/[hydra]/hydra/src/cgi.c
ViewVC logotype

Contents of /hydra/src/cgi.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 1.17 - (show annotations)
Mon Sep 30 17:16:54 2002 UTC (21 years, 6 months ago) by nmav
Branch: MAIN
CVS Tags: hydra_0_0_4
Changes since 1.16: +3 -3 lines
File MIME type: text/plain 
Added support for multiple HIC threads.
1 /*
2 * Hydra, an http server
3 * Copyright (C) 1995 Paul Phillips <paulp@go2net.com>
4 * Some changes Copyright (C) 1996,97 Larry Doolittle <ldoolitt@boa.org>
5 * Some changes Copyright (C) 1996 Charles F. Randall <crandall@goldsys.com>
6 * Some changes Copyright (C) 1997-2002 Jon Nelson <jnelson@boa.org>
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 1, or (at your option)
11 * any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
21 *
22 */
23
24 /* $Id: cgi.c,v 1.16 2002/09/29 08:04:45 nmav Exp $ */
25
26 #include "boa.h"
27
28 static char *env_gen_extra(const char *key, const char *value, int extra);
29
30 int verbose_cgi_logs = 0;
31 /* The +1 is for the the NULL in complete_env */
32 static char *common_cgi_env[COMMON_CGI_COUNT + 1];
33
34 /*
35 * Name: create_common_env
36 *
37 * Description: Set up the environment variables that are common to
38 * all CGI scripts
39 */
40
41 void create_common_env()
42 {
43 int index = 0, i;
44
45
46 /* NOTE NOTE NOTE:
47 If you (the reader) someday modify this chunk of code to
48 handle more "common" CGI environment variables, then bump the
49 value COMMON_CGI_COUNT in defines.h UP
50
51 Also, in the case of document_root and server_admin, two variables
52 that may or may not be defined depending on the way the server
53 is configured, we check for null values and use an empty
54 string to denote a NULL value to the environment, as per the
55 specification. The quote for which follows:
56
57 "In all cases, a missing environment variable is
58 equivalent to a zero-length (NULL) value, and vice versa."
59 */
60 common_cgi_env[index++] = env_gen_extra("PATH",
61 ((cgi_path !=
62 NULL) ? cgi_path :
63 DEFAULT_PATH), 0);
64 common_cgi_env[index++] =
65 env_gen_extra("SERVER_SOFTWARE", SERVER_NAME "/" SERVER_VERSION, 0);
66 common_cgi_env[index++] =
67 env_gen_extra("GATEWAY_INTERFACE", CGI_VERSION, 0);
68
69 /* removed the SERVER_PORT which may change due to SSL support
70 * Also removed the DOCUMENT_ROOT, SERVER_NAME, which are now per request.
71 */
72
73
74 /* NCSA added */
75 /* common_cgi_env[index++] = env_gen_extra("SERVER_ROOT", server_root); */
76
77 /* APACHE added */
78 common_cgi_env[index++] =
79 env_gen_extra("SERVER_ADMIN", server_admin, 0);
80 common_cgi_env[index] = NULL;
81
82 /* Sanity checking -- make *sure* the memory got allocated */
83 if (index > COMMON_CGI_COUNT) {
84 log_error_time();
85 fprintf(stderr, "COMMON_CGI_COUNT not high enough.\n");
86 exit(1);
87 }
88
89 for (i = 0; i < index; ++i) {
90 if (common_cgi_env[i] == NULL) {
91 log_error_time();
92 fprintf(stderr,
93 "Unable to allocate a component of common_cgi_env - out of memory.\n");
94 exit(1);
95 }
96 }
97 }
98
99 void clear_common_env(void)
100 {
101 int i;
102
103 for (i = 0; i <= COMMON_CGI_COUNT; ++i) {
104 if (common_cgi_env[i] != NULL) {
105 free(common_cgi_env[i]);
106 common_cgi_env[i] = NULL;
107 }
108 }
109 }
110
111 /*
112 * Name: env_gen_extra
113 * (and via a not-so-tricky #define, env_gen)
114 * This routine calls malloc: please free the memory when you are done
115 */
116 static char *env_gen_extra(const char *key, const char *value, int extra)
117 {
118 char *result;
119 int key_len, value_len;
120
121 if (value == NULL) /* ServerAdmin may not be defined, eg */
122 value = "";
123 key_len = strlen(key);
124 value_len = strlen(value);
125 /* leave room for '=' sign and null terminator */
126 result = malloc(extra + key_len + value_len + 2);
127 if (result) {
128 memcpy(result + extra, key, key_len);
129 *(result + extra + key_len) = '=';
130 memcpy(result + extra + key_len + 1, value, value_len);
131 *(result + extra + key_len + value_len + 1) = '\0';
132 } else {
133 log_error_time();
134 perror("malloc");
135 log_error_time();
136 fprintf(stderr,
137 "tried to allocate (key=value) extra=%d: %s=%s\n",
138 extra, key, value);
139 }
140 return result;
141 }
142
143 /*
144 * Name: add_cgi_env
145 *
146 * Description: adds a variable to CGI's environment
147 * Used for HTTP_ headers
148 */
149
150 int add_cgi_env(request * req, const char *key, const char *value,
151 int http_prefix)
152 {
153 char *p;
154 int prefix_len;
155
156 if (http_prefix) {
157 prefix_len = 5;
158 } else {
159 prefix_len = 0;
160 }
161
162 if (req->cgi_env_index < CGI_ENV_MAX) {
163 p = env_gen_extra(key, value, prefix_len);
164 if (!p) {
165 log_error_time();
166 fprintf(stderr, "Unable to generate additional CGI Environment"
167 "variable -- ran out of memory!\n");
168 }
169 if (prefix_len)
170 memcpy(p, "HTTP_", 5);
171 req->cgi_env[req->cgi_env_index++] = p;
172 return 1;
173 } else {
174 log_error_time();
175 fprintf(stderr, "Unable to generate additional CGI Environment"
176 "variable -- not enough space!\n");
177 }
178 return 0;
179 }
180
181 #define my_add_cgi_env(req, key, value) { \
182 int ok = add_cgi_env(req, key, value, 0); \
183 if (!ok) return 0; \
184 }
185
186 const char *hydra_method_str(int method)
187 {
188 char *w;
189 switch (method) {
190 case M_POST:
191 w = "POST";
192 break;
193 case M_HEAD:
194 w = "HEAD";
195 break;
196 case M_GET:
197 w = "GET";
198 break;
199 default:
200 w = "UNKNOWN";
201 break;
202 }
203 return w;
204 }
205
206 /*
207 * Name: complete_env
208 *
209 * Description: adds the known client header env variables
210 * and terminates the environment array
211 */
212
213 int complete_env(request * req)
214 {
215 int i;
216 char buf[22];
217 const char *w;
218
219 for (i = 0; common_cgi_env[i]; i++)
220 req->cgi_env[i] = common_cgi_env[i];
221
222 w = hydra_method_str(req->method);
223 my_add_cgi_env(req, "REQUEST_METHOD", w);
224
225 if (req->secure) {
226 simple_itoa(ssl_port, buf);
227 } else {
228 simple_itoa(server_port, buf);
229 }
230 my_add_cgi_env(req, "SERVER_PORT", buf);
231 my_add_cgi_env(req, "SERVER_NAME", req->hostname);
232
233 /* NCSA and APACHE added -- not in CGI spec */
234 /* my_add_cgi_env( req, "DOCUMENT_ROOT", req->document_root); */
235
236 my_add_cgi_env(req, "SERVER_ADDR", req->local_ip_addr);
237 my_add_cgi_env(req, "SERVER_PROTOCOL", req->http_version);
238 my_add_cgi_env(req, "REQUEST_URI", req->request_uri);
239
240 if (req->path_info)
241 my_add_cgi_env(req, "PATH_INFO", req->path_info);
242
243 if (req->path_translated)
244 /* while path_translated depends on path_info,
245 * there are cases when path_translated might
246 * not exist when path_info does
247 */
248 my_add_cgi_env(req, "PATH_TRANSLATED", req->path_translated);
249
250 my_add_cgi_env(req, "SCRIPT_NAME", req->script_name);
251
252 if (req->query_string)
253 my_add_cgi_env(req, "QUERY_STRING", req->query_string);
254 my_add_cgi_env(req, "REMOTE_ADDR", req->remote_ip_addr);
255
256 simple_itoa(req->remote_port, buf);
257 my_add_cgi_env(req, "REMOTE_PORT", buf);
258
259 if (req->method == M_POST) {
260 if (req->content_type) {
261 my_add_cgi_env(req, "CONTENT_TYPE", req->content_type);
262 } else {
263 my_add_cgi_env(req, "CONTENT_TYPE", default_type);
264 }
265 if (req->content_length) {
266 my_add_cgi_env(req, "CONTENT_LENGTH", req->content_length);
267 }
268 }
269 #ifdef ACCEPT_ON
270 if (req->accept[0])
271 my_add_cgi_env(req, "HTTP_ACCEPT", req->accept);
272 #endif
273
274 if (req->cgi_env_index < CGI_ENV_MAX + 1) {
275 req->cgi_env[req->cgi_env_index] = NULL; /* terminate */
276 return 1;
277 }
278 log_error_time();
279 fprintf(stderr, "Not enough space in CGI environment for remainder"
280 " of variables.\n");
281 return 0;
282 }
283
284 /*
285 * Name: make_args_cgi
286 *
287 * Build argv list for a CGI script according to spec
288 *
289 */
290
291 void create_argv(request * req, char **aargv)
292 {
293 char *p, *q, *r;
294 int aargc;
295
296 q = req->query_string;
297 aargv[0] = req->pathname;
298
299 /* here, we handle a special "indexed" query string.
300 * Taken from the CGI/1.1 SPEC:
301 * This is identified by a GET or HEAD request with a query string
302 * with no *unencoded* '=' in it.
303 * For such a request, I'm supposed to parse the search string
304 * into words, according to the following rules:
305
306 search-string = search-word *( "+" search-word )
307 search-word = 1*schar
308 schar = xunreserved | escaped | xreserved
309 xunreserved = alpha | digit | xsafe | extra
310 xsafe = "$" | "-" | "_" | "."
311 xreserved = ";" | "/" | "?" | ":" | "@" | "&"
312
313 After parsing, each word is URL-decoded, optionally encoded in a system
314 defined manner, and then the argument list
315 is set to the list of words.
316
317
318 Thus, schar is alpha|digit|"$"|"-"|"_"|"."|";"|"/"|"?"|":"|"@"|"&"
319
320 As of this writing, escape.pl escapes the following chars:
321
322 "-", "_", ".", "!", "~", "*", "'", "(", ")",
323 "0".."9", "A".."Z", "a".."z",
324 ";", "/", "?", ":", "@", "&", "=", "+", "\$", ","
325
326 Which therefore means
327 "=", "+", "~", "!", "*", "'", "(", ")", ","
328 are *not* escaped and should be?
329 Wait, we don't do any escaping, and nor should we.
330 According to the RFC draft, we unescape and then re-escape
331 in a "system defined manner" (here: none).
332
333 The CGI/1.1 draft (03, latest is 1999???) is very unclear here.
334
335 I am using the latest published RFC, 2396, for what does and does
336 not need escaping.
337
338 Since boa builds the argument list and does not call /bin/sh,
339 (boa uses execve for CGI)
340 */
341
342 if (q && !strchr(q, '=')) {
343 /* we have an 'index' style */
344 q = strdup(q);
345 if (!q) {
346 WARN("unable to strdup 'q' in create_argv!");
347 }
348 for (aargc = 1; q && (aargc < CGI_ARGC_MAX);) {
349 r = q;
350 /* for an index-style CGI, + is used to seperate arguments
351 * an escaped '+' is of no concern to us
352 */
353 if ((p = strchr(q, '+'))) {
354 *p = '\0';
355 q = p + 1;
356 } else {
357 q = NULL;
358 }
359 if (unescape_uri(r, NULL)) {
360 /* printf("parameter %d: %s\n",aargc,r); */
361 aargv[aargc++] = r;
362 }
363 }
364 aargv[aargc] = NULL;
365 } else {
366 aargv[1] = NULL;
367 }
368 }
369
370 /*
371 * Name: init_cgi
372 *
373 * Description: Called for GET/POST requests that refer to ScriptAlias
374 * directories or application/x-httpd-cgi files. Pipes are used for the
375 * communication with the child.
376 * stderr remains tied to our log file; is this good?
377 *
378 * Returns:
379 * 0 - error or NPH, either way the socket is closed
380 * 1 - success
381 */
382
383 int init_cgi(request * req)
384 {
385 int child_pid;
386 int pipes[2];
387
388 SQUASH_KA(req);
389
390 if (req->is_cgi == NPH || req->is_cgi == CGI || req->is_cgi == HIC_CGI) {
391 if (complete_env(req) == 0) {
392 return 0;
393 }
394 }
395 #ifdef FASCIST_LOGGING
396 {
397 int i;
398 for (i = 0; i < req->cgi_env_index; ++i)
399 fprintf(stderr, "%s - environment variable for cgi: \"%s\"\n",
400 __FILE__, req->cgi_env[i]);
401 }
402 #endif
403
404 if (req->is_cgi) {
405 if (pipe(pipes) == -1) {
406 log_error_time();
407 perror("pipe");
408 return 0;
409 }
410
411 /* set the read end of the socket to non-blocking */
412 if (set_nonblock_fd(pipes[0]) == -1) {
413 log_error_time();
414 perror("cgi-fcntl");
415 close(pipes[0]);
416 close(pipes[1]);
417 return 0;
418 }
419 } else {
420 log_error_time();
421 fprintf(stderr, "Non CGI in init_cgi()!\n");
422 return 0;
423 }
424
425 if (req->is_cgi == HIC_CGI) { /* internally handled cgi */
426 #ifdef ENABLE_HIC
427 if (hic_send_command(req, pipes[1]) == -1) {
428 log_error_time();
429 fprintf(stderr, "Error in HIC\n");
430 close(pipes[0]);
431 close(pipes[1]);
432 return 0;
433 }
434 #else /* No hic! */
435 close(pipes[0]);
436 close(pipes[1]);
437 return 0;
438 #endif
439 } else { /* plain cgi... do fork */
440 child_pid = fork();
441 switch (child_pid) {
442 case -1:
443 /* fork unsuccessful */
444 log_error_time();
445 perror("fork");
446
447 close(pipes[0]);
448 close(pipes[1]);
449
450 send_r_error(req);
451 /* FIXME: There is aproblem here. send_r_error would work
452 for NPH and CGI, but not for GUNZIP. Fix that. */
453 /* i'd like to send_r_error, but.... */
454 return 0;
455 break;
456 case 0:
457 /* child */
458 if (req->is_cgi == CGI || req->is_cgi == NPH) {
459 char *foo = strdup(req->pathname);
460 char *c;
461
462 if (!foo) {
463 WARN("unable to strdup pathname for req->pathname");
464 _exit(1);
465 }
466 c = strrchr(foo, '/');
467 if (c) {
468 ++c;
469 *c = '\0';
470 } else {
471 /* we have a serious problem */
472 log_error_time();
473 perror("chdir");
474 close(pipes[1]);
475 _exit(1);
476 }
477 if (chdir(foo) != 0) {
478 log_error_time();
479 perror("chdir");
480 close(pipes[1]);
481 _exit(1);
482 }
483 }
484 close(pipes[0]);
485 /* tie cgi's STDOUT to it's write end of pipe */
486 if (dup2(pipes[1], STDOUT_FILENO) == -1) {
487 log_error_time();
488 perror("dup2 - pipes");
489 close(pipes[1]);
490 _exit(1);
491 }
492 close(pipes[1]);
493 if (set_block_fd(STDOUT_FILENO) == -1) {
494 log_error_time();
495 perror("cgi-fcntl");
496 _exit(1);
497 }
498
499 /* tie post_data_fd to POST stdin */
500 if (req->method == M_POST) { /* tie stdin to file */
501 lseek(req->post_data_fd, SEEK_SET, 0);
502 dup2(req->post_data_fd, STDIN_FILENO);
503 close(req->post_data_fd);
504 }
505 /* Close access log, so CGI program can't scribble
506 * where it shouldn't
507 */
508 close_access_log();
509
510 /*
511 * tie STDERR to cgi_log_fd
512 * cgi_log_fd will automatically close, close-on-exec rocks!
513 * if we don't tied STDERR (current log_error) to cgi_log_fd,
514 * then we ought to close it.
515 */
516 if (!cgi_log_fd)
517 dup2(devnullfd, STDERR_FILENO);
518 else
519 dup2(cgi_log_fd, STDERR_FILENO);
520
521 if (req->is_cgi == NPH || req->is_cgi == CGI) {
522 char *aargv[CGI_ARGC_MAX + 1];
523 create_argv(req, aargv);
524 execve(req->pathname, aargv, req->cgi_env);
525 } else {
526 if (req->is_cgi == INDEXER_CGI)
527 execl(dirmaker, dirmaker, req->pathname, req->request_uri,
528 NULL);
529 }
530 /* execve failed */
531 WARN(req->pathname);
532 _exit(1);
533
534 break; /* it doesn't matter, we never make it until here */
535
536 default:
537 /* parent */
538 /* if here, fork was successful */
539 if (verbose_cgi_logs) {
540 log_error_time();
541 fprintf(stderr, "Forked child \"%s\" pid %d\n",
542 req->pathname, child_pid);
543 }
544
545 if (req->method == M_POST) {
546 close(req->post_data_fd); /* child closed it too */
547 req->post_data_fd = -1;
548 }
549
550 /* NPH, etc... all go straight to the fd */
551
552 close(pipes[1]);
553 break;
554 }
555 } /* HIC */
556
557 /* we only get here in parent case, and
558 * success.
559 */
560
561 req->data_fd = pipes[0];
562
563 req->status = PIPE_READ;
564 if (req->is_cgi == CGI) {
565 req->cgi_status = CGI_PARSE; /* got to parse cgi header */
566 /* for cgi_header... I get half the buffer! */
567 req->header_line = req->header_end = (req->buffer + BUFFER_SIZE / 2);
568 } else { /* HIC CGIs and NPH CGIs */
569 req->cgi_status = CGI_BUFFER;
570 /* I get all the buffer! */
571 req->header_line = req->header_end = req->buffer;
572 }
573
574 /* reset req->filepos for logging (it's used in pipe.c) */
575 /* still don't know why req->filesize might be reset though */
576 req->filepos = 0;
577
578 return 1;
579 }
webmaster@linux.gr
 ViewVC Help
Powered by ViewVC 1.1.26