projects / openwrt / staging / lynxis / omap.git / blob
? search:


e527922624e1e6c6996c7f61db9fc7af306bfdb8
[openwrt/staging/lynxis/omap.git] / package / uhttpd / src / uhttpd-cgi.c
1 /*
2 * uhttpd - Tiny single-threaded httpd - CGI handler
3 *
4 * Copyright (C) 2010-2012 Jo-Philipp Wich <xm@subsignal.org>
5 *
6 * Licensed under the Apache License, Version 2.0 (the "License");
7 * you may not use this file except in compliance with the License.
8 * You may obtain a copy of the License at
9 *
10 * http://www.apache.org/licenses/LICENSE-2.0
11 *
12 * Unless required by applicable law or agreed to in writing, software
13 * distributed under the License is distributed on an "AS IS" BASIS,
14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 * See the License for the specific language governing permissions and
16 * limitations under the License.
17 */
18
19 #include "uhttpd.h"
20 #include "uhttpd-utils.h"
21 #include "uhttpd-cgi.h"
22
23
24 static bool
25 uh_cgi_header_parse(struct http_response *res, char *buf, int len, int *off)
26 {
27 char *bufptr = NULL;
28 char *hdrname = NULL;
29 int hdrcount = 0;
30 int pos = 0;
31
32 if (((bufptr = strfind(buf, len, "\r\n\r\n", 4)) != NULL) ||
33 ((bufptr = strfind(buf, len, "\n\n", 2)) != NULL))
34 {
35 *off = (int)(bufptr - buf) + ((bufptr[0] == '\r') ? 4 : 2);
36
37 memset(res, 0, sizeof(*res));
38
39 res->statuscode = 200;
40 res->statusmsg = "OK";
41
42 bufptr = &buf[0];
43
44 for (pos = 0; pos < *off; pos++)
45 {
46 if (!hdrname && (buf[pos] == ':'))
47 {
48 buf[pos++] = 0;
49
50 if ((pos < len) && (buf[pos] == ' '))
51 pos++;
52
53 if (pos < len)
54 {
55 hdrname = bufptr;
56 bufptr = &buf[pos];
57 }
58 }
59
60 else if ((buf[pos] == '\r') || (buf[pos] == '\n'))
61 {
62 if (! hdrname)
63 break;
64
65 buf[pos++] = 0;
66
67 if ((pos < len) && (buf[pos] == '\n'))
68 pos++;
69
70 if (pos <= len)
71 {
72 if ((hdrcount+1) < array_size(res->headers))
73 {
74 if (!strcasecmp(hdrname, "Status"))
75 {
76 res->statuscode = atoi(bufptr);
77
78 if (res->statuscode < 100)
79 res->statuscode = 200;
80
81 if (((bufptr = strchr(bufptr, ' ')) != NULL) &&
82 (&bufptr[1] != 0))
83 {
84 res->statusmsg = &bufptr[1];
85 }
86
87 D("CGI: HTTP/1.x %03d %s\n",
88 res->statuscode, res->statusmsg);
89 }
90 else
91 {
92 D("CGI: HTTP: %s: %s\n", hdrname, bufptr);
93
94 res->headers[hdrcount++] = hdrname;
95 res->headers[hdrcount++] = bufptr;
96 }
97
98 bufptr = &buf[pos];
99 hdrname = NULL;
100 }
101 else
102 {
103 return false;
104 }
105 }
106 }
107 }
108
109 return true;
110 }
111
112 return false;
113 }
114
115 static char * uh_cgi_header_lookup(struct http_response *res,
116 const char *hdrname)
117 {
118 int i;
119
120 foreach_header(i, res->headers)
121 {
122 if (!strcasecmp(res->headers[i], hdrname))
123 return res->headers[i+1];
124 }
125
126 return NULL;
127 }
128
129 static void uh_cgi_shutdown(struct uh_cgi_state *state)
130 {
131 free(state);
132 }
133
134 static bool uh_cgi_socket_cb(struct client *cl)
135 {
136 int i, len, hdroff;
137 char buf[UH_LIMIT_MSGHEAD];
138
139 struct uh_cgi_state *state = (struct uh_cgi_state *)cl->priv;
140 struct http_response *res = &cl->response;
141 struct http_request *req = &cl->request;
142
143 /* there is unread post data waiting */
144 while (state->content_length > 0)
145 {
146 /* remaining data in http head buffer ... */
147 if (cl->httpbuf.len > 0)
148 {
149 len = min(state->content_length, cl->httpbuf.len);
150
151 D("CGI: Child(%d) feed %d HTTP buffer bytes\n", cl->proc.pid, len);
152
153 memcpy(buf, cl->httpbuf.ptr, len);
154
155 cl->httpbuf.len -= len;
156 cl->httpbuf.ptr +=len;
157 }
158
159 /* read it from socket ... */
160 else
161 {
162 len = uh_tcp_recv(cl, buf,
163 min(state->content_length, sizeof(buf)));
164
165 if ((len < 0) && ((errno == EAGAIN) || (errno == EWOULDBLOCK)))
166 break;
167
168 D("CGI: Child(%d) feed %d/%d TCP socket bytes\n",
169 cl->proc.pid, len, min(state->content_length, sizeof(buf)));
170 }
171
172 if (len)
173 state->content_length -= len;
174 else
175 state->content_length = 0;
176
177 /* ... write to CGI process */
178 len = uh_raw_send(cl->wpipe.fd, buf, len,
179 cl->server->conf->script_timeout);
180
181 /* explicit EOF notification for the child */
182 if (state->content_length <= 0)
183 uh_ufd_remove(&cl->wpipe);
184 }
185
186 /* try to read data from child */
187 while ((len = uh_raw_recv(cl->rpipe.fd, buf, sizeof(buf), -1)) > 0)
188 {
189 /* we have not pushed out headers yet, parse input */
190 if (!state->header_sent)
191 {
192 /* try to parse header ... */
193 memcpy(state->httpbuf, buf, len);
194
195 if (uh_cgi_header_parse(res, state->httpbuf, len, &hdroff))
196 {
197 /* write status */
198 ensure_out(uh_http_sendf(cl, NULL,
199 "HTTP/%.1f %03d %s\r\n"
200 "Connection: close\r\n",
201 req->version, res->statuscode, res->statusmsg));
202
203 /* add Content-Type if no Location or Content-Type */
204 if (!uh_cgi_header_lookup(res, "Location") &&
205 !uh_cgi_header_lookup(res, "Content-Type"))
206 {
207 ensure_out(uh_http_send(cl, NULL,
208 "Content-Type: text/plain\r\n", -1));
209 }
210
211 /* if request was HTTP 1.1 we'll respond chunked */
212 if ((req->version > 1.0) &&
213 !uh_cgi_header_lookup(res, "Transfer-Encoding"))
214 {
215 ensure_out(uh_http_send(cl, NULL,
216 "Transfer-Encoding: chunked\r\n", -1));
217 }
218
219 /* write headers from CGI program */
220 foreach_header(i, res->headers)
221 {
222 ensure_out(uh_http_sendf(cl, NULL, "%s: %s\r\n",
223 res->headers[i], res->headers[i+1]));
224 }
225
226 /* terminate header */
227 ensure_out(uh_http_send(cl, NULL, "\r\n", -1));
228
229 state->header_sent = true;
230
231 /* push out remaining head buffer */
232 if (hdroff < len)
233 {
234 D("CGI: Child(%d) relaying %d rest bytes\n",
235 cl->proc.pid, len - hdroff);
236
237 ensure_out(uh_http_send(cl, req,
238 &buf[hdroff], len - hdroff));
239 }
240 }
241
242 /* ... failed and head buffer exceeded */
243 else
244 {
245 /* I would do this ...
246 *
247 * uh_cgi_error_500(cl, req,
248 * "The CGI program generated an "
249 * "invalid response:\n\n");
250 *
251 * ... but in order to stay as compatible as possible,
252 * treat whatever we got as text/plain response and
253 * build the required headers here.
254 */
255
256 ensure_out(uh_http_sendf(cl, NULL,
257 "HTTP/%.1f 200 OK\r\n"
258 "Content-Type: text/plain\r\n"
259 "%s\r\n",
260 req->version, (req->version > 1.0)
261 ? "Transfer-Encoding: chunked\r\n" : ""
262 ));
263
264 state->header_sent = true;
265
266 D("CGI: Child(%d) relaying %d invalid bytes\n",
267 cl->proc.pid, len);
268
269 ensure_out(uh_http_send(cl, req, buf, len));
270 }
271 }
272 else
273 {
274 /* headers complete, pass through buffer to socket */
275 D("CGI: Child(%d) relaying %d normal bytes\n", cl->proc.pid, len);
276 ensure_out(uh_http_send(cl, req, buf, len));
277 }
278 }
279
280 /* got EOF or read error from child */
281 if ((len == 0) ||
282 ((errno != EAGAIN) && (errno != EWOULDBLOCK) && (len == -1)))
283 {
284 D("CGI: Child(%d) presumed dead [%s]\n", cl->proc.pid, strerror(errno));
285
286 goto out;
287 }
288
289 return true;
290
291 out:
292 if (!state->header_sent)
293 {
294 if (cl->timeout.pending)
295 uh_http_sendhf(cl, 502, "Bad Gateway",
296 "The CGI process did not produce any response\n");
297 else
298 uh_http_sendhf(cl, 504, "Gateway Timeout",
299 "The CGI process took too long to produce a "
300 "response\n");
301 }
302 else
303 {
304 uh_http_send(cl, req, "", 0);
305 }
306
307 uh_cgi_shutdown(state);
308 return false;
309 }
310
311 bool uh_cgi_request(struct client *cl, struct path_info *pi,
312 struct interpreter *ip)
313 {
314 int i;
315
316 int rfd[2] = { 0, 0 };
317 int wfd[2] = { 0, 0 };
318
319 pid_t child;
320
321 struct uh_cgi_state *state;
322 struct http_request *req = &cl->request;
323
324 /* allocate state */
325 if (!(state = malloc(sizeof(*state))))
326 {
327 uh_http_sendhf(cl, 500, "Internal Server Error", "Out of memory");
328 return false;
329 }
330
331 /* spawn pipes for me->child, child->me */
332 if ((pipe(rfd) < 0) || (pipe(wfd) < 0))
333 {
334 if (rfd[0] > 0) close(rfd[0]);
335 if (rfd[1] > 0) close(rfd[1]);
336 if (wfd[0] > 0) close(wfd[0]);
337 if (wfd[1] > 0) close(wfd[1]);
338
339 uh_http_sendhf(cl, 500, "Internal Server Error",
340 "Failed to create pipe: %s\n", strerror(errno));
341
342 return false;
343 }
344
345 /* fork off child process */
346 switch ((child = fork()))
347 {
348 /* oops */
349 case -1:
350 uh_http_sendhf(cl, 500, "Internal Server Error",
351 "Failed to fork child: %s\n", strerror(errno));
352
353 return false;
354
355 /* exec child */
356 case 0:
357 #ifdef DEBUG
358 sleep(atoi(getenv("UHTTPD_SLEEP_ON_FORK") ?: "0"));
359 #endif
360
361 /* do not leak parent epoll descriptor */
362 uloop_done();
363
364 /* close loose pipe ends */
365 close(rfd[0]);
366 close(wfd[1]);
367
368 /* patch stdout and stdin to pipes */
369 dup2(rfd[1], 1);
370 dup2(wfd[0], 0);
371
372 /* avoid leaking our pipe into child-child processes */
373 fd_cloexec(rfd[1]);
374 fd_cloexec(wfd[0]);
375
376 /* check for regular, world-executable file _or_ interpreter */
377 if (((pi->stat.st_mode & S_IFREG) &&
378 (pi->stat.st_mode & S_IXOTH)) || (ip != NULL))
379 {
380 /* build environment */
381 clearenv();
382
383 /* common information */
384 setenv("GATEWAY_INTERFACE", "CGI/1.1", 1);
385 setenv("SERVER_SOFTWARE", "uHTTPd", 1);
386 setenv("PATH", "/sbin:/usr/sbin:/bin:/usr/bin", 1);
387
388 #ifdef HAVE_TLS
389 /* https? */
390 if (cl->tls)
391 setenv("HTTPS", "on", 1);
392 #endif
393
394 /* addresses */
395 setenv("SERVER_NAME", sa_straddr(&cl->servaddr), 1);
396 setenv("SERVER_ADDR", sa_straddr(&cl->servaddr), 1);
397 setenv("SERVER_PORT", sa_strport(&cl->servaddr), 1);
398 setenv("REMOTE_HOST", sa_straddr(&cl->peeraddr), 1);
399 setenv("REMOTE_ADDR", sa_straddr(&cl->peeraddr), 1);
400 setenv("REMOTE_PORT", sa_strport(&cl->peeraddr), 1);
401
402 /* path information */
403 setenv("SCRIPT_NAME", pi->name, 1);
404 setenv("SCRIPT_FILENAME", pi->phys, 1);
405 setenv("DOCUMENT_ROOT", pi->root, 1);
406 setenv("QUERY_STRING", pi->query ? pi->query : "", 1);
407
408 if (pi->info)
409 setenv("PATH_INFO", pi->info, 1);
410
411 /* REDIRECT_STATUS, php-cgi wants it */
412 switch (req->redirect_status)
413 {
414 case 404:
415 setenv("REDIRECT_STATUS", "404", 1);
416 break;
417
418 default:
419 setenv("REDIRECT_STATUS", "200", 1);
420 break;
421 }
422
423 /* http version */
424 if (req->version > 1.0)
425 setenv("SERVER_PROTOCOL", "HTTP/1.1", 1);
426 else
427 setenv("SERVER_PROTOCOL", "HTTP/1.0", 1);
428
429 /* request method */
430 switch (req->method)
431 {
432 case UH_HTTP_MSG_GET:
433 setenv("REQUEST_METHOD", "GET", 1);
434 break;
435
436 case UH_HTTP_MSG_HEAD:
437 setenv("REQUEST_METHOD", "HEAD", 1);
438 break;
439
440 case UH_HTTP_MSG_POST:
441 setenv("REQUEST_METHOD", "POST", 1);
442 break;
443 }
444
445 /* request url */
446 setenv("REQUEST_URI", req->url, 1);
447
448 /* remote user */
449 if (req->realm)
450 setenv("REMOTE_USER", req->realm->user, 1);
451
452 /* request message headers */
453 foreach_header(i, req->headers)
454 {
455 if (!strcasecmp(req->headers[i], "Accept"))
456 setenv("HTTP_ACCEPT", req->headers[i+1], 1);
457
458 else if (!strcasecmp(req->headers[i], "Accept-Charset"))
459 setenv("HTTP_ACCEPT_CHARSET", req->headers[i+1], 1);
460
461 else if (!strcasecmp(req->headers[i], "Accept-Encoding"))
462 setenv("HTTP_ACCEPT_ENCODING", req->headers[i+1], 1);
463
464 else if (!strcasecmp(req->headers[i], "Accept-Language"))
465 setenv("HTTP_ACCEPT_LANGUAGE", req->headers[i+1], 1);
466
467 else if (!strcasecmp(req->headers[i], "Authorization"))
468 setenv("HTTP_AUTHORIZATION", req->headers[i+1], 1);
469
470 else if (!strcasecmp(req->headers[i], "Connection"))
471 setenv("HTTP_CONNECTION", req->headers[i+1], 1);
472
473 else if (!strcasecmp(req->headers[i], "Cookie"))
474 setenv("HTTP_COOKIE", req->headers[i+1], 1);
475
476 else if (!strcasecmp(req->headers[i], "Host"))
477 setenv("HTTP_HOST", req->headers[i+1], 1);
478
479 else if (!strcasecmp(req->headers[i], "Referer"))
480 setenv("HTTP_REFERER", req->headers[i+1], 1);
481
482 else if (!strcasecmp(req->headers[i], "User-Agent"))
483 setenv("HTTP_USER_AGENT", req->headers[i+1], 1);
484
485 else if (!strcasecmp(req->headers[i], "Content-Type"))
486 setenv("CONTENT_TYPE", req->headers[i+1], 1);
487
488 else if (!strcasecmp(req->headers[i], "Content-Length"))
489 setenv("CONTENT_LENGTH", req->headers[i+1], 1);
490 }
491
492
493 /* execute child code ... */
494 if (chdir(pi->root))
495 perror("chdir()");
496
497 if (ip != NULL)
498 execl(ip->path, ip->path, pi->phys, NULL);
499 else
500 execl(pi->phys, pi->phys, NULL);
501
502 /* in case it fails ... */
503 printf("Status: 500 Internal Server Error\r\n\r\n"
504 "Unable to launch the requested CGI program:\n"
505 " %s: %s\n", ip ? ip->path : pi->phys, strerror(errno));
506 }
507
508 /* 403 */
509 else
510 {
511 printf("Status: 403 Forbidden\r\n\r\n"
512 "Access to this resource is forbidden\n");
513 }
514
515 close(wfd[0]);
516 close(rfd[1]);
517 exit(0);
518
519 break;
520
521 /* parent; handle I/O relaying */
522 default:
523 memset(state, 0, sizeof(*state));
524
525 cl->rpipe.fd = rfd[0];
526 cl->wpipe.fd = wfd[1];
527 cl->proc.pid = child;
528
529 /* make pipe non-blocking */
530 fd_nonblock(cl->rpipe.fd);
531 fd_nonblock(cl->wpipe.fd);
532
533 /* close unneeded pipe ends */
534 close(rfd[1]);
535 close(wfd[0]);
536
537 D("CGI: Child(%d) created: rfd(%d) wfd(%d)\n", child, rfd[0], wfd[1]);
538
539 state->content_length = cl->httpbuf.len;
540
541 /* find content length */
542 if (req->method == UH_HTTP_MSG_POST)
543 {
544 foreach_header(i, req->headers)
545 {
546 if (!strcasecmp(req->headers[i], "Content-Length"))
547 {
548 state->content_length = atoi(req->headers[i+1]);
549 break;
550 }
551 }
552 }
553
554 cl->cb = uh_cgi_socket_cb;
555 cl->priv = state;
556
557 break;
558 }
559
560 return true;
561 }
lynxis staging tree for omap