1*d444d2f2Stb /* $OpenBSD: slowcgi.c,v 1.48 2015/11/20 09:04:01 tb Exp $ */ 27ac15270Sflorian /* 37ac15270Sflorian * Copyright (c) 2013 David Gwynne <dlg@openbsd.org> 47ac15270Sflorian * Copyright (c) 2013 Florian Obser <florian@openbsd.org> 57ac15270Sflorian * 67ac15270Sflorian * Permission to use, copy, modify, and distribute this software for any 77ac15270Sflorian * purpose with or without fee is hereby granted, provided that the above 87ac15270Sflorian * copyright notice and this permission notice appear in all copies. 97ac15270Sflorian * 107ac15270Sflorian * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 117ac15270Sflorian * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 127ac15270Sflorian * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 137ac15270Sflorian * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 147ac15270Sflorian * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 157ac15270Sflorian * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 167ac15270Sflorian * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 177ac15270Sflorian */ 187ac15270Sflorian 197ac15270Sflorian #include <sys/types.h> 207ac15270Sflorian #include <sys/ioctl.h> 217ac15270Sflorian #include <sys/queue.h> 227ac15270Sflorian #include <sys/socket.h> 237ac15270Sflorian #include <sys/stat.h> 24e09b0855Sflorian #include <sys/time.h> 257ac15270Sflorian #include <sys/un.h> 267ac15270Sflorian #include <sys/wait.h> 27e09b0855Sflorian #include <arpa/inet.h> 287ac15270Sflorian #include <err.h> 2994ee156dSflorian #include <fcntl.h> 307ac15270Sflorian #include <errno.h> 317ac15270Sflorian #include <event.h> 32b9fc9a72Sderaadt #include <limits.h> 337ac15270Sflorian #include <pwd.h> 347ac15270Sflorian #include <signal.h> 35e09b0855Sflorian #include <stdarg.h> 367ac15270Sflorian #include <stdio.h> 377ac15270Sflorian #include <stdlib.h> 387ac15270Sflorian #include <string.h> 397ac15270Sflorian #include <syslog.h> 407ac15270Sflorian #include <unistd.h> 417ac15270Sflorian 427ac15270Sflorian #define TIMEOUT_DEFAULT 120 437ac15270Sflorian #define SLOWCGI_USER "www" 440ee0284dSblambert 450ee0284dSblambert #define FCGI_CONTENT_SIZE 65535 460ee0284dSblambert #define FCGI_PADDING_SIZE 255 470ee0284dSblambert #define FCGI_RECORD_SIZE \ 480ee0284dSblambert (sizeof(struct fcgi_record_header) + FCGI_CONTENT_SIZE + FCGI_PADDING_SIZE) 490ee0284dSblambert 507ac15270Sflorian #define STDOUT_DONE 1 517ac15270Sflorian #define STDERR_DONE 2 527ac15270Sflorian #define SCRIPT_DONE 4 537ac15270Sflorian 547ac15270Sflorian #define FCGI_BEGIN_REQUEST 1 557ac15270Sflorian #define FCGI_ABORT_REQUEST 2 567ac15270Sflorian #define FCGI_END_REQUEST 3 577ac15270Sflorian #define FCGI_PARAMS 4 587ac15270Sflorian #define FCGI_STDIN 5 597ac15270Sflorian #define FCGI_STDOUT 6 607ac15270Sflorian #define FCGI_STDERR 7 617ac15270Sflorian #define FCGI_DATA 8 627ac15270Sflorian #define FCGI_GET_VALUES 9 637ac15270Sflorian #define FCGI_GET_VALUES_RESULT 10 647ac15270Sflorian #define FCGI_UNKNOWN_TYPE 11 657ac15270Sflorian #define FCGI_MAXTYPE (FCGI_UNKNOWN_TYPE) 667ac15270Sflorian 677ac15270Sflorian #define FCGI_REQUEST_COMPLETE 0 687ac15270Sflorian #define FCGI_CANT_MPX_CONN 1 697ac15270Sflorian #define FCGI_OVERLOADED 2 707ac15270Sflorian #define FCGI_UNKNOWN_ROLE 3 717ac15270Sflorian 723f9f8982Sbenno #define FD_RESERVE 5 733f9f8982Sbenno #define FD_NEEDED 6 74d2b70008Sflorian int cgi_inflight = 0; 757ac15270Sflorian 767ac15270Sflorian struct listener { 777ac15270Sflorian struct event ev, pause; 787ac15270Sflorian }; 797ac15270Sflorian 807ac15270Sflorian struct env_val { 817ac15270Sflorian SLIST_ENTRY(env_val) entry; 827ac15270Sflorian char *val; 837ac15270Sflorian }; 847ac15270Sflorian SLIST_HEAD(env_head, env_val); 857ac15270Sflorian 867ac15270Sflorian struct fcgi_record_header { 877ac15270Sflorian uint8_t version; 887ac15270Sflorian uint8_t type; 897ac15270Sflorian uint16_t id; 907ac15270Sflorian uint16_t content_len; 917ac15270Sflorian uint8_t padding_len; 927ac15270Sflorian uint8_t reserved; 937ac15270Sflorian }__packed; 947ac15270Sflorian 957ac15270Sflorian struct fcgi_response { 967ac15270Sflorian TAILQ_ENTRY(fcgi_response) entry; 970ee0284dSblambert uint8_t data[FCGI_RECORD_SIZE]; 987ac15270Sflorian size_t data_pos; 997ac15270Sflorian size_t data_len; 1007ac15270Sflorian }; 1017ac15270Sflorian TAILQ_HEAD(fcgi_response_head, fcgi_response); 1027ac15270Sflorian 1037ac15270Sflorian struct fcgi_stdin { 1047ac15270Sflorian TAILQ_ENTRY(fcgi_stdin) entry; 1057ac15270Sflorian uint8_t data[FCGI_RECORD_SIZE]; 1067ac15270Sflorian size_t data_pos; 1077ac15270Sflorian size_t data_len; 1087ac15270Sflorian }; 1097ac15270Sflorian TAILQ_HEAD(fcgi_stdin_head, fcgi_stdin); 1107ac15270Sflorian 111c3b13bc8Sblambert struct request { 1127ac15270Sflorian struct event ev; 1137ac15270Sflorian struct event resp_ev; 1147ac15270Sflorian struct event tmo; 1157ac15270Sflorian int fd; 1167ac15270Sflorian uint8_t buf[FCGI_RECORD_SIZE]; 1177ac15270Sflorian size_t buf_pos; 1187ac15270Sflorian size_t buf_len; 1197ac15270Sflorian struct fcgi_response_head response_head; 1207ac15270Sflorian struct fcgi_stdin_head stdin_head; 1217ac15270Sflorian uint16_t id; 122b9fc9a72Sderaadt char script_name[PATH_MAX]; 1237ac15270Sflorian struct env_head env; 1247ac15270Sflorian int env_count; 1257ac15270Sflorian pid_t script_pid; 1267ac15270Sflorian int script_status; 1277ac15270Sflorian struct event script_ev; 1287ac15270Sflorian struct event script_err_ev; 1297ac15270Sflorian struct event script_stdin_ev; 1306bdc2311Sflorian int stdin_fd_closed; 1316bdc2311Sflorian int stdout_fd_closed; 1326bdc2311Sflorian int stderr_fd_closed; 1337ac15270Sflorian uint8_t script_flags; 1347ac15270Sflorian uint8_t request_started; 1353f9f8982Sbenno int inflight_fds_accounted; 1367ac15270Sflorian }; 1377ac15270Sflorian 138c3b13bc8Sblambert struct requests { 139c3b13bc8Sblambert SLIST_ENTRY(requests) entry; 140c3b13bc8Sblambert struct request *request; 1417ac15270Sflorian }; 142c3b13bc8Sblambert SLIST_HEAD(requests_head, requests); 1437ac15270Sflorian 1447ac15270Sflorian struct slowcgi_proc { 145c3b13bc8Sblambert struct requests_head requests; 1467ac15270Sflorian struct event ev_sigchld; 1477ac15270Sflorian struct event ev_sigpipe; 1487ac15270Sflorian }; 1497ac15270Sflorian 1507ac15270Sflorian struct fcgi_begin_request_body { 1517ac15270Sflorian uint16_t role; 1527ac15270Sflorian uint8_t flags; 1537ac15270Sflorian uint8_t reserved[5]; 1547ac15270Sflorian }__packed; 1557ac15270Sflorian 15603e61f17Sblambert struct fcgi_end_request_body { 1577ac15270Sflorian uint32_t app_status; 1587ac15270Sflorian uint8_t protocol_status; 1597ac15270Sflorian uint8_t reserved[3]; 1607ac15270Sflorian }__packed; 16103e61f17Sblambert 1627ac15270Sflorian __dead void usage(void); 1630897de71Sflorian int slowcgi_listen(char *, struct passwd *); 1647ac15270Sflorian void slowcgi_paused(int, short, void *); 1653f9f8982Sbenno int accept_reserve(int, struct sockaddr *, socklen_t *, int, 1663f9f8982Sbenno volatile int *); 1677ac15270Sflorian void slowcgi_accept(int, short, void *); 1687ac15270Sflorian void slowcgi_request(int, short, void *); 1697ac15270Sflorian void slowcgi_response(int, short, void *); 1704404b4d5Sflorian void slowcgi_add_response(struct request *, struct fcgi_response *); 1717ac15270Sflorian void slowcgi_timeout(int, short, void *); 1727ac15270Sflorian void slowcgi_sig_handler(int, short, void *); 173c3b13bc8Sblambert size_t parse_record(uint8_t * , size_t, struct request *); 174c3b13bc8Sblambert void parse_begin_request(uint8_t *, uint16_t, struct request *, 1757ac15270Sflorian uint16_t); 176c3b13bc8Sblambert void parse_params(uint8_t *, uint16_t, struct request *, uint16_t); 177c3b13bc8Sblambert void parse_stdin(uint8_t *, uint16_t, struct request *, uint16_t); 178c3b13bc8Sblambert void exec_cgi(struct request *); 179c3b13bc8Sblambert void script_in(int, struct event *, struct request *, uint8_t); 1807ac15270Sflorian void script_std_in(int, short, void *); 1817ac15270Sflorian void script_err_in(int, short, void *); 1827ac15270Sflorian void script_out(int, short, void *); 183c3b13bc8Sblambert void create_end_record(struct request *); 18403e61f17Sblambert void dump_fcgi_record(const char *, 18503e61f17Sblambert struct fcgi_record_header *); 1867ac15270Sflorian void dump_fcgi_record_header(const char *, 1877ac15270Sflorian struct fcgi_record_header *); 18803e61f17Sblambert void dump_fcgi_begin_request_body(const char *, 18903e61f17Sblambert struct fcgi_begin_request_body *); 19003e61f17Sblambert void dump_fcgi_end_request_body(const char *, 19103e61f17Sblambert struct fcgi_end_request_body *); 192c3b13bc8Sblambert void cleanup_request(struct request *); 19303e61f17Sblambert 1947ac15270Sflorian struct loggers { 195d0a52cffSflorian __dead void (*err)(int, const char *, ...); 196d0a52cffSflorian __dead void (*errx)(int, const char *, ...); 1977ac15270Sflorian void (*warn)(const char *, ...); 1987ac15270Sflorian void (*warnx)(const char *, ...); 1997ac15270Sflorian void (*info)(const char *, ...); 2007ac15270Sflorian void (*debug)(const char *, ...); 2017ac15270Sflorian }; 2027ac15270Sflorian 2037ac15270Sflorian const struct loggers conslogger = { 2047ac15270Sflorian err, 2057ac15270Sflorian errx, 2067ac15270Sflorian warn, 2077ac15270Sflorian warnx, 2087ac15270Sflorian warnx, /* info */ 2097ac15270Sflorian warnx /* debug */ 2107ac15270Sflorian }; 2117ac15270Sflorian 212d0a52cffSflorian __dead void syslog_err(int, const char *, ...); 213d0a52cffSflorian __dead void syslog_errx(int, const char *, ...); 2147ac15270Sflorian void syslog_warn(const char *, ...); 2157ac15270Sflorian void syslog_warnx(const char *, ...); 2167ac15270Sflorian void syslog_info(const char *, ...); 2177ac15270Sflorian void syslog_debug(const char *, ...); 2187ac15270Sflorian void syslog_vstrerror(int, int, const char *, va_list); 2197ac15270Sflorian 2207ac15270Sflorian const struct loggers syslogger = { 2217ac15270Sflorian syslog_err, 2227ac15270Sflorian syslog_errx, 2237ac15270Sflorian syslog_warn, 2247ac15270Sflorian syslog_warnx, 2257ac15270Sflorian syslog_info, 2267ac15270Sflorian syslog_debug 2277ac15270Sflorian }; 2287ac15270Sflorian 2297ac15270Sflorian const struct loggers *logger = &conslogger; 2307ac15270Sflorian 2317ac15270Sflorian #define lerr(_e, _f...) logger->err((_e), _f) 2327ac15270Sflorian #define lerrx(_e, _f...) logger->errx((_e), _f) 2337ac15270Sflorian #define lwarn(_f...) logger->warn(_f) 2347ac15270Sflorian #define lwarnx(_f...) logger->warnx(_f) 2357ac15270Sflorian #define linfo(_f...) logger->info(_f) 2367ac15270Sflorian #define ldebug(_f...) logger->debug(_f) 2377ac15270Sflorian 2387ac15270Sflorian __dead void 2397ac15270Sflorian usage(void) 2407ac15270Sflorian { 2417ac15270Sflorian extern char *__progname; 242a3b046bcSflorian fprintf(stderr, "usage: %s [-d] [-p path] [-s socket] [-u user]\n", 243a3b046bcSflorian __progname); 2447ac15270Sflorian exit(1); 2457ac15270Sflorian } 2467ac15270Sflorian 2477ac15270Sflorian struct timeval timeout = { TIMEOUT_DEFAULT, 0 }; 2487ac15270Sflorian struct slowcgi_proc slowcgi_proc; 2497ac15270Sflorian int debug = 0; 2507ac15270Sflorian int on = 1; 2510b5ee19eSblambert char *fcgi_socket = "/var/www/run/slowcgi.sock"; 2527ac15270Sflorian 2537ac15270Sflorian int 2547ac15270Sflorian main(int argc, char *argv[]) 2557ac15270Sflorian { 25606619349Sflorian extern char *__progname; 2570897de71Sflorian struct listener *l = NULL; 2587ac15270Sflorian struct passwd *pw; 259f4a8b980Sflorian struct stat sb; 260f4a8b980Sflorian int c, fd; 261a3b046bcSflorian const char *chrootpath = NULL; 262a3b046bcSflorian const char *slowcgi_user = SLOWCGI_USER; 263f4a8b980Sflorian 264f4a8b980Sflorian /* 265f4a8b980Sflorian * Ensure we have fds 0-2 open so that we have no fd overlaps 266f4a8b980Sflorian * in exec_cgi() later. Just exit on error, we don't have enough 267f4a8b980Sflorian * fds open to output an error message anywhere. 268f4a8b980Sflorian */ 269f4a8b980Sflorian for (c=0; c < 3; c++) { 270f4a8b980Sflorian if (fstat(c, &sb) == -1) { 271f4a8b980Sflorian if ((fd = open("/dev/null", O_RDWR)) != -1) { 272f4a8b980Sflorian if (dup2(fd, c) == -1) 273f4a8b980Sflorian exit(1); 274f4a8b980Sflorian if (fd > c) 275f4a8b980Sflorian close(fd); 276f4a8b980Sflorian } else 277f4a8b980Sflorian exit(1); 278f4a8b980Sflorian } 279f4a8b980Sflorian } 2807ac15270Sflorian 281a3b046bcSflorian while ((c = getopt(argc, argv, "dp:s:u:")) != -1) { 2827ac15270Sflorian switch (c) { 2837ac15270Sflorian case 'd': 2847ac15270Sflorian debug = 1; 2857ac15270Sflorian break; 286a3b046bcSflorian case 'p': 287a3b046bcSflorian chrootpath = optarg; 288a3b046bcSflorian break; 2890b5ee19eSblambert case 's': 2900b5ee19eSblambert fcgi_socket = optarg; 2910b5ee19eSblambert break; 292a3b046bcSflorian case 'u': 293a3b046bcSflorian slowcgi_user = optarg; 294a3b046bcSflorian break; 2957ac15270Sflorian default: 2967ac15270Sflorian usage(); 2977ac15270Sflorian /* NOTREACHED */ 2987ac15270Sflorian } 2997ac15270Sflorian } 3007ac15270Sflorian 3017ac15270Sflorian if (geteuid() != 0) 3027ac15270Sflorian errx(1, "need root privileges"); 3037ac15270Sflorian 3047ac15270Sflorian if (!debug && daemon(1, 0) == -1) 3057ac15270Sflorian err(1, "daemon"); 3067ac15270Sflorian 30706619349Sflorian if (!debug) { 30806619349Sflorian openlog(__progname, LOG_PID|LOG_NDELAY, LOG_DAEMON); 30906619349Sflorian logger = &syslogger; 31006619349Sflorian } 31106619349Sflorian 312a3b046bcSflorian pw = getpwnam(SLOWCGI_USER); 313a3b046bcSflorian if (pw == NULL) 3146af1d02fSclaudio lerrx(1, "no %s user", SLOWCGI_USER); 315a3b046bcSflorian 3160897de71Sflorian fd = slowcgi_listen(fcgi_socket, pw); 3170b5ee19eSblambert 318a3b046bcSflorian lwarnx("slowcgi_user: %s", slowcgi_user); 319a3b046bcSflorian pw = getpwnam(slowcgi_user); 320a3b046bcSflorian if (pw == NULL) 3216af1d02fSclaudio lerrx(1, "no %s user", slowcgi_user); 322a3b046bcSflorian 323a3b046bcSflorian if (chrootpath == NULL) 324a3b046bcSflorian chrootpath = pw->pw_dir; 325a3b046bcSflorian 326a3b046bcSflorian if (chroot(chrootpath) == -1) 327a3b046bcSflorian lerr(1, "chroot(%s)", chrootpath); 328a3b046bcSflorian 329a3b046bcSflorian ldebug("chroot: %s", chrootpath); 3307ac15270Sflorian 3317ac15270Sflorian if (chdir("/") == -1) 332a3b046bcSflorian lerr(1, "chdir(/)"); 333bde99fd8Sblambert 3347ac15270Sflorian if (setgroups(1, &pw->pw_gid) || 3357ac15270Sflorian setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) || 3367ac15270Sflorian setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) 3377ac15270Sflorian lerr(1, "unable to revoke privs"); 3387ac15270Sflorian 3391bfdb260Sflorian if (pledge("stdio rpath unix proc exec", NULL) == -1) 3401bfdb260Sflorian lerr(1, "pledge"); 3411bfdb260Sflorian 342c3b13bc8Sblambert SLIST_INIT(&slowcgi_proc.requests); 3430897de71Sflorian event_init(); 3440897de71Sflorian 3450897de71Sflorian l = calloc(1, sizeof(*l)); 3460897de71Sflorian if (l == NULL) 3470897de71Sflorian lerr(1, "listener ev alloc"); 3480897de71Sflorian 3490897de71Sflorian event_set(&l->ev, fd, EV_READ | EV_PERSIST, slowcgi_accept, l); 3500897de71Sflorian event_add(&l->ev, NULL); 3510897de71Sflorian evtimer_set(&l->pause, slowcgi_paused, l); 3527ac15270Sflorian 3537ac15270Sflorian signal_set(&slowcgi_proc.ev_sigchld, SIGCHLD, slowcgi_sig_handler, 3547ac15270Sflorian &slowcgi_proc); 3557ac15270Sflorian signal_set(&slowcgi_proc.ev_sigpipe, SIGPIPE, slowcgi_sig_handler, 3567ac15270Sflorian &slowcgi_proc); 3577ac15270Sflorian 3587ac15270Sflorian signal_add(&slowcgi_proc.ev_sigchld, NULL); 3597ac15270Sflorian signal_add(&slowcgi_proc.ev_sigpipe, NULL); 3607ac15270Sflorian 3617ac15270Sflorian event_dispatch(); 3627ac15270Sflorian return (0); 3637ac15270Sflorian } 3640897de71Sflorian 3650897de71Sflorian int 366f6474c66Sflorian slowcgi_listen(char *path, struct passwd *pw) 3677ac15270Sflorian { 3687ac15270Sflorian struct sockaddr_un sun; 369d0c661abSflorian mode_t old_umask; 3707ac15270Sflorian int fd; 3717ac15270Sflorian 372d253f95aSflorian if ((fd = socket(AF_UNIX, SOCK_STREAM | SOCK_NONBLOCK | SOCK_CLOEXEC, 373d253f95aSflorian 0)) == -1) 3747ac15270Sflorian lerr(1, "slowcgi_listen: socket"); 3757ac15270Sflorian 3767ac15270Sflorian bzero(&sun, sizeof(sun)); 3777ac15270Sflorian sun.sun_family = AF_UNIX; 378cdf4d38dSguenther if (strlcpy(sun.sun_path, path, sizeof(sun.sun_path)) >= 379cdf4d38dSguenther sizeof(sun.sun_path)) 380*d444d2f2Stb lerrx(1, "socket path too long"); 3817ac15270Sflorian 3827ac15270Sflorian if (unlink(path) == -1) 3837ac15270Sflorian if (errno != ENOENT) 3847ac15270Sflorian lerr(1, "slowcgi_listen: unlink %s", path); 3857ac15270Sflorian 386f6474c66Sflorian old_umask = umask(S_IXUSR|S_IXGRP|S_IWOTH|S_IROTH| 387f6474c66Sflorian S_IXOTH); 3887ac15270Sflorian 3897ac15270Sflorian if (bind(fd, (struct sockaddr *)&sun, sizeof(sun)) == -1) 3907ac15270Sflorian lerr(1,"slowcgi_listen: bind: %s", path); 3917ac15270Sflorian 3927ac15270Sflorian umask(old_umask); 3937ac15270Sflorian 394f6474c66Sflorian if (chown(path, pw->pw_uid, pw->pw_gid) == -1) 3957ac15270Sflorian lerr(1, "slowcgi_listen: chown: %s", path); 3967ac15270Sflorian 3977ac15270Sflorian if (listen(fd, 5) == -1) 3987ac15270Sflorian lerr(1, "listen"); 3997ac15270Sflorian 400bde99fd8Sblambert ldebug("socket: %s", path); 4010897de71Sflorian return fd; 4027ac15270Sflorian } 4037ac15270Sflorian 4047ac15270Sflorian void 4057ac15270Sflorian slowcgi_paused(int fd, short events, void *arg) 4067ac15270Sflorian { 4077ac15270Sflorian struct listener *l = arg; 4087ac15270Sflorian event_add(&l->ev, NULL); 4097ac15270Sflorian } 4107ac15270Sflorian 4113f9f8982Sbenno int 4123f9f8982Sbenno accept_reserve(int sockfd, struct sockaddr *addr, socklen_t *addrlen, 4133f9f8982Sbenno int reserve, volatile int *counter) 4143f9f8982Sbenno { 4153f9f8982Sbenno int ret; 4163f9f8982Sbenno if (getdtablecount() + reserve + 4173f9f8982Sbenno (*counter * FD_NEEDED) >= getdtablesize()) { 418f8701677Sderaadt ldebug("inflight fds exceeded"); 4193f9f8982Sbenno errno = EMFILE; 4203f9f8982Sbenno return -1; 4213f9f8982Sbenno } 4223f9f8982Sbenno 423d253f95aSflorian if ((ret = accept4(sockfd, addr, addrlen, SOCK_NONBLOCK | SOCK_CLOEXEC)) 424d253f95aSflorian > -1) { 4253f9f8982Sbenno (*counter)++; 4263f9f8982Sbenno ldebug("inflight incremented, now %d", *counter); 4273f9f8982Sbenno } 4283f9f8982Sbenno return ret; 4293f9f8982Sbenno } 4303f9f8982Sbenno 4317ac15270Sflorian void 4327ac15270Sflorian slowcgi_accept(int fd, short events, void *arg) 4337ac15270Sflorian { 4347ac15270Sflorian struct listener *l; 4357ac15270Sflorian struct sockaddr_storage ss; 436adf2d9e3Sflorian struct timeval backoff; 437c3b13bc8Sblambert struct request *c; 438c3b13bc8Sblambert struct requests *requests; 4397ac15270Sflorian socklen_t len; 4407ac15270Sflorian int s; 4417ac15270Sflorian 4427ac15270Sflorian l = arg; 443adf2d9e3Sflorian backoff.tv_sec = 1; 444adf2d9e3Sflorian backoff.tv_usec = 0; 4457ac15270Sflorian c = NULL; 4467ac15270Sflorian 4477ac15270Sflorian len = sizeof(ss); 4483f9f8982Sbenno if ((s = accept_reserve(fd, (struct sockaddr *)&ss, 4493f9f8982Sbenno &len, FD_RESERVE, &cgi_inflight)) == -1) { 4507ac15270Sflorian switch (errno) { 4517ac15270Sflorian case EINTR: 4527ac15270Sflorian case EWOULDBLOCK: 4537ac15270Sflorian case ECONNABORTED: 4547ac15270Sflorian return; 4557ac15270Sflorian case EMFILE: 4567ac15270Sflorian case ENFILE: 4577ac15270Sflorian event_del(&l->ev); 458adf2d9e3Sflorian evtimer_add(&l->pause, &backoff); 4597ac15270Sflorian return; 4607ac15270Sflorian default: 4617ac15270Sflorian lerr(1, "accept"); 4627ac15270Sflorian } 4637ac15270Sflorian } 4647ac15270Sflorian 4657ac15270Sflorian c = calloc(1, sizeof(*c)); 4667ac15270Sflorian if (c == NULL) { 467c3b13bc8Sblambert lwarn("cannot calloc request"); 4687ac15270Sflorian close(s); 4693f9f8982Sbenno cgi_inflight--; 4707ac15270Sflorian return; 4717ac15270Sflorian } 472c3b13bc8Sblambert requests = calloc(1, sizeof(*requests)); 473c3b13bc8Sblambert if (requests == NULL) { 474c3b13bc8Sblambert lwarn("cannot calloc requests"); 4757ac15270Sflorian close(s); 4763f9f8982Sbenno cgi_inflight--; 4777ac15270Sflorian free(c); 4787ac15270Sflorian return; 4797ac15270Sflorian } 4807ac15270Sflorian c->fd = s; 4817ac15270Sflorian c->buf_pos = 0; 4827ac15270Sflorian c->buf_len = 0; 4837ac15270Sflorian c->request_started = 0; 4846bdc2311Sflorian c->stdin_fd_closed = c->stdout_fd_closed = c->stderr_fd_closed = 0; 4853f9f8982Sbenno c->inflight_fds_accounted = 0; 4867ac15270Sflorian TAILQ_INIT(&c->response_head); 4877ac15270Sflorian TAILQ_INIT(&c->stdin_head); 4887ac15270Sflorian 4897ac15270Sflorian event_set(&c->ev, s, EV_READ | EV_PERSIST, slowcgi_request, c); 4907ac15270Sflorian event_add(&c->ev, NULL); 4914404b4d5Sflorian event_set(&c->resp_ev, s, EV_WRITE | EV_PERSIST, slowcgi_response, c); 4927ac15270Sflorian event_set(&c->tmo, s, 0, slowcgi_timeout, c); 4937ac15270Sflorian event_add(&c->tmo, &timeout); 494c3b13bc8Sblambert requests->request = c; 495c3b13bc8Sblambert SLIST_INSERT_HEAD(&slowcgi_proc.requests, requests, entry); 4967ac15270Sflorian } 4977ac15270Sflorian 4987ac15270Sflorian void 4997ac15270Sflorian slowcgi_timeout(int fd, short events, void *arg) 5007ac15270Sflorian { 501c3b13bc8Sblambert cleanup_request((struct request*) arg); 5027ac15270Sflorian } 5037ac15270Sflorian 5047ac15270Sflorian void 5057ac15270Sflorian slowcgi_sig_handler(int sig, short event, void *arg) 5067ac15270Sflorian { 507c3b13bc8Sblambert struct request *c; 508c3b13bc8Sblambert struct requests *ncs; 5097ac15270Sflorian struct slowcgi_proc *p; 5107ac15270Sflorian pid_t pid; 5117ac15270Sflorian int status; 5127ac15270Sflorian 5137ac15270Sflorian p = arg; 5147ac15270Sflorian 5157ac15270Sflorian switch (sig) { 5167ac15270Sflorian case SIGCHLD: 5171878c91fSdjm while ((pid = waitpid(WAIT_ANY, &status, WNOHANG)) > 0) { 518e0571d83Sflorian c = NULL; 519c3b13bc8Sblambert SLIST_FOREACH(ncs, &p->requests, entry) 520c3b13bc8Sblambert if (ncs->request->script_pid == pid) { 521c3b13bc8Sblambert c = ncs->request; 5227ac15270Sflorian break; 5237ac15270Sflorian } 524bde99fd8Sblambert if (c == NULL) { 525bde99fd8Sblambert lwarnx("caught exit of unknown child %i", pid); 526e0571d83Sflorian continue; 527bde99fd8Sblambert } 528bde99fd8Sblambert 529bde99fd8Sblambert if (WIFSIGNALED(status)) 530bde99fd8Sblambert c->script_status = WTERMSIG(status); 531bde99fd8Sblambert else 5327ac15270Sflorian c->script_status = WEXITSTATUS(status); 533bde99fd8Sblambert 5347ac15270Sflorian if (c->script_flags == (STDOUT_DONE | STDERR_DONE)) 535c3b13bc8Sblambert create_end_record(c); 5367ac15270Sflorian c->script_flags |= SCRIPT_DONE; 537bde99fd8Sblambert 538bde99fd8Sblambert ldebug("wait: %s", c->script_name); 539e0571d83Sflorian } 5401878c91fSdjm if (pid == -1 && errno != ECHILD) 5411878c91fSdjm lwarn("waitpid"); 542bde99fd8Sblambert break; 5437ac15270Sflorian case SIGPIPE: 5447ac15270Sflorian /* ignore */ 5457ac15270Sflorian break; 5467ac15270Sflorian default: 5477ac15270Sflorian lerr(1, "unexpected signal: %d", sig); 548f8701677Sderaadt break; 5497ac15270Sflorian } 5507ac15270Sflorian } 5517ac15270Sflorian 5527ac15270Sflorian void 5534404b4d5Sflorian slowcgi_add_response(struct request *c, struct fcgi_response *resp) 5544404b4d5Sflorian { 5554404b4d5Sflorian TAILQ_INSERT_TAIL(&c->response_head, resp, entry); 5564404b4d5Sflorian event_add(&c->resp_ev, NULL); 5574404b4d5Sflorian } 5584404b4d5Sflorian 5594404b4d5Sflorian void 5607ac15270Sflorian slowcgi_response(int fd, short events, void *arg) 5617ac15270Sflorian { 562c3b13bc8Sblambert struct request *c; 5637ac15270Sflorian struct fcgi_record_header *header; 5647ac15270Sflorian struct fcgi_response *resp; 5657ac15270Sflorian ssize_t n; 5667ac15270Sflorian 5677ac15270Sflorian c = arg; 5687ac15270Sflorian 5697ac15270Sflorian while ((resp = TAILQ_FIRST(&c->response_head))) { 5707ac15270Sflorian header = (struct fcgi_record_header*) resp->data; 5717ac15270Sflorian if (debug) 57203e61f17Sblambert dump_fcgi_record("resp ", header); 5737ac15270Sflorian 5747ac15270Sflorian n = write(fd, resp->data + resp->data_pos, resp->data_len); 5757ac15270Sflorian if (n == -1) { 57614379226Sflorian if (errno == EAGAIN || errno == EINTR) 5777ac15270Sflorian return; 578c3b13bc8Sblambert cleanup_request(c); 5797ac15270Sflorian return; 5807ac15270Sflorian } 5817ac15270Sflorian resp->data_pos += n; 5827ac15270Sflorian resp->data_len -= n; 5837ac15270Sflorian if (resp->data_len == 0) { 5847ac15270Sflorian TAILQ_REMOVE(&c->response_head, resp, entry); 5857ac15270Sflorian free(resp); 5867ac15270Sflorian } 5877ac15270Sflorian } 5887ac15270Sflorian 5897ac15270Sflorian if (TAILQ_EMPTY(&c->response_head)) { 5907ac15270Sflorian if (c->script_flags == (STDOUT_DONE | STDERR_DONE | 5917ac15270Sflorian SCRIPT_DONE)) 592c3b13bc8Sblambert cleanup_request(c); 5937ac15270Sflorian else 5947ac15270Sflorian event_del(&c->resp_ev); 5957ac15270Sflorian } 5967ac15270Sflorian } 5977ac15270Sflorian 5987ac15270Sflorian void 5997ac15270Sflorian slowcgi_request(int fd, short events, void *arg) 6007ac15270Sflorian { 601c3b13bc8Sblambert struct request *c; 602bcf12a6bSblambert ssize_t n; 603bcf12a6bSblambert size_t parsed; 6047ac15270Sflorian 6057ac15270Sflorian c = arg; 6067ac15270Sflorian 6077ac15270Sflorian n = read(fd, c->buf + c->buf_pos + c->buf_len, 6087ac15270Sflorian FCGI_RECORD_SIZE - c->buf_pos-c->buf_len); 6097ac15270Sflorian 6107ac15270Sflorian switch (n) { 6117ac15270Sflorian case -1: 6127ac15270Sflorian switch (errno) { 6137ac15270Sflorian case EINTR: 6147ac15270Sflorian case EAGAIN: 6157ac15270Sflorian return; 6167ac15270Sflorian default: 6177ac15270Sflorian goto fail; 6187ac15270Sflorian } 6197ac15270Sflorian break; 6207ac15270Sflorian 6217ac15270Sflorian case 0: 6227ac15270Sflorian ldebug("closed connection"); 6237ac15270Sflorian goto fail; 6247ac15270Sflorian default: 6257ac15270Sflorian break; 6267ac15270Sflorian } 6277ac15270Sflorian 6287ac15270Sflorian c->buf_len += n; 6297ac15270Sflorian 63002ad6491Sblambert /* 63102ad6491Sblambert * Parse the records as they are received. Per the FastCGI 63202ad6491Sblambert * specification, the server need only receive the FastCGI 63302ad6491Sblambert * parameter records in full; it is free to begin execution 63402ad6491Sblambert * at that point, which is what happens here. 63502ad6491Sblambert */ 6367ac15270Sflorian do { 637c3b13bc8Sblambert parsed = parse_record(c->buf + c->buf_pos, c->buf_len, c); 6387ac15270Sflorian c->buf_pos += parsed; 6397ac15270Sflorian c->buf_len -= parsed; 6407ac15270Sflorian } while (parsed > 0 && c->buf_len > 0); 6417ac15270Sflorian 642965b2218Sblambert /* Make space for further reads */ 6437ac15270Sflorian if (c->buf_len > 0) { 6447ac15270Sflorian bcopy(c->buf + c->buf_pos, c->buf, c->buf_len); 6457ac15270Sflorian c->buf_pos = 0; 6467ac15270Sflorian } 6477ac15270Sflorian return; 6487ac15270Sflorian fail: 649c3b13bc8Sblambert cleanup_request(c); 6507ac15270Sflorian } 6517ac15270Sflorian 6527ac15270Sflorian void 653c3b13bc8Sblambert parse_begin_request(uint8_t *buf, uint16_t n, struct request *c, uint16_t id) 6547ac15270Sflorian { 655965b2218Sblambert /* XXX -- FCGI_CANT_MPX_CONN */ 6567ac15270Sflorian if (c->request_started) { 6577ac15270Sflorian lwarnx("unexpected FCGI_BEGIN_REQUEST, ignoring"); 6587ac15270Sflorian return; 6597ac15270Sflorian } 6607ac15270Sflorian 6617ac15270Sflorian if (n != sizeof(struct fcgi_begin_request_body)) { 6627ac15270Sflorian lwarnx("wrong size %d != %d", n, 6637ac15270Sflorian sizeof(struct fcgi_begin_request_body)); 6647ac15270Sflorian return; 6657ac15270Sflorian } 6667ac15270Sflorian 6677ac15270Sflorian c->request_started = 1; 6687ac15270Sflorian 6697ac15270Sflorian c->id = id; 6707ac15270Sflorian SLIST_INIT(&c->env); 6717ac15270Sflorian c->env_count = 0; 6727ac15270Sflorian } 6737ac15270Sflorian void 674c3b13bc8Sblambert parse_params(uint8_t *buf, uint16_t n, struct request *c, uint16_t id) 6757ac15270Sflorian { 6767ac15270Sflorian struct env_val *env_entry; 6777ac15270Sflorian uint32_t name_len, val_len; 6787ac15270Sflorian 6797ac15270Sflorian if (!c->request_started) { 6807ac15270Sflorian lwarnx("FCGI_PARAMS without FCGI_BEGIN_REQUEST, ignoring"); 6817ac15270Sflorian return; 6827ac15270Sflorian } 6837ac15270Sflorian 6847ac15270Sflorian if (c->id != id) { 6857ac15270Sflorian lwarnx("unexpected id, ignoring"); 6867ac15270Sflorian return; 6877ac15270Sflorian } 6887ac15270Sflorian 68902ad6491Sblambert /* 69002ad6491Sblambert * If this is the last FastCGI parameter record, 69102ad6491Sblambert * begin execution of the CGI script. 69202ad6491Sblambert */ 6937ac15270Sflorian if (n == 0) { 6947ac15270Sflorian exec_cgi(c); 6957ac15270Sflorian return; 6967ac15270Sflorian } 69702ad6491Sblambert 6987ac15270Sflorian while (n > 0) { 6997ac15270Sflorian if (buf[0] >> 7 == 0) { 7007ac15270Sflorian name_len = buf[0]; 7017ac15270Sflorian n--; 7027ac15270Sflorian buf++; 7037ac15270Sflorian } else { 7047ac15270Sflorian if (n > 3) { 70510fd764fSflorian name_len = ((buf[0] & 0x7f) << 24) + 70610fd764fSflorian (buf[1] << 16) + (buf[2] << 8) + buf[3]; 7077ac15270Sflorian n -= 4; 7087ac15270Sflorian buf += 4; 7097ac15270Sflorian } else 7107ac15270Sflorian return; 7117ac15270Sflorian } 7127ac15270Sflorian 7137ac15270Sflorian if (n > 0) { 7147ac15270Sflorian if (buf[0] >> 7 == 0) { 7157ac15270Sflorian val_len = buf[0]; 7167ac15270Sflorian n--; 7177ac15270Sflorian buf++; 7187ac15270Sflorian } else { 7197ac15270Sflorian if (n > 3) { 72010fd764fSflorian val_len = ((buf[0] & 0x7f) << 24) + 72110fd764fSflorian (buf[1] << 16) + (buf[2] << 8) + 72210fd764fSflorian buf[3]; 7237ac15270Sflorian n -= 4; 7247ac15270Sflorian buf += 4; 7257ac15270Sflorian } else 7267ac15270Sflorian return; 7277ac15270Sflorian } 728f58bfe4fSflorian } else 729f58bfe4fSflorian return; 730f58bfe4fSflorian 7317ac15270Sflorian if (n < name_len + val_len) 7327ac15270Sflorian return; 7337ac15270Sflorian 7347ac15270Sflorian if ((env_entry = malloc(sizeof(struct env_val))) == NULL) { 7357ac15270Sflorian lwarnx("cannot allocate env_entry"); 7367ac15270Sflorian return; 7377ac15270Sflorian } 7387ac15270Sflorian 7397ac15270Sflorian if ((env_entry->val = calloc(sizeof(char), name_len + val_len + 7407ac15270Sflorian 2)) == NULL) { 7417ac15270Sflorian lwarnx("cannot allocate env_entry->val"); 7427ac15270Sflorian free(env_entry); 7437ac15270Sflorian return; 7447ac15270Sflorian } 7457ac15270Sflorian 7467ac15270Sflorian bcopy(buf, env_entry->val, name_len); 747965b2218Sblambert buf += name_len; 748965b2218Sblambert n -= name_len; 7497ac15270Sflorian 7507ac15270Sflorian env_entry->val[name_len] = '\0'; 751b9fc9a72Sderaadt if (val_len < PATH_MAX && strcmp(env_entry->val, 752efec7dbcSflorian "SCRIPT_NAME") == 0 && c->script_name[0] == '\0') { 753efec7dbcSflorian bcopy(buf, c->script_name, val_len); 754efec7dbcSflorian c->script_name[val_len] = '\0'; 755b9fc9a72Sderaadt } else if (val_len < PATH_MAX && strcmp(env_entry->val, 756efec7dbcSflorian "SCRIPT_FILENAME") == 0) { 7577ac15270Sflorian bcopy(buf, c->script_name, val_len); 75853847fa2Sflorian c->script_name[val_len] = '\0'; 7597ac15270Sflorian } 7607ac15270Sflorian env_entry->val[name_len] = '='; 7617ac15270Sflorian 7627ac15270Sflorian bcopy(buf, (env_entry->val) + name_len + 1, val_len); 763965b2218Sblambert buf += val_len; 764965b2218Sblambert n -= val_len; 7657ac15270Sflorian 7667ac15270Sflorian SLIST_INSERT_HEAD(&c->env, env_entry, entry); 767bcbc98ecSmillert ldebug("env[%d], %s", c->env_count, env_entry->val); 7687ac15270Sflorian c->env_count++; 7697ac15270Sflorian } 7707ac15270Sflorian } 7717ac15270Sflorian 7727ac15270Sflorian void 773c3b13bc8Sblambert parse_stdin(uint8_t *buf, uint16_t n, struct request *c, uint16_t id) 7747ac15270Sflorian { 7757ac15270Sflorian struct fcgi_stdin *node; 7767ac15270Sflorian 7777ac15270Sflorian if (c->id != id) { 7787ac15270Sflorian lwarnx("unexpected id, ignoring"); 7797ac15270Sflorian return; 7807ac15270Sflorian } 7817ac15270Sflorian 7827ac15270Sflorian if ((node = calloc(1, sizeof(struct fcgi_stdin))) == NULL) { 7837ac15270Sflorian lwarnx("cannot calloc stdin node"); 7847ac15270Sflorian return; 7857ac15270Sflorian } 7867ac15270Sflorian 7877ac15270Sflorian bcopy(buf, node->data, n); 7887ac15270Sflorian node->data_pos = 0; 7897ac15270Sflorian node->data_len = n; 7907ac15270Sflorian 7917ac15270Sflorian TAILQ_INSERT_TAIL(&c->stdin_head, node, entry); 7927ac15270Sflorian 793a9461a24Sflorian if (event_initialized(&c->script_stdin_ev)) 7947ac15270Sflorian event_add(&c->script_stdin_ev, NULL); 7957ac15270Sflorian } 7967ac15270Sflorian 7977ac15270Sflorian size_t 798c3b13bc8Sblambert parse_record(uint8_t *buf, size_t n, struct request *c) 7997ac15270Sflorian { 8007ac15270Sflorian struct fcgi_record_header *h; 8017ac15270Sflorian 8027ac15270Sflorian if (n < sizeof(struct fcgi_record_header)) 8037ac15270Sflorian return (0); 8047ac15270Sflorian 8057ac15270Sflorian h = (struct fcgi_record_header*) buf; 8067ac15270Sflorian 8077ac15270Sflorian if (debug) 80803e61f17Sblambert dump_fcgi_record("", h); 8097ac15270Sflorian 8107ac15270Sflorian if (n < sizeof(struct fcgi_record_header) + ntohs(h->content_len) 8117ac15270Sflorian + h->padding_len) 8127ac15270Sflorian return (0); 8137ac15270Sflorian 8147ac15270Sflorian if (h->version != 1) 8157ac15270Sflorian lerrx(1, "wrong version"); 8167ac15270Sflorian 8177ac15270Sflorian switch (h->type) { 8187ac15270Sflorian case FCGI_BEGIN_REQUEST: 8197ac15270Sflorian parse_begin_request(buf + sizeof(struct fcgi_record_header), 8207ac15270Sflorian ntohs(h->content_len), c, ntohs(h->id)); 8217ac15270Sflorian break; 8227ac15270Sflorian case FCGI_PARAMS: 8237ac15270Sflorian parse_params(buf + sizeof(struct fcgi_record_header), 8247ac15270Sflorian ntohs(h->content_len), c, ntohs(h->id)); 8257ac15270Sflorian break; 8267ac15270Sflorian case FCGI_STDIN: 8277ac15270Sflorian parse_stdin(buf + sizeof(struct fcgi_record_header), 8287ac15270Sflorian ntohs(h->content_len), c, ntohs(h->id)); 8297ac15270Sflorian break; 8307ac15270Sflorian default: 8317ac15270Sflorian lwarnx("unimplemented type %d", h->type); 832f8701677Sderaadt break; 8337ac15270Sflorian } 8347ac15270Sflorian 8357ac15270Sflorian return (sizeof(struct fcgi_record_header) + ntohs(h->content_len) 8367ac15270Sflorian + h->padding_len); 8377ac15270Sflorian } 8387ac15270Sflorian 83902ad6491Sblambert /* 84002ad6491Sblambert * Fork a new CGI process to handle the request, translating 84102ad6491Sblambert * between FastCGI parameter records and CGI's environment variables, 84202ad6491Sblambert * as well as between the CGI process' stdin/stdout and the 84302ad6491Sblambert * corresponding FastCGI records. 84402ad6491Sblambert */ 8457ac15270Sflorian void 846c3b13bc8Sblambert exec_cgi(struct request *c) 8477ac15270Sflorian { 8487ac15270Sflorian struct env_val *env_entry; 849a9461a24Sflorian int s_in[2], s_out[2], s_err[2], i; 8507ac15270Sflorian pid_t pid; 8517ac15270Sflorian char *argv[2]; 8527ac15270Sflorian char **env; 8536bcf2ad3Sflorian char *path; 8547ac15270Sflorian 8557ac15270Sflorian i = 0; 8567ac15270Sflorian 857a9461a24Sflorian if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, s_in) == -1) 858a9461a24Sflorian lerr(1, "socketpair"); 859a9461a24Sflorian if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, s_out) == -1) 8607ac15270Sflorian lerr(1, "socketpair"); 8617ac15270Sflorian if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, s_err) == -1) 8627ac15270Sflorian lerr(1, "socketpair"); 8633f9f8982Sbenno cgi_inflight--; 8643f9f8982Sbenno c->inflight_fds_accounted = 1; 8657ac15270Sflorian ldebug("fork: %s", c->script_name); 866965b2218Sblambert 8677ac15270Sflorian switch (pid = fork()) { 8687ac15270Sflorian case -1: 869e014c219Sflorian c->script_status = errno; 870e014c219Sflorian 8717ac15270Sflorian lwarn("fork"); 872e014c219Sflorian 873e014c219Sflorian close(s_in[0]); 874e014c219Sflorian close(s_out[0]); 875e014c219Sflorian close(s_err[0]); 876e014c219Sflorian 877e014c219Sflorian close(s_in[1]); 878e014c219Sflorian close(s_out[1]); 879e014c219Sflorian close(s_err[1]); 880e014c219Sflorian 881e014c219Sflorian c->stdin_fd_closed = c->stdout_fd_closed = 882e014c219Sflorian c->stderr_fd_closed = 1; 883e014c219Sflorian c->script_flags = (STDOUT_DONE | STDERR_DONE | SCRIPT_DONE); 884e014c219Sflorian 885e014c219Sflorian create_end_record(c); 8867ac15270Sflorian return; 8877ac15270Sflorian case 0: 8887ac15270Sflorian /* Child process */ 8891bfdb260Sflorian if (pledge("stdio rpath exec", NULL) == -1) 8901bfdb260Sflorian lerr(1, "pledge"); 891a9461a24Sflorian close(s_in[0]); 892a9461a24Sflorian close(s_out[0]); 8937ac15270Sflorian close(s_err[0]); 894f4a8b980Sflorian 895a9461a24Sflorian if (dup2(s_in[1], STDIN_FILENO) == -1) 8967ac15270Sflorian _exit(1); 897a9461a24Sflorian if (dup2(s_out[1], STDOUT_FILENO) == -1) 8987ac15270Sflorian _exit(1); 8997ac15270Sflorian if (dup2(s_err[1], STDERR_FILENO) == -1) 9007ac15270Sflorian _exit(1); 901f4a8b980Sflorian 902f4a8b980Sflorian close(s_in[1]); 903f4a8b980Sflorian close(s_out[1]); 904f4a8b980Sflorian close(s_err[1]); 905f4a8b980Sflorian 9066bcf2ad3Sflorian path = strrchr(c->script_name, '/'); 9076bcf2ad3Sflorian if (path != NULL) { 90876f0500eSflorian if (path != c->script_name) { 9096bcf2ad3Sflorian *path = '\0'; 9106bcf2ad3Sflorian if (chdir(c->script_name) == -1) 91176f0500eSflorian lwarn("cannot chdir to %s", 91276f0500eSflorian c->script_name); 9136bcf2ad3Sflorian *path = '/'; 91476f0500eSflorian } else 91576f0500eSflorian if (chdir("/") == -1) 91676f0500eSflorian lwarn("cannot chdir to /"); 9176bcf2ad3Sflorian } 9186bcf2ad3Sflorian 9197ac15270Sflorian argv[0] = c->script_name; 9207ac15270Sflorian argv[1] = NULL; 9217ac15270Sflorian if ((env = calloc(c->env_count + 1, sizeof(char*))) == NULL) 9227ac15270Sflorian _exit(1); 9237ac15270Sflorian SLIST_FOREACH(env_entry, &c->env, entry) 9247ac15270Sflorian env[i++] = env_entry->val; 9257ac15270Sflorian env[i++] = NULL; 9267ac15270Sflorian execve(c->script_name, argv, env); 9271878c91fSdjm lwarn("execve %s", c->script_name); 9287ac15270Sflorian _exit(1); 9297ac15270Sflorian 9307ac15270Sflorian } 931f8701677Sderaadt 9327ac15270Sflorian /* Parent process*/ 933a9461a24Sflorian close(s_in[1]); 934a9461a24Sflorian close(s_out[1]); 9357ac15270Sflorian close(s_err[1]); 93694ee156dSflorian 937a9461a24Sflorian fcntl(s_in[0], F_SETFD, FD_CLOEXEC); 938a9461a24Sflorian fcntl(s_out[0], F_SETFD, FD_CLOEXEC); 93994ee156dSflorian fcntl(s_err[0], F_SETFD, FD_CLOEXEC); 94094ee156dSflorian 941a9461a24Sflorian if (ioctl(s_in[0], FIONBIO, &on) == -1) 942a9461a24Sflorian lerr(1, "script ioctl(FIONBIO)"); 943a9461a24Sflorian if (ioctl(s_out[0], FIONBIO, &on) == -1) 9447ac15270Sflorian lerr(1, "script ioctl(FIONBIO)"); 9457ac15270Sflorian if (ioctl(s_err[0], FIONBIO, &on) == -1) 9467ac15270Sflorian lerr(1, "script ioctl(FIONBIO)"); 9477ac15270Sflorian 9487ac15270Sflorian c->script_pid = pid; 949a9461a24Sflorian event_set(&c->script_stdin_ev, s_in[0], EV_WRITE | EV_PERSIST, 950a9461a24Sflorian script_out, c); 951a9461a24Sflorian event_add(&c->script_stdin_ev, NULL); 952a9461a24Sflorian event_set(&c->script_ev, s_out[0], EV_READ | EV_PERSIST, 953a9461a24Sflorian script_std_in, c); 9547ac15270Sflorian event_add(&c->script_ev, NULL); 9557ac15270Sflorian event_set(&c->script_err_ev, s_err[0], EV_READ | EV_PERSIST, 9567ac15270Sflorian script_err_in, c); 9577ac15270Sflorian event_add(&c->script_err_ev, NULL); 9587ac15270Sflorian } 9597ac15270Sflorian 9607ac15270Sflorian void 961c3b13bc8Sblambert create_end_record(struct request *c) 9627ac15270Sflorian { 9637ac15270Sflorian struct fcgi_response *resp; 9647ac15270Sflorian struct fcgi_record_header *header; 96503e61f17Sblambert struct fcgi_end_request_body *end_request; 9667ac15270Sflorian 9677ac15270Sflorian if ((resp = malloc(sizeof(struct fcgi_response))) == NULL) { 9687ac15270Sflorian lwarnx("cannot malloc fcgi_response"); 9697ac15270Sflorian return; 9707ac15270Sflorian } 9717ac15270Sflorian header = (struct fcgi_record_header*) resp->data; 9727ac15270Sflorian header->version = 1; 9737ac15270Sflorian header->type = FCGI_END_REQUEST; 9747ac15270Sflorian header->id = htons(c->id); 9757ac15270Sflorian header->content_len = htons(sizeof(struct 97603e61f17Sblambert fcgi_end_request_body)); 9777ac15270Sflorian header->padding_len = 0; 9787ac15270Sflorian header->reserved = 0; 9798c347892Sflorian end_request = (struct fcgi_end_request_body *) (resp->data + 9808c347892Sflorian sizeof(struct fcgi_record_header)); 9817ac15270Sflorian end_request->app_status = htonl(c->script_status); 9827ac15270Sflorian end_request->protocol_status = FCGI_REQUEST_COMPLETE; 9838c347892Sflorian end_request->reserved[0] = 0; 9848c347892Sflorian end_request->reserved[1] = 0; 9858c347892Sflorian end_request->reserved[2] = 0; 9867ac15270Sflorian resp->data_pos = 0; 98703e61f17Sblambert resp->data_len = sizeof(struct fcgi_end_request_body) + 9887ac15270Sflorian sizeof(struct fcgi_record_header); 9894404b4d5Sflorian slowcgi_add_response(c, resp); 9907ac15270Sflorian } 9917ac15270Sflorian 9927ac15270Sflorian void 993c3b13bc8Sblambert script_in(int fd, struct event *ev, struct request *c, uint8_t type) 9947ac15270Sflorian { 9957ac15270Sflorian struct fcgi_response *resp; 9967ac15270Sflorian struct fcgi_record_header *header; 9977ac15270Sflorian ssize_t n; 9987ac15270Sflorian 9997ac15270Sflorian if ((resp = malloc(sizeof(struct fcgi_response))) == NULL) { 10007ac15270Sflorian lwarnx("cannot malloc fcgi_response"); 10017ac15270Sflorian return; 10027ac15270Sflorian } 10037ac15270Sflorian header = (struct fcgi_record_header*) resp->data; 10047ac15270Sflorian header->version = 1; 10057ac15270Sflorian header->type = type; 10067ac15270Sflorian header->id = htons(c->id); 10077ac15270Sflorian header->padding_len = 0; 10087ac15270Sflorian header->reserved = 0; 10097ac15270Sflorian 10107ac15270Sflorian n = read(fd, resp->data + sizeof(struct fcgi_record_header), 10110ee0284dSblambert FCGI_CONTENT_SIZE); 10127ac15270Sflorian 10137ac15270Sflorian if (n == -1) { 10147ac15270Sflorian switch (errno) { 10157ac15270Sflorian case EINTR: 10167ac15270Sflorian case EAGAIN: 1017aa48dbd7Sjasper free(resp); 10187ac15270Sflorian return; 10197ac15270Sflorian default: 10207ac15270Sflorian n = 0; /* fake empty FCGI_STD{OUT,ERR} response */ 10217ac15270Sflorian } 10227ac15270Sflorian } 10237ac15270Sflorian header->content_len = htons(n); 10247ac15270Sflorian resp->data_pos = 0; 10257ac15270Sflorian resp->data_len = n + sizeof(struct fcgi_record_header); 10264404b4d5Sflorian slowcgi_add_response(c, resp); 10277ac15270Sflorian 10287ac15270Sflorian if (n == 0) { 10297ac15270Sflorian if (type == FCGI_STDOUT) 10307ac15270Sflorian c->script_flags |= STDOUT_DONE; 10317ac15270Sflorian else 10327ac15270Sflorian c->script_flags |= STDERR_DONE; 10337ac15270Sflorian 10347ac15270Sflorian if (c->script_flags == (STDOUT_DONE | STDERR_DONE | 10357ac15270Sflorian SCRIPT_DONE)) { 1036c3b13bc8Sblambert create_end_record(c); 10377ac15270Sflorian } 10387ac15270Sflorian event_del(ev); 10397ac15270Sflorian close(fd); 10406bdc2311Sflorian if (type == FCGI_STDOUT) 10416bdc2311Sflorian c->stdout_fd_closed = 1; 10426bdc2311Sflorian else 10436bdc2311Sflorian c->stderr_fd_closed = 1; 10447ac15270Sflorian } 10457ac15270Sflorian } 10467ac15270Sflorian 10477ac15270Sflorian void 10487ac15270Sflorian script_std_in(int fd, short events, void *arg) 10497ac15270Sflorian { 1050c3b13bc8Sblambert struct request *c = arg; 10517ac15270Sflorian script_in(fd, &c->script_ev, c, FCGI_STDOUT); 10527ac15270Sflorian } 10537ac15270Sflorian 10547ac15270Sflorian void 10557ac15270Sflorian script_err_in(int fd, short events, void *arg) 10567ac15270Sflorian { 1057c3b13bc8Sblambert struct request *c = arg; 10587ac15270Sflorian script_in(fd, &c->script_err_ev, c, FCGI_STDERR); 10597ac15270Sflorian } 10607ac15270Sflorian 10617ac15270Sflorian void 10627ac15270Sflorian script_out(int fd, short events, void *arg) 10637ac15270Sflorian { 1064c3b13bc8Sblambert struct request *c; 10657ac15270Sflorian struct fcgi_stdin *node; 10667ac15270Sflorian ssize_t n; 10677ac15270Sflorian 10687ac15270Sflorian c = arg; 10697ac15270Sflorian 10707ac15270Sflorian while ((node = TAILQ_FIRST(&c->stdin_head))) { 10717ac15270Sflorian if (node->data_len == 0) { /* end of stdin marker */ 1072a9461a24Sflorian close(fd); 10736bdc2311Sflorian c->stdin_fd_closed = 1; 10747ac15270Sflorian break; 10757ac15270Sflorian } 10767ac15270Sflorian n = write(fd, node->data + node->data_pos, node->data_len); 10777ac15270Sflorian if (n == -1) { 107814379226Sflorian if (errno == EAGAIN || errno == EINTR) 10797ac15270Sflorian return; 10807ac15270Sflorian event_del(&c->script_stdin_ev); 10817ac15270Sflorian return; 10827ac15270Sflorian } 10837ac15270Sflorian node->data_pos += n; 10847ac15270Sflorian node->data_len -= n; 10857ac15270Sflorian if (node->data_len == 0) { 10867ac15270Sflorian TAILQ_REMOVE(&c->stdin_head, node, entry); 10877ac15270Sflorian free(node); 10887ac15270Sflorian } 10897ac15270Sflorian } 1090a9461a24Sflorian event_del(&c->script_stdin_ev); 10917ac15270Sflorian } 10927ac15270Sflorian 10937ac15270Sflorian void 1094c3b13bc8Sblambert cleanup_request(struct request *c) 10957ac15270Sflorian { 10967ac15270Sflorian struct fcgi_response *resp; 10977ac15270Sflorian struct fcgi_stdin *stdin_node; 10987ac15270Sflorian struct env_val *env_entry; 1099c3b13bc8Sblambert struct requests *ncs, *tcs; 11007ac15270Sflorian 11017ac15270Sflorian evtimer_del(&c->tmo); 11027ac15270Sflorian if (event_initialized(&c->ev)) 11037ac15270Sflorian event_del(&c->ev); 11047ac15270Sflorian if (event_initialized(&c->resp_ev)) 11057ac15270Sflorian event_del(&c->resp_ev); 11067ac15270Sflorian if (event_initialized(&c->script_ev)) { 11076bdc2311Sflorian if (!c->stdout_fd_closed) 11087ac15270Sflorian close(EVENT_FD(&c->script_ev)); 11097ac15270Sflorian event_del(&c->script_ev); 11107ac15270Sflorian } 11117ac15270Sflorian if (event_initialized(&c->script_err_ev)) { 11126bdc2311Sflorian if (!c->stderr_fd_closed) 11137ac15270Sflorian close(EVENT_FD(&c->script_err_ev)); 11147ac15270Sflorian event_del(&c->script_err_ev); 11157ac15270Sflorian } 11167ac15270Sflorian if (event_initialized(&c->script_stdin_ev)) { 11176bdc2311Sflorian if (!c->stdin_fd_closed) 11187ac15270Sflorian close(EVENT_FD(&c->script_stdin_ev)); 11197ac15270Sflorian event_del(&c->script_stdin_ev); 11207ac15270Sflorian } 11217ac15270Sflorian close(c->fd); 11227ac15270Sflorian while (!SLIST_EMPTY(&c->env)) { 11237ac15270Sflorian env_entry = SLIST_FIRST(&c->env); 11247ac15270Sflorian SLIST_REMOVE_HEAD(&c->env, entry); 11257ac15270Sflorian free(env_entry->val); 11267ac15270Sflorian free(env_entry); 11277ac15270Sflorian } 11287ac15270Sflorian 11297ac15270Sflorian while ((resp = TAILQ_FIRST(&c->response_head))) { 11307ac15270Sflorian TAILQ_REMOVE(&c->response_head, resp, entry); 11317ac15270Sflorian free(resp); 11327ac15270Sflorian } 11337ac15270Sflorian while ((stdin_node = TAILQ_FIRST(&c->stdin_head))) { 11347ac15270Sflorian TAILQ_REMOVE(&c->stdin_head, stdin_node, entry); 11357ac15270Sflorian free(stdin_node); 11367ac15270Sflorian } 1137c3b13bc8Sblambert SLIST_FOREACH_SAFE(ncs, &slowcgi_proc.requests, entry, tcs) { 1138c3b13bc8Sblambert if (ncs->request == c) { 1139c3b13bc8Sblambert SLIST_REMOVE(&slowcgi_proc.requests, ncs, requests, 11407ac15270Sflorian entry); 11417ac15270Sflorian free(ncs); 11427ac15270Sflorian break; 11437ac15270Sflorian } 11447ac15270Sflorian } 11453f9f8982Sbenno if (! c->inflight_fds_accounted) 11463f9f8982Sbenno cgi_inflight--; 11477ac15270Sflorian free(c); 11487ac15270Sflorian } 11497ac15270Sflorian 1150965b2218Sblambert void 115103e61f17Sblambert dump_fcgi_record(const char *p, struct fcgi_record_header *h) 115203e61f17Sblambert { 115303e61f17Sblambert dump_fcgi_record_header(p, h); 115403e61f17Sblambert 115503e61f17Sblambert if (h->type == FCGI_BEGIN_REQUEST) 115603e61f17Sblambert dump_fcgi_begin_request_body(p, 1157d241f573Sflorian (struct fcgi_begin_request_body *)(h + 1)); 115803e61f17Sblambert else if (h->type == FCGI_END_REQUEST) 115903e61f17Sblambert dump_fcgi_end_request_body(p, 1160d241f573Sflorian (struct fcgi_end_request_body *)(h + 1)); 116103e61f17Sblambert } 116203e61f17Sblambert 116303e61f17Sblambert void 1164965b2218Sblambert dump_fcgi_record_header(const char* p, struct fcgi_record_header *h) 11657ac15270Sflorian { 11667ac15270Sflorian ldebug("%sversion: %d", p, h->version); 11677ac15270Sflorian ldebug("%stype: %d", p, h->type); 11687ac15270Sflorian ldebug("%srequestId: %d", p, ntohs(h->id)); 11697ac15270Sflorian ldebug("%scontentLength: %d", p, ntohs(h->content_len)); 11707ac15270Sflorian ldebug("%spaddingLength: %d", p, h->padding_len); 11717ac15270Sflorian ldebug("%sreserved: %d", p, h->reserved); 11727ac15270Sflorian } 11737ac15270Sflorian 11747ac15270Sflorian void 117503e61f17Sblambert dump_fcgi_begin_request_body(const char *p, struct fcgi_begin_request_body *b) 117603e61f17Sblambert { 117703e61f17Sblambert ldebug("%srole %d", p, ntohs(b->role)); 117803e61f17Sblambert ldebug("%sflags %d", p, b->flags); 117903e61f17Sblambert } 118003e61f17Sblambert 118103e61f17Sblambert void 118203e61f17Sblambert dump_fcgi_end_request_body(const char *p, struct fcgi_end_request_body *b) 118303e61f17Sblambert { 118403e61f17Sblambert ldebug("%sappStatus: %d", p, ntohl(b->app_status)); 118503e61f17Sblambert ldebug("%sprotocolStatus: %d", p, b->protocol_status); 118603e61f17Sblambert } 118703e61f17Sblambert 118803e61f17Sblambert void 11897ac15270Sflorian syslog_vstrerror(int e, int priority, const char *fmt, va_list ap) 11907ac15270Sflorian { 11917ac15270Sflorian char *s; 11927ac15270Sflorian 11937ac15270Sflorian if (vasprintf(&s, fmt, ap) == -1) { 11947ac15270Sflorian syslog(LOG_EMERG, "unable to alloc in syslog_vstrerror"); 11957ac15270Sflorian exit(1); 11967ac15270Sflorian } 11977ac15270Sflorian syslog(priority, "%s: %s", s, strerror(e)); 11987ac15270Sflorian free(s); 11997ac15270Sflorian } 12007ac15270Sflorian 1201d0a52cffSflorian __dead void 12027ac15270Sflorian syslog_err(int ecode, const char *fmt, ...) 12037ac15270Sflorian { 12047ac15270Sflorian va_list ap; 12057ac15270Sflorian 12067ac15270Sflorian va_start(ap, fmt); 12077ac15270Sflorian syslog_vstrerror(errno, LOG_EMERG, fmt, ap); 12087ac15270Sflorian va_end(ap); 12097ac15270Sflorian exit(ecode); 12107ac15270Sflorian } 12117ac15270Sflorian 1212d0a52cffSflorian __dead void 12137ac15270Sflorian syslog_errx(int ecode, const char *fmt, ...) 12147ac15270Sflorian { 12157ac15270Sflorian va_list ap; 12167ac15270Sflorian 12177ac15270Sflorian va_start(ap, fmt); 12187ac15270Sflorian vsyslog(LOG_WARNING, fmt, ap); 12197ac15270Sflorian va_end(ap); 12207ac15270Sflorian exit(ecode); 12217ac15270Sflorian } 12227ac15270Sflorian 12237ac15270Sflorian void 12247ac15270Sflorian syslog_warn(const char *fmt, ...) 12257ac15270Sflorian { 12267ac15270Sflorian va_list ap; 12277ac15270Sflorian 12287ac15270Sflorian va_start(ap, fmt); 12297ac15270Sflorian syslog_vstrerror(errno, LOG_WARNING, fmt, ap); 12307ac15270Sflorian va_end(ap); 12317ac15270Sflorian } 12327ac15270Sflorian 12337ac15270Sflorian void 12347ac15270Sflorian syslog_warnx(const char *fmt, ...) 12357ac15270Sflorian { 12367ac15270Sflorian va_list ap; 12377ac15270Sflorian 12387ac15270Sflorian va_start(ap, fmt); 12397ac15270Sflorian vsyslog(LOG_WARNING, fmt, ap); 12407ac15270Sflorian va_end(ap); 12417ac15270Sflorian } 12427ac15270Sflorian 12437ac15270Sflorian void 12447ac15270Sflorian syslog_info(const char *fmt, ...) 12457ac15270Sflorian { 12467ac15270Sflorian va_list ap; 12477ac15270Sflorian 12487ac15270Sflorian va_start(ap, fmt); 12497ac15270Sflorian vsyslog(LOG_INFO, fmt, ap); 12507ac15270Sflorian va_end(ap); 12517ac15270Sflorian } 12527ac15270Sflorian 12537ac15270Sflorian void 12547ac15270Sflorian syslog_debug(const char *fmt, ...) 12557ac15270Sflorian { 12567ac15270Sflorian va_list ap; 12577ac15270Sflorian 12587ac15270Sflorian if (!debug) 12597ac15270Sflorian return; 12607ac15270Sflorian 12617ac15270Sflorian va_start(ap, fmt); 12627ac15270Sflorian vsyslog(LOG_DEBUG, fmt, ap); 12637ac15270Sflorian va_end(ap); 12647ac15270Sflorian } 1265