4 #include "stat_cache.h"
7 #include "connections.h"
10 #include "http_chunk.h"
14 #include <sys/types.h>
18 # include <winsock2.h>
20 # include <sys/socket.h>
21 # include <sys/wait.h>
22 # include <netinet/in.h>
23 # include <arpa/inet.h>
38 static int pipe_cloexec(int pipefd
[2]) {
40 if (0 == pipe2(pipefd
, O_CLOEXEC
)) return 0;
42 return 0 == pipe(pipefd
)
44 && 0 == fcntl(pipefd
[0], F_SETFD
, FD_CLOEXEC
)
45 && 0 == fcntl(pipefd
[1], F_SETFD
, FD_CLOEXEC
)
51 enum {EOL_UNSET
, EOL_N
, EOL_RN
};
68 unsigned short execute_x_only
;
69 unsigned short xsendfile_allow
;
70 array
*xsendfile_docroot
;
77 buffer
*parse_response
;
79 plugin_config
**config_storage
;
88 int fde_ndx
; /* index into the fd-event buffer */
89 int fde_ndx_tocgi
; /* index into the fd-event buffer */
91 connection
*remote_conn
; /* dumb pointer */
92 plugin_data
*plugin_data
; /* dumb pointer */
95 buffer
*response_header
;
96 buffer
*cgi_handler
; /* dumb pointer */
100 static handler_ctx
* cgi_handler_ctx_init(void) {
101 handler_ctx
*hctx
= calloc(1, sizeof(*hctx
));
105 hctx
->response
= buffer_init();
106 hctx
->response_header
= buffer_init();
113 static void cgi_handler_ctx_free(handler_ctx
*hctx
) {
114 buffer_free(hctx
->response
);
115 buffer_free(hctx
->response_header
);
120 enum {FDEVENT_HANDLED_UNSET
, FDEVENT_HANDLED_FINISHED
, FDEVENT_HANDLED_NOT_FINISHED
, FDEVENT_HANDLED_COMEBACK
, FDEVENT_HANDLED_ERROR
};
122 INIT_FUNC(mod_cgi_init
) {
125 p
= calloc(1, sizeof(*p
));
129 p
->parse_response
= buffer_init();
135 FREE_FUNC(mod_cgi_free
) {
136 plugin_data
*p
= p_d
;
137 buffer_pid_t
*r
= &(p
->cgi_pid
);
141 if (p
->config_storage
) {
143 for (i
= 0; i
< srv
->config_context
->used
; i
++) {
144 plugin_config
*s
= p
->config_storage
[i
];
146 if (NULL
== s
) continue;
149 array_free(s
->xsendfile_docroot
);
153 free(p
->config_storage
);
157 if (r
->ptr
) free(r
->ptr
);
159 buffer_free(p
->parse_response
);
163 return HANDLER_GO_ON
;
166 SETDEFAULTS_FUNC(mod_fastcgi_set_defaults
) {
167 plugin_data
*p
= p_d
;
170 config_values_t cv
[] = {
171 { "cgi.assign", NULL
, T_CONFIG_ARRAY
, T_CONFIG_SCOPE_CONNECTION
}, /* 0 */
172 { "cgi.execute-x-only", NULL
, T_CONFIG_BOOLEAN
, T_CONFIG_SCOPE_CONNECTION
}, /* 1 */
173 { "cgi.x-sendfile", NULL
, T_CONFIG_BOOLEAN
, T_CONFIG_SCOPE_CONNECTION
}, /* 2 */
174 { "cgi.x-sendfile-docroot", NULL
, T_CONFIG_ARRAY
, T_CONFIG_SCOPE_CONNECTION
}, /* 3 */
175 { NULL
, NULL
, T_CONFIG_UNSET
, T_CONFIG_SCOPE_UNSET
}
178 if (!p
) return HANDLER_ERROR
;
180 p
->config_storage
= calloc(1, srv
->config_context
->used
* sizeof(plugin_config
*));
181 force_assert(p
->config_storage
);
183 for (i
= 0; i
< srv
->config_context
->used
; i
++) {
184 data_config
const* config
= (data_config
const*)srv
->config_context
->data
[i
];
187 s
= calloc(1, sizeof(plugin_config
));
190 s
->cgi
= array_init();
191 s
->execute_x_only
= 0;
192 s
->xsendfile_allow
= 0;
193 s
->xsendfile_docroot
= array_init();
195 cv
[0].destination
= s
->cgi
;
196 cv
[1].destination
= &(s
->execute_x_only
);
197 cv
[2].destination
= &(s
->xsendfile_allow
);
198 cv
[3].destination
= s
->xsendfile_docroot
;
200 p
->config_storage
[i
] = s
;
202 if (0 != config_insert_values_global(srv
, config
->value
, cv
, i
== 0 ? T_CONFIG_SCOPE_SERVER
: T_CONFIG_SCOPE_CONNECTION
)) {
203 return HANDLER_ERROR
;
206 if (s
->xsendfile_docroot
->used
) {
208 for (j
= 0; j
< s
->xsendfile_docroot
->used
; ++j
) {
209 data_string
*ds
= (data_string
*)s
->xsendfile_docroot
->data
[j
];
210 if (ds
->type
!= TYPE_STRING
) {
211 log_error_write(srv
, __FILE__
, __LINE__
, "s",
212 "unexpected type for key cgi.x-sendfile-docroot; expected: cgi.x-sendfile-docroot = ( \"/allowed/path\", ... )");
213 return HANDLER_ERROR
;
215 if (ds
->value
->ptr
[0] != '/') {
216 log_error_write(srv
, __FILE__
, __LINE__
, "SBs",
217 "cgi.x-sendfile-docroot paths must begin with '/'; invalid: \"", ds
->value
, "\"");
218 return HANDLER_ERROR
;
220 buffer_path_simplify(ds
->value
, ds
->value
);
221 buffer_append_slash(ds
->value
);
226 return HANDLER_GO_ON
;
230 static int cgi_pid_add(server
*srv
, plugin_data
*p
, pid_t pid
) {
233 buffer_pid_t
*r
= &(p
->cgi_pid
);
237 for (i
= 0; i
< r
->used
; i
++) {
238 if (r
->ptr
[i
] > m
) m
= r
->ptr
[i
];
243 r
->ptr
= malloc(sizeof(*r
->ptr
) * r
->size
);
244 force_assert(r
->ptr
);
245 } else if (r
->used
== r
->size
) {
247 r
->ptr
= realloc(r
->ptr
, sizeof(*r
->ptr
) * r
->size
);
248 force_assert(r
->ptr
);
251 r
->ptr
[r
->used
++] = pid
;
256 static int cgi_pid_del(server
*srv
, plugin_data
*p
, pid_t pid
) {
258 buffer_pid_t
*r
= &(p
->cgi_pid
);
262 for (i
= 0; i
< r
->used
; i
++) {
263 if (r
->ptr
[i
] == pid
) break;
269 if (i
!= r
->used
- 1) {
270 r
->ptr
[i
] = r
->ptr
[r
->used
- 1];
278 static int cgi_response_parse(server
*srv
, connection
*con
, plugin_data
*p
, buffer
*in
) {
285 buffer_copy_buffer(p
->parse_response
, in
);
287 for (s
= p
->parse_response
->ptr
;
288 NULL
!= (ns
= strchr(s
, '\n'));
289 s
= ns
+ 1, line
++) {
290 const char *key
, *value
;
297 if (ns
> s
&& ns
[-1] == '\r') ns
[-1] = '\0';
300 0 == strncmp(s
, "HTTP/1.", 7)) {
301 /* non-parsed header ... we parse them anyway */
307 /* after the space should be a status code for us */
309 status
= strtol(s
+9, NULL
, 10);
313 /* we expected 3 digits and didn't got them */
314 con
->parsed_response
|= HTTP_STATUS
;
315 con
->http_status
= status
;
319 /* parse the headers */
321 if (NULL
== (value
= strchr(s
, ':'))) {
322 /* we expect: "<key>: <value>\r\n" */
326 key_len
= value
- key
;
330 while (*value
== ' ' || *value
== '\t') value
++;
332 if (NULL
== (ds
= (data_string
*)array_get_unused_element(con
->response
.headers
, TYPE_STRING
))) {
333 ds
= data_response_init();
335 buffer_copy_string_len(ds
->key
, key
, key_len
);
336 buffer_copy_string(ds
->value
, value
);
338 array_insert_unique(con
->response
.headers
, (data_unset
*)ds
);
342 if (0 == strncasecmp(key
, "Date", key_len
)) {
343 con
->parsed_response
|= HTTP_DATE
;
347 if (0 == strncasecmp(key
, "Status", key_len
)) {
348 int status
= strtol(value
, NULL
, 10);
349 if (status
>= 100 && status
< 1000) {
350 con
->http_status
= status
;
351 con
->parsed_response
|= HTTP_STATUS
;
353 con
->http_status
= 502;
358 if (0 == strncasecmp(key
, "Location", key_len
)) {
359 con
->parsed_response
|= HTTP_LOCATION
;
363 if (0 == strncasecmp(key
, "Connection", key_len
)) {
364 con
->response
.keep_alive
= (0 == strcasecmp(value
, "Keep-Alive")) ? 1 : 0;
365 con
->parsed_response
|= HTTP_CONNECTION
;
369 if (0 == strncasecmp(key
, "Content-Length", key_len
)) {
370 con
->response
.content_length
= strtoul(value
, NULL
, 10);
371 con
->parsed_response
|= HTTP_CONTENT_LENGTH
;
380 /* CGI/1.1 rev 03 - 7.2.1.2 */
381 if ((con
->parsed_response
& HTTP_LOCATION
) &&
382 !(con
->parsed_response
& HTTP_STATUS
)) {
383 con
->http_status
= 302;
390 static int cgi_demux_response(server
*srv
, handler_ctx
*hctx
) {
391 plugin_data
*p
= hctx
->plugin_data
;
392 connection
*con
= hctx
->remote_conn
;
399 buffer_string_prepare_copy(hctx
->response
, 4 * 1024);
401 if (ioctl(con
->fd
, FIONREAD
, &toread
) || toread
<= 4*1024) {
402 buffer_string_prepare_copy(hctx
->response
, 4 * 1024);
404 if (toread
> MAX_READ_LIMIT
) toread
= MAX_READ_LIMIT
;
405 buffer_string_prepare_copy(hctx
->response
, toread
);
409 if (-1 == (n
= read(hctx
->fd
, hctx
->response
->ptr
, hctx
->response
->size
- 1))) {
410 if (errno
== EAGAIN
|| errno
== EINTR
) {
411 /* would block, wait for signal */
412 fdevent_event_add(srv
->ev
, &(hctx
->fde_ndx
), hctx
->fd
, FDEVENT_IN
);
413 return FDEVENT_HANDLED_NOT_FINISHED
;
416 log_error_write(srv
, __FILE__
, __LINE__
, "sdd", strerror(errno
), con
->fd
, hctx
->fd
);
417 return FDEVENT_HANDLED_ERROR
;
422 return FDEVENT_HANDLED_FINISHED
;
425 buffer_commit(hctx
->response
, n
);
427 /* split header from body */
429 if (con
->file_started
== 0) {
431 int is_header_end
= 0;
433 size_t i
, header_len
;
435 buffer_append_string_buffer(hctx
->response_header
, hctx
->response
);
438 * we have to handle a few cases:
451 * and different mixes of \n and \r\n combinations
453 * Some users also forget about CGI and just send a response and hope
454 * we handle it. No headers, no header-content seperator
458 /* nph (non-parsed headers) */
459 if (0 == strncmp(hctx
->response_header
->ptr
, "HTTP/1.", 7)) is_header
= 1;
461 header_len
= buffer_string_length(hctx
->response_header
);
462 for (i
= 0; !is_header_end
&& i
< header_len
; i
++) {
463 char c
= hctx
->response_header
->ptr
[i
];
469 * looks like we have a normal header
475 if (is_header
== 0) {
476 /* we got a EOL but we don't seem to got a HTTP header */
484 * check if we saw a \n(\r)?\n sequence
487 ((i
- last_eol
== 1) ||
488 (i
- last_eol
== 2 && hctx
->response_header
->ptr
[i
- 1] == '\r'))) {
501 /* no header, but a body */
502 if (0 != http_chunk_append_buffer(srv
, con
, hctx
->response_header
)) {
503 return FDEVENT_HANDLED_ERROR
;
509 /* the body starts after the EOL */
510 bstart
= hctx
->response_header
->ptr
+ i
;
511 blen
= header_len
- i
;
514 * i still points to the char after the terminating EOL EOL
516 * put it on the last \n again
520 /* string the last \r?\n */
521 if (i
> 0 && (hctx
->response_header
->ptr
[i
- 1] == '\r')) {
525 buffer_string_set_length(hctx
->response_header
, i
);
527 /* parse the response header */
528 cgi_response_parse(srv
, con
, p
, hctx
->response_header
);
530 if (con
->http_status
>= 300 && con
->http_status
< 400) {
531 /*(con->parsed_response & HTTP_LOCATION)*/
532 size_t ulen
= buffer_string_length(con
->uri
.path
);
534 if (NULL
!= (ds
= (data_string
*) array_get_element(con
->response
.headers
, "Location"))
535 && ds
->value
->ptr
[0] == '/'
536 && (0 != strncmp(ds
->value
->ptr
, con
->uri
.path
->ptr
, ulen
)
537 || (ds
->value
->ptr
[ulen
] != '\0' && ds
->value
->ptr
[ulen
] != '/' && ds
->value
->ptr
[ulen
] != '?'))
538 && NULL
== array_get_element(con
->response
.headers
, "Set-Cookie")) {
539 if (++con
->loops_per_request
> 5) {
540 log_error_write(srv
, __FILE__
, __LINE__
, "sb", "too many internal loops while processing request:", con
->request
.orig_uri
);
541 con
->http_status
= 500; /* Internal Server Error */
543 return FDEVENT_HANDLED_FINISHED
;
546 buffer_copy_buffer(con
->request
.uri
, ds
->value
);
548 if (con
->request
.content_length
) {
549 if (con
->request
.content_length
!= con
->request_content_queue
->bytes_in
) {
552 con
->request
.content_length
= 0;
553 chunkqueue_reset(con
->request_content_queue
);
556 if (con
->http_status
!= 307 && con
->http_status
!= 308) {
557 /* Note: request body (if any) sent to initial dynamic handler
558 * and is not available to the internal redirect */
559 con
->request
.http_method
= HTTP_METHOD_GET
;
562 connection_response_reset(srv
, con
); /*(includes con->http_status = 0)*/
565 return FDEVENT_HANDLED_COMEBACK
;
569 if (hctx
->conf
.xsendfile_allow
) {
571 if (NULL
!= (ds
= (data_string
*) array_get_element(con
->response
.headers
, "X-Sendfile"))) {
572 http_response_xsendfile(srv
, con
, ds
->value
, hctx
->conf
.xsendfile_docroot
);
573 return FDEVENT_HANDLED_FINISHED
;
578 if (0 != http_chunk_append_mem(srv
, con
, bstart
, blen
)) {
579 return FDEVENT_HANDLED_ERROR
;
584 con
->file_started
= 1;
586 /*(reuse MAX_HTTP_REQUEST_HEADER as max size for response headers from backends)*/
587 if (header_len
> MAX_HTTP_REQUEST_HEADER
) {
588 log_error_write(srv
, __FILE__
, __LINE__
, "sb", "response headers too large for", con
->uri
.path
);
589 con
->http_status
= 502; /* Bad Gateway */
591 return FDEVENT_HANDLED_FINISHED
;
595 if (0 != http_chunk_append_buffer(srv
, con
, hctx
->response
)) {
596 return FDEVENT_HANDLED_ERROR
;
598 if ((con
->conf
.stream_response_body
& FDEVENT_STREAM_RESPONSE_BUFMIN
)
599 && chunkqueue_length(con
->write_queue
) > 65536 - 4096) {
600 if (!con
->is_writable
) {
601 /*(defer removal of FDEVENT_IN interest since
602 * connection_state_machine() might be able to send data
603 * immediately, unless !con->is_writable, where
604 * connection_state_machine() might not loop back to call
605 * mod_cgi_handle_subrequest())*/
606 fdevent_event_clr(srv
->ev
, &(hctx
->fde_ndx
), hctx
->fd
, FDEVENT_IN
);
613 log_error_write(srv
, __FILE__
, __LINE__
, "ddss", con
->fd
, hctx
->fd
, connection_get_state(con
->state
), b
->ptr
);
617 return FDEVENT_HANDLED_NOT_FINISHED
;
620 static void cgi_connection_close_fdtocgi(server
*srv
, handler_ctx
*hctx
) {
621 /*(closes only hctx->fdtocgi)*/
622 fdevent_event_del(srv
->ev
, &(hctx
->fde_ndx_tocgi
), hctx
->fdtocgi
);
623 fdevent_unregister(srv
->ev
, hctx
->fdtocgi
);
624 fdevent_sched_close(srv
->ev
, hctx
->fdtocgi
, 0);
628 static void cgi_connection_close(server
*srv
, handler_ctx
*hctx
) {
631 plugin_data
*p
= hctx
->plugin_data
;
632 connection
*con
= hctx
->remote_conn
;
636 /* the connection to the browser went away, but we still have a connection
639 * close cgi-connection
642 if (hctx
->fd
!= -1) {
643 /* close connection to the cgi-script */
644 fdevent_event_del(srv
->ev
, &(hctx
->fde_ndx
), hctx
->fd
);
645 fdevent_unregister(srv
->ev
, hctx
->fd
);
646 fdevent_sched_close(srv
->ev
, hctx
->fd
, 0);
649 if (hctx
->fdtocgi
!= -1) {
650 cgi_connection_close_fdtocgi(srv
, hctx
); /*(closes only hctx->fdtocgi)*/
655 con
->plugin_ctx
[p
->id
] = NULL
;
657 cgi_handler_ctx_free(hctx
);
659 /* if waitpid hasn't been called by response.c yet, do it here */
661 /* check if the CGI-script is already gone */
662 switch(waitpid(pid
, &status
, WNOHANG
)) {
664 /* not finished yet */
666 log_error_write(srv
, __FILE__
, __LINE__
, "sd", "(debug) child isn't done yet, pid:", pid
);
671 if (errno
== EINTR
) break;
674 * errno == ECHILD happens if _subrequest catches the process-status before
675 * we have read the response of the cgi process
680 * -> we get here with waitpid == ECHILD
683 if (errno
!= ECHILD
) {
684 log_error_write(srv
, __FILE__
, __LINE__
, "ss", "waitpid failed: ", strerror(errno
));
686 /* anyway: don't wait for it anymore */
690 if (WIFEXITED(status
)) {
692 log_error_write(srv
, __FILE__
, __LINE__
, "sd", "(debug) cgi exited fine, pid:", pid
);
695 log_error_write(srv
, __FILE__
, __LINE__
, "sd", "cgi died, pid:", pid
);
705 /* cgi-script is still alive, queue the PID for removal */
706 cgi_pid_add(srv
, p
, pid
);
711 /* finish response (if not already con->file_started, con->file_finished) */
712 if (con
->mode
== p
->id
) {
713 http_response_backend_done(srv
, con
);
717 static handler_t
cgi_connection_close_callback(server
*srv
, connection
*con
, void *p_d
) {
718 plugin_data
*p
= p_d
;
719 handler_ctx
*hctx
= con
->plugin_ctx
[p
->id
];
720 if (hctx
) cgi_connection_close(srv
, hctx
);
722 return HANDLER_GO_ON
;
726 static int cgi_write_request(server
*srv
, handler_ctx
*hctx
, int fd
);
729 static handler_t
cgi_handle_fdevent_send (server
*srv
, void *ctx
, int revents
) {
730 handler_ctx
*hctx
= ctx
;
731 connection
*con
= hctx
->remote_conn
;
733 /*(joblist only actually necessary here in mod_cgi fdevent send if returning HANDLER_ERROR)*/
734 joblist_append(srv
, con
);
736 if (revents
& FDEVENT_OUT
) {
737 if (0 != cgi_write_request(srv
, hctx
, hctx
->fdtocgi
)) {
738 cgi_connection_close(srv
, hctx
);
739 return HANDLER_ERROR
;
741 /* more request body to be sent to CGI */
744 if (revents
& FDEVENT_HUP
) {
745 /* skip sending remaining data to CGI */
746 if (con
->request
.content_length
) {
747 chunkqueue
*cq
= con
->request_content_queue
;
748 chunkqueue_mark_written(cq
, chunkqueue_length(cq
));
749 if (cq
->bytes_in
!= (off_t
)con
->request
.content_length
) {
754 cgi_connection_close_fdtocgi(srv
, hctx
); /*(closes only hctx->fdtocgi)*/
755 } else if (revents
& FDEVENT_ERR
) {
756 /* kill all connections to the cgi process */
758 log_error_write(srv
, __FILE__
, __LINE__
, "s", "cgi-FDEVENT_ERR");
760 cgi_connection_close(srv
, hctx
);
761 return HANDLER_ERROR
;
764 return HANDLER_FINISHED
;
768 static int cgi_recv_response(server
*srv
, handler_ctx
*hctx
) {
769 switch (cgi_demux_response(srv
, hctx
)) {
770 case FDEVENT_HANDLED_NOT_FINISHED
:
772 case FDEVENT_HANDLED_FINISHED
:
776 log_error_write(srv
, __FILE__
, __LINE__
, "ddss", con
->fd
, hctx
->fd
, connection_get_state(con
->state
), "finished");
778 cgi_connection_close(srv
, hctx
);
780 /* if we get a IN|HUP and have read everything don't exec the close twice */
781 return HANDLER_FINISHED
;
782 case FDEVENT_HANDLED_COMEBACK
:
783 cgi_connection_close(srv
, hctx
);
784 return HANDLER_COMEBACK
;
785 case FDEVENT_HANDLED_ERROR
:
786 log_error_write(srv
, __FILE__
, __LINE__
, "s", "demuxer failed: ");
788 cgi_connection_close(srv
, hctx
);
789 return HANDLER_FINISHED
;
792 return HANDLER_GO_ON
;
796 static handler_t
cgi_handle_fdevent(server
*srv
, void *ctx
, int revents
) {
797 handler_ctx
*hctx
= ctx
;
798 connection
*con
= hctx
->remote_conn
;
800 joblist_append(srv
, con
);
802 if (revents
& FDEVENT_IN
) {
803 handler_t rc
= cgi_recv_response(srv
, hctx
);/*(might invalidate hctx)*/
804 if (rc
!= HANDLER_GO_ON
) return rc
; /*(unless HANDLER_GO_ON)*/
807 /* perhaps this issue is already handled */
808 if (revents
& FDEVENT_HUP
) {
809 if (con
->file_started
) {
810 /* drain any remaining data from kernel pipe buffers
811 * even if (con->conf.stream_response_body
812 * & FDEVENT_STREAM_RESPONSE_BUFMIN)
813 * since event loop will spin on fd FDEVENT_HUP event
814 * until unregistered. */
817 rc
= cgi_recv_response(srv
,hctx
);/*(might invalidate hctx)*/
818 } while (rc
== HANDLER_GO_ON
); /*(unless HANDLER_GO_ON)*/
819 return rc
; /* HANDLER_FINISHED or HANDLER_COMEBACK or HANDLER_ERROR */
820 } else if (!buffer_string_is_empty(hctx
->response_header
)) {
821 /* unfinished header package which is a body in reality */
822 con
->file_started
= 1;
823 if (0 != http_chunk_append_buffer(srv
, con
, hctx
->response_header
)) {
824 cgi_connection_close(srv
, hctx
);
825 return HANDLER_ERROR
;
829 log_error_write(srv
, __FILE__
, __LINE__
, "sddd", "got HUP from cgi", con
->fd
, hctx
->fd
, revents
);
832 cgi_connection_close(srv
, hctx
);
833 } else if (revents
& FDEVENT_ERR
) {
834 /* kill all connections to the cgi process */
835 cgi_connection_close(srv
, hctx
);
837 log_error_write(srv
, __FILE__
, __LINE__
, "s", "cgi-FDEVENT_ERR");
839 return HANDLER_ERROR
;
842 return HANDLER_FINISHED
;
846 static int cgi_env_add(void *venv
, const char *key
, size_t key_len
, const char *val
, size_t val_len
) {
847 char_array
*env
= venv
;
850 if (!key
|| !val
) return -1;
852 dst
= malloc(key_len
+ val_len
+ 2);
854 memcpy(dst
, key
, key_len
);
856 memcpy(dst
+ key_len
+ 1, val
, val_len
);
857 dst
[key_len
+ 1 + val_len
] = '\0';
859 if (env
->size
== 0) {
861 env
->ptr
= malloc(env
->size
* sizeof(*env
->ptr
));
862 force_assert(env
->ptr
);
863 } else if (env
->size
== env
->used
) {
865 env
->ptr
= realloc(env
->ptr
, env
->size
* sizeof(*env
->ptr
));
866 force_assert(env
->ptr
);
869 env
->ptr
[env
->used
++] = dst
;
874 /*(improved from network_write_mmap.c)*/
875 static off_t
mmap_align_offset(off_t start
) {
876 static off_t pagemask
= 0;
878 long pagesize
= sysconf(_SC_PAGESIZE
);
879 if (-1 == pagesize
) pagesize
= 4096;
880 pagemask
= ~((off_t
)pagesize
- 1); /* pagesize always power-of-2 */
882 return (start
& pagemask
);
885 /* returns: 0: continue, -1: fatal error, -2: connection reset */
886 /* similar to network_write_file_chunk_mmap, but doesn't use send on windows (because we're on pipes),
887 * also mmaps and sends complete chunk instead of only small parts - the files
888 * are supposed to be temp files with reasonable chunk sizes.
890 * Also always use mmap; the files are "trusted", as we created them.
892 static ssize_t
cgi_write_file_chunk_mmap(server
*srv
, connection
*con
, int fd
, chunkqueue
*cq
) {
893 chunk
* const c
= cq
->first
;
894 off_t offset
, toSend
, file_end
;
896 size_t mmap_offset
, mmap_avail
;
899 force_assert(NULL
!= c
);
900 force_assert(FILE_CHUNK
== c
->type
);
901 force_assert(c
->offset
>= 0 && c
->offset
<= c
->file
.length
);
903 offset
= c
->file
.start
+ c
->offset
;
904 toSend
= c
->file
.length
- c
->offset
;
905 file_end
= c
->file
.start
+ c
->file
.length
; /* offset to file end in this chunk */
908 chunkqueue_remove_finished_chunks(cq
);
912 /*(simplified from network_write_no_mmap.c:network_open_file_chunk())*/
914 if (-1 == c
->file
.fd
) {
915 if (-1 == (c
->file
.fd
= fdevent_open_cloexec(c
->file
.name
->ptr
, O_RDONLY
, 0))) {
916 log_error_write(srv
, __FILE__
, __LINE__
, "ssb", "open failed:", strerror(errno
), c
->file
.name
);
921 /* (re)mmap the buffer if range is not covered completely */
922 if (MAP_FAILED
== c
->file
.mmap
.start
923 || offset
< c
->file
.mmap
.offset
924 || file_end
> (off_t
)(c
->file
.mmap
.offset
+ c
->file
.mmap
.length
)) {
926 if (MAP_FAILED
!= c
->file
.mmap
.start
) {
927 munmap(c
->file
.mmap
.start
, c
->file
.mmap
.length
);
928 c
->file
.mmap
.start
= MAP_FAILED
;
931 c
->file
.mmap
.offset
= mmap_align_offset(offset
);
932 c
->file
.mmap
.length
= file_end
- c
->file
.mmap
.offset
;
934 if (MAP_FAILED
== (c
->file
.mmap
.start
= mmap(NULL
, c
->file
.mmap
.length
, PROT_READ
, MAP_PRIVATE
, c
->file
.fd
, c
->file
.mmap
.offset
))) {
935 if (toSend
> 65536) toSend
= 65536;
936 data
= malloc(toSend
);
938 if (-1 == lseek(c
->file
.fd
, offset
, SEEK_SET
)
939 || 0 >= (toSend
= read(c
->file
.fd
, data
, toSend
))) {
941 log_error_write(srv
, __FILE__
, __LINE__
, "ssbdo", "lseek/read failed:",
942 strerror(errno
), c
->file
.name
, c
->file
.fd
, offset
);
943 } else { /*(0 == toSend)*/
944 log_error_write(srv
, __FILE__
, __LINE__
, "sbdo", "unexpected EOF (input truncated?):",
945 c
->file
.name
, c
->file
.fd
, offset
);
953 if (MAP_FAILED
!= c
->file
.mmap
.start
) {
954 force_assert(offset
>= c
->file
.mmap
.offset
);
955 mmap_offset
= offset
- c
->file
.mmap
.offset
;
956 force_assert(c
->file
.mmap
.length
> mmap_offset
);
957 mmap_avail
= c
->file
.mmap
.length
- mmap_offset
;
958 force_assert(toSend
<= (off_t
) mmap_avail
);
960 data
= c
->file
.mmap
.start
+ mmap_offset
;
963 r
= write(fd
, data
, toSend
);
965 if (MAP_FAILED
== c
->file
.mmap
.start
) free(data
);
976 log_error_write(srv
, __FILE__
, __LINE__
, "ssd",
977 "write failed:", strerror(errno
), fd
);
983 chunkqueue_mark_written(cq
, r
);
989 static int cgi_write_request(server
*srv
, handler_ctx
*hctx
, int fd
) {
990 connection
*con
= hctx
->remote_conn
;
991 chunkqueue
*cq
= con
->request_content_queue
;
994 /* old comment: windows doesn't support select() on pipes - wouldn't be easy to fix for all platforms.
995 * solution: if this is still a problem on windows, then substitute
996 * socketpair() for pipe() and closesocket() for close() on windows.
999 for (c
= cq
->first
; c
; c
= cq
->first
) {
1004 r
= cgi_write_file_chunk_mmap(srv
, con
, fd
, cq
);
1008 if ((r
= write(fd
, c
->mem
->ptr
+ c
->offset
, buffer_string_length(c
->mem
) - c
->offset
)) < 0) {
1012 /* ignore and try again */
1017 /* connection closed */
1022 log_error_write(srv
, __FILE__
, __LINE__
, "ss", "write failed due to: ", strerror(errno
));
1027 chunkqueue_mark_written(cq
, r
);
1032 if (0 == r
) break; /*(might block)*/
1039 /* connection reset */
1040 log_error_write(srv
, __FILE__
, __LINE__
, "s", "failed to send post data to cgi, connection closed by CGI");
1041 /* skip all remaining data */
1042 chunkqueue_mark_written(cq
, chunkqueue_length(cq
));
1049 if (cq
->bytes_out
== (off_t
)con
->request
.content_length
) {
1050 /* sent all request body input */
1051 /* close connection to the cgi-script */
1052 if (-1 == hctx
->fdtocgi
) { /*(received request body sent in initial send to pipe buffer)*/
1055 log_error_write(srv
, __FILE__
, __LINE__
, "sds", "cgi stdin close failed ", fd
, strerror(errno
));
1058 cgi_connection_close_fdtocgi(srv
, hctx
); /*(closes only hctx->fdtocgi)*/
1061 off_t cqlen
= cq
->bytes_in
- cq
->bytes_out
;
1062 if (cq
->bytes_in
!= con
->request
.content_length
&& cqlen
< 65536 - 16384) {
1063 /*(con->conf.stream_request_body & FDEVENT_STREAM_REQUEST)*/
1064 if (!(con
->conf
.stream_request_body
& FDEVENT_STREAM_REQUEST_POLLIN
)) {
1065 con
->conf
.stream_request_body
|= FDEVENT_STREAM_REQUEST_POLLIN
;
1066 con
->is_readable
= 1; /* trigger optimistic read from client */
1069 if (-1 == hctx
->fdtocgi
) { /*(not registered yet)*/
1071 hctx
->fde_ndx_tocgi
= -1;
1072 fdevent_register(srv
->ev
, hctx
->fdtocgi
, cgi_handle_fdevent_send
, hctx
);
1074 if (0 == cqlen
) { /*(chunkqueue_is_empty(cq))*/
1075 if ((fdevent_event_get_interest(srv
->ev
, hctx
->fdtocgi
) & FDEVENT_OUT
)) {
1076 fdevent_event_set(srv
->ev
, &(hctx
->fde_ndx_tocgi
), hctx
->fdtocgi
, 0);
1079 /* more request body remains to be sent to CGI so register for fdevents */
1080 fdevent_event_set(srv
->ev
, &(hctx
->fde_ndx_tocgi
), hctx
->fdtocgi
, FDEVENT_OUT
);
1087 static int cgi_create_env(server
*srv
, connection
*con
, plugin_data
*p
, handler_ctx
*hctx
, buffer
*cgi_handler
) {
1091 int from_cgi_fds
[2];
1097 if (!buffer_string_is_empty(cgi_handler
)) {
1098 /* stat the exec file */
1099 if (-1 == (stat(cgi_handler
->ptr
, &st
))) {
1100 log_error_write(srv
, __FILE__
, __LINE__
, "sbss",
1101 "stat for cgi-handler", cgi_handler
,
1102 "failed:", strerror(errno
));
1107 if (pipe_cloexec(to_cgi_fds
)) {
1108 log_error_write(srv
, __FILE__
, __LINE__
, "ss", "pipe failed:", strerror(errno
));
1112 if (pipe_cloexec(from_cgi_fds
)) {
1113 close(to_cgi_fds
[0]);
1114 close(to_cgi_fds
[1]);
1115 log_error_write(srv
, __FILE__
, __LINE__
, "ss", "pipe failed:", strerror(errno
));
1120 switch (pid
= fork()) {
1129 http_cgi_opts opts
= { 0, 0, NULL
, NULL
};
1131 /* move stdout to from_cgi_fd[1] */
1132 dup2(from_cgi_fds
[1], STDOUT_FILENO
);
1134 close(from_cgi_fds
[1]);
1136 close(from_cgi_fds
[0]);
1139 /* move the stdin to to_cgi_fd[0] */
1140 dup2(to_cgi_fds
[0], STDIN_FILENO
);
1142 close(to_cgi_fds
[0]);
1144 close(to_cgi_fds
[1]);
1147 /* create environment */
1152 http_cgi_headers(srv
, con
, &opts
, cgi_env_add
, &env
);
1155 if (NULL
!= (s
= getenv("LD_PRELOAD"))) {
1156 cgi_env_add(&env
, CONST_STR_LEN("LD_PRELOAD"), s
, strlen(s
));
1159 if (NULL
!= (s
= getenv("LD_LIBRARY_PATH"))) {
1160 cgi_env_add(&env
, CONST_STR_LEN("LD_LIBRARY_PATH"), s
, strlen(s
));
1163 /* CYGWIN needs SYSTEMROOT */
1164 if (NULL
!= (s
= getenv("SYSTEMROOT"))) {
1165 cgi_env_add(&env
, CONST_STR_LEN("SYSTEMROOT"), s
, strlen(s
));
1169 if (env
.size
== env
.used
) {
1171 env
.ptr
= realloc(env
.ptr
, env
.size
* sizeof(*env
.ptr
));
1174 env
.ptr
[env
.used
] = NULL
;
1178 args
= malloc(sizeof(*args
) * argc
);
1182 if (!buffer_string_is_empty(cgi_handler
)) {
1183 args
[i
++] = cgi_handler
->ptr
;
1185 args
[i
++] = con
->physical
.path
->ptr
;
1188 /* search for the last / */
1189 if (NULL
!= (c
= strrchr(con
->physical
.path
->ptr
, '/'))) {
1190 /* handle special case of file in root directory */
1191 const char* physdir
= (c
== con
->physical
.path
->ptr
) ? "/" : con
->physical
.path
->ptr
;
1193 /* temporarily shorten con->physical.path to directory without terminating '/' */
1195 /* change to the physical directory */
1196 if (-1 == chdir(physdir
)) {
1197 log_error_write(srv
, __FILE__
, __LINE__
, "ssb", "chdir failed:", strerror(errno
), con
->physical
.path
);
1202 /* we don't need the client socket */
1203 for (i
= 3; i
< 256; i
++) {
1204 if (i
!= srv
->errorlog_fd
) close(i
);
1208 execve(args
[0], args
, env
.ptr
);
1210 /* most log files may have been closed/redirected by this point,
1211 * though stderr might still point to lighttpd.breakage.log */
1217 log_error_write(srv
, __FILE__
, __LINE__
, "ss", "fork failed:", strerror(errno
));
1218 close(from_cgi_fds
[0]);
1219 close(from_cgi_fds
[1]);
1220 close(to_cgi_fds
[0]);
1221 close(to_cgi_fds
[1]);
1224 /* parent process */
1226 close(from_cgi_fds
[1]);
1227 close(to_cgi_fds
[0]);
1229 /* register PID and wait for them asynchronously */
1232 hctx
->fd
= from_cgi_fds
[0];
1237 if (0 == con
->request
.content_length
) {
1238 close(to_cgi_fds
[1]);
1240 /* there is content to send */
1241 if (-1 == fdevent_fcntl_set_nb(srv
->ev
, to_cgi_fds
[1])) {
1242 log_error_write(srv
, __FILE__
, __LINE__
, "ss", "fcntl failed: ", strerror(errno
));
1243 close(to_cgi_fds
[1]);
1244 cgi_connection_close(srv
, hctx
);
1248 if (0 != cgi_write_request(srv
, hctx
, to_cgi_fds
[1])) {
1249 close(to_cgi_fds
[1]);
1250 cgi_connection_close(srv
, hctx
);
1257 fdevent_register(srv
->ev
, hctx
->fd
, cgi_handle_fdevent
, hctx
);
1258 if (-1 == fdevent_fcntl_set_nb(srv
->ev
, hctx
->fd
)) {
1259 log_error_write(srv
, __FILE__
, __LINE__
, "ss", "fcntl failed: ", strerror(errno
));
1260 cgi_connection_close(srv
, hctx
);
1263 fdevent_event_set(srv
->ev
, &(hctx
->fde_ndx
), hctx
->fd
, FDEVENT_IN
);
1275 static buffer
* cgi_get_handler(array
*a
, buffer
*fn
) {
1276 size_t k
, s_len
= buffer_string_length(fn
);
1277 for (k
= 0; k
< a
->used
; ++k
) {
1278 data_string
*ds
= (data_string
*)a
->data
[k
];
1279 size_t ct_len
= buffer_string_length(ds
->key
);
1281 if (buffer_is_empty(ds
->key
)) continue;
1282 if (s_len
< ct_len
) continue;
1284 if (0 == strncmp(fn
->ptr
+ s_len
- ct_len
, ds
->key
->ptr
, ct_len
)) {
1294 static int mod_cgi_patch_connection(server
*srv
, connection
*con
, plugin_data
*p
) {
1296 plugin_config
*s
= p
->config_storage
[0];
1299 PATCH(execute_x_only
);
1300 PATCH(xsendfile_allow
);
1301 PATCH(xsendfile_docroot
);
1303 /* skip the first, the global context */
1304 for (i
= 1; i
< srv
->config_context
->used
; i
++) {
1305 data_config
*dc
= (data_config
*)srv
->config_context
->data
[i
];
1306 s
= p
->config_storage
[i
];
1308 /* condition didn't match */
1309 if (!config_check_cond(srv
, con
, dc
)) continue;
1312 for (j
= 0; j
< dc
->value
->used
; j
++) {
1313 data_unset
*du
= dc
->value
->data
[j
];
1315 if (buffer_is_equal_string(du
->key
, CONST_STR_LEN("cgi.assign"))) {
1317 } else if (buffer_is_equal_string(du
->key
, CONST_STR_LEN("cgi.execute-x-only"))) {
1318 PATCH(execute_x_only
);
1319 } else if (buffer_is_equal_string(du
->key
, CONST_STR_LEN("cgi.x-sendfile"))) {
1320 PATCH(xsendfile_allow
);
1321 } else if (buffer_is_equal_string(du
->key
, CONST_STR_LEN("cgi.x-sendfile-docroot"))) {
1322 PATCH(xsendfile_docroot
);
1331 URIHANDLER_FUNC(cgi_is_handled
) {
1332 plugin_data
*p
= p_d
;
1333 buffer
*fn
= con
->physical
.path
;
1334 stat_cache_entry
*sce
= NULL
;
1337 buffer
*cgi_handler
;
1339 if (con
->mode
!= DIRECT
) return HANDLER_GO_ON
;
1341 if (buffer_is_empty(fn
)) return HANDLER_GO_ON
;
1343 mod_cgi_patch_connection(srv
, con
, p
);
1345 if (HANDLER_ERROR
!= stat_cache_get_entry(srv
, con
, con
->physical
.path
, &sce
)) {
1348 /* CGI might be executable even if it is not readable
1349 * (stat_cache_get_entry() currently checks file is readable)*/
1350 if (0 != stat(con
->physical
.path
->ptr
, &stbuf
)) return HANDLER_GO_ON
;
1354 if (!S_ISREG(st
->st_mode
)) return HANDLER_GO_ON
;
1355 if (p
->conf
.execute_x_only
== 1 && (st
->st_mode
& (S_IXUSR
| S_IXGRP
| S_IXOTH
)) == 0) return HANDLER_GO_ON
;
1357 if (NULL
!= (cgi_handler
= cgi_get_handler(p
->conf
.cgi
, fn
))) {
1358 handler_ctx
*hctx
= cgi_handler_ctx_init();
1359 hctx
->remote_conn
= con
;
1360 hctx
->plugin_data
= p
;
1361 hctx
->cgi_handler
= cgi_handler
;
1362 memcpy(&hctx
->conf
, &p
->conf
, sizeof(plugin_config
));
1363 con
->plugin_ctx
[p
->id
] = hctx
;
1367 return HANDLER_GO_ON
;
1370 TRIGGER_FUNC(cgi_trigger
) {
1371 plugin_data
*p
= p_d
;
1373 /* the trigger handle only cares about lonely PID which we have to wait for */
1376 for (ndx
= 0; ndx
< p
->cgi_pid
.used
; ndx
++) {
1379 switch(waitpid(p
->cgi_pid
.ptr
[ndx
], &status
, WNOHANG
)) {
1381 /* not finished yet */
1383 log_error_write(srv
, __FILE__
, __LINE__
, "sd", "(debug) child isn't done yet, pid:", p
->cgi_pid
.ptr
[ndx
]);
1387 if (errno
== ECHILD
) {
1388 /* someone else called waitpid... remove the pid to stop looping the error each time */
1389 log_error_write(srv
, __FILE__
, __LINE__
, "s", "cgi child vanished, probably someone else called waitpid");
1391 cgi_pid_del(srv
, p
, p
->cgi_pid
.ptr
[ndx
]);
1396 log_error_write(srv
, __FILE__
, __LINE__
, "ss", "waitpid failed: ", strerror(errno
));
1398 return HANDLER_ERROR
;
1401 if (WIFEXITED(status
)) {
1403 log_error_write(srv
, __FILE__
, __LINE__
, "sd", "(debug) cgi exited fine, pid:", p
->cgi_pid
.ptr
[ndx
]);
1405 } else if (WIFSIGNALED(status
)) {
1406 /* FIXME: what if we killed the CGI script with a kill(..., SIGTERM) ?
1408 if (WTERMSIG(status
) != SIGTERM
) {
1409 log_error_write(srv
, __FILE__
, __LINE__
, "sd", "cleaning up CGI: process died with signal", WTERMSIG(status
));
1412 log_error_write(srv
, __FILE__
, __LINE__
, "s", "cleaning up CGI: ended unexpectedly");
1415 cgi_pid_del(srv
, p
, p
->cgi_pid
.ptr
[ndx
]);
1416 /* del modified the buffer structure
1417 * and copies the last entry to the current one
1418 * -> recheck the current index
1424 return HANDLER_GO_ON
;
1428 * - HANDLER_GO_ON : not our job
1429 * - HANDLER_FINISHED: got response
1430 * - HANDLER_WAIT_FOR_EVENT: waiting for response
1432 SUBREQUEST_FUNC(mod_cgi_handle_subrequest
) {
1433 plugin_data
*p
= p_d
;
1434 handler_ctx
*hctx
= con
->plugin_ctx
[p
->id
];
1435 chunkqueue
*cq
= con
->request_content_queue
;
1437 if (con
->mode
!= p
->id
) return HANDLER_GO_ON
;
1438 if (NULL
== hctx
) return HANDLER_GO_ON
;
1440 if ((con
->conf
.stream_response_body
& FDEVENT_STREAM_RESPONSE_BUFMIN
)
1441 && con
->file_started
) {
1442 if (chunkqueue_length(con
->write_queue
) > 65536 - 4096) {
1443 fdevent_event_clr(srv
->ev
, &(hctx
->fde_ndx
), hctx
->fd
, FDEVENT_IN
);
1444 } else if (!(fdevent_event_get_interest(srv
->ev
, hctx
->fd
) & FDEVENT_IN
)) {
1445 /* optimistic read from backend, which might re-enable FDEVENT_IN */
1446 handler_t rc
= cgi_recv_response(srv
, hctx
); /*(might invalidate hctx)*/
1447 if (rc
!= HANDLER_GO_ON
) return rc
; /*(unless HANDLER_GO_ON)*/
1451 if (cq
->bytes_in
!= (off_t
)con
->request
.content_length
) {
1452 /*(64k - 4k to attempt to avoid temporary files
1453 * in conjunction with FDEVENT_STREAM_REQUEST_BUFMIN)*/
1454 if (cq
->bytes_in
- cq
->bytes_out
> 65536 - 4096
1455 && (con
->conf
.stream_request_body
& FDEVENT_STREAM_REQUEST_BUFMIN
)){
1456 con
->conf
.stream_request_body
&= ~FDEVENT_STREAM_REQUEST_POLLIN
;
1457 if (-1 != hctx
->fd
) return HANDLER_WAIT_FOR_EVENT
;
1459 handler_t r
= connection_handle_read_post_state(srv
, con
);
1460 if (!chunkqueue_is_empty(cq
)) {
1461 if (fdevent_event_get_interest(srv
->ev
, hctx
->fdtocgi
) & FDEVENT_OUT
) {
1462 return (r
== HANDLER_GO_ON
) ? HANDLER_WAIT_FOR_EVENT
: r
;
1465 if (r
!= HANDLER_GO_ON
) return r
;
1467 /* CGI environment requires that Content-Length be set.
1468 * Send 411 Length Required if Content-Length missing.
1469 * (occurs here if client sends Transfer-Encoding: chunked
1470 * and module is flagged to stream request body to backend) */
1471 if (-1 == con
->request
.content_length
) {
1472 return connection_handle_read_post_error(srv
, con
, 411);
1477 if (-1 == hctx
->fd
) {
1478 if (cgi_create_env(srv
, con
, p
, hctx
, hctx
->cgi_handler
)) {
1479 con
->http_status
= 500;
1482 return HANDLER_FINISHED
;
1485 log_error_write(srv
, __FILE__
, __LINE__
, "sdd", "subrequest, pid =", hctx
, hctx
->pid
);
1487 } else if (!chunkqueue_is_empty(con
->request_content_queue
)) {
1488 if (0 != cgi_write_request(srv
, hctx
, hctx
->fdtocgi
)) {
1489 cgi_connection_close(srv
, hctx
);
1490 return HANDLER_ERROR
;
1494 /* if not done, wait for CGI to close stdout, so we read EOF on pipe */
1495 return HANDLER_WAIT_FOR_EVENT
;
1499 int mod_cgi_plugin_init(plugin
*p
);
1500 int mod_cgi_plugin_init(plugin
*p
) {
1501 p
->version
= LIGHTTPD_VERSION_ID
;
1502 p
->name
= buffer_init_string("cgi");
1504 p
->connection_reset
= cgi_connection_close_callback
;
1505 p
->handle_subrequest_start
= cgi_is_handled
;
1506 p
->handle_subrequest
= mod_cgi_handle_subrequest
;
1507 p
->handle_trigger
= cgi_trigger
;
1508 p
->init
= mod_cgi_init
;
1509 p
->cleanup
= mod_cgi_free
;
1510 p
->set_defaults
= mod_fastcgi_set_defaults
;