e527922624e1e6c6996c7f61db9fc7af306bfdb8
2 * uhttpd - Tiny single-threaded httpd - CGI handler
4 * Copyright (C) 2010-2012 Jo-Philipp Wich <xm@subsignal.org>
6 * Licensed under the Apache License, Version 2.0 (the "License");
7 * you may not use this file except in compliance with the License.
8 * You may obtain a copy of the License at
10 * http://www.apache.org/licenses/LICENSE-2.0
12 * Unless required by applicable law or agreed to in writing, software
13 * distributed under the License is distributed on an "AS IS" BASIS,
14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 * See the License for the specific language governing permissions and
16 * limitations under the License.
20 #include "uhttpd-utils.h"
21 #include "uhttpd-cgi.h"
25 uh_cgi_header_parse(struct http_response
*res
, char *buf
, int len
, int *off
)
32 if (((bufptr
= strfind(buf
, len
, "\r\n\r\n", 4)) != NULL
) ||
33 ((bufptr
= strfind(buf
, len
, "\n\n", 2)) != NULL
))
35 *off
= (int)(bufptr
- buf
) + ((bufptr
[0] == '\r') ? 4 : 2);
37 memset(res
, 0, sizeof(*res
));
39 res
->statuscode
= 200;
40 res
->statusmsg
= "OK";
44 for (pos
= 0; pos
< *off
; pos
++)
46 if (!hdrname
&& (buf
[pos
] == ':'))
50 if ((pos
< len
) && (buf
[pos
] == ' '))
60 else if ((buf
[pos
] == '\r') || (buf
[pos
] == '\n'))
67 if ((pos
< len
) && (buf
[pos
] == '\n'))
72 if ((hdrcount
+1) < array_size(res
->headers
))
74 if (!strcasecmp(hdrname
, "Status"))
76 res
->statuscode
= atoi(bufptr
);
78 if (res
->statuscode
< 100)
79 res
->statuscode
= 200;
81 if (((bufptr
= strchr(bufptr
, ' ')) != NULL
) &&
84 res
->statusmsg
= &bufptr
[1];
87 D("CGI: HTTP/1.x %03d %s\n",
88 res
->statuscode
, res
->statusmsg
);
92 D("CGI: HTTP: %s: %s\n", hdrname
, bufptr
);
94 res
->headers
[hdrcount
++] = hdrname
;
95 res
->headers
[hdrcount
++] = bufptr
;
115 static char * uh_cgi_header_lookup(struct http_response
*res
,
120 foreach_header(i
, res
->headers
)
122 if (!strcasecmp(res
->headers
[i
], hdrname
))
123 return res
->headers
[i
+1];
129 static void uh_cgi_shutdown(struct uh_cgi_state
*state
)
134 static bool uh_cgi_socket_cb(struct client
*cl
)
137 char buf
[UH_LIMIT_MSGHEAD
];
139 struct uh_cgi_state
*state
= (struct uh_cgi_state
*)cl
->priv
;
140 struct http_response
*res
= &cl
->response
;
141 struct http_request
*req
= &cl
->request
;
143 /* there is unread post data waiting */
144 while (state
->content_length
> 0)
146 /* remaining data in http head buffer ... */
147 if (cl
->httpbuf
.len
> 0)
149 len
= min(state
->content_length
, cl
->httpbuf
.len
);
151 D("CGI: Child(%d) feed %d HTTP buffer bytes\n", cl
->proc
.pid
, len
);
153 memcpy(buf
, cl
->httpbuf
.ptr
, len
);
155 cl
->httpbuf
.len
-= len
;
156 cl
->httpbuf
.ptr
+=len
;
159 /* read it from socket ... */
162 len
= uh_tcp_recv(cl
, buf
,
163 min(state
->content_length
, sizeof(buf
)));
165 if ((len
< 0) && ((errno
== EAGAIN
) || (errno
== EWOULDBLOCK
)))
168 D("CGI: Child(%d) feed %d/%d TCP socket bytes\n",
169 cl
->proc
.pid
, len
, min(state
->content_length
, sizeof(buf
)));
173 state
->content_length
-= len
;
175 state
->content_length
= 0;
177 /* ... write to CGI process */
178 len
= uh_raw_send(cl
->wpipe
.fd
, buf
, len
,
179 cl
->server
->conf
->script_timeout
);
181 /* explicit EOF notification for the child */
182 if (state
->content_length
<= 0)
183 uh_ufd_remove(&cl
->wpipe
);
186 /* try to read data from child */
187 while ((len
= uh_raw_recv(cl
->rpipe
.fd
, buf
, sizeof(buf
), -1)) > 0)
189 /* we have not pushed out headers yet, parse input */
190 if (!state
->header_sent
)
192 /* try to parse header ... */
193 memcpy(state
->httpbuf
, buf
, len
);
195 if (uh_cgi_header_parse(res
, state
->httpbuf
, len
, &hdroff
))
198 ensure_out(uh_http_sendf(cl
, NULL
,
199 "HTTP/%.1f %03d %s\r\n"
200 "Connection: close\r\n",
201 req
->version
, res
->statuscode
, res
->statusmsg
));
203 /* add Content-Type if no Location or Content-Type */
204 if (!uh_cgi_header_lookup(res
, "Location") &&
205 !uh_cgi_header_lookup(res
, "Content-Type"))
207 ensure_out(uh_http_send(cl
, NULL
,
208 "Content-Type: text/plain\r\n", -1));
211 /* if request was HTTP 1.1 we'll respond chunked */
212 if ((req
->version
> 1.0) &&
213 !uh_cgi_header_lookup(res
, "Transfer-Encoding"))
215 ensure_out(uh_http_send(cl
, NULL
,
216 "Transfer-Encoding: chunked\r\n", -1));
219 /* write headers from CGI program */
220 foreach_header(i
, res
->headers
)
222 ensure_out(uh_http_sendf(cl
, NULL
, "%s: %s\r\n",
223 res
->headers
[i
], res
->headers
[i
+1]));
226 /* terminate header */
227 ensure_out(uh_http_send(cl
, NULL
, "\r\n", -1));
229 state
->header_sent
= true;
231 /* push out remaining head buffer */
234 D("CGI: Child(%d) relaying %d rest bytes\n",
235 cl
->proc
.pid
, len
- hdroff
);
237 ensure_out(uh_http_send(cl
, req
,
238 &buf
[hdroff
], len
- hdroff
));
242 /* ... failed and head buffer exceeded */
245 /* I would do this ...
247 * uh_cgi_error_500(cl, req,
248 * "The CGI program generated an "
249 * "invalid response:\n\n");
251 * ... but in order to stay as compatible as possible,
252 * treat whatever we got as text/plain response and
253 * build the required headers here.
256 ensure_out(uh_http_sendf(cl
, NULL
,
257 "HTTP/%.1f 200 OK\r\n"
258 "Content-Type: text/plain\r\n"
260 req
->version
, (req
->version
> 1.0)
261 ? "Transfer-Encoding: chunked\r\n" : ""
264 state
->header_sent
= true;
266 D("CGI: Child(%d) relaying %d invalid bytes\n",
269 ensure_out(uh_http_send(cl
, req
, buf
, len
));
274 /* headers complete, pass through buffer to socket */
275 D("CGI: Child(%d) relaying %d normal bytes\n", cl
->proc
.pid
, len
);
276 ensure_out(uh_http_send(cl
, req
, buf
, len
));
280 /* got EOF or read error from child */
282 ((errno
!= EAGAIN
) && (errno
!= EWOULDBLOCK
) && (len
== -1)))
284 D("CGI: Child(%d) presumed dead [%s]\n", cl
->proc
.pid
, strerror(errno
));
292 if (!state
->header_sent
)
294 if (cl
->timeout
.pending
)
295 uh_http_sendhf(cl
, 502, "Bad Gateway",
296 "The CGI process did not produce any response\n");
298 uh_http_sendhf(cl
, 504, "Gateway Timeout",
299 "The CGI process took too long to produce a "
304 uh_http_send(cl
, req
, "", 0);
307 uh_cgi_shutdown(state
);
311 bool uh_cgi_request(struct client
*cl
, struct path_info
*pi
,
312 struct interpreter
*ip
)
316 int rfd
[2] = { 0, 0 };
317 int wfd
[2] = { 0, 0 };
321 struct uh_cgi_state
*state
;
322 struct http_request
*req
= &cl
->request
;
325 if (!(state
= malloc(sizeof(*state
))))
327 uh_http_sendhf(cl
, 500, "Internal Server Error", "Out of memory");
331 /* spawn pipes for me->child, child->me */
332 if ((pipe(rfd
) < 0) || (pipe(wfd
) < 0))
334 if (rfd
[0] > 0) close(rfd
[0]);
335 if (rfd
[1] > 0) close(rfd
[1]);
336 if (wfd
[0] > 0) close(wfd
[0]);
337 if (wfd
[1] > 0) close(wfd
[1]);
339 uh_http_sendhf(cl
, 500, "Internal Server Error",
340 "Failed to create pipe: %s\n", strerror(errno
));
345 /* fork off child process */
346 switch ((child
= fork()))
350 uh_http_sendhf(cl
, 500, "Internal Server Error",
351 "Failed to fork child: %s\n", strerror(errno
));
358 sleep(atoi(getenv("UHTTPD_SLEEP_ON_FORK") ?: "0"));
361 /* do not leak parent epoll descriptor */
364 /* close loose pipe ends */
368 /* patch stdout and stdin to pipes */
372 /* avoid leaking our pipe into child-child processes */
376 /* check for regular, world-executable file _or_ interpreter */
377 if (((pi
->stat
.st_mode
& S_IFREG
) &&
378 (pi
->stat
.st_mode
& S_IXOTH
)) || (ip
!= NULL
))
380 /* build environment */
383 /* common information */
384 setenv("GATEWAY_INTERFACE", "CGI/1.1", 1);
385 setenv("SERVER_SOFTWARE", "uHTTPd", 1);
386 setenv("PATH", "/sbin:/usr/sbin:/bin:/usr/bin", 1);
391 setenv("HTTPS", "on", 1);
395 setenv("SERVER_NAME", sa_straddr(&cl
->servaddr
), 1);
396 setenv("SERVER_ADDR", sa_straddr(&cl
->servaddr
), 1);
397 setenv("SERVER_PORT", sa_strport(&cl
->servaddr
), 1);
398 setenv("REMOTE_HOST", sa_straddr(&cl
->peeraddr
), 1);
399 setenv("REMOTE_ADDR", sa_straddr(&cl
->peeraddr
), 1);
400 setenv("REMOTE_PORT", sa_strport(&cl
->peeraddr
), 1);
402 /* path information */
403 setenv("SCRIPT_NAME", pi
->name
, 1);
404 setenv("SCRIPT_FILENAME", pi
->phys
, 1);
405 setenv("DOCUMENT_ROOT", pi
->root
, 1);
406 setenv("QUERY_STRING", pi
->query
? pi
->query
: "", 1);
409 setenv("PATH_INFO", pi
->info
, 1);
411 /* REDIRECT_STATUS, php-cgi wants it */
412 switch (req
->redirect_status
)
415 setenv("REDIRECT_STATUS", "404", 1);
419 setenv("REDIRECT_STATUS", "200", 1);
424 if (req
->version
> 1.0)
425 setenv("SERVER_PROTOCOL", "HTTP/1.1", 1);
427 setenv("SERVER_PROTOCOL", "HTTP/1.0", 1);
432 case UH_HTTP_MSG_GET
:
433 setenv("REQUEST_METHOD", "GET", 1);
436 case UH_HTTP_MSG_HEAD
:
437 setenv("REQUEST_METHOD", "HEAD", 1);
440 case UH_HTTP_MSG_POST
:
441 setenv("REQUEST_METHOD", "POST", 1);
446 setenv("REQUEST_URI", req
->url
, 1);
450 setenv("REMOTE_USER", req
->realm
->user
, 1);
452 /* request message headers */
453 foreach_header(i
, req
->headers
)
455 if (!strcasecmp(req
->headers
[i
], "Accept"))
456 setenv("HTTP_ACCEPT", req
->headers
[i
+1], 1);
458 else if (!strcasecmp(req
->headers
[i
], "Accept-Charset"))
459 setenv("HTTP_ACCEPT_CHARSET", req
->headers
[i
+1], 1);
461 else if (!strcasecmp(req
->headers
[i
], "Accept-Encoding"))
462 setenv("HTTP_ACCEPT_ENCODING", req
->headers
[i
+1], 1);
464 else if (!strcasecmp(req
->headers
[i
], "Accept-Language"))
465 setenv("HTTP_ACCEPT_LANGUAGE", req
->headers
[i
+1], 1);
467 else if (!strcasecmp(req
->headers
[i
], "Authorization"))
468 setenv("HTTP_AUTHORIZATION", req
->headers
[i
+1], 1);
470 else if (!strcasecmp(req
->headers
[i
], "Connection"))
471 setenv("HTTP_CONNECTION", req
->headers
[i
+1], 1);
473 else if (!strcasecmp(req
->headers
[i
], "Cookie"))
474 setenv("HTTP_COOKIE", req
->headers
[i
+1], 1);
476 else if (!strcasecmp(req
->headers
[i
], "Host"))
477 setenv("HTTP_HOST", req
->headers
[i
+1], 1);
479 else if (!strcasecmp(req
->headers
[i
], "Referer"))
480 setenv("HTTP_REFERER", req
->headers
[i
+1], 1);
482 else if (!strcasecmp(req
->headers
[i
], "User-Agent"))
483 setenv("HTTP_USER_AGENT", req
->headers
[i
+1], 1);
485 else if (!strcasecmp(req
->headers
[i
], "Content-Type"))
486 setenv("CONTENT_TYPE", req
->headers
[i
+1], 1);
488 else if (!strcasecmp(req
->headers
[i
], "Content-Length"))
489 setenv("CONTENT_LENGTH", req
->headers
[i
+1], 1);
493 /* execute child code ... */
498 execl(ip
->path
, ip
->path
, pi
->phys
, NULL
);
500 execl(pi
->phys
, pi
->phys
, NULL
);
502 /* in case it fails ... */
503 printf("Status: 500 Internal Server Error\r\n\r\n"
504 "Unable to launch the requested CGI program:\n"
505 " %s: %s\n", ip
? ip
->path
: pi
->phys
, strerror(errno
));
511 printf("Status: 403 Forbidden\r\n\r\n"
512 "Access to this resource is forbidden\n");
521 /* parent; handle I/O relaying */
523 memset(state
, 0, sizeof(*state
));
525 cl
->rpipe
.fd
= rfd
[0];
526 cl
->wpipe
.fd
= wfd
[1];
527 cl
->proc
.pid
= child
;
529 /* make pipe non-blocking */
530 fd_nonblock(cl
->rpipe
.fd
);
531 fd_nonblock(cl
->wpipe
.fd
);
533 /* close unneeded pipe ends */
537 D("CGI: Child(%d) created: rfd(%d) wfd(%d)\n", child
, rfd
[0], wfd
[1]);
539 state
->content_length
= cl
->httpbuf
.len
;
541 /* find content length */
542 if (req
->method
== UH_HTTP_MSG_POST
)
544 foreach_header(i
, req
->headers
)
546 if (!strcasecmp(req
->headers
[i
], "Content-Length"))
548 state
->content_length
= atoi(req
->headers
[i
+1]);
554 cl
->cb
= uh_cgi_socket_cb
;