Commit message (Collapse) | Author | Age | Lines | |
---|---|---|---|---|
* | Use lerrx instead of errx since the logging subsystem is already ↵ | claudio | 2020-05-24 | -3/+3 |
| | | | | initialized. OK florian@ | |||
* | Implement -u (user to drop privs to) and -p flag (path to chroot to). This ↵ | florian | 2020-05-24 | -13/+45 |
| | | | | allows to run slowcgi non-chrooted with -p /, requested by at least ratchov@ and henning@. Input by many, OK ratchov@ on a previous diff, "looks good" millert@, man page bits tweak and OK schwarze@ (all some time ago); OK henning@ | |||
* | Cleanup socket creation. Input ajacoutot some time ago; OK henning@ | florian | 2020-05-24 | -13/+10 |
| | ||||
* | My previous attempt to chdir(2) to the directory containing the cgi script ↵ | florian | 2020-05-24 | -5/+10 |
| | | | | was not quite right. slowcgi would try to chdir("") with a SCRIPT_NAME of /foo.cgi; chdir("/") in that case. I'm not sure how one would configure nginx/slowcgi to get to that point though. OK benno@ | |||
* | Calculate the length of name and value for parameters the right way around ↵ | florian | 2020-05-24 | -6/+6 |
| | | | | for the 4 byte encoding. With this QUERY_STRING can be longer than 127 bytes. Found the hard way while playing with smokeping. OK benno@ | |||
* | httpd(8) did a chdir(2) to the directory containing the cgi script. As there ↵ | florian | 2020-05-24 | -1/+10 |
| | | | | | | might be scripts depending on this do the same in slowcgi(8). pointed out and OK ratchov@ | |||
* | jturner pointed out that if one wants to run cgi scripts outside /cgi-bin ↵ | florian | 2020-05-24 | -2/+6 |
| | | | | SCRIPT_NAME doesn't cut it. The spec says: "The SCRIPT_NAME variable MUST be set to a URL path". Use SCRIPT_FILENAME which can be an absolute filesystem path for these cases and fall back to using SCRIPT_NAME if SCRIPT_FILENAME is not present. Details how to handle this worked out by jturner and sthen. Based on an erlier diff by jturner. Tested by jturner OK jturner, sthen | |||
* | Better explanation what slowcgi(8) is for. Room for improvements pointed out ↵ | florian | 2020-05-24 | -2/+25 |
| | | | | by deraadt@ Tweaks/OK jmc@ OK deraadt@ | |||
* | Wording improvements from Patrik Lundin | deraadt | 2020-05-24 | -4/+4 |
| | ||||
* | fix reaper loop that could run indefinitely | djm | 2020-05-24 | -2/+5 |
| | | | | | | | log execve() failures to syslog (very useful for debugging SCRIPT_NAME problems) ok florian@ | |||
* | Make it clear that slowcgi(8) drops privileges to user www. Pointed out some ↵ | florian | 2020-05-24 | -3/+5 |
| | | | | time ago by blambert. OK jmc, blambert | |||
* | Initialize sun_len, pointed out by deraadt@. While there also check length ↵ | florian | 2020-05-24 | -2/+6 |
| | | | | of socket path, more relevant now since an alternative socket can be specified. OK benno@ | |||
* | Fix a potential file descriptor overlap in exec_cgi() by making sure that ↵ | florian | 2020-05-24 | -2/+26 |
| | | | | file descriptors zero to two are always open when starting slowcgi. pointed out, with and looks good to deraadt@ | |||
* | We need to loop around waitpid to catch all exited children as we are not ↵ | florian | 2020-05-24 | -19/+20 |
| | | | | guaranteed to get one signal per child. pointed out by deraadt OK benno, blambert | |||
* | Do not leak fds in fork(2) error path. pointed out by deraadt@ | florian | 2020-05-24 | -1/+17 |
| | ||||
* | Check for EINTR, too. pointed out by deraadt@ | florian | 2020-05-24 | -3/+3 |
| | ||||
* | No need for volatile here. pointed out by deraadt@ | florian | 2020-05-24 | -2/+2 |
| | ||||
* | spelling, spacing, etc | deraadt | 2020-05-24 | -18/+20 |
| | ||||
* | reserve file descriptors for incoming connections so we will be able to ↵ | benno | 2020-05-24 | -3/+35 |
| | | | | actually run the cgi for them later on. mirrored on relayd. ok florian@ blambert@ | |||
* | Keep track of which fds were closed before and only close those still open. ↵ | florian | 2020-05-24 | -4/+16 |
| | | | | Otherwise if there are parallel requests and the timing is just right we were closing random fds from other connections. OK blambert | |||
* | Do not fiddle with the response queue directly but go through a new ↵ | florian | 2020-05-24 | -9/+12 |
| | | | | slowcgi_add_response() function. This ensures that we always do an event_add. OK blambert | |||
* | Logging to syslog works better with openlog(3). OK blambert | florian | 2020-05-24 | -1/+7 |
| | ||||
* | Use a dedicated socketpair for stdin, makes the code more symetric and gets ↵ | florian | 2020-05-24 | -15/+25 |
| | | | | rid of shutdown(2) which might cause problems. OK blambert | |||
* | Calculate correct pointer for fcgi_{begin,end}_request_body. input / OK blambert | florian | 2020-05-24 | -3/+3 |
| | ||||
* | Calculate correct pointer for end_request; while there initialize reserved ↵ | florian | 2020-05-24 | -3/+6 |
| | | | | to zero. OK blambert | |||
* | set FD_CLOEXEC OK blambert | florian | 2020-05-24 | -1/+8 |
| | ||||
* | adjust the names to more accurately reflect the names of structs and ↵ | blambert | 2020-05-24 | -65/+65 |
| | | | | | | | | functions as they relate to the FastCGI protocol style(9)ize some function declarations while here ok florian@ | |||
* | Sprinkle some comments which clarify the protocol/process flow. | blambert | 2020-05-24 | -1/+18 |
| | | | | ok florian@ | |||
* | When dumping FastCGI protocol headers during debug, dump the "request begin" ↵ | blambert | 2020-05-24 | -8/+43 |
| | | | | | | | | | and "request end" protocol entries in addition While here, make the "FastCGI request body" struct's name more precise (fcgi_end_request -> fcgi_end_request_body). okay florian@ | |||
* | Use the correct buffer size for memory allocation and reads. | blambert | 2020-05-24 | -5/+9 |
| | | | | okay florian@ | |||
* | If the CGI script died due to receipt of signal, pass that back to the HTTP ↵ | blambert | 2020-05-24 | -6/+20 |
| | | | | | | | | frontend as the "application return status". While here, add a pair of informative debugging statements. ok florian@ | |||
* | slowcgi grows an option to specify an alternate FastCGI socket on which to ↵ | blambert | 2020-05-24 | -8/+17 |
| | | | | | | | | listen. okay dcoppa@, henning@, florian@ manpage okay from jmc@ | |||
* | Give slowcgi a style(9) scrubbing. No functional change. | blambert | 2020-05-24 | -41/+47 |
| | | | | ok florian@ | |||
* | move bgplg and slowcgi sockets to /var/www/run input reyk@, guenther@ "move ↵ | florian | 2020-05-24 | -5/+5 |
| | | | | fast" deraadt@ OK naddy@ | |||
* | tweaks; ok florian | jmc | 2020-05-24 | -7/+5 |
| | ||||
* | off by one, from Henri Kemppainen <duclare-at-guu.fi>, thanks! | florian | 2020-05-24 | -2/+2 |
| | ||||
* | Fix pasto where 'c' instead of 'clients' is checked for NULL and add missing ↵ | jasper | 2020-05-24 | -2/+3 |
| | | | | | | free for the fcgi_response. ok florian@ | |||
* | Put slowcgi(8) a FastCGI to CGI wrapper in to work on it in tree. Not hooked ↵ | florian | 2020-05-24 | -0/+1101 |
up to the build yet. OK sthen@, deraadt@ agrees |