search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
[tests] skip mod-secdownload HMAC-SHA1,HMAC-SHA256
[lighttpd.git] / src / http-header-glue.c
blobb7f03309f63acdb99e3b2465ac68fc6636f12930
1 #include "first.h"
2
3 #include "base.h"
4 #include "array.h"
5 #include "buffer.h"
6 #include "fdevent.h"
7 #include "log.h"
8 #include "etag.h"
9 #include "http_chunk.h"
10 #include "http_header.h"
11 #include "response.h"
12 #include "sock_addr.h"
13 #include "stat_cache.h"
14
15 #include <stdlib.h>
16 #include <string.h>
17 #include <errno.h>
18 #include <fcntl.h>
19
20 #include <time.h>
21
22 #include "sys-strings.h"
23 #include "sys-socket.h"
24 #include <unistd.h>
25
26
27 int http_response_buffer_append_authority(server *srv, connection *con, buffer *o) {
28 if (!buffer_string_is_empty(con->uri.authority)) {
29 buffer_append_string_buffer(o, con->uri.authority);
30 } else {
31 /* get the name of the currently connected socket */
32 sock_addr our_addr;
33 socklen_t our_addr_len;
34
35 our_addr.plain.sa_family = 0;
36 our_addr_len = sizeof(our_addr);
37
38 if (-1 == getsockname(con->fd, (struct sockaddr *)&our_addr, &our_addr_len)
39 || our_addr_len > (socklen_t)sizeof(our_addr)) {
40 con->http_status = 500;
41 log_error_write(srv, __FILE__, __LINE__, "ss",
42 "can't get sockname", strerror(errno));
43 return -1;
44 }
45
46 if (our_addr.plain.sa_family == AF_INET
47 && our_addr.ipv4.sin_addr.s_addr == htonl(INADDR_LOOPBACK)) {
48 static char lhost[32];
49 static size_t lhost_len = 0;
50 if (0 != lhost_len) {
51 buffer_append_string_len(o, lhost, lhost_len);
52 }
53 else {
54 size_t olen = buffer_string_length(o);
55 if (0 == sock_addr_nameinfo_append_buffer(srv, o, &our_addr)) {
56 lhost_len = buffer_string_length(o) - olen;
57 if (lhost_len < sizeof(lhost)) {
58 memcpy(lhost, o->ptr+olen, lhost_len+1); /*(+1 for '\0')*/
59 }
60 else {
61 lhost_len = 0;
62 }
63 }
64 else {
65 lhost_len = sizeof("localhost")-1;
66 memcpy(lhost, "localhost", lhost_len+1); /*(+1 for '\0')*/
67 buffer_append_string_len(o, lhost, lhost_len);
68 }
69 }
70 } else if (!buffer_string_is_empty(con->server_name)) {
71 buffer_append_string_buffer(o, con->server_name);
72 } else
73 /* Lookup name: secondly try to get hostname for bind address */
74 if (0 != sock_addr_nameinfo_append_buffer(srv, o, &our_addr)) {
75 con->http_status = 500;
76 return -1;
77 }
78
79 {
80 unsigned short listen_port = sock_addr_get_port(&our_addr);
81 unsigned short default_port = 80;
82 if (buffer_is_equal_string(con->uri.scheme, CONST_STR_LEN("https"))) {
83 default_port = 443;
84 }
85 if (0 == listen_port) listen_port = srv->srvconf.port;
86 if (default_port != listen_port) {
87 buffer_append_string_len(o, CONST_STR_LEN(":"));
88 buffer_append_int(o, listen_port);
89 }
90 }
91 }
92 return 0;
93 }
94
95 int http_response_redirect_to_directory(server *srv, connection *con, int status) {
96 buffer *o = srv->tmp_buf;
97 buffer_copy_buffer(o, con->uri.scheme);
98 buffer_append_string_len(o, CONST_STR_LEN("://"));
99 if (0 != http_response_buffer_append_authority(srv, con, o)) {
100 return -1;
101 }
102 buffer_append_string_encoded(o, CONST_BUF_LEN(con->uri.path), ENCODING_REL_URI);
103 buffer_append_string_len(o, CONST_STR_LEN("/"));
104 if (!buffer_string_is_empty(con->uri.query)) {
105 buffer_append_string_len(o, CONST_STR_LEN("?"));
106 buffer_append_string_buffer(o, con->uri.query);
107 }
108
109 if (status >= 300) {
110 http_header_response_set(con, HTTP_HEADER_LOCATION, CONST_STR_LEN("Location"), CONST_BUF_LEN(o));
111 con->http_status = status;
112 con->file_finished = 1;
113 }
114 else {
115 http_header_response_set(con, HTTP_HEADER_CONTENT_LOCATION, CONST_STR_LEN("Content-Location"), CONST_BUF_LEN(o));
116 }
117
118 return 0;
119 }
120
121 buffer * strftime_cache_get(server *srv, time_t last_mod) {
122 static int i;
123 struct tm *tm;
124
125 for (int j = 0; j < FILE_CACHE_MAX; ++j) {
126 if (srv->mtime_cache[j].mtime == last_mod)
127 return srv->mtime_cache[j].str; /* found cache-entry */
128 }
129
130 if (++i == FILE_CACHE_MAX) {
131 i = 0;
132 }
133
134 srv->mtime_cache[i].mtime = last_mod;
135 tm = gmtime(&(srv->mtime_cache[i].mtime));
136 buffer_clear(srv->mtime_cache[i].str);
137 buffer_append_strftime(srv->mtime_cache[i].str, "%a, %d %b %Y %H:%M:%S GMT", tm);
138
139 return srv->mtime_cache[i].str;
140 }
141
142
143 int http_response_handle_cachable(server *srv, connection *con, buffer *mtime) {
144 buffer *vb;
145 int head_or_get =
146 ( HTTP_METHOD_GET == con->request.http_method
147 || HTTP_METHOD_HEAD == con->request.http_method);
148 UNUSED(srv);
149
150 /*
151 * 14.26 If-None-Match
152 * [...]
153 * If none of the entity tags match, then the server MAY perform the
154 * requested method as if the If-None-Match header field did not exist,
155 * but MUST also ignore any If-Modified-Since header field(s) in the
156 * request. That is, if no entity tags match, then the server MUST NOT
157 * return a 304 (Not Modified) response.
158 */
159
160 if ((vb = http_header_request_get(con, HTTP_HEADER_IF_NONE_MATCH, CONST_STR_LEN("If-None-Match")))) {
161 /*(weak etag comparison must not be used for ranged requests)*/
162 int range_request =
163 (con->conf.range_requests
164 && (200 == con->http_status || 0 == con->http_status)
165 && NULL != http_header_request_get(con, HTTP_HEADER_RANGE, CONST_STR_LEN("Range")));
166 if (etag_is_equal(con->physical.etag, vb->ptr, !range_request)) {
167 if (head_or_get) {
168 con->http_status = 304;
169 return HANDLER_FINISHED;
170 } else {
171 con->http_status = 412;
172 con->mode = DIRECT;
173 return HANDLER_FINISHED;
174 }
175 }
176 } else if (head_or_get
177 && (vb = http_header_request_get(con, HTTP_HEADER_IF_MODIFIED_SINCE, CONST_STR_LEN("If-Modified-Since")))) {
178 /* last-modified handling */
179 size_t used_len;
180 char *semicolon;
181
182 if (NULL == (semicolon = strchr(vb->ptr, ';'))) {
183 used_len = buffer_string_length(vb);
184 } else {
185 used_len = semicolon - vb->ptr;
186 }
187
188 if (buffer_is_equal_string(mtime, vb->ptr, used_len)) {
189 if ('\0' == mtime->ptr[used_len]) con->http_status = 304;
190 return HANDLER_FINISHED;
191 } else {
192 char buf[sizeof("Sat, 23 Jul 2005 21:20:01 GMT")];
193 time_t t_header, t_file;
194 struct tm tm;
195
196 /* convert to timestamp */
197 if (used_len >= sizeof(buf)) return HANDLER_GO_ON;
198
199 memcpy(buf, vb->ptr, used_len);
200 buf[used_len] = '\0';
201
202 if (NULL == strptime(buf, "%a, %d %b %Y %H:%M:%S GMT", &tm)) {
203 /**
204 * parsing failed, let's get out of here
205 */
206 return HANDLER_GO_ON;
207 }
208 tm.tm_isdst = 0;
209 t_header = mktime(&tm);
210
211 strptime(mtime->ptr, "%a, %d %b %Y %H:%M:%S GMT", &tm);
212 tm.tm_isdst = 0;
213 t_file = mktime(&tm);
214
215 if (t_file > t_header) return HANDLER_GO_ON;
216
217 con->http_status = 304;
218 return HANDLER_FINISHED;
219 }
220 }
221
222 return HANDLER_GO_ON;
223 }
224
225
226 void http_response_body_clear (connection *con, int preserve_length) {
227 con->response.send_chunked = 0;
228 if (con->response.htags & HTTP_HEADER_TRANSFER_ENCODING) {
229 http_header_response_unset(con, HTTP_HEADER_TRANSFER_ENCODING, CONST_STR_LEN("Transfer-Encoding"));
230 }
231 if (!preserve_length) { /* preserve for HEAD responses and no-content responses (204, 205, 304) */
232 con->response.content_length = -1;
233 if (con->response.htags & HTTP_HEADER_CONTENT_LENGTH) {
234 http_header_response_unset(con, HTTP_HEADER_CONTENT_LENGTH, CONST_STR_LEN("Content-Length"));
235 }
236 }
237 chunkqueue_reset(con->write_queue);
238 }
239
240
241 static int http_response_parse_range(server *srv, connection *con, buffer *path, stat_cache_entry *sce, const char *range) {
242 int multipart = 0;
243 int error;
244 off_t start, end;
245 const char *s, *minus;
246 static const char boundary[] = "fkj49sn38dcn3";
247 buffer *content_type = http_header_response_get(con, HTTP_HEADER_CONTENT_TYPE, CONST_STR_LEN("Content-Type"));
248
249 start = 0;
250 end = sce->st.st_size - 1;
251
252 con->response.content_length = 0;
253
254 for (s = range, error = 0;
255 !error && *s && NULL != (minus = strchr(s, '-')); ) {
256 char *err;
257 off_t la = 0, le;
258 *((const char **)&err) = s; /*(quiet clang --analyze)*/
259
260 if (s != minus) {
261 la = strtoll(s, &err, 10);
262 if (err != minus) {
263 /* should not have multiple range-unit in Range, but
264 * handle just in case multiple Range headers merged */
265 while (*s == ' ' || *s == '\t') ++s;
266 if (0 != strncmp(s, "bytes=", 6)) return -1;
267 s += 6;
268 if (s != minus) {
269 la = strtoll(s, &err, 10);
270 if (err != minus) return -1;
271 }
272 }
273 }
274
275 if (s == minus) {
276 /* -<stop> */
277
278 le = strtoll(s, &err, 10);
279
280 if (le == 0) {
281 /* RFC 2616 - 14.35.1 */
282
283 con->http_status = 416;
284 error = 1;
285 } else if (*err == '\0') {
286 /* end */
287 s = err;
288
289 end = sce->st.st_size - 1;
290 start = sce->st.st_size + le;
291 } else if (*err == ',') {
292 multipart = 1;
293 s = err + 1;
294
295 end = sce->st.st_size - 1;
296 start = sce->st.st_size + le;
297 } else {
298 error = 1;
299 }
300
301 } else if (*(minus+1) == '\0' || *(minus+1) == ',') {
302 /* <start>- */
303
304 /* ok */
305
306 if (*(err + 1) == '\0') {
307 s = err + 1;
308
309 end = sce->st.st_size - 1;
310 start = la;
311
312 } else if (*(err + 1) == ',') {
313 multipart = 1;
314 s = err + 2;
315
316 end = sce->st.st_size - 1;
317 start = la;
318 } else {
319 error = 1;
320 }
321 } else {
322 /* <start>-<stop> */
323
324 le = strtoll(minus+1, &err, 10);
325
326 /* RFC 2616 - 14.35.1 */
327 if (la > le) {
328 error = 1;
329 }
330
331 if (*err == '\0') {
332 /* ok, end*/
333 s = err;
334
335 end = le;
336 start = la;
337 } else if (*err == ',') {
338 multipart = 1;
339 s = err + 1;
340
341 end = le;
342 start = la;
343 } else {
344 /* error */
345
346 error = 1;
347 }
348 }
349
350 if (!error) {
351 if (start < 0) start = 0;
352
353 /* RFC 2616 - 14.35.1 */
354 if (end > sce->st.st_size - 1) end = sce->st.st_size - 1;
355
356 if (start > sce->st.st_size - 1) {
357 error = 1;
358
359 con->http_status = 416;
360 }
361 }
362
363 if (!error) {
364 if (multipart) {
365 /* write boundary-header */
366 buffer *b = srv->tmp_buf;
367 buffer_copy_string_len(b, CONST_STR_LEN("\r\n--"));
368 buffer_append_string_len(b, boundary, sizeof(boundary)-1);
369
370 /* write Content-Range */
371 buffer_append_string_len(b, CONST_STR_LEN("\r\nContent-Range: bytes "));
372 buffer_append_int(b, start);
373 buffer_append_string_len(b, CONST_STR_LEN("-"));
374 buffer_append_int(b, end);
375 buffer_append_string_len(b, CONST_STR_LEN("/"));
376 buffer_append_int(b, sce->st.st_size);
377
378 if (content_type) {
379 buffer_append_string_len(b, CONST_STR_LEN("\r\nContent-Type: "));
380 buffer_append_string_buffer(b, content_type);
381 }
382
383 /* write END-OF-HEADER */
384 buffer_append_string_len(b, CONST_STR_LEN("\r\n\r\n"));
385
386 con->response.content_length += buffer_string_length(b);
387 chunkqueue_append_mem(con->write_queue, CONST_BUF_LEN(b));
388 }
389
390 chunkqueue_append_file(con->write_queue, path, start, end - start + 1);
391 con->response.content_length += end - start + 1;
392 }
393 }
394
395 /* something went wrong */
396 if (error) return -1;
397
398 if (multipart) {
399 /* add boundary end */
400 buffer *b = srv->tmp_buf;
401 buffer_copy_string_len(b, "\r\n--", 4);
402 buffer_append_string_len(b, boundary, sizeof(boundary)-1);
403 buffer_append_string_len(b, "--\r\n", 4);
404
405 con->response.content_length += buffer_string_length(b);
406 chunkqueue_append_mem(con->write_queue, CONST_BUF_LEN(b));
407
408 /* set header-fields */
409
410 buffer_copy_string_len(srv->tmp_buf, CONST_STR_LEN("multipart/byteranges; boundary="));
411 buffer_append_string_len(srv->tmp_buf, boundary, sizeof(boundary)-1);
412
413 /* overwrite content-type */
414 http_header_response_set(con, HTTP_HEADER_CONTENT_TYPE, CONST_STR_LEN("Content-Type"), CONST_BUF_LEN(srv->tmp_buf));
415 } else {
416 /* add Content-Range-header */
417
418 buffer_copy_string_len(srv->tmp_buf, CONST_STR_LEN("bytes "));
419 buffer_append_int(srv->tmp_buf, start);
420 buffer_append_string_len(srv->tmp_buf, CONST_STR_LEN("-"));
421 buffer_append_int(srv->tmp_buf, end);
422 buffer_append_string_len(srv->tmp_buf, CONST_STR_LEN("/"));
423 buffer_append_int(srv->tmp_buf, sce->st.st_size);
424
425 http_header_response_set(con, HTTP_HEADER_OTHER, CONST_STR_LEN("Content-Range"), CONST_BUF_LEN(srv->tmp_buf));
426 }
427
428 /* ok, the file is set-up */
429 return 0;
430 }
431
432
433 void http_response_send_file (server *srv, connection *con, buffer *path) {
434 stat_cache_entry *sce = NULL;
435 buffer *mtime = NULL;
436 buffer *vb;
437 int allow_caching = (0 == con->http_status || 200 == con->http_status);
438
439 if (HANDLER_ERROR == stat_cache_get_entry(srv, con, path, &sce)) {
440 con->http_status = (errno == ENOENT) ? 404 : 403;
441
442 log_error_write(srv, __FILE__, __LINE__, "sbsb",
443 "not a regular file:", con->uri.path,
444 "->", path);
445
446 return;
447 }
448
449 if (!con->conf.follow_symlink
450 && 0 != stat_cache_path_contains_symlink(srv, path)) {
451 con->http_status = 403;
452
453 if (con->conf.log_request_handling) {
454 log_error_write(srv, __FILE__, __LINE__, "s", "-- access denied due symlink restriction");
455 log_error_write(srv, __FILE__, __LINE__, "sb", "Path :", path);
456 }
457
458 return;
459 }
460
461 /* we only handle regular files */
462 if (!S_ISREG(sce->st.st_mode)) {
463 con->http_status = 403;
464
465 if (con->conf.log_file_not_found) {
466 log_error_write(srv, __FILE__, __LINE__, "sbsb",
467 "not a regular file:", con->uri.path,
468 "->", sce->name);
469 }
470
471 return;
472 }
473
474 /*(Note: O_NOFOLLOW affects only the final path segment,
475 * the target file, not any intermediate symlinks along path)*/
476 const int fd = (0 != sce->st.st_size)
477 ? fdevent_open_cloexec(path->ptr, con->conf.follow_symlink, O_RDONLY, 0)
478 : -1;
479 if (fd < 0 && 0 != sce->st.st_size) {
480 con->http_status = (errno == ENOENT) ? 404 : 403;
481 if (con->conf.log_request_handling) {
482 log_error_write(srv, __FILE__, __LINE__, "sbs", "file open failed:", path, strerror(errno));
483 }
484 return;
485 }
486
487 /* mod_compress might set several data directly, don't overwrite them */
488
489 /* set response content-type, if not set already */
490
491 if (NULL == http_header_response_get(con, HTTP_HEADER_CONTENT_TYPE, CONST_STR_LEN("Content-Type"))) {
492 stat_cache_content_type_get(srv, con, path, sce);
493 if (buffer_string_is_empty(sce->content_type)) {
494 /* we are setting application/octet-stream, but also announce that
495 * this header field might change in the seconds few requests
496 *
497 * This should fix the aggressive caching of FF and the script download
498 * seen by the first installations
499 */
500 http_header_response_set(con, HTTP_HEADER_CONTENT_TYPE, CONST_STR_LEN("Content-Type"), CONST_STR_LEN("application/octet-stream"));
501
502 allow_caching = 0;
503 } else {
504 http_header_response_set(con, HTTP_HEADER_CONTENT_TYPE, CONST_STR_LEN("Content-Type"), CONST_BUF_LEN(sce->content_type));
505 }
506 }
507
508 if (con->conf.range_requests) {
509 http_header_response_append(con, HTTP_HEADER_OTHER, CONST_STR_LEN("Accept-Ranges"), CONST_STR_LEN("bytes"));
510 }
511
512 if (allow_caching) {
513 if (con->etag_flags != 0 && !buffer_string_is_empty(stat_cache_etag_get(sce, con->etag_flags))) {
514 if (NULL == http_header_response_get(con, HTTP_HEADER_ETAG, CONST_STR_LEN("ETag"))) {
515 /* generate e-tag */
516 etag_mutate(con->physical.etag, sce->etag);
517
518 http_header_response_set(con, HTTP_HEADER_ETAG, CONST_STR_LEN("ETag"), CONST_BUF_LEN(con->physical.etag));
519 }
520 }
521
522 /* prepare header */
523 if (NULL == (mtime = http_header_response_get(con, HTTP_HEADER_LAST_MODIFIED, CONST_STR_LEN("Last-Modified")))) {
524 mtime = strftime_cache_get(srv, sce->st.st_mtime);
525 http_header_response_set(con, HTTP_HEADER_LAST_MODIFIED, CONST_STR_LEN("Last-Modified"), CONST_BUF_LEN(mtime));
526 }
527
528 if (HANDLER_FINISHED == http_response_handle_cachable(srv, con, mtime)) {
529 if (fd >= 0) close(fd);
530 return;
531 }
532 }
533
534 if (fd < 0) { /* 0-length file */
535 con->http_status = 200;
536 con->file_finished = 1;
537 return;
538 }
539
540 if (con->conf.range_requests
541 && (200 == con->http_status || 0 == con->http_status)
542 && NULL != (vb = http_header_request_get(con, HTTP_HEADER_RANGE, CONST_STR_LEN("Range")))
543 && NULL == http_header_response_get(con, HTTP_HEADER_CONTENT_ENCODING, CONST_STR_LEN("Content-Encoding"))) {
544 buffer *range = vb;
545 int do_range_request = 1;
546 /* check if we have a conditional GET */
547
548 if (NULL != (vb = http_header_request_get(con, HTTP_HEADER_OTHER, CONST_STR_LEN("If-Range")))) {
549 /* if the value is the same as our ETag, we do a Range-request,
550 * otherwise a full 200 */
551
552 if (vb->ptr[0] == '"') {
553 /**
554 * client wants a ETag
555 */
556 if (!con->physical.etag) {
557 do_range_request = 0;
558 } else if (!buffer_is_equal(vb, con->physical.etag)) {
559 do_range_request = 0;
560 }
561 } else if (!mtime) {
562 /**
563 * we don't have a Last-Modified and can match the If-Range:
564 *
565 * sending all
566 */
567 do_range_request = 0;
568 } else if (!buffer_is_equal(vb, mtime)) {
569 do_range_request = 0;
570 }
571 }
572
573 if (do_range_request
574 && !buffer_string_is_empty(range)
575 && 0 == strncmp(range->ptr, "bytes=", 6)) {
576 /* support only "bytes" byte-unit */
577 /* content prepared, I'm done */
578 con->file_finished = 1;
579
580 if (0 == http_response_parse_range(srv, con, path, sce, range->ptr+6)) {
581 con->http_status = 206;
582 }
583 close(fd);
584 return;
585 }
586 }
587
588 /* if we are still here, prepare body */
589
590 /* we add it here for all requests
591 * the HEAD request will drop it afterwards again
592 */
593
594 if (0 == http_chunk_append_file_fd(srv, con, path, fd, sce->st.st_size)) {
595 con->http_status = 200;
596 con->file_finished = 1;
597 }
598 else {
599 con->http_status = 500;
600 }
601 }
602
603
604 static void http_response_xsendfile (server *srv, connection *con, buffer *path, const array *xdocroot) {
605 const int status = con->http_status;
606 int valid = 1;
607
608 /* reset Content-Length, if set by backend
609 * Content-Length might later be set to size of X-Sendfile static file,
610 * determined by open(), fstat() to reduces race conditions if the file
611 * is modified between stat() (stat_cache_get_entry()) and open(). */
612 if (con->response.htags & HTTP_HEADER_CONTENT_LENGTH) {
613 http_header_response_unset(con, HTTP_HEADER_CONTENT_LENGTH, CONST_STR_LEN("Content-Length"));
614 con->response.content_length = -1;
615 }
616
617 buffer_urldecode_path(path);
618 if (!buffer_is_valid_UTF8(path)) {
619 log_error_write(srv, __FILE__, __LINE__, "sb",
620 "X-Sendfile invalid UTF-8 after url-decode:", path);
621 if (con->http_status < 400) {
622 con->http_status = 502;
623 con->mode = DIRECT;
624 }
625 return;
626 }
627 buffer_path_simplify(path, path);
628 if (con->conf.force_lowercase_filenames) {
629 buffer_to_lower(path);
630 }
631
632 /* check that path is under xdocroot(s)
633 * - xdocroot should have trailing slash appended at config time
634 * - con->conf.force_lowercase_filenames is not a server-wide setting,
635 * and so can not be definitively applied to xdocroot at config time*/
636 if (xdocroot->used) {
637 size_t i, xlen = buffer_string_length(path);
638 for (i = 0; i < xdocroot->used; ++i) {
639 data_string *ds = (data_string *)xdocroot->data[i];
640 size_t dlen = buffer_string_length(ds->value);
641 if (dlen <= xlen
642 && (!con->conf.force_lowercase_filenames
643 ? 0 == memcmp(path->ptr, ds->value->ptr, dlen)
644 : 0 == strncasecmp(path->ptr, ds->value->ptr, dlen))) {
645 break;
646 }
647 }
648 if (i == xdocroot->used) {
649 log_error_write(srv, __FILE__, __LINE__, "SBs",
650 "X-Sendfile (", path,
651 ") not under configured x-sendfile-docroot(s)");
652 con->http_status = 403;
653 valid = 0;
654 }
655 }
656
657 if (valid) http_response_send_file(srv, con, path);
658
659 if (con->http_status >= 400 && status < 300) {
660 con->mode = DIRECT;
661 } else if (0 != status && 200 != status) {
662 con->http_status = status;
663 }
664 }
665
666
667 static void http_response_xsendfile2(server *srv, connection *con, const buffer *value, const array *xdocroot) {
668 const char *pos = value->ptr;
669 buffer *b = srv->tmp_buf;
670 const int status = con->http_status;
671
672 /* reset Content-Length, if set by backend */
673 if (con->response.htags & HTTP_HEADER_CONTENT_LENGTH) {
674 http_header_response_unset(con, HTTP_HEADER_CONTENT_LENGTH, CONST_STR_LEN("Content-Length"));
675 con->response.content_length = -1;
676 }
677
678 while (*pos) {
679 const char *filename, *range;
680 stat_cache_entry *sce;
681 off_t begin_range, end_range, range_len;
682
683 while (' ' == *pos) pos++;
684 if (!*pos) break;
685
686 filename = pos;
687 if (NULL == (range = strchr(pos, ' '))) {
688 /* missing range */
689 log_error_write(srv, __FILE__, __LINE__, "ss",
690 "Couldn't find range after filename:", filename);
691 con->http_status = 502;
692 break;
693 }
694 buffer_copy_string_len(b, filename, range - filename);
695
696 /* find end of range */
697 for (pos = ++range; *pos && *pos != ' ' && *pos != ','; pos++) ;
698
699 buffer_urldecode_path(b);
700 if (!buffer_is_valid_UTF8(b)) {
701 log_error_write(srv, __FILE__, __LINE__, "sb",
702 "X-Sendfile2 invalid UTF-8 after url-decode:", b);
703 con->http_status = 502;
704 break;
705 }
706 buffer_path_simplify(b, b);
707 if (con->conf.force_lowercase_filenames) {
708 buffer_to_lower(b);
709 }
710 if (xdocroot->used) {
711 size_t i, xlen = buffer_string_length(b);
712 for (i = 0; i < xdocroot->used; ++i) {
713 data_string *ds = (data_string *)xdocroot->data[i];
714 size_t dlen = buffer_string_length(ds->value);
715 if (dlen <= xlen
716 && (!con->conf.force_lowercase_filenames
717 ? 0 == memcmp(b->ptr, ds->value->ptr, dlen)
718 : 0 == strncasecmp(b->ptr, ds->value->ptr, dlen))) {
719 break;
720 }
721 }
722 if (i == xdocroot->used) {
723 log_error_write(srv, __FILE__, __LINE__, "SBs",
724 "X-Sendfile2 (", b,
725 ") not under configured x-sendfile-docroot(s)");
726 con->http_status = 403;
727 break;
728 }
729 }
730
731 if (HANDLER_ERROR == stat_cache_get_entry(srv, con, b, &sce)) {
732 log_error_write(srv, __FILE__, __LINE__, "sb", "send-file error: "
733 "couldn't get stat_cache entry for X-Sendfile2:",
734 b);
735 con->http_status = 404;
736 break;
737 } else if (!S_ISREG(sce->st.st_mode)) {
738 log_error_write(srv, __FILE__, __LINE__, "sb",
739 "send-file error: wrong filetype for X-Sendfile2:",
740 b);
741 con->http_status = 502;
742 break;
743 }
744 /* found the file */
745
746 /* parse range */
747 end_range = sce->st.st_size - 1;
748 {
749 char *rpos = NULL;
750 errno = 0;
751 begin_range = strtoll(range, &rpos, 10);
752 if (errno != 0 || begin_range < 0 || rpos == range)
753 goto range_failed;
754 if ('-' != *rpos++) goto range_failed;
755 if (rpos != pos) {
756 range = rpos;
757 end_range = strtoll(range, &rpos, 10);
758 if (errno != 0 || end_range < 0 || rpos == range)
759 goto range_failed;
760 }
761 if (rpos != pos) goto range_failed;
762
763 goto range_success;
764
765 range_failed:
766 log_error_write(srv, __FILE__, __LINE__, "ss",
767 "Couldn't decode range after filename:", filename);
768 con->http_status = 502;
769 break;
770
771 range_success: ;
772 }
773
774 /* no parameters accepted */
775
776 while (*pos == ' ') pos++;
777 if (*pos != '\0' && *pos != ',') {
778 con->http_status = 502;
779 break;
780 }
781
782 range_len = end_range - begin_range + 1;
783 if (range_len < 0) {
784 con->http_status = 502;
785 break;
786 }
787 if (range_len != 0) {
788 if (0 != http_chunk_append_file_range(srv, con, b,
789 begin_range, range_len)) {
790 con->http_status = 502;
791 break;
792 }
793 }
794
795 if (*pos == ',') pos++;
796 }
797
798 if (con->http_status >= 400 && status < 300) {
799 con->mode = DIRECT;
800 } else if (0 != status && 200 != status) {
801 con->http_status = status;
802 }
803 }
804
805
806 void http_response_backend_error (server *srv, connection *con) {
807 UNUSED(srv);
808 if (con->file_started) {
809 /*(response might have been already started, kill the connection)*/
810 /*(mode == DIRECT to avoid later call to http_response_backend_done())*/
811 con->mode = DIRECT; /*(avoid sending final chunked block)*/
812 con->keep_alive = 0; /*(no keep-alive; final chunked block not sent)*/
813 con->file_finished = 1;
814 } /*(else error status set later by http_response_backend_done())*/
815 }
816
817 void http_response_backend_done (server *srv, connection *con) {
818 /* (not CON_STATE_ERROR and not CON_STATE_RESPONSE_END,
819 * i.e. not called from handle_connection_close or connection_reset
820 * hooks, except maybe from errdoc handler, which later resets state)*/
821 switch (con->state) {
822 case CON_STATE_HANDLE_REQUEST:
823 case CON_STATE_READ_POST:
824 if (!con->file_started) {
825 /* Send an error if we haven't sent any data yet */
826 con->http_status = 500;
827 con->mode = DIRECT;
828 break;
829 } /* else fall through */
830 case CON_STATE_WRITE:
831 if (!con->file_finished) {
832 http_chunk_close(srv, con);
833 con->file_finished = 1;
834 }
835 default:
836 break;
837 }
838 }
839
840
841 void http_response_upgrade_read_body_unknown(server *srv, connection *con) {
842 /* act as transparent proxy */
843 UNUSED(srv);
844 if (!(con->conf.stream_request_body & FDEVENT_STREAM_REQUEST))
845 con->conf.stream_request_body |=
846 (FDEVENT_STREAM_REQUEST_BUFMIN | FDEVENT_STREAM_REQUEST);
847 if (!(con->conf.stream_response_body & FDEVENT_STREAM_RESPONSE))
848 con->conf.stream_response_body |=
849 (FDEVENT_STREAM_RESPONSE_BUFMIN | FDEVENT_STREAM_RESPONSE);
850 con->conf.stream_request_body |= FDEVENT_STREAM_REQUEST_POLLIN;
851 con->request.content_length = -2;
852 con->keep_alive = 0;
853 }
854
855
856 static handler_t http_response_process_local_redir(server *srv, connection *con, size_t blen) {
857 /* [RFC3875] The Common Gateway Interface (CGI) Version 1.1
858 * [RFC3875] 6.2.2 Local Redirect Response
859 *
860 * The CGI script can return a URI path and query-string
861 * ('local-pathquery') for a local resource in a Location header field.
862 * This indicates to the server that it should reprocess the request
863 * using the path specified.
864 *
865 * local-redir-response = local-Location NL
866 *
867 * The script MUST NOT return any other header fields or a message-body,
868 * and the server MUST generate the response that it would have produced
869 * in response to a request containing the URL
870 *
871 * scheme "://" server-name ":" server-port local-pathquery
872 *
873 * (Might not have begun to receive body yet, but do skip local-redir
874 * if we already have started receiving a response body (blen > 0))
875 * (Also, while not required by the RFC, do not send local-redir back
876 * to same URL, since CGI should have handled it internally if it
877 * really wanted to do that internally)
878 */
879
880 /* con->http_status >= 300 && con->http_status < 400) */
881 size_t ulen = buffer_string_length(con->uri.path);
882 buffer *vb = http_header_response_get(con, HTTP_HEADER_LOCATION, CONST_STR_LEN("Location"));
883 if (NULL != vb
884 && vb->ptr[0] == '/'
885 && (0 != strncmp(vb->ptr, con->uri.path->ptr, ulen)
886 || ( vb->ptr[ulen] != '\0'
887 && vb->ptr[ulen] != '/'
888 && vb->ptr[ulen] != '?'))
889 && 0 == blen
890 && !(con->response.htags & HTTP_HEADER_STATUS) /*no "Status" or NPH response*/
891 && 1 == con->response.headers->used) {
892 if (++con->loops_per_request > 5) {
893 log_error_write(srv, __FILE__, __LINE__, "sb",
894 "too many internal loops while processing request:",
895 con->request.orig_uri);
896 con->http_status = 500; /* Internal Server Error */
897 con->mode = DIRECT;
898 return HANDLER_FINISHED;
899 }
900
901 buffer_copy_buffer(con->request.uri, vb);
902
903 if (con->request.content_length) {
904 if (con->request.content_length
905 != con->request_content_queue->bytes_in) {
906 con->keep_alive = 0;
907 }
908 con->request.content_length = 0;
909 chunkqueue_reset(con->request_content_queue);
910 }
911
912 if (con->http_status != 307 && con->http_status != 308) {
913 /* Note: request body (if any) sent to initial dynamic handler
914 * and is not available to the internal redirect */
915 con->request.http_method = HTTP_METHOD_GET;
916 }
917
918 /*(caller must reset request as follows)*/
919 /*connection_response_reset(srv, con);*/ /*(sets con->http_status = 0)*/
920 /*plugins_call_connection_reset(srv, con);*/
921
922 return HANDLER_COMEBACK;
923 }
924
925 return HANDLER_GO_ON;
926 }
927
928
929 static int http_response_process_headers(server *srv, connection *con, http_response_opts *opts, buffer *hdrs) {
930 char *ns;
931 const char *s;
932 int line = 0;
933 int status_is_set = 0;
934
935 for (s = hdrs->ptr; NULL != (ns = strchr(s, '\n')); s = ns + 1, ++line) {
936 const char *key, *value;
937 int key_len;
938 enum http_header_e id;
939
940 /* strip the \n */
941 ns[0] = '\0';
942 if (ns > s && ns[-1] == '\r') ns[-1] = '\0';
943
944 if (0 == line && 0 == strncmp(s, "HTTP/1.", 7)) {
945 /* non-parsed headers ... we parse them anyway */
946 if ((s[7] == '1' || s[7] == '0') && s[8] == ' ') {
947 /* after the space should be a status code for us */
948 int status = strtol(s+9, NULL, 10);
949 if (status >= 100 && status < 1000) {
950 status_is_set = 1;
951 con->response.htags |= HTTP_HEADER_STATUS;
952 con->http_status = status;
953 } /* else we expected 3 digits and didn't get them */
954 }
955
956 if (0 == con->http_status) {
957 log_error_write(srv, __FILE__, __LINE__, "ss",
958 "invalid HTTP status line:", s);
959 con->http_status = 502; /* Bad Gateway */
960 con->mode = DIRECT;
961 return -1;
962 }
963
964 continue;
965 }
966
967 /* parse the headers */
968 key = s;
969 if (NULL == (value = strchr(s, ':'))) {
970 /* we expect: "<key>: <value>\r\n" */
971 continue;
972 }
973
974 key_len = value - key;
975 do { ++value; } while (*value == ' ' || *value == '\t'); /* skip LWS */
976 id = http_header_hkey_get(key, key_len);
977
978 if (opts->authorizer) {
979 if (0 == con->http_status || 200 == con->http_status) {
980 if (id == HTTP_HEADER_STATUS) {
981 int status = strtol(value, NULL, 10);
982 if (status >= 100 && status < 1000) {
983 con->http_status = status;
984 } else {
985 con->http_status = 502; /* Bad Gateway */
986 break;
987 }
988 } else if (id == HTTP_HEADER_OTHER && key_len > 9
989 && 0==strncasecmp(key, CONST_STR_LEN("Variable-"))) {
990 http_header_env_append(con, key + 9, key_len - 9, value, strlen(value));
991 }
992 continue;
993 }
994 }
995
996 switch (id) {
997 case HTTP_HEADER_STATUS:
998 {
999 int status;
1000 if (opts->backend == BACKEND_PROXY) break; /*(pass w/o parse)*/
1001 status = strtol(value, NULL, 10);
1002 if (status >= 100 && status < 1000) {
1003 con->http_status = status;
1004 status_is_set = 1;
1005 } else {
1006 con->http_status = 502;
1007 con->mode = DIRECT;
1008 }
1009 continue; /* do not send Status to client */
1010 }
1011 break;
1012 case HTTP_HEADER_UPGRADE:
1013 /*(technically, should also verify Connection: upgrade)*/
1014 /*(flag only for mod_proxy and mod_cgi (for now))*/
1015 if (opts->backend != BACKEND_PROXY
1016 && opts->backend != BACKEND_CGI) {
1017 id = HTTP_HEADER_OTHER;
1018 }
1019 break;
1020 case HTTP_HEADER_CONNECTION:
1021 if (opts->backend == BACKEND_PROXY) continue;
1022 /*(should parse for tokens and do case-insensitive match for "close"
1023 * but this is an imperfect though simplistic attempt to honor
1024 * backend request to close)*/
1025 if (NULL != strstr(value, "lose")) con->keep_alive = 0;
1026 break;
1027 case HTTP_HEADER_CONTENT_LENGTH:
1028 con->response.content_length = strtoul(value, NULL, 10);
1029 break;
1030 case HTTP_HEADER_TRANSFER_ENCODING:
1031 if (opts->backend == BACKEND_PROXY) {
1032 log_error_write(srv, __FILE__, __LINE__, "s",
1033 "proxy backend sent invalid response header "
1034 "(Transfer-Encoding) to HTTP/1.0 request");
1035 con->http_status = 502; /* Bad Gateway */
1036 con->mode = DIRECT;
1037 return -1;
1038 }
1039 break;
1040 default:
1041 break;
1042 }
1043
1044 http_header_response_insert(con, id, key, key_len, value, strlen(value));
1045 }
1046
1047 /* CGI/1.1 rev 03 - 7.2.1.2 */
1048 /* (proxy requires Status-Line, so never true for proxy)*/
1049 if (!status_is_set && (con->response.htags & HTTP_HEADER_LOCATION)) {
1050 con->http_status = 302;
1051 }
1052
1053 return 0;
1054 }
1055
1056
1057 handler_t http_response_parse_headers(server *srv, connection *con, http_response_opts *opts, buffer *b) {
1058 /**
1059 * possible formats of response headers:
1060 *
1061 * proxy or NPH (non-parsed headers):
1062 *
1063 * HTTP/1.0 200 Ok\n
1064 * Header: Value\n
1065 * \n
1066 *
1067 * CGI:
1068 *
1069 * Header: Value\n
1070 * Status: 200\n
1071 * \n
1072 *
1073 * and different mixes of \n and \r\n combinations
1074 *
1075 * Some users also forget about CGI and just send a response
1076 * and hope we handle it. No headers, no header-content separator
1077 */
1078
1079 int is_nph = (0 == strncmp(b->ptr, "HTTP/1.", 7)); /*nph (non-parsed hdrs)*/
1080 int is_header_end = 0;
1081 size_t last_eol = 0;
1082 size_t i = 0, header_len = buffer_string_length(b);
1083 const char *bstart;
1084 size_t blen;
1085
1086 if (b->ptr[0] == '\n' || (b->ptr[0] == '\r' && b->ptr[1] == '\n')) {
1087 /* no HTTP headers */
1088 i = (b->ptr[0] == '\n') ? 0 : 1;
1089 is_header_end = 1;
1090 } else if (is_nph || b->ptr[(i = strcspn(b->ptr, ":\n"))] == ':') {
1091 /* HTTP headers */
1092 ++i;
1093 for (char *c; NULL != (c = strchr(b->ptr+i, '\n')); ++i) {
1094 i = (uintptr_t)(c - b->ptr);
1095 /**
1096 * check if we saw a \n(\r)?\n sequence
1097 */
1098 if (last_eol > 0 &&
1099 ((i - last_eol == 1) ||
1100 (i - last_eol == 2 && b->ptr[i - 1] == '\r'))) {
1101 is_header_end = 1;
1102 break;
1103 }
1104
1105 last_eol = i;
1106 }
1107 } else if (i == header_len) { /* (no newline yet; partial header line?) */
1108 } else if (opts->backend == BACKEND_CGI) {
1109 /* no HTTP headers, but a body (special-case for CGI compat) */
1110 /* no colon found; does not appear to be HTTP headers */
1111 if (0 != http_chunk_append_buffer(srv, con, b)) {
1112 return HANDLER_ERROR;
1113 }
1114 con->http_status = 200; /* OK */
1115 con->file_started = 1;
1116 return HANDLER_GO_ON;
1117 } else {
1118 /* invalid response headers */
1119 con->http_status = 502; /* Bad Gateway */
1120 con->mode = DIRECT;
1121 return HANDLER_FINISHED;
1122 }
1123
1124 if (!is_header_end) {
1125 /*(reuse MAX_HTTP_REQUEST_HEADER as max size
1126 * for response headers from backends)*/
1127 if (header_len > MAX_HTTP_REQUEST_HEADER) {
1128 log_error_write(srv, __FILE__, __LINE__, "sb",
1129 "response headers too large for", con->uri.path);
1130 con->http_status = 502; /* Bad Gateway */
1131 con->mode = DIRECT;
1132 return HANDLER_FINISHED;
1133 }
1134 return HANDLER_GO_ON;
1135 }
1136
1137 /* the body starts after the EOL */
1138 bstart = b->ptr + (i + 1);
1139 blen = header_len - (i + 1);
1140
1141 /* strip the last \r?\n */
1142 if (i > 0 && (b->ptr[i - 1] == '\r')) {
1143 i--;
1144 }
1145
1146 buffer_string_set_length(b, i);
1147
1148 if (opts->backend == BACKEND_PROXY && !is_nph) {
1149 /* invalid response Status-Line from HTTP proxy */
1150 con->http_status = 502; /* Bad Gateway */
1151 con->mode = DIRECT;
1152 return HANDLER_FINISHED;
1153 }
1154
1155 if (0 != http_response_process_headers(srv, con, opts, b)) {
1156 return HANDLER_ERROR;
1157 }
1158
1159 con->file_started = 1;
1160
1161 if (opts->authorizer
1162 && (con->http_status == 0 || con->http_status == 200)) {
1163 return HANDLER_GO_ON;
1164 }
1165
1166 if (con->mode == DIRECT) {
1167 return HANDLER_FINISHED;
1168 }
1169
1170 if (opts->local_redir && con->http_status >= 300 && con->http_status < 400){
1171 /*(con->response.htags & HTTP_HEADER_LOCATION)*/
1172 handler_t rc = http_response_process_local_redir(srv, con, blen);
1173 if (con->mode == DIRECT) con->file_started = 0;
1174 if (rc != HANDLER_GO_ON) return rc;
1175 }
1176
1177 if (opts->xsendfile_allow) {
1178 buffer *vb;
1179 /* X-Sendfile2 is deprecated; historical for fastcgi */
1180 if (opts->backend == BACKEND_FASTCGI
1181 && NULL != (vb = http_header_response_get(con, HTTP_HEADER_OTHER, CONST_STR_LEN("X-Sendfile2")))) {
1182 http_response_xsendfile2(srv, con, vb, opts->xsendfile_docroot);
1183 /* http_header_response_unset() shortcut for HTTP_HEADER_OTHER */
1184 buffer_clear(vb); /*(do not send to client)*/
1185 if (con->mode == DIRECT) con->file_started = 0;
1186 return HANDLER_FINISHED;
1187 } else if (NULL != (vb = http_header_response_get(con, HTTP_HEADER_OTHER, CONST_STR_LEN("X-Sendfile")))
1188 || (opts->backend == BACKEND_FASTCGI /* X-LIGHTTPD-send-file is deprecated; historical for fastcgi */
1189 && NULL != (vb = http_header_response_get(con, HTTP_HEADER_OTHER, CONST_STR_LEN("X-LIGHTTPD-send-file"))))) {
1190 http_response_xsendfile(srv, con, vb, opts->xsendfile_docroot);
1191 /* http_header_response_unset() shortcut for HTTP_HEADER_OTHER */
1192 buffer_clear(vb); /*(do not send to client)*/
1193 if (con->mode == DIRECT) con->file_started = 0;
1194 return HANDLER_FINISHED;
1195 }
1196 }
1197
1198 if (blen > 0) {
1199 if (0 != http_chunk_append_mem(srv, con, bstart, blen)) {
1200 return HANDLER_ERROR;
1201 }
1202 }
1203
1204 /* (callback for response headers complete) */
1205 return (opts->headers) ? opts->headers(srv, con, opts) : HANDLER_GO_ON;
1206 }
1207
1208
1209 handler_t http_response_read(server *srv, connection *con, http_response_opts *opts, buffer *b, fdnode *fdn) {
1210 const int fd = fdn->fd;
1211 while (1) {
1212 ssize_t n;
1213 size_t avail = buffer_string_space(b);
1214 unsigned int toread = 0;
1215
1216 if (0 == fdevent_ioctl_fionread(fd, opts->fdfmt, (int *)&toread)) {
1217 if (avail < toread) {
1218 size_t blen = buffer_string_length(b);
1219 if (toread + blen < 4096)
1220 toread = 4095 - blen;
1221 else if (toread > MAX_READ_LIMIT)
1222 toread = MAX_READ_LIMIT;
1223 }
1224 else if (0 == toread) {
1225 #if 0
1226 return (fdevent_fdnode_interest(fdn) & FDEVENT_IN)
1227 ? HANDLER_FINISHED /* read finished */
1228 : HANDLER_GO_ON; /* optimistic read; data not ready */
1229 #else
1230 if (!(fdevent_fdnode_interest(fdn) & FDEVENT_IN)) {
1231 if (!(con->conf.stream_response_body
1232 & FDEVENT_STREAM_RESPONSE_POLLRDHUP))
1233 return HANDLER_GO_ON;/*optimistic read; data not ready*/
1234 }
1235 if (0 == avail) /* let read() below indicate if EOF or EAGAIN */
1236 toread = 1024;
1237 #endif
1238 }
1239 }
1240 else if (avail < 1024) {
1241 toread = 4095 - avail;
1242 }
1243
1244 if (con->conf.stream_response_body & FDEVENT_STREAM_RESPONSE_BUFMIN) {
1245 off_t cqlen = chunkqueue_length(con->write_queue);
1246 if (cqlen + (off_t)toread > 65536 - 4096) {
1247 if (!con->is_writable) {
1248 /*(defer removal of FDEVENT_IN interest since
1249 * connection_state_machine() might be able to send data
1250 * immediately, unless !con->is_writable, where
1251 * connection_state_machine() might not loop back to call
1252 * mod_proxy_handle_subrequest())*/
1253 fdevent_fdnode_event_clr(srv->ev, fdn, FDEVENT_IN);
1254 }
1255 if (cqlen >= 65536-1) return HANDLER_GO_ON;
1256 toread = 65536 - 1 - (unsigned int)cqlen;
1257 /* Note: heuristic is fuzzy in that it limits how much to read
1258 * from backend based on how much is pending to write to client.
1259 * Modules where data from backend is framed (e.g. FastCGI) may
1260 * want to limit how much is buffered from backend while waiting
1261 * for a complete data frame or data packet from backend. */
1262 }
1263 }
1264
1265 if (avail < toread) {
1266 /*(add avail+toread to reduce allocations when ioctl EOPNOTSUPP)*/
1267 avail = avail ? avail - 1 + toread : toread;
1268 buffer_string_prepare_append(b, avail);
1269 }
1270
1271 n = read(fd, b->ptr+buffer_string_length(b), avail);
1272
1273 if (n < 0) {
1274 switch (errno) {
1275 case EAGAIN:
1276 #ifdef EWOULDBLOCK
1277 #if EWOULDBLOCK != EAGAIN
1278 case EWOULDBLOCK:
1279 #endif
1280 #endif
1281 case EINTR:
1282 return HANDLER_GO_ON;
1283 default:
1284 log_error_write(srv, __FILE__, __LINE__, "ssdd",
1285 "read():", strerror(errno), con->fd, fd);
1286 return HANDLER_ERROR;
1287 }
1288 }
1289
1290 buffer_commit(b, (size_t)n);
1291
1292 if (NULL != opts->parse) {
1293 handler_t rc = opts->parse(srv, con, opts, b, (size_t)n);
1294 if (rc != HANDLER_GO_ON) return rc;
1295 } else if (0 == n) {
1296 /* note: no further data is sent to backend after read EOF on socket
1297 * (not checking for half-closed TCP socket)
1298 * (backend should read all data desired prior to closing socket,
1299 * though might send app-level close data frame, if applicable) */
1300 return HANDLER_FINISHED; /* read finished */
1301 } else if (0 == con->file_started) {
1302 /* split header from body */
1303 handler_t rc = http_response_parse_headers(srv, con, opts, b);
1304 if (rc != HANDLER_GO_ON) return rc;
1305 /* accumulate response in b until headers completed (or error) */
1306 if (con->file_started) buffer_clear(b);
1307 } else {
1308 if (0 != http_chunk_append_buffer(srv, con, b)) {
1309 /* error writing to tempfile;
1310 * truncate response or send 500 if nothing sent yet */
1311 return HANDLER_ERROR;
1312 }
1313 buffer_clear(b);
1314 }
1315
1316 if ((con->conf.stream_response_body & FDEVENT_STREAM_RESPONSE_BUFMIN)
1317 && chunkqueue_length(con->write_queue) > 65536 - 4096) {
1318 if (!con->is_writable) {
1319 /*(defer removal of FDEVENT_IN interest since
1320 * connection_state_machine() might be able to send
1321 * data immediately, unless !con->is_writable, where
1322 * connection_state_machine() might not loop back to
1323 * call the subrequest handler)*/
1324 fdevent_fdnode_event_clr(srv->ev, fdn, FDEVENT_IN);
1325 }
1326 break;
1327 }
1328
1329 if ((size_t)n < avail)
1330 break; /* emptied kernel read buffer or partial read */
1331 }
1332
1333 return HANDLER_GO_ON;
1334 }
1335
1336
1337 int http_cgi_headers (server *srv, connection *con, http_cgi_opts *opts, http_cgi_header_append_cb cb, void *vdata) {
1338
1339 /* CGI-SPEC 6.1.2, FastCGI spec 6.3 and SCGI spec */
1340
1341 int rc = 0;
1342 server_socket *srv_sock = con->srv_socket;
1343 const char *s;
1344 size_t n;
1345 char buf[LI_ITOSTRING_LENGTH];
1346 sock_addr *addr;
1347 sock_addr addrbuf;
1348 char b2[INET6_ADDRSTRLEN + 1];
1349
1350 /* (CONTENT_LENGTH must be first for SCGI) */
1351 if (!opts->authorizer) {
1352 li_itostrn(buf, sizeof(buf), con->request.content_length);
1353 rc |= cb(vdata, CONST_STR_LEN("CONTENT_LENGTH"), buf, strlen(buf));
1354 }
1355
1356 if (!buffer_string_is_empty(con->uri.query)) {
1357 rc |= cb(vdata, CONST_STR_LEN("QUERY_STRING"),
1358 CONST_BUF_LEN(con->uri.query));
1359 } else {
1360 rc |= cb(vdata, CONST_STR_LEN("QUERY_STRING"),
1361 CONST_STR_LEN(""));
1362 }
1363 if (!buffer_string_is_empty(opts->strip_request_uri)) {
1364 /**
1365 * /app1/index/list
1366 *
1367 * stripping /app1 or /app1/ should lead to
1368 *
1369 * /index/list
1370 *
1371 */
1372 size_t len = buffer_string_length(opts->strip_request_uri);
1373 if ('/' == opts->strip_request_uri->ptr[len-1]) {
1374 --len;
1375 }
1376
1377 if (buffer_string_length(con->request.orig_uri) >= len
1378 && 0 == memcmp(con->request.orig_uri->ptr,
1379 opts->strip_request_uri->ptr, len)
1380 && con->request.orig_uri->ptr[len] == '/') {
1381 rc |= cb(vdata, CONST_STR_LEN("REQUEST_URI"),
1382 con->request.orig_uri->ptr+len,
1383 buffer_string_length(con->request.orig_uri) - len);
1384 } else {
1385 rc |= cb(vdata, CONST_STR_LEN("REQUEST_URI"),
1386 CONST_BUF_LEN(con->request.orig_uri));
1387 }
1388 } else {
1389 rc |= cb(vdata, CONST_STR_LEN("REQUEST_URI"),
1390 CONST_BUF_LEN(con->request.orig_uri));
1391 }
1392 if (!buffer_is_equal(con->request.uri, con->request.orig_uri)) {
1393 rc |= cb(vdata, CONST_STR_LEN("REDIRECT_URI"),
1394 CONST_BUF_LEN(con->request.uri));
1395 }
1396 /* set REDIRECT_STATUS for php compiled with --force-redirect
1397 * (if REDIRECT_STATUS has not already been set by error handler) */
1398 if (0 == con->error_handler_saved_status) {
1399 rc |= cb(vdata, CONST_STR_LEN("REDIRECT_STATUS"),
1400 CONST_STR_LEN("200"));
1401 }
1402
1403 /*
1404 * SCRIPT_NAME, PATH_INFO and PATH_TRANSLATED according to
1405 * http://cgi-spec.golux.com/draft-coar-cgi-v11-03-clean.html
1406 * (6.1.14, 6.1.6, 6.1.7)
1407 */
1408 if (!opts->authorizer) {
1409 rc |= cb(vdata, CONST_STR_LEN("SCRIPT_NAME"),
1410 CONST_BUF_LEN(con->uri.path));
1411 if (!buffer_string_is_empty(con->request.pathinfo)) {
1412 rc |= cb(vdata, CONST_STR_LEN("PATH_INFO"),
1413 CONST_BUF_LEN(con->request.pathinfo));
1414 /* PATH_TRANSLATED is only defined if PATH_INFO is set */
1415 if (!buffer_string_is_empty(opts->docroot)) {
1416 buffer_copy_buffer(srv->tmp_buf, opts->docroot);
1417 } else {
1418 buffer_copy_buffer(srv->tmp_buf, con->physical.basedir);
1419 }
1420 buffer_append_string_buffer(srv->tmp_buf, con->request.pathinfo);
1421 rc |= cb(vdata, CONST_STR_LEN("PATH_TRANSLATED"),
1422 CONST_BUF_LEN(srv->tmp_buf));
1423 }
1424 }
1425
1426 /*
1427 * SCRIPT_FILENAME and DOCUMENT_ROOT for php
1428 * The PHP manual http://www.php.net/manual/en/reserved.variables.php
1429 * treatment of PATH_TRANSLATED is different from the one of CGI specs.
1430 * (see php.ini cgi.fix_pathinfo = 1 config parameter)
1431 */
1432
1433 if (!buffer_string_is_empty(opts->docroot)) {
1434 /* alternate docroot, e.g. for remote FastCGI or SCGI server */
1435 buffer_copy_buffer(srv->tmp_buf, opts->docroot);
1436 buffer_append_string_buffer(srv->tmp_buf, con->uri.path);
1437 rc |= cb(vdata, CONST_STR_LEN("SCRIPT_FILENAME"),
1438 CONST_BUF_LEN(srv->tmp_buf));
1439 rc |= cb(vdata, CONST_STR_LEN("DOCUMENT_ROOT"),
1440 CONST_BUF_LEN(opts->docroot));
1441 } else {
1442 if (opts->break_scriptfilename_for_php) {
1443 /* php.ini config cgi.fix_pathinfo = 1 need a broken SCRIPT_FILENAME
1444 * to find out what PATH_INFO is itself
1445 *
1446 * see src/sapi/cgi_main.c, init_request_info()
1447 */
1448 buffer_copy_buffer(srv->tmp_buf, con->physical.path);
1449 buffer_append_string_buffer(srv->tmp_buf, con->request.pathinfo);
1450 rc |= cb(vdata, CONST_STR_LEN("SCRIPT_FILENAME"),
1451 CONST_BUF_LEN(srv->tmp_buf));
1452 } else {
1453 rc |= cb(vdata, CONST_STR_LEN("SCRIPT_FILENAME"),
1454 CONST_BUF_LEN(con->physical.path));
1455 }
1456 rc |= cb(vdata, CONST_STR_LEN("DOCUMENT_ROOT"),
1457 CONST_BUF_LEN(con->physical.basedir));
1458 }
1459
1460 s = get_http_method_name(con->request.http_method);
1461 force_assert(s);
1462 rc |= cb(vdata, CONST_STR_LEN("REQUEST_METHOD"), s, strlen(s));
1463
1464 s = get_http_version_name(con->request.http_version);
1465 force_assert(s);
1466 rc |= cb(vdata, CONST_STR_LEN("SERVER_PROTOCOL"), s, strlen(s));
1467
1468 rc |= cb(vdata, CONST_STR_LEN("SERVER_SOFTWARE"),
1469 CONST_BUF_LEN(con->conf.server_tag));
1470
1471 rc |= cb(vdata, CONST_STR_LEN("GATEWAY_INTERFACE"),
1472 CONST_STR_LEN("CGI/1.1"));
1473
1474 rc |= cb(vdata, CONST_STR_LEN("REQUEST_SCHEME"),
1475 CONST_BUF_LEN(con->uri.scheme));
1476
1477 if (buffer_is_equal_string(con->uri.scheme, CONST_STR_LEN("https"))) {
1478 rc |= cb(vdata, CONST_STR_LEN("HTTPS"), CONST_STR_LEN("on"));
1479 }
1480
1481 addr = &srv_sock->addr;
1482 li_utostrn(buf, sizeof(buf), sock_addr_get_port(addr));
1483 rc |= cb(vdata, CONST_STR_LEN("SERVER_PORT"), buf, strlen(buf));
1484
1485 switch (addr->plain.sa_family) {
1486 case AF_INET:
1487 case AF_INET6:
1488 if (sock_addr_is_addr_wildcard(addr)) {
1489 socklen_t addrlen = sizeof(addrbuf);
1490 if (0 == getsockname(con->fd,(struct sockaddr *)&addrbuf,&addrlen)){
1491 addr = &addrbuf;
1492 } else {
1493 s = "";
1494 break;
1495 }
1496 }
1497 s = sock_addr_inet_ntop(addr, b2, sizeof(b2)-1);
1498 if (NULL == s) s = "";
1499 break;
1500 default:
1501 s = "";
1502 break;
1503 }
1504 force_assert(s);
1505 rc |= cb(vdata, CONST_STR_LEN("SERVER_ADDR"), s, strlen(s));
1506
1507 if (!buffer_string_is_empty(con->server_name)) {
1508 size_t len = buffer_string_length(con->server_name);
1509
1510 if (con->server_name->ptr[0] == '[') {
1511 const char *colon = strstr(con->server_name->ptr, "]:");
1512 if (colon) len = (colon + 1) - con->server_name->ptr;
1513 } else {
1514 const char *colon = strchr(con->server_name->ptr, ':');
1515 if (colon) len = colon - con->server_name->ptr;
1516 }
1517
1518 rc |= cb(vdata, CONST_STR_LEN("SERVER_NAME"),
1519 con->server_name->ptr, len);
1520 } else {
1521 /* set to be same as SERVER_ADDR (above) */
1522 rc |= cb(vdata, CONST_STR_LEN("SERVER_NAME"), s, strlen(s));
1523 }
1524
1525 rc |= cb(vdata, CONST_STR_LEN("REMOTE_ADDR"),
1526 CONST_BUF_LEN(con->dst_addr_buf));
1527
1528 li_utostrn(buf, sizeof(buf), sock_addr_get_port(&con->dst_addr));
1529 rc |= cb(vdata, CONST_STR_LEN("REMOTE_PORT"), buf, strlen(buf));
1530
1531 for (n = 0; n < con->request.headers->used; n++) {
1532 data_string *ds = (data_string *)con->request.headers->data[n];
1533 if (!buffer_string_is_empty(ds->value) && !buffer_is_empty(ds->key)) {
1534 /* Security: Do not emit HTTP_PROXY in environment.
1535 * Some executables use HTTP_PROXY to configure
1536 * outgoing proxy. See also https://httpoxy.org/ */
1537 if (buffer_is_equal_caseless_string(ds->key,
1538 CONST_STR_LEN("Proxy"))) {
1539 continue;
1540 }
1541 buffer_copy_string_encoded_cgi_varnames(srv->tmp_buf,
1542 CONST_BUF_LEN(ds->key), 1);
1543 rc |= cb(vdata, CONST_BUF_LEN(srv->tmp_buf),
1544 CONST_BUF_LEN(ds->value));
1545 }
1546 }
1547
1548 srv->request_env(srv, con);
1549
1550 for (n = 0; n < con->environment->used; n++) {
1551 data_string *ds = (data_string *)con->environment->data[n];
1552 if (!buffer_is_empty(ds->value) && !buffer_is_empty(ds->key)) {
1553 buffer_copy_string_encoded_cgi_varnames(srv->tmp_buf,
1554 CONST_BUF_LEN(ds->key), 0);
1555 rc |= cb(vdata, CONST_BUF_LEN(srv->tmp_buf),
1556 CONST_BUF_LEN(ds->value));
1557 }
1558 }
1559
1560 return rc;
1561 }
A fast webserver with minimal memory-footprint (lighttpd)