search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
[mod_auth] require digest uri= match original URI
[lighttpd.git] / src / mod_cgi.c
blob451166000047e0935baf7220584caae78db97ed2
1 #include "first.h"
2
3 #include "base.h"
4 #include "stat_cache.h"
5 #include "http_kv.h"
6 #include "log.h"
7 #include "connections.h"
8 #include "joblist.h"
9 #include "response.h"
10 #include "http_chunk.h"
11 #include "http_header.h"
12
13 #include "plugin.h"
14
15 #include <sys/types.h>
16 #include "sys-mmap.h"
17 #include "sys-socket.h"
18 # include <sys/wait.h>
19
20 #include <unistd.h>
21 #include <errno.h>
22 #include <stdlib.h>
23 #include <string.h>
24 #include <fdevent.h>
25
26 #include <fcntl.h>
27 #include <signal.h>
28
29 static int pipe_cloexec(int pipefd[2]) {
30 #ifdef HAVE_PIPE2
31 if (0 == pipe2(pipefd, O_CLOEXEC)) return 0;
32 #endif
33 return 0 == pipe(pipefd)
34 #ifdef FD_CLOEXEC
35 && 0 == fcntl(pipefd[0], F_SETFD, FD_CLOEXEC)
36 && 0 == fcntl(pipefd[1], F_SETFD, FD_CLOEXEC)
37 #endif
38 ? 0
39 : -1;
40 }
41
42 typedef struct {
43 char *ptr;
44 size_t used;
45 size_t size;
46 size_t *offsets;
47 size_t osize;
48 size_t oused;
49 char **eptr;
50 size_t esize;
51 buffer *ld_preload;
52 buffer *ld_library_path;
53 #ifdef __CYGWIN__
54 buffer *systemroot;
55 #endif
56 } env_accum;
57
58 typedef struct {
59 struct { pid_t pid; void *ctx; } *ptr;
60 size_t used;
61 size_t size;
62 } buffer_pid_t;
63
64 typedef struct {
65 array *cgi;
66 unsigned short execute_x_only;
67 unsigned short local_redir;
68 unsigned short xsendfile_allow;
69 unsigned short upgrade;
70 array *xsendfile_docroot;
71 } plugin_config;
72
73 typedef struct {
74 PLUGIN_DATA;
75 plugin_config **config_storage;
76 plugin_config conf;
77 buffer_pid_t cgi_pid;
78 env_accum env;
79 } plugin_data;
80
81 typedef struct {
82 pid_t pid;
83 int fd;
84 int fdtocgi;
85 fdnode *fdn;
86 fdnode *fdntocgi;
87
88 connection *remote_conn; /* dumb pointer */
89 plugin_data *plugin_data; /* dumb pointer */
90
91 buffer *response;
92 buffer *cgi_handler; /* dumb pointer */
93 http_response_opts opts;
94 plugin_config conf;
95 } handler_ctx;
96
97 static handler_ctx * cgi_handler_ctx_init(void) {
98 handler_ctx *hctx = calloc(1, sizeof(*hctx));
99
100 force_assert(hctx);
101
102 hctx->response = chunk_buffer_acquire();
103 hctx->fd = -1;
104 hctx->fdtocgi = -1;
105
106 return hctx;
107 }
108
109 static void cgi_handler_ctx_free(handler_ctx *hctx) {
110 chunk_buffer_release(hctx->response);
111 free(hctx);
112 }
113
114 INIT_FUNC(mod_cgi_init) {
115 plugin_data *p;
116 const char *s;
117
118 p = calloc(1, sizeof(*p));
119
120 force_assert(p);
121
122 /* for valgrind */
123 s = getenv("LD_PRELOAD");
124 if (s) p->env.ld_preload = buffer_init_string(s);
125 s = getenv("LD_LIBRARY_PATH");
126 if (s) p->env.ld_library_path = buffer_init_string(s);
127 #ifdef __CYGWIN__
128 /* CYGWIN needs SYSTEMROOT */
129 s = getenv("SYSTEMROOT");
130 if (s) p->env.systemroot = buffer_init_string(s);
131 #endif
132
133 return p;
134 }
135
136
137 FREE_FUNC(mod_cgi_free) {
138 plugin_data *p = p_d;
139 buffer_pid_t *r = &(p->cgi_pid);
140
141 UNUSED(srv);
142
143 if (p->config_storage) {
144 size_t i;
145 for (i = 0; i < srv->config_context->used; i++) {
146 plugin_config *s = p->config_storage[i];
147
148 if (NULL == s) continue;
149
150 array_free(s->cgi);
151 array_free(s->xsendfile_docroot);
152
153 free(s);
154 }
155 free(p->config_storage);
156 }
157
158
159 if (r->ptr) free(r->ptr);
160 free(p->env.ptr);
161 free(p->env.offsets);
162 free(p->env.eptr);
163 buffer_free(p->env.ld_preload);
164 buffer_free(p->env.ld_library_path);
165 #ifdef __CYGWIN__
166 buffer_free(p->env.systemroot);
167 #endif
168 free(p);
169
170 return HANDLER_GO_ON;
171 }
172
173 SETDEFAULTS_FUNC(mod_fastcgi_set_defaults) {
174 plugin_data *p = p_d;
175 size_t i = 0;
176
177 config_values_t cv[] = {
178 { "cgi.assign", NULL, T_CONFIG_ARRAY, T_CONFIG_SCOPE_CONNECTION }, /* 0 */
179 { "cgi.execute-x-only", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 1 */
180 { "cgi.x-sendfile", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 2 */
181 { "cgi.x-sendfile-docroot", NULL, T_CONFIG_ARRAY, T_CONFIG_SCOPE_CONNECTION }, /* 3 */
182 { "cgi.local-redir", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 4 */
183 { "cgi.upgrade", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 5 */
184 { NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET}
185 };
186
187 if (!p) return HANDLER_ERROR;
188
189 p->config_storage = calloc(srv->config_context->used, sizeof(plugin_config *));
190 force_assert(p->config_storage);
191
192 for (i = 0; i < srv->config_context->used; i++) {
193 data_config const* config = (data_config const*)srv->config_context->data[i];
194 plugin_config *s;
195
196 s = calloc(1, sizeof(plugin_config));
197 force_assert(s);
198
199 s->cgi = array_init();
200 s->execute_x_only = 0;
201 s->local_redir = 0;
202 s->xsendfile_allow= 0;
203 s->xsendfile_docroot = array_init();
204 s->upgrade = 0;
205
206 cv[0].destination = s->cgi;
207 cv[1].destination = &(s->execute_x_only);
208 cv[2].destination = &(s->xsendfile_allow);
209 cv[3].destination = s->xsendfile_docroot;
210 cv[4].destination = &(s->local_redir);
211 cv[5].destination = &(s->upgrade);
212
213 p->config_storage[i] = s;
214
215 if (0 != config_insert_values_global(srv, config->value, cv, i == 0 ? T_CONFIG_SCOPE_SERVER : T_CONFIG_SCOPE_CONNECTION)) {
216 return HANDLER_ERROR;
217 }
218
219 if (!array_is_kvstring(s->cgi)) {
220 log_error_write(srv, __FILE__, __LINE__, "s",
221 "unexpected value for cgi.assign; expected list of \"ext\" => \"exepath\"");
222 return HANDLER_ERROR;
223 }
224
225 if (s->xsendfile_docroot->used) {
226 size_t j;
227 for (j = 0; j < s->xsendfile_docroot->used; ++j) {
228 data_string *ds = (data_string *)s->xsendfile_docroot->data[j];
229 if (ds->type != TYPE_STRING) {
230 log_error_write(srv, __FILE__, __LINE__, "s",
231 "unexpected type for key cgi.x-sendfile-docroot; expected: cgi.x-sendfile-docroot = ( \"/allowed/path\", ... )");
232 return HANDLER_ERROR;
233 }
234 if (ds->value->ptr[0] != '/') {
235 log_error_write(srv, __FILE__, __LINE__, "SBs",
236 "cgi.x-sendfile-docroot paths must begin with '/'; invalid: \"", ds->value, "\"");
237 return HANDLER_ERROR;
238 }
239 buffer_path_simplify(ds->value, ds->value);
240 buffer_append_slash(ds->value);
241 }
242 }
243 }
244
245 return HANDLER_GO_ON;
246 }
247
248
249 static void cgi_pid_add(plugin_data *p, pid_t pid, void *ctx) {
250 buffer_pid_t *r = &(p->cgi_pid);
251
252 if (r->used == r->size) {
253 r->size += 16;
254 r->ptr = realloc(r->ptr, sizeof(*r->ptr) * r->size);
255 force_assert(r->ptr);
256 }
257
258 r->ptr[r->used].pid = pid;
259 r->ptr[r->used].ctx = ctx;
260 ++r->used;
261 }
262
263 static void cgi_pid_kill(plugin_data *p, pid_t pid) {
264 buffer_pid_t *r = &(p->cgi_pid);
265 for (size_t i = 0; i < r->used; ++i) {
266 if (r->ptr[i].pid == pid) {
267 r->ptr[i].ctx = NULL;
268 kill(pid, SIGTERM);
269 return;
270 }
271 }
272 }
273
274 static void cgi_pid_del(plugin_data *p, size_t i) {
275 buffer_pid_t *r = &(p->cgi_pid);
276
277 if (i != r->used - 1) {
278 r->ptr[i] = r->ptr[r->used - 1];
279 }
280 r->used--;
281 }
282
283
284 static void cgi_connection_close_fdtocgi(server *srv, handler_ctx *hctx) {
285 /*(closes only hctx->fdtocgi)*/
286 fdevent_fdnode_event_del(srv->ev, hctx->fdntocgi);
287 /*fdevent_unregister(srv->ev, hctx->fdtocgi);*//*(handled below)*/
288 fdevent_sched_close(srv->ev, hctx->fdtocgi, 0);
289 hctx->fdntocgi = NULL;
290 hctx->fdtocgi = -1;
291 }
292
293 static void cgi_connection_close(server *srv, handler_ctx *hctx) {
294 plugin_data *p = hctx->plugin_data;
295 connection *con = hctx->remote_conn;
296
297 /* the connection to the browser went away, but we still have a connection
298 * to the CGI script
299 *
300 * close cgi-connection
301 */
302
303 if (hctx->fd != -1) {
304 /* close connection to the cgi-script */
305 fdevent_fdnode_event_del(srv->ev, hctx->fdn);
306 /*fdevent_unregister(srv->ev, hctx->fd);*//*(handled below)*/
307 fdevent_sched_close(srv->ev, hctx->fd, 0);
308 hctx->fdn = NULL;
309 }
310
311 if (hctx->fdtocgi != -1) {
312 cgi_connection_close_fdtocgi(srv, hctx); /*(closes only hctx->fdtocgi)*/
313 }
314
315 if (hctx->pid > 0) {
316 cgi_pid_kill(p, hctx->pid);
317 }
318
319 con->plugin_ctx[p->id] = NULL;
320
321 cgi_handler_ctx_free(hctx);
322
323 /* finish response (if not already con->file_started, con->file_finished) */
324 if (con->mode == p->id) {
325 http_response_backend_done(srv, con);
326 }
327 }
328
329 static handler_t cgi_connection_close_callback(server *srv, connection *con, void *p_d) {
330 plugin_data *p = p_d;
331 handler_ctx *hctx = con->plugin_ctx[p->id];
332 if (hctx) cgi_connection_close(srv, hctx);
333
334 return HANDLER_GO_ON;
335 }
336
337
338 static int cgi_write_request(server *srv, handler_ctx *hctx, int fd);
339
340
341 static handler_t cgi_handle_fdevent_send (server *srv, void *ctx, int revents) {
342 handler_ctx *hctx = ctx;
343 connection *con = hctx->remote_conn;
344
345 /*(joblist only actually necessary here in mod_cgi fdevent send if returning HANDLER_ERROR)*/
346 joblist_append(srv, con);
347
348 if (revents & FDEVENT_OUT) {
349 if (0 != cgi_write_request(srv, hctx, hctx->fdtocgi)) {
350 cgi_connection_close(srv, hctx);
351 return HANDLER_ERROR;
352 }
353 /* more request body to be sent to CGI */
354 }
355
356 if (revents & FDEVENT_HUP) {
357 /* skip sending remaining data to CGI */
358 if (con->request.content_length) {
359 chunkqueue *cq = con->request_content_queue;
360 chunkqueue_mark_written(cq, chunkqueue_length(cq));
361 if (cq->bytes_in != (off_t)con->request.content_length) {
362 con->keep_alive = 0;
363 }
364 }
365
366 cgi_connection_close_fdtocgi(srv, hctx); /*(closes only hctx->fdtocgi)*/
367 } else if (revents & FDEVENT_ERR) {
368 /* kill all connections to the cgi process */
369 #if 1
370 log_error_write(srv, __FILE__, __LINE__, "s", "cgi-FDEVENT_ERR");
371 #endif
372 cgi_connection_close(srv, hctx);
373 return HANDLER_ERROR;
374 }
375
376 return HANDLER_FINISHED;
377 }
378
379
380 static handler_t cgi_response_headers(server *srv, connection *con, struct http_response_opts_t *opts) {
381 /* response headers just completed */
382 handler_ctx *hctx = (handler_ctx *)opts->pdata;
383
384 if (con->response.htags & HTTP_HEADER_UPGRADE) {
385 if (hctx->conf.upgrade && con->http_status == 101) {
386 /* 101 Switching Protocols; transition to transparent proxy */
387 http_response_upgrade_read_body_unknown(srv, con);
388 }
389 else {
390 con->response.htags &= ~HTTP_HEADER_UPGRADE;
391 #if 0
392 /* preserve prior questionable behavior; likely broken behavior
393 * anyway if backend thinks connection is being upgraded but client
394 * does not receive Connection: upgrade */
395 http_header_response_unset(con, HTTP_HEADER_UPGRADE,
396 CONST_STR_LEN("Upgrade"));
397 #endif
398 }
399 }
400
401 if (hctx->conf.upgrade && !(con->response.htags & HTTP_HEADER_UPGRADE)) {
402 chunkqueue *cq = con->request_content_queue;
403 hctx->conf.upgrade = 0;
404 if (cq->bytes_out == (off_t)con->request.content_length) {
405 cgi_connection_close_fdtocgi(srv, hctx); /*(closes hctx->fdtocgi)*/
406 }
407 }
408
409 return HANDLER_GO_ON;
410 }
411
412
413 static int cgi_recv_response(server *srv, handler_ctx *hctx) {
414 switch (http_response_read(srv, hctx->remote_conn, &hctx->opts,
415 hctx->response, hctx->fdn)) {
416 default:
417 return HANDLER_GO_ON;
418 case HANDLER_ERROR:
419 http_response_backend_error(srv, hctx->remote_conn);
420 /* fall through */
421 case HANDLER_FINISHED:
422 cgi_connection_close(srv, hctx);
423 return HANDLER_FINISHED;
424 case HANDLER_COMEBACK:
425 /* hctx->conf.local_redir */
426 buffer_clear(hctx->response);
427 connection_response_reset(srv, hctx->remote_conn); /*(includes con->http_status = 0)*/
428 plugins_call_connection_reset(srv, hctx->remote_conn);
429 /*cgi_connection_close(srv, hctx);*//*(already cleaned up and hctx is now invalid)*/
430 return HANDLER_COMEBACK;
431 }
432 }
433
434
435 static handler_t cgi_handle_fdevent(server *srv, void *ctx, int revents) {
436 handler_ctx *hctx = ctx;
437 connection *con = hctx->remote_conn;
438
439 joblist_append(srv, con);
440
441 if (revents & FDEVENT_IN) {
442 handler_t rc = cgi_recv_response(srv, hctx);/*(might invalidate hctx)*/
443 if (rc != HANDLER_GO_ON) return rc; /*(unless HANDLER_GO_ON)*/
444 }
445
446 /* perhaps this issue is already handled */
447 if (revents & (FDEVENT_HUP|FDEVENT_RDHUP)) {
448 if (con->file_started) {
449 /* drain any remaining data from kernel pipe buffers
450 * even if (con->conf.stream_response_body
451 * & FDEVENT_STREAM_RESPONSE_BUFMIN)
452 * since event loop will spin on fd FDEVENT_HUP event
453 * until unregistered. */
454 handler_t rc;
455 const unsigned short flags = con->conf.stream_response_body;
456 con->conf.stream_response_body &= ~FDEVENT_STREAM_RESPONSE_BUFMIN;
457 con->conf.stream_response_body |= FDEVENT_STREAM_RESPONSE_POLLRDHUP;
458 do {
459 rc = cgi_recv_response(srv,hctx);/*(might invalidate hctx)*/
460 } while (rc == HANDLER_GO_ON); /*(unless HANDLER_GO_ON)*/
461 con->conf.stream_response_body = flags;
462 return rc; /* HANDLER_FINISHED or HANDLER_COMEBACK or HANDLER_ERROR */
463 } else if (!buffer_string_is_empty(hctx->response)) {
464 /* unfinished header package which is a body in reality */
465 con->file_started = 1;
466 if (0 != http_chunk_append_buffer(srv, con, hctx->response)) {
467 cgi_connection_close(srv, hctx);
468 return HANDLER_ERROR;
469 }
470 if (0 == con->http_status) con->http_status = 200; /* OK */
471 }
472 cgi_connection_close(srv, hctx);
473 } else if (revents & FDEVENT_ERR) {
474 /* kill all connections to the cgi process */
475 cgi_connection_close(srv, hctx);
476 return HANDLER_ERROR;
477 }
478
479 return HANDLER_FINISHED;
480 }
481
482
483 static int cgi_env_add(void *venv, const char *key, size_t key_len, const char *val, size_t val_len) {
484 env_accum *env = venv;
485 char *dst;
486
487 if (!key || !val) return -1;
488
489 if (env->size - env->used < key_len + val_len + 2) {
490 if (0 == env->size) env->size = 4096;
491 do { env->size *= 2; } while (env->size - env->used < key_len + val_len + 2);
492 env->ptr = realloc(env->ptr, env->size);
493 force_assert(env->ptr);
494 }
495
496 dst = env->ptr + env->used;
497 memcpy(dst, key, key_len);
498 dst[key_len] = '=';
499 memcpy(dst + key_len + 1, val, val_len);
500 dst[key_len + 1 + val_len] = '\0';
501
502 if (env->osize == env->oused) {
503 env->osize += 16;
504 env->offsets = realloc(env->offsets, env->osize * sizeof(*env->offsets));
505 force_assert(env->offsets);
506 }
507 env->offsets[env->oused++] = env->used;
508 env->used += key_len + val_len + 2;
509
510 return 0;
511 }
512
513 /*(improved from network_write_mmap.c)*/
514 static off_t mmap_align_offset(off_t start) {
515 static off_t pagemask = 0;
516 if (0 == pagemask) {
517 long pagesize = sysconf(_SC_PAGESIZE);
518 if (-1 == pagesize) pagesize = 4096;
519 pagemask = ~((off_t)pagesize - 1); /* pagesize always power-of-2 */
520 }
521 return (start & pagemask);
522 }
523
524 /* returns: 0: continue, -1: fatal error, -2: connection reset */
525 /* similar to network_write_file_chunk_mmap, but doesn't use send on windows (because we're on pipes),
526 * also mmaps and sends complete chunk instead of only small parts - the files
527 * are supposed to be temp files with reasonable chunk sizes.
528 *
529 * Also always use mmap; the files are "trusted", as we created them.
530 */
531 static ssize_t cgi_write_file_chunk_mmap(server *srv, connection *con, int fd, chunkqueue *cq) {
532 chunk* const c = cq->first;
533 off_t offset, toSend, file_end;
534 ssize_t r;
535 size_t mmap_offset, mmap_avail;
536 char *data = NULL;
537
538 force_assert(NULL != c);
539 force_assert(FILE_CHUNK == c->type);
540 force_assert(c->offset >= 0 && c->offset <= c->file.length);
541
542 offset = c->file.start + c->offset;
543 toSend = c->file.length - c->offset;
544 file_end = c->file.start + c->file.length; /* offset to file end in this chunk */
545
546 if (0 == toSend) {
547 chunkqueue_remove_finished_chunks(cq);
548 return 0;
549 }
550
551 /*(simplified from chunk.c:chunkqueue_open_file_chunk())*/
552 UNUSED(con);
553 if (-1 == c->file.fd) {
554 if (-1 == (c->file.fd = fdevent_open_cloexec(c->mem->ptr, con->conf.follow_symlink, O_RDONLY, 0))) {
555 log_error_write(srv, __FILE__, __LINE__, "ssb", "open failed:", strerror(errno), c->mem);
556 return -1;
557 }
558 }
559
560 /* (re)mmap the buffer if range is not covered completely */
561 if (MAP_FAILED == c->file.mmap.start
562 || offset < c->file.mmap.offset
563 || file_end > (off_t)(c->file.mmap.offset + c->file.mmap.length)) {
564
565 if (MAP_FAILED != c->file.mmap.start) {
566 munmap(c->file.mmap.start, c->file.mmap.length);
567 c->file.mmap.start = MAP_FAILED;
568 }
569
570 c->file.mmap.offset = mmap_align_offset(offset);
571 c->file.mmap.length = file_end - c->file.mmap.offset;
572
573 if (MAP_FAILED == (c->file.mmap.start = mmap(NULL, c->file.mmap.length, PROT_READ, MAP_PRIVATE, c->file.fd, c->file.mmap.offset))) {
574 if (toSend > 65536) toSend = 65536;
575 data = malloc(toSend);
576 force_assert(data);
577 if (-1 == lseek(c->file.fd, offset, SEEK_SET)
578 || 0 >= (toSend = read(c->file.fd, data, toSend))) {
579 if (-1 == toSend) {
580 log_error_write(srv, __FILE__, __LINE__, "ssbdo", "lseek/read failed:",
581 strerror(errno), c->mem, c->file.fd, offset);
582 } else { /*(0 == toSend)*/
583 log_error_write(srv, __FILE__, __LINE__, "sbdo", "unexpected EOF (input truncated?):",
584 c->mem, c->file.fd, offset);
585 }
586 free(data);
587 return -1;
588 }
589 }
590 }
591
592 if (MAP_FAILED != c->file.mmap.start) {
593 force_assert(offset >= c->file.mmap.offset);
594 mmap_offset = offset - c->file.mmap.offset;
595 force_assert(c->file.mmap.length > mmap_offset);
596 mmap_avail = c->file.mmap.length - mmap_offset;
597 force_assert(toSend <= (off_t) mmap_avail);
598
599 data = c->file.mmap.start + mmap_offset;
600 }
601
602 r = write(fd, data, toSend);
603
604 if (MAP_FAILED == c->file.mmap.start) free(data);
605
606 if (r < 0) {
607 switch (errno) {
608 case EAGAIN:
609 case EINTR:
610 return 0;
611 case EPIPE:
612 case ECONNRESET:
613 return -2;
614 default:
615 log_error_write(srv, __FILE__, __LINE__, "ssd",
616 "write failed:", strerror(errno), fd);
617 return -1;
618 }
619 }
620
621 chunkqueue_mark_written(cq, r);
622 return r;
623 }
624
625 static int cgi_write_request(server *srv, handler_ctx *hctx, int fd) {
626 connection *con = hctx->remote_conn;
627 chunkqueue *cq = con->request_content_queue;
628 chunk *c;
629
630 /* old comment: windows doesn't support select() on pipes - wouldn't be easy to fix for all platforms.
631 * solution: if this is still a problem on windows, then substitute
632 * socketpair() for pipe() and closesocket() for close() on windows.
633 */
634
635 for (c = cq->first; c; c = cq->first) {
636 ssize_t r = -1;
637
638 switch(c->type) {
639 case FILE_CHUNK:
640 r = cgi_write_file_chunk_mmap(srv, con, fd, cq);
641 break;
642
643 case MEM_CHUNK:
644 if ((r = write(fd, c->mem->ptr + c->offset, buffer_string_length(c->mem) - c->offset)) < 0) {
645 switch(errno) {
646 case EAGAIN:
647 case EINTR:
648 /* ignore and try again */
649 r = 0;
650 break;
651 case EPIPE:
652 case ECONNRESET:
653 /* connection closed */
654 r = -2;
655 break;
656 default:
657 /* fatal error */
658 log_error_write(srv, __FILE__, __LINE__, "ss", "write failed due to: ", strerror(errno));
659 r = -1;
660 break;
661 }
662 } else if (r > 0) {
663 chunkqueue_mark_written(cq, r);
664 }
665 break;
666 }
667
668 if (0 == r) break; /*(might block)*/
669
670 switch (r) {
671 case -1:
672 /* fatal error */
673 return -1;
674 case -2:
675 /* connection reset */
676 log_error_write(srv, __FILE__, __LINE__, "s", "failed to send post data to cgi, connection closed by CGI");
677 /* skip all remaining data */
678 chunkqueue_mark_written(cq, chunkqueue_length(cq));
679 break;
680 default:
681 break;
682 }
683 }
684
685 if (cq->bytes_out == (off_t)con->request.content_length && !hctx->conf.upgrade) {
686 /* sent all request body input */
687 /* close connection to the cgi-script */
688 if (-1 == hctx->fdtocgi) { /*(received request body sent in initial send to pipe buffer)*/
689 --srv->cur_fds;
690 if (close(fd)) {
691 log_error_write(srv, __FILE__, __LINE__, "sds", "cgi stdin close failed ", fd, strerror(errno));
692 }
693 } else {
694 cgi_connection_close_fdtocgi(srv, hctx); /*(closes only hctx->fdtocgi)*/
695 }
696 } else {
697 off_t cqlen = cq->bytes_in - cq->bytes_out;
698 if (cq->bytes_in != con->request.content_length && cqlen < 65536 - 16384) {
699 /*(con->conf.stream_request_body & FDEVENT_STREAM_REQUEST)*/
700 if (!(con->conf.stream_request_body & FDEVENT_STREAM_REQUEST_POLLIN)) {
701 con->conf.stream_request_body |= FDEVENT_STREAM_REQUEST_POLLIN;
702 con->is_readable = 1; /* trigger optimistic read from client */
703 }
704 }
705 if (-1 == hctx->fdtocgi) { /*(not registered yet)*/
706 hctx->fdtocgi = fd;
707 hctx->fdntocgi = fdevent_register(srv->ev, hctx->fdtocgi, cgi_handle_fdevent_send, hctx);
708 }
709 if (0 == cqlen) { /*(chunkqueue_is_empty(cq))*/
710 if ((fdevent_fdnode_interest(hctx->fdntocgi) & FDEVENT_OUT)) {
711 fdevent_fdnode_event_set(srv->ev, hctx->fdntocgi, 0);
712 }
713 } else {
714 /* more request body remains to be sent to CGI so register for fdevents */
715 fdevent_fdnode_event_set(srv->ev, hctx->fdntocgi, FDEVENT_OUT);
716 }
717 }
718
719 return 0;
720 }
721
722 static struct stat * cgi_stat(server *srv, connection *con, buffer *path) {
723 /* CGI might be executable even if it is not readable */
724 stat_cache_entry *sce;
725 return (HANDLER_ERROR != stat_cache_get_entry(srv, con, path, &sce))
726 ? &sce->st
727 : NULL;
728 }
729
730 static int cgi_create_env(server *srv, connection *con, plugin_data *p, handler_ctx *hctx, buffer *cgi_handler) {
731 char *args[3];
732 int to_cgi_fds[2];
733 int from_cgi_fds[2];
734 int dfd = -1;
735 UNUSED(p);
736
737 if (!buffer_string_is_empty(cgi_handler)) {
738 if (NULL == cgi_stat(srv, con, cgi_handler)) {
739 log_error_write(srv, __FILE__, __LINE__, "sbss",
740 "stat for cgi-handler", cgi_handler,
741 "failed:", strerror(errno));
742 return -1;
743 }
744 }
745
746 if (pipe_cloexec(to_cgi_fds)) {
747 log_error_write(srv, __FILE__, __LINE__, "ss", "pipe failed:", strerror(errno));
748 return -1;
749 }
750 if (pipe_cloexec(from_cgi_fds)) {
751 close(to_cgi_fds[0]);
752 close(to_cgi_fds[1]);
753 log_error_write(srv, __FILE__, __LINE__, "ss", "pipe failed:", strerror(errno));
754 return -1;
755 }
756 fdevent_setfd_cloexec(to_cgi_fds[1]);
757 fdevent_setfd_cloexec(from_cgi_fds[0]);
758
759 {
760 size_t i = 0;
761 http_cgi_opts opts = { 0, 0, NULL, NULL };
762 env_accum *env = &p->env;
763 env->used = 0;
764 env->oused = 0;
765
766 /* create environment */
767
768 http_cgi_headers(srv, con, &opts, cgi_env_add, env);
769
770 /* for valgrind */
771 if (p->env.ld_preload) {
772 cgi_env_add(env, CONST_STR_LEN("LD_PRELOAD"), CONST_BUF_LEN(p->env.ld_preload));
773 }
774 if (p->env.ld_library_path) {
775 cgi_env_add(env, CONST_STR_LEN("LD_LIBRARY_PATH"), CONST_BUF_LEN(p->env.ld_library_path));
776 }
777 #ifdef __CYGWIN__
778 /* CYGWIN needs SYSTEMROOT */
779 if (p->env.systemroot) {
780 cgi_env_add(env, CONST_STR_LEN("SYSTEMROOT"), CONST_BUF_LEN(p->env.systemroot));
781 }
782 #endif
783
784 if (env->esize <= env->oused) {
785 env->esize = (env->oused + 1 + 0xf) & ~(0xfuL);
786 env->eptr = realloc(env->eptr, env->esize * sizeof(*env->eptr));
787 force_assert(env->eptr);
788 }
789 for (i = 0; i < env->oused; ++i) {
790 env->eptr[i] = env->ptr + env->offsets[i];
791 }
792 env->eptr[env->oused] = NULL;
793
794 /* set up args */
795 i = 0;
796
797 if (!buffer_string_is_empty(cgi_handler)) {
798 args[i++] = cgi_handler->ptr;
799 }
800 args[i++] = con->physical.path->ptr;
801 args[i ] = NULL;
802 }
803
804 dfd = fdevent_open_dirname(con->physical.path->ptr, con->conf.follow_symlink);
805 if (-1 == dfd) {
806 log_error_write(srv, __FILE__, __LINE__, "ssb", "open dirname failed:", strerror(errno), con->physical.path);
807 }
808
809 hctx->pid = (dfd >= 0) ? fdevent_fork_execve(args[0], args, p->env.eptr, to_cgi_fds[0], from_cgi_fds[1], -1, dfd) : -1;
810
811 if (-1 == hctx->pid) {
812 /* log error with errno prior to calling close() (might change errno) */
813 log_error_write(srv, __FILE__, __LINE__, "ss", "fork failed:", strerror(errno));
814 if (-1 != dfd) close(dfd);
815 close(from_cgi_fds[0]);
816 close(from_cgi_fds[1]);
817 close(to_cgi_fds[0]);
818 close(to_cgi_fds[1]);
819 return -1;
820 } else {
821 if (-1 != dfd) close(dfd);
822 close(from_cgi_fds[1]);
823 close(to_cgi_fds[0]);
824
825 hctx->fd = from_cgi_fds[0];
826
827 ++srv->cur_fds;
828
829 cgi_pid_add(p, hctx->pid, hctx);
830
831 if (0 == con->request.content_length) {
832 close(to_cgi_fds[1]);
833 } else {
834 /* there is content to send */
835 if (-1 == fdevent_fcntl_set_nb(srv->ev, to_cgi_fds[1])) {
836 log_error_write(srv, __FILE__, __LINE__, "ss", "fcntl failed: ", strerror(errno));
837 close(to_cgi_fds[1]);
838 cgi_connection_close(srv, hctx);
839 return -1;
840 }
841
842 if (0 != cgi_write_request(srv, hctx, to_cgi_fds[1])) {
843 close(to_cgi_fds[1]);
844 cgi_connection_close(srv, hctx);
845 return -1;
846 }
847
848 ++srv->cur_fds;
849 }
850
851 hctx->fdn = fdevent_register(srv->ev, hctx->fd, cgi_handle_fdevent, hctx);
852 if (-1 == fdevent_fcntl_set_nb(srv->ev, hctx->fd)) {
853 log_error_write(srv, __FILE__, __LINE__, "ss", "fcntl failed: ", strerror(errno));
854 cgi_connection_close(srv, hctx);
855 return -1;
856 }
857 fdevent_fdnode_event_set(srv->ev, hctx->fdn, FDEVENT_IN | FDEVENT_RDHUP);
858
859 return 0;
860 }
861 }
862
863 #define PATCH(x) \
864 p->conf.x = s->x;
865 static int mod_cgi_patch_connection(server *srv, connection *con, plugin_data *p) {
866 size_t i, j;
867 plugin_config *s = p->config_storage[0];
868
869 PATCH(cgi);
870 PATCH(execute_x_only);
871 PATCH(local_redir);
872 PATCH(upgrade);
873 PATCH(xsendfile_allow);
874 PATCH(xsendfile_docroot);
875
876 /* skip the first, the global context */
877 for (i = 1; i < srv->config_context->used; i++) {
878 data_config *dc = (data_config *)srv->config_context->data[i];
879 s = p->config_storage[i];
880
881 /* condition didn't match */
882 if (!config_check_cond(srv, con, dc)) continue;
883
884 /* merge config */
885 for (j = 0; j < dc->value->used; j++) {
886 data_unset *du = dc->value->data[j];
887
888 if (buffer_is_equal_string(du->key, CONST_STR_LEN("cgi.assign"))) {
889 PATCH(cgi);
890 } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("cgi.execute-x-only"))) {
891 PATCH(execute_x_only);
892 } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("cgi.local-redir"))) {
893 PATCH(local_redir);
894 } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("cgi.upgrade"))) {
895 PATCH(upgrade);
896 } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("cgi.x-sendfile"))) {
897 PATCH(xsendfile_allow);
898 } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("cgi.x-sendfile-docroot"))) {
899 PATCH(xsendfile_docroot);
900 }
901 }
902 }
903
904 return 0;
905 }
906 #undef PATCH
907
908 URIHANDLER_FUNC(cgi_is_handled) {
909 plugin_data *p = p_d;
910 struct stat *st;
911 data_string *ds;
912
913 if (con->mode != DIRECT) return HANDLER_GO_ON;
914 if (buffer_is_empty(con->physical.path)) return HANDLER_GO_ON;
915
916 mod_cgi_patch_connection(srv, con, p);
917
918 ds = (data_string *)array_match_key_suffix(p->conf.cgi, con->physical.path);
919 if (NULL == ds) return HANDLER_GO_ON;
920
921 st = cgi_stat(srv, con, con->physical.path);
922 if (NULL == st) return HANDLER_GO_ON;
923
924 if (!S_ISREG(st->st_mode)) return HANDLER_GO_ON;
925 if (p->conf.execute_x_only == 1 && (st->st_mode & (S_IXUSR | S_IXGRP | S_IXOTH)) == 0) return HANDLER_GO_ON;
926
927 {
928 handler_ctx *hctx = cgi_handler_ctx_init();
929 hctx->remote_conn = con;
930 hctx->plugin_data = p;
931 hctx->cgi_handler = ds->value;
932 memcpy(&hctx->conf, &p->conf, sizeof(plugin_config));
933 hctx->conf.upgrade =
934 hctx->conf.upgrade
935 && con->request.http_version == HTTP_VERSION_1_1
936 && NULL != http_header_request_get(con, HTTP_HEADER_UPGRADE, CONST_STR_LEN("Upgrade"));
937 hctx->opts.fdfmt = S_IFIFO;
938 hctx->opts.backend = BACKEND_CGI;
939 hctx->opts.authorizer = 0;
940 hctx->opts.local_redir = hctx->conf.local_redir;
941 hctx->opts.xsendfile_allow = hctx->conf.xsendfile_allow;
942 hctx->opts.xsendfile_docroot = hctx->conf.xsendfile_docroot;
943 hctx->opts.pdata = hctx;
944 hctx->opts.headers = cgi_response_headers;
945 con->plugin_ctx[p->id] = hctx;
946 con->mode = p->id;
947 }
948
949 return HANDLER_GO_ON;
950 }
951
952 /*
953 * - HANDLER_GO_ON : not our job
954 * - HANDLER_FINISHED: got response
955 * - HANDLER_WAIT_FOR_EVENT: waiting for response
956 */
957 SUBREQUEST_FUNC(mod_cgi_handle_subrequest) {
958 plugin_data *p = p_d;
959 handler_ctx *hctx = con->plugin_ctx[p->id];
960 chunkqueue *cq = con->request_content_queue;
961
962 if (con->mode != p->id) return HANDLER_GO_ON;
963 if (NULL == hctx) return HANDLER_GO_ON;
964
965 if ((con->conf.stream_response_body & FDEVENT_STREAM_RESPONSE_BUFMIN)
966 && con->file_started) {
967 if (chunkqueue_length(con->write_queue) > 65536 - 4096) {
968 fdevent_fdnode_event_clr(srv->ev,hctx->fdn,FDEVENT_IN);
969 } else if (!(fdevent_fdnode_interest(hctx->fdn) & FDEVENT_IN)) {
970 /* optimistic read from backend */
971 handler_t rc = cgi_recv_response(srv, hctx); /*(might invalidate hctx)*/
972 if (rc != HANDLER_GO_ON) return rc; /*(unless HANDLER_GO_ON)*/
973 fdevent_fdnode_event_add(srv->ev, hctx->fdn, FDEVENT_IN);
974 }
975 }
976
977 if (cq->bytes_in != (off_t)con->request.content_length) {
978 /*(64k - 4k to attempt to avoid temporary files
979 * in conjunction with FDEVENT_STREAM_REQUEST_BUFMIN)*/
980 if (cq->bytes_in - cq->bytes_out > 65536 - 4096
981 && (con->conf.stream_request_body & FDEVENT_STREAM_REQUEST_BUFMIN)){
982 con->conf.stream_request_body &= ~FDEVENT_STREAM_REQUEST_POLLIN;
983 if (-1 != hctx->fd) return HANDLER_WAIT_FOR_EVENT;
984 } else {
985 handler_t r = connection_handle_read_post_state(srv, con);
986 if (!chunkqueue_is_empty(cq)) {
987 if (fdevent_fdnode_interest(hctx->fdntocgi) & FDEVENT_OUT) {
988 return (r == HANDLER_GO_ON) ? HANDLER_WAIT_FOR_EVENT : r;
989 }
990 }
991 if (r != HANDLER_GO_ON) return r;
992
993 /* CGI environment requires that Content-Length be set.
994 * Send 411 Length Required if Content-Length missing.
995 * (occurs here if client sends Transfer-Encoding: chunked
996 * and module is flagged to stream request body to backend) */
997 if (-1 == con->request.content_length) {
998 return connection_handle_read_post_error(srv, con, 411);
999 }
1000 }
1001 }
1002
1003 if (-1 == hctx->fd) {
1004 if (cgi_create_env(srv, con, p, hctx, hctx->cgi_handler)) {
1005 con->http_status = 500;
1006 con->mode = DIRECT;
1007
1008 return HANDLER_FINISHED;
1009 }
1010 } else if (!chunkqueue_is_empty(con->request_content_queue)) {
1011 if (0 != cgi_write_request(srv, hctx, hctx->fdtocgi)) {
1012 cgi_connection_close(srv, hctx);
1013 return HANDLER_ERROR;
1014 }
1015 }
1016
1017 /* if not done, wait for CGI to close stdout, so we read EOF on pipe */
1018 return HANDLER_WAIT_FOR_EVENT;
1019 }
1020
1021
1022 static handler_t cgi_waitpid_cb(server *srv, void *p_d, pid_t pid, int status) {
1023 plugin_data *p = (plugin_data *)p_d;
1024 for (size_t i = 0; i < p->cgi_pid.used; ++i) {
1025 handler_ctx *hctx;
1026 if (pid != p->cgi_pid.ptr[i].pid) continue;
1027
1028 hctx = (handler_ctx *)p->cgi_pid.ptr[i].ctx;
1029 if (hctx) hctx->pid = -1;
1030 cgi_pid_del(p, i);
1031
1032 if (WIFEXITED(status)) {
1033 /* (skip logging (non-zero) CGI exit; might be very noisy) */
1034 }
1035 else if (WIFSIGNALED(status)) {
1036 /* ignore SIGTERM if sent by cgi_connection_close() (NULL == hctx)*/
1037 if (WTERMSIG(status) != SIGTERM || NULL != hctx) {
1038 log_error_write(srv, __FILE__, __LINE__, "sdsd", "CGI pid", pid,
1039 "died with signal", WTERMSIG(status));
1040 }
1041 }
1042 else {
1043 log_error_write(srv, __FILE__, __LINE__, "sds",
1044 "CGI pid", pid, "ended unexpectedly");
1045 }
1046
1047 return HANDLER_FINISHED;
1048 }
1049
1050 return HANDLER_GO_ON;
1051 }
1052
1053
1054 int mod_cgi_plugin_init(plugin *p);
1055 int mod_cgi_plugin_init(plugin *p) {
1056 p->version = LIGHTTPD_VERSION_ID;
1057 p->name = buffer_init_string("cgi");
1058
1059 p->connection_reset = cgi_connection_close_callback;
1060 p->handle_subrequest_start = cgi_is_handled;
1061 p->handle_subrequest = mod_cgi_handle_subrequest;
1062 p->handle_waitpid = cgi_waitpid_cb;
1063 p->init = mod_cgi_init;
1064 p->cleanup = mod_cgi_free;
1065 p->set_defaults = mod_fastcgi_set_defaults;
1066
1067 p->data = NULL;
1068
1069 return 0;
1070 }
A fast webserver with minimal memory-footprint (lighttpd)