| blob | 14e9408689a6d99dea21818fc04b91f7af16d7f8 |
1 /*
2 * mod_fastcgi.c --
3 *
4 * Apache server module for FastCGI.
5 *
6 * $Id: mod_fastcgi.c,v 1.98 2000/09/19 14:51:35 robs Exp $
7 *
8 * Copyright (c) 1995-1996 Open Market, Inc.
9 *
10 * See the file "LICENSE.TERMS" for information on usage and redistribution
11 * of this file, and for a DISCLAIMER OF ALL WARRANTIES.
12 *
13 *
14 * Patches for Apache-1.1 provided by
15 * Ralf S. Engelschall
16 * <rse@en.muc.de>
17 *
18 * Patches for Linux provided by
19 * Scott Langley
20 * <langles@vote-smart.org>
21 *
22 * Patches for suexec handling by
23 * Brian Grossman <brian@SoftHome.net> and
24 * Rob Saccoccio <robs@ipass.net>
25 */
27 /*
28 * Module design notes.
29 *
30 * 1. Restart cleanup.
31 *
32 * mod_fastcgi spawns several processes: one process manager process
33 * and several application processes. None of these processes
34 * handle SIGHUP, so they just go away when the Web server performs
35 * a restart (as Apache does every time it starts.)
36 *
37 * In order to allow the process manager to properly cleanup the
38 * running fastcgi processes (without being disturbed by Apache),
39 * an intermediate process was introduced. The diagram is as follows;
40 *
41 * ApacheWS --> MiddleProc --> ProcMgr --> FCGI processes
42 *
43 * On a restart, ApacheWS sends a SIGKILL to MiddleProc and then
44 * collects it via waitpid(). The ProcMgr periodically checks for
45 * its parent (via getppid()) and if it does not have one, as in
46 * case when MiddleProc has terminated, ProcMgr issues a SIGTERM
47 * to all FCGI processes, waitpid()s on them and then exits, so it
48 * can be collected by init(1). Doing it any other way (short of
49 * changing Apache API), results either in inconsistent results or
50 * in generation of zombie processes.
51 *
52 * XXX: How does Apache 1.2 implement "gentle" restart
53 * that does not disrupt current connections? How does
54 * gentle restart interact with restart cleanup?
55 *
56 * 2. Request timeouts.
57 *
58 * The Apache Timeout directive allows per-server configuration of
59 * the timeout associated with a request. This is typically used to
60 * detect dead clients. The timer is reset for every successful
61 * read/write. The default value is 5min. Thats way too long to tie
62 * up a FastCGI server. For now this dropdead timer is used a little
63 * differently in FastCGI. All of the FastCGI server I/O AND the
64 * client I/O must complete within Timeout seconds. This isn't
65 * exactly what we want.. it should be revisited. See http_main.h.
66 *
67 * We need a way to configurably control the timeout associated with
68 * FastCGI server exchanges AND one for client exchanges. This could
69 * be done with the select() in doWork() (which should be rewritten
70 * anyway). This will allow us to free up the FastCGI as soon as
71 * possible.
72 *
73 * Earlier versions of this module used ap_soft_timeout() rather than
74 * ap_hard_timeout() and ate FastCGI server output until it completed.
75 * This precluded the FastCGI server from having to implement a
76 * SIGPIPE handler, but meant hanging the application longer than
77 * necessary. SIGPIPE handler now must be installed in ALL FastCGI
78 * applications. The handler should abort further processing and go
79 * back into the accept() loop.
80 *
81 * Although using ap_soft_timeout() is better than ap_hard_timeout()
82 * we have to be more careful about SIGINT handling and subsequent
83 * processing, so, for now, make it hard.
84 */
89 #ifndef timersub
90 #define timersub(a, b, result) \
91 do { \
92 (result)->tv_sec = (a)->tv_sec - (b)->tv_sec; \
93 (result)->tv_usec = (a)->tv_usec - (b)->tv_usec; \
94 if ((result)->tv_usec < 0) { \
95 --(result)->tv_sec; \
96 (result)->tv_usec += 1000000; \
97 } \
98 } while (0)
99 #endif
101 /*
102 * Global variables
103 */
120 * fastcgi apps' sockets */
122 #ifdef WIN32
126 #endif
150 /*******************************************************************************
151 * Construct a message and write it to the pm_pipe.
152 */
156 {
157 #ifdef WIN32
162 #else
165 #endif
171 }
176 #ifdef WIN32
183 #else
185 #endif
189 #ifdef WIN32
196 #else
198 #endif
202 #ifdef WIN32
209 #else
211 #endif
213 }
215 #ifdef WIN32
220 #else
226 }
227 #endif
228 }
230 \f
231 /*
232 *----------------------------------------------------------------------
233 *
234 * init_module
235 *
236 * An Apache module initializer, called by the Apache core
237 * after reading the server config.
238 *
239 * Start the process manager no matter what, since there may be a
240 * request for dynamic FastCGI applications without any being
241 * configured as static applications. Also, check for the existence
242 * and create if necessary a subdirectory into which all dynamic
243 * sockets will go.
244 *
245 *----------------------------------------------------------------------
246 */
248 {
251 /* Register to reset to default values when the config pool is cleaned */
260 /* keep these handy */
264 #ifndef WIN32
265 /* Create Unix/Domain socket directory */
268 #endif
270 /* Create Dynamic directory */
274 #ifndef WIN32
275 /* Create the pipe for comm with the PM */
278 }
280 /* Spawn the PM only once. Under Unix, Apache calls init() routines
281 * twice, once before detach() and once after. Win32 doesn't detach.
282 * Under DSO, DSO modules are unloaded between the two init() calls.
283 * Under Unix, the -X switch causes two calls to init() but no detach
284 * (but all subprocesses are wacked so the PM is toasted anyway)! */
289 /* Start the Process Manager */
294 }
297 #endif
298 }
301 {
302 #ifdef WIN32
303 /* Create the Event Handlers */
309 /* Spawn of the process manager thread */
311 #endif
313 }
317 #ifdef WIN32
318 /* Signaling the PM thread tp exit*/
321 /* Waiting on pm thread to exit */
323 #endif
326 }
328 /*
329 *----------------------------------------------------------------------
330 *
331 * get_header_line --
332 *
333 * Terminate a line: scan to the next newline, scan back to the
334 * first non-space character and store a terminating zero. Return
335 * the next character past the end of the newline.
336 *
337 * If the end of the string is reached, ASSERT!
338 *
339 * If the FIRST character(s) in the line are '\n' or "\r\n", the
340 * first character is replaced with a NULL and next character
341 * past the newline is returned. NOTE: this condition supercedes
342 * the processing of RFC-822 continuation lines.
343 *
344 * If continuation is set to 'TRUE', then it parses a (possible)
345 * sequence of RFC-822 continuation lines.
346 *
347 * Results:
348 * As above.
349 *
350 * Side effects:
351 * Termination byte stored in string.
352 *
353 *----------------------------------------------------------------------
354 */
356 {
367 p++;
368 }
371 p++;
372 }
373 }
374 }
378 end++;
380 /*
381 * Trim any trailing whitespace.
382 */
384 p--;
385 }
389 }
390 \f
391 /*
392 *----------------------------------------------------------------------
393 *
394 * process_headers --
395 *
396 * Call with r->parseHeader == SCAN_CGI_READING_HEADERS
397 * and initial script output in fr->header.
398 *
399 * If the initial script output does not include the header
400 * terminator ("\r\n\r\n") process_headers returns with no side
401 * effects, to be called again when more script output
402 * has been appended to fr->header.
403 *
404 * If the initial script output includes the header terminator,
405 * process_headers parses the headers and determines whether or
406 * not the remaining script output will be sent to the client.
407 * If so, process_headers sends the HTTP response headers to the
408 * client and copies any non-header script output to the output
409 * buffer reqOutbuf.
410 *
411 * Results:
412 * none.
413 *
414 * Side effects:
415 * May set r->parseHeader to:
416 * SCAN_CGI_FINISHED -- headers parsed, returning script response
417 * SCAN_CGI_BAD_HEADER -- malformed header from script
418 * SCAN_CGI_INT_REDIRECT -- handler should perform internal redirect
419 * SCAN_CGI_SRV_REDIRECT -- handler should return REDIRECT
420 *
421 *----------------------------------------------------------------------
422 */
425 {
435 /*
436 * Do we have the entire header? Scan for the blank line that
437 * terminates the header.
438 */
447 flag++;
458 }
459 p++;
460 }
462 /* Return (to be called later when we have more data)
463 * if we don't have an entire header. */
467 /*
468 * Parse all the headers.
469 */
477 }
480 }
483 p--;
484 }
487 }
492 }
494 value++;
495 }
502 }
506 }
511 }
517 }
521 }
526 }
530 }
532 /* If the script wants them merged, it can do it */
535 }
538 }
539 }
544 /*
545 * Who responds, this handler or Apache?
546 */
549 /*
550 * Based on internal redirect handling in mod_cgi.c...
551 *
552 * If a script wants to produce its own Redirect
553 * body, it now has to explicitly *say* "Status: 302"
554 */
557 /*
558 * Location is an relative path. This handler will
559 * consume all script output, then have Apache perform an
560 * internal redirect.
561 */
565 /*
566 * Location is an absolute URL. If the script didn't
567 * produce a Content-type header, this handler will
568 * consume all script output and then have Apache generate
569 * its standard redirect response. Otherwise this handler
570 * will transmit the script's response.
571 */
574 }
575 }
576 }
577 /*
578 * We're responding. Send headers, buffer excess script output.
579 */
582 /* We need to reinstate our timeout, send_http_header() kill()s it */
593 }
598 }
601 BadHeader:
602 /* Log first line of a multi-line header */
608 DuplicateNotAllowed:
611 }
612 \f
613 /*
614 * Read from the client filling both the FastCGI server buffer and the
615 * client buffer with the hopes of buffering the client data before
616 * making the connect() to the FastCGI server. This prevents slow
617 * clients from keeping the FastCGI server in processing longer than is
618 * necessary.
619 */
621 {
641 else
644 }
646 }
649 {
657 /* If fewer than count bytes are written, an error occured.
658 * ap_bwrite() typically forces a flushed write to the client, this
659 * effectively results in a block (and short packets) - it should
660 * be fixed, but I didn't win much support for the idea on new-httpd.
661 * So, without patching Apache, the best way to deal with this is
662 * to size the fcgi_bufs to hold all of the script output (within
663 * reason) so the script can be released from having to wait around
664 * for the transmission to the client to complete. */
665 #ifdef RUSSIAN_APACHE
670 }
671 #else
676 }
677 #endif
680 /* Don't bother with a wrapped buffer, limiting exposure to slow
681 * clients. The BUFF routines don't allow a writev from above,
682 * and don't always memcpy to minimize small write()s, this should
683 * be fixed, but I didn't win much support for the idea on
684 * new-httpd - I'll have to _prove_ its a problem first.. */
686 /* The default behaviour used to be to flush with every write, but this
687 * can tie up the FastCGI server longer than is necessary so its an option now */
689 #ifdef RUSSIAN_APACHE
694 }
695 #else
700 }
701 #endif
702 }
706 }
708 /*******************************************************************************
709 * Determine the user and group suexec should be called with.
710 * Based on code in Apache's create_argv_cmd() (util_script.c).
711 */
713 {
718 }
721 /* its a user dir uri, just send the ~user, and leave it to the PM */
726 else
729 }
733 }
734 }
736 /*******************************************************************************
737 * Close the connection to the FastCGI server. This is normally called by
738 * do_work(), but may also be called as in request pool cleanup.
739 */
741 {
746 }
749 #ifdef WIN32
752 }
753 #else
756 }
757 #endif
760 /* XXX REQ_COMPLETE is only sent for requests which complete
761 * normally WRT the fcgi app. There is no data sent for
762 * connect() timeouts or requests which complete abnormally.
763 * KillDynamicProcs() and RemoveRecords() need to be looked at
764 * to be sure they can reasonably handle these cases before
765 * sending these sort of stats - theres some funk in there.
766 * XXX We should do something special when this a pool cleanup.
767 */
769 /* there's no point to aborting the request, just log it */
781 }
782 }
783 }
784 }
786 #ifdef WIN32
788 {
790 }
791 #endif
793 /*******************************************************************************
794 * Connect to the FastCGI server.
795 */
797 {
806 #ifdef WIN32
809 #else
812 #endif
814 /* Create the connection point */
819 #ifndef WIN32
824 #endif
826 #ifdef WIN32
829 }
832 }
835 }
836 #else
838 #endif
840 }
842 /* Dynamic app's lockfile handling */
844 #ifndef WIN32
847 #endif
852 #ifdef WIN32
854 #else
856 #endif
857 {
859 #ifdef WIN32
861 #else
863 #endif
864 {
867 /* Its already running, but there's a newer one,
868 * ask the process manager to start it.
869 * it will notice that the binary is newer,
870 * and do a restart instead.
871 */
874 /* Avoid sleep/alarm interactions */
876 }
877 #ifdef WIN32
880 #else
883 #endif
889 #ifdef WIN32
891 #else
892 /* Avoid sleep/alarm interactions */
894 #endif
895 }
896 #ifdef WIN32
898 #endif
901 /* Block until we get a shared (non-exclusive) read Lock */
905 #ifdef WIN32
909 #endif
912 }
914 #ifdef WIN32
916 {
917 BOOL ready;
920 DWORD interval;
926 {
931 }
932 }
933 else
934 {
939 }
940 }
944 }
946 do
947 {
958 }
962 }
964 // All pipe instances are busy, so wait
969 }
973 }
977 FCGIDBG5("interval=%d, max_connect_time=%d, connect_time=%d, ready=%d", interval, max_connect_time, connect_time, ready);
983 }
992 }
993 #endif
995 /* Create the socket */
1001 #ifndef WIN32
1004 "FD_SETSIZE (%u), you probably need to rebuild Apache with a "
1006 }
1007 #endif
1009 /* If appConnectTimeout is non-zero, setup do a non-blocking connect */
1010 if ((fr->dynamic && dynamicAppConnectTimeout) || (!fr->dynamic && fr->fs->appConnectTimeout)) {
1011 #ifndef WIN32
1016 #else
1020 #endif
1021 }
1026 /* Connect */
1030 #ifdef WIN32
1034 #else
1035 /* ECONNREFUSED means the listen queue is full (or there isn't one).
1036 * With dynamic I can at least make sure the PM knows this is occuring */
1038 /* @@@ This might be better as some other "kind" of message */
1042 }
1046 #endif
1048 /* The connect() is non-blocking */
1069 /* select() timed out */
1073 /* XXX These can be moved down when dynamic vars live is a struct */
1076 dynamicAppConnectTimeout);
1077 }
1090 }
1101 /* Solaris pending error */
1105 /* Berkeley-derived pending error */
1108 }
1112 ConnectionComplete:
1113 /* Return to blocking mode if it was set up */
1114 if ((fr->dynamic && dynamicAppConnectTimeout) || (!fr->dynamic && fr->fs->appConnectTimeout)) {
1115 #ifdef WIN32
1119 #else
1122 #endif
1123 }
1125 #ifdef TCP_NODELAY
1127 /* We shouldn't be sending small packets and there's no application
1128 * level ack of the data we send, so disable Nagle */
1131 }
1132 #endif
1135 }
1136 \f
1138 {
1139 #if defined(SIGPIPE) && MODULE_MAGIC_NUMBER < 19990320
1140 /* Make sure we leave with Apache's sigpipe_handler in place */
1143 #endif
1147 }
1150 {
1159 }
1160 }
1162 /*----------------------------------------------------------------------
1163 * This is the core routine for moving data between the FastCGI
1164 * application and the Web server's client.
1165 */
1167 {
1174 env_status env;
1183 /* Buffer as much of the environment as we can fit */
1187 /* Start the Apache dropdead timer. See comments at top of file. */
1190 /* Read as much as possible from the client. */
1196 }
1201 }
1203 /* Connect to the FastCGI Application */
1209 }
1221 }
1222 }
1224 /* @@@ We never reset the timer in this loop, most folks don't mess w/
1225 * Timeout directive which means we've got the 5 min default which is way
1226 * to long to tie up a fs. We need a better/configurable solution that
1227 * uses the select */
1230 /* Register to get the script's stderr logged at the end of the request */
1235 /* The socket is writeable, so get the first write out of the way */
1240 }
1246 /* If we didn't buffer all of the environment yet, buffer some more */
1250 /* Read as much as possible from the client. */
1254 }
1256 /* To avoid deadlock, don't do a blocking select to write to
1257 * the FastCGI application without selecting to read from the
1258 * FastCGI application.
1259 */
1263 #ifdef WIN32
1265 #endif
1268 /* Is data buffered for output to the FastCGI server? */
1273 }
1274 #ifdef WIN32
1275 }
1276 #endif
1277 /*
1278 * If there's data buffered to send to the client, don't
1279 * wait indefinitely for the FastCGI app; the app might
1280 * be doing server push.
1281 */
1285 }
1293 }
1295 /* Check for idle_timeout */
1298 }
1308 }
1309 }
1318 }
1320 /* Killed time somewhere.. client read? */
1326 }
1327 }
1331 }
1333 #ifdef WIN32
1335 #endif
1340 }
1341 #ifdef WIN32
1342 }
1353 {
1356 }
1358 }
1359 }
1362 }
1363 }
1364 #endif
1369 }
1376 }
1383 }
1389 }
1390 }
1392 #if defined(SIGPIPE) && MODULE_MAGIC_NUMBER < 19990320
1393 /* Disable Apache's SIGPIPE handler */
1395 #endif
1397 /* Read from the FastCGI server */
1398 #ifdef WIN32
1401 #else
1403 #endif
1409 }
1410 }
1416 }
1421 }
1422 }
1424 /* Write to the FastCGI server */
1425 #ifdef WIN32
1428 #else
1430 #endif
1436 }
1437 }
1439 #if defined(SIGPIPE) && MODULE_MAGIC_NUMBER < 19990320
1440 /* Reinstall Apache's SIGPIPE handler */
1442 #endif
1446 }
1450 #if defined(SIGPIPE) && MODULE_MAGIC_NUMBER < 19990320
1451 /* Make sure we leave with Apache's sigpipe_handler in place */
1454 #endif
1458 }
1459 }
1465 /* we're done talking to the fcgi app */
1468 }
1475 }
1476 }
1484 #ifdef RUSSIAN_APACHE
1486 #else
1488 #endif
1490 }
1504 /*
1505 * XXX We really should be soaking all client input
1506 * and all script output. See mod_cgi.c.
1507 * There's other differences we need to pick up here as well!
1508 * This has to be revisited.
1509 */
1514 }
1518 }
1519 \f
1522 {
1533 }
1534 }
1538 }
1542 /* Its a request for a dynamic FastCGI application */
1547 ap_log_rerror(FCGI_LOG_ERR_NOERRNO, r, "FastCGI: invalid (dynamic) server \"%s\": %s", fs_path, err);
1549 }
1550 }
1573 #ifdef WIN32
1577 #else
1581 #endif
1586 }
1588 /*
1589 *----------------------------------------------------------------------
1590 *
1591 * handler --
1592 *
1593 * This routine gets called for a request that corresponds to
1594 * a FastCGI connection. It performs the request synchronously.
1595 *
1596 * Results:
1597 * Final status of request: OK or NOT_FOUND or SERVER_ERROR.
1598 *
1599 * Side effects:
1600 * Request performed.
1601 *
1602 *----------------------------------------------------------------------
1603 */
1605 /* Stolen from mod_cgi.c..
1606 * KLUDGE --- for back-combatibility, we don't have to check ExecCGI
1607 * in ScriptAliased directories, which means we need to know if this
1608 * request came through ScriptAlias or not... so the Alias module
1609 * leaves a note for us.
1610 */
1612 {
1615 }
1617 /* If a script wants to produce its own Redirect body, it now
1618 * has to explicitly *say* "Status: 302". If it wants to use
1619 * Apache redirects say "Status: 200". See process_headers().
1620 */
1623 {
1627 /* @@@ There are still differences between the handling in
1628 * mod_cgi and mod_fastcgi. This needs to be revisited.
1629 */
1630 /* We already read the message body (if any), so don't allow
1631 * the redirected request to think it has one. We can ignore
1632 * Transfer-Encoding, since we used REQUEST_CHUNKED_ERROR.
1633 */
1646 }
1647 }
1649 /******************************************************************************
1650 * Process fastcgi-script requests. Based on mod_cgi::cgi_handler().
1651 */
1653 {
1657 /* Setup a new FastCGI request */
1661 /* If its a dynamic invocation, make sure scripts are OK here */
1666 }
1668 /* Process the fastcgi-script request */
1672 /* Special case redirects */
1674 }
1678 {
1684 }
1686 static int post_process_auth_passed_compat_header(table *t, const char *key, const char * const val)
1687 {
1692 }
1694 static int post_process_auth_failed_header(table * const t, const char * const key, const char * const val)
1695 {
1698 }
1701 {
1704 /* Restore the saved subprocess_env because we muddied ours up */
1709 ap_table_do((int (*)(void *, const char *, const char *))post_process_auth_passed_compat_header,
1711 }
1715 }
1716 }
1720 }
1722 /* @@@ Restore these.. its a hack until I rewrite the header handling */
1725 }
1728 {
1738 /* Get the user password */
1745 /* Save the existing subprocess_env, because we're gonna muddy it up */
1751 /* The FastCGI Protocol doesn't differentiate authentication */
1754 /* Do we need compatibility mode? */
1763 /* A redirect shouldn't be allowed during the authentication phase */
1769 }
1774 AuthenticationFailed:
1778 /* @@@ Probably should support custom_responses */
1783 }
1786 {
1795 /* @@@ We should probably honor the existing parameters to the require directive
1796 * as well as allow the definition of new ones (or use the basename of the
1797 * FastCGI server and pass the rest of the directive line), but for now keep
1798 * it simple. */
1803 /* Save the existing subprocess_env, because we're gonna muddy it up */
1810 /* Do we need compatibility mode? */
1819 /* A redirect shouldn't be allowed during the authorization phase */
1825 }
1830 AuthorizationFailed:
1834 /* @@@ Probably should support custom_responses */
1839 }
1842 {
1854 /* Save the existing subprocess_env, because we're gonna muddy it up */
1859 /* The FastCGI Protocol doesn't differentiate access control */
1862 /* Do we need compatibility mode? */
1871 /* A redirect shouldn't be allowed during the access check phase */
1877 }
1882 AccessFailed:
1886 /* @@@ Probably should support custom_responses */
1889 }
1892 \f
1893 command_rec fastcgi_cmds[] = {
1909 "a fastcgi-script path (absolute or relative to ServerRoot) followed by an optional -compat" },
1916 "a fastcgi-script path (absolute or relative to ServerRoot) followed by an optional -compat" },
1923 "a fastcgi-script path (absolute or relative to ServerRoot) followed by an optional -compat" },
1928 };
1931 handler_rec fastcgi_handlers[] = {
1935 };
1938 module MODULE_VAR_EXPORT fastcgi_module = {
1939 STANDARD_MODULE_STUFF,
1957 NULL /* [1] post read-request handling */
1958 };