hydra/src/cgi.c

/*
 *  Boa, an http server
 *  Copyright (C) 1995 Paul Phillips <paulp@go2net.com>
 *  Some changes Copyright (C) 1996,97 Larry Doolittle <ldoolitt@boa.org>
 *  Some changes Copyright (C) 1996 Charles F. Randall <crandall@goldsys.com>
 *  Some changes Copyright (C) 1997-2002 Jon Nelson <jnelson@boa.org>
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 1, or (at your option)
 *  any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program; if not, write to the Free Software
 *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 *
 */

/* $Id: cgi.c,v 1.1.1.1 2002/09/21 13:53:18 nmav Exp $ */

#include "boa.h"

static char *env_gen_extra(const char *key, const char *value, int extra);

int verbose_cgi_logs = 0;
/* The +1 is for the the NULL in complete_env */
static char *common_cgi_env[COMMON_CGI_COUNT + 1];

/*
 * Name: create_common_env
 *
 * Description: Set up the environment variables that are common to
 * all CGI scripts
 */

void create_common_env()
{
    int index = 0, i;


    /* NOTE NOTE NOTE:
       If you (the reader) someday modify this chunk of code to
       handle more "common" CGI environment variables, then bump the
       value COMMON_CGI_COUNT in defines.h UP

       Also, in the case of document_root and server_admin, two variables
       that may or may not be defined depending on the way the server
       is configured, we check for null values and use an empty
       string to denote a NULL value to the environment, as per the
       specification. The quote for which follows:

       "In all cases, a missing environment variable is
       equivalent to a zero-length (NULL) value, and vice versa."
     */
    common_cgi_env[index++] = env_gen_extra("PATH",
                                            ((cgi_path != NULL) ? cgi_path : DEFAULT_PATH), 0);
    common_cgi_env[index++] = env_gen_extra("SERVER_SOFTWARE", SERVER_VERSION, 0);
    common_cgi_env[index++] = env_gen_extra("SERVER_NAME", server_name, 0);
    common_cgi_env[index++] = env_gen_extra("GATEWAY_INTERFACE", CGI_VERSION, 0);

    /* removed the SERVER_PORT which may change due to SSL support
     */

    /* NCSA and APACHE added -- not in CGI spec */
    /* common_cgi_env[index++] = env_gen_extra("DOCUMENT_ROOT", document_root); */

    /* NCSA added */
    /* common_cgi_env[index++] = env_gen_extra("SERVER_ROOT", server_root); */

    /* APACHE added */
    common_cgi_env[index++] = env_gen_extra("SERVER_ADMIN", server_admin, 0);
    common_cgi_env[index] = NULL;

    /* Sanity checking -- make *sure* the memory got allocated */
    if (index > COMMON_CGI_COUNT) {
        log_error_time();
        fprintf(stderr, "COMMON_CGI_COUNT not high enough.\n");
        exit(1);
    }

    for(i = 0;i < index;++i) {
        if (common_cgi_env[i] == NULL) {
            log_error_time();
            fprintf(stderr, "Unable to allocate a component of common_cgi_env - out of memory.\n");
            exit(1);
        }
    }
}

void clear_common_env(void)
{
    int i;

    for(i = 0;i <= COMMON_CGI_COUNT;++i) {
        if (common_cgi_env[i] != NULL) {
            free(common_cgi_env[i]);
            common_cgi_env[i] = NULL;
        }
    }
}

/*
 * Name: env_gen_extra
 *       (and via a not-so-tricky #define, env_gen)
 * This routine calls malloc: please free the memory when you are done
 */
static char *env_gen_extra(const char *key, const char *value, int extra)
{
    char *result;
    int key_len, value_len;

    if (value == NULL)          /* ServerAdmin may not be defined, eg */
        value = "";
    key_len = strlen(key);
    value_len = strlen(value);
    /* leave room for '=' sign and null terminator */
    result = malloc(extra + key_len + value_len + 2);
    if (result) {
        memcpy(result + extra, key, key_len);
        *(result + extra + key_len) = '=';
        memcpy(result + extra + key_len + 1, value, value_len);
        *(result + extra + key_len + value_len + 1) = '\0';
    } else {
        log_error_time();
        perror("malloc");
        log_error_time();
        fprintf(stderr,
                "tried to allocate (key=value) extra=%d: %s=%s\n",
                extra, key, value);
    }
    return result;
}

/*
 * Name: add_cgi_env
 *
 * Description: adds a variable to CGI's environment
 * Used for HTTP_ headers
 */

int add_cgi_env(request * req, char *key, char *value, int http_prefix)
{
    char *p;
    int prefix_len;

    if (http_prefix) {
        prefix_len = 5;
    } else {
        prefix_len = 0;
    }

    if (req->cgi_env_index < CGI_ENV_MAX) {
        p = env_gen_extra(key, value, prefix_len);
        if (!p) {
            log_error_time();
            fprintf(stderr, "Unable to generate additional CGI Environment"
                    "variable -- ran out of memory!\n");
        }
        if (prefix_len)
            memcpy(p, "HTTP_", 5);
        req->cgi_env[req->cgi_env_index++] = p;
        return 1;
    } else {
        log_error_time();
        fprintf(stderr, "Unable to generate additional CGI Environment"
                "variable -- not enough space!\n");
    }
    return 0;
}

#define my_add_cgi_env(req, key, value) { \
    int ok = add_cgi_env(req, key, value, 0); \
    if (!ok) return 0; \
    }

/*
 * Name: complete_env
 *
 * Description: adds the known client header env variables
 * and terminates the environment array
 */

int complete_env(request * req)
{
    int i;
    char buf[22];
    
    for (i = 0; common_cgi_env[i]; i++)
        req->cgi_env[i] = common_cgi_env[i];

    {
        char *w;
        switch (req->method) {
        case M_POST:
            w = "POST";
            break;
        case M_HEAD:
            w = "HEAD";
            break;
        case M_GET:
            w = "GET";
            break;
        default:
            w = "UNKNOWN";
            break;
        }
        my_add_cgi_env(req, "REQUEST_METHOD", w);
    }

    if (req->secure) {
       simple_itoa(ssl_port, buf);
    } else {
       simple_itoa(server_port, buf);
    }
    my_add_cgi_env( req, "SERVER_PORT", buf);
    
    my_add_cgi_env(req, "SERVER_ADDR", req->local_ip_addr);
    my_add_cgi_env(req, "SERVER_PROTOCOL", req->http_version);
    my_add_cgi_env(req, "REQUEST_URI", req->request_uri);

    if (req->path_info)
        my_add_cgi_env(req, "PATH_INFO", req->path_info);

    if (req->path_translated)
        /* while path_translated depends on path_info,
         * there are cases when path_translated might
         * not exist when path_info does
         */
        my_add_cgi_env(req, "PATH_TRANSLATED", req->path_translated);

    my_add_cgi_env(req, "SCRIPT_NAME", req->script_name);

    if (req->query_string)
        my_add_cgi_env(req, "QUERY_STRING", req->query_string);
    my_add_cgi_env(req, "REMOTE_ADDR", req->remote_ip_addr);
    
    simple_itoa(req->remote_port, buf);
    my_add_cgi_env(req, "REMOTE_PORT", buf);

    if (req->method == M_POST) {
            if (req->content_type) {
                my_add_cgi_env(req, "CONTENT_TYPE", req->content_type);
            } else {
                my_add_cgi_env(req, "CONTENT_TYPE", default_type);
            }
            if (req->content_length) {
                my_add_cgi_env(req, "CONTENT_LENGTH", req->content_length);
            }
        }
#ifdef ACCEPT_ON
    if (req->accept[0])
        my_add_cgi_env(req, "HTTP_ACCEPT", req->accept);
#endif

    if (req->cgi_env_index < CGI_ENV_MAX + 1) {
        req->cgi_env[req->cgi_env_index] = NULL; /* terminate */
        return 1;
    }
    log_error_time();
    fprintf(stderr, "Not enough space in CGI environment for remainder"\
            " of variables.\n");
    return 0;
}

/*
 * Name: make_args_cgi
 *
 * Build argv list for a CGI script according to spec
 *
 */

void create_argv(request * req, char **aargv)
{
    char *p, *q, *r;
    int aargc;

    q = req->query_string;
    aargv[0] = req->pathname;

    /* here, we handle a special "indexed" query string.
     * Taken from the CGI/1.1 SPEC:
     * This is identified by a GET or HEAD request with a query string
     * with no *unencoded* '=' in it.
     * For such a request, I'm supposed to parse the search string
     * into words, according to the following rules:

       search-string = search-word *( "+" search-word )
       search-word   = 1*schar
       schar         = xunreserved | escaped | xreserved
       xunreserved   = alpha | digit | xsafe | extra
       xsafe         = "$" | "-" | "_" | "."
       xreserved     = ";" | "/" | "?" | ":" | "@" | "&"

       After parsing, each word is URL-decoded, optionally encoded in a system
       defined manner, and then the argument list
       is set to the list of words.


      Thus, schar is alpha|digit|"$"|"-"|"_"|"."|";"|"/"|"?"|":"|"@"|"&"

      As of this writing, escape.pl escapes the following chars:

       "-", "_", ".", "!", "~", "*", "'", "(", ")",
       "0".."9", "A".."Z", "a".."z",
       ";", "/", "?", ":", "@", "&", "=", "+", "\$", ","

      Which therefore means
       "=", "+", "~", "!", "*", "'", "(", ")", ","
       are *not* escaped and should be?
      Wait, we don't do any escaping, and nor should we.
      According to the RFC draft, we unescape and then re-escape
      in a "system defined manner" (here: none).

      The CGI/1.1 draft (03, latest is 1999???) is very unclear here.

      I am using the latest published RFC, 2396, for what does and does
      not need escaping.

      Since boa builds the argument list and does not call /bin/sh,
      (boa uses execve for CGI)
     */

    if (q && !strchr(q, '=')) {
        /* we have an 'index' style */
        q = strdup(q);
        if (!q) {
            WARN("unable to strdup 'q' in create_argv!");
        }
        for (aargc = 1; q && (aargc < CGI_ARGC_MAX);) {
            r = q;
            /* for an index-style CGI, + is used to seperate arguments
             * an escaped '+' is of no concern to us
             */
            if ((p = strchr(q, '+'))) {
                *p = '\0';
                q = p + 1;
            } else {
                q = NULL;
            }
            if (unescape_uri(r, NULL)) {
                /* printf("parameter %d: %s\n",aargc,r); */
                aargv[aargc++] = r;
            }
        }
        aargv[aargc] = NULL;
    } else {
        aargv[1] = NULL;
    }
}

/*
 * Name: init_cgi
 *
 * Description: Called for GET/POST requests that refer to ScriptAlias
 * directories or application/x-httpd-cgi files.  Ties stdout to socket,
 * stdin to data if POST, and execs CGI.
 * stderr remains tied to our log file; is this good?
 *
 * Returns:
 * 0 - error or NPH, either way the socket is closed
 * 1 - success
 */

int init_cgi(request * req)
{
    int child_pid;
    int pipes[2];
    int use_pipes = 0;

    SQUASH_KA(req);

    if (req->is_cgi) {
        if (complete_env(req) == 0) {
            return 0;
        }
    }
#ifdef FASCIST_LOGGING
    {
        int i;
        for (i = 0; i < req->cgi_env_index; ++i)
            fprintf(stderr, "%s - environment variable for cgi: \"%s\"\n",
                    __FILE__, req->cgi_env[i]);
    }
#endif

    if (req->is_cgi == CGI || 1) {
        use_pipes = 1;
        if (pipe(pipes) == -1) {
            log_error_time();
            perror("pipe");
            return 0;
        }

        /* set the read end of the socket to non-blocking */
        if (set_nonblock_fd(pipes[0]) == -1) {
            log_error_time();
            perror("cgi-fcntl");
            close(pipes[0]);
            close(pipes[1]);
            return 0;
        }
    }

    child_pid = fork();
    switch(child_pid) {
    case -1:
        /* fork unsuccessful */
        log_error_time();
        perror("fork");

        if (use_pipes) {
            close(pipes[0]);
            close(pipes[1]);
        }
        send_r_error(req);
        /* FIXME: There is aproblem here. send_r_error would work
           for NPH and CGI, but not for GUNZIP.  Fix that. */
        /* i'd like to send_r_error, but.... */
        return 0;
        break;
    case 0:
        /* child */
        if (req->is_cgi == CGI || req->is_cgi == NPH) {
            char *foo = strdup(req->pathname);
            char *c;

            if (!foo) {
                WARN("unable to strdup pathname for req->pathname");
                _exit(1);
            }
            c = strrchr(foo, '/');
            if (c) {
                ++c;
                *c = '\0';
            } else {
                /* we have a serious problem */
                log_error_time();
                perror("chdir");
                if (use_pipes)
                    close(pipes[1]);
                _exit(1);
            }
            if (chdir(foo) != 0) {
                log_error_time();
                perror("chdir");
                if (use_pipes)
                    close(pipes[1]);
                _exit(1);
            }
        }
        if (use_pipes) {
            close(pipes[0]);
            /* tie cgi's STDOUT to it's write end of pipe */
            if (dup2(pipes[1], STDOUT_FILENO) == -1) {
                log_error_time();
                perror("dup2 - pipes");
                close(pipes[1]);
                _exit(1);
            }
            close(pipes[1]);
            if (set_block_fd(STDOUT_FILENO) == -1) {
                log_error_time();
                perror("cgi-fcntl");
                _exit(1);
            }
        } else {
            /* tie stdout to socket */
            if (dup2(req->fd, STDOUT_FILENO) == -1) {
                log_error_time();
                perror("dup2 - fd");
                _exit(1);
            }
            /* Switch socket flags back to blocking */
            if (set_block_fd(req->fd) == -1) {
                log_error_time();
                perror("cgi-fcntl");
                _exit(1);
            }
        }
        /* tie post_data_fd to POST stdin */
        if (req->method == M_POST) { /* tie stdin to file */
            lseek(req->post_data_fd, SEEK_SET, 0);
            dup2(req->post_data_fd, STDIN_FILENO);
            close(req->post_data_fd);
        }
        /* Close access log, so CGI program can't scribble
         * where it shouldn't
         */
        close_access_log();

        /*
         * tie STDERR to cgi_log_fd
         * cgi_log_fd will automatically close, close-on-exec rocks!
         * if we don't tied STDERR (current log_error) to cgi_log_fd,
         *  then we ought to close it.
         */
        if (!cgi_log_fd)
            dup2(devnullfd, STDERR_FILENO);
        else
            dup2(cgi_log_fd, STDERR_FILENO);

        if (req->is_cgi) {
            char *aargv[CGI_ARGC_MAX + 1];
            create_argv(req, aargv);
            execve(req->pathname, aargv, req->cgi_env);
        } else {
            if (req->pathname[strlen(req->pathname) - 1] == '/')
                execl(dirmaker, dirmaker, req->pathname, req->request_uri,
                      NULL);
#ifdef GUNZIP
            else
                execl(GUNZIP, GUNZIP, "--stdout", "--decompress",
                      req->pathname, NULL);
#endif
        }
        /* execve failed */
        WARN(req->pathname);
        _exit(1);
        break;

    default:
        /* parent */
        /* if here, fork was successful */
        if (verbose_cgi_logs) {
            log_error_time();
            fprintf(stderr, "Forked child \"%s\" pid %d\n",
                    req->pathname, child_pid);
        }

        if (req->method == M_POST) {
            close(req->post_data_fd); /* child closed it too */
            req->post_data_fd = 0;
        }

        /* NPH, GUNZIP, etc... all go straight to the fd */
        if (!use_pipes)
            return 0;

        close(pipes[1]);
        req->data_fd = pipes[0];

        req->status = PIPE_READ;
        if (req->is_cgi == CGI) {
            req->cgi_status = CGI_PARSE; /* got to parse cgi header */
            /* for cgi_header... I get half the buffer! */
            req->header_line = req->header_end =
                (req->buffer + BUFFER_SIZE / 2);
        } else {
            req->cgi_status = CGI_BUFFER;
            /* I get all the buffer! */
            req->header_line = req->header_end = req->buffer;
        }

        /* reset req->filepos for logging (it's used in pipe.c) */
        /* still don't know why req->filesize might be reset though */
        req->filepos = 0;
        break;
    }

    return 1;
}
1	/*
2	* Boa, an http server
3	* Copyright (C) 1995 Paul Phillips <paulp@go2net.com>
4	* Some changes Copyright (C) 1996,97 Larry Doolittle <ldoolitt@boa.org>
5	* Some changes Copyright (C) 1996 Charles F. Randall <crandall@goldsys.com>
6	* Some changes Copyright (C) 1997-2002 Jon Nelson <jnelson@boa.org>
7	*
8	* This program is free software; you can redistribute it and/or modify
9	* it under the terms of the GNU General Public License as published by
10	* the Free Software Foundation; either version 1, or (at your option)
11	* any later version.
12	*
13	* This program is distributed in the hope that it will be useful,
14	* but WITHOUT ANY WARRANTY; without even the implied warranty of
15	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16	* GNU General Public License for more details.
17	*
18	* You should have received a copy of the GNU General Public License
19	* along with this program; if not, write to the Free Software
20	* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
21	*
22	*/
23
24	/* $Id: cgi.c,v 1.1.1.1 2002/09/21 13:53:18 nmav Exp $ */
25
26	#include "boa.h"
27
28	static char env_gen_extra(const char key, const char *value, int extra);
29
30	int verbose_cgi_logs = 0;
31	/* The +1 is for the the NULL in complete_env */
32	static char *common_cgi_env[COMMON_CGI_COUNT + 1];
33
34	/*
35	* Name: create_common_env
36	*
37	* Description: Set up the environment variables that are common to
38	* all CGI scripts
39	*/
40
41	void create_common_env()
42	{
43	int index = 0, i;
44
45
46	/* NOTE NOTE NOTE:
47	If you (the reader) someday modify this chunk of code to
48	handle more "common" CGI environment variables, then bump the
49	value COMMON_CGI_COUNT in defines.h UP
50
51	Also, in the case of document_root and server_admin, two variables
52	that may or may not be defined depending on the way the server
53	is configured, we check for null values and use an empty
54	string to denote a NULL value to the environment, as per the
55	specification. The quote for which follows:
56
57	"In all cases, a missing environment variable is
58	equivalent to a zero-length (NULL) value, and vice versa."
59	*/
60	common_cgi_env[index++] = env_gen_extra("PATH",
61	((cgi_path != NULL) ? cgi_path : DEFAULT_PATH), 0);
62	common_cgi_env[index++] = env_gen_extra("SERVER_SOFTWARE", SERVER_VERSION, 0);
63	common_cgi_env[index++] = env_gen_extra("SERVER_NAME", server_name, 0);
64	common_cgi_env[index++] = env_gen_extra("GATEWAY_INTERFACE", CGI_VERSION, 0);
65
66	/* removed the SERVER_PORT which may change due to SSL support
67	*/
68
69	/* NCSA and APACHE added -- not in CGI spec */
70	/* common_cgi_env[index++] = env_gen_extra("DOCUMENT_ROOT", document_root); */
71
72	/* NCSA added */
73	/* common_cgi_env[index++] = env_gen_extra("SERVER_ROOT", server_root); */
74
75	/* APACHE added */
76	common_cgi_env[index++] = env_gen_extra("SERVER_ADMIN", server_admin, 0);
77	common_cgi_env[index] = NULL;
78
79	/* Sanity checking -- make sure the memory got allocated */
80	if (index > COMMON_CGI_COUNT) {
81	log_error_time();
82	fprintf(stderr, "COMMON_CGI_COUNT not high enough.\n");
83	exit(1);
84	}
85
86	for(i = 0;i < index;++i) {
87	if (common_cgi_env[i] == NULL) {
88	log_error_time();
89	fprintf(stderr, "Unable to allocate a component of common_cgi_env - out of memory.\n");
90	exit(1);
91	}
92	}
93	}
94
95	void clear_common_env(void)
96	{
97	int i;
98
99	for(i = 0;i <= COMMON_CGI_COUNT;++i) {
100	if (common_cgi_env[i] != NULL) {
101	free(common_cgi_env[i]);
102	common_cgi_env[i] = NULL;
103	}
104	}
105	}
106
107	/*
108	* Name: env_gen_extra
109	* (and via a not-so-tricky #define, env_gen)
110	* This routine calls malloc: please free the memory when you are done
111	*/
112	static char env_gen_extra(const char key, const char *value, int extra)
113	{
114	char *result;
115	int key_len, value_len;
116
117	if (value == NULL) /* ServerAdmin may not be defined, eg */
118	value = "";
119	key_len = strlen(key);
120	value_len = strlen(value);
121	/* leave room for '=' sign and null terminator */
122	result = malloc(extra + key_len + value_len + 2);
123	if (result) {
124	memcpy(result + extra, key, key_len);
125	*(result + extra + key_len) = '=';
126	memcpy(result + extra + key_len + 1, value, value_len);
127	*(result + extra + key_len + value_len + 1) = '\0';
128	} else {
129	log_error_time();
130	perror("malloc");
131	log_error_time();
132	fprintf(stderr,
133	"tried to allocate (key=value) extra=%d: %s=%s\n",
134	extra, key, value);
135	}
136	return result;
137	}
138
139	/*
140	* Name: add_cgi_env
141	*
142	* Description: adds a variable to CGI's environment
143	* Used for HTTP_ headers
144	*/
145
146	int add_cgi_env(request * req, char key, char value, int http_prefix)
147	{
148	char *p;
149	int prefix_len;
150
151	if (http_prefix) {
152	prefix_len = 5;
153	} else {
154	prefix_len = 0;
155	}
156
157	if (req->cgi_env_index < CGI_ENV_MAX) {
158	p = env_gen_extra(key, value, prefix_len);
159	if (!p) {
160	log_error_time();
161	fprintf(stderr, "Unable to generate additional CGI Environment"
162	"variable -- ran out of memory!\n");
163	}
164	if (prefix_len)
165	memcpy(p, "HTTP_", 5);
166	req->cgi_env[req->cgi_env_index++] = p;
167	return 1;
168	} else {
169	log_error_time();
170	fprintf(stderr, "Unable to generate additional CGI Environment"
171	"variable -- not enough space!\n");
172	}
173	return 0;
174	}
175
176	#define my_add_cgi_env(req, key, value) { \
177	int ok = add_cgi_env(req, key, value, 0); \
178	if (!ok) return 0; \
179	}
180
181	/*
182	* Name: complete_env
183	*
184	* Description: adds the known client header env variables
185	* and terminates the environment array
186	*/
187
188	int complete_env(request * req)
189	{
190	int i;
191	char buf[22];
192
193	for (i = 0; common_cgi_env[i]; i++)
194	req->cgi_env[i] = common_cgi_env[i];
195
196	{
197	char *w;
198	switch (req->method) {
199	case M_POST:
200	w = "POST";
201	break;
202	case M_HEAD:
203	w = "HEAD";
204	break;
205	case M_GET:
206	w = "GET";
207	break;
208	default:
209	w = "UNKNOWN";
210	break;
211	}
212	my_add_cgi_env(req, "REQUEST_METHOD", w);
213	}
214
215	if (req->secure) {
216	simple_itoa(ssl_port, buf);
217	} else {
218	simple_itoa(server_port, buf);
219	}
220	my_add_cgi_env( req, "SERVER_PORT", buf);
221
222	my_add_cgi_env(req, "SERVER_ADDR", req->local_ip_addr);
223	my_add_cgi_env(req, "SERVER_PROTOCOL", req->http_version);
224	my_add_cgi_env(req, "REQUEST_URI", req->request_uri);
225
226	if (req->path_info)
227	my_add_cgi_env(req, "PATH_INFO", req->path_info);
228
229	if (req->path_translated)
230	/* while path_translated depends on path_info,
231	* there are cases when path_translated might
232	* not exist when path_info does
233	*/
234	my_add_cgi_env(req, "PATH_TRANSLATED", req->path_translated);
235
236	my_add_cgi_env(req, "SCRIPT_NAME", req->script_name);
237
238	if (req->query_string)
239	my_add_cgi_env(req, "QUERY_STRING", req->query_string);
240	my_add_cgi_env(req, "REMOTE_ADDR", req->remote_ip_addr);
241
242	simple_itoa(req->remote_port, buf);
243	my_add_cgi_env(req, "REMOTE_PORT", buf);
244
245	if (req->method == M_POST) {
246	if (req->content_type) {
247	my_add_cgi_env(req, "CONTENT_TYPE", req->content_type);
248	} else {
249	my_add_cgi_env(req, "CONTENT_TYPE", default_type);
250	}
251	if (req->content_length) {
252	my_add_cgi_env(req, "CONTENT_LENGTH", req->content_length);
253	}
254	}
255	#ifdef ACCEPT_ON
256	if (req->accept[0])
257	my_add_cgi_env(req, "HTTP_ACCEPT", req->accept);
258	#endif
259
260	if (req->cgi_env_index < CGI_ENV_MAX + 1) {
261	req->cgi_env[req->cgi_env_index] = NULL; /* terminate */
262	return 1;
263	}
264	log_error_time();
265	fprintf(stderr, "Not enough space in CGI environment for remainder"\
266	" of variables.\n");
267	return 0;
268	}
269
270	/*
271	* Name: make_args_cgi
272	*
273	* Build argv list for a CGI script according to spec
274	*
275	*/
276
277	void create_argv(request * req, char **aargv)
278	{
279	char p, q, *r;
280	int aargc;
281
282	q = req->query_string;
283	aargv[0] = req->pathname;
284
285	/* here, we handle a special "indexed" query string.
286	* Taken from the CGI/1.1 SPEC:
287	* This is identified by a GET or HEAD request with a query string
288	* with no unencoded '=' in it.
289	* For such a request, I'm supposed to parse the search string
290	* into words, according to the following rules:
291
292	search-string = search-word *( "+" search-word )
293	search-word = 1*schar
294	schar = xunreserved \| escaped \| xreserved
295	xunreserved = alpha \| digit \| xsafe \| extra
296	xsafe = "$" \| "-" \| "_" \| "."
297	xreserved = ";" \| "/" \| "?" \| ":" \| "@" \| "&"
298
299	After parsing, each word is URL-decoded, optionally encoded in a system
300	defined manner, and then the argument list
301	is set to the list of words.
302
303
304	Thus, schar is alpha\|digit\|"$"\|"-"\|"_"\|"."\|";"\|"/"\|"?"\|":"\|"@"\|"&"
305
306	As of this writing, escape.pl escapes the following chars:
307
308	"-", "_", ".", "!", "~", "*", "'", "(", ")",
309	"0".."9", "A".."Z", "a".."z",
310	";", "/", "?", ":", "@", "&", "=", "+", "\$", ","
311
312	Which therefore means
313	"=", "+", "~", "!", "*", "'", "(", ")", ","
314	are not escaped and should be?
315	Wait, we don't do any escaping, and nor should we.
316	According to the RFC draft, we unescape and then re-escape
317	in a "system defined manner" (here: none).
318
319	The CGI/1.1 draft (03, latest is 1999???) is very unclear here.
320
321	I am using the latest published RFC, 2396, for what does and does
322	not need escaping.
323
324	Since boa builds the argument list and does not call /bin/sh,
325	(boa uses execve for CGI)
326	*/
327
328	if (q && !strchr(q, '=')) {
329	/* we have an 'index' style */
330	q = strdup(q);
331	if (!q) {
332	WARN("unable to strdup 'q' in create_argv!");
333	}
334	for (aargc = 1; q && (aargc < CGI_ARGC_MAX);) {
335	r = q;
336	/* for an index-style CGI, + is used to seperate arguments
337	* an escaped '+' is of no concern to us
338	*/
339	if ((p = strchr(q, '+'))) {
340	*p = '\0';
341	q = p + 1;
342	} else {
343	q = NULL;
344	}
345	if (unescape_uri(r, NULL)) {
346	/* printf("parameter %d: %s\n",aargc,r); */
347	aargv[aargc++] = r;
348	}
349	}
350	aargv[aargc] = NULL;
351	} else {
352	aargv[1] = NULL;
353	}
354	}
355
356	/*
357	* Name: init_cgi
358	*
359	* Description: Called for GET/POST requests that refer to ScriptAlias
360	* directories or application/x-httpd-cgi files. Ties stdout to socket,
361	* stdin to data if POST, and execs CGI.
362	* stderr remains tied to our log file; is this good?
363	*
364	* Returns:
365	* 0 - error or NPH, either way the socket is closed
366	* 1 - success
367	*/
368
369	int init_cgi(request * req)
370	{
371	int child_pid;
372	int pipes[2];
373	int use_pipes = 0;
374
375	SQUASH_KA(req);
376
377	if (req->is_cgi) {
378	if (complete_env(req) == 0) {
379	return 0;
380	}
381	}
382	#ifdef FASCIST_LOGGING
383	{
384	int i;
385	for (i = 0; i < req->cgi_env_index; ++i)
386	fprintf(stderr, "%s - environment variable for cgi: \"%s\"\n",
387	__FILE__, req->cgi_env[i]);
388	}
389	#endif
390
391	if (req->is_cgi == CGI \|\| 1) {
392	use_pipes = 1;
393	if (pipe(pipes) == -1) {
394	log_error_time();
395	perror("pipe");
396	return 0;
397	}
398
399	/* set the read end of the socket to non-blocking */
400	if (set_nonblock_fd(pipes[0]) == -1) {
401	log_error_time();
402	perror("cgi-fcntl");
403	close(pipes[0]);
404	close(pipes[1]);
405	return 0;
406	}
407	}
408
409	child_pid = fork();
410	switch(child_pid) {
411	case -1:
412	/* fork unsuccessful */
413	log_error_time();
414	perror("fork");
415
416	if (use_pipes) {
417	close(pipes[0]);
418	close(pipes[1]);
419	}
420	send_r_error(req);
421	/* FIXME: There is aproblem here. send_r_error would work
422	for NPH and CGI, but not for GUNZIP. Fix that. */
423	/* i'd like to send_r_error, but.... */
424	return 0;
425	break;
426	case 0:
427	/* child */
428	if (req->is_cgi == CGI \|\| req->is_cgi == NPH) {
429	char *foo = strdup(req->pathname);
430	char *c;
431
432	if (!foo) {
433	WARN("unable to strdup pathname for req->pathname");
434	_exit(1);
435	}
436	c = strrchr(foo, '/');
437	if (c) {
438	++c;
439	*c = '\0';
440	} else {
441	/* we have a serious problem */
442	log_error_time();
443	perror("chdir");
444	if (use_pipes)
445	close(pipes[1]);
446	_exit(1);
447	}
448	if (chdir(foo) != 0) {
449	log_error_time();
450	perror("chdir");
451	if (use_pipes)
452	close(pipes[1]);
453	_exit(1);
454	}
455	}
456	if (use_pipes) {
457	close(pipes[0]);
458	/* tie cgi's STDOUT to it's write end of pipe */
459	if (dup2(pipes[1], STDOUT_FILENO) == -1) {
460	log_error_time();
461	perror("dup2 - pipes");
462	close(pipes[1]);
463	_exit(1);
464	}
465	close(pipes[1]);
466	if (set_block_fd(STDOUT_FILENO) == -1) {
467	log_error_time();
468	perror("cgi-fcntl");
469	_exit(1);
470	}
471	} else {
472	/* tie stdout to socket */
473	if (dup2(req->fd, STDOUT_FILENO) == -1) {
474	log_error_time();
475	perror("dup2 - fd");
476	_exit(1);
477	}
478	/* Switch socket flags back to blocking */
479	if (set_block_fd(req->fd) == -1) {
480	log_error_time();
481	perror("cgi-fcntl");
482	_exit(1);
483	}
484	}
485	/* tie post_data_fd to POST stdin */
486	if (req->method == M_POST) { /* tie stdin to file */
487	lseek(req->post_data_fd, SEEK_SET, 0);
488	dup2(req->post_data_fd, STDIN_FILENO);
489	close(req->post_data_fd);
490	}
491	/* Close access log, so CGI program can't scribble
492	* where it shouldn't
493	*/
494	close_access_log();
495
496	/*
497	* tie STDERR to cgi_log_fd
498	* cgi_log_fd will automatically close, close-on-exec rocks!
499	* if we don't tied STDERR (current log_error) to cgi_log_fd,
500	* then we ought to close it.
501	*/
502	if (!cgi_log_fd)
503	dup2(devnullfd, STDERR_FILENO);
504	else
505	dup2(cgi_log_fd, STDERR_FILENO);
506
507	if (req->is_cgi) {
508	char *aargv[CGI_ARGC_MAX + 1];
509	create_argv(req, aargv);
510	execve(req->pathname, aargv, req->cgi_env);
511	} else {
512	if (req->pathname[strlen(req->pathname) - 1] == '/')
513	execl(dirmaker, dirmaker, req->pathname, req->request_uri,
514	NULL);
515	#ifdef GUNZIP
516	else
517	execl(GUNZIP, GUNZIP, "--stdout", "--decompress",
518	req->pathname, NULL);
519	#endif
520	}
521	/* execve failed */
522	WARN(req->pathname);
523	_exit(1);
524	break;
525
526	default:
527	/* parent */
528	/* if here, fork was successful */
529	if (verbose_cgi_logs) {
530	log_error_time();
531	fprintf(stderr, "Forked child \"%s\" pid %d\n",
532	req->pathname, child_pid);
533	}
534
535	if (req->method == M_POST) {
536	close(req->post_data_fd); /* child closed it too */
537	req->post_data_fd = 0;
538	}
539
540	/* NPH, GUNZIP, etc... all go straight to the fd */
541	if (!use_pipes)
542	return 0;
543
544	close(pipes[1]);
545	req->data_fd = pipes[0];
546
547	req->status = PIPE_READ;
548	if (req->is_cgi == CGI) {
549	req->cgi_status = CGI_PARSE; /* got to parse cgi header */
550	/* for cgi_header... I get half the buffer! */
551	req->header_line = req->header_end =
552	(req->buffer + BUFFER_SIZE / 2);
553	} else {
554	req->cgi_status = CGI_BUFFER;
555	/* I get all the buffer! */
556	req->header_line = req->header_end = req->buffer;
557	}
558
559	/* reset req->filepos for logging (it's used in pipe.c) */
560	/* still don't know why req->filesize might be reset though */
561	req->filepos = 0;
562	break;
563	}
564
565	return 1;
566	}