224 case 304:
225 /* disable chunked encoding again as we have no body */
226 con->response.transfer_encoding &= ~HTTP_TRANSFER_ENCODING_CHUNKED;
227 con->parsed_response &= ~HTTP_CONTENT_LENGTH;
228 chunkqueue_reset(con->write_queue);
229
230 con->file_finished = 1;
231 break;
232 default: /* class: header + body */
233 if (con->mode != DIRECT) break;
234
235 /* only custom body for 4xx and 5xx */
236 if (con->http_status < 400 || con->http_status >= 600) break;
237
238 con->file_finished = 0;
239
240 connection_handle_errdoc_init(srv, con);
241
242 /* try to send static errorfile */
243 if (!buffer_string_is_empty(con->conf.errorfile_prefix)) {
244 stat_cache_entry *sce = NULL;
245
246 buffer_copy_buffer(con->physical.path, con->conf.errorfile_prefix);
247 buffer_append_int(con->physical.path, con->http_status);
248 buffer_append_string_len(con->physical.path, CONST_STR_LEN(".html"));
249
250 if (0 == http_chunk_append_file(srv, con, con->physical.path)) {
251 con->file_finished = 1;
252 if (HANDLER_ERROR != stat_cache_get_entry(srv, con, con->physical.path, &sce)) {
253 response_header_overwrite(srv, con, CONST_STR_LEN("Content-Type"), CONST_BUF_LEN(sce->content_type));
254 }
255 }
256 }
257
258 if (!con->file_finished) {
259 buffer *b;
260
261 buffer_reset(con->physical.path);
262
263 con->file_finished = 1;
264 b = buffer_init();
265
266 /* build default error-page */
267 buffer_copy_string_len(b, CONST_STR_LEN(
268 "<?xml version=\"1.0\" encoding=\"iso-8859-1\"?>\n"
269 "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\"\n"
270 " \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\n"
271 "<html xmlns=\"http://www.w3.org/1999/xhtml\" xml:lang=\"en\" lang=\"en\">\n"
272 " <head>\n"
273 " <title>"));
274 buffer_append_int(b, con->http_status);
275 buffer_append_string_len(b, CONST_STR_LEN(" - "));
276 buffer_append_string(b, get_http_status_name(con->http_status));
277
278 buffer_append_string_len(b, CONST_STR_LEN(
279 "</title>\n"
280 " </head>\n"
281 " <body>\n"
282 " <h1>"));
283 buffer_append_int(b, con->http_status);
284 buffer_append_string_len(b, CONST_STR_LEN(" - "));
285 buffer_append_string(b, get_http_status_name(con->http_status));
286
287 buffer_append_string_len(b, CONST_STR_LEN("</h1>\n"
288 " </body>\n"
289 "</html>\n"
290 ));
291
292 http_chunk_append_buffer(srv, con, b);
293 buffer_free(b);
294 http_chunk_close(srv, con);
295
296 response_header_overwrite(srv, con, CONST_STR_LEN("Content-Type"), CONST_STR_LEN("text/html"));
297 }
298 break;
299 }
300
301 if (con->file_finished) {
302 /* we have all the content and chunked encoding is not used, set a content-length */
303
304 if ((!(con->parsed_response & HTTP_CONTENT_LENGTH)) &&
305 (con->response.transfer_encoding & HTTP_TRANSFER_ENCODING_CHUNKED) == 0) {
306 off_t qlen = chunkqueue_length(con->write_queue);
307
308 /**
309 * The Content-Length header only can be sent if we have content:
310 * - HEAD doesn't have a content-body (but have a content-length)
311 * - 1xx, 204 and 304 don't have a content-body (RFC 2616 Section 4.3)
312 *
313 * Otherwise generate a Content-Length header as chunked encoding is not
314 * available
315 */
316 if ((con->http_status >= 100 && con->http_status < 200) ||
317 con->http_status == 204 ||
318 con->http_status == 304) {
319 data_string *ds;
320 /* no Content-Body, no Content-Length */
321 if (NULL != (ds = (data_string*) array_get_element(con->response.headers, "Content-Length"))) {
322 buffer_reset(ds->value); /* Headers with empty values are ignored for output */
323 }
324 } else if (qlen > 0 || con->request.http_method != HTTP_METHOD_HEAD) {
325 /* qlen = 0 is important for Redirects (301, ...) as they MAY have
326 * a content. Browsers are waiting for a Content otherwise
327 */
328 buffer_copy_int(srv->tmp_buf, qlen);
329
330 response_header_overwrite(srv, con, CONST_STR_LEN("Content-Length"), CONST_BUF_LEN(srv->tmp_buf));
331 }
332 }
333 } else {
334 /**
335 * the file isn't finished yet, but we have all headers
336 *
337 * to get keep-alive we either need:
338 * - Content-Length: ... (HTTP/1.0 and HTTP/1.0) or
339 * - Transfer-Encoding: chunked (HTTP/1.1)
340 */
341
342 if (((con->parsed_response & HTTP_CONTENT_LENGTH) == 0) &&
343 ((con->response.transfer_encoding & HTTP_TRANSFER_ENCODING_CHUNKED) == 0)) {
344 con->keep_alive = 0;
345 }
346
347 /**
348 * if the backend sent a Connection: close, follow the wish
349 *
350 * NOTE: if the backend sent Connection: Keep-Alive, but no Content-Length, we
351 * will close the connection. That's fine. We can always decide the close
352 * the connection
353 *
354 * FIXME: to be nice we should remove the Connection: ...
355 */
356 if (con->parsed_response & HTTP_CONNECTION) {
357 /* a subrequest disable keep-alive although the client wanted it */
358 if (con->keep_alive && !con->response.keep_alive) {
359 con->keep_alive = 0;
360 }
361 }
362 }
363
364 if (con->request.content_length
365 && (off_t)con->request.content_length > con->request_content_queue->bytes_in) {
366 /* request body is present and has not been read completely */
367 con->keep_alive = 0;
368 }
369
370 if (con->request.http_method == HTTP_METHOD_HEAD) {
371 /**
372 * a HEAD request has the same as a GET
373 * without the content
374 */
375 con->file_finished = 1;
376
377 chunkqueue_reset(con->write_queue);
378 con->response.transfer_encoding &= ~HTTP_TRANSFER_ENCODING_CHUNKED;
379 }
380
381 http_response_write_header(srv, con);
382
383 return 0;
384 }
385
386 static int connection_handle_write(server *srv, connection *con) {
387 switch(network_write_chunkqueue(srv, con, con->write_queue, MAX_WRITE_LIMIT)) {
388 case 0:
389 con->write_request_ts = srv->cur_ts;
390 if (con->file_finished) {
391 connection_set_state(srv, con, CON_STATE_RESPONSE_END);
392 joblist_append(srv, con);
393 }
394 break;
395 case -1: /* error on our side */
396 log_error_write(srv, __FILE__, __LINE__, "sd",
397 "connection closed: write failed on fd", con->fd);
398 connection_set_state(srv, con, CON_STATE_ERROR);
399 joblist_append(srv, con);
400 break;
401 case -2: /* remote close */
402 connection_set_state(srv, con, CON_STATE_ERROR);
403 joblist_append(srv, con);
404 break;
405 case 1:
406 con->write_request_ts = srv->cur_ts;
407 con->is_writable = 0;
408
409 /* not finished yet -> WRITE */
410 break;
411 }
412
413 return 0;
414 }
415
416
417
418 connection *connection_init(server *srv) {
419 connection *con;
420
421 UNUSED(srv);
422
423 con = calloc(1, sizeof(*con));
424 force_assert(NULL != con);
425
426 con->fd = 0;
427 con->ndx = -1;
428 con->fde_ndx = -1;
429 con->bytes_written = 0;
430 con->bytes_read = 0;
431 con->bytes_header = 0;
432 con->loops_per_request = 0;
433
434 #define CLEAN(x) \
435 con->x = buffer_init();
436
437 CLEAN(request.uri);
438 CLEAN(request.request_line);
439 CLEAN(request.request);
440 CLEAN(request.pathinfo);
441
442 CLEAN(request.orig_uri);
443
444 CLEAN(uri.scheme);
445 CLEAN(uri.authority);
446 CLEAN(uri.path);
447 CLEAN(uri.path_raw);
448 CLEAN(uri.query);
449
450 CLEAN(physical.doc_root);
451 CLEAN(physical.path);
452 CLEAN(physical.basedir);
453 CLEAN(physical.rel_path);
454 CLEAN(physical.etag);
455 CLEAN(parse_request);
456
457 CLEAN(server_name);
458 CLEAN(dst_addr_buf);
459 #if defined USE_OPENSSL && ! defined OPENSSL_NO_TLSEXT
460 CLEAN(tlsext_server_name);
461 #endif
462
463 #undef CLEAN
464 con->write_queue = chunkqueue_init();
465 con->read_queue = chunkqueue_init();
466 con->request_content_queue = chunkqueue_init();
467 chunkqueue_set_tempdirs(
468 con->request_content_queue,
469 srv->srvconf.upload_tempdirs,
470 srv->srvconf.upload_temp_file_size);
471
472 con->request.headers = array_init();
473 con->response.headers = array_init();
474 con->environment = array_init();
475
476 /* init plugin specific connection structures */
477
478 con->plugin_ctx = calloc(1, (srv->plugins.used + 1) * sizeof(void *));
479 force_assert(NULL != con->plugin_ctx);
480
481 con->cond_cache = calloc(srv->config_context->used, sizeof(cond_cache_t));
482 force_assert(NULL != con->cond_cache);
483 config_setup_connection(srv, con);
484
485 return con;
486 }
487
488 void connections_free(server *srv) {
489 connections *conns = srv->conns;
490 size_t i;
491
492 for (i = 0; i < conns->size; i++) {
493 connection *con = conns->ptr[i];
494
495 connection_reset(srv, con);
496
497 chunkqueue_free(con->write_queue);
498 chunkqueue_free(con->read_queue);
499 chunkqueue_free(con->request_content_queue);
500 array_free(con->request.headers);
501 array_free(con->response.headers);
502 array_free(con->environment);
503
504 #define CLEAN(x) \
505 buffer_free(con->x);
506
507 CLEAN(request.uri);
508 CLEAN(request.request_line);
509 CLEAN(request.request);
510 CLEAN(request.pathinfo);
511
512 CLEAN(request.orig_uri);
513
514 CLEAN(uri.scheme);
515 CLEAN(uri.authority);
516 CLEAN(uri.path);
517 CLEAN(uri.path_raw);
518 CLEAN(uri.query);
519
520 CLEAN(physical.doc_root);
521 CLEAN(physical.path);
522 CLEAN(physical.basedir);
523 CLEAN(physical.etag);
524 CLEAN(physical.rel_path);
525 CLEAN(parse_request);
526
527 CLEAN(server_name);
528 CLEAN(dst_addr_buf);
529 #if defined USE_OPENSSL && ! defined OPENSSL_NO_TLSEXT
530 CLEAN(tlsext_server_name);
531 #endif
532 #undef CLEAN
533 free(con->plugin_ctx);
534 free(con->cond_cache);
535
536 free(con);
537 }
538
539 free(conns->ptr);
540 }
541
542
543 int connection_reset(server *srv, connection *con) {
544 size_t i;
545
546 plugins_call_connection_reset(srv, con);
547
548 con->is_readable = 1;
549 con->is_writable = 1;
550 con->http_status = 0;
551 con->file_finished = 0;
552 con->file_started = 0;
553 con->got_response = 0;
554
555 con->parsed_response = 0;
556
557 con->bytes_written = 0;
558 con->bytes_written_cur_second = 0;
559 con->bytes_read = 0;
560 con->bytes_header = 0;
561 con->loops_per_request = 0;
562
563 con->request.http_method = HTTP_METHOD_UNSET;
564 con->request.http_version = HTTP_VERSION_UNSET;
565
566 con->request.http_if_modified_since = NULL;
567 con->request.http_if_none_match = NULL;
568
569 con->response.keep_alive = 0;
570 con->response.content_length = -1;
571 con->response.transfer_encoding = 0;
572
573 con->mode = DIRECT;
574
575 #define CLEAN(x) \
576 if (con->x) buffer_reset(con->x);
577
578 CLEAN(request.uri);
579 CLEAN(request.request_line);
580 CLEAN(request.pathinfo);
581 CLEAN(request.request);
582
583 /* CLEAN(request.orig_uri); */
584
585 CLEAN(uri.scheme);
586 /* CLEAN(uri.authority); */
587 /* CLEAN(uri.path); */
588 CLEAN(uri.path_raw);
589 /* CLEAN(uri.query); */
590
591 CLEAN(physical.doc_root);
592 CLEAN(physical.path);
593 CLEAN(physical.basedir);
594 CLEAN(physical.rel_path);
595 CLEAN(physical.etag);
596
597 CLEAN(parse_request);
598
599 CLEAN(server_name);
600 #if defined USE_OPENSSL && ! defined OPENSSL_NO_TLSEXT
601 CLEAN(tlsext_server_name);
602 #endif
603 #undef CLEAN
604
605 #define CLEAN(x) \
606 if (con->x) con->x->used = 0;
607
608 #undef CLEAN
609
610 #define CLEAN(x) \
611 con->request.x = NULL;
612
613 CLEAN(http_host);
614 CLEAN(http_range);
615 CLEAN(http_content_type);
616 #undef CLEAN
617 con->request.content_length = 0;
618
619 array_reset(con->request.headers);
620 array_reset(con->response.headers);
621 array_reset(con->environment);
622
623 chunkqueue_reset(con->write_queue);
624 chunkqueue_reset(con->request_content_queue);
625
626 /* the plugins should cleanup themself */
627 for (i = 0; i < srv->plugins.used; i++) {
628 plugin *p = ((plugin **)(srv->plugins.ptr))[i];
629 plugin_data *pd = p->data;
630
631 if (!pd) continue;
632
633 if (con->plugin_ctx[pd->id] != NULL) {
634 log_error_write(srv, __FILE__, __LINE__, "sb", "missing cleanup in", p->name);
635 }
636
637 con->plugin_ctx[pd->id] = NULL;
638 }
639
640 /* The cond_cache gets reset in response.c */
641 /* config_cond_cache_reset(srv, con); */
642
643 con->header_len = 0;
644 con->error_handler_saved_status = 0;
645 /*con->error_handler_saved_method = HTTP_METHOD_UNSET;*/
646 /*(error_handler_saved_method value is not valid unless error_handler_saved_status is set)*/
647
648 config_setup_connection(srv, con);
649
650 return 0;
651 }
652
653 /**
654 * handle all header and content read
655 *
656 * we get called by the state-engine and by the fdevent-handler
657 */
658 static int connection_handle_read_state(server *srv, connection *con) {
659 chunk *c, *last_chunk;
660 off_t last_offset;
661 chunkqueue *cq = con->read_queue;
662 int is_closed = 0; /* the connection got closed, if we don't have a complete header, -> error */
663 /* when in CON_STATE_READ: about to receive first byte for a request: */
664 int is_request_start = chunkqueue_is_empty(cq);
665
666 if (con->is_readable) {
667 con->read_idle_ts = srv->cur_ts;
668
669 switch(connection_handle_read(srv, con)) {
670 case -1:
671 return -1;
672 case -2:
673 is_closed = 1;
674 break;
675 default:
676 break;
677 }
678 }
679
680 chunkqueue_remove_finished_chunks(cq);
681
682 /* we might have got several packets at once
683 */
684
685 /* update request_start timestamp when first byte of
686 * next request is received on a keep-alive connection */
687 if (con->request_count > 1 && is_request_start) con->request_start = srv->cur_ts;
688
689 /* if there is a \r\n\r\n in the chunkqueue
690 *
691 * scan the chunk-queue twice
692 * 1. to find the \r\n\r\n
693 * 2. to copy the header-packet
694 *
695 */
696
697 last_chunk = NULL;
698 last_offset = 0;
699
700 for (c = cq->first; c; c = c->next) {
701 size_t i;
702 size_t len = buffer_string_length(c->mem) - c->offset;
703 const char *b = c->mem->ptr + c->offset;
704
705 for (i = 0; i < len; ++i) {
706 char ch = b[i];
707
708 if ('\r' == ch) {
709 /* chec if \n\r\n follows */
710 size_t j = i+1;
711 chunk *cc = c;
712 const char header_end[] = "\r\n\r\n";
713 int header_end_match_pos = 1;
714
715 for ( ; cc; cc = cc->next, j = 0 ) {
716 size_t bblen = buffer_string_length(cc->mem) - cc->offset;
717 const char *bb = cc->mem->ptr + cc->offset;
718
719 for ( ; j < bblen; j++) {
720 ch = bb[j];
721
722 if (ch == header_end[header_end_match_pos]) {
723 header_end_match_pos++;
724 if (4 == header_end_match_pos) {
725 last_chunk = cc;
726 last_offset = j+1;
727 goto found_header_end;
728 }
729 } else {
730 goto reset_search;
731 }
732 }
733 }
734 }
735 reset_search: ;
736 }
737 }
738 found_header_end:
739
740 /* found */
741 if (last_chunk) {
742 buffer_reset(con->request.request);
743
744 for (c = cq->first; c; c = c->next) {
745 size_t len = buffer_string_length(c->mem) - c->offset;
746
747 if (c == last_chunk) {
748 len = last_offset;
749 }
750
751 buffer_append_string_len(con->request.request, c->mem->ptr + c->offset, len);
752 c->offset += len;
753 cq->bytes_out += len;
754
755 if (c == last_chunk) break;
756 }
757
758 connection_set_state(srv, con, CON_STATE_REQUEST_END);
759 } else if (chunkqueue_length(cq) > 64 * 1024) {
760 log_error_write(srv, __FILE__, __LINE__, "s", "oversized request-header -> sending Status 414");
761
762 con->http_status = 414; /* Request-URI too large */
763 con->keep_alive = 0;
764 connection_set_state(srv, con, CON_STATE_HANDLE_REQUEST);
765 } else if (is_closed) {
766 /* the connection got closed and we didn't got enough data to leave CON_STATE_READ;
767 * the only way is to leave here */
768 connection_set_state(srv, con, CON_STATE_ERROR);
769 }
770
771 chunkqueue_remove_finished_chunks(cq);
772
773 return 0;
774 }
775
776 static handler_t connection_handle_fdevent(server *srv, void *context, int revents) {
777 connection *con = context;
778
779 joblist_append(srv, con);
780
781 if (con->srv_socket->is_ssl) {
782 /* ssl may read and write for both reads and writes */
783 if (revents & (FDEVENT_IN | FDEVENT_OUT)) {
784 con->is_readable = 1;
785 con->is_writable = 1;
786 }
787 } else {
788 if (revents & FDEVENT_IN) {
789 con->is_readable = 1;
790 }
791 if (revents & FDEVENT_OUT) {
792 con->is_writable = 1;
793 /* we don't need the event twice */
794 }
795 }
796
797
798 if (revents & ~(FDEVENT_IN | FDEVENT_OUT)) {
799 /* looks like an error */
800
801 /* FIXME: revents = 0x19 still means that we should read from the queue */
802 if (revents & FDEVENT_HUP) {
803 if (con->state == CON_STATE_CLOSE) {
804 con->close_timeout_ts = srv->cur_ts - (HTTP_LINGER_TIMEOUT+1);
805 } else {
806 /* sigio reports the wrong event here
807 *
808 * there was no HUP at all
809 */
810 #ifdef USE_LINUX_SIGIO
811 if (srv->ev->in_sigio == 1) {
812 log_error_write(srv, __FILE__, __LINE__, "sd",
813 "connection closed: poll() -> HUP", con->fd);
814 } else {
815 connection_set_state(srv, con, CON_STATE_ERROR);
816 }
817 #else
818 connection_set_state(srv, con, CON_STATE_ERROR);
819 #endif
820
821 }
822 } else if (revents & FDEVENT_ERR) {
823 /* error, connection reset, whatever... we don't want to spam the logfile */
824 #if 0
825 log_error_write(srv, __FILE__, __LINE__, "sd",
826 "connection closed: poll() -> ERR", con->fd);
827 #endif
828 connection_set_state(srv, con, CON_STATE_ERROR);
829 } else {
830 log_error_write(srv, __FILE__, __LINE__, "sd",
831 "connection closed: poll() -> ???", revents);
832 }
833 }
834
835 if (con->state == CON_STATE_READ) {
836 connection_handle_read_state(srv, con);
837 }
838
839 if (con->state == CON_STATE_WRITE &&
840 !chunkqueue_is_empty(con->write_queue) &&
841 con->is_writable) {
842
843 if (-1 == connection_handle_write(srv, con)) {
844 connection_set_state(srv, con, CON_STATE_ERROR);
845
846 log_error_write(srv, __FILE__, __LINE__, "ds",
847 con->fd,
848 "handle write failed.");
849 }
850 }
851
852 if (con->state == CON_STATE_CLOSE) {
853 /* flush the read buffers */
854 int len;
855 char buf[1024];
856
857 len = read(con->fd, buf, sizeof(buf));
858 if (len == 0 || (len < 0 && errno != EAGAIN && errno != EINTR) ) {
859 con->close_timeout_ts = srv->cur_ts - (HTTP_LINGER_TIMEOUT+1);
860 }
861 }
862
863 return HANDLER_FINISHED;
864 }
865
866
867 connection *connection_accept(server *srv, server_socket *srv_socket) {
868 /* accept everything */
869
870 /* search an empty place */
871 int cnt;
872 sock_addr cnt_addr;
873 socklen_t cnt_len;
874 /* accept it and register the fd */
875
876 /**
877 * check if we can still open a new connections
878 *
879 * see #1216
880 */
881
882 if (srv->conns->used >= srv->max_conns) {
883 return NULL;
884 }
885
886 cnt_len = sizeof(cnt_addr);
887
888 if (-1 == (cnt = accept(srv_socket->fd, (struct sockaddr *) &cnt_addr, &cnt_len))) {
889 switch (errno) {
890 case EAGAIN:
891 #if EWOULDBLOCK != EAGAIN
892 case EWOULDBLOCK:
893 #endif
894 case EINTR:
895 /* we were stopped _before_ we had a connection */
896 case ECONNABORTED: /* this is a FreeBSD thingy */
897 /* we were stopped _after_ we had a connection */
898 break;
899 case EMFILE:
900 /* out of fds */
901 break;
902 default:
903 log_error_write(srv, __FILE__, __LINE__, "ssd", "accept failed:", strerror(errno), errno);
904 }
905 return NULL;
906 } else {
907 return connection_accepted(srv, srv_socket, &cnt_addr, cnt);
908 }
909 }
910
911 connection *connection_accepted(server *srv, server_socket *srv_socket, sock_addr *cnt_addr, int cnt) {
912 connection *con;
913
914 srv->cur_fds++;
915
916 /* ok, we have the connection, register it */
917 #if 0
918 log_error_write(srv, __FILE__, __LINE__, "sd",
919 "appected()", cnt);
920 #endif
921 srv->con_opened++;
922
923 con = connections_get_new_connection(srv);
924
925 con->fd = cnt;
926 con->fde_ndx = -1;
927 #if 0
928 gettimeofday(&(con->start_tv), NULL);
929 #endif
930 fdevent_register(srv->ev, con->fd, connection_handle_fdevent, con);
931
932 connection_set_state(srv, con, CON_STATE_REQUEST_START);
933
934 con->connection_start = srv->cur_ts;
935 con->dst_addr = *cnt_addr;
936 buffer_copy_string(con->dst_addr_buf, inet_ntop_cache_get_ip(srv, &(con->dst_addr)));
937 con->srv_socket = srv_socket;
938
939 if (-1 == (fdevent_fcntl_set(srv->ev, con->fd))) {
940 log_error_write(srv, __FILE__, __LINE__, "ss", "fcntl failed: ", strerror(errno));
941 return NULL;
942 }
943 #ifdef USE_OPENSSL
944 /* connect FD to SSL */
945 if (srv_socket->is_ssl) {
946 if (NULL == (con->ssl = SSL_new(srv_socket->ssl_ctx))) {
947 log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:",
948 ERR_error_string(ERR_get_error(), NULL));
949
950 return NULL;
951 }
952
953 con->renegotiations = 0;
954 SSL_set_app_data(con->ssl, con);
955 SSL_set_accept_state(con->ssl);
956
957 if (1 != (SSL_set_fd(con->ssl, cnt))) {
958 log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:",
959 ERR_error_string(ERR_get_error(), NULL));
960 return NULL;
961 }
962 }
963 #endif
964 return con;
965 }
966
967
968 int connection_state_machine(server *srv, connection *con) {
969 int done = 0, r;
970 #ifdef USE_OPENSSL
971 server_socket *srv_sock = con->srv_socket;
972 #endif
973
974 if (srv->srvconf.log_state_handling) {
975 log_error_write(srv, __FILE__, __LINE__, "sds",
976 "state at start",
977 con->fd,
978 connection_get_state(con->state));
979 }
980
981 while (done == 0) {
982 size_t ostate = con->state;
983
984 switch (con->state) {
985 case CON_STATE_REQUEST_START: /* transient */
986 if (srv->srvconf.log_state_handling) {
987 log_error_write(srv, __FILE__, __LINE__, "sds",
988 "state for fd", con->fd, connection_get_state(con->state));
989 }
990
991 con->request_start = srv->cur_ts;
992 con->read_idle_ts = srv->cur_ts;
993
994 con->request_count++;
995 con->loops_per_request = 0;
996
997 connection_set_state(srv, con, CON_STATE_READ);
998
999 break;
1000 case CON_STATE_REQUEST_END: /* transient */
1001 if (srv->srvconf.log_state_handling) {
1002 log_error_write(srv, __FILE__, __LINE__, "sds",
1003 "state for fd", con->fd, connection_get_state(con->state));
1004 }
1005
1006 buffer_reset(con->uri.authority);
1007 buffer_reset(con->uri.path);
1008 buffer_reset(con->uri.query);
1009 buffer_reset(con->request.orig_uri);
1010
1011 if (http_request_parse(srv, con)) {
1012 /* we have to read some data from the POST request */
1013
1014 connection_set_state(srv, con, CON_STATE_READ_POST);
1015
1016 break;
1017 }
1018
1019 connection_set_state(srv, con, CON_STATE_HANDLE_REQUEST);
1020
1021 break;
1022 case CON_STATE_READ_POST:
1023 case CON_STATE_HANDLE_REQUEST:
1024 /*
1025 * the request is parsed
1026 *
1027 * decided what to do with the request
1028 * -
1029 *
1030 *
1031 */
1032
1033 if (srv->srvconf.log_state_handling) {
1034 log_error_write(srv, __FILE__, __LINE__, "sds",
1035 "state for fd", con->fd, connection_get_state(con->state));
1036 }
1037
1038 switch (r = http_response_prepare(srv, con)) {
1039 case HANDLER_FINISHED:
1040 if (con->error_handler_saved_status > 0) {
1041 con->request.http_method = con->error_handler_saved_method;
1042 }
1043 if (con->mode == DIRECT) {
1044 if (con->error_handler_saved_status) {
1045 if (con->error_handler_saved_status > 0) {
1046 con->http_status = con->error_handler_saved_status;
1047 } else if (con->http_status == 404 || con->http_status == 403) {
1048 /* error-handler-404 is a 404 */
1049 con->http_status = -con->error_handler_saved_status;
1050 } else {
1051 /* error-handler-404 is back and has generated content */
1052 /* if Status: was set, take it otherwise use 200 */
1053 }
1054 } else if (con->http_status >= 400) {
1055 buffer *error_handler = NULL;
1056 if (!buffer_string_is_empty(con->conf.error_handler)) {
1057 error_handler = con->conf.error_handler;
1058 } else if ((con->http_status == 404 || con->http_status == 403)
1059 && !buffer_string_is_empty(con->conf.error_handler_404)) {
1060 error_handler = con->conf.error_handler_404;
1061 }
1062
1063 if (error_handler) {
1064 /* call error-handler */
1065
1066 /* set REDIRECT_STATUS to save current HTTP status code
1067 * for access by dynamic handlers
1068 * https://redmine.lighttpd.net/issues/1828 */
1069 data_string *ds;
1070 if (NULL == (ds = (data_string *)array_get_unused_element(con->environment, TYPE_STRING))) {
1071 ds = data_string_init();
1072 }
1073 buffer_copy_string_len(ds->key, CONST_STR_LEN("REDIRECT_STATUS"));
1074 buffer_append_int(ds->value, con->http_status);
1075 array_insert_unique(con->environment, (data_unset *)ds);
1076
1077 if (error_handler == con->conf.error_handler) {
1078 plugins_call_connection_reset(srv, con);
1079
1080 if (con->request.content_length) {
1081 if ((off_t)con->request.content_length != chunkqueue_length(con->request_content_queue)) {
1082 con->keep_alive = 0;
1083 }
1084 con->request.content_length = 0;
1085 chunkqueue_reset(con->request_content_queue);
1086 }
1087
1088 con->is_writable = 1;
1089 con->file_finished = 0;
1090 con->file_started = 0;
1091 con->got_response = 0;
1092 con->parsed_response = 0;
1093 con->response.keep_alive = 0;
1094 con->response.content_length = -1;
1095 con->response.transfer_encoding = 0;
1096
1097 array_set_key_value(con->environment, CONST_STR_LEN("REDIRECT_URI"), CONST_BUF_LEN(con->request.orig_uri));
1098 con->error_handler_saved_status = con->http_status;
1099 con->error_handler_saved_method = con->request.http_method;
1100
1101 con->request.http_method = HTTP_METHOD_GET;
1102 } else { /*(preserve behavior for server.error-handler-404)*/
1103 array_set_key_value(con->environment, CONST_STR_LEN("REDIRECT_URI"), CONST_BUF_LEN(error_handler));
1104 con->error_handler_saved_status = -con->http_status; /*(negative to flag old behavior)*/
1105 }
1106
1107 buffer_copy_buffer(con->request.uri, error_handler);
1108 connection_handle_errdoc_init(srv, con);
1109 con->http_status = 0; /*(after connection_handle_errdoc_init())*/
1110
1111 done = -1;
1112 break;
1113 }
1114 }
1115 }
1116 if (con->http_status == 0) con->http_status = 200;
1117
1118 /* we have something to send, go on */
1119 connection_set_state(srv, con, CON_STATE_RESPONSE_START);
1120 break;
1121 case HANDLER_WAIT_FOR_FD:
1122 srv->want_fds++;
1123
1124 fdwaitqueue_append(srv, con);
1125
1126 break;
1127 case HANDLER_COMEBACK:
1128 done = -1;
1129 /* fallthrough */
1130 case HANDLER_WAIT_FOR_EVENT:
1131 /* come back here */
1132 break;
1133 case HANDLER_ERROR:
1134 /* something went wrong */
1135 connection_set_state(srv, con, CON_STATE_ERROR);
1136 break;
1137 default:
1138 log_error_write(srv, __FILE__, __LINE__, "sdd", "unknown ret-value: ", con->fd, r);
1139 break;
1140 }
1141
1142 break;
1143 case CON_STATE_RESPONSE_START:
1144 /*
1145 * the decision is done
1146 * - create the HTTP-Response-Header
1147 *
1148 */
1149
1150 if (srv->srvconf.log_state_handling) {
1151 log_error_write(srv, __FILE__, __LINE__, "sds",
1152 "state for fd", con->fd, connection_get_state(con->state));
1153 }
1154
1155 if (-1 == connection_handle_write_prepare(srv, con)) {
1156 connection_set_state(srv, con, CON_STATE_ERROR);
1157
1158 break;
1159 }
1160
1161 connection_set_state(srv, con, CON_STATE_WRITE);
1162 break;
1163 case CON_STATE_RESPONSE_END: /* transient */
1164 /* log the request */
1165
1166 if (srv->srvconf.log_state_handling) {
1167 log_error_write(srv, __FILE__, __LINE__, "sds",
1168 "state for fd", con->fd, connection_get_state(con->state));
1169 }
1170
1171 plugins_call_handle_request_done(srv, con);
1172
1173 srv->con_written++;
1174
1175 if (con->keep_alive) {
1176 connection_set_state(srv, con, CON_STATE_REQUEST_START);
1177
1178 #if 0
1179 con->request_start = srv->cur_ts;
1180 con->read_idle_ts = srv->cur_ts;
1181 #endif
1182 } else {
1183 switch(r = plugins_call_handle_connection_close(srv, con)) {
1184 case HANDLER_GO_ON:
1185 case HANDLER_FINISHED:
1186 break;
1187 default:
1188 log_error_write(srv, __FILE__, __LINE__, "sd", "unhandling return value", r);
1189 break;
1190 }
1191
1192 #ifdef USE_OPENSSL
1193 if (srv_sock->is_ssl) {
1194 switch (SSL_shutdown(con->ssl)) {
1195 case 1:
1196 /* done */
1197 break;
1198 case 0:
1199 /* wait for fd-event
1200 *
1201 * FIXME: wait for fdevent and call SSL_shutdown again
1202 *
1203 */
1204
1205 break;
1206 default:
1207 log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:",
1208 ERR_error_string(ERR_get_error(), NULL));
1209 }
1210 }
1211 #endif
1212 if ((0 == shutdown(con->fd, SHUT_WR))) {
1213 con->close_timeout_ts = srv->cur_ts;
1214 connection_set_state(srv, con, CON_STATE_CLOSE);
1215 } else {
1216 connection_close(srv, con);
1217 }
1218
1219 srv->con_closed++;
1220 }
1221
1222 connection_reset(srv, con);
1223
1224 break;
1225 case CON_STATE_CONNECT:
1226 if (srv->srvconf.log_state_handling) {
1227 log_error_write(srv, __FILE__, __LINE__, "sds",
1228 "state for fd", con->fd, connection_get_state(con->state));
1229 }
1230
1231 chunkqueue_reset(con->read_queue);
1232
1233 con->request_count = 0;
1234
1235 break;
1236 case CON_STATE_CLOSE:
1237 if (srv->srvconf.log_state_handling) {
1238 log_error_write(srv, __FILE__, __LINE__, "sds",
1239 "state for fd", con->fd, connection_get_state(con->state));
1240 }
1241
1242 /* we have to do the linger_on_close stuff regardless
1243 * of con->keep_alive; even non-keepalive sockets may
1244 * still have unread data, and closing before reading
1245 * it will make the client not see all our output.
1246 */
1247 {
1248 int len;
1249 char buf[1024];
1250
1251 len = read(con->fd, buf, sizeof(buf));
1252 if (len == 0 || (len < 0 && errno != EAGAIN && errno != EINTR) ) {
1253 con->close_timeout_ts = srv->cur_ts - (HTTP_LINGER_TIMEOUT+1);
1254 }
1255 }
1256
1257 if (srv->cur_ts - con->close_timeout_ts > HTTP_LINGER_TIMEOUT) {
1258 connection_close(srv, con);
1259
1260 if (srv->srvconf.log_state_handling) {
1261 log_error_write(srv, __FILE__, __LINE__, "sd",
1262 "connection closed for fd", con->fd);
1263 }
1264 }
1265
1266 break;
1267 case CON_STATE_READ:
1268 if (srv->srvconf.log_state_handling) {
1269 log_error_write(srv, __FILE__, __LINE__, "sds",
1270 "state for fd", con->fd, connection_get_state(con->state));
1271 }
1272
1273 connection_handle_read_state(srv, con);
1274 break;
1275 case CON_STATE_WRITE:
1276 if (srv->srvconf.log_state_handling) {
1277 log_error_write(srv, __FILE__, __LINE__, "sds",
1278 "state for fd", con->fd, connection_get_state(con->state));
1279 }
1280
1281 /* only try to write if we have something in the queue */
1282 if (!chunkqueue_is_empty(con->write_queue)) {
1283 if (con->is_writable) {
1284 if (-1 == connection_handle_write(srv, con)) {
1285 log_error_write(srv, __FILE__, __LINE__, "ds",
1286 con->fd,
1287 "handle write failed.");
1288 connection_set_state(srv, con, CON_STATE_ERROR);
1289 }
1290 }
1291 } else if (con->file_finished) {
1292 connection_set_state(srv, con, CON_STATE_RESPONSE_END);
1293 }
1294
1295 break;
1296 case CON_STATE_ERROR: /* transient */
1297
1298 /* even if the connection was drop we still have to write it to the access log */
1299 if (con->http_status) {
1300 plugins_call_handle_request_done(srv, con);
1301 }
1302 #ifdef USE_OPENSSL
1303 if (srv_sock->is_ssl) {
1304 int ret, ssl_r;
1305 unsigned long err;
1306 ERR_clear_error();
1307 switch ((ret = SSL_shutdown(con->ssl))) {
1308 case 1:
1309 /* ok */
1310 break;
1311 case 0:
1312 ERR_clear_error();
1313 if (-1 != (ret = SSL_shutdown(con->ssl))) break;
1314
1315 /* fall through */
1316 default:
1317
1318 switch ((ssl_r = SSL_get_error(con->ssl, ret))) {
1319 case SSL_ERROR_WANT_WRITE:
1320 case SSL_ERROR_WANT_READ:
1321 break;
1322 case SSL_ERROR_SYSCALL:
1323 /* perhaps we have error waiting in our error-queue */
1324 if (0 != (err = ERR_get_error())) {
1325 do {
1326 log_error_write(srv, __FILE__, __LINE__, "sdds", "SSL:",
1327 ssl_r, ret,
1328 ERR_error_string(err, NULL));
1329 } while((err = ERR_get_error()));
1330 } else if (errno != 0) { /* ssl bug (see lighttpd ticket #2213): sometimes errno == 0 */
1331 switch(errno) {
1332 case EPIPE:
1333 case ECONNRESET:
1334 break;
1335 default:
1336 log_error_write(srv, __FILE__, __LINE__, "sddds", "SSL (error):",
1337 ssl_r, ret, errno,
1338 strerror(errno));
1339 break;
1340 }
1341 }
1342
1343 break;
1344 default:
1345 while((err = ERR_get_error())) {
1346 log_error_write(srv, __FILE__, __LINE__, "sdds", "SSL:",
1347 ssl_r, ret,
1348 ERR_error_string(err, NULL));
1349 }
1350
1351 break;
1352 }
1353 }
1354 ERR_clear_error();
1355 }
1356 #endif
1357
1358 switch(con->mode) {
1359 case DIRECT:
1360 #if 0
1361 log_error_write(srv, __FILE__, __LINE__, "sd",
1362 "emergency exit: direct",
1363 con->fd);
1364 #endif
1365 break;
1366 default:
1367 switch(r = plugins_call_handle_connection_close(srv, con)) {
1368 case HANDLER_GO_ON:
1369 case HANDLER_FINISHED:
1370 break;
1371 default:
1372 log_error_write(srv, __FILE__, __LINE__, "sd", "unhandling return value", r);
1373 break;
1374 }
1375 break;
1376 }
1377
1378 connection_reset(srv, con);
1379
1380 /* close the connection */
1381 if ((0 == shutdown(con->fd, SHUT_WR))) {
1382 con->close_timeout_ts = srv->cur_ts;
1383 connection_set_state(srv, con, CON_STATE_CLOSE);
1384
1385 if (srv->srvconf.log_state_handling) {
1386 log_error_write(srv, __FILE__, __LINE__, "sd",
1387 "shutdown for fd", con->fd);
1388 }
1389 } else {
1390 connection_close(srv, con);
1391 }
1392
1393 con->keep_alive = 0;
1394
1395 srv->con_closed++;
1396
1397 break;
1398 default:
1399 log_error_write(srv, __FILE__, __LINE__, "sdd",
1400 "unknown state:", con->fd, con->state);
1401
1402 break;
1403 }
1404
1405 if (done == -1) {
1406 done = 0;
1407 } else if (ostate == con->state) {
1408 done = 1;
1409 }
1410 }
1411
1412 if (srv->srvconf.log_state_handling) {
1413 log_error_write(srv, __FILE__, __LINE__, "sds",
1414 "state at exit:",
1415 con->fd,
1416 connection_get_state(con->state));
1417 }
1418
1419 switch(con->state) {
1420 case CON_STATE_READ_POST:
1421 case CON_STATE_READ:
1422 case CON_STATE_CLOSE:
1423 fdevent_event_set(srv->ev, &(con->fde_ndx), con->fd, FDEVENT_IN);
1424 break;
1425 case CON_STATE_WRITE:
1426 /* request write-fdevent only if we really need it
1427 * - if we have data to write
1428 * - if the socket is not writable yet
1429 */
1430 if (!chunkqueue_is_empty(con->write_queue) &&
1431 (con->is_writable == 0) &&
1432 (con->traffic_limit_reached == 0)) {
1433 fdevent_event_set(srv->ev, &(con->fde_ndx), con->fd, FDEVENT_OUT);
1434 } else {
1435 fdevent_event_set(srv->ev, &(con->fde_ndx), con->fd, 0);
1436 }
1437 break;
1438 default:
1439 fdevent_event_set(srv->ev, &(con->fde_ndx), con->fd, 0);
1440 break;
1441 }
1442
1443 return 0;
1444 }
A fast webserver with minimal memory-footprint (lighttpd)