--- embedaddon/lighttpd/src/mod_cgi.c 2013/10/14 10:32:48 1.1 +++ embedaddon/lighttpd/src/mod_cgi.c 2016/11/02 10:35:00 1.1.1.3 @@ -1,21 +1,25 @@ +#include "first.h" + #include "server.h" #include "stat_cache.h" #include "keyvalue.h" #include "log.h" #include "connections.h" #include "joblist.h" +#include "response.h" #include "http_chunk.h" +#include "network_backends.h" #include "plugin.h" #include +#include "sys-mmap.h" #ifdef __WIN32 # include #else # include # include -# include # include # include #endif @@ -32,12 +36,6 @@ #include #include -#ifdef HAVE_SYS_FILIO_H -# include -#endif - -#include "version.h" - enum {EOL_UNSET, EOL_N, EOL_RN}; typedef struct { @@ -56,6 +54,8 @@ typedef struct { typedef struct { array *cgi; unsigned short execute_x_only; + unsigned short xsendfile_allow; + array *xsendfile_docroot; } plugin_config; typedef struct { @@ -73,7 +73,9 @@ typedef struct { typedef struct { pid_t pid; int fd; + int fdtocgi; int fde_ndx; /* index into the fd-event buffer */ + int fde_ndx_tocgi; /* index into the fd-event buffer */ connection *remote_conn; /* dumb pointer */ plugin_data *plugin_data; /* dumb pointer */ @@ -85,10 +87,12 @@ typedef struct { static handler_ctx * cgi_handler_ctx_init(void) { handler_ctx *hctx = calloc(1, sizeof(*hctx)); - assert(hctx); + force_assert(hctx); hctx->response = buffer_init(); hctx->response_header = buffer_init(); + hctx->fd = -1; + hctx->fdtocgi = -1; return hctx; } @@ -100,14 +104,14 @@ static void cgi_handler_ctx_free(handler_ctx *hctx) { free(hctx); } -enum {FDEVENT_HANDLED_UNSET, FDEVENT_HANDLED_FINISHED, FDEVENT_HANDLED_NOT_FINISHED, FDEVENT_HANDLED_ERROR}; +enum {FDEVENT_HANDLED_UNSET, FDEVENT_HANDLED_FINISHED, FDEVENT_HANDLED_NOT_FINISHED, FDEVENT_HANDLED_COMEBACK, FDEVENT_HANDLED_ERROR}; INIT_FUNC(mod_cgi_init) { plugin_data *p; p = calloc(1, sizeof(*p)); - assert(p); + force_assert(p); p->tmp_buf = buffer_init(); p->parse_response = buffer_init(); @@ -127,7 +131,10 @@ FREE_FUNC(mod_cgi_free) { for (i = 0; i < srv->config_context->used; i++) { plugin_config *s = p->config_storage[i]; + if (NULL == s) continue; + array_free(s->cgi); + array_free(s->xsendfile_docroot); free(s); } @@ -152,30 +159,57 @@ SETDEFAULTS_FUNC(mod_fastcgi_set_defaults) { config_values_t cv[] = { { "cgi.assign", NULL, T_CONFIG_ARRAY, T_CONFIG_SCOPE_CONNECTION }, /* 0 */ { "cgi.execute-x-only", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 1 */ + { "cgi.x-sendfile", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 2 */ + { "cgi.x-sendfile-docroot", NULL, T_CONFIG_ARRAY, T_CONFIG_SCOPE_CONNECTION }, /* 3 */ { NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET} }; if (!p) return HANDLER_ERROR; - p->config_storage = calloc(1, srv->config_context->used * sizeof(specific_config *)); + p->config_storage = calloc(1, srv->config_context->used * sizeof(plugin_config *)); + force_assert(p->config_storage); for (i = 0; i < srv->config_context->used; i++) { + data_config const* config = (data_config const*)srv->config_context->data[i]; plugin_config *s; s = calloc(1, sizeof(plugin_config)); - assert(s); + force_assert(s); s->cgi = array_init(); s->execute_x_only = 0; + s->xsendfile_allow= 0; + s->xsendfile_docroot = array_init(); cv[0].destination = s->cgi; cv[1].destination = &(s->execute_x_only); + cv[2].destination = &(s->xsendfile_allow); + cv[3].destination = s->xsendfile_docroot; p->config_storage[i] = s; - if (0 != config_insert_values_global(srv, ((data_config *)srv->config_context->data[i])->value, cv)) { + if (0 != config_insert_values_global(srv, config->value, cv, i == 0 ? T_CONFIG_SCOPE_SERVER : T_CONFIG_SCOPE_CONNECTION)) { return HANDLER_ERROR; } + + if (s->xsendfile_docroot->used) { + size_t j; + for (j = 0; j < s->xsendfile_docroot->used; ++j) { + data_string *ds = (data_string *)s->xsendfile_docroot->data[j]; + if (ds->type != TYPE_STRING) { + log_error_write(srv, __FILE__, __LINE__, "s", + "unexpected type for key cgi.x-sendfile-docroot; expected: cgi.x-sendfile-docroot = ( \"/allowed/path\", ... )"); + return HANDLER_ERROR; + } + if (ds->value->ptr[0] != '/') { + log_error_write(srv, __FILE__, __LINE__, "SBs", + "cgi.x-sendfile-docroot paths must begin with '/'; invalid: \"", ds->value, "\""); + return HANDLER_ERROR; + } + buffer_path_simplify(ds->value, ds->value); + buffer_append_slash(ds->value); + } + } } return HANDLER_GO_ON; @@ -196,9 +230,11 @@ static int cgi_pid_add(server *srv, plugin_data *p, pi if (r->size == 0) { r->size = 16; r->ptr = malloc(sizeof(*r->ptr) * r->size); + force_assert(r->ptr); } else if (r->used == r->size) { r->size += 16; r->ptr = realloc(r->ptr, sizeof(*r->ptr) * r->size); + force_assert(r->ptr); } r->ptr[r->used++] = pid; @@ -235,7 +271,7 @@ static int cgi_response_parse(server *srv, connection UNUSED(srv); - buffer_copy_string_buffer(p->parse_response, in); + buffer_copy_buffer(p->parse_response, in); for (s = p->parse_response->ptr; NULL != (ns = strchr(s, '\n')); @@ -298,8 +334,13 @@ static int cgi_response_parse(server *srv, connection break; case 6: if (0 == strncasecmp(key, "Status", key_len)) { - con->http_status = strtol(value, NULL, 10); - con->parsed_response |= HTTP_STATUS; + int status = strtol(value, NULL, 10); + if (status >= 100 && status < 1000) { + con->http_status = status; + con->parsed_response |= HTTP_STATUS; + } else { + con->http_status = 502; + } } break; case 8: @@ -315,7 +356,7 @@ static int cgi_response_parse(server *srv, connection break; case 14: if (0 == strncasecmp(key, "Content-Length", key_len)) { - con->response.content_length = strtol(value, NULL, 10); + con->response.content_length = strtoul(value, NULL, 10); con->parsed_response |= HTTP_CONTENT_LENGTH; } break; @@ -344,19 +385,20 @@ static int cgi_demux_response(server *srv, handler_ctx int toread; #if defined(__WIN32) - buffer_prepare_copy(hctx->response, 4 * 1024); + buffer_string_prepare_copy(hctx->response, 4 * 1024); #else - if (ioctl(con->fd, FIONREAD, &toread) || toread == 0 || toread <= 4*1024) { - buffer_prepare_copy(hctx->response, 4 * 1024); + if (ioctl(con->fd, FIONREAD, &toread) || toread <= 4*1024) { + buffer_string_prepare_copy(hctx->response, 4 * 1024); } else { if (toread > MAX_READ_LIMIT) toread = MAX_READ_LIMIT; - buffer_prepare_copy(hctx->response, toread + 1); + buffer_string_prepare_copy(hctx->response, toread); } #endif if (-1 == (n = read(hctx->fd, hctx->response->ptr, hctx->response->size - 1))) { if (errno == EAGAIN || errno == EINTR) { /* would block, wait for signal */ + fdevent_event_add(srv->ev, &(hctx->fde_ndx), hctx->fd, FDEVENT_IN); return FDEVENT_HANDLED_NOT_FINISHED; } /* error */ @@ -366,18 +408,10 @@ static int cgi_demux_response(server *srv, handler_ctx if (n == 0) { /* read finished */ - - con->file_finished = 1; - - /* send final chunk */ - http_chunk_append_mem(srv, con, NULL, 0); - joblist_append(srv, con); - return FDEVENT_HANDLED_FINISHED; } - hctx->response->ptr[n] = '\0'; - hctx->response->used = n+1; + buffer_commit(hctx->response, n); /* split header from body */ @@ -385,7 +419,7 @@ static int cgi_demux_response(server *srv, handler_ctx int is_header = 0; int is_header_end = 0; size_t last_eol = 0; - size_t i; + size_t i, header_len; buffer_append_string_buffer(hctx->response_header, hctx->response); @@ -412,8 +446,9 @@ static int cgi_demux_response(server *srv, handler_ctx /* nph (non-parsed headers) */ if (0 == strncmp(hctx->response_header->ptr, "HTTP/1.", 7)) is_header = 1; - - for (i = 0; !is_header_end && i < hctx->response_header->used - 1; i++) { + + header_len = buffer_string_length(hctx->response_header); + for (i = 0; !is_header_end && i < header_len; i++) { char c = hctx->response_header->ptr[i]; switch (c) { @@ -453,56 +488,110 @@ static int cgi_demux_response(server *srv, handler_ctx if (is_header_end) { if (!is_header) { /* no header, but a body */ - - if (con->request.http_version == HTTP_VERSION_1_1) { - con->response.transfer_encoding = HTTP_TRANSFER_ENCODING_CHUNKED; + if (0 != http_chunk_append_buffer(srv, con, hctx->response_header)) { + return FDEVENT_HANDLED_ERROR; } - - http_chunk_append_mem(srv, con, hctx->response_header->ptr, hctx->response_header->used); - joblist_append(srv, con); } else { const char *bstart; size_t blen; - + + /* the body starts after the EOL */ + bstart = hctx->response_header->ptr + i; + blen = header_len - i; + /** * i still points to the char after the terminating EOL EOL * * put it on the last \n again */ i--; - - /* the body starts after the EOL */ - bstart = hctx->response_header->ptr + (i + 1); - blen = (hctx->response_header->used - 1) - (i + 1); - + /* string the last \r?\n */ if (i > 0 && (hctx->response_header->ptr[i - 1] == '\r')) { i--; } - hctx->response_header->ptr[i] = '\0'; - hctx->response_header->used = i + 1; /* the string + \0 */ - + buffer_string_set_length(hctx->response_header, i); + /* parse the response header */ cgi_response_parse(srv, con, p, hctx->response_header); - /* enable chunked-transfer-encoding */ - if (con->request.http_version == HTTP_VERSION_1_1 && - !(con->parsed_response & HTTP_CONTENT_LENGTH)) { - con->response.transfer_encoding = HTTP_TRANSFER_ENCODING_CHUNKED; + if (con->http_status >= 300 && con->http_status < 400) { + /*(con->parsed_response & HTTP_LOCATION)*/ + data_string *ds; + if (NULL != (ds = (data_string *) array_get_element(con->response.headers, "Location")) + && ds->value->ptr[0] == '/') { + if (++con->loops_per_request > 5) { + log_error_write(srv, __FILE__, __LINE__, "sb", "too many internal loops while processing request:", con->request.orig_uri); + con->http_status = 500; /* Internal Server Error */ + con->mode = DIRECT; + return FDEVENT_HANDLED_FINISHED; + } + + buffer_copy_buffer(con->request.uri, ds->value); + + if (con->request.content_length) { + if ((off_t)con->request.content_length != chunkqueue_length(con->request_content_queue)) { + con->keep_alive = 0; + } + con->request.content_length = 0; + chunkqueue_reset(con->request_content_queue); + } + + if (con->http_status != 307 && con->http_status != 308) { + /* Note: request body (if any) sent to initial dynamic handler + * and is not available to the internal redirect */ + con->request.http_method = HTTP_METHOD_GET; + } + + connection_response_reset(srv, con); /*(includes con->http_status = 0)*/ + + con->mode = DIRECT; + return FDEVENT_HANDLED_COMEBACK; + } } + if (p->conf.xsendfile_allow) { + data_string *ds; + if (NULL != (ds = (data_string *) array_get_element(con->response.headers, "X-Sendfile"))) { + http_response_xsendfile(srv, con, ds->value, p->conf.xsendfile_docroot); + return FDEVENT_HANDLED_FINISHED; + } + } + if (blen > 0) { - http_chunk_append_mem(srv, con, bstart, blen + 1); - joblist_append(srv, con); + if (0 != http_chunk_append_mem(srv, con, bstart, blen)) { + return FDEVENT_HANDLED_ERROR; + } } } con->file_started = 1; + } else { + /*(reuse MAX_HTTP_REQUEST_HEADER as max size for response headers from backends)*/ + if (header_len > MAX_HTTP_REQUEST_HEADER) { + log_error_write(srv, __FILE__, __LINE__, "sb", "response headers too large for", con->uri.path); + con->http_status = 502; /* Bad Gateway */ + con->mode = DIRECT; + return FDEVENT_HANDLED_FINISHED; + } } } else { - http_chunk_append_mem(srv, con, hctx->response->ptr, hctx->response->used); - joblist_append(srv, con); + if (0 != http_chunk_append_buffer(srv, con, hctx->response)) { + return FDEVENT_HANDLED_ERROR; + } + if ((con->conf.stream_response_body & FDEVENT_STREAM_RESPONSE_BUFMIN) + && chunkqueue_length(con->write_queue) > 65536 - 4096) { + if (!con->is_writable) { + /*(defer removal of FDEVENT_IN interest since + * connection_state_machine() might be able to send data + * immediately, unless !con->is_writable, where + * connection_state_machine() might not loop back to call + * mod_cgi_handle_subrequest())*/ + fdevent_event_clr(srv->ev, &(hctx->fde_ndx), hctx->fd, FDEVENT_IN); + } + break; + } } #if 0 @@ -513,19 +602,23 @@ static int cgi_demux_response(server *srv, handler_ctx return FDEVENT_HANDLED_NOT_FINISHED; } -static handler_t cgi_connection_close(server *srv, handler_ctx *hctx) { +static void cgi_connection_close_fdtocgi(server *srv, handler_ctx *hctx) { + /*(closes only hctx->fdtocgi)*/ + fdevent_event_del(srv->ev, &(hctx->fde_ndx_tocgi), hctx->fdtocgi); + fdevent_unregister(srv->ev, hctx->fdtocgi); + + if (close(hctx->fdtocgi)) { + log_error_write(srv, __FILE__, __LINE__, "sds", "cgi stdin close failed ", hctx->fdtocgi, strerror(errno)); + } + hctx->fdtocgi = -1; +} + +static void cgi_connection_close(server *srv, handler_ctx *hctx) { int status; pid_t pid; - plugin_data *p; - connection *con; + plugin_data *p = hctx->plugin_data; + connection *con = hctx->remote_conn; - if (NULL == hctx) return HANDLER_GO_ON; - - p = hctx->plugin_data; - con = hctx->remote_conn; - - if (con->mode != p->id) return HANDLER_GO_ON; - #ifndef __WIN32 /* the connection to the browser went away, but we still have a connection @@ -542,16 +635,16 @@ static handler_t cgi_connection_close(server *srv, han if (close(hctx->fd)) { log_error_write(srv, __FILE__, __LINE__, "sds", "cgi close failed ", hctx->fd, strerror(errno)); } + } - hctx->fd = -1; - hctx->fde_ndx = -1; + if (hctx->fdtocgi != -1) { + cgi_connection_close_fdtocgi(srv, hctx); /*(closes only hctx->fdtocgi)*/ } pid = hctx->pid; con->plugin_ctx[p->id] = NULL; - /* is this a good idea ? */ cgi_handler_ctx_free(hctx); /* if waitpid hasn't been called by response.c yet, do it here */ @@ -578,61 +671,92 @@ static handler_t cgi_connection_close(server *srv, han * -> we get here with waitpid == ECHILD * */ - if (errno == ECHILD) return HANDLER_GO_ON; - - log_error_write(srv, __FILE__, __LINE__, "ss", "waitpid failed: ", strerror(errno)); - return HANDLER_ERROR; - default: - /* Send an error if we haven't sent any data yet */ - if (0 == con->file_started) { - connection_set_state(srv, con, CON_STATE_HANDLE_REQUEST); - con->http_status = 500; - con->mode = DIRECT; - } else { - con->file_finished = 1; + if (errno != ECHILD) { + log_error_write(srv, __FILE__, __LINE__, "ss", "waitpid failed: ", strerror(errno)); } - + /* anyway: don't wait for it anymore */ + pid = 0; + break; + default: if (WIFEXITED(status)) { #if 0 log_error_write(srv, __FILE__, __LINE__, "sd", "(debug) cgi exited fine, pid:", pid); #endif - return HANDLER_GO_ON; } else { log_error_write(srv, __FILE__, __LINE__, "sd", "cgi died, pid:", pid); - return HANDLER_GO_ON; } + + pid = 0; + break; } + if (pid) { + kill(pid, SIGTERM); - kill(pid, SIGTERM); - - /* cgi-script is still alive, queue the PID for removal */ - cgi_pid_add(srv, p, pid); + /* cgi-script is still alive, queue the PID for removal */ + cgi_pid_add(srv, p, pid); + } } #endif - return HANDLER_GO_ON; + + /* finish response (if not already con->file_started, con->file_finished) */ + if (con->mode == p->id) { + http_response_backend_done(srv, con); + } } static handler_t cgi_connection_close_callback(server *srv, connection *con, void *p_d) { plugin_data *p = p_d; + handler_ctx *hctx = con->plugin_ctx[p->id]; + if (hctx) cgi_connection_close(srv, hctx); - return cgi_connection_close(srv, con->plugin_ctx[p->id]); + return HANDLER_GO_ON; } -static handler_t cgi_handle_fdevent(server *srv, void *ctx, int revents) { +static int cgi_write_request(server *srv, handler_ctx *hctx, int fd); + + +static handler_t cgi_handle_fdevent_send (server *srv, void *ctx, int revents) { handler_ctx *hctx = ctx; connection *con = hctx->remote_conn; + /*(joblist only actually necessary here in mod_cgi fdevent send if returning HANDLER_ERROR)*/ joblist_append(srv, con); - if (hctx->fd == -1) { - log_error_write(srv, __FILE__, __LINE__, "ddss", con->fd, hctx->fd, connection_get_state(con->state), "invalid cgi-fd"); + if (revents & FDEVENT_OUT) { + if (0 != cgi_write_request(srv, hctx, hctx->fdtocgi)) { + cgi_connection_close(srv, hctx); + return HANDLER_ERROR; + } + /* more request body to be sent to CGI */ + } + if (revents & FDEVENT_HUP) { + /* skip sending remaining data to CGI */ + if (con->request.content_length) { + chunkqueue *cq = con->request_content_queue; + chunkqueue_mark_written(cq, chunkqueue_length(cq)); + if (cq->bytes_in != (off_t)con->request.content_length) { + con->keep_alive = 0; + } + } + + cgi_connection_close_fdtocgi(srv, hctx); /*(closes only hctx->fdtocgi)*/ + } else if (revents & FDEVENT_ERR) { + /* kill all connections to the cgi process */ +#if 1 + log_error_write(srv, __FILE__, __LINE__, "s", "cgi-FDEVENT_ERR"); +#endif + cgi_connection_close(srv, hctx); return HANDLER_ERROR; } - if (revents & FDEVENT_IN) { + return HANDLER_FINISHED; +} + + +static int cgi_recv_response(server *srv, handler_ctx *hctx) { switch (cgi_demux_response(srv, hctx)) { case FDEVENT_HANDLED_NOT_FINISHED: break; @@ -646,59 +770,58 @@ static handler_t cgi_handle_fdevent(server *srv, void /* if we get a IN|HUP and have read everything don't exec the close twice */ return HANDLER_FINISHED; + case FDEVENT_HANDLED_COMEBACK: + cgi_connection_close(srv, hctx); + return HANDLER_COMEBACK; case FDEVENT_HANDLED_ERROR: - /* Send an error if we haven't sent any data yet */ - if (0 == con->file_started) { - connection_set_state(srv, con, CON_STATE_HANDLE_REQUEST); - con->http_status = 500; - con->mode = DIRECT; - } else { - con->file_finished = 1; - } - log_error_write(srv, __FILE__, __LINE__, "s", "demuxer failed: "); - break; + + cgi_connection_close(srv, hctx); + return HANDLER_FINISHED; } - } - if (revents & FDEVENT_OUT) { - /* nothing to do */ + return HANDLER_GO_ON; +} + + +static handler_t cgi_handle_fdevent(server *srv, void *ctx, int revents) { + handler_ctx *hctx = ctx; + connection *con = hctx->remote_conn; + + joblist_append(srv, con); + + if (revents & FDEVENT_IN) { + handler_t rc = cgi_recv_response(srv, hctx);/*(might invalidate hctx)*/ + if (rc != HANDLER_GO_ON) return rc; /*(unless HANDLER_GO_ON)*/ } /* perhaps this issue is already handled */ if (revents & FDEVENT_HUP) { - /* check if we still have a unfinished header package which is a body in reality */ - if (con->file_started == 0 && - hctx->response_header->used) { + if (con->file_started) { + /* drain any remaining data from kernel pipe buffers + * even if (con->conf.stream_response_body + * & FDEVENT_STREAM_RESPONSE_BUFMIN) + * since event loop will spin on fd FDEVENT_HUP event + * until unregistered. */ + handler_t rc; + do { + rc = cgi_recv_response(srv,hctx);/*(might invalidate hctx)*/ + } while (rc == HANDLER_GO_ON); /*(unless HANDLER_GO_ON)*/ + return rc; /* HANDLER_FINISHED or HANDLER_COMEBACK or HANDLER_ERROR */ + } else if (!buffer_string_is_empty(hctx->response_header)) { + /* unfinished header package which is a body in reality */ con->file_started = 1; - http_chunk_append_mem(srv, con, hctx->response_header->ptr, hctx->response_header->used); - joblist_append(srv, con); - } - - if (con->file_finished == 0) { - http_chunk_append_mem(srv, con, NULL, 0); - joblist_append(srv, con); - } - - con->file_finished = 1; - - if (chunkqueue_is_empty(con->write_queue)) { - /* there is nothing left to write */ - connection_set_state(srv, con, CON_STATE_RESPONSE_END); + if (0 != http_chunk_append_buffer(srv, con, hctx->response_header)) { + cgi_connection_close(srv, hctx); + return HANDLER_ERROR; + } } else { - /* used the write-handler to finish the request on demand */ - - } - # if 0 - log_error_write(srv, __FILE__, __LINE__, "sddd", "got HUP from cgi", con->fd, hctx->fd, revents); + log_error_write(srv, __FILE__, __LINE__, "sddd", "got HUP from cgi", con->fd, hctx->fd, revents); # endif - - /* rtsigs didn't liked the close */ + } cgi_connection_close(srv, hctx); } else if (revents & FDEVENT_ERR) { - con->file_finished = 1; - /* kill all connections to the cgi process */ cgi_connection_close(srv, hctx); #if 1 @@ -717,6 +840,7 @@ static int cgi_env_add(char_array *env, const char *ke if (!key || !val) return -1; dst = malloc(key_len + val_len + 2); + force_assert(dst); memcpy(dst, key, key_len); dst[key_len] = '='; memcpy(dst + key_len + 1, val, val_len); @@ -725,9 +849,11 @@ static int cgi_env_add(char_array *env, const char *ke if (env->size == 0) { env->size = 16; env->ptr = malloc(env->size * sizeof(*env->ptr)); + force_assert(env->ptr); } else if (env->size == env->used) { env->size += 16; env->ptr = realloc(env->ptr, env->size * sizeof(*env->ptr)); + force_assert(env->ptr); } env->ptr[env->used++] = dst; @@ -735,7 +861,201 @@ static int cgi_env_add(char_array *env, const char *ke return 0; } -static int cgi_create_env(server *srv, connection *con, plugin_data *p, buffer *cgi_handler) { +/* returns: 0: continue, -1: fatal error, -2: connection reset */ +/* similar to network_write_file_chunk_mmap, but doesn't use send on windows (because we're on pipes), + * also mmaps and sends complete chunk instead of only small parts - the files + * are supposed to be temp files with reasonable chunk sizes. + * + * Also always use mmap; the files are "trusted", as we created them. + */ +static ssize_t cgi_write_file_chunk_mmap(server *srv, connection *con, int fd, chunkqueue *cq) { + chunk* const c = cq->first; + off_t offset, toSend, file_end; + ssize_t r; + size_t mmap_offset, mmap_avail; + char *data; + + force_assert(NULL != c); + force_assert(FILE_CHUNK == c->type); + force_assert(c->offset >= 0 && c->offset <= c->file.length); + + offset = c->file.start + c->offset; + toSend = c->file.length - c->offset; + file_end = c->file.start + c->file.length; /* offset to file end in this chunk */ + + if (0 == toSend) { + chunkqueue_remove_finished_chunks(cq); + return 0; + } + + if (0 != network_open_file_chunk(srv, con, cq)) return -1; + + /* (re)mmap the buffer if range is not covered completely */ + if (MAP_FAILED == c->file.mmap.start + || offset < c->file.mmap.offset + || file_end > (off_t)(c->file.mmap.offset + c->file.mmap.length)) { + + if (MAP_FAILED != c->file.mmap.start) { + munmap(c->file.mmap.start, c->file.mmap.length); + c->file.mmap.start = MAP_FAILED; + } + + c->file.mmap.offset = mmap_align_offset(offset); + c->file.mmap.length = file_end - c->file.mmap.offset; + + if (MAP_FAILED == (c->file.mmap.start = mmap(NULL, c->file.mmap.length, PROT_READ, MAP_PRIVATE, c->file.fd, c->file.mmap.offset))) { + if (toSend > 65536) toSend = 65536; + data = malloc(toSend); + force_assert(data); + if (-1 == lseek(c->file.fd, offset, SEEK_SET) + || 0 >= (toSend = read(c->file.fd, data, toSend))) { + if (-1 == toSend) { + log_error_write(srv, __FILE__, __LINE__, "ssbdo", "lseek/read failed:", + strerror(errno), c->file.name, c->file.fd, offset); + } else { /*(0 == toSend)*/ + log_error_write(srv, __FILE__, __LINE__, "sbdo", "unexpected EOF (input truncated?):", + c->file.name, c->file.fd, offset); + } + free(data); + return -1; + } + } + } + + if (MAP_FAILED != c->file.mmap.start) { + force_assert(offset >= c->file.mmap.offset); + mmap_offset = offset - c->file.mmap.offset; + force_assert(c->file.mmap.length > mmap_offset); + mmap_avail = c->file.mmap.length - mmap_offset; + force_assert(toSend <= (off_t) mmap_avail); + + data = c->file.mmap.start + mmap_offset; + } + + r = write(fd, data, toSend); + + if (MAP_FAILED == c->file.mmap.start) free(data); + + if (r < 0) { + switch (errno) { + case EAGAIN: + case EINTR: + return 0; + case EPIPE: + case ECONNRESET: + return -2; + default: + log_error_write(srv, __FILE__, __LINE__, "ssd", + "write failed:", strerror(errno), fd); + return -1; + } + } + + if (r >= 0) { + chunkqueue_mark_written(cq, r); + } + + return r; +} + +static int cgi_write_request(server *srv, handler_ctx *hctx, int fd) { + connection *con = hctx->remote_conn; + chunkqueue *cq = con->request_content_queue; + chunk *c; + + /* old comment: windows doesn't support select() on pipes - wouldn't be easy to fix for all platforms. + * solution: if this is still a problem on windows, then substitute + * socketpair() for pipe() and closesocket() for close() on windows. + */ + + for (c = cq->first; c; c = cq->first) { + ssize_t r = -1; + + switch(c->type) { + case FILE_CHUNK: + r = cgi_write_file_chunk_mmap(srv, con, fd, cq); + break; + + case MEM_CHUNK: + if ((r = write(fd, c->mem->ptr + c->offset, buffer_string_length(c->mem) - c->offset)) < 0) { + switch(errno) { + case EAGAIN: + case EINTR: + /* ignore and try again */ + r = 0; + break; + case EPIPE: + case ECONNRESET: + /* connection closed */ + r = -2; + break; + default: + /* fatal error */ + log_error_write(srv, __FILE__, __LINE__, "ss", "write failed due to: ", strerror(errno)); + r = -1; + break; + } + } else if (r > 0) { + chunkqueue_mark_written(cq, r); + } + break; + } + + if (0 == r) break; /*(might block)*/ + + switch (r) { + case -1: + /* fatal error */ + return -1; + case -2: + /* connection reset */ + log_error_write(srv, __FILE__, __LINE__, "s", "failed to send post data to cgi, connection closed by CGI"); + /* skip all remaining data */ + chunkqueue_mark_written(cq, chunkqueue_length(cq)); + break; + default: + break; + } + } + + if (cq->bytes_out == (off_t)con->request.content_length) { + /* sent all request body input */ + /* close connection to the cgi-script */ + if (-1 == hctx->fdtocgi) { /*(received request body sent in initial send to pipe buffer)*/ + if (close(fd)) { + log_error_write(srv, __FILE__, __LINE__, "sds", "cgi stdin close failed ", fd, strerror(errno)); + } + } else { + cgi_connection_close_fdtocgi(srv, hctx); /*(closes only hctx->fdtocgi)*/ + } + } else { + off_t cqlen = cq->bytes_in - cq->bytes_out; + if (cq->bytes_in < (off_t)con->request.content_length && cqlen < 65536 - 16384) { + /*(con->conf.stream_request_body & FDEVENT_STREAM_REQUEST)*/ + if (!(con->conf.stream_request_body & FDEVENT_STREAM_REQUEST_POLLIN)) { + con->conf.stream_request_body |= FDEVENT_STREAM_REQUEST_POLLIN; + con->is_readable = 1; /* trigger optimistic read from client */ + } + } + if (-1 == hctx->fdtocgi) { /*(not registered yet)*/ + hctx->fdtocgi = fd; + hctx->fde_ndx_tocgi = -1; + fdevent_register(srv->ev, hctx->fdtocgi, cgi_handle_fdevent_send, hctx); + } + if (0 == cqlen) { /*(chunkqueue_is_empty(cq))*/ + if ((fdevent_event_get_interest(srv->ev, hctx->fdtocgi) & FDEVENT_OUT)) { + fdevent_event_set(srv->ev, &(hctx->fde_ndx_tocgi), hctx->fdtocgi, 0); + } + } else { + /* more request body remains to be sent to CGI so register for fdevents */ + fdevent_event_set(srv->ev, &(hctx->fde_ndx_tocgi), hctx->fdtocgi, FDEVENT_OUT); + } + } + + return 0; +} + +static int cgi_create_env(server *srv, connection *con, plugin_data *p, handler_ctx *hctx, buffer *cgi_handler) { pid_t pid; #ifdef HAVE_IPV6 @@ -748,7 +1068,7 @@ static int cgi_create_env(server *srv, connection *con #ifndef __WIN32 - if (cgi_handler->used > 1) { + if (!buffer_string_is_empty(cgi_handler)) { /* stat the exec file */ if (-1 == (stat(cgi_handler->ptr, &st))) { log_error_write(srv, __FILE__, __LINE__, "sbss", @@ -777,7 +1097,7 @@ static int cgi_create_env(server *srv, connection *con char **args; int argc; int i = 0; - char buf[32]; + char buf[LI_ITOSTRING_LENGTH]; size_t n; char_array env; char *c; @@ -803,14 +1123,10 @@ static int cgi_create_env(server *srv, connection *con env.size = 0; env.used = 0; - if (buffer_is_empty(con->conf.server_tag)) { - cgi_env_add(&env, CONST_STR_LEN("SERVER_SOFTWARE"), CONST_STR_LEN(PACKAGE_DESC)); - } else { - cgi_env_add(&env, CONST_STR_LEN("SERVER_SOFTWARE"), CONST_BUF_LEN(con->conf.server_tag)); - } + cgi_env_add(&env, CONST_STR_LEN("SERVER_SOFTWARE"), CONST_BUF_LEN(con->conf.server_tag)); - if (!buffer_is_empty(con->server_name)) { - size_t len = con->server_name->used - 1; + if (!buffer_string_is_empty(con->server_name)) { + size_t len = buffer_string_length(con->server_name); if (con->server_name->ptr[0] == '[') { const char *colon = strstr(con->server_name->ptr, "]:"); @@ -823,23 +1139,25 @@ static int cgi_create_env(server *srv, connection *con cgi_env_add(&env, CONST_STR_LEN("SERVER_NAME"), con->server_name->ptr, len); } else { #ifdef HAVE_IPV6 - s = inet_ntop(srv_sock->addr.plain.sa_family, - srv_sock->addr.plain.sa_family == AF_INET6 ? - (const void *) &(srv_sock->addr.ipv6.sin6_addr) : - (const void *) &(srv_sock->addr.ipv4.sin_addr), - b2, sizeof(b2)-1); + s = inet_ntop( + srv_sock->addr.plain.sa_family, + srv_sock->addr.plain.sa_family == AF_INET6 ? + (const void *) &(srv_sock->addr.ipv6.sin6_addr) : + (const void *) &(srv_sock->addr.ipv4.sin_addr), + b2, sizeof(b2)-1); #else s = inet_ntoa(srv_sock->addr.ipv4.sin_addr); #endif + force_assert(s); cgi_env_add(&env, CONST_STR_LEN("SERVER_NAME"), s, strlen(s)); } cgi_env_add(&env, CONST_STR_LEN("GATEWAY_INTERFACE"), CONST_STR_LEN("CGI/1.1")); s = get_http_version_name(con->request.http_version); - + force_assert(s); cgi_env_add(&env, CONST_STR_LEN("SERVER_PROTOCOL"), s, strlen(s)); - LI_ltostr(buf, + li_utostrn(buf, sizeof(buf), #ifdef HAVE_IPV6 ntohs(srv_sock->addr.plain.sa_family == AF_INET6 ? srv_sock->addr.ipv6.sin6_port : srv_sock->addr.ipv4.sin_port) #else @@ -851,14 +1169,16 @@ static int cgi_create_env(server *srv, connection *con switch (srv_sock->addr.plain.sa_family) { #ifdef HAVE_IPV6 case AF_INET6: - s = inet_ntop(srv_sock->addr.plain.sa_family, - (const void *) &(srv_sock->addr.ipv6.sin6_addr), - b2, sizeof(b2)-1); + s = inet_ntop( + srv_sock->addr.plain.sa_family, + (const void *) &(srv_sock->addr.ipv6.sin6_addr), + b2, sizeof(b2)-1); break; case AF_INET: - s = inet_ntop(srv_sock->addr.plain.sa_family, - (const void *) &(srv_sock->addr.ipv4.sin_addr), - b2, sizeof(b2)-1); + s = inet_ntop( + srv_sock->addr.plain.sa_family, + (const void *) &(srv_sock->addr.ipv4.sin_addr), + b2, sizeof(b2)-1); break; #else case AF_INET: @@ -869,34 +1189,45 @@ static int cgi_create_env(server *srv, connection *con s = ""; break; } + force_assert(s); cgi_env_add(&env, CONST_STR_LEN("SERVER_ADDR"), s, strlen(s)); s = get_http_method_name(con->request.http_method); + force_assert(s); cgi_env_add(&env, CONST_STR_LEN("REQUEST_METHOD"), s, strlen(s)); - if (!buffer_is_empty(con->request.pathinfo)) { + if (!buffer_string_is_empty(con->request.pathinfo)) { cgi_env_add(&env, CONST_STR_LEN("PATH_INFO"), CONST_BUF_LEN(con->request.pathinfo)); } - cgi_env_add(&env, CONST_STR_LEN("REDIRECT_STATUS"), CONST_STR_LEN("200")); - if (!buffer_is_empty(con->uri.query)) { + if (!buffer_string_is_empty(con->uri.query)) { cgi_env_add(&env, CONST_STR_LEN("QUERY_STRING"), CONST_BUF_LEN(con->uri.query)); + } else { + cgi_env_add(&env, CONST_STR_LEN("QUERY_STRING"), CONST_STR_LEN("")); } - if (!buffer_is_empty(con->request.orig_uri)) { - cgi_env_add(&env, CONST_STR_LEN("REQUEST_URI"), CONST_BUF_LEN(con->request.orig_uri)); + cgi_env_add(&env, CONST_STR_LEN("REQUEST_URI"), CONST_BUF_LEN(con->request.orig_uri)); + if (!buffer_is_equal(con->request.uri, con->request.orig_uri)) { + cgi_env_add(&env, CONST_STR_LEN("REDIRECT_URI"), CONST_BUF_LEN(con->request.uri)); } + /* set REDIRECT_STATUS for php compiled with --force-redirect + * (if REDIRECT_STATUS has not already been set by error handler) */ + if (0 == con->error_handler_saved_status) { + cgi_env_add(&env, CONST_STR_LEN("REDIRECT_STATUS"), CONST_STR_LEN("200")); + } switch (con->dst_addr.plain.sa_family) { #ifdef HAVE_IPV6 case AF_INET6: - s = inet_ntop(con->dst_addr.plain.sa_family, - (const void *) &(con->dst_addr.ipv6.sin6_addr), - b2, sizeof(b2)-1); + s = inet_ntop( + con->dst_addr.plain.sa_family, + (const void *) &(con->dst_addr.ipv6.sin6_addr), + b2, sizeof(b2)-1); break; case AF_INET: - s = inet_ntop(con->dst_addr.plain.sa_family, - (const void *) &(con->dst_addr.ipv4.sin_addr), - b2, sizeof(b2)-1); + s = inet_ntop( + con->dst_addr.plain.sa_family, + (const void *) &(con->dst_addr.ipv4.sin_addr), + b2, sizeof(b2)-1); break; #else case AF_INET: @@ -907,9 +1238,10 @@ static int cgi_create_env(server *srv, connection *con s = ""; break; } + force_assert(s); cgi_env_add(&env, CONST_STR_LEN("REMOTE_ADDR"), s, strlen(s)); - LI_ltostr(buf, + li_utostrn(buf, sizeof(buf), #ifdef HAVE_IPV6 ntohs(con->dst_addr.plain.sa_family == AF_INET6 ? con->dst_addr.ipv6.sin6_port : con->dst_addr.ipv4.sin_port) #else @@ -922,8 +1254,7 @@ static int cgi_create_env(server *srv, connection *con cgi_env_add(&env, CONST_STR_LEN("HTTPS"), CONST_STR_LEN("on")); } - /* request.content_length < SSIZE_MAX, see request.c */ - LI_ltostr(buf, con->request.content_length); + li_itostrn(buf, sizeof(buf), con->request.content_length); cgi_env_add(&env, CONST_STR_LEN("CONTENT_LENGTH"), buf, strlen(buf)); cgi_env_add(&env, CONST_STR_LEN("SCRIPT_FILENAME"), CONST_BUF_LEN(con->physical.path)); cgi_env_add(&env, CONST_STR_LEN("SCRIPT_NAME"), CONST_BUF_LEN(con->uri.path)); @@ -949,31 +1280,16 @@ static int cgi_create_env(server *srv, connection *con ds = (data_string *)con->request.headers->data[n]; - if (ds->value->used && ds->key->used) { - size_t j; - - buffer_reset(p->tmp_buf); - - if (0 != strcasecmp(ds->key->ptr, "CONTENT-TYPE")) { - buffer_copy_string_len(p->tmp_buf, CONST_STR_LEN("HTTP_")); - p->tmp_buf->used--; /* strip \0 after HTTP_ */ + if (!buffer_is_empty(ds->value) && !buffer_is_empty(ds->key)) { + /* Do not emit HTTP_PROXY in environment. + * Some executables use HTTP_PROXY to configure + * outgoing proxy. See also https://httpoxy.org/ */ + if (buffer_is_equal_caseless_string(ds->key, CONST_STR_LEN("Proxy"))) { + continue; } - buffer_prepare_append(p->tmp_buf, ds->key->used + 2); + buffer_copy_string_encoded_cgi_varnames(p->tmp_buf, CONST_BUF_LEN(ds->key), 1); - for (j = 0; j < ds->key->used - 1; j++) { - char cr = '_'; - if (light_isalpha(ds->key->ptr[j])) { - /* upper-case */ - cr = ds->key->ptr[j] & ~32; - } else if (light_isdigit(ds->key->ptr[j])) { - /* copy */ - cr = ds->key->ptr[j]; - } - p->tmp_buf->ptr[p->tmp_buf->used++] = cr; - } - p->tmp_buf->ptr[p->tmp_buf->used++] = '\0'; - cgi_env_add(&env, CONST_BUF_LEN(p->tmp_buf), CONST_BUF_LEN(ds->value)); } } @@ -983,26 +1299,9 @@ static int cgi_create_env(server *srv, connection *con ds = (data_string *)con->environment->data[n]; - if (ds->value->used && ds->key->used) { - size_t j; + if (!buffer_is_empty(ds->value) && !buffer_is_empty(ds->key)) { + buffer_copy_string_encoded_cgi_varnames(p->tmp_buf, CONST_BUF_LEN(ds->key), 0); - buffer_reset(p->tmp_buf); - - buffer_prepare_append(p->tmp_buf, ds->key->used + 2); - - for (j = 0; j < ds->key->used - 1; j++) { - char cr = '_'; - if (light_isalpha(ds->key->ptr[j])) { - /* upper-case */ - cr = ds->key->ptr[j] & ~32; - } else if (light_isdigit(ds->key->ptr[j])) { - /* copy */ - cr = ds->key->ptr[j]; - } - p->tmp_buf->ptr[p->tmp_buf->used++] = cr; - } - p->tmp_buf->ptr[p->tmp_buf->used++] = '\0'; - cgi_env_add(&env, CONST_BUF_LEN(p->tmp_buf), CONST_BUF_LEN(ds->value)); } } @@ -1017,9 +1316,10 @@ static int cgi_create_env(server *srv, connection *con /* set up args */ argc = 3; args = malloc(sizeof(*args) * argc); + force_assert(args); i = 0; - if (cgi_handler->used > 1) { + if (!buffer_string_is_empty(cgi_handler)) { args[i++] = cgi_handler->ptr; } args[i++] = con->physical.path->ptr; @@ -1027,10 +1327,13 @@ static int cgi_create_env(server *srv, connection *con /* search for the last / */ if (NULL != (c = strrchr(con->physical.path->ptr, '/'))) { - *c = '\0'; + /* handle special case of file in root directory */ + const char* physdir = (c == con->physical.path->ptr) ? "/" : con->physical.path->ptr; + /* temporarily shorten con->physical.path to directory without terminating '/' */ + *c = '\0'; /* change to the physical directory */ - if (-1 == chdir(con->physical.path->ptr)) { + if (-1 == chdir(physdir)) { log_error_write(srv, __FILE__, __LINE__, "ssb", "chdir failed:", strerror(errno), con->physical.path); } *c = '/'; @@ -1044,11 +1347,10 @@ static int cgi_create_env(server *srv, connection *con /* exec the cgi */ execve(args[0], args, env.ptr); - /* log_error_write(srv, __FILE__, __LINE__, "sss", "CGI failed:", strerror(errno), args[0]); */ - - /* */ - SEGFAULT(); - break; + /* most log files may have been closed/redirected by this point, + * though stderr might still point to lighttpd.breakage.log */ + perror(args[0]); + _exit(1); } case -1: /* error */ @@ -1058,131 +1360,42 @@ static int cgi_create_env(server *srv, connection *con close(to_cgi_fds[0]); close(to_cgi_fds[1]); return -1; - break; default: { - handler_ctx *hctx; - /* father */ + /* parent process */ close(from_cgi_fds[1]); close(to_cgi_fds[0]); - if (con->request.content_length) { - chunkqueue *cq = con->request_content_queue; - chunk *c; + /* register PID and wait for them asynchronously */ - assert(chunkqueue_length(cq) == (off_t)con->request.content_length); + hctx->pid = pid; + hctx->fd = from_cgi_fds[0]; + hctx->fde_ndx = -1; + if (0 == con->request.content_length) { + close(to_cgi_fds[1]); + } else { /* there is content to send */ - for (c = cq->first; c; c = cq->first) { - int r = 0; + if (-1 == fdevent_fcntl_set(srv->ev, to_cgi_fds[1])) { + log_error_write(srv, __FILE__, __LINE__, "ss", "fcntl failed: ", strerror(errno)); + close(to_cgi_fds[1]); + cgi_connection_close(srv, hctx); + return -1; + } - /* copy all chunks */ - switch(c->type) { - case FILE_CHUNK: - - if (c->file.mmap.start == MAP_FAILED) { - if (-1 == c->file.fd && /* open the file if not already open */ - -1 == (c->file.fd = open(c->file.name->ptr, O_RDONLY))) { - log_error_write(srv, __FILE__, __LINE__, "ss", "open failed: ", strerror(errno)); - - close(from_cgi_fds[0]); - close(to_cgi_fds[1]); - return -1; - } - - c->file.mmap.length = c->file.length; - - if (MAP_FAILED == (c->file.mmap.start = mmap(NULL, c->file.mmap.length, PROT_READ, MAP_SHARED, c->file.fd, 0))) { - log_error_write(srv, __FILE__, __LINE__, "ssbd", "mmap failed: ", - strerror(errno), c->file.name, c->file.fd); - - close(from_cgi_fds[0]); - close(to_cgi_fds[1]); - return -1; - } - - close(c->file.fd); - c->file.fd = -1; - - /* chunk_reset() or chunk_free() will cleanup for us */ - } - - if ((r = write(to_cgi_fds[1], c->file.mmap.start + c->offset, c->file.length - c->offset)) < 0) { - switch(errno) { - case ENOSPC: - con->http_status = 507; - break; - case EINTR: - continue; - default: - con->http_status = 403; - break; - } - } - break; - case MEM_CHUNK: - if ((r = write(to_cgi_fds[1], c->mem->ptr + c->offset, c->mem->used - c->offset - 1)) < 0) { - switch(errno) { - case ENOSPC: - con->http_status = 507; - break; - case EINTR: - continue; - default: - con->http_status = 403; - break; - } - } - break; - case UNUSED_CHUNK: - break; - } - - if (r > 0) { - c->offset += r; - cq->bytes_out += r; - } else { - log_error_write(srv, __FILE__, __LINE__, "ss", "write() failed due to: ", strerror(errno)); - con->http_status = 500; - break; - } - chunkqueue_remove_finished_chunks(cq); + if (0 != cgi_write_request(srv, hctx, to_cgi_fds[1])) { + close(to_cgi_fds[1]); + cgi_connection_close(srv, hctx); + return -1; } } - close(to_cgi_fds[1]); - - /* register PID and wait for them asyncronously */ - con->mode = p->id; - buffer_reset(con->physical.path); - - hctx = cgi_handler_ctx_init(); - - hctx->remote_conn = con; - hctx->plugin_data = p; - hctx->pid = pid; - hctx->fd = from_cgi_fds[0]; - hctx->fde_ndx = -1; - - con->plugin_ctx[p->id] = hctx; - fdevent_register(srv->ev, hctx->fd, cgi_handle_fdevent, hctx); fdevent_event_set(srv->ev, &(hctx->fde_ndx), hctx->fd, FDEVENT_IN); if (-1 == fdevent_fcntl_set(srv->ev, hctx->fd)) { log_error_write(srv, __FILE__, __LINE__, "ss", "fcntl failed: ", strerror(errno)); - - fdevent_event_del(srv->ev, &(hctx->fde_ndx), hctx->fd); - fdevent_unregister(srv->ev, hctx->fd); - - log_error_write(srv, __FILE__, __LINE__, "sd", "cgi close:", hctx->fd); - - close(hctx->fd); - - cgi_handler_ctx_free(hctx); - - con->plugin_ctx[p->id] = NULL; - + cgi_connection_close(srv, hctx); return -1; } @@ -1196,6 +1409,23 @@ static int cgi_create_env(server *srv, connection *con #endif } +static buffer * cgi_get_handler(array *a, buffer *fn) { + size_t k, s_len = buffer_string_length(fn); + for (k = 0; k < a->used; ++k) { + data_string *ds = (data_string *)a->data[k]; + size_t ct_len = buffer_string_length(ds->key); + + if (buffer_is_empty(ds->key)) continue; + if (s_len < ct_len) continue; + + if (0 == strncmp(fn->ptr + s_len - ct_len, ds->key->ptr, ct_len)) { + return ds->value; + } + } + + return NULL; +} + #define PATCH(x) \ p->conf.x = s->x; static int mod_cgi_patch_connection(server *srv, connection *con, plugin_data *p) { @@ -1204,6 +1434,8 @@ static int mod_cgi_patch_connection(server *srv, conne PATCH(cgi); PATCH(execute_x_only); + PATCH(xsendfile_allow); + PATCH(xsendfile_docroot); /* skip the first, the global context */ for (i = 1; i < srv->config_context->used; i++) { @@ -1221,6 +1453,10 @@ static int mod_cgi_patch_connection(server *srv, conne PATCH(cgi); } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("cgi.execute-x-only"))) { PATCH(execute_x_only); + } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("cgi.x-sendfile"))) { + PATCH(xsendfile_allow); + } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("cgi.x-sendfile-docroot"))) { + PATCH(xsendfile_docroot); } } } @@ -1230,14 +1466,13 @@ static int mod_cgi_patch_connection(server *srv, conne #undef PATCH URIHANDLER_FUNC(cgi_is_handled) { - size_t k, s_len; plugin_data *p = p_d; buffer *fn = con->physical.path; stat_cache_entry *sce = NULL; if (con->mode != DIRECT) return HANDLER_GO_ON; - if (fn->used == 0) return HANDLER_GO_ON; + if (buffer_is_empty(fn)) return HANDLER_GO_ON; mod_cgi_patch_connection(srv, con, p); @@ -1245,26 +1480,12 @@ URIHANDLER_FUNC(cgi_is_handled) { if (!S_ISREG(sce->st.st_mode)) return HANDLER_GO_ON; if (p->conf.execute_x_only == 1 && (sce->st.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH)) == 0) return HANDLER_GO_ON; - s_len = fn->used - 1; - - for (k = 0; k < p->conf.cgi->used; k++) { - data_string *ds = (data_string *)p->conf.cgi->data[k]; - size_t ct_len = ds->key->used - 1; - - if (ds->key->used == 0) continue; - if (s_len < ct_len) continue; - - if (0 == strncmp(fn->ptr + s_len - ct_len, ds->key->ptr, ct_len)) { - if (cgi_create_env(srv, con, p, ds->value)) { - con->mode = DIRECT; - con->http_status = 500; - - buffer_reset(con->physical.path); - return HANDLER_FINISHED; - } - /* one handler is enough for the request */ - break; - } + if (NULL != cgi_get_handler(p->conf.cgi, fn)) { + handler_ctx *hctx = cgi_handler_ctx_init(); + hctx->remote_conn = con; + hctx->plugin_data = p; + con->plugin_ctx[p->id] = hctx; + con->mode = p->id; } return HANDLER_GO_ON; @@ -1329,98 +1550,67 @@ TRIGGER_FUNC(cgi_trigger) { /* * - HANDLER_GO_ON : not our job - * - HANDLER_FINISHED: got response header - * - HANDLER_WAIT_FOR_EVENT: waiting for response header + * - HANDLER_FINISHED: got response + * - HANDLER_WAIT_FOR_EVENT: waiting for response */ SUBREQUEST_FUNC(mod_cgi_handle_subrequest) { - int status; plugin_data *p = p_d; handler_ctx *hctx = con->plugin_ctx[p->id]; + chunkqueue *cq = con->request_content_queue; if (con->mode != p->id) return HANDLER_GO_ON; if (NULL == hctx) return HANDLER_GO_ON; -#if 0 - log_error_write(srv, __FILE__, __LINE__, "sdd", "subrequest, pid =", hctx, hctx->pid); -#endif - - if (hctx->pid == 0) { - /* cgi already dead */ - if (!con->file_started) return HANDLER_WAIT_FOR_EVENT; - return HANDLER_FINISHED; + if ((con->conf.stream_response_body & FDEVENT_STREAM_RESPONSE_BUFMIN) + && con->file_started) { + if (chunkqueue_length(con->write_queue) > 65536 - 4096) { + fdevent_event_clr(srv->ev, &(hctx->fde_ndx), hctx->fd, FDEVENT_IN); + } else if (!(fdevent_event_get_interest(srv->ev, hctx->fd) & FDEVENT_IN)) { + /* optimistic read from backend, which might re-enable FDEVENT_IN */ + handler_t rc = cgi_recv_response(srv, hctx); /*(might invalidate hctx)*/ + if (rc != HANDLER_GO_ON) return rc; /*(unless HANDLER_GO_ON)*/ + } } -#ifndef __WIN32 - switch(waitpid(hctx->pid, &status, WNOHANG)) { - case 0: - /* we only have for events here if we don't have the header yet, - * otherwise the event-handler will send us the incoming data */ - if (con->file_started) return HANDLER_FINISHED; - - return HANDLER_WAIT_FOR_EVENT; - case -1: - if (errno == EINTR) return HANDLER_WAIT_FOR_EVENT; - - if (errno == ECHILD && con->file_started == 0) { - /* - * second round but still not response - */ - return HANDLER_WAIT_FOR_EVENT; + if (cq->bytes_in != (off_t)con->request.content_length) { + /*(64k - 4k to attempt to avoid temporary files + * in conjunction with FDEVENT_STREAM_REQUEST_BUFMIN)*/ + if (cq->bytes_in - cq->bytes_out > 65536 - 4096 + && (con->conf.stream_request_body & FDEVENT_STREAM_REQUEST_BUFMIN)){ + con->conf.stream_request_body &= ~FDEVENT_STREAM_REQUEST_POLLIN; + if (-1 != hctx->fd) return HANDLER_WAIT_FOR_EVENT; + } else { + handler_t r = connection_handle_read_post_state(srv, con); + if (!chunkqueue_is_empty(cq)) { + if (fdevent_event_get_interest(srv->ev, hctx->fdtocgi) & FDEVENT_OUT) { + return (r == HANDLER_GO_ON) ? HANDLER_WAIT_FOR_EVENT : r; + } + } + if (r != HANDLER_GO_ON) return r; } + } - log_error_write(srv, __FILE__, __LINE__, "ss", "waitpid failed: ", strerror(errno)); - con->mode = DIRECT; - con->http_status = 500; + if (-1 == hctx->fd) { + buffer *handler = cgi_get_handler(p->conf.cgi, con->physical.path); + if (!handler) return HANDLER_GO_ON; /*(should not happen; checked in cgi_is_handled())*/ + if (cgi_create_env(srv, con, p, hctx, handler)) { + con->http_status = 500; + con->mode = DIRECT; - hctx->pid = 0; - - fdevent_event_del(srv->ev, &(hctx->fde_ndx), hctx->fd); - fdevent_unregister(srv->ev, hctx->fd); - - if (close(hctx->fd)) { - log_error_write(srv, __FILE__, __LINE__, "sds", "cgi close failed ", hctx->fd, strerror(errno)); + return HANDLER_FINISHED; } - - cgi_handler_ctx_free(hctx); - - con->plugin_ctx[p->id] = NULL; - - return HANDLER_FINISHED; - default: - /* cgi process exited - */ - - hctx->pid = 0; - - /* we already have response headers? just continue */ - if (con->file_started) return HANDLER_FINISHED; - - if (WIFEXITED(status)) { - /* clean exit - just continue */ - return HANDLER_WAIT_FOR_EVENT; +#if 0 + log_error_write(srv, __FILE__, __LINE__, "sdd", "subrequest, pid =", hctx, hctx->pid); +#endif + } else if (!chunkqueue_is_empty(con->request_content_queue)) { + if (0 != cgi_write_request(srv, hctx, hctx->fdtocgi)) { + cgi_connection_close(srv, hctx); + return HANDLER_ERROR; } - - /* cgi proc died, and we didn't get any data yet - send error message and close cgi con */ - log_error_write(srv, __FILE__, __LINE__, "s", "cgi died ?"); - - con->http_status = 500; - con->mode = DIRECT; - - fdevent_event_del(srv->ev, &(hctx->fde_ndx), hctx->fd); - fdevent_unregister(srv->ev, hctx->fd); - - if (close(hctx->fd)) { - log_error_write(srv, __FILE__, __LINE__, "sds", "cgi close failed ", hctx->fd, strerror(errno)); - } - - cgi_handler_ctx_free(hctx); - - con->plugin_ctx[p->id] = NULL; - return HANDLER_FINISHED; } -#else - return HANDLER_ERROR; -#endif + + /* if not done, wait for CGI to close stdout, so we read EOF on pipe */ + return HANDLER_WAIT_FOR_EVENT; } @@ -1432,9 +1622,6 @@ int mod_cgi_plugin_init(plugin *p) { p->connection_reset = cgi_connection_close_callback; p->handle_subrequest_start = cgi_is_handled; p->handle_subrequest = mod_cgi_handle_subrequest; -#if 0 - p->handle_fdevent = cgi_handle_fdevent; -#endif p->handle_trigger = cgi_trigger; p->init = mod_cgi_init; p->cleanup = mod_cgi_free;