2 * Copyright (c) 2021 Omar Polo <op@omarpolo.com>
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
25 safe_setenv(const char *name, const char *val)
33 * the inverse of this algorithm, i.e. starting from the start of the
34 * path + strlen(cgi), and checking if each component, should be
35 * faster. But it's tedious to write. This does the opposite: starts
36 * from the end and strip one component at a time, until either an
37 * executable is found or we emptied the path.
40 check_for_cgi(char *path, char *query, struct pollfd *fds, struct client *c)
43 end = strchr(path, '\0');
45 /* NB: assume CGI is enabled and path matches cgi */
48 /* go up one level. UNIX paths are simple and POSIX
49 * dirname, with its ambiguities on if the given path
50 * is changed or not, gives me headaches. */
55 switch (check_path(c, path, &c->fd)) {
57 return start_cgi(path, end+1, query, fds,c);
69 if (!start_reply(fds, c, NOT_FOUND, "not found"))
76 start_cgi(const char *spath, const char *relpath, const char *query,
77 struct pollfd *fds, struct client *c)
80 int p[2]; /* read end, write end */
85 switch (pid = fork()) {
90 char *ex, *requri, *portno;
91 char addr[NI_MAXHOST];
92 char *argv[] = { NULL, NULL, NULL };
96 if (dup2(p[1], 1) == -1)
99 ec = getnameinfo((struct sockaddr*)&c->addr, sizeof(c->addr),
102 NI_NUMERICHOST | NI_NUMERICSERV);
106 if (asprintf(&portno, "%d", conf.port) == -1)
109 if (asprintf(&ex, "%s/%s", c->host->dir, spath) == -1)
112 if (asprintf(&requri, "%s%s%s", spath,
113 *relpath == '\0' ? "" : "/", relpath) == -1)
116 argv[0] = argv[1] = ex;
119 safe_setenv("GATEWAY_INTERFACE", "CGI/1.1");
120 safe_setenv("SERVER_SOFTWARE", "gmid");
121 safe_setenv("SERVER_PORT", portno);
123 if (!strcmp(c->host->domain, "*"))
124 safe_setenv("SERVER_NAME", c->host->domain)
126 safe_setenv("SCRIPT_NAME", spath);
127 safe_setenv("SCRIPT_EXECUTABLE", ex);
128 safe_setenv("REQUEST_URI", requri);
129 safe_setenv("REQUEST_RELATIVE", relpath);
130 safe_setenv("QUERY_STRING", query);
131 safe_setenv("REMOTE_HOST", addr);
132 safe_setenv("REMOTE_ADDR", addr);
133 safe_setenv("DOCUMENT_ROOT", c->host->dir);
135 if (tls_peer_cert_provided(c->ctx)) {
136 safe_setenv("AUTH_TYPE", "Certificate");
137 safe_setenv("REMOTE_USER", tls_peer_cert_subject(c->ctx));
138 safe_setenv("TLS_CLIENT_ISSUER", tls_peer_cert_issuer(c->ctx));
139 safe_setenv("TLS_CLIENT_HASH", tls_peer_cert_hash(c->ctx));
146 default: /* parent */
151 mark_nonblock(c->fd);
152 c->state = S_SENDING;
158 if (!start_reply(fds, c, TEMP_FAILURE, "internal server error"))
164 dprintf(p[1], "%d internal server error\r\n", TEMP_FAILURE);
170 cgi_poll_on_child(struct pollfd *fds, struct client *c)
174 if (c->waiting_on_child)
176 c->waiting_on_child = 1;
178 fds->events = POLLIN;
186 cgi_poll_on_client(struct pollfd *fds, struct client *c)
190 if (!c->waiting_on_child)
192 c->waiting_on_child = 0;
200 handle_cgi(struct pollfd *fds, struct client *c)
204 /* ensure c->fd is the child and fds->fd the client */
205 cgi_poll_on_client(fds, c);
209 if ((r = read(c->fd, c->sbuf, sizeof(c->sbuf))) == 0)
212 if (errno == EAGAIN || errno == EWOULDBLOCK) {
213 cgi_poll_on_child(fds, c);
223 switch (r = tls_write(c->ctx, c->sbuf + c->off, c->len)) {
227 case TLS_WANT_POLLOUT:
228 fds->events = POLLOUT;
231 case TLS_WANT_POLLIN:
232 fds->events = POLLIN;