| blob | a7ece9498dff7a88509e90817195b306d39fa227 |
1 /*
2 * mod_fastcgi.c --
3 *
4 * Apache server module for FastCGI.
5 *
6 * $Id: mod_fastcgi.c,v 1.96 2000/07/31 00:33:42 robs Exp $
7 *
8 * Copyright (c) 1995-1996 Open Market, Inc.
9 *
10 * See the file "LICENSE.TERMS" for information on usage and redistribution
11 * of this file, and for a DISCLAIMER OF ALL WARRANTIES.
12 *
13 *
14 * Patches for Apache-1.1 provided by
15 * Ralf S. Engelschall
16 * <rse@en.muc.de>
17 *
18 * Patches for Linux provided by
19 * Scott Langley
20 * <langles@vote-smart.org>
21 *
22 * Patches for suexec handling by
23 * Brian Grossman <brian@SoftHome.net> and
24 * Rob Saccoccio <robs@ipass.net>
25 */
27 /*
28 * Module design notes.
29 *
30 * 1. Restart cleanup.
31 *
32 * mod_fastcgi spawns several processes: one process manager process
33 * and several application processes. None of these processes
34 * handle SIGHUP, so they just go away when the Web server performs
35 * a restart (as Apache does every time it starts.)
36 *
37 * In order to allow the process manager to properly cleanup the
38 * running fastcgi processes (without being disturbed by Apache),
39 * an intermediate process was introduced. The diagram is as follows;
40 *
41 * ApacheWS --> MiddleProc --> ProcMgr --> FCGI processes
42 *
43 * On a restart, ApacheWS sends a SIGKILL to MiddleProc and then
44 * collects it via waitpid(). The ProcMgr periodically checks for
45 * its parent (via getppid()) and if it does not have one, as in
46 * case when MiddleProc has terminated, ProcMgr issues a SIGTERM
47 * to all FCGI processes, waitpid()s on them and then exits, so it
48 * can be collected by init(1). Doing it any other way (short of
49 * changing Apache API), results either in inconsistent results or
50 * in generation of zombie processes.
51 *
52 * XXX: How does Apache 1.2 implement "gentle" restart
53 * that does not disrupt current connections? How does
54 * gentle restart interact with restart cleanup?
55 *
56 * 2. Request timeouts.
57 *
58 * The Apache Timeout directive allows per-server configuration of
59 * the timeout associated with a request. This is typically used to
60 * detect dead clients. The timer is reset for every successful
61 * read/write. The default value is 5min. Thats way too long to tie
62 * up a FastCGI server. For now this dropdead timer is used a little
63 * differently in FastCGI. All of the FastCGI server I/O AND the
64 * client I/O must complete within Timeout seconds. This isn't
65 * exactly what we want.. it should be revisited. See http_main.h.
66 *
67 * We need a way to configurably control the timeout associated with
68 * FastCGI server exchanges AND one for client exchanges. This could
69 * be done with the select() in doWork() (which should be rewritten
70 * anyway). This will allow us to free up the FastCGI as soon as
71 * possible.
72 *
73 * Earlier versions of this module used ap_soft_timeout() rather than
74 * ap_hard_timeout() and ate FastCGI server output until it completed.
75 * This precluded the FastCGI server from having to implement a
76 * SIGPIPE handler, but meant hanging the application longer than
77 * necessary. SIGPIPE handler now must be installed in ALL FastCGI
78 * applications. The handler should abort further processing and go
79 * back into the accept() loop.
80 *
81 * Although using ap_soft_timeout() is better than ap_hard_timeout()
82 * we have to be more careful about SIGINT handling and subsequent
83 * processing, so, for now, make it hard.
84 */
89 #ifndef timersub
90 #define timersub(a, b, result) \
91 do { \
92 (result)->tv_sec = (a)->tv_sec - (b)->tv_sec; \
93 (result)->tv_usec = (a)->tv_usec - (b)->tv_usec; \
94 if ((result)->tv_usec < 0) { \
95 --(result)->tv_sec; \
96 (result)->tv_usec += 1000000; \
97 } \
98 } while (0)
99 #endif
101 /*
102 * Global variables
103 */
120 * fastcgi apps' sockets */
122 #ifdef WIN32
126 #endif
150 /*******************************************************************************
151 * Construct a message and write it to the pm_pipe.
152 */
156 {
157 #ifdef WIN32
162 #else
165 #endif
171 }
176 #ifdef WIN32
183 #else
185 #endif
189 #ifdef WIN32
196 #else
198 #endif
202 #ifdef WIN32
209 #else
211 #endif
213 }
215 #ifdef WIN32
220 #else
226 }
227 #endif
228 }
230 \f
231 /*
232 *----------------------------------------------------------------------
233 *
234 * init_module
235 *
236 * An Apache module initializer, called by the Apache core
237 * after reading the server config.
238 *
239 * Start the process manager no matter what, since there may be a
240 * request for dynamic FastCGI applications without any being
241 * configured as static applications. Also, check for the existence
242 * and create if necessary a subdirectory into which all dynamic
243 * sockets will go.
244 *
245 *----------------------------------------------------------------------
246 */
248 {
251 /* Register to reset to default values when the config pool is cleaned */
260 /* keep these handy */
264 #ifndef WIN32
265 /* Create Unix/Domain socket directory */
268 #endif
270 /* Create Dynamic directory */
274 #ifndef WIN32
275 /* Create the pipe for comm with the PM */
278 }
280 /* Spawn the PM only once. Under Unix, Apache calls init() routines
281 * twice, once before detach() and once after. Win32 doesn't detach.
282 * Under DSO, DSO modules are unloaded between the two init() calls.
283 * Under Unix, the -X switch causes two calls to init() but no detach
284 * (but all subprocesses are wacked so the PM is toasted anyway)! */
289 /* Start the Process Manager */
294 }
297 #endif
298 }
301 {
302 #ifdef WIN32
303 /* Create the Event Handlers */
309 /* Spawn of the process manager thread */
311 #endif
313 }
317 #ifdef WIN32
318 /* Signaling the PM thread tp exit*/
321 /* Waiting on pm thread to exit */
323 #endif
326 }
328 /*
329 *----------------------------------------------------------------------
330 *
331 * get_header_line --
332 *
333 * Terminate a line: scan to the next newline, scan back to the
334 * first non-space character and store a terminating zero. Return
335 * the next character past the end of the newline.
336 *
337 * If the end of the string is reached, ASSERT!
338 *
339 * If the FIRST character(s) in the line are '\n' or "\r\n", the
340 * first character is replaced with a NULL and next character
341 * past the newline is returned. NOTE: this condition supercedes
342 * the processing of RFC-822 continuation lines.
343 *
344 * If continuation is set to 'TRUE', then it parses a (possible)
345 * sequence of RFC-822 continuation lines.
346 *
347 * Results:
348 * As above.
349 *
350 * Side effects:
351 * Termination byte stored in string.
352 *
353 *----------------------------------------------------------------------
354 */
356 {
367 p++;
368 }
371 p++;
372 }
373 }
374 }
378 end++;
380 /*
381 * Trim any trailing whitespace.
382 */
384 p--;
385 }
389 }
390 \f
391 /*
392 *----------------------------------------------------------------------
393 *
394 * process_headers --
395 *
396 * Call with r->parseHeader == SCAN_CGI_READING_HEADERS
397 * and initial script output in fr->header.
398 *
399 * If the initial script output does not include the header
400 * terminator ("\r\n\r\n") process_headers returns with no side
401 * effects, to be called again when more script output
402 * has been appended to fr->header.
403 *
404 * If the initial script output includes the header terminator,
405 * process_headers parses the headers and determines whether or
406 * not the remaining script output will be sent to the client.
407 * If so, process_headers sends the HTTP response headers to the
408 * client and copies any non-header script output to the output
409 * buffer reqOutbuf.
410 *
411 * Results:
412 * none.
413 *
414 * Side effects:
415 * May set r->parseHeader to:
416 * SCAN_CGI_FINISHED -- headers parsed, returning script response
417 * SCAN_CGI_BAD_HEADER -- malformed header from script
418 * SCAN_CGI_INT_REDIRECT -- handler should perform internal redirect
419 * SCAN_CGI_SRV_REDIRECT -- handler should return REDIRECT
420 *
421 *----------------------------------------------------------------------
422 */
425 {
435 /*
436 * Do we have the entire header? Scan for the blank line that
437 * terminates the header.
438 */
447 flag++;
458 }
459 p++;
460 }
462 /* Return (to be called later when we have more data)
463 * if we don't have an entire header. */
467 /*
468 * Parse all the headers.
469 */
477 }
480 }
483 p--;
484 }
487 }
492 }
494 value++;
495 }
502 }
506 }
511 }
517 }
521 }
526 }
530 }
532 /* If the script wants them merged, it can do it */
535 }
538 }
539 }
544 /*
545 * Who responds, this handler or Apache?
546 */
549 /*
550 * Based on internal redirect handling in mod_cgi.c...
551 *
552 * If a script wants to produce its own Redirect
553 * body, it now has to explicitly *say* "Status: 302"
554 */
557 /*
558 * Location is an relative path. This handler will
559 * consume all script output, then have Apache perform an
560 * internal redirect.
561 */
565 /*
566 * Location is an absolute URL. If the script didn't
567 * produce a Content-type header, this handler will
568 * consume all script output and then have Apache generate
569 * its standard redirect response. Otherwise this handler
570 * will transmit the script's response.
571 */
574 }
575 }
576 }
577 /*
578 * We're responding. Send headers, buffer excess script output.
579 */
582 /* We need to reinstate our timeout, send_http_header() kill()s it */
593 }
598 }
601 BadHeader:
602 /* Log first line of a multi-line header */
608 DuplicateNotAllowed:
611 }
612 \f
613 /*
614 * Read from the client filling both the FastCGI server buffer and the
615 * client buffer with the hopes of buffering the client data before
616 * making the connect() to the FastCGI server. This prevents slow
617 * clients from keeping the FastCGI server in processing longer than is
618 * necessary.
619 */
621 {
641 else
644 }
646 }
649 {
657 /* If fewer than count bytes are written, an error occured.
658 * ap_bwrite() typically forces a flushed write to the client, this
659 * effectively results in a block (and short packets) - it should
660 * be fixed, but I didn't win much support for the idea on new-httpd.
661 * So, without patching Apache, the best way to deal with this is
662 * to size the fcgi_bufs to hold all of the script output (within
663 * reason) so the script can be released from having to wait around
664 * for the transmission to the client to complete. */
665 #ifdef RUSSIAN_APACHE
670 }
671 #else
676 }
677 #endif
680 /* Don't bother with a wrapped buffer, limiting exposure to slow
681 * clients. The BUFF routines don't allow a writev from above,
682 * and don't always memcpy to minimize small write()s, this should
683 * be fixed, but I didn't win much support for the idea on
684 * new-httpd - I'll have to _prove_ its a problem first.. */
686 /* The default behaviour used to be to flush with every write, but this
687 * can tie up the FastCGI server longer than is necessary so its an option now */
689 #ifdef RUSSIAN_APACHE
694 }
695 #else
700 }
701 #endif
702 }
706 }
708 /*******************************************************************************
709 * Determine the user and group suexec should be called with.
710 * Based on code in Apache's create_argv_cmd() (util_script.c).
711 */
713 {
718 }
721 /* its a user dir uri, just send the ~user, and leave it to the PM */
726 else
729 }
733 }
734 }
736 /*******************************************************************************
737 * Close the connection to the FastCGI server. This is normally called by
738 * do_work(), but may also be called as in request pool cleanup.
739 */
741 {
748 #ifdef WIN32
750 #else
752 #endif
755 /* XXX REQ_COMPLETE is only sent for requests which complete
756 * normally WRT the fcgi app. There is no data sent for
757 * connect() timeouts or requests which complete abnormally.
758 * KillDynamicProcs() and RemoveRecords() need to be looked at
759 * to be sure they can reasonably handle these cases before
760 * sending these sort of stats - theres some funk in there.
761 * XXX We should do something special when this a pool cleanup.
762 */
764 /* there's no point to aborting the request, just log it */
776 }
777 }
778 }
779 }
781 #ifdef WIN32
783 {
785 }
786 #endif
788 /*******************************************************************************
789 * Connect to the FastCGI server.
790 */
792 {
801 #ifdef WIN32
804 #else
807 #endif
809 /* Create the connection point */
814 #ifndef WIN32
819 #endif
821 #ifdef WIN32
824 }
827 }
830 }
831 #else
833 #endif
835 }
837 /* Dynamic app's lockfile handling */
839 #ifndef WIN32
842 #endif
847 #ifdef WIN32
849 #else
851 #endif
852 {
854 #ifdef WIN32
856 #else
858 #endif
859 {
862 /* Its already running, but there's a newer one,
863 * ask the process manager to start it.
864 * it will notice that the binary is newer,
865 * and do a restart instead.
866 */
869 /* Avoid sleep/alarm interactions */
871 }
872 #ifdef WIN32
875 #else
878 #endif
884 #ifdef WIN32
886 #else
887 /* Avoid sleep/alarm interactions */
889 #endif
890 }
891 #ifdef WIN32
893 #endif
896 /* Block until we get a shared (non-exclusive) read Lock */
900 #ifdef WIN32
904 #endif
907 }
909 #ifdef WIN32
911 {
912 BOOL ready;
915 DWORD interval;
921 {
926 }
927 }
928 else
929 {
934 }
935 }
939 }
941 do
942 {
953 }
957 }
959 // All pipe instances are busy, so wait
964 }
968 }
972 FCGIDBG5("interval=%d, max_connect_time=%d, connect_time=%d, ready=%d", interval, max_connect_time, connect_time, ready);
978 }
987 }
988 #endif
990 /* Create the socket */
996 #ifndef WIN32
999 "FD_SETSIZE (%u), you probably need to rebuild Apache with a "
1001 }
1002 #endif
1004 /* If appConnectTimeout is non-zero, setup do a non-blocking connect */
1005 if ((fr->dynamic && dynamicAppConnectTimeout) || (!fr->dynamic && fr->fs->appConnectTimeout)) {
1006 #ifndef WIN32
1011 #else
1015 #endif
1016 }
1021 /* Connect */
1025 #ifdef WIN32
1029 #else
1030 /* ECONNREFUSED means the listen queue is full (or there isn't one).
1031 * With dynamic I can at least make sure the PM knows this is occuring */
1033 /* @@@ This might be better as some other "kind" of message */
1037 }
1041 #endif
1043 /* The connect() is non-blocking */
1064 /* select() timed out */
1068 /* XXX These can be moved down when dynamic vars live is a struct */
1071 dynamicAppConnectTimeout);
1072 }
1085 }
1096 /* Solaris pending error */
1100 /* Berkeley-derived pending error */
1103 }
1107 ConnectionComplete:
1108 /* Return to blocking mode if it was set up */
1109 if ((fr->dynamic && dynamicAppConnectTimeout) || (!fr->dynamic && fr->fs->appConnectTimeout)) {
1110 #ifdef WIN32
1114 #else
1117 #endif
1118 }
1120 #ifdef TCP_NODELAY
1122 /* We shouldn't be sending small packets and there's no application
1123 * level ack of the data we send, so disable Nagle */
1126 }
1127 #endif
1130 }
1131 \f
1133 {
1134 #if defined(SIGPIPE) && MODULE_MAGIC_NUMBER < 19990320
1135 /* Make sure we leave with Apache's sigpipe_handler in place */
1138 #endif
1142 }
1145 {
1154 }
1155 }
1157 /*----------------------------------------------------------------------
1158 * This is the core routine for moving data between the FastCGI
1159 * application and the Web server's client.
1160 */
1162 {
1169 env_status env;
1178 /* Buffer as much of the environment as we can fit */
1182 /* Start the Apache dropdead timer. See comments at top of file. */
1185 /* Read as much as possible from the client. */
1191 }
1196 }
1198 /* Connect to the FastCGI Application */
1204 }
1216 }
1217 }
1219 /* @@@ We never reset the timer in this loop, most folks don't mess w/
1220 * Timeout directive which means we've got the 5 min default which is way
1221 * to long to tie up a fs. We need a better/configurable solution that
1222 * uses the select */
1225 /* Register to get the script's stderr logged at the end of the request */
1230 /* The socket is writeable, so get the first write out of the way */
1235 }
1241 /* If we didn't buffer all of the environment yet, buffer some more */
1245 /* Read as much as possible from the client. */
1249 }
1251 /* To avoid deadlock, don't do a blocking select to write to
1252 * the FastCGI application without selecting to read from the
1253 * FastCGI application.
1254 */
1258 #ifdef WIN32
1260 #endif
1263 /* Is data buffered for output to the FastCGI server? */
1268 }
1269 #ifdef WIN32
1270 }
1271 #endif
1272 /*
1273 * If there's data buffered to send to the client, don't
1274 * wait indefinitely for the FastCGI app; the app might
1275 * be doing server push.
1276 */
1280 }
1288 }
1290 /* Check for idle_timeout */
1293 }
1303 }
1304 }
1313 }
1315 /* Killed time somewhere.. client read? */
1321 }
1322 }
1326 }
1328 #ifdef WIN32
1330 #endif
1335 }
1336 #ifdef WIN32
1337 }
1348 {
1351 }
1353 }
1354 }
1357 }
1358 }
1359 #endif
1364 }
1371 }
1378 }
1384 }
1385 }
1387 #if defined(SIGPIPE) && MODULE_MAGIC_NUMBER < 19990320
1388 /* Disable Apache's SIGPIPE handler */
1390 #endif
1392 /* Read from the FastCGI server */
1393 #ifdef WIN32
1396 #else
1398 #endif
1404 }
1405 }
1411 }
1416 }
1417 }
1419 /* Write to the FastCGI server */
1420 #ifdef WIN32
1423 #else
1425 #endif
1431 }
1432 }
1434 #if defined(SIGPIPE) && MODULE_MAGIC_NUMBER < 19990320
1435 /* Reinstall Apache's SIGPIPE handler */
1437 #endif
1441 }
1445 #if defined(SIGPIPE) && MODULE_MAGIC_NUMBER < 19990320
1446 /* Make sure we leave with Apache's sigpipe_handler in place */
1449 #endif
1453 }
1454 }
1460 /* we're done talking to the fcgi app */
1463 }
1470 }
1471 }
1479 #ifdef RUSSIAN_APACHE
1481 #else
1483 #endif
1485 }
1499 /*
1500 * XXX We really should be soaking all client input
1501 * and all script output. See mod_cgi.c.
1502 * There's other differences we need to pick up here as well!
1503 * This has to be revisited.
1504 */
1509 }
1513 }
1514 \f
1517 {
1528 }
1529 }
1533 }
1537 /* Its a request for a dynamic FastCGI application */
1542 ap_log_rerror(FCGI_LOG_ERR_NOERRNO, r, "FastCGI: invalid (dynamic) server \"%s\": %s", fs_path, err);
1544 }
1545 }
1568 #ifdef WIN32
1572 #else
1575 #endif
1580 }
1582 /*
1583 *----------------------------------------------------------------------
1584 *
1585 * handler --
1586 *
1587 * This routine gets called for a request that corresponds to
1588 * a FastCGI connection. It performs the request synchronously.
1589 *
1590 * Results:
1591 * Final status of request: OK or NOT_FOUND or SERVER_ERROR.
1592 *
1593 * Side effects:
1594 * Request performed.
1595 *
1596 *----------------------------------------------------------------------
1597 */
1599 /* Stolen from mod_cgi.c..
1600 * KLUDGE --- for back-combatibility, we don't have to check ExecCGI
1601 * in ScriptAliased directories, which means we need to know if this
1602 * request came through ScriptAlias or not... so the Alias module
1603 * leaves a note for us.
1604 */
1606 {
1609 }
1611 /* If a script wants to produce its own Redirect body, it now
1612 * has to explicitly *say* "Status: 302". If it wants to use
1613 * Apache redirects say "Status: 200". See process_headers().
1614 */
1617 {
1621 /* @@@ There are still differences between the handling in
1622 * mod_cgi and mod_fastcgi. This needs to be revisited.
1623 */
1624 /* We already read the message body (if any), so don't allow
1625 * the redirected request to think it has one. We can ignore
1626 * Transfer-Encoding, since we used REQUEST_CHUNKED_ERROR.
1627 */
1640 }
1641 }
1643 /******************************************************************************
1644 * Process fastcgi-script requests. Based on mod_cgi::cgi_handler().
1645 */
1647 {
1651 /* Setup a new FastCGI request */
1655 /* If its a dynamic invocation, make sure scripts are OK here */
1660 }
1662 /* Process the fastcgi-script request */
1666 /* Special case redirects */
1668 }
1672 {
1678 }
1680 static int post_process_auth_passed_compat_header(table *t, const char *key, const char * const val)
1681 {
1686 }
1688 static int post_process_auth_failed_header(table * const t, const char * const key, const char * const val)
1689 {
1692 }
1695 {
1698 /* Restore the saved subprocess_env because we muddied ours up */
1703 ap_table_do((int (*)(void *, const char *, const char *))post_process_auth_passed_compat_header,
1705 }
1709 }
1710 }
1714 }
1716 /* @@@ Restore these.. its a hack until I rewrite the header handling */
1719 }
1722 {
1732 /* Get the user password */
1739 /* Save the existing subprocess_env, because we're gonna muddy it up */
1745 /* The FastCGI Protocol doesn't differentiate authentication */
1748 /* Do we need compatibility mode? */
1757 /* A redirect shouldn't be allowed during the authentication phase */
1763 }
1768 AuthenticationFailed:
1772 /* @@@ Probably should support custom_responses */
1777 }
1780 {
1789 /* @@@ We should probably honor the existing parameters to the require directive
1790 * as well as allow the definition of new ones (or use the basename of the
1791 * FastCGI server and pass the rest of the directive line), but for now keep
1792 * it simple. */
1797 /* Save the existing subprocess_env, because we're gonna muddy it up */
1804 /* Do we need compatibility mode? */
1813 /* A redirect shouldn't be allowed during the authorization phase */
1819 }
1824 AuthorizationFailed:
1828 /* @@@ Probably should support custom_responses */
1833 }
1836 {
1848 /* Save the existing subprocess_env, because we're gonna muddy it up */
1853 /* The FastCGI Protocol doesn't differentiate access control */
1856 /* Do we need compatibility mode? */
1865 /* A redirect shouldn't be allowed during the access check phase */
1871 }
1876 AccessFailed:
1880 /* @@@ Probably should support custom_responses */
1883 }
1886 \f
1887 command_rec fastcgi_cmds[] = {
1903 "a fastcgi-script path (absolute or relative to ServerRoot) followed by an optional -compat" },
1910 "a fastcgi-script path (absolute or relative to ServerRoot) followed by an optional -compat" },
1917 "a fastcgi-script path (absolute or relative to ServerRoot) followed by an optional -compat" },
1922 };
1925 handler_rec fastcgi_handlers[] = {
1929 };
1932 module MODULE_VAR_EXPORT fastcgi_module = {
1933 STANDARD_MODULE_STUFF,
1951 NULL /* [1] post read-request handling */
1952 };