search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
drain backend socket/pipe bufs upon FDEVENT_HUP
[lighttpd.git] / src / mod_cgi.c
blob4b1235d199cb44378fa096b837113fb3d14dd9bc
1 #include "first.h"
2
3 #include "server.h"
4 #include "stat_cache.h"
5 #include "keyvalue.h"
6 #include "log.h"
7 #include "connections.h"
8 #include "joblist.h"
9 #include "response.h"
10 #include "http_chunk.h"
11 #include "network_backends.h"
12
13 #include "plugin.h"
14
15 #include <sys/types.h>
16 #include "sys-mmap.h"
17
18 #ifdef __WIN32
19 # include <winsock2.h>
20 #else
21 # include <sys/socket.h>
22 # include <sys/wait.h>
23 # include <netinet/in.h>
24 # include <arpa/inet.h>
25 #endif
26
27 #include <unistd.h>
28 #include <errno.h>
29 #include <stdlib.h>
30 #include <string.h>
31 #include <fdevent.h>
32 #include <signal.h>
33 #include <ctype.h>
34 #include <assert.h>
35
36 #include <stdio.h>
37 #include <fcntl.h>
38
39 #include "version.h"
40
41 enum {EOL_UNSET, EOL_N, EOL_RN};
42
43 typedef struct {
44 char **ptr;
45
46 size_t size;
47 size_t used;
48 } char_array;
49
50 typedef struct {
51 pid_t *ptr;
52 size_t used;
53 size_t size;
54 } buffer_pid_t;
55
56 typedef struct {
57 array *cgi;
58 unsigned short execute_x_only;
59 unsigned short xsendfile_allow;
60 array *xsendfile_docroot;
61 } plugin_config;
62
63 typedef struct {
64 PLUGIN_DATA;
65 buffer_pid_t cgi_pid;
66
67 buffer *tmp_buf;
68 buffer *parse_response;
69
70 plugin_config **config_storage;
71
72 plugin_config conf;
73 } plugin_data;
74
75 typedef struct {
76 pid_t pid;
77 int fd;
78 int fdtocgi;
79 int fde_ndx; /* index into the fd-event buffer */
80 int fde_ndx_tocgi; /* index into the fd-event buffer */
81
82 connection *remote_conn; /* dumb pointer */
83 plugin_data *plugin_data; /* dumb pointer */
84
85 buffer *response;
86 buffer *response_header;
87 } handler_ctx;
88
89 static handler_ctx * cgi_handler_ctx_init(void) {
90 handler_ctx *hctx = calloc(1, sizeof(*hctx));
91
92 force_assert(hctx);
93
94 hctx->response = buffer_init();
95 hctx->response_header = buffer_init();
96 hctx->fd = -1;
97 hctx->fdtocgi = -1;
98
99 return hctx;
100 }
101
102 static void cgi_handler_ctx_free(handler_ctx *hctx) {
103 buffer_free(hctx->response);
104 buffer_free(hctx->response_header);
105
106 free(hctx);
107 }
108
109 enum {FDEVENT_HANDLED_UNSET, FDEVENT_HANDLED_FINISHED, FDEVENT_HANDLED_NOT_FINISHED, FDEVENT_HANDLED_ERROR};
110
111 INIT_FUNC(mod_cgi_init) {
112 plugin_data *p;
113
114 p = calloc(1, sizeof(*p));
115
116 force_assert(p);
117
118 p->tmp_buf = buffer_init();
119 p->parse_response = buffer_init();
120
121 return p;
122 }
123
124
125 FREE_FUNC(mod_cgi_free) {
126 plugin_data *p = p_d;
127 buffer_pid_t *r = &(p->cgi_pid);
128
129 UNUSED(srv);
130
131 if (p->config_storage) {
132 size_t i;
133 for (i = 0; i < srv->config_context->used; i++) {
134 plugin_config *s = p->config_storage[i];
135
136 if (NULL == s) continue;
137
138 array_free(s->cgi);
139 array_free(s->xsendfile_docroot);
140
141 free(s);
142 }
143 free(p->config_storage);
144 }
145
146
147 if (r->ptr) free(r->ptr);
148
149 buffer_free(p->tmp_buf);
150 buffer_free(p->parse_response);
151
152 free(p);
153
154 return HANDLER_GO_ON;
155 }
156
157 SETDEFAULTS_FUNC(mod_fastcgi_set_defaults) {
158 plugin_data *p = p_d;
159 size_t i = 0;
160
161 config_values_t cv[] = {
162 { "cgi.assign", NULL, T_CONFIG_ARRAY, T_CONFIG_SCOPE_CONNECTION }, /* 0 */
163 { "cgi.execute-x-only", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 1 */
164 { "cgi.x-sendfile", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 2 */
165 { "cgi.x-sendfile-docroot", NULL, T_CONFIG_ARRAY, T_CONFIG_SCOPE_CONNECTION }, /* 3 */
166 { NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET}
167 };
168
169 if (!p) return HANDLER_ERROR;
170
171 p->config_storage = calloc(1, srv->config_context->used * sizeof(plugin_config *));
172 force_assert(p->config_storage);
173
174 for (i = 0; i < srv->config_context->used; i++) {
175 data_config const* config = (data_config const*)srv->config_context->data[i];
176 plugin_config *s;
177
178 s = calloc(1, sizeof(plugin_config));
179 force_assert(s);
180
181 s->cgi = array_init();
182 s->execute_x_only = 0;
183 s->xsendfile_allow= 0;
184 s->xsendfile_docroot = array_init();
185
186 cv[0].destination = s->cgi;
187 cv[1].destination = &(s->execute_x_only);
188 cv[2].destination = &(s->xsendfile_allow);
189 cv[3].destination = s->xsendfile_docroot;
190
191 p->config_storage[i] = s;
192
193 if (0 != config_insert_values_global(srv, config->value, cv, i == 0 ? T_CONFIG_SCOPE_SERVER : T_CONFIG_SCOPE_CONNECTION)) {
194 return HANDLER_ERROR;
195 }
196
197 if (s->xsendfile_docroot->used) {
198 size_t j;
199 for (j = 0; j < s->xsendfile_docroot->used; ++j) {
200 data_string *ds = (data_string *)s->xsendfile_docroot->data[j];
201 if (ds->type != TYPE_STRING) {
202 log_error_write(srv, __FILE__, __LINE__, "s",
203 "unexpected type for key cgi.x-sendfile-docroot; expected: cgi.x-sendfile-docroot = ( \"/allowed/path\", ... )");
204 return HANDLER_ERROR;
205 }
206 if (ds->value->ptr[0] != '/') {
207 log_error_write(srv, __FILE__, __LINE__, "SBs",
208 "cgi.x-sendfile-docroot paths must begin with '/'; invalid: \"", ds->value, "\"");
209 return HANDLER_ERROR;
210 }
211 buffer_path_simplify(ds->value, ds->value);
212 buffer_append_slash(ds->value);
213 }
214 }
215 }
216
217 return HANDLER_GO_ON;
218 }
219
220
221 static int cgi_pid_add(server *srv, plugin_data *p, pid_t pid) {
222 int m = -1;
223 size_t i;
224 buffer_pid_t *r = &(p->cgi_pid);
225
226 UNUSED(srv);
227
228 for (i = 0; i < r->used; i++) {
229 if (r->ptr[i] > m) m = r->ptr[i];
230 }
231
232 if (r->size == 0) {
233 r->size = 16;
234 r->ptr = malloc(sizeof(*r->ptr) * r->size);
235 force_assert(r->ptr);
236 } else if (r->used == r->size) {
237 r->size += 16;
238 r->ptr = realloc(r->ptr, sizeof(*r->ptr) * r->size);
239 force_assert(r->ptr);
240 }
241
242 r->ptr[r->used++] = pid;
243
244 return m;
245 }
246
247 static int cgi_pid_del(server *srv, plugin_data *p, pid_t pid) {
248 size_t i;
249 buffer_pid_t *r = &(p->cgi_pid);
250
251 UNUSED(srv);
252
253 for (i = 0; i < r->used; i++) {
254 if (r->ptr[i] == pid) break;
255 }
256
257 if (i != r->used) {
258 /* found */
259
260 if (i != r->used - 1) {
261 r->ptr[i] = r->ptr[r->used - 1];
262 }
263 r->used--;
264 }
265
266 return 0;
267 }
268
269 static int cgi_response_parse(server *srv, connection *con, plugin_data *p, buffer *in) {
270 char *ns;
271 const char *s;
272 int line = 0;
273
274 UNUSED(srv);
275
276 buffer_copy_buffer(p->parse_response, in);
277
278 for (s = p->parse_response->ptr;
279 NULL != (ns = strchr(s, '\n'));
280 s = ns + 1, line++) {
281 const char *key, *value;
282 int key_len;
283 data_string *ds;
284
285 /* strip the \n */
286 ns[0] = '\0';
287
288 if (ns > s && ns[-1] == '\r') ns[-1] = '\0';
289
290 if (line == 0 &&
291 0 == strncmp(s, "HTTP/1.", 7)) {
292 /* non-parsed header ... we parse them anyway */
293
294 if ((s[7] == '1' ||
295 s[7] == '0') &&
296 s[8] == ' ') {
297 int status;
298 /* after the space should be a status code for us */
299
300 status = strtol(s+9, NULL, 10);
301
302 if (status >= 100 &&
303 status < 1000) {
304 /* we expected 3 digits and didn't got them */
305 con->parsed_response |= HTTP_STATUS;
306 con->http_status = status;
307 }
308 }
309 } else {
310 /* parse the headers */
311 key = s;
312 if (NULL == (value = strchr(s, ':'))) {
313 /* we expect: "<key>: <value>\r\n" */
314 continue;
315 }
316
317 key_len = value - key;
318 value += 1;
319
320 /* skip LWS */
321 while (*value == ' ' || *value == '\t') value++;
322
323 if (NULL == (ds = (data_string *)array_get_unused_element(con->response.headers, TYPE_STRING))) {
324 ds = data_response_init();
325 }
326 buffer_copy_string_len(ds->key, key, key_len);
327 buffer_copy_string(ds->value, value);
328
329 array_insert_unique(con->response.headers, (data_unset *)ds);
330
331 switch(key_len) {
332 case 4:
333 if (0 == strncasecmp(key, "Date", key_len)) {
334 con->parsed_response |= HTTP_DATE;
335 }
336 break;
337 case 6:
338 if (0 == strncasecmp(key, "Status", key_len)) {
339 int status = strtol(value, NULL, 10);
340 if (status >= 100 && status < 1000) {
341 con->http_status = status;
342 con->parsed_response |= HTTP_STATUS;
343 } else {
344 con->http_status = 502;
345 }
346 }
347 break;
348 case 8:
349 if (0 == strncasecmp(key, "Location", key_len)) {
350 con->parsed_response |= HTTP_LOCATION;
351 }
352 break;
353 case 10:
354 if (0 == strncasecmp(key, "Connection", key_len)) {
355 con->response.keep_alive = (0 == strcasecmp(value, "Keep-Alive")) ? 1 : 0;
356 con->parsed_response |= HTTP_CONNECTION;
357 }
358 break;
359 case 14:
360 if (0 == strncasecmp(key, "Content-Length", key_len)) {
361 con->response.content_length = strtoul(value, NULL, 10);
362 con->parsed_response |= HTTP_CONTENT_LENGTH;
363 }
364 break;
365 default:
366 break;
367 }
368 }
369 }
370
371 /* CGI/1.1 rev 03 - 7.2.1.2 */
372 if ((con->parsed_response & HTTP_LOCATION) &&
373 !(con->parsed_response & HTTP_STATUS)) {
374 con->http_status = 302;
375 }
376
377 return 0;
378 }
379
380
381 static int cgi_demux_response(server *srv, handler_ctx *hctx) {
382 plugin_data *p = hctx->plugin_data;
383 connection *con = hctx->remote_conn;
384
385 while(1) {
386 int n;
387 int toread;
388
389 #if defined(__WIN32)
390 buffer_string_prepare_copy(hctx->response, 4 * 1024);
391 #else
392 if (ioctl(con->fd, FIONREAD, &toread) || toread == 0 || toread <= 4*1024) {
393 buffer_string_prepare_copy(hctx->response, 4 * 1024);
394 } else {
395 if (toread > MAX_READ_LIMIT) toread = MAX_READ_LIMIT;
396 buffer_string_prepare_copy(hctx->response, toread);
397 }
398 #endif
399
400 if (-1 == (n = read(hctx->fd, hctx->response->ptr, hctx->response->size - 1))) {
401 if (errno == EAGAIN || errno == EINTR) {
402 /* would block, wait for signal */
403 fdevent_event_add(srv->ev, &(hctx->fde_ndx), hctx->fd, FDEVENT_IN);
404 return FDEVENT_HANDLED_NOT_FINISHED;
405 }
406 /* error */
407 log_error_write(srv, __FILE__, __LINE__, "sdd", strerror(errno), con->fd, hctx->fd);
408 return FDEVENT_HANDLED_ERROR;
409 }
410
411 if (n == 0) {
412 /* read finished */
413
414 con->file_finished = 1;
415
416 /* send final chunk */
417 http_chunk_close(srv, con);
418
419 return FDEVENT_HANDLED_FINISHED;
420 }
421
422 buffer_commit(hctx->response, n);
423
424 /* split header from body */
425
426 if (con->file_started == 0) {
427 int is_header = 0;
428 int is_header_end = 0;
429 size_t last_eol = 0;
430 size_t i, header_len;
431
432 buffer_append_string_buffer(hctx->response_header, hctx->response);
433
434 /**
435 * we have to handle a few cases:
436 *
437 * nph:
438 *
439 * HTTP/1.0 200 Ok\n
440 * Header: Value\n
441 * \n
442 *
443 * CGI:
444 * Header: Value\n
445 * Status: 200\n
446 * \n
447 *
448 * and different mixes of \n and \r\n combinations
449 *
450 * Some users also forget about CGI and just send a response and hope
451 * we handle it. No headers, no header-content seperator
452 *
453 */
454
455 /* nph (non-parsed headers) */
456 if (0 == strncmp(hctx->response_header->ptr, "HTTP/1.", 7)) is_header = 1;
457
458 header_len = buffer_string_length(hctx->response_header);
459 for (i = 0; !is_header_end && i < header_len; i++) {
460 char c = hctx->response_header->ptr[i];
461
462 switch (c) {
463 case ':':
464 /* we found a colon
465 *
466 * looks like we have a normal header
467 */
468 is_header = 1;
469 break;
470 case '\n':
471 /* EOL */
472 if (is_header == 0) {
473 /* we got a EOL but we don't seem to got a HTTP header */
474
475 is_header_end = 1;
476
477 break;
478 }
479
480 /**
481 * check if we saw a \n(\r)?\n sequence
482 */
483 if (last_eol > 0 &&
484 ((i - last_eol == 1) ||
485 (i - last_eol == 2 && hctx->response_header->ptr[i - 1] == '\r'))) {
486 is_header_end = 1;
487 break;
488 }
489
490 last_eol = i;
491
492 break;
493 }
494 }
495
496 if (is_header_end) {
497 if (!is_header) {
498 /* no header, but a body */
499
500 if (con->request.http_version == HTTP_VERSION_1_1) {
501 con->response.transfer_encoding = HTTP_TRANSFER_ENCODING_CHUNKED;
502 }
503
504 if (0 != http_chunk_append_buffer(srv, con, hctx->response_header)) {
505 return FDEVENT_HANDLED_ERROR;
506 }
507 } else {
508 const char *bstart;
509 size_t blen;
510
511 /* the body starts after the EOL */
512 bstart = hctx->response_header->ptr + i;
513 blen = header_len - i;
514
515 /**
516 * i still points to the char after the terminating EOL EOL
517 *
518 * put it on the last \n again
519 */
520 i--;
521
522 /* string the last \r?\n */
523 if (i > 0 && (hctx->response_header->ptr[i - 1] == '\r')) {
524 i--;
525 }
526
527 buffer_string_set_length(hctx->response_header, i);
528
529 /* parse the response header */
530 cgi_response_parse(srv, con, p, hctx->response_header);
531
532 if (p->conf.xsendfile_allow) {
533 data_string *ds;
534 if (NULL != (ds = (data_string *) array_get_element(con->response.headers, "X-Sendfile"))) {
535 http_response_xsendfile(srv, con, ds->value, p->conf.xsendfile_docroot);
536 return FDEVENT_HANDLED_FINISHED;
537 }
538 }
539
540 /* enable chunked-transfer-encoding */
541 if (con->request.http_version == HTTP_VERSION_1_1 &&
542 !(con->parsed_response & HTTP_CONTENT_LENGTH)) {
543 con->response.transfer_encoding = HTTP_TRANSFER_ENCODING_CHUNKED;
544 }
545
546 if (blen > 0) {
547 if (0 != http_chunk_append_mem(srv, con, bstart, blen)) {
548 return FDEVENT_HANDLED_ERROR;
549 }
550 }
551 }
552
553 con->file_started = 1;
554 } else {
555 /*(reuse MAX_HTTP_REQUEST_HEADER as max size for response headers from backends)*/
556 if (header_len > MAX_HTTP_REQUEST_HEADER) {
557 log_error_write(srv, __FILE__, __LINE__, "sb", "response headers too large for", con->uri.path);
558 con->http_status = 502; /* Bad Gateway */
559 con->mode = DIRECT;
560 return FDEVENT_HANDLED_FINISHED;
561 }
562 }
563 } else {
564 if (0 != http_chunk_append_buffer(srv, con, hctx->response)) {
565 return FDEVENT_HANDLED_ERROR;
566 }
567 if ((con->conf.stream_response_body & FDEVENT_STREAM_RESPONSE_BUFMIN)
568 && chunkqueue_length(con->write_queue) > 65536 - 4096) {
569 if (!con->is_writable) {
570 /*(defer removal of FDEVENT_IN interest since
571 * connection_state_machine() might be able to send data
572 * immediately, unless !con->is_writable, where
573 * connection_state_machine() might not loop back to call
574 * mod_cgi_handle_subrequest())*/
575 fdevent_event_clr(srv->ev, &(hctx->fde_ndx), hctx->fd, FDEVENT_IN);
576 }
577 break;
578 }
579 }
580
581 #if 0
582 log_error_write(srv, __FILE__, __LINE__, "ddss", con->fd, hctx->fd, connection_get_state(con->state), b->ptr);
583 #endif
584 }
585
586 return FDEVENT_HANDLED_NOT_FINISHED;
587 }
588
589 static void cgi_connection_close_fdtocgi(server *srv, handler_ctx *hctx) {
590 /*(closes only hctx->fdtocgi)*/
591 fdevent_event_del(srv->ev, &(hctx->fde_ndx_tocgi), hctx->fdtocgi);
592 fdevent_unregister(srv->ev, hctx->fdtocgi);
593
594 if (close(hctx->fdtocgi)) {
595 log_error_write(srv, __FILE__, __LINE__, "sds", "cgi stdin close failed ", hctx->fdtocgi, strerror(errno));
596 }
597 hctx->fdtocgi = -1;
598 }
599
600 static void cgi_connection_close(server *srv, handler_ctx *hctx) {
601 int status;
602 pid_t pid;
603 plugin_data *p = hctx->plugin_data;
604 connection *con = hctx->remote_conn;
605
606 #ifndef __WIN32
607
608 /* the connection to the browser went away, but we still have a connection
609 * to the CGI script
610 *
611 * close cgi-connection
612 */
613
614 if (hctx->fd != -1) {
615 /* close connection to the cgi-script */
616 fdevent_event_del(srv->ev, &(hctx->fde_ndx), hctx->fd);
617 fdevent_unregister(srv->ev, hctx->fd);
618
619 if (close(hctx->fd)) {
620 log_error_write(srv, __FILE__, __LINE__, "sds", "cgi close failed ", hctx->fd, strerror(errno));
621 }
622 }
623
624 if (hctx->fdtocgi != -1) {
625 cgi_connection_close_fdtocgi(srv, hctx); /*(closes only hctx->fdtocgi)*/
626 }
627
628 pid = hctx->pid;
629
630 con->plugin_ctx[p->id] = NULL;
631
632 cgi_handler_ctx_free(hctx);
633
634 /* if waitpid hasn't been called by response.c yet, do it here */
635 if (pid) {
636 /* check if the CGI-script is already gone */
637 switch(waitpid(pid, &status, WNOHANG)) {
638 case 0:
639 /* not finished yet */
640 #if 0
641 log_error_write(srv, __FILE__, __LINE__, "sd", "(debug) child isn't done yet, pid:", pid);
642 #endif
643 break;
644 case -1:
645 /* */
646 if (errno == EINTR) break;
647
648 /*
649 * errno == ECHILD happens if _subrequest catches the process-status before
650 * we have read the response of the cgi process
651 *
652 * -> catch status
653 * -> WAIT_FOR_EVENT
654 * -> read response
655 * -> we get here with waitpid == ECHILD
656 *
657 */
658 if (errno != ECHILD) {
659 log_error_write(srv, __FILE__, __LINE__, "ss", "waitpid failed: ", strerror(errno));
660 }
661 /* anyway: don't wait for it anymore */
662 pid = 0;
663 break;
664 default:
665 if (WIFEXITED(status)) {
666 #if 0
667 log_error_write(srv, __FILE__, __LINE__, "sd", "(debug) cgi exited fine, pid:", pid);
668 #endif
669 } else {
670 log_error_write(srv, __FILE__, __LINE__, "sd", "cgi died, pid:", pid);
671 }
672
673 pid = 0;
674 break;
675 }
676
677 if (pid) {
678 kill(pid, SIGTERM);
679
680 /* cgi-script is still alive, queue the PID for removal */
681 cgi_pid_add(srv, p, pid);
682 }
683 }
684 #endif
685
686 /* finish response (if not already con->file_started, con->file_finished) */
687 if (con->mode == p->id) {
688 http_response_backend_done(srv, con);
689 }
690 }
691
692 static handler_t cgi_connection_close_callback(server *srv, connection *con, void *p_d) {
693 plugin_data *p = p_d;
694 handler_ctx *hctx = con->plugin_ctx[p->id];
695 if (hctx) cgi_connection_close(srv, hctx);
696
697 return HANDLER_GO_ON;
698 }
699
700
701 static int cgi_write_request(server *srv, handler_ctx *hctx, int fd);
702
703
704 static handler_t cgi_handle_fdevent_send (server *srv, void *ctx, int revents) {
705 handler_ctx *hctx = ctx;
706 connection *con = hctx->remote_conn;
707
708 /*(joblist only actually necessary here in mod_cgi fdevent send if returning HANDLER_ERROR)*/
709 joblist_append(srv, con);
710
711 if (revents & FDEVENT_OUT) {
712 if (0 != cgi_write_request(srv, hctx, hctx->fdtocgi)) {
713 cgi_connection_close(srv, hctx);
714 return HANDLER_ERROR;
715 }
716 /* more request body to be sent to CGI */
717 }
718
719 if (revents & FDEVENT_HUP) {
720 /* skip sending remaining data to CGI */
721 if (con->request.content_length) {
722 chunkqueue *cq = con->request_content_queue;
723 chunkqueue_mark_written(cq, chunkqueue_length(cq));
724 if (cq->bytes_in != (off_t)con->request.content_length) {
725 con->keep_alive = 0;
726 }
727 }
728
729 cgi_connection_close_fdtocgi(srv, hctx); /*(closes only hctx->fdtocgi)*/
730 } else if (revents & FDEVENT_ERR) {
731 /* kill all connections to the cgi process */
732 #if 1
733 log_error_write(srv, __FILE__, __LINE__, "s", "cgi-FDEVENT_ERR");
734 #endif
735 cgi_connection_close(srv, hctx);
736 return HANDLER_ERROR;
737 }
738
739 return HANDLER_FINISHED;
740 }
741
742
743 static int cgi_recv_response(server *srv, handler_ctx *hctx) {
744 switch (cgi_demux_response(srv, hctx)) {
745 case FDEVENT_HANDLED_NOT_FINISHED:
746 break;
747 case FDEVENT_HANDLED_FINISHED:
748 /* we are done */
749
750 #if 0
751 log_error_write(srv, __FILE__, __LINE__, "ddss", con->fd, hctx->fd, connection_get_state(con->state), "finished");
752 #endif
753 cgi_connection_close(srv, hctx);
754
755 /* if we get a IN|HUP and have read everything don't exec the close twice */
756 return HANDLER_FINISHED;
757 case FDEVENT_HANDLED_ERROR:
758 log_error_write(srv, __FILE__, __LINE__, "s", "demuxer failed: ");
759
760 cgi_connection_close(srv, hctx);
761 return HANDLER_FINISHED;
762 }
763
764 return HANDLER_GO_ON;
765 }
766
767
768 static handler_t cgi_handle_fdevent(server *srv, void *ctx, int revents) {
769 handler_ctx *hctx = ctx;
770 connection *con = hctx->remote_conn;
771
772 joblist_append(srv, con);
773
774 if (revents & FDEVENT_IN) {
775 handler_t rc = cgi_recv_response(srv, hctx);/*(might invalidate hctx)*/
776 if (rc != HANDLER_GO_ON) return rc; /*(unless HANDLER_GO_ON)*/
777 }
778
779 /* perhaps this issue is already handled */
780 if (revents & FDEVENT_HUP) {
781 if (con->file_started) {
782 /* drain any remaining data from kernel pipe buffers
783 * even if (con->conf.stream_response_body
784 * & FDEVENT_STREAM_RESPONSE_BUFMIN)
785 * since event loop will spin on fd FDEVENT_HUP event
786 * until unregistered. */
787 handler_t rc;
788 do {
789 rc = cgi_recv_response(srv,hctx);/*(might invalidate hctx)*/
790 } while (rc == HANDLER_GO_ON); /*(unless HANDLER_GO_ON)*/
791 return rc; /* HANDLER_FINISHED or HANDLER_ERROR */
792 } else if (!buffer_string_is_empty(hctx->response_header)) {
793 /* unfinished header package which is a body in reality */
794 con->file_started = 1;
795 if (0 != http_chunk_append_buffer(srv, con, hctx->response_header)) {
796 cgi_connection_close(srv, hctx);
797 return HANDLER_ERROR;
798 }
799 } else {
800 # if 0
801 log_error_write(srv, __FILE__, __LINE__, "sddd", "got HUP from cgi", con->fd, hctx->fd, revents);
802 # endif
803 }
804 cgi_connection_close(srv, hctx);
805 } else if (revents & FDEVENT_ERR) {
806 /* kill all connections to the cgi process */
807 cgi_connection_close(srv, hctx);
808 #if 1
809 log_error_write(srv, __FILE__, __LINE__, "s", "cgi-FDEVENT_ERR");
810 #endif
811 return HANDLER_ERROR;
812 }
813
814 return HANDLER_FINISHED;
815 }
816
817
818 static int cgi_env_add(char_array *env, const char *key, size_t key_len, const char *val, size_t val_len) {
819 char *dst;
820
821 if (!key || !val) return -1;
822
823 dst = malloc(key_len + val_len + 2);
824 force_assert(dst);
825 memcpy(dst, key, key_len);
826 dst[key_len] = '=';
827 memcpy(dst + key_len + 1, val, val_len);
828 dst[key_len + 1 + val_len] = '\0';
829
830 if (env->size == 0) {
831 env->size = 16;
832 env->ptr = malloc(env->size * sizeof(*env->ptr));
833 force_assert(env->ptr);
834 } else if (env->size == env->used) {
835 env->size += 16;
836 env->ptr = realloc(env->ptr, env->size * sizeof(*env->ptr));
837 force_assert(env->ptr);
838 }
839
840 env->ptr[env->used++] = dst;
841
842 return 0;
843 }
844
845 /* returns: 0: continue, -1: fatal error, -2: connection reset */
846 /* similar to network_write_file_chunk_mmap, but doesn't use send on windows (because we're on pipes),
847 * also mmaps and sends complete chunk instead of only small parts - the files
848 * are supposed to be temp files with reasonable chunk sizes.
849 *
850 * Also always use mmap; the files are "trusted", as we created them.
851 */
852 static ssize_t cgi_write_file_chunk_mmap(server *srv, connection *con, int fd, chunkqueue *cq) {
853 chunk* const c = cq->first;
854 off_t offset, toSend, file_end;
855 ssize_t r;
856 size_t mmap_offset, mmap_avail;
857 char *data;
858
859 force_assert(NULL != c);
860 force_assert(FILE_CHUNK == c->type);
861 force_assert(c->offset >= 0 && c->offset <= c->file.length);
862
863 offset = c->file.start + c->offset;
864 toSend = c->file.length - c->offset;
865 file_end = c->file.start + c->file.length; /* offset to file end in this chunk */
866
867 if (0 == toSend) {
868 chunkqueue_remove_finished_chunks(cq);
869 return 0;
870 }
871
872 if (0 != network_open_file_chunk(srv, con, cq)) return -1;
873
874 /* (re)mmap the buffer if range is not covered completely */
875 if (MAP_FAILED == c->file.mmap.start
876 || offset < c->file.mmap.offset
877 || file_end > (off_t)(c->file.mmap.offset + c->file.mmap.length)) {
878
879 if (MAP_FAILED != c->file.mmap.start) {
880 munmap(c->file.mmap.start, c->file.mmap.length);
881 c->file.mmap.start = MAP_FAILED;
882 }
883
884 c->file.mmap.offset = mmap_align_offset(offset);
885 c->file.mmap.length = file_end - c->file.mmap.offset;
886
887 if (MAP_FAILED == (c->file.mmap.start = mmap(NULL, c->file.mmap.length, PROT_READ, MAP_PRIVATE, c->file.fd, c->file.mmap.offset))) {
888 if (toSend > 65536) toSend = 65536;
889 data = malloc(toSend);
890 force_assert(data);
891 if (-1 == lseek(c->file.fd, offset, SEEK_SET)
892 || 0 >= (toSend = read(c->file.fd, data, toSend))) {
893 if (-1 == toSend) {
894 log_error_write(srv, __FILE__, __LINE__, "ssbdo", "lseek/read failed:",
895 strerror(errno), c->file.name, c->file.fd, offset);
896 } else { /*(0 == toSend)*/
897 log_error_write(srv, __FILE__, __LINE__, "sbdo", "unexpected EOF (input truncated?):",
898 c->file.name, c->file.fd, offset);
899 }
900 free(data);
901 return -1;
902 }
903 }
904 }
905
906 if (MAP_FAILED != c->file.mmap.start) {
907 force_assert(offset >= c->file.mmap.offset);
908 mmap_offset = offset - c->file.mmap.offset;
909 force_assert(c->file.mmap.length > mmap_offset);
910 mmap_avail = c->file.mmap.length - mmap_offset;
911 force_assert(toSend <= (off_t) mmap_avail);
912
913 data = c->file.mmap.start + mmap_offset;
914 }
915
916 r = write(fd, data, toSend);
917
918 if (MAP_FAILED == c->file.mmap.start) free(data);
919
920 if (r < 0) {
921 switch (errno) {
922 case EAGAIN:
923 case EINTR:
924 return 0;
925 case EPIPE:
926 case ECONNRESET:
927 return -2;
928 default:
929 log_error_write(srv, __FILE__, __LINE__, "ssd",
930 "write failed:", strerror(errno), fd);
931 return -1;
932 }
933 }
934
935 if (r >= 0) {
936 chunkqueue_mark_written(cq, r);
937 }
938
939 return r;
940 }
941
942 static int cgi_write_request(server *srv, handler_ctx *hctx, int fd) {
943 connection *con = hctx->remote_conn;
944 chunkqueue *cq = con->request_content_queue;
945 chunk *c;
946
947 /* old comment: windows doesn't support select() on pipes - wouldn't be easy to fix for all platforms.
948 * solution: if this is still a problem on windows, then substitute
949 * socketpair() for pipe() and closesocket() for close() on windows.
950 */
951
952 for (c = cq->first; c; c = cq->first) {
953 ssize_t r = -1;
954
955 switch(c->type) {
956 case FILE_CHUNK:
957 r = cgi_write_file_chunk_mmap(srv, con, fd, cq);
958 break;
959
960 case MEM_CHUNK:
961 if ((r = write(fd, c->mem->ptr + c->offset, buffer_string_length(c->mem) - c->offset)) < 0) {
962 switch(errno) {
963 case EAGAIN:
964 case EINTR:
965 /* ignore and try again */
966 r = 0;
967 break;
968 case EPIPE:
969 case ECONNRESET:
970 /* connection closed */
971 r = -2;
972 break;
973 default:
974 /* fatal error */
975 log_error_write(srv, __FILE__, __LINE__, "ss", "write failed due to: ", strerror(errno));
976 r = -1;
977 break;
978 }
979 } else if (r > 0) {
980 chunkqueue_mark_written(cq, r);
981 }
982 break;
983 }
984
985 if (0 == r) break; /*(might block)*/
986
987 switch (r) {
988 case -1:
989 /* fatal error */
990 return -1;
991 case -2:
992 /* connection reset */
993 log_error_write(srv, __FILE__, __LINE__, "s", "failed to send post data to cgi, connection closed by CGI");
994 /* skip all remaining data */
995 chunkqueue_mark_written(cq, chunkqueue_length(cq));
996 break;
997 default:
998 break;
999 }
1000 }
1001
1002 if (cq->bytes_out == (off_t)con->request.content_length) {
1003 /* sent all request body input */
1004 /* close connection to the cgi-script */
1005 if (-1 == hctx->fdtocgi) { /*(received request body sent in initial send to pipe buffer)*/
1006 if (close(fd)) {
1007 log_error_write(srv, __FILE__, __LINE__, "sds", "cgi stdin close failed ", fd, strerror(errno));
1008 }
1009 } else {
1010 cgi_connection_close_fdtocgi(srv, hctx); /*(closes only hctx->fdtocgi)*/
1011 }
1012 } else {
1013 off_t cqlen = cq->bytes_in - cq->bytes_out;
1014 if (cq->bytes_in < (off_t)con->request.content_length && cqlen < 65536 - 16384) {
1015 /*(con->conf.stream_request_body & FDEVENT_STREAM_REQUEST)*/
1016 if (!(con->conf.stream_request_body & FDEVENT_STREAM_REQUEST_POLLIN)) {
1017 con->conf.stream_request_body |= FDEVENT_STREAM_REQUEST_POLLIN;
1018 con->is_readable = 1; /* trigger optimistic read from client */
1019 }
1020 }
1021 if (-1 == hctx->fdtocgi) { /*(not registered yet)*/
1022 hctx->fdtocgi = fd;
1023 hctx->fde_ndx_tocgi = -1;
1024 fdevent_register(srv->ev, hctx->fdtocgi, cgi_handle_fdevent_send, hctx);
1025 }
1026 if (0 == cqlen) { /*(chunkqueue_is_empty(cq))*/
1027 if ((fdevent_event_get_interest(srv->ev, hctx->fdtocgi) & FDEVENT_OUT)) {
1028 fdevent_event_set(srv->ev, &(hctx->fde_ndx_tocgi), hctx->fdtocgi, 0);
1029 }
1030 } else {
1031 /* more request body remains to be sent to CGI so register for fdevents */
1032 fdevent_event_set(srv->ev, &(hctx->fde_ndx_tocgi), hctx->fdtocgi, FDEVENT_OUT);
1033 }
1034 }
1035
1036 return 0;
1037 }
1038
1039 static int cgi_create_env(server *srv, connection *con, plugin_data *p, handler_ctx *hctx, buffer *cgi_handler) {
1040 pid_t pid;
1041
1042 #ifdef HAVE_IPV6
1043 char b2[INET6_ADDRSTRLEN + 1];
1044 #endif
1045
1046 int to_cgi_fds[2];
1047 int from_cgi_fds[2];
1048 struct stat st;
1049
1050 #ifndef __WIN32
1051
1052 if (!buffer_string_is_empty(cgi_handler)) {
1053 /* stat the exec file */
1054 if (-1 == (stat(cgi_handler->ptr, &st))) {
1055 log_error_write(srv, __FILE__, __LINE__, "sbss",
1056 "stat for cgi-handler", cgi_handler,
1057 "failed:", strerror(errno));
1058 return -1;
1059 }
1060 }
1061
1062 if (pipe(to_cgi_fds)) {
1063 log_error_write(srv, __FILE__, __LINE__, "ss", "pipe failed:", strerror(errno));
1064 return -1;
1065 }
1066
1067 if (pipe(from_cgi_fds)) {
1068 close(to_cgi_fds[0]);
1069 close(to_cgi_fds[1]);
1070 log_error_write(srv, __FILE__, __LINE__, "ss", "pipe failed:", strerror(errno));
1071 return -1;
1072 }
1073
1074 /* fork, execve */
1075 switch (pid = fork()) {
1076 case 0: {
1077 /* child */
1078 char **args;
1079 int argc;
1080 int i = 0;
1081 char buf[LI_ITOSTRING_LENGTH];
1082 size_t n;
1083 char_array env;
1084 char *c;
1085 const char *s;
1086 server_socket *srv_sock = con->srv_socket;
1087
1088 /* move stdout to from_cgi_fd[1] */
1089 close(STDOUT_FILENO);
1090 dup2(from_cgi_fds[1], STDOUT_FILENO);
1091 close(from_cgi_fds[1]);
1092 /* not needed */
1093 close(from_cgi_fds[0]);
1094
1095 /* move the stdin to to_cgi_fd[0] */
1096 close(STDIN_FILENO);
1097 dup2(to_cgi_fds[0], STDIN_FILENO);
1098 close(to_cgi_fds[0]);
1099 /* not needed */
1100 close(to_cgi_fds[1]);
1101
1102 /* create environment */
1103 env.ptr = NULL;
1104 env.size = 0;
1105 env.used = 0;
1106
1107 if (buffer_is_empty(con->conf.server_tag)) {
1108 cgi_env_add(&env, CONST_STR_LEN("SERVER_SOFTWARE"), CONST_STR_LEN(PACKAGE_DESC));
1109 } else {
1110 cgi_env_add(&env, CONST_STR_LEN("SERVER_SOFTWARE"), CONST_BUF_LEN(con->conf.server_tag));
1111 }
1112
1113 if (!buffer_string_is_empty(con->server_name)) {
1114 size_t len = buffer_string_length(con->server_name);
1115
1116 if (con->server_name->ptr[0] == '[') {
1117 const char *colon = strstr(con->server_name->ptr, "]:");
1118 if (colon) len = (colon + 1) - con->server_name->ptr;
1119 } else {
1120 const char *colon = strchr(con->server_name->ptr, ':');
1121 if (colon) len = colon - con->server_name->ptr;
1122 }
1123
1124 cgi_env_add(&env, CONST_STR_LEN("SERVER_NAME"), con->server_name->ptr, len);
1125 } else {
1126 #ifdef HAVE_IPV6
1127 s = inet_ntop(
1128 srv_sock->addr.plain.sa_family,
1129 srv_sock->addr.plain.sa_family == AF_INET6 ?
1130 (const void *) &(srv_sock->addr.ipv6.sin6_addr) :
1131 (const void *) &(srv_sock->addr.ipv4.sin_addr),
1132 b2, sizeof(b2)-1);
1133 #else
1134 s = inet_ntoa(srv_sock->addr.ipv4.sin_addr);
1135 #endif
1136 force_assert(s);
1137 cgi_env_add(&env, CONST_STR_LEN("SERVER_NAME"), s, strlen(s));
1138 }
1139 cgi_env_add(&env, CONST_STR_LEN("GATEWAY_INTERFACE"), CONST_STR_LEN("CGI/1.1"));
1140
1141 s = get_http_version_name(con->request.http_version);
1142 force_assert(s);
1143 cgi_env_add(&env, CONST_STR_LEN("SERVER_PROTOCOL"), s, strlen(s));
1144
1145 li_utostrn(buf, sizeof(buf),
1146 #ifdef HAVE_IPV6
1147 ntohs(srv_sock->addr.plain.sa_family == AF_INET6 ? srv_sock->addr.ipv6.sin6_port : srv_sock->addr.ipv4.sin_port)
1148 #else
1149 ntohs(srv_sock->addr.ipv4.sin_port)
1150 #endif
1151 );
1152 cgi_env_add(&env, CONST_STR_LEN("SERVER_PORT"), buf, strlen(buf));
1153
1154 switch (srv_sock->addr.plain.sa_family) {
1155 #ifdef HAVE_IPV6
1156 case AF_INET6:
1157 s = inet_ntop(
1158 srv_sock->addr.plain.sa_family,
1159 (const void *) &(srv_sock->addr.ipv6.sin6_addr),
1160 b2, sizeof(b2)-1);
1161 break;
1162 case AF_INET:
1163 s = inet_ntop(
1164 srv_sock->addr.plain.sa_family,
1165 (const void *) &(srv_sock->addr.ipv4.sin_addr),
1166 b2, sizeof(b2)-1);
1167 break;
1168 #else
1169 case AF_INET:
1170 s = inet_ntoa(srv_sock->addr.ipv4.sin_addr);
1171 break;
1172 #endif
1173 default:
1174 s = "";
1175 break;
1176 }
1177 force_assert(s);
1178 cgi_env_add(&env, CONST_STR_LEN("SERVER_ADDR"), s, strlen(s));
1179
1180 s = get_http_method_name(con->request.http_method);
1181 force_assert(s);
1182 cgi_env_add(&env, CONST_STR_LEN("REQUEST_METHOD"), s, strlen(s));
1183
1184 if (!buffer_string_is_empty(con->request.pathinfo)) {
1185 cgi_env_add(&env, CONST_STR_LEN("PATH_INFO"), CONST_BUF_LEN(con->request.pathinfo));
1186 }
1187 if (!buffer_string_is_empty(con->uri.query)) {
1188 cgi_env_add(&env, CONST_STR_LEN("QUERY_STRING"), CONST_BUF_LEN(con->uri.query));
1189 } else {
1190 cgi_env_add(&env, CONST_STR_LEN("QUERY_STRING"), CONST_STR_LEN(""));
1191 }
1192 if (con->error_handler_saved_status >= 0) {
1193 cgi_env_add(&env, CONST_STR_LEN("REQUEST_URI"), CONST_BUF_LEN(con->request.uri));
1194 } else {
1195 cgi_env_add(&env, CONST_STR_LEN("REQUEST_URI"), CONST_BUF_LEN(con->request.orig_uri));
1196 }
1197 /* set REDIRECT_STATUS for php compiled with --force-redirect
1198 * (if REDIRECT_STATUS has not already been set by error handler) */
1199 if (0 == con->error_handler_saved_status) {
1200 cgi_env_add(&env, CONST_STR_LEN("REDIRECT_STATUS"), CONST_STR_LEN("200"));
1201 }
1202
1203
1204 switch (con->dst_addr.plain.sa_family) {
1205 #ifdef HAVE_IPV6
1206 case AF_INET6:
1207 s = inet_ntop(
1208 con->dst_addr.plain.sa_family,
1209 (const void *) &(con->dst_addr.ipv6.sin6_addr),
1210 b2, sizeof(b2)-1);
1211 break;
1212 case AF_INET:
1213 s = inet_ntop(
1214 con->dst_addr.plain.sa_family,
1215 (const void *) &(con->dst_addr.ipv4.sin_addr),
1216 b2, sizeof(b2)-1);
1217 break;
1218 #else
1219 case AF_INET:
1220 s = inet_ntoa(con->dst_addr.ipv4.sin_addr);
1221 break;
1222 #endif
1223 default:
1224 s = "";
1225 break;
1226 }
1227 force_assert(s);
1228 cgi_env_add(&env, CONST_STR_LEN("REMOTE_ADDR"), s, strlen(s));
1229
1230 li_utostrn(buf, sizeof(buf),
1231 #ifdef HAVE_IPV6
1232 ntohs(con->dst_addr.plain.sa_family == AF_INET6 ? con->dst_addr.ipv6.sin6_port : con->dst_addr.ipv4.sin_port)
1233 #else
1234 ntohs(con->dst_addr.ipv4.sin_port)
1235 #endif
1236 );
1237 cgi_env_add(&env, CONST_STR_LEN("REMOTE_PORT"), buf, strlen(buf));
1238
1239 if (buffer_is_equal_caseless_string(con->uri.scheme, CONST_STR_LEN("https"))) {
1240 cgi_env_add(&env, CONST_STR_LEN("HTTPS"), CONST_STR_LEN("on"));
1241 }
1242
1243 li_itostrn(buf, sizeof(buf), con->request.content_length);
1244 cgi_env_add(&env, CONST_STR_LEN("CONTENT_LENGTH"), buf, strlen(buf));
1245 cgi_env_add(&env, CONST_STR_LEN("SCRIPT_FILENAME"), CONST_BUF_LEN(con->physical.path));
1246 cgi_env_add(&env, CONST_STR_LEN("SCRIPT_NAME"), CONST_BUF_LEN(con->uri.path));
1247 cgi_env_add(&env, CONST_STR_LEN("DOCUMENT_ROOT"), CONST_BUF_LEN(con->physical.basedir));
1248
1249 /* for valgrind */
1250 if (NULL != (s = getenv("LD_PRELOAD"))) {
1251 cgi_env_add(&env, CONST_STR_LEN("LD_PRELOAD"), s, strlen(s));
1252 }
1253
1254 if (NULL != (s = getenv("LD_LIBRARY_PATH"))) {
1255 cgi_env_add(&env, CONST_STR_LEN("LD_LIBRARY_PATH"), s, strlen(s));
1256 }
1257 #ifdef __CYGWIN__
1258 /* CYGWIN needs SYSTEMROOT */
1259 if (NULL != (s = getenv("SYSTEMROOT"))) {
1260 cgi_env_add(&env, CONST_STR_LEN("SYSTEMROOT"), s, strlen(s));
1261 }
1262 #endif
1263
1264 for (n = 0; n < con->request.headers->used; n++) {
1265 data_string *ds;
1266
1267 ds = (data_string *)con->request.headers->data[n];
1268
1269 if (!buffer_is_empty(ds->value) && !buffer_is_empty(ds->key)) {
1270 buffer_copy_string_encoded_cgi_varnames(p->tmp_buf, CONST_BUF_LEN(ds->key), 1);
1271
1272 cgi_env_add(&env, CONST_BUF_LEN(p->tmp_buf), CONST_BUF_LEN(ds->value));
1273 }
1274 }
1275
1276 for (n = 0; n < con->environment->used; n++) {
1277 data_string *ds;
1278
1279 ds = (data_string *)con->environment->data[n];
1280
1281 if (!buffer_is_empty(ds->value) && !buffer_is_empty(ds->key)) {
1282 buffer_copy_string_encoded_cgi_varnames(p->tmp_buf, CONST_BUF_LEN(ds->key), 0);
1283
1284 cgi_env_add(&env, CONST_BUF_LEN(p->tmp_buf), CONST_BUF_LEN(ds->value));
1285 }
1286 }
1287
1288 if (env.size == env.used) {
1289 env.size += 16;
1290 env.ptr = realloc(env.ptr, env.size * sizeof(*env.ptr));
1291 }
1292
1293 env.ptr[env.used] = NULL;
1294
1295 /* set up args */
1296 argc = 3;
1297 args = malloc(sizeof(*args) * argc);
1298 force_assert(args);
1299 i = 0;
1300
1301 if (!buffer_string_is_empty(cgi_handler)) {
1302 args[i++] = cgi_handler->ptr;
1303 }
1304 args[i++] = con->physical.path->ptr;
1305 args[i ] = NULL;
1306
1307 /* search for the last / */
1308 if (NULL != (c = strrchr(con->physical.path->ptr, '/'))) {
1309 /* handle special case of file in root directory */
1310 const char* physdir = (c == con->physical.path->ptr) ? "/" : con->physical.path->ptr;
1311
1312 /* temporarily shorten con->physical.path to directory without terminating '/' */
1313 *c = '\0';
1314 /* change to the physical directory */
1315 if (-1 == chdir(physdir)) {
1316 log_error_write(srv, __FILE__, __LINE__, "ssb", "chdir failed:", strerror(errno), con->physical.path);
1317 }
1318 *c = '/';
1319 }
1320
1321 /* we don't need the client socket */
1322 for (i = 3; i < 256; i++) {
1323 if (i != srv->errorlog_fd) close(i);
1324 }
1325
1326 /* exec the cgi */
1327 execve(args[0], args, env.ptr);
1328
1329 /* most log files may have been closed/redirected by this point,
1330 * though stderr might still point to lighttpd.breakage.log */
1331 perror(args[0]);
1332 _exit(1);
1333 }
1334 case -1:
1335 /* error */
1336 log_error_write(srv, __FILE__, __LINE__, "ss", "fork failed:", strerror(errno));
1337 close(from_cgi_fds[0]);
1338 close(from_cgi_fds[1]);
1339 close(to_cgi_fds[0]);
1340 close(to_cgi_fds[1]);
1341 return -1;
1342 default: {
1343 /* parent process */
1344
1345 close(from_cgi_fds[1]);
1346 close(to_cgi_fds[0]);
1347
1348 /* register PID and wait for them asynchronously */
1349
1350 hctx->pid = pid;
1351 hctx->fd = from_cgi_fds[0];
1352 hctx->fde_ndx = -1;
1353
1354 if (0 == con->request.content_length) {
1355 close(to_cgi_fds[1]);
1356 } else {
1357 /* there is content to send */
1358 if (-1 == fdevent_fcntl_set(srv->ev, to_cgi_fds[1])) {
1359 log_error_write(srv, __FILE__, __LINE__, "ss", "fcntl failed: ", strerror(errno));
1360 close(to_cgi_fds[1]);
1361 cgi_connection_close(srv, hctx);
1362 return -1;
1363 }
1364
1365 if (0 != cgi_write_request(srv, hctx, to_cgi_fds[1])) {
1366 close(to_cgi_fds[1]);
1367 cgi_connection_close(srv, hctx);
1368 return -1;
1369 }
1370 }
1371
1372 fdevent_register(srv->ev, hctx->fd, cgi_handle_fdevent, hctx);
1373 fdevent_event_set(srv->ev, &(hctx->fde_ndx), hctx->fd, FDEVENT_IN);
1374
1375 if (-1 == fdevent_fcntl_set(srv->ev, hctx->fd)) {
1376 log_error_write(srv, __FILE__, __LINE__, "ss", "fcntl failed: ", strerror(errno));
1377 cgi_connection_close(srv, hctx);
1378 return -1;
1379 }
1380
1381 break;
1382 }
1383 }
1384
1385 return 0;
1386 #else
1387 return -1;
1388 #endif
1389 }
1390
1391 static buffer * cgi_get_handler(array *a, buffer *fn) {
1392 size_t k, s_len = buffer_string_length(fn);
1393 for (k = 0; k < a->used; ++k) {
1394 data_string *ds = (data_string *)a->data[k];
1395 size_t ct_len = buffer_string_length(ds->key);
1396
1397 if (buffer_is_empty(ds->key)) continue;
1398 if (s_len < ct_len) continue;
1399
1400 if (0 == strncmp(fn->ptr + s_len - ct_len, ds->key->ptr, ct_len)) {
1401 return ds->value;
1402 }
1403 }
1404
1405 return NULL;
1406 }
1407
1408 #define PATCH(x) \
1409 p->conf.x = s->x;
1410 static int mod_cgi_patch_connection(server *srv, connection *con, plugin_data *p) {
1411 size_t i, j;
1412 plugin_config *s = p->config_storage[0];
1413
1414 PATCH(cgi);
1415 PATCH(execute_x_only);
1416 PATCH(xsendfile_allow);
1417 PATCH(xsendfile_docroot);
1418
1419 /* skip the first, the global context */
1420 for (i = 1; i < srv->config_context->used; i++) {
1421 data_config *dc = (data_config *)srv->config_context->data[i];
1422 s = p->config_storage[i];
1423
1424 /* condition didn't match */
1425 if (!config_check_cond(srv, con, dc)) continue;
1426
1427 /* merge config */
1428 for (j = 0; j < dc->value->used; j++) {
1429 data_unset *du = dc->value->data[j];
1430
1431 if (buffer_is_equal_string(du->key, CONST_STR_LEN("cgi.assign"))) {
1432 PATCH(cgi);
1433 } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("cgi.execute-x-only"))) {
1434 PATCH(execute_x_only);
1435 } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("cgi.x-sendfile"))) {
1436 PATCH(xsendfile_allow);
1437 } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("cgi.x-sendfile-docroot"))) {
1438 PATCH(xsendfile_docroot);
1439 }
1440 }
1441 }
1442
1443 return 0;
1444 }
1445 #undef PATCH
1446
1447 URIHANDLER_FUNC(cgi_is_handled) {
1448 plugin_data *p = p_d;
1449 buffer *fn = con->physical.path;
1450 stat_cache_entry *sce = NULL;
1451
1452 if (con->mode != DIRECT) return HANDLER_GO_ON;
1453
1454 if (buffer_is_empty(fn)) return HANDLER_GO_ON;
1455
1456 mod_cgi_patch_connection(srv, con, p);
1457
1458 if (HANDLER_ERROR == stat_cache_get_entry(srv, con, con->physical.path, &sce)) return HANDLER_GO_ON;
1459 if (!S_ISREG(sce->st.st_mode)) return HANDLER_GO_ON;
1460 if (p->conf.execute_x_only == 1 && (sce->st.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH)) == 0) return HANDLER_GO_ON;
1461
1462 if (NULL != cgi_get_handler(p->conf.cgi, fn)) {
1463 handler_ctx *hctx = cgi_handler_ctx_init();
1464 hctx->remote_conn = con;
1465 hctx->plugin_data = p;
1466 con->plugin_ctx[p->id] = hctx;
1467 con->mode = p->id;
1468 }
1469
1470 return HANDLER_GO_ON;
1471 }
1472
1473 TRIGGER_FUNC(cgi_trigger) {
1474 plugin_data *p = p_d;
1475 size_t ndx;
1476 /* the trigger handle only cares about lonely PID which we have to wait for */
1477 #ifndef __WIN32
1478
1479 for (ndx = 0; ndx < p->cgi_pid.used; ndx++) {
1480 int status;
1481
1482 switch(waitpid(p->cgi_pid.ptr[ndx], &status, WNOHANG)) {
1483 case 0:
1484 /* not finished yet */
1485 #if 0
1486 log_error_write(srv, __FILE__, __LINE__, "sd", "(debug) child isn't done yet, pid:", p->cgi_pid.ptr[ndx]);
1487 #endif
1488 break;
1489 case -1:
1490 if (errno == ECHILD) {
1491 /* someone else called waitpid... remove the pid to stop looping the error each time */
1492 log_error_write(srv, __FILE__, __LINE__, "s", "cgi child vanished, probably someone else called waitpid");
1493
1494 cgi_pid_del(srv, p, p->cgi_pid.ptr[ndx]);
1495 ndx--;
1496 continue;
1497 }
1498
1499 log_error_write(srv, __FILE__, __LINE__, "ss", "waitpid failed: ", strerror(errno));
1500
1501 return HANDLER_ERROR;
1502 default:
1503
1504 if (WIFEXITED(status)) {
1505 #if 0
1506 log_error_write(srv, __FILE__, __LINE__, "sd", "(debug) cgi exited fine, pid:", p->cgi_pid.ptr[ndx]);
1507 #endif
1508 } else if (WIFSIGNALED(status)) {
1509 /* FIXME: what if we killed the CGI script with a kill(..., SIGTERM) ?
1510 */
1511 if (WTERMSIG(status) != SIGTERM) {
1512 log_error_write(srv, __FILE__, __LINE__, "sd", "cleaning up CGI: process died with signal", WTERMSIG(status));
1513 }
1514 } else {
1515 log_error_write(srv, __FILE__, __LINE__, "s", "cleaning up CGI: ended unexpectedly");
1516 }
1517
1518 cgi_pid_del(srv, p, p->cgi_pid.ptr[ndx]);
1519 /* del modified the buffer structure
1520 * and copies the last entry to the current one
1521 * -> recheck the current index
1522 */
1523 ndx--;
1524 }
1525 }
1526 #endif
1527 return HANDLER_GO_ON;
1528 }
1529
1530 /*
1531 * - HANDLER_GO_ON : not our job
1532 * - HANDLER_FINISHED: got response
1533 * - HANDLER_WAIT_FOR_EVENT: waiting for response
1534 */
1535 SUBREQUEST_FUNC(mod_cgi_handle_subrequest) {
1536 plugin_data *p = p_d;
1537 handler_ctx *hctx = con->plugin_ctx[p->id];
1538 chunkqueue *cq = con->request_content_queue;
1539
1540 if (con->mode != p->id) return HANDLER_GO_ON;
1541 if (NULL == hctx) return HANDLER_GO_ON;
1542
1543 if ((con->conf.stream_response_body & FDEVENT_STREAM_RESPONSE_BUFMIN)
1544 && con->file_started) {
1545 if (chunkqueue_length(con->write_queue) > 65536 - 4096) {
1546 fdevent_event_clr(srv->ev, &(hctx->fde_ndx), hctx->fd, FDEVENT_IN);
1547 } else if (!(fdevent_event_get_interest(srv->ev, hctx->fd) & FDEVENT_IN)) {
1548 /* optimistic read from backend, which might re-enable FDEVENT_IN */
1549 handler_t rc = cgi_recv_response(srv, hctx); /*(might invalidate hctx)*/
1550 if (rc != HANDLER_GO_ON) return rc; /*(unless HANDLER_GO_ON)*/
1551 }
1552 }
1553
1554 if (cq->bytes_in != (off_t)con->request.content_length) {
1555 /*(64k - 4k to attempt to avoid temporary files
1556 * in conjunction with FDEVENT_STREAM_REQUEST_BUFMIN)*/
1557 if (cq->bytes_in - cq->bytes_out > 65536 - 4096
1558 && (con->conf.stream_request_body & FDEVENT_STREAM_REQUEST_BUFMIN)){
1559 con->conf.stream_request_body &= ~FDEVENT_STREAM_REQUEST_POLLIN;
1560 if (-1 != hctx->fd) return HANDLER_WAIT_FOR_EVENT;
1561 } else {
1562 handler_t r = connection_handle_read_post_state(srv, con);
1563 if (!chunkqueue_is_empty(cq)) {
1564 if (fdevent_event_get_interest(srv->ev, hctx->fdtocgi) & FDEVENT_OUT) {
1565 return (r == HANDLER_GO_ON) ? HANDLER_WAIT_FOR_EVENT : r;
1566 }
1567 }
1568 if (r != HANDLER_GO_ON) return r;
1569 }
1570 }
1571
1572 if (-1 == hctx->fd) {
1573 buffer *handler = cgi_get_handler(p->conf.cgi, con->physical.path);
1574 if (!handler) return HANDLER_GO_ON; /*(should not happen; checked in cgi_is_handled())*/
1575 if (cgi_create_env(srv, con, p, hctx, handler)) {
1576 con->http_status = 500;
1577 con->mode = DIRECT;
1578
1579 return HANDLER_FINISHED;
1580 }
1581 #if 0
1582 log_error_write(srv, __FILE__, __LINE__, "sdd", "subrequest, pid =", hctx, hctx->pid);
1583 #endif
1584 } else if (!chunkqueue_is_empty(con->request_content_queue)) {
1585 if (0 != cgi_write_request(srv, hctx, hctx->fdtocgi)) {
1586 cgi_connection_close(srv, hctx);
1587 return HANDLER_ERROR;
1588 }
1589 }
1590
1591 /* if not done, wait for CGI to close stdout, so we read EOF on pipe */
1592 return con->file_finished ? HANDLER_FINISHED : HANDLER_WAIT_FOR_EVENT;
1593 }
1594
1595
1596 int mod_cgi_plugin_init(plugin *p);
1597 int mod_cgi_plugin_init(plugin *p) {
1598 p->version = LIGHTTPD_VERSION_ID;
1599 p->name = buffer_init_string("cgi");
1600
1601 p->connection_reset = cgi_connection_close_callback;
1602 p->handle_subrequest_start = cgi_is_handled;
1603 p->handle_subrequest = mod_cgi_handle_subrequest;
1604 p->handle_trigger = cgi_trigger;
1605 p->init = mod_cgi_init;
1606 p->cleanup = mod_cgi_free;
1607 p->set_defaults = mod_fastcgi_set_defaults;
1608
1609 p->data = NULL;
1610
1611 return 0;
1612 }
A fast webserver with minimal memory-footprint (lighttpd)