| blob | 2d232aa6b5c262c885125d600940c26d0e7d17bd |
1 /*
2 * mod_fastcgi.c --
3 *
4 * Apache server module for FastCGI.
5 *
6 * $Id: mod_fastcgi.c,v 1.105 2001/02/19 06:00:10 robs Exp $
7 *
8 * Copyright (c) 1995-1996 Open Market, Inc.
9 *
10 * See the file "LICENSE.TERMS" for information on usage and redistribution
11 * of this file, and for a DISCLAIMER OF ALL WARRANTIES.
12 *
13 *
14 * Patches for Apache-1.1 provided by
15 * Ralf S. Engelschall
16 * <rse@en.muc.de>
17 *
18 * Patches for Linux provided by
19 * Scott Langley
20 * <langles@vote-smart.org>
21 *
22 * Patches for suexec handling by
23 * Brian Grossman <brian@SoftHome.net> and
24 * Rob Saccoccio <robs@ipass.net>
25 */
27 /*
28 * Module design notes.
29 *
30 * 1. Restart cleanup.
31 *
32 * mod_fastcgi spawns several processes: one process manager process
33 * and several application processes. None of these processes
34 * handle SIGHUP, so they just go away when the Web server performs
35 * a restart (as Apache does every time it starts.)
36 *
37 * In order to allow the process manager to properly cleanup the
38 * running fastcgi processes (without being disturbed by Apache),
39 * an intermediate process was introduced. The diagram is as follows;
40 *
41 * ApacheWS --> MiddleProc --> ProcMgr --> FCGI processes
42 *
43 * On a restart, ApacheWS sends a SIGKILL to MiddleProc and then
44 * collects it via waitpid(). The ProcMgr periodically checks for
45 * its parent (via getppid()) and if it does not have one, as in
46 * case when MiddleProc has terminated, ProcMgr issues a SIGTERM
47 * to all FCGI processes, waitpid()s on them and then exits, so it
48 * can be collected by init(1). Doing it any other way (short of
49 * changing Apache API), results either in inconsistent results or
50 * in generation of zombie processes.
51 *
52 * XXX: How does Apache 1.2 implement "gentle" restart
53 * that does not disrupt current connections? How does
54 * gentle restart interact with restart cleanup?
55 *
56 * 2. Request timeouts.
57 *
58 * Earlier versions of this module used ap_soft_timeout() rather than
59 * ap_hard_timeout() and ate FastCGI server output until it completed.
60 * This precluded the FastCGI server from having to implement a
61 * SIGPIPE handler, but meant hanging the application longer than
62 * necessary. SIGPIPE handler now must be installed in ALL FastCGI
63 * applications. The handler should abort further processing and go
64 * back into the accept() loop.
65 *
66 * Although using ap_soft_timeout() is better than ap_hard_timeout()
67 * we have to be more careful about SIGINT handling and subsequent
68 * processing, so, for now, make it hard.
69 */
74 #ifndef timersub
75 #define timersub(a, b, result) \
76 do { \
77 (result)->tv_sec = (a)->tv_sec - (b)->tv_sec; \
78 (result)->tv_usec = (a)->tv_usec - (b)->tv_usec; \
79 if ((result)->tv_usec < 0) { \
80 --(result)->tv_sec; \
81 (result)->tv_usec += 1000000; \
82 } \
83 } while (0)
84 #endif
86 /*
87 * Global variables
88 */
105 * fastcgi apps' sockets */
107 #ifdef WIN32
111 #endif
135 /*******************************************************************************
136 * Construct a message and write it to the pm_pipe.
137 */
141 {
142 #ifdef WIN32
147 #else
150 #endif
156 }
161 #ifdef WIN32
168 #else
170 #endif
174 #ifdef WIN32
181 #else
183 #endif
187 #ifdef WIN32
194 #else
196 #endif
198 }
200 #ifdef WIN32
205 #else
211 }
212 #endif
213 }
215 \f
216 /*
217 *----------------------------------------------------------------------
218 *
219 * init_module
220 *
221 * An Apache module initializer, called by the Apache core
222 * after reading the server config.
223 *
224 * Start the process manager no matter what, since there may be a
225 * request for dynamic FastCGI applications without any being
226 * configured as static applications. Also, check for the existence
227 * and create if necessary a subdirectory into which all dynamic
228 * sockets will go.
229 *
230 *----------------------------------------------------------------------
231 */
233 {
236 /* Register to reset to default values when the config pool is cleaned */
245 /* keep these handy */
249 #ifndef WIN32
250 /* Create Unix/Domain socket directory */
253 #endif
255 /* Create Dynamic directory */
259 #ifndef WIN32
260 /* Create the pipe for comm with the PM */
263 }
265 /* Spawn the PM only once. Under Unix, Apache calls init() routines
266 * twice, once before detach() and once after. Win32 doesn't detach.
267 * Under DSO, DSO modules are unloaded between the two init() calls.
268 * Under Unix, the -X switch causes two calls to init() but no detach
269 * (but all subprocesses are wacked so the PM is toasted anyway)! */
274 /* Start the Process Manager */
279 }
282 #endif
283 }
286 {
287 #ifdef WIN32
288 /* Create the Event Handlers */
294 /* Spawn of the process manager thread */
296 #endif
298 }
302 #ifdef WIN32
303 /* Signaling the PM thread tp exit*/
306 /* Waiting on pm thread to exit */
308 #endif
311 }
313 /*
314 *----------------------------------------------------------------------
315 *
316 * get_header_line --
317 *
318 * Terminate a line: scan to the next newline, scan back to the
319 * first non-space character and store a terminating zero. Return
320 * the next character past the end of the newline.
321 *
322 * If the end of the string is reached, ASSERT!
323 *
324 * If the FIRST character(s) in the line are '\n' or "\r\n", the
325 * first character is replaced with a NULL and next character
326 * past the newline is returned. NOTE: this condition supercedes
327 * the processing of RFC-822 continuation lines.
328 *
329 * If continuation is set to 'TRUE', then it parses a (possible)
330 * sequence of RFC-822 continuation lines.
331 *
332 * Results:
333 * As above.
334 *
335 * Side effects:
336 * Termination byte stored in string.
337 *
338 *----------------------------------------------------------------------
339 */
341 {
352 p++;
353 }
356 p++;
357 }
358 }
359 }
363 end++;
365 /*
366 * Trim any trailing whitespace.
367 */
369 p--;
370 }
374 }
375 \f
376 /*
377 *----------------------------------------------------------------------
378 *
379 * process_headers --
380 *
381 * Call with r->parseHeader == SCAN_CGI_READING_HEADERS
382 * and initial script output in fr->header.
383 *
384 * If the initial script output does not include the header
385 * terminator ("\r\n\r\n") process_headers returns with no side
386 * effects, to be called again when more script output
387 * has been appended to fr->header.
388 *
389 * If the initial script output includes the header terminator,
390 * process_headers parses the headers and determines whether or
391 * not the remaining script output will be sent to the client.
392 * If so, process_headers sends the HTTP response headers to the
393 * client and copies any non-header script output to the output
394 * buffer reqOutbuf.
395 *
396 * Results:
397 * none.
398 *
399 * Side effects:
400 * May set r->parseHeader to:
401 * SCAN_CGI_FINISHED -- headers parsed, returning script response
402 * SCAN_CGI_BAD_HEADER -- malformed header from script
403 * SCAN_CGI_INT_REDIRECT -- handler should perform internal redirect
404 * SCAN_CGI_SRV_REDIRECT -- handler should return REDIRECT
405 *
406 *----------------------------------------------------------------------
407 */
410 {
420 /*
421 * Do we have the entire header? Scan for the blank line that
422 * terminates the header.
423 */
432 flag++;
443 }
444 p++;
445 }
447 /* Return (to be called later when we have more data)
448 * if we don't have an entire header. */
452 /*
453 * Parse all the headers.
454 */
462 }
465 }
468 p--;
469 }
472 }
477 }
479 value++;
480 }
487 }
491 }
496 }
502 }
506 }
511 }
515 }
517 /* If the script wants them merged, it can do it */
520 }
523 }
524 }
529 /*
530 * Who responds, this handler or Apache?
531 */
534 /*
535 * Based on internal redirect handling in mod_cgi.c...
536 *
537 * If a script wants to produce its own Redirect
538 * body, it now has to explicitly *say* "Status: 302"
539 */
542 /*
543 * Location is an relative path. This handler will
544 * consume all script output, then have Apache perform an
545 * internal redirect.
546 */
550 /*
551 * Location is an absolute URL. If the script didn't
552 * produce a Content-type header, this handler will
553 * consume all script output and then have Apache generate
554 * its standard redirect response. Otherwise this handler
555 * will transmit the script's response.
556 */
559 }
560 }
561 }
562 /*
563 * We're responding. Send headers, buffer excess script output.
564 */
567 /* We need to reinstate our timeout, send_http_header() kill()s it */
578 }
583 }
586 BadHeader:
587 /* Log first line of a multi-line header */
593 DuplicateNotAllowed:
596 }
597 \f
598 /*
599 * Read from the client filling both the FastCGI server buffer and the
600 * client buffer with the hopes of buffering the client data before
601 * making the connect() to the FastCGI server. This prevents slow
602 * clients from keeping the FastCGI server in processing longer than is
603 * necessary.
604 */
606 {
626 }
630 }
631 }
633 }
636 {
644 /* If fewer than count bytes are written, an error occured.
645 * ap_bwrite() typically forces a flushed write to the client, this
646 * effectively results in a block (and short packets) - it should
647 * be fixed, but I didn't win much support for the idea on new-httpd.
648 * So, without patching Apache, the best way to deal with this is
649 * to size the fcgi_bufs to hold all of the script output (within
650 * reason) so the script can be released from having to wait around
651 * for the transmission to the client to complete. */
652 #ifdef RUSSIAN_APACHE
657 }
658 #else
663 }
664 #endif
668 /* Don't bother with a wrapped buffer, limiting exposure to slow
669 * clients. The BUFF routines don't allow a writev from above,
670 * and don't always memcpy to minimize small write()s, this should
671 * be fixed, but I didn't win much support for the idea on
672 * new-httpd - I'll have to _prove_ its a problem first.. */
674 /* The default behaviour used to be to flush with every write, but this
675 * can tie up the FastCGI server longer than is necessary so its an option now */
677 #ifdef RUSSIAN_APACHE
682 }
683 #else
688 }
689 #endif
691 }
695 }
697 /*******************************************************************************
698 * Determine the user and group the wrapper should be called with.
699 * Based on code in Apache's create_argv_cmd() (util_script.c).
700 */
702 {
707 }
710 /* its a user dir uri, just send the ~user, and leave it to the PM */
715 else
718 }
722 }
723 }
725 /*******************************************************************************
726 * Close the connection to the FastCGI server. This is normally called by
727 * do_work(), but may also be called as in request pool cleanup.
728 */
730 {
735 }
738 #ifdef WIN32
741 }
742 #else
745 }
746 #endif
749 /* XXX REQ_COMPLETE is only sent for requests which complete
750 * normally WRT the fcgi app. There is no data sent for
751 * connect() timeouts or requests which complete abnormally.
752 * KillDynamicProcs() and RemoveRecords() need to be looked at
753 * to be sure they can reasonably handle these cases before
754 * sending these sort of stats - theres some funk in there.
755 * XXX We should do something special when this a pool cleanup.
756 */
758 /* there's no point to aborting the request, just log it */
770 }
771 }
772 }
773 }
775 #ifdef WIN32
778 {
780 }
783 {
786 }
788 #else
791 {
797 #if defined(O_NONBLOCK)
799 #elif defined(O_NDELAY)
801 #elif defined(FNDELAY)
803 #else
805 #endif
810 }
812 #endif
814 /*******************************************************************************
815 * Connect to the FastCGI server.
816 */
818 {
827 #ifdef WIN32
829 #else
831 #endif
833 /* Create the connection point */
838 #ifndef WIN32
843 #endif
845 #ifdef WIN32
848 }
851 }
854 }
855 #else
857 #endif
859 }
861 /* Dynamic app's lockfile handling */
863 #ifndef WIN32
866 #endif
871 #ifdef WIN32
873 #else
875 #endif
876 {
878 #ifdef WIN32
880 #else
882 #endif
883 {
886 /* Its already running, but there's a newer one,
887 * ask the process manager to start it.
888 * it will notice that the binary is newer,
889 * and do a restart instead.
890 */
893 /* Avoid sleep/alarm interactions */
895 }
896 #ifdef WIN32
899 #else
902 #endif
908 #ifdef WIN32
910 #else
911 /* Avoid sleep/alarm interactions */
913 #endif
914 }
915 #ifdef WIN32
917 #endif
920 /* Block until we get a shared (non-exclusive) read Lock */
924 #ifdef WIN32
928 #endif
931 }
933 #ifdef WIN32
935 {
936 BOOL ready;
939 DWORD interval;
945 {
950 }
951 }
952 else
953 {
958 }
959 }
963 }
965 do
966 {
977 }
981 }
983 // All pipe instances are busy, so wait
988 }
992 }
996 FCGIDBG5("interval=%d, max_connect_time=%d, connect_time=%d, ready=%d", interval, max_connect_time, connect_time, ready);
1002 }
1011 }
1012 #endif
1014 /* Create the socket */
1020 #ifndef WIN32
1023 "FD_SETSIZE (%u), you probably need to rebuild Apache with a "
1025 }
1026 #endif
1028 /* If appConnectTimeout is non-zero, setup do a non-blocking connect */
1029 if ((fr->dynamic && dynamicAppConnectTimeout) || (!fr->dynamic && fr->fs->appConnectTimeout)) {
1031 }
1036 /* Connect */
1040 #ifdef WIN32
1044 #else
1045 /* ECONNREFUSED means the listen queue is full (or there isn't one).
1046 * With dynamic I can at least make sure the PM knows this is occuring */
1048 /* @@@ This might be better as some other "kind" of message */
1052 }
1056 #endif
1058 /* The connect() is non-blocking */
1079 /* select() timed out */
1083 /* XXX These can be moved down when dynamic vars live is a struct */
1086 dynamicAppConnectTimeout);
1087 }
1100 }
1111 /* Solaris pending error */
1115 /* Berkeley-derived pending error */
1118 }
1122 ConnectionComplete:
1123 /* Return to blocking mode if it was set up */
1124 if ((fr->dynamic && dynamicAppConnectTimeout) || (!fr->dynamic && fr->fs->appConnectTimeout)) {
1126 }
1128 #ifdef TCP_NODELAY
1130 /* We shouldn't be sending small packets and there's no application
1131 * level ack of the data we send, so disable Nagle */
1134 }
1135 #endif
1138 }
1139 \f
1141 {
1142 #if defined(SIGPIPE) && MODULE_MAGIC_NUMBER < 19990320
1143 /* Make sure we leave with Apache's sigpipe_handler in place */
1146 #endif
1150 }
1153 {
1161 }
1166 }
1167 }
1169 /*----------------------------------------------------------------------
1170 * This is the core routine for moving data between the FastCGI
1171 * application and the Web server's client.
1172 */
1174 {
1181 env_status env;
1190 /* Buffer as much of the environment as we can fit */
1194 /* Start the Apache dropdead timer. See comments at top of file. */
1197 /* Read as much as possible from the client. */
1203 }
1208 }
1210 /* Connect to the FastCGI Application */
1216 }
1228 }
1229 }
1231 /* @@@ We never reset the timer in this loop, most folks don't mess w/
1232 * Timeout directive which means we've got the 5 min default which is way
1233 * to long to tie up a fs. We need a better/configurable solution that
1234 * uses the select */
1237 /* Register to get the script's stderr logged at the end of the request */
1242 /* Before we do any writing, set the connection non-blocking */
1243 #ifdef WIN32
1247 }
1248 else
1249 #endif
1253 /* The socket is writeable, so get the first write out of the way */
1258 }
1264 /* If we didn't buffer all of the environment yet, buffer some more */
1268 /* Read as much as possible from the client. */
1271 /* ap_get_client_block() (called in read_from_client_n_queue()
1272 * can't handle a non-blocking fd, its a bummer. We might be
1273 * able to completely bypass the Apache BUFF routines in still
1274 * do it, but thats a major hassle. Apache 2.X will handle it,
1275 * and then so will we. */
1279 }
1281 /* To avoid deadlock, don't do a blocking select to write to
1282 * the FastCGI application without selecting to read from the
1283 * FastCGI application.
1284 */
1288 #ifdef WIN32
1292 #endif
1295 /* Is data buffered for output to the FastCGI server? */
1300 }
1301 #ifdef WIN32
1302 }
1303 #endif
1304 /*
1305 * If there's data buffered to send to the client, don't
1306 * wait indefinitely for the FastCGI app; the app might
1307 * be doing server push.
1308 */
1312 }
1320 }
1322 /* Check for idle_timeout */
1325 }
1335 }
1336 }
1345 }
1347 /* Killed time somewhere.. client read? */
1353 }
1354 }
1358 }
1360 #ifdef WIN32
1362 #endif
1367 }
1368 #ifdef WIN32
1369 }
1379 {
1382 }
1384 }
1385 }
1388 }
1389 }
1390 #endif
1395 }
1402 }
1409 }
1415 }
1416 }
1418 #if defined(SIGPIPE) && MODULE_MAGIC_NUMBER < 19990320
1419 /* Disable Apache's SIGPIPE handler */
1421 #endif
1423 /* Read from the FastCGI server */
1424 #ifdef WIN32
1430 #else
1432 #endif
1438 }
1439 }
1445 }
1450 }
1451 }
1453 /* Write to the FastCGI server */
1454 #ifdef WIN32
1457 #else
1459 #endif
1465 }
1466 }
1468 #if defined(SIGPIPE) && MODULE_MAGIC_NUMBER < 19990320
1469 /* Reinstall Apache's SIGPIPE handler */
1471 #endif
1475 }
1480 #if defined(SIGPIPE) && MODULE_MAGIC_NUMBER < 19990320
1481 /* Make sure we leave with Apache's sigpipe_handler in place */
1484 #endif
1488 }
1489 }
1495 /* we're done talking to the fcgi app */
1498 }
1505 }
1506 }
1514 #ifdef RUSSIAN_APACHE
1516 #else
1518 #endif
1520 }
1534 /*
1535 * XXX We really should be soaking all client input
1536 * and all script output. See mod_cgi.c.
1537 * There's other differences we need to pick up here as well!
1538 * This has to be revisited.
1539 */
1544 }
1548 }
1549 \f
1552 {
1563 }
1564 }
1568 }
1572 /* Its a request for a dynamic FastCGI application */
1577 ap_log_rerror(FCGI_LOG_ERR_NOERRNO, r, "FastCGI: invalid (dynamic) server \"%s\": %s", fs_path, err);
1579 }
1580 }
1603 #ifdef WIN32
1607 #else
1611 #endif
1616 }
1618 /*
1619 *----------------------------------------------------------------------
1620 *
1621 * handler --
1622 *
1623 * This routine gets called for a request that corresponds to
1624 * a FastCGI connection. It performs the request synchronously.
1625 *
1626 * Results:
1627 * Final status of request: OK or NOT_FOUND or SERVER_ERROR.
1628 *
1629 * Side effects:
1630 * Request performed.
1631 *
1632 *----------------------------------------------------------------------
1633 */
1635 /* Stolen from mod_cgi.c..
1636 * KLUDGE --- for back-combatibility, we don't have to check ExecCGI
1637 * in ScriptAliased directories, which means we need to know if this
1638 * request came through ScriptAlias or not... so the Alias module
1639 * leaves a note for us.
1640 */
1642 {
1645 }
1647 /* If a script wants to produce its own Redirect body, it now
1648 * has to explicitly *say* "Status: 302". If it wants to use
1649 * Apache redirects say "Status: 200". See process_headers().
1650 */
1653 {
1657 /* @@@ There are still differences between the handling in
1658 * mod_cgi and mod_fastcgi. This needs to be revisited.
1659 */
1660 /* We already read the message body (if any), so don't allow
1661 * the redirected request to think it has one. We can ignore
1662 * Transfer-Encoding, since we used REQUEST_CHUNKED_ERROR.
1663 */
1676 }
1677 }
1679 /******************************************************************************
1680 * Process fastcgi-script requests. Based on mod_cgi::cgi_handler().
1681 */
1683 {
1687 /* Setup a new FastCGI request */
1691 /* If its a dynamic invocation, make sure scripts are OK here */
1696 }
1698 /* Process the fastcgi-script request */
1702 /* Special case redirects */
1704 }
1708 {
1714 }
1716 static int post_process_auth_passed_compat_header(table *t, const char *key, const char * const val)
1717 {
1722 }
1724 static int post_process_auth_failed_header(table * const t, const char * const key, const char * const val)
1725 {
1728 }
1731 {
1734 /* Restore the saved subprocess_env because we muddied ours up */
1739 ap_table_do((int (*)(void *, const char *, const char *))post_process_auth_passed_compat_header,
1741 }
1745 }
1746 }
1750 }
1752 /* @@@ Restore these.. its a hack until I rewrite the header handling */
1755 }
1758 {
1768 /* Get the user password */
1775 /* Save the existing subprocess_env, because we're gonna muddy it up */
1781 /* The FastCGI Protocol doesn't differentiate authentication */
1784 /* Do we need compatibility mode? */
1793 /* A redirect shouldn't be allowed during the authentication phase */
1799 }
1804 AuthenticationFailed:
1808 /* @@@ Probably should support custom_responses */
1813 }
1816 {
1825 /* @@@ We should probably honor the existing parameters to the require directive
1826 * as well as allow the definition of new ones (or use the basename of the
1827 * FastCGI server and pass the rest of the directive line), but for now keep
1828 * it simple. */
1833 /* Save the existing subprocess_env, because we're gonna muddy it up */
1840 /* Do we need compatibility mode? */
1849 /* A redirect shouldn't be allowed during the authorization phase */
1855 }
1860 AuthorizationFailed:
1864 /* @@@ Probably should support custom_responses */
1869 }
1872 {
1884 /* Save the existing subprocess_env, because we're gonna muddy it up */
1889 /* The FastCGI Protocol doesn't differentiate access control */
1892 /* Do we need compatibility mode? */
1901 /* A redirect shouldn't be allowed during the access check phase */
1907 }
1912 AccessFailed:
1916 /* @@@ Probably should support custom_responses */
1919 }
1922 \f
1923 command_rec fastcgi_cmds[] = {
1940 "a fastcgi-script path (absolute or relative to ServerRoot) followed by an optional -compat" },
1947 "a fastcgi-script path (absolute or relative to ServerRoot) followed by an optional -compat" },
1954 "a fastcgi-script path (absolute or relative to ServerRoot) followed by an optional -compat" },
1959 };
1962 handler_rec fastcgi_handlers[] = {
1966 };
1969 module MODULE_VAR_EXPORT fastcgi_module = {
1970 STANDARD_MODULE_STUFF,
1988 NULL /* [1] post read-request handling */
1989 };