projects / openwrt / openwrt.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
uhttpd: add explicit stdin eof notification for Lua and CGI childs
[openwrt/openwrt.git] / package / uhttpd / src / uhttpd-cgi.c
1 /*
2 * uhttpd - Tiny single-threaded httpd - CGI handler
3 *
4 * Copyright (C) 2010-2012 Jo-Philipp Wich <xm@subsignal.org>
5 *
6 * Licensed under the Apache License, Version 2.0 (the "License");
7 * you may not use this file except in compliance with the License.
8 * You may obtain a copy of the License at
9 *
10 * http://www.apache.org/licenses/LICENSE-2.0
11 *
12 * Unless required by applicable law or agreed to in writing, software
13 * distributed under the License is distributed on an "AS IS" BASIS,
14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 * See the License for the specific language governing permissions and
16 * limitations under the License.
17 */
18
19 #include "uhttpd.h"
20 #include "uhttpd-utils.h"
21 #include "uhttpd-cgi.h"
22
23
24 static bool
25 uh_cgi_header_parse(struct http_response *res, char *buf, int len, int *off)
26 {
27 char *bufptr = NULL;
28 char *hdrname = NULL;
29 int hdrcount = 0;
30 int pos = 0;
31
32 if (((bufptr = strfind(buf, len, "\r\n\r\n", 4)) != NULL) ||
33 ((bufptr = strfind(buf, len, "\n\n", 2)) != NULL))
34 {
35 *off = (int)(bufptr - buf) + ((bufptr[0] == '\r') ? 4 : 2);
36
37 memset(res, 0, sizeof(*res));
38
39 res->statuscode = 200;
40 res->statusmsg = "OK";
41
42 bufptr = &buf[0];
43
44 for (pos = 0; pos < *off; pos++)
45 {
46 if (!hdrname && (buf[pos] == ':'))
47 {
48 buf[pos++] = 0;
49
50 if ((pos < len) && (buf[pos] == ' '))
51 pos++;
52
53 if (pos < len)
54 {
55 hdrname = bufptr;
56 bufptr = &buf[pos];
57 }
58 }
59
60 else if ((buf[pos] == '\r') || (buf[pos] == '\n'))
61 {
62 if (! hdrname)
63 break;
64
65 buf[pos++] = 0;
66
67 if ((pos < len) && (buf[pos] == '\n'))
68 pos++;
69
70 if (pos <= len)
71 {
72 if ((hdrcount+1) < array_size(res->headers))
73 {
74 if (!strcasecmp(hdrname, "Status"))
75 {
76 res->statuscode = atoi(bufptr);
77
78 if (res->statuscode < 100)
79 res->statuscode = 200;
80
81 if (((bufptr = strchr(bufptr, ' ')) != NULL) &&
82 (&bufptr[1] != 0))
83 {
84 res->statusmsg = &bufptr[1];
85 }
86
87 D("CGI: HTTP/1.x %03d %s\n",
88 res->statuscode, res->statusmsg);
89 }
90 else
91 {
92 D("CGI: HTTP: %s: %s\n", hdrname, bufptr);
93
94 res->headers[hdrcount++] = hdrname;
95 res->headers[hdrcount++] = bufptr;
96 }
97
98 bufptr = &buf[pos];
99 hdrname = NULL;
100 }
101 else
102 {
103 return false;
104 }
105 }
106 }
107 }
108
109 return true;
110 }
111
112 return false;
113 }
114
115 static char * uh_cgi_header_lookup(struct http_response *res,
116 const char *hdrname)
117 {
118 int i;
119
120 foreach_header(i, res->headers)
121 {
122 if (!strcasecmp(res->headers[i], hdrname))
123 return res->headers[i+1];
124 }
125
126 return NULL;
127 }
128
129 static void uh_cgi_shutdown(struct uh_cgi_state *state)
130 {
131 close(state->rfd);
132 close(state->wfd);
133 free(state);
134 }
135
136 static bool uh_cgi_socket_cb(struct client *cl)
137 {
138 int i, len, hdroff;
139 char buf[UH_LIMIT_MSGHEAD];
140
141 struct uh_cgi_state *state = (struct uh_cgi_state *)cl->priv;
142 struct http_response *res = &state->cl->response;
143 struct http_request *req = &state->cl->request;
144
145 /* there is unread post data waiting */
146 while (state->content_length > 0)
147 {
148 /* remaining data in http head buffer ... */
149 if (state->cl->httpbuf.len > 0)
150 {
151 len = min(state->content_length, state->cl->httpbuf.len);
152
153 D("CGI: Child(%d) feed %d HTTP buffer bytes\n",
154 state->cl->proc.pid, len);
155
156 memcpy(buf, state->cl->httpbuf.ptr, len);
157
158 state->cl->httpbuf.len -= len;
159 state->cl->httpbuf.ptr +=len;
160 }
161
162 /* read it from socket ... */
163 else
164 {
165 len = uh_tcp_recv(state->cl, buf,
166 min(state->content_length, sizeof(buf)));
167
168 if ((len < 0) && ((errno == EAGAIN) || (errno == EWOULDBLOCK)))
169 break;
170
171 D("CGI: Child(%d) feed %d/%d TCP socket bytes\n",
172 state->cl->proc.pid, len,
173 min(state->content_length, sizeof(buf)));
174 }
175
176 if (len)
177 state->content_length -= len;
178 else
179 state->content_length = 0;
180
181 /* ... write to CGI process */
182 len = uh_raw_send(state->wfd, buf, len,
183 cl->server->conf->script_timeout);
184
185 /* explicit EOF notification for the child */
186 if (state->content_length <= 0)
187 close(state->wfd);
188 }
189
190 /* try to read data from child */
191 while ((len = uh_raw_recv(state->rfd, buf, sizeof(buf), -1)) > 0)
192 {
193 /* we have not pushed out headers yet, parse input */
194 if (!state->header_sent)
195 {
196 /* try to parse header ... */
197 memcpy(state->httpbuf, buf, len);
198
199 if (uh_cgi_header_parse(res, state->httpbuf, len, &hdroff))
200 {
201 /* write status */
202 ensure_out(uh_http_sendf(state->cl, NULL,
203 "HTTP/%.1f %03d %s\r\n"
204 "Connection: close\r\n",
205 req->version, res->statuscode, res->statusmsg));
206
207 /* add Content-Type if no Location or Content-Type */
208 if (!uh_cgi_header_lookup(res, "Location") &&
209 !uh_cgi_header_lookup(res, "Content-Type"))
210 {
211 ensure_out(uh_http_send(state->cl, NULL,
212 "Content-Type: text/plain\r\n", -1));
213 }
214
215 /* if request was HTTP 1.1 we'll respond chunked */
216 if ((req->version > 1.0) &&
217 !uh_cgi_header_lookup(res, "Transfer-Encoding"))
218 {
219 ensure_out(uh_http_send(state->cl, NULL,
220 "Transfer-Encoding: chunked\r\n", -1));
221 }
222
223 /* write headers from CGI program */
224 foreach_header(i, res->headers)
225 {
226 ensure_out(uh_http_sendf(state->cl, NULL, "%s: %s\r\n",
227 res->headers[i], res->headers[i+1]));
228 }
229
230 /* terminate header */
231 ensure_out(uh_http_send(state->cl, NULL, "\r\n", -1));
232
233 state->header_sent = true;
234
235 /* push out remaining head buffer */
236 if (hdroff < len)
237 {
238 D("CGI: Child(%d) relaying %d rest bytes\n",
239 state->cl->proc.pid, len - hdroff);
240
241 ensure_out(uh_http_send(state->cl, req,
242 &buf[hdroff], len - hdroff));
243 }
244 }
245
246 /* ... failed and head buffer exceeded */
247 else
248 {
249 /* I would do this ...
250 *
251 * uh_cgi_error_500(cl, req,
252 * "The CGI program generated an "
253 * "invalid response:\n\n");
254 *
255 * ... but in order to stay as compatible as possible,
256 * treat whatever we got as text/plain response and
257 * build the required headers here.
258 */
259
260 ensure_out(uh_http_sendf(state->cl, NULL,
261 "HTTP/%.1f 200 OK\r\n"
262 "Content-Type: text/plain\r\n"
263 "%s\r\n",
264 req->version, (req->version > 1.0)
265 ? "Transfer-Encoding: chunked\r\n" : ""
266 ));
267
268 state->header_sent = true;
269
270 D("CGI: Child(%d) relaying %d invalid bytes\n",
271 state->cl->proc.pid, len);
272
273 ensure_out(uh_http_send(state->cl, req, buf, len));
274 }
275 }
276 else
277 {
278 /* headers complete, pass through buffer to socket */
279 D("CGI: Child(%d) relaying %d normal bytes\n",
280 state->cl->proc.pid, len);
281
282 ensure_out(uh_http_send(state->cl, req, buf, len));
283 }
284 }
285
286 /* child has been marked dead by timeout or child handler, bail out */
287 if (false && cl->dead)
288 {
289 D("CGI: Child(%d) is marked dead, returning\n", state->cl->proc.pid);
290 goto out;
291 }
292
293 if ((len == 0) ||
294 ((errno != EAGAIN) && (errno != EWOULDBLOCK) && (len == -1)))
295 {
296 D("CGI: Child(%d) presumed dead [%s]\n",
297 state->cl->proc.pid, strerror(errno));
298
299 goto out;
300 }
301
302 return true;
303
304 out:
305 if (!state->header_sent)
306 {
307 if (state->cl->timeout.pending)
308 uh_http_sendhf(state->cl, 502, "Bad Gateway",
309 "The CGI process did not produce any response\n");
310 else
311 uh_http_sendhf(state->cl, 504, "Gateway Timeout",
312 "The CGI process took too long to produce a "
313 "response\n");
314 }
315 else
316 {
317 uh_http_send(state->cl, req, "", 0);
318 }
319
320 uh_cgi_shutdown(state);
321 return false;
322 }
323
324 bool uh_cgi_request(struct client *cl, struct path_info *pi,
325 struct interpreter *ip)
326 {
327 int i;
328
329 int rfd[2] = { 0, 0 };
330 int wfd[2] = { 0, 0 };
331
332 pid_t child;
333
334 struct uh_cgi_state *state;
335 struct http_request *req = &cl->request;
336
337 /* allocate state */
338 if (!(state = malloc(sizeof(*state))))
339 {
340 uh_http_sendhf(cl, 500, "Internal Server Error", "Out of memory");
341 return false;
342 }
343
344 /* spawn pipes for me->child, child->me */
345 if ((pipe(rfd) < 0) || (pipe(wfd) < 0))
346 {
347 if (rfd[0] > 0) close(rfd[0]);
348 if (rfd[1] > 0) close(rfd[1]);
349 if (wfd[0] > 0) close(wfd[0]);
350 if (wfd[1] > 0) close(wfd[1]);
351
352 uh_http_sendhf(cl, 500, "Internal Server Error",
353 "Failed to create pipe: %s\n", strerror(errno));
354
355 return false;
356 }
357
358 /* fork off child process */
359 switch ((child = fork()))
360 {
361 /* oops */
362 case -1:
363 uh_http_sendhf(cl, 500, "Internal Server Error",
364 "Failed to fork child: %s\n", strerror(errno));
365
366 return false;
367
368 /* exec child */
369 case 0:
370 #ifdef DEBUG
371 sleep(atoi(getenv("UHTTPD_SLEEP_ON_FORK") ?: "0"));
372 #endif
373
374 /* close loose pipe ends */
375 close(rfd[0]);
376 close(wfd[1]);
377
378 /* patch stdout and stdin to pipes */
379 dup2(rfd[1], 1);
380 dup2(wfd[0], 0);
381
382 /* avoid leaking our pipe into child-child processes */
383 fd_cloexec(rfd[1]);
384 fd_cloexec(wfd[0]);
385
386 /* check for regular, world-executable file _or_ interpreter */
387 if (((pi->stat.st_mode & S_IFREG) &&
388 (pi->stat.st_mode & S_IXOTH)) || (ip != NULL))
389 {
390 /* build environment */
391 clearenv();
392
393 /* common information */
394 setenv("GATEWAY_INTERFACE", "CGI/1.1", 1);
395 setenv("SERVER_SOFTWARE", "uHTTPd", 1);
396 setenv("PATH", "/sbin:/usr/sbin:/bin:/usr/bin", 1);
397
398 #ifdef HAVE_TLS
399 /* https? */
400 if (cl->tls)
401 setenv("HTTPS", "on", 1);
402 #endif
403
404 /* addresses */
405 setenv("SERVER_NAME", sa_straddr(&cl->servaddr), 1);
406 setenv("SERVER_ADDR", sa_straddr(&cl->servaddr), 1);
407 setenv("SERVER_PORT", sa_strport(&cl->servaddr), 1);
408 setenv("REMOTE_HOST", sa_straddr(&cl->peeraddr), 1);
409 setenv("REMOTE_ADDR", sa_straddr(&cl->peeraddr), 1);
410 setenv("REMOTE_PORT", sa_strport(&cl->peeraddr), 1);
411
412 /* path information */
413 setenv("SCRIPT_NAME", pi->name, 1);
414 setenv("SCRIPT_FILENAME", pi->phys, 1);
415 setenv("DOCUMENT_ROOT", pi->root, 1);
416 setenv("QUERY_STRING", pi->query ? pi->query : "", 1);
417
418 if (pi->info)
419 setenv("PATH_INFO", pi->info, 1);
420
421 /* REDIRECT_STATUS, php-cgi wants it */
422 switch (req->redirect_status)
423 {
424 case 404:
425 setenv("REDIRECT_STATUS", "404", 1);
426 break;
427
428 default:
429 setenv("REDIRECT_STATUS", "200", 1);
430 break;
431 }
432
433 /* http version */
434 if (req->version > 1.0)
435 setenv("SERVER_PROTOCOL", "HTTP/1.1", 1);
436 else
437 setenv("SERVER_PROTOCOL", "HTTP/1.0", 1);
438
439 /* request method */
440 switch (req->method)
441 {
442 case UH_HTTP_MSG_GET:
443 setenv("REQUEST_METHOD", "GET", 1);
444 break;
445
446 case UH_HTTP_MSG_HEAD:
447 setenv("REQUEST_METHOD", "HEAD", 1);
448 break;
449
450 case UH_HTTP_MSG_POST:
451 setenv("REQUEST_METHOD", "POST", 1);
452 break;
453 }
454
455 /* request url */
456 setenv("REQUEST_URI", req->url, 1);
457
458 /* remote user */
459 if (req->realm)
460 setenv("REMOTE_USER", req->realm->user, 1);
461
462 /* request message headers */
463 foreach_header(i, req->headers)
464 {
465 if (!strcasecmp(req->headers[i], "Accept"))
466 setenv("HTTP_ACCEPT", req->headers[i+1], 1);
467
468 else if (!strcasecmp(req->headers[i], "Accept-Charset"))
469 setenv("HTTP_ACCEPT_CHARSET", req->headers[i+1], 1);
470
471 else if (!strcasecmp(req->headers[i], "Accept-Encoding"))
472 setenv("HTTP_ACCEPT_ENCODING", req->headers[i+1], 1);
473
474 else if (!strcasecmp(req->headers[i], "Accept-Language"))
475 setenv("HTTP_ACCEPT_LANGUAGE", req->headers[i+1], 1);
476
477 else if (!strcasecmp(req->headers[i], "Authorization"))
478 setenv("HTTP_AUTHORIZATION", req->headers[i+1], 1);
479
480 else if (!strcasecmp(req->headers[i], "Connection"))
481 setenv("HTTP_CONNECTION", req->headers[i+1], 1);
482
483 else if (!strcasecmp(req->headers[i], "Cookie"))
484 setenv("HTTP_COOKIE", req->headers[i+1], 1);
485
486 else if (!strcasecmp(req->headers[i], "Host"))
487 setenv("HTTP_HOST", req->headers[i+1], 1);
488
489 else if (!strcasecmp(req->headers[i], "Referer"))
490 setenv("HTTP_REFERER", req->headers[i+1], 1);
491
492 else if (!strcasecmp(req->headers[i], "User-Agent"))
493 setenv("HTTP_USER_AGENT", req->headers[i+1], 1);
494
495 else if (!strcasecmp(req->headers[i], "Content-Type"))
496 setenv("CONTENT_TYPE", req->headers[i+1], 1);
497
498 else if (!strcasecmp(req->headers[i], "Content-Length"))
499 setenv("CONTENT_LENGTH", req->headers[i+1], 1);
500 }
501
502
503 /* execute child code ... */
504 if (chdir(pi->root))
505 perror("chdir()");
506
507 if (ip != NULL)
508 execl(ip->path, ip->path, pi->phys, NULL);
509 else
510 execl(pi->phys, pi->phys, NULL);
511
512 /* in case it fails ... */
513 printf("Status: 500 Internal Server Error\r\n\r\n"
514 "Unable to launch the requested CGI program:\n"
515 " %s: %s\n", ip ? ip->path : pi->phys, strerror(errno));
516 }
517
518 /* 403 */
519 else
520 {
521 printf("Status: 403 Forbidden\r\n\r\n"
522 "Access to this resource is forbidden\n");
523 }
524
525 close(wfd[0]);
526 close(rfd[1]);
527 exit(0);
528
529 break;
530
531 /* parent; handle I/O relaying */
532 default:
533 memset(state, 0, sizeof(*state));
534
535 state->cl = cl;
536 state->cl->proc.pid = child;
537
538 /* close unneeded pipe ends */
539 close(rfd[1]);
540 close(wfd[0]);
541
542 D("CGI: Child(%d) created: rfd(%d) wfd(%d)\n", child, rfd[0], wfd[1]);
543
544 state->content_length = cl->httpbuf.len;
545
546 /* find content length */
547 if (req->method == UH_HTTP_MSG_POST)
548 {
549 foreach_header(i, req->headers)
550 {
551 if (!strcasecmp(req->headers[i], "Content-Length"))
552 {
553 state->content_length = atoi(req->headers[i+1]);
554 break;
555 }
556 }
557 }
558
559 state->rfd = rfd[0];
560 fd_nonblock(state->rfd);
561
562 state->wfd = wfd[1];
563 fd_nonblock(state->wfd);
564
565 cl->cb = uh_cgi_socket_cb;
566 cl->priv = state;
567
568 break;
569 }
570
571 return true;
572 }
OpenWrt Source Repository