| blob | a94255e66122be1afd080e07575dd9587c60057d |
1 /*
2 * mod_fastcgi.c --
3 *
4 * Apache server module for FastCGI.
5 *
6 * $Id: mod_fastcgi.c,v 1.93 2000/05/24 15:09:39 robs Exp $
7 *
8 * Copyright (c) 1995-1996 Open Market, Inc.
9 *
10 * See the file "LICENSE.TERMS" for information on usage and redistribution
11 * of this file, and for a DISCLAIMER OF ALL WARRANTIES.
12 *
13 *
14 * Patches for Apache-1.1 provided by
15 * Ralf S. Engelschall
16 * <rse@en.muc.de>
17 *
18 * Patches for Linux provided by
19 * Scott Langley
20 * <langles@vote-smart.org>
21 *
22 * Patches for suexec handling by
23 * Brian Grossman <brian@SoftHome.net> and
24 * Rob Saccoccio <robs@ipass.net>
25 */
27 /*
28 * Module design notes.
29 *
30 * 1. Restart cleanup.
31 *
32 * mod_fastcgi spawns several processes: one process manager process
33 * and several application processes. None of these processes
34 * handle SIGHUP, so they just go away when the Web server performs
35 * a restart (as Apache does every time it starts.)
36 *
37 * In order to allow the process manager to properly cleanup the
38 * running fastcgi processes (without being disturbed by Apache),
39 * an intermediate process was introduced. The diagram is as follows;
40 *
41 * ApacheWS --> MiddleProc --> ProcMgr --> FCGI processes
42 *
43 * On a restart, ApacheWS sends a SIGKILL to MiddleProc and then
44 * collects it via waitpid(). The ProcMgr periodically checks for
45 * its parent (via getppid()) and if it does not have one, as in
46 * case when MiddleProc has terminated, ProcMgr issues a SIGTERM
47 * to all FCGI processes, waitpid()s on them and then exits, so it
48 * can be collected by init(1). Doing it any other way (short of
49 * changing Apache API), results either in inconsistent results or
50 * in generation of zombie processes.
51 *
52 * XXX: How does Apache 1.2 implement "gentle" restart
53 * that does not disrupt current connections? How does
54 * gentle restart interact with restart cleanup?
55 *
56 * 2. Request timeouts.
57 *
58 * The Apache Timeout directive allows per-server configuration of
59 * the timeout associated with a request. This is typically used to
60 * detect dead clients. The timer is reset for every successful
61 * read/write. The default value is 5min. Thats way too long to tie
62 * up a FastCGI server. For now this dropdead timer is used a little
63 * differently in FastCGI. All of the FastCGI server I/O AND the
64 * client I/O must complete within Timeout seconds. This isn't
65 * exactly what we want.. it should be revisited. See http_main.h.
66 *
67 * We need a way to configurably control the timeout associated with
68 * FastCGI server exchanges AND one for client exchanges. This could
69 * be done with the select() in doWork() (which should be rewritten
70 * anyway). This will allow us to free up the FastCGI as soon as
71 * possible.
72 *
73 * Earlier versions of this module used ap_soft_timeout() rather than
74 * ap_hard_timeout() and ate FastCGI server output until it completed.
75 * This precluded the FastCGI server from having to implement a
76 * SIGPIPE handler, but meant hanging the application longer than
77 * necessary. SIGPIPE handler now must be installed in ALL FastCGI
78 * applications. The handler should abort further processing and go
79 * back into the accept() loop.
80 *
81 * Although using ap_soft_timeout() is better than ap_hard_timeout()
82 * we have to be more careful about SIGINT handling and subsequent
83 * processing, so, for now, make it hard.
84 */
89 #ifndef timersub
90 #define timersub(a, b, result) \
91 do { \
92 (result)->tv_sec = (a)->tv_sec - (b)->tv_sec; \
93 (result)->tv_usec = (a)->tv_usec - (b)->tv_usec; \
94 if ((result)->tv_usec < 0) { \
95 --(result)->tv_sec; \
96 (result)->tv_usec += 1000000; \
97 } \
98 } while (0)
99 #endif
101 /*
102 * Global variables
103 */
120 * fastcgi apps' sockets */
122 #ifdef WIN32
126 #endif
150 /*******************************************************************************
151 * Construct a message and write it to the pm_pipe.
152 */
156 {
157 #ifdef WIN32
162 #else
165 #endif
171 }
175 #ifdef WIN32
180 #else
182 #endif
185 #ifdef WIN32
190 #else
192 #endif
195 #ifdef WIN32
202 #else
204 #endif
206 }
208 #ifdef WIN32
213 #else
219 }
220 #endif
221 }
223 \f
224 /*
225 *----------------------------------------------------------------------
226 *
227 * init_module
228 *
229 * An Apache module initializer, called by the Apache core
230 * after reading the server config.
231 *
232 * Start the process manager no matter what, since there may be a
233 * request for dynamic FastCGI applications without any being
234 * configured as static applications. Also, check for the existence
235 * and create if necessary a subdirectory into which all dynamic
236 * sockets will go.
237 *
238 *----------------------------------------------------------------------
239 */
241 {
244 /* Register to reset to default values when the config pool is cleaned */
253 /* keep these handy */
257 #ifndef WIN32
258 /* Create Unix/Domain socket directory */
261 #endif
263 /* Create Dynamic directory */
267 #ifndef WIN32
268 /* Create the pipe for comm with the PM */
271 }
273 /* Spawn the PM only once. Under Unix, Apache calls init() routines
274 * twice, once before detach() and once after. Win32 doesn't detach.
275 * Under DSO, DSO modules are unloaded between the two init() calls.
276 * Under Unix, the -X switch causes two calls to init() but no detach
277 * (but all subprocesses are wacked so the PM is toasted anyway)! */
282 /* Start the Process Manager */
287 }
290 #endif
291 }
294 {
295 #ifdef WIN32
296 DWORD tid;
298 /* Create the Event Handlers */
304 /* Spawn of the process manager thread */
306 #endif
308 }
312 #ifdef WIN32
313 /* Signaling the PM thread tp exit*/
316 /* Waiting on pm thread to exit */
318 #endif
321 }
323 /*
324 *----------------------------------------------------------------------
325 *
326 * get_header_line --
327 *
328 * Terminate a line: scan to the next newline, scan back to the
329 * first non-space character and store a terminating zero. Return
330 * the next character past the end of the newline.
331 *
332 * If the end of the string is reached, ASSERT!
333 *
334 * If the FIRST character(s) in the line are '\n' or "\r\n", the
335 * first character is replaced with a NULL and next character
336 * past the newline is returned. NOTE: this condition supercedes
337 * the processing of RFC-822 continuation lines.
338 *
339 * If continuation is set to 'TRUE', then it parses a (possible)
340 * sequence of RFC-822 continuation lines.
341 *
342 * Results:
343 * As above.
344 *
345 * Side effects:
346 * Termination byte stored in string.
347 *
348 *----------------------------------------------------------------------
349 */
351 {
362 p++;
363 }
366 p++;
367 }
368 }
369 }
373 end++;
375 /*
376 * Trim any trailing whitespace.
377 */
379 p--;
380 }
384 }
385 \f
386 /*
387 *----------------------------------------------------------------------
388 *
389 * process_headers --
390 *
391 * Call with r->parseHeader == SCAN_CGI_READING_HEADERS
392 * and initial script output in fr->header.
393 *
394 * If the initial script output does not include the header
395 * terminator ("\r\n\r\n") process_headers returns with no side
396 * effects, to be called again when more script output
397 * has been appended to fr->header.
398 *
399 * If the initial script output includes the header terminator,
400 * process_headers parses the headers and determines whether or
401 * not the remaining script output will be sent to the client.
402 * If so, process_headers sends the HTTP response headers to the
403 * client and copies any non-header script output to the output
404 * buffer reqOutbuf.
405 *
406 * Results:
407 * none.
408 *
409 * Side effects:
410 * May set r->parseHeader to:
411 * SCAN_CGI_FINISHED -- headers parsed, returning script response
412 * SCAN_CGI_BAD_HEADER -- malformed header from script
413 * SCAN_CGI_INT_REDIRECT -- handler should perform internal redirect
414 * SCAN_CGI_SRV_REDIRECT -- handler should return REDIRECT
415 *
416 *----------------------------------------------------------------------
417 */
420 {
430 /*
431 * Do we have the entire header? Scan for the blank line that
432 * terminates the header.
433 */
442 flag++;
453 }
454 p++;
455 }
457 /* Return (to be called later when we have more data)
458 * if we don't have an entire header. */
462 /*
463 * Parse all the headers.
464 */
472 }
475 }
478 p--;
479 }
482 }
487 }
489 value++;
490 }
497 }
501 }
506 }
512 }
516 }
521 }
525 }
527 /* If the script wants them merged, it can do it */
530 }
533 }
534 }
539 /*
540 * Who responds, this handler or Apache?
541 */
544 /*
545 * Based on internal redirect handling in mod_cgi.c...
546 *
547 * If a script wants to produce its own Redirect
548 * body, it now has to explicitly *say* "Status: 302"
549 */
552 /*
553 * Location is an relative path. This handler will
554 * consume all script output, then have Apache perform an
555 * internal redirect.
556 */
560 /*
561 * Location is an absolute URL. If the script didn't
562 * produce a Content-type header, this handler will
563 * consume all script output and then have Apache generate
564 * its standard redirect response. Otherwise this handler
565 * will transmit the script's response.
566 */
569 }
570 }
571 }
572 /*
573 * We're responding. Send headers, buffer excess script output.
574 */
577 /* We need to reinstate our timeout, send_http_header() kill()s it */
588 }
593 }
596 BadHeader:
597 /* Log first line of a multi-line header */
603 DuplicateNotAllowed:
606 }
607 \f
608 /*
609 * Read from the client filling both the FastCGI server buffer and the
610 * client buffer with the hopes of buffering the client data before
611 * making the connect() to the FastCGI server. This prevents slow
612 * clients from keeping the FastCGI server in processing longer than is
613 * necessary.
614 */
616 {
636 else
639 }
641 }
644 {
652 /* If fewer than count bytes are written, an error occured.
653 * ap_bwrite() typically forces a flushed write to the client, this
654 * effectively results in a block (and short packets) - it should
655 * be fixed, but I didn't win much support for the idea on new-httpd.
656 * So, without patching Apache, the best way to deal with this is
657 * to size the fcgi_bufs to hold all of the script output (within
658 * reason) so the script can be released from having to wait around
659 * for the transmission to the client to complete. */
660 #ifdef RUSSIAN_APACHE
665 }
666 #else
671 }
672 #endif
675 /* Don't bother with a wrapped buffer, limiting exposure to slow
676 * clients. The BUFF routines don't allow a writev from above,
677 * and don't always memcpy to minimize small write()s, this should
678 * be fixed, but I didn't win much support for the idea on
679 * new-httpd - I'll have to _prove_ its a problem first.. */
681 /* The default behaviour used to be to flush with every write, but this
682 * can tie up the FastCGI server longer than is necessary so its an option now */
684 #ifdef RUSSIAN_APACHE
689 }
690 #else
695 }
696 #endif
697 }
701 }
703 /*******************************************************************************
704 * Determine the user and group suexec should be called with.
705 * Based on code in Apache's create_argv_cmd() (util_script.c).
706 */
708 {
713 }
716 /* its a user dir uri, just send the ~user, and leave it to the PM */
721 else
724 }
728 }
729 }
731 /*******************************************************************************
732 * Close the connection to the FastCGI server. This is normally called by
733 * do_work(), but may also be called as in request pool cleanup.
734 */
736 {
743 #ifdef WIN32
745 #else
747 #endif
750 /* XXX REQ_COMPLETE is only sent for requests which complete
751 * normally WRT the fcgi app. There is no data sent for
752 * connect() timeouts or requests which complete abnormally.
753 * KillDynamicProcs() and RemoveRecords() need to be looked at
754 * to be sure they can reasonably handle these cases before
755 * sending these sort of stats - theres some funk in there.
756 * XXX We should do something special when this a pool cleanup.
757 */
759 /* there's no point to aborting the request, just log it */
771 }
772 }
773 }
774 }
776 /*******************************************************************************
777 * Connect to the FastCGI server.
778 */
780 {
789 #ifdef WIN32
792 #else
795 #endif
797 /* Create the connection point */
802 #ifndef WIN32
807 #endif
809 #ifdef WIN32
812 }
815 }
818 }
819 #else
821 #endif
823 }
825 /* Dynamic app's lockfile handling */
827 #ifndef WIN32
830 #endif
835 #ifdef WIN32
837 #else
839 #endif
840 {
842 #ifdef WIN32
844 #else
846 #endif
847 {
850 /* Its already running, but there's a newer one,
851 * ask the process manager to start it.
852 * it will notice that the binary is newer,
853 * and do a restart instead.
854 */
857 /* Avoid sleep/alarm interactions */
859 }
860 #ifdef WIN32
863 #else
866 #endif
872 #ifdef WIN32
874 #else
875 /* Avoid sleep/alarm interactions */
877 #endif
878 }
879 #ifdef WIN32
881 #endif
884 /* Block until we get a shared (non-exclusive) read Lock */
887 }
889 #ifdef WIN32
900 }
905 }
906 }
915 }
926 }
927 #endif
929 /* Create the socket */
935 #ifndef WIN32
938 "FD_SETSIZE (%u), you probably need to rebuild Apache with a "
940 }
941 #endif
943 /* If appConnectTimeout is non-zero, setup do a non-blocking connect */
945 #ifndef WIN32
950 #else
954 #endif
955 }
960 /* Connect */
964 #ifdef WIN32
968 #else
969 /* ECONNREFUSED means the listen queue is full (or there isn't one).
970 * With dynamic I can at least make sure the PM knows this is occuring */
972 /* @@@ This might be better as some other "kind" of message */
976 }
980 #endif
982 /* The connect() is non-blocking */
1003 /* select() timed out */
1007 /* XXX These can be moved down when dynamic vars live is a struct */
1010 dynamicAppConnectTimeout);
1011 }
1024 }
1035 /* Solaris pending error */
1039 /* Berkeley-derived pending error */
1042 }
1046 ConnectionComplete:
1047 /* Return to blocking mode if it was set up */
1048 if ((fr->dynamic && dynamicAppConnectTimeout) || (!fr->dynamic && fr->fs->appConnectTimeout)) {
1049 #ifdef WIN32
1053 #else
1056 #endif
1057 }
1059 #ifdef TCP_NODELAY
1061 /* We shouldn't be sending small packets and there's no application
1062 * level ack of the data we send, so disable Nagle */
1065 }
1066 #endif
1069 }
1070 \f
1072 {
1073 #if defined(SIGPIPE) && MODULE_MAGIC_NUMBER < 19990320
1074 /* Make sure we leave with Apache's sigpipe_handler in place */
1077 #endif
1081 }
1084 {
1093 }
1094 }
1096 /*----------------------------------------------------------------------
1097 * This is the core routine for moving data between the FastCGI
1098 * application and the Web server's client.
1099 */
1101 {
1108 env_status env;
1117 /* Buffer as much of the environment as we can fit */
1121 /* Start the Apache dropdead timer. See comments at top of file. */
1124 /* Read as much as possible from the client. */
1130 }
1135 }
1137 /* Connect to the FastCGI Application */
1143 }
1155 }
1156 }
1158 /* @@@ We never reset the timer in this loop, most folks don't mess w/
1159 * Timeout directive which means we've got the 5 min default which is way
1160 * to long to tie up a fs. We need a better/configurable solution that
1161 * uses the select */
1164 /* Register to get the script's stderr logged at the end of the request */
1169 /* The socket is writeable, so get the first write out of the way */
1174 }
1180 /* If we didn't buffer all of the environment yet, buffer some more */
1184 /* Read as much as possible from the client. */
1188 }
1190 /* To avoid deadlock, don't do a blocking select to write to
1191 * the FastCGI application without selecting to read from the
1192 * FastCGI application.
1193 */
1197 #ifdef WIN32
1199 #endif
1202 /* Is data buffered for output to the FastCGI server? */
1207 }
1208 #ifdef WIN32
1209 }
1210 #endif
1211 /*
1212 * If there's data buffered to send to the client, don't
1213 * wait indefinitely for the FastCGI app; the app might
1214 * be doing server push.
1215 */
1219 }
1227 }
1229 /* Check for idle_timeout */
1232 }
1242 }
1243 }
1252 }
1254 /* Killed time somewhere.. client read? */
1260 }
1261 }
1265 }
1267 #ifdef WIN32
1269 #endif
1274 }
1275 #ifdef WIN32
1276 }
1287 {
1290 }
1292 }
1293 }
1296 }
1297 }
1298 #endif
1303 }
1310 }
1317 }
1323 }
1324 }
1326 #if defined(SIGPIPE) && MODULE_MAGIC_NUMBER < 19990320
1327 /* Disable Apache's SIGPIPE handler */
1329 #endif
1331 /* Read from the FastCGI server */
1332 #ifdef WIN32
1335 #else
1337 #endif
1343 }
1344 }
1350 }
1355 }
1356 }
1358 /* Write to the FastCGI server */
1359 #ifdef WIN32
1362 #else
1364 #endif
1370 }
1371 }
1373 #if defined(SIGPIPE) && MODULE_MAGIC_NUMBER < 19990320
1374 /* Reinstall Apache's SIGPIPE handler */
1376 #endif
1380 }
1384 #if defined(SIGPIPE) && MODULE_MAGIC_NUMBER < 19990320
1385 /* Make sure we leave with Apache's sigpipe_handler in place */
1388 #endif
1392 }
1393 }
1399 /* we're done talking to the fcgi app */
1402 }
1409 }
1410 }
1418 #ifdef RUSSIAN_APACHE
1420 #else
1422 #endif
1424 }
1438 /*
1439 * XXX We really should be soaking all client input
1440 * and all script output. See mod_cgi.c.
1441 * There's other differences we need to pick up here as well!
1442 * This has to be revisited.
1443 */
1448 }
1452 }
1453 \f
1456 {
1467 }
1468 }
1472 }
1476 /* Its a request for a dynamic FastCGI application */
1481 ap_log_rerror(FCGI_LOG_ERR_NOERRNO, r, "FastCGI: invalid (dynamic) server \"%s\": %s", fs_path, err);
1483 }
1484 }
1507 #ifdef WIN32
1511 #else
1514 #endif
1519 }
1521 /*
1522 *----------------------------------------------------------------------
1523 *
1524 * handler --
1525 *
1526 * This routine gets called for a request that corresponds to
1527 * a FastCGI connection. It performs the request synchronously.
1528 *
1529 * Results:
1530 * Final status of request: OK or NOT_FOUND or SERVER_ERROR.
1531 *
1532 * Side effects:
1533 * Request performed.
1534 *
1535 *----------------------------------------------------------------------
1536 */
1538 /* Stolen from mod_cgi.c..
1539 * KLUDGE --- for back-combatibility, we don't have to check ExecCGI
1540 * in ScriptAliased directories, which means we need to know if this
1541 * request came through ScriptAlias or not... so the Alias module
1542 * leaves a note for us.
1543 */
1545 {
1548 }
1550 /* If a script wants to produce its own Redirect body, it now
1551 * has to explicitly *say* "Status: 302". If it wants to use
1552 * Apache redirects say "Status: 200". See process_headers().
1553 */
1556 {
1560 /* @@@ There are still differences between the handling in
1561 * mod_cgi and mod_fastcgi. This needs to be revisited.
1562 */
1563 /* We already read the message body (if any), so don't allow
1564 * the redirected request to think it has one. We can ignore
1565 * Transfer-Encoding, since we used REQUEST_CHUNKED_ERROR.
1566 */
1579 }
1580 }
1582 /******************************************************************************
1583 * Process fastcgi-script requests. Based on mod_cgi::cgi_handler().
1584 */
1586 {
1590 /* Setup a new FastCGI request */
1594 /* If its a dynamic invocation, make sure scripts are OK here */
1599 }
1601 /* Process the fastcgi-script request */
1605 /* Special case redirects */
1607 }
1611 {
1617 }
1619 static int post_process_auth_passed_compat_header(table *t, const char *key, const char * const val)
1620 {
1625 }
1627 static int post_process_auth_failed_header(table * const t, const char * const key, const char * const val)
1628 {
1631 }
1634 {
1637 /* Restore the saved subprocess_env because we muddied ours up */
1642 ap_table_do((int (*)(void *, const char *, const char *))post_process_auth_passed_compat_header,
1644 }
1648 }
1649 }
1653 }
1655 /* @@@ Restore these.. its a hack until I rewrite the header handling */
1658 }
1661 {
1671 /* Get the user password */
1678 /* Save the existing subprocess_env, because we're gonna muddy it up */
1684 /* The FastCGI Protocol doesn't differentiate authentication */
1687 /* Do we need compatibility mode? */
1696 /* A redirect shouldn't be allowed during the authentication phase */
1702 }
1707 AuthenticationFailed:
1711 /* @@@ Probably should support custom_responses */
1716 }
1719 {
1728 /* @@@ We should probably honor the existing parameters to the require directive
1729 * as well as allow the definition of new ones (or use the basename of the
1730 * FastCGI server and pass the rest of the directive line), but for now keep
1731 * it simple. */
1736 /* Save the existing subprocess_env, because we're gonna muddy it up */
1743 /* Do we need compatibility mode? */
1752 /* A redirect shouldn't be allowed during the authorization phase */
1758 }
1763 AuthorizationFailed:
1767 /* @@@ Probably should support custom_responses */
1772 }
1775 {
1787 /* Save the existing subprocess_env, because we're gonna muddy it up */
1792 /* The FastCGI Protocol doesn't differentiate access control */
1795 /* Do we need compatibility mode? */
1804 /* A redirect shouldn't be allowed during the access check phase */
1810 }
1815 AccessFailed:
1819 /* @@@ Probably should support custom_responses */
1822 }
1825 \f
1826 command_rec fastcgi_cmds[] = {
1842 "a fastcgi-script path (absolute or relative to ServerRoot) followed by an optional -compat" },
1849 "a fastcgi-script path (absolute or relative to ServerRoot) followed by an optional -compat" },
1856 "a fastcgi-script path (absolute or relative to ServerRoot) followed by an optional -compat" },
1861 };
1864 handler_rec fastcgi_handlers[] = {
1868 };
1871 module MODULE_VAR_EXPORT fastcgi_module = {
1872 STANDARD_MODULE_STUFF,
1890 NULL /* [1] post read-request handling */
1891 };