| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606 |
- /*
- * uhttpd - Tiny single-threaded httpd - CGI handler
- *
- * Copyright (C) 2010 Jo-Philipp Wich <[email protected]>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
- #include "uhttpd.h"
- #include "uhttpd-utils.h"
- #include "uhttpd-cgi.h"
- static struct http_response * uh_cgi_header_parse(char *buf, int len, int *off)
- {
- char *bufptr = NULL;
- char *hdrname = NULL;
- int hdrcount = 0;
- int pos = 0;
- static struct http_response res;
- if( ((bufptr = strfind(buf, len, "\r\n\r\n", 4)) != NULL) ||
- ((bufptr = strfind(buf, len, "\n\n", 2)) != NULL)
- ) {
- *off = (int)(bufptr - buf) + ((bufptr[0] == '\r') ? 4 : 2);
- memset(&res, 0, sizeof(res));
- res.statuscode = 200;
- res.statusmsg = "OK";
- bufptr = &buf[0];
- for( pos = 0; pos < len; pos++ )
- {
- if( !hdrname && (buf[pos] == ':') )
- {
- buf[pos++] = 0;
- if( (pos < len) && (buf[pos] == ' ') )
- pos++;
- if( pos < len )
- {
- hdrname = bufptr;
- bufptr = &buf[pos];
- }
- }
- else if( (buf[pos] == '\r') || (buf[pos] == '\n') )
- {
- buf[pos++] = 0;
- if( ! hdrname )
- break;
- if( (pos < len) && (buf[pos] == '\n') )
- pos++;
- if( pos <= len )
- {
- if( (hdrcount + 1) < array_size(res.headers) )
- {
- if( ! strcasecmp(hdrname, "Status") )
- {
- res.statuscode = atoi(bufptr);
- if( res.statuscode < 100 )
- res.statuscode = 200;
- if( ((bufptr = strchr(bufptr, ' ')) != NULL) && (&bufptr[1] != 0) )
- res.statusmsg = &bufptr[1];
- }
- else
- {
- res.headers[hdrcount++] = hdrname;
- res.headers[hdrcount++] = bufptr;
- }
- bufptr = &buf[pos];
- hdrname = NULL;
- }
- else
- {
- return NULL;
- }
- }
- }
- }
- return &res;
- }
- return NULL;
- }
- static char * uh_cgi_header_lookup(struct http_response *res, const char *hdrname)
- {
- int i;
- foreach_header(i, res->headers)
- {
- if( ! strcasecmp(res->headers[i], hdrname) )
- return res->headers[i+1];
- }
- return NULL;
- }
- static int uh_cgi_error_500(struct client *cl, struct http_request *req, const char *message)
- {
- if( uh_http_sendf(cl, NULL,
- "HTTP/%.1f 500 Internal Server Error\r\n"
- "Content-Type: text/plain\r\n%s\r\n",
- req->version,
- (req->version > 1.0)
- ? "Transfer-Encoding: chunked\r\n" : ""
- ) >= 0
- ) {
- return uh_http_send(cl, req, message, -1);
- }
- return -1;
- }
- void uh_cgi_request(
- struct client *cl, struct http_request *req,
- struct path_info *pi, struct interpreter *ip
- ) {
- int i, hdroff, bufoff, rv;
- int hdrlen = 0;
- int buflen = 0;
- int fd_max = 0;
- int content_length = 0;
- int header_sent = 0;
- int rfd[2] = { 0, 0 };
- int wfd[2] = { 0, 0 };
- char buf[UH_LIMIT_MSGHEAD];
- char hdr[UH_LIMIT_MSGHEAD];
- pid_t child;
- fd_set reader;
- fd_set writer;
- sigset_t ss;
- struct sigaction sa;
- struct timeval timeout;
- struct http_response *res;
- /* spawn pipes for me->child, child->me */
- if( (pipe(rfd) < 0) || (pipe(wfd) < 0) )
- {
- uh_http_sendhf(cl, 500, "Internal Server Error",
- "Failed to create pipe: %s", strerror(errno));
- if( rfd[0] > 0 ) close(rfd[0]);
- if( rfd[1] > 0 ) close(rfd[1]);
- if( wfd[0] > 0 ) close(wfd[0]);
- if( wfd[1] > 0 ) close(wfd[1]);
- return;
- }
- /* fork off child process */
- switch( (child = fork()) )
- {
- /* oops */
- case -1:
- uh_http_sendhf(cl, 500, "Internal Server Error",
- "Failed to fork child: %s", strerror(errno));
- return;
- /* exec child */
- case 0:
- /* unblock signals */
- sigemptyset(&ss);
- sigprocmask(SIG_SETMASK, &ss, NULL);
- /* restore SIGTERM */
- sa.sa_flags = 0;
- sa.sa_handler = SIG_DFL;
- sigemptyset(&sa.sa_mask);
- sigaction(SIGTERM, &sa, NULL);
- /* close loose pipe ends */
- close(rfd[0]);
- close(wfd[1]);
- /* patch stdout and stdin to pipes */
- dup2(rfd[1], 1);
- dup2(wfd[0], 0);
- /* avoid leaking our pipe into child-child processes */
- fd_cloexec(rfd[1]);
- fd_cloexec(wfd[0]);
- /* check for regular, world-executable file _or_ interpreter */
- if( ((pi->stat.st_mode & S_IFREG) &&
- (pi->stat.st_mode & S_IXOTH)) || (ip != NULL)
- ) {
- /* build environment */
- clearenv();
- /* common information */
- setenv("GATEWAY_INTERFACE", "CGI/1.1", 1);
- setenv("SERVER_SOFTWARE", "uHTTPd", 1);
- setenv("PATH", "/sbin:/usr/sbin:/bin:/usr/bin", 1);
- #ifdef HAVE_TLS
- /* https? */
- if( cl->tls )
- setenv("HTTPS", "on", 1);
- #endif
- /* addresses */
- setenv("SERVER_NAME", sa_straddr(&cl->servaddr), 1);
- setenv("SERVER_ADDR", sa_straddr(&cl->servaddr), 1);
- setenv("SERVER_PORT", sa_strport(&cl->servaddr), 1);
- setenv("REMOTE_HOST", sa_straddr(&cl->peeraddr), 1);
- setenv("REMOTE_ADDR", sa_straddr(&cl->peeraddr), 1);
- setenv("REMOTE_PORT", sa_strport(&cl->peeraddr), 1);
- /* path information */
- setenv("SCRIPT_NAME", pi->name, 1);
- setenv("SCRIPT_FILENAME", pi->phys, 1);
- setenv("DOCUMENT_ROOT", pi->root, 1);
- setenv("QUERY_STRING", pi->query ? pi->query : "", 1);
- if( pi->info )
- setenv("PATH_INFO", pi->info, 1);
- /* REDIRECT_STATUS, php-cgi wants it */
- switch( req->redirect_status )
- {
- case 404:
- setenv("REDIRECT_STATUS", "404", 1);
- break;
- default:
- setenv("REDIRECT_STATUS", "200", 1);
- break;
- }
- /* http version */
- if( req->version > 1.0 )
- setenv("SERVER_PROTOCOL", "HTTP/1.1", 1);
- else
- setenv("SERVER_PROTOCOL", "HTTP/1.0", 1);
- /* request method */
- switch( req->method )
- {
- case UH_HTTP_MSG_GET:
- setenv("REQUEST_METHOD", "GET", 1);
- break;
- case UH_HTTP_MSG_HEAD:
- setenv("REQUEST_METHOD", "HEAD", 1);
- break;
- case UH_HTTP_MSG_POST:
- setenv("REQUEST_METHOD", "POST", 1);
- break;
- }
- /* request url */
- setenv("REQUEST_URI", req->url, 1);
- /* remote user */
- if( req->realm )
- setenv("REMOTE_USER", req->realm->user, 1);
- /* request message headers */
- foreach_header(i, req->headers)
- {
- if( ! strcasecmp(req->headers[i], "Accept") )
- setenv("HTTP_ACCEPT", req->headers[i+1], 1);
- else if( ! strcasecmp(req->headers[i], "Accept-Charset") )
- setenv("HTTP_ACCEPT_CHARSET", req->headers[i+1], 1);
- else if( ! strcasecmp(req->headers[i], "Accept-Encoding") )
- setenv("HTTP_ACCEPT_ENCODING", req->headers[i+1], 1);
- else if( ! strcasecmp(req->headers[i], "Accept-Language") )
- setenv("HTTP_ACCEPT_LANGUAGE", req->headers[i+1], 1);
- else if( ! strcasecmp(req->headers[i], "Authorization") )
- setenv("HTTP_AUTHORIZATION", req->headers[i+1], 1);
- else if( ! strcasecmp(req->headers[i], "Connection") )
- setenv("HTTP_CONNECTION", req->headers[i+1], 1);
- else if( ! strcasecmp(req->headers[i], "Cookie") )
- setenv("HTTP_COOKIE", req->headers[i+1], 1);
- else if( ! strcasecmp(req->headers[i], "Host") )
- setenv("HTTP_HOST", req->headers[i+1], 1);
- else if( ! strcasecmp(req->headers[i], "Referer") )
- setenv("HTTP_REFERER", req->headers[i+1], 1);
- else if( ! strcasecmp(req->headers[i], "User-Agent") )
- setenv("HTTP_USER_AGENT", req->headers[i+1], 1);
- else if( ! strcasecmp(req->headers[i], "Content-Type") )
- setenv("CONTENT_TYPE", req->headers[i+1], 1);
- else if( ! strcasecmp(req->headers[i], "Content-Length") )
- setenv("CONTENT_LENGTH", req->headers[i+1], 1);
- }
- /* execute child code ... */
- if( chdir(pi->root) )
- perror("chdir()");
- if( ip != NULL )
- execl(ip->path, ip->path, pi->phys, NULL);
- else
- execl(pi->phys, pi->phys, NULL);
- /* in case it fails ... */
- printf(
- "Status: 500 Internal Server Error\r\n\r\n"
- "Unable to launch the requested CGI program:\n"
- " %s: %s\n",
- ip ? ip->path : pi->phys, strerror(errno)
- );
- }
- /* 403 */
- else
- {
- printf(
- "Status: 403 Forbidden\r\n\r\n"
- "Access to this resource is forbidden\n"
- );
- }
- close(wfd[0]);
- close(rfd[1]);
- exit(0);
- break;
- /* parent; handle I/O relaying */
- default:
- /* close unneeded pipe ends */
- close(rfd[1]);
- close(wfd[0]);
- /* max watch fd */
- fd_max = max(rfd[0], wfd[1]) + 1;
- /* find content length */
- if( req->method == UH_HTTP_MSG_POST )
- {
- foreach_header(i, req->headers)
- {
- if( ! strcasecmp(req->headers[i], "Content-Length") )
- {
- content_length = atoi(req->headers[i+1]);
- break;
- }
- }
- }
- memset(hdr, 0, sizeof(hdr));
- /* I/O loop, watch our pipe ends and dispatch child reads/writes from/to socket */
- while( 1 )
- {
- FD_ZERO(&reader);
- FD_ZERO(&writer);
- FD_SET(rfd[0], &reader);
- FD_SET(wfd[1], &writer);
- timeout.tv_sec = (header_sent < 1) ? cl->server->conf->script_timeout : 3;
- timeout.tv_usec = 0;
- ensure_out(rv = select_intr(fd_max, &reader,
- (content_length > -1) ? &writer : NULL, NULL, &timeout));
- /* timeout */
- if( rv == 0 )
- {
- ensure_out(kill(child, 0));
- }
- /* wait until we can read or write or both */
- else if( rv > 0 )
- {
- /* ready to write to cgi program */
- if( FD_ISSET(wfd[1], &writer) )
- {
- /* there is unread post data waiting */
- if( content_length > 0 )
- {
- /* read it from socket ... */
- ensure_out(buflen = uh_tcp_recv(cl, buf,
- min(content_length, sizeof(buf))));
- if( buflen > 0 )
- {
- /* ... and write it to child's stdin */
- if( write(wfd[1], buf, buflen) < 0 )
- perror("write()");
- content_length -= buflen;
- }
- /* unexpected eof! */
- else
- {
- if( write(wfd[1], "", 0) < 0 )
- perror("write()");
- content_length = 0;
- }
- }
- /* there is no more post data, close pipe to child's stdin */
- else if( content_length > -1 )
- {
- close(wfd[1]);
- content_length = -1;
- }
- }
- /* ready to read from cgi program */
- if( FD_ISSET(rfd[0], &reader) )
- {
- /* read data from child ... */
- if( (buflen = read(rfd[0], buf, sizeof(buf))) > 0 )
- {
- /* we have not pushed out headers yet, parse input */
- if( ! header_sent )
- {
- /* head buffer not full and no end yet */
- if( hdrlen < sizeof(hdr) )
- {
- bufoff = min(buflen, sizeof(hdr) - hdrlen);
- memcpy(&hdr[hdrlen], buf, bufoff);
- hdrlen += bufoff;
- }
- else
- {
- bufoff = 0;
- }
- /* try to parse header ... */
- if( (res = uh_cgi_header_parse(hdr, hdrlen, &hdroff)) != NULL )
- {
- /* write status */
- ensure_out(uh_http_sendf(cl, NULL,
- "HTTP/%.1f %03d %s\r\n"
- "Connection: close\r\n",
- req->version, res->statuscode,
- res->statusmsg));
- /* add Content-Type if no Location or Content-Type */
- if( !uh_cgi_header_lookup(res, "Location") &&
- !uh_cgi_header_lookup(res, "Content-Type")
- ) {
- ensure_out(uh_http_send(cl, NULL,
- "Content-Type: text/plain\r\n", -1));
- }
- /* if request was HTTP 1.1 we'll respond chunked */
- if( (req->version > 1.0) &&
- !uh_cgi_header_lookup(res, "Transfer-Encoding")
- ) {
- ensure_out(uh_http_send(cl, NULL,
- "Transfer-Encoding: chunked\r\n", -1));
- }
- /* write headers from CGI program */
- foreach_header(i, res->headers)
- {
- ensure_out(uh_http_sendf(cl, NULL, "%s: %s\r\n",
- res->headers[i], res->headers[i+1]));
- }
- /* terminate header */
- ensure_out(uh_http_send(cl, NULL, "\r\n", -1));
- /* push out remaining head buffer */
- if( hdroff < hdrlen )
- ensure_out(uh_http_send(cl, req, &hdr[hdroff], hdrlen - hdroff));
- }
- /* ... failed and head buffer exceeded */
- else if( hdrlen >= sizeof(hdr) )
- {
- ensure_out(uh_cgi_error_500(cl, req,
- "The CGI program generated an invalid response:\n\n"));
- ensure_out(uh_http_send(cl, req, hdr, hdrlen));
- }
- /* ... failed but free buffer space, try again */
- else
- {
- continue;
- }
- /* push out remaining read buffer */
- if( bufoff < buflen )
- ensure_out(uh_http_send(cl, req, &buf[bufoff], buflen - bufoff));
- header_sent = 1;
- continue;
- }
- /* headers complete, pass through buffer to socket */
- ensure_out(uh_http_send(cl, req, buf, buflen));
- }
- /* looks like eof from child */
- else
- {
- /* cgi script did not output useful stuff at all */
- if( ! header_sent )
- {
- /* I would do this ...
- *
- * uh_cgi_error_500(cl, req,
- * "The CGI program generated an "
- * "invalid response:\n\n");
- *
- * ... but in order to stay as compatible as possible,
- * treat whatever we got as text/plain response and
- * build the required headers here.
- */
- ensure_out(uh_http_sendf(cl, NULL,
- "HTTP/%.1f 200 OK\r\n"
- "Content-Type: text/plain\r\n"
- "%s\r\n",
- req->version, (req->version > 1.0)
- ? "Transfer-Encoding: chunked\r\n" : ""
- ));
- ensure_out(uh_http_send(cl, req, hdr, hdrlen));
- }
- /* send final chunk if we're in chunked transfer mode */
- ensure_out(uh_http_send(cl, req, "", 0));
- break;
- }
- }
- }
- /* timeout exceeded or interrupted by SIGCHLD */
- else
- {
- if( (errno != EINTR) && ! header_sent )
- {
- ensure_out(uh_http_sendhf(cl, 504, "Gateway Timeout",
- "The CGI script took too long to produce "
- "a response"));
- }
- /* send final chunk if we're in chunked transfer mode */
- ensure_out(uh_http_send(cl, req, "", 0));
- break;
- }
- }
- out:
- close(rfd[0]);
- close(wfd[1]);
- if( !kill(child, 0) )
- {
- kill(child, SIGTERM);
- waitpid(child, NULL, 0);
- }
- break;
- }
- }
|