projects / project / luci.git / blob
? search:


5df045e8c7ddd2fd6f12e4a896ff809e7dc1a0ce
[project/luci.git] / contrib / package / uhttpd / src / uhttpd-cgi.c
1 /*
2 * uhttpd - Tiny non-forking httpd - CGI handler
3 *
4 * Copyright (C) 2010 Jo-Philipp Wich <xm@subsignal.org>
5 *
6 * Licensed under the Apache License, Version 2.0 (the "License");
7 * you may not use this file except in compliance with the License.
8 * You may obtain a copy of the License at
9 *
10 * http://www.apache.org/licenses/LICENSE-2.0
11 *
12 * Unless required by applicable law or agreed to in writing, software
13 * distributed under the License is distributed on an "AS IS" BASIS,
14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 * See the License for the specific language governing permissions and
16 * limitations under the License.
17 */
18
19 #include "uhttpd.h"
20 #include "uhttpd-utils.h"
21 #include "uhttpd-cgi.h"
22
23 static struct http_response * uh_cgi_header_parse(char *buf, int len, int *off)
24 {
25 char *bufptr = NULL;
26 char *hdrname = NULL;
27 int hdrcount = 0;
28 int pos = 0;
29
30 static struct http_response res;
31
32
33 if( ((bufptr = strfind(buf, len, "\r\n\r\n", 4)) != NULL) ||
34 ((bufptr = strfind(buf, len, "\n\n", 2)) != NULL)
35 ) {
36 *off = (int)(bufptr - buf) + ((bufptr[0] == '\r') ? 4 : 2);
37
38 memset(&res, 0, sizeof(res));
39
40 res.statuscode = 200;
41 res.statusmsg = "OK";
42
43 bufptr = &buf[0];
44
45 for( pos = 0; pos < len; pos++ )
46 {
47 if( !hdrname && (buf[pos] == ':') )
48 {
49 buf[pos++] = 0;
50
51 if( (pos < len) && (buf[pos] == ' ') )
52 pos++;
53
54 if( pos < len )
55 {
56 hdrname = bufptr;
57 bufptr = &buf[pos];
58 }
59 }
60
61 else if( (buf[pos] == '\r') || (buf[pos] == '\n') )
62 {
63 buf[pos++] = 0;
64
65 if( ! hdrname )
66 break;
67
68 if( (pos < len) && (buf[pos] == '\n') )
69 pos++;
70
71 if( pos < len )
72 {
73 if( (hdrcount + 1) < array_size(res.headers) )
74 {
75 if( ! strcasecmp(hdrname, "Status") )
76 {
77 res.statuscode = atoi(bufptr);
78
79 if( res.statuscode < 100 )
80 res.statuscode = 200;
81
82 if( ((bufptr = strchr(bufptr, ' ')) != NULL) && (&bufptr[1] != 0) )
83 res.statusmsg = &bufptr[1];
84 }
85 else
86 {
87 res.headers[hdrcount++] = hdrname;
88 res.headers[hdrcount++] = bufptr;
89 }
90
91 bufptr = &buf[pos];
92 hdrname = NULL;
93 }
94 else
95 {
96 return NULL;
97 }
98 }
99 }
100 }
101
102 return &res;
103 }
104
105 return NULL;
106 }
107
108 static char * uh_cgi_header_lookup(struct http_response *res, const char *hdrname)
109 {
110 int i;
111
112 foreach_header(i, res->headers)
113 {
114 if( ! strcasecmp(res->headers[i], hdrname) )
115 return res->headers[i+1];
116 }
117
118 return NULL;
119 }
120
121 static int uh_cgi_error_500(struct client *cl, struct http_request *req, const char *message)
122 {
123 if( uh_http_sendf(cl, NULL,
124 "HTTP/%.1f 500 Internal Server Error\r\n"
125 "Content-Type: text/plain\r\n%s\r\n",
126 req->version,
127 (req->version > 1.0)
128 ? "Transfer-Encoding: chunked\r\n" : ""
129 ) >= 0
130 ) {
131 return uh_http_send(cl, req, message, -1);
132 }
133
134 return -1;
135 }
136
137
138 void uh_cgi_request(struct client *cl, struct http_request *req, struct path_info *pi)
139 {
140 int i, hdroff, bufoff;
141 int hdrlen = 0;
142 int buflen = 0;
143 int fd_max = 0;
144 int content_length = 0;
145 int header_sent = 0;
146
147 int rfd[2] = { 0, 0 };
148 int wfd[2] = { 0, 0 };
149
150 char buf[UH_LIMIT_MSGHEAD];
151 char hdr[UH_LIMIT_MSGHEAD];
152
153 fd_set reader;
154 fd_set writer;
155
156 struct timeval timeout;
157 struct http_response *res;
158
159
160 /* spawn pipes for me->child, child->me */
161 if( (pipe(rfd) < 0) || (pipe(wfd) < 0) )
162 {
163 uh_http_sendhf(cl, 500, "Internal Server Error",
164 "Failed to create pipe: %s", strerror(errno));
165
166 if( rfd[0] > 0 ) close(rfd[0]);
167 if( rfd[1] > 0 ) close(rfd[1]);
168 if( wfd[0] > 0 ) close(wfd[0]);
169 if( wfd[1] > 0 ) close(wfd[1]);
170
171 return;
172 }
173
174 /* fork off child process */
175 switch( fork() )
176 {
177 /* oops */
178 case -1:
179 uh_http_sendhf(cl, 500, "Internal Server Error",
180 "Failed to fork child: %s", strerror(errno));
181 return;
182
183 /* exec child */
184 case 0:
185 /* child */
186 close(rfd[0]);
187 close(wfd[1]);
188
189 /* patch stdout and stdin to pipes */
190 dup2(rfd[1], 1);
191 dup2(wfd[0], 0);
192
193 /* check for regular, world-executable file */
194 if( (pi->stat.st_mode & S_IFREG) &&
195 (pi->stat.st_mode & S_IXOTH)
196 ) {
197 /* build environment */
198 clearenv();
199
200 /* common information */
201 setenv("GATEWAY_INTERFACE", "CGI/1.1", 1);
202 setenv("SERVER_SOFTWARE", "uHTTPd", 1);
203 setenv("PATH", "/sbin:/usr/sbin:/bin:/usr/bin", 1);
204
205 #ifdef HAVE_TLS
206 /* https? */
207 if( cl->tls )
208 setenv("HTTPS", "on", 1);
209 #endif
210
211 /* addresses */
212 setenv("SERVER_NAME", sa_straddr(&cl->servaddr), 1);
213 setenv("SERVER_ADDR", sa_straddr(&cl->servaddr), 1);
214 setenv("SERVER_PORT", sa_strport(&cl->servaddr), 1);
215 setenv("REMOTE_HOST", sa_straddr(&cl->peeraddr), 1);
216 setenv("REMOTE_ADDR", sa_straddr(&cl->peeraddr), 1);
217 setenv("REMOTE_PORT", sa_strport(&cl->peeraddr), 1);
218
219 /* path information */
220 setenv("SCRIPT_NAME", pi->name, 1);
221 setenv("SCRIPT_FILENAME", pi->phys, 1);
222 setenv("DOCUMENT_ROOT", pi->root, 1);
223 setenv("QUERY_STRING", pi->query ? pi->query : "", 1);
224
225 if( pi->info )
226 setenv("PATH_INFO", pi->info, 1);
227
228
229 /* http version */
230 if( req->version > 1.0 )
231 setenv("SERVER_PROTOCOL", "HTTP/1.1", 1);
232 else
233 setenv("SERVER_PROTOCOL", "HTTP/1.0", 1);
234
235 /* request method */
236 switch( req->method )
237 {
238 case UH_HTTP_MSG_GET:
239 setenv("REQUEST_METHOD", "GET", 1);
240 break;
241
242 case UH_HTTP_MSG_HEAD:
243 setenv("REQUEST_METHOD", "HEAD", 1);
244 break;
245
246 case UH_HTTP_MSG_POST:
247 setenv("REQUEST_METHOD", "POST", 1);
248 break;
249 }
250
251 /* request url */
252 setenv("REQUEST_URI", req->url, 1);
253
254 /* remote user */
255 if( req->realm )
256 setenv("REMOTE_USER", req->realm->user, 1);
257
258 /* request message headers */
259 foreach_header(i, req->headers)
260 {
261 if( ! strcasecmp(req->headers[i], "Accept") )
262 setenv("HTTP_ACCEPT", req->headers[i+1], 1);
263
264 else if( ! strcasecmp(req->headers[i], "Accept-Charset") )
265 setenv("HTTP_ACCEPT_CHARSET", req->headers[i+1], 1);
266
267 else if( ! strcasecmp(req->headers[i], "Accept-Encoding") )
268 setenv("HTTP_ACCEPT_ENCODING", req->headers[i+1], 1);
269
270 else if( ! strcasecmp(req->headers[i], "Accept-Language") )
271 setenv("HTTP_ACCEPT_LANGUAGE", req->headers[i+1], 1);
272
273 else if( ! strcasecmp(req->headers[i], "Authorization") )
274 setenv("HTTP_AUTHORIZATION", req->headers[i+1], 1);
275
276 else if( ! strcasecmp(req->headers[i], "Connection") )
277 setenv("HTTP_CONNECTION", req->headers[i+1], 1);
278
279 else if( ! strcasecmp(req->headers[i], "Cookie") )
280 setenv("HTTP_COOKIE", req->headers[i+1], 1);
281
282 else if( ! strcasecmp(req->headers[i], "Host") )
283 setenv("HTTP_HOST", req->headers[i+1], 1);
284
285 else if( ! strcasecmp(req->headers[i], "Referer") )
286 setenv("HTTP_REFERER", req->headers[i+1], 1);
287
288 else if( ! strcasecmp(req->headers[i], "User-Agent") )
289 setenv("HTTP_USER_AGENT", req->headers[i+1], 1);
290
291 else if( ! strcasecmp(req->headers[i], "Content-Type") )
292 setenv("CONTENT_TYPE", req->headers[i+1], 1);
293
294 else if( ! strcasecmp(req->headers[i], "Content-Length") )
295 setenv("CONTENT_LENGTH", req->headers[i+1], 1);
296 }
297
298
299 /* execute child code ... */
300 if( chdir(pi->root) )
301 perror("chdir()");
302
303 execl(pi->phys, pi->phys, NULL);
304
305 /* in case it fails ... */
306 printf(
307 "Status: 500 Internal Server Error\r\n\r\n"
308 "Unable to launch the requested CGI program:\n"
309 " %s: %s\n",
310 pi->phys, strerror(errno)
311 );
312 }
313
314 /* 403 */
315 else
316 {
317 printf(
318 "Status: 403 Forbidden\r\n\r\n"
319 "Access to this resource is forbidden\n"
320 );
321 }
322
323 close(wfd[0]);
324 close(rfd[1]);
325 exit(0);
326
327 break;
328
329 /* parent; handle I/O relaying */
330 default:
331 /* close unneeded pipe ends */
332 close(rfd[1]);
333 close(wfd[0]);
334
335 /* max watch fd */
336 fd_max = max(rfd[0], wfd[1]) + 1;
337
338 /* find content length */
339 if( req->method == UH_HTTP_MSG_POST )
340 {
341 foreach_header(i, req->headers)
342 {
343 if( ! strcasecmp(req->headers[i], "Content-Length") )
344 {
345 content_length = atoi(req->headers[i+1]);
346 break;
347 }
348 }
349 }
350
351
352 memset(hdr, 0, sizeof(hdr));
353
354 #define ensure(x) \
355 do { if( x < 0 ) goto out; } while(0)
356
357 /* I/O loop, watch our pipe ends and dispatch child reads/writes from/to socket */
358 while( 1 )
359 {
360 FD_ZERO(&reader);
361 FD_ZERO(&writer);
362
363 FD_SET(rfd[0], &reader);
364 FD_SET(wfd[1], &writer);
365
366 timeout.tv_sec = 15;
367 timeout.tv_usec = 0;
368
369 /* wait until we can read or write or both */
370 if( select(fd_max, &reader, (content_length > -1) ? &writer : NULL, NULL, &timeout) > 0 )
371 {
372 /* ready to write to cgi program */
373 if( FD_ISSET(wfd[1], &writer) )
374 {
375 /* there is unread post data waiting */
376 if( content_length > 0 )
377 {
378 /* read it from socket ... */
379 if( (buflen = uh_tcp_recv(cl, buf, min(content_length, sizeof(buf)))) > 0 )
380 {
381 /* ... and write it to child's stdin */
382 if( write(wfd[1], buf, buflen) < 0 )
383 perror("write()");
384
385 content_length -= buflen;
386 }
387
388 /* unexpected eof! */
389 else
390 {
391 if( write(wfd[1], "", 0) < 0 )
392 perror("write()");
393
394 content_length = 0;
395 }
396 }
397
398 /* there is no more post data, close pipe to child's stdin */
399 else if( content_length > -1 )
400 {
401 close(wfd[1]);
402 content_length = -1;
403 }
404 }
405
406 /* ready to read from cgi program */
407 if( FD_ISSET(rfd[0], &reader) )
408 {
409 /* read data from child ... */
410 if( (buflen = read(rfd[0], buf, sizeof(buf))) > 0 )
411 {
412 /* we have not pushed out headers yet, parse input */
413 if( ! header_sent )
414 {
415 /* head buffer not full and no end yet */
416 if( hdrlen < sizeof(hdr) )
417 {
418 bufoff = min(buflen, sizeof(hdr) - hdrlen);
419 memcpy(&hdr[hdrlen], buf, bufoff);
420 hdrlen += bufoff;
421 }
422 else
423 {
424 bufoff = 0;
425 }
426
427
428 /* try to parse header ... */
429 if( (res = uh_cgi_header_parse(hdr, hdrlen, &hdroff)) != NULL )
430 {
431 /* write status */
432 ensure(uh_http_sendf(cl, NULL,
433 "HTTP/%.1f %03d %s\r\n"
434 "Connection: close\r\n",
435 req->version, res->statuscode,
436 res->statusmsg));
437
438 /* add Content-Type if no Location or Content-Type */
439 if( !uh_cgi_header_lookup(res, "Location") &&
440 !uh_cgi_header_lookup(res, "Content-Type")
441 ) {
442 ensure(uh_http_send(cl, NULL,
443 "Content-Type: text/plain\r\n", -1));
444 }
445
446 /* if request was HTTP 1.1 we'll respond chunked */
447 if( (req->version > 1.0) &&
448 !uh_cgi_header_lookup(res, "Transfer-Encoding")
449 ) {
450 ensure(uh_http_send(cl, NULL,
451 "Transfer-Encoding: chunked\r\n", -1));
452 }
453
454 /* write headers from CGI program */
455 foreach_header(i, res->headers)
456 {
457 ensure(uh_http_sendf(cl, NULL, "%s: %s\r\n",
458 res->headers[i], res->headers[i+1]));
459 }
460
461 /* terminate header */
462 ensure(uh_http_send(cl, NULL, "\r\n", -1));
463
464 /* push out remaining head buffer */
465 if( hdroff < hdrlen )
466 ensure(uh_http_send(cl, req, &hdr[hdroff], hdrlen - hdroff));
467 }
468
469 /* ... failed and head buffer exceeded */
470 else if( hdrlen >= sizeof(hdr) )
471 {
472 ensure(uh_cgi_error_500(cl, req,
473 "The CGI program generated an invalid response:\n\n"));
474
475 ensure(uh_http_send(cl, req, hdr, hdrlen));
476 }
477
478 /* ... failed but free buffer space, try again */
479 else
480 {
481 continue;
482 }
483
484 /* push out remaining read buffer */
485 if( bufoff < buflen )
486 ensure(uh_http_send(cl, req, &buf[bufoff], buflen - bufoff));
487
488 header_sent = 1;
489 continue;
490 }
491
492
493 /* headers complete, pass through buffer to socket */
494 ensure(uh_http_send(cl, req, buf, buflen));
495 }
496
497 /* looks like eof from child */
498 else
499 {
500 /* cgi script did not output useful stuff at all */
501 if( ! header_sent )
502 {
503 /* I would do this ...
504 *
505 * uh_cgi_error_500(cl, req,
506 * "The CGI program generated an "
507 * "invalid response:\n\n");
508 *
509 * ... but in order to stay as compatible as possible,
510 * treat whatever we got as text/plain response and
511 * build the required headers here.
512 */
513
514 ensure(uh_http_sendf(cl, NULL,
515 "HTTP/%.1f 200 OK\r\n"
516 "Content-Type: text/plain\r\n"
517 "%s\r\n",
518 req->version, (req->version > 1.0)
519 ? "Transfer-Encoding: chunked\r\n" : ""
520 ));
521
522 ensure(uh_http_send(cl, req, hdr, hdrlen));
523 }
524
525 /* send final chunk if we're in chunked transfer mode */
526 ensure(uh_http_send(cl, req, "", 0));
527 break;
528 }
529 }
530 }
531
532 /* no activity for 15 seconds... looks dead */
533 else
534 {
535 ensure(uh_http_sendhf(cl, 504, "Gateway Timeout",
536 "The CGI script took too long to produce a response"));
537
538 break;
539 }
540 }
541
542 out:
543 close(rfd[0]);
544 close(wfd[1]);
545
546 break;
547 }
548 }
549
Lua Configuration Interface (mirror)