2 * Copyright (c) 2021 Omar Polo <op@omarpolo.com>
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
24 * Sometimes it can be useful to inspect the fastcgi traffic as
27 * This will make gmid connect to a `debug.sock' socket (that must
28 * exists) in the current directory and send there a copy of what gets
29 * read. The socket can be created and monitored e.g. with
31 * rm -f debug.sock ; nc -Ulk ./debug.sock | hexdump -C
33 * NB: the sandbox must be disabled for this to work.
39 static int debug_socket = -1;
43 unsigned char version;
45 unsigned char req_id1;
46 unsigned char req_id0;
47 unsigned char content_len1;
48 unsigned char content_len0;
49 unsigned char padding;
50 unsigned char reserved;
54 * number of bytes in a FCGI_HEADER. Future version of the protocol
55 * will not reduce this number.
57 #define FCGI_HEADER_LEN 8
60 * values for the version component
62 #define FCGI_VERSION_1 1
65 * values for the type component
67 #define FCGI_BEGIN_REQUEST 1
68 #define FCGI_ABORT_REQUEST 2
69 #define FCGI_END_REQUEST 3
75 #define FCGI_GET_VALUES 9
76 #define FCGI_GET_VALUES_RESULT 10
77 #define FCGI_UNKNOWN_TYPE 11
78 #define FCGI_MAXTYPE (FCGI_UNKNOWN_TYPE)
80 struct fcgi_begin_req {
84 unsigned char reserved[5];
87 struct fcgi_begin_req_record {
88 struct fcgi_header header;
89 struct fcgi_begin_req body;
95 #define FCGI_KEEP_CONN 1
100 #define FCGI_RESPONDER 1
101 #define FCGI_AUTHORIZER 2
102 #define FCGI_FILTER 3
104 struct fcgi_end_req_body {
105 unsigned char app_status3;
106 unsigned char app_status2;
107 unsigned char app_status1;
108 unsigned char app_status0;
109 unsigned char proto_status;
110 unsigned char reserved[3];
114 * values for proto_status
116 #define FCGI_REQUEST_COMPLETE 0
117 #define FCGI_CANT_MPX_CONN 1
118 #define FCGI_OVERLOADED 2
119 #define FCGI_UNKNOWN_ROLE 3
122 * Variable names for FCGI_GET_VALUES / FCGI_GET_VALUES_RESULT
125 #define FCGI_MAX_CONNS "FCGI_MAX_CONNS"
126 #define FCGI_MAX_REQS "FCGI_MAX_REQS"
127 #define FCGI_MPXS_CONNS "FCGI_MPXS_CONNS"
130 prepare_header(struct fcgi_header *h, int type, int id, size_t size,
133 memset(h, 0, sizeof(*h));
136 * id=0 is reserved for status messages.
140 h->version = FCGI_VERSION_1;
142 h->req_id1 = (id >> 8);
143 h->req_id0 = (id & 0xFF);
144 h->content_len1 = (size >> 8);
145 h->content_len0 = (size & 0xFF);
146 h->padding = padding;
152 fcgi_begin_request(struct bufferevent *bev, int id)
154 struct fcgi_begin_req_record r;
159 memset(&r, 0, sizeof(r));
160 prepare_header(&r.header, FCGI_BEGIN_REQUEST, id,
162 assert(sizeof(r.body) == FCGI_HEADER_LEN);
165 r.body.role0 = FCGI_RESPONDER;
166 r.body.flags = FCGI_KEEP_CONN;
168 if (bufferevent_write(bev, &r, sizeof(r)) == -1)
174 fcgi_send_param(struct bufferevent *bev, int id, const char *name,
177 struct fcgi_header h;
178 uint32_t namlen, vallen, padlen;
181 char padding[8] = { 0 };
183 namlen = strlen(name);
184 vallen = strlen(value);
185 size = namlen + vallen + 8; /* 4 for the sizes */
186 padlen = (8 - (size & 0x7)) & 0x7;
188 s[0] = ( namlen >> 24) | 0x80;
189 s[1] = ((namlen >> 16) & 0xFF);
190 s[2] = ((namlen >> 8) & 0xFF);
191 s[3] = ( namlen & 0xFF);
193 s[4] = ( vallen >> 24) | 0x80;
194 s[5] = ((vallen >> 16) & 0xFF);
195 s[6] = ((vallen >> 8) & 0xFF);
196 s[7] = ( vallen & 0xFF);
198 prepare_header(&h, FCGI_PARAMS, id, size, padlen);
200 if (bufferevent_write(bev, &h, sizeof(h)) == -1 ||
201 bufferevent_write(bev, s, sizeof(s)) == -1 ||
202 bufferevent_write(bev, name, namlen) == -1 ||
203 bufferevent_write(bev, value, vallen) == -1 ||
204 bufferevent_write(bev, padding, padlen) == -1)
211 fcgi_end_param(struct bufferevent *bev, int id)
213 struct fcgi_header h;
215 prepare_header(&h, FCGI_PARAMS, id, 0, 0);
216 if (bufferevent_write(bev, &h, sizeof(h)) == -1)
219 prepare_header(&h, FCGI_STDIN, id, 0, 0);
220 if (bufferevent_write(bev, &h, sizeof(h)) == -1)
227 fcgi_abort_request(struct client *c)
230 struct fcgi_header h;
234 prepare_header(&h, FCGI_ABORT_REQUEST, c->id, 0, 0);
236 if (bufferevent_write(f->bev, &h, sizeof(h)) == -1)
237 fcgi_close_backend(f);
241 recid(struct fcgi_header *h)
243 return h->req_id0 + (h->req_id1 << 8) - 1;
247 reclen(struct fcgi_header *h)
249 return h->content_len0 + (h->content_len1 << 8);
253 fcgi_close_backend(struct fcgi *f)
255 bufferevent_free(f->bev);
264 fcgi_read(struct bufferevent *bev, void *d)
266 struct fcgi *fcgi = d;
267 struct evbuffer *src = EVBUFFER_INPUT(bev);
268 struct fcgi_header hdr;
269 struct fcgi_end_req_body end;
274 if (debug_socket == -1) {
275 struct sockaddr_un addr;
277 if ((debug_socket = socket(AF_UNIX, SOCK_STREAM, 0)) == -1)
280 memset(&addr, 0, sizeof(addr));
281 addr.sun_family = AF_UNIX;
282 strlcpy(addr.sun_path, "./debug.sock", sizeof(addr.sun_path));
283 if (connect(debug_socket, (struct sockaddr*)&addr, sizeof(addr))
290 if (EVBUFFER_LENGTH(src) < sizeof(hdr))
293 memcpy(&hdr, EVBUFFER_DATA(src), sizeof(hdr));
295 c = try_client_by_id(recid(&hdr));
298 "got invalid client id %d from fcgi backend %d",
299 recid(&hdr), fcgi->id);
305 if (EVBUFFER_LENGTH(src) < sizeof(hdr) + len + hdr.padding)
309 write(debug_socket, EVBUFFER_DATA(src),
310 sizeof(hdr) + len + hdr.padding);
313 evbuffer_drain(src, sizeof(hdr));
316 case FCGI_END_REQUEST:
317 if (len != sizeof(end)) {
319 "got invalid end request record size");
322 bufferevent_read(bev, &end, sizeof(end));
324 /* TODO: do something with the status? */
327 c->type = REQUEST_DONE;
328 client_write(c->bev, c);
332 /* discard stderr (for now) */
333 evbuffer_drain(src, len);
337 bufferevent_write_buffer(c->bev, EVBUFFER_INPUT(bev));
341 log_err(NULL, "got invalid fcgi record (type=%d)",
346 evbuffer_drain(src, hdr.padding);
348 if (fcgi->pending == 0 && shutting_down) {
349 fcgi_error(bev, EVBUFFER_EOF, fcgi);
355 fcgi_error(bev, EVBUFFER_ERROR, fcgi);
359 fcgi_write(struct bufferevent *bev, void *d)
362 * There's no much use for the write callback.
368 fcgi_error(struct bufferevent *bev, short err, void *d)
370 struct fcgi *fcgi = d;
374 if (!(err & (EVBUFFER_ERROR|EVBUFFER_EOF)))
375 log_warn(NULL, "unknown event error (%x): %s",
376 err, strerror(errno));
378 for (i = 0; i < MAX_USERS; ++i) {
381 if (c->fcgi != fcgi->id)
387 start_reply(c, CGI_ERROR, "CGI error");
390 fcgi_close_backend(fcgi);
394 fcgi_req(struct fcgi *f, struct client *c)
396 char addr[NI_MAXHOST], buf[22];
404 e = getnameinfo((struct sockaddr*)&c->addr, sizeof(c->addr),
409 fatal("getnameinfo failed: %s (%s)",
410 gai_strerror(e), strerror(errno));
412 fcgi_begin_request(f->bev, c->id);
413 fcgi_send_param(f->bev, c->id, "GATEWAY_INTERFACE", "CGI/1.1");
414 fcgi_send_param(f->bev, c->id, "GEMINI_URL_PATH", c->iri.path);
415 fcgi_send_param(f->bev, c->id, "QUERY_STRING", c->iri.query);
416 fcgi_send_param(f->bev, c->id, "REMOTE_ADDR", addr);
417 fcgi_send_param(f->bev, c->id, "REMOTE_HOST", addr);
418 fcgi_send_param(f->bev, c->id, "REQUEST_METHOD", "");
419 fcgi_send_param(f->bev, c->id, "SERVER_NAME", c->iri.host);
420 fcgi_send_param(f->bev, c->id, "SERVER_PROTOCOL", "GEMINI");
421 fcgi_send_param(f->bev, c->id, "SERVER_SOFTWARE", GMID_VERSION);
423 if (tls_peer_cert_provided(c->ctx)) {
424 fcgi_send_param(f->bev, c->id, "AUTH_TYPE", "CERTIFICATE");
425 fcgi_send_param(f->bev, c->id, "REMOTE_USER",
426 tls_peer_cert_subject(c->ctx));
427 fcgi_send_param(f->bev, c->id, "TLS_CLIENT_ISSUER",
428 tls_peer_cert_issuer(c->ctx));
429 fcgi_send_param(f->bev, c->id, "TLS_CLIENT_HASH",
430 tls_peer_cert_hash(c->ctx));
431 fcgi_send_param(f->bev, c->id, "TLS_VERSION",
432 tls_conn_version(c->ctx));
433 fcgi_send_param(f->bev, c->id, "TLS_CIPHER",
434 tls_conn_cipher(c->ctx));
436 snprintf(buf, sizeof(buf), "%d",
437 tls_conn_cipher_strength(c->ctx));
438 fcgi_send_param(f->bev, c->id, "TLS_CIPHER_STRENGTH", buf);
440 tim = tls_peer_cert_notbefore(c->ctx);
441 strftime(buf, sizeof(buf), "%FT%TZ",
442 gmtime_r(&tim, &tminfo));
443 fcgi_send_param(f->bev, c->id, "TLS_CLIENT_NOT_BEFORE", buf);
445 tim = tls_peer_cert_notafter(c->ctx);
446 strftime(buf, sizeof(buf), "%FT%TZ",
447 gmtime_r(&tim, &tminfo));
448 fcgi_send_param(f->bev, c->id, "TLS_CLIENT_NOT_AFTER", buf);
450 TAILQ_FOREACH(p, &c->host->params, envs) {
451 fcgi_send_param(f->bev, c->id, p->name, p->value);
454 fcgi_send_param(f->bev, c->id, "AUTH_TYPE", "");
456 if (fcgi_end_param(f->bev, c->id) == -1)
457 fcgi_error(f->bev, EVBUFFER_ERROR, f);