aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeLines
* Use lerrx instead of errx since the logging subsystem is already ↵claudio2020-05-24-3/+3
| | | | initialized. OK florian@
* Implement -u (user to drop privs to) and -p flag (path to chroot to). This ↵florian2020-05-24-13/+45
| | | | allows to run slowcgi non-chrooted with -p /, requested by at least ratchov@ and henning@. Input by many, OK ratchov@ on a previous diff, "looks good" millert@, man page bits tweak and OK schwarze@ (all some time ago); OK henning@
* Cleanup socket creation. Input ajacoutot some time ago; OK henning@florian2020-05-24-13/+10
|
* My previous attempt to chdir(2) to the directory containing the cgi script ↵florian2020-05-24-5/+10
| | | | was not quite right. slowcgi would try to chdir("") with a SCRIPT_NAME of /foo.cgi; chdir("/") in that case. I'm not sure how one would configure nginx/slowcgi to get to that point though. OK benno@
* Calculate the length of name and value for parameters the right way around ↵florian2020-05-24-6/+6
| | | | for the 4 byte encoding. With this QUERY_STRING can be longer than 127 bytes. Found the hard way while playing with smokeping. OK benno@
* httpd(8) did a chdir(2) to the directory containing the cgi script. As there ↵florian2020-05-24-1/+10
| | | | | | might be scripts depending on this do the same in slowcgi(8). pointed out and OK ratchov@
* jturner pointed out that if one wants to run cgi scripts outside /cgi-bin ↵florian2020-05-24-2/+6
| | | | SCRIPT_NAME doesn't cut it. The spec says: "The SCRIPT_NAME variable MUST be set to a URL path". Use SCRIPT_FILENAME which can be an absolute filesystem path for these cases and fall back to using SCRIPT_NAME if SCRIPT_FILENAME is not present. Details how to handle this worked out by jturner and sthen. Based on an erlier diff by jturner. Tested by jturner OK jturner, sthen
* Better explanation what slowcgi(8) is for. Room for improvements pointed out ↵florian2020-05-24-2/+25
| | | | by deraadt@ Tweaks/OK jmc@ OK deraadt@
* Wording improvements from Patrik Lundinderaadt2020-05-24-4/+4
|
* fix reaper loop that could run indefinitelydjm2020-05-24-2/+5
| | | | | | | log execve() failures to syslog (very useful for debugging SCRIPT_NAME problems) ok florian@
* Make it clear that slowcgi(8) drops privileges to user www. Pointed out some ↵florian2020-05-24-3/+5
| | | | time ago by blambert. OK jmc, blambert
* Initialize sun_len, pointed out by deraadt@. While there also check length ↵florian2020-05-24-2/+6
| | | | of socket path, more relevant now since an alternative socket can be specified. OK benno@
* Fix a potential file descriptor overlap in exec_cgi() by making sure that ↵florian2020-05-24-2/+26
| | | | file descriptors zero to two are always open when starting slowcgi. pointed out, with and looks good to deraadt@
* We need to loop around waitpid to catch all exited children as we are not ↵florian2020-05-24-19/+20
| | | | guaranteed to get one signal per child. pointed out by deraadt OK benno, blambert
* Do not leak fds in fork(2) error path. pointed out by deraadt@florian2020-05-24-1/+17
|
* Check for EINTR, too. pointed out by deraadt@florian2020-05-24-3/+3
|
* No need for volatile here. pointed out by deraadt@florian2020-05-24-2/+2
|
* spelling, spacing, etcderaadt2020-05-24-18/+20
|
* reserve file descriptors for incoming connections so we will be able to ↵benno2020-05-24-3/+35
| | | | actually run the cgi for them later on. mirrored on relayd. ok florian@ blambert@
* Keep track of which fds were closed before and only close those still open. ↵florian2020-05-24-4/+16
| | | | Otherwise if there are parallel requests and the timing is just right we were closing random fds from other connections. OK blambert
* Do not fiddle with the response queue directly but go through a new ↵florian2020-05-24-9/+12
| | | | slowcgi_add_response() function. This ensures that we always do an event_add. OK blambert
* Logging to syslog works better with openlog(3). OK blambertflorian2020-05-24-1/+7
|
* Use a dedicated socketpair for stdin, makes the code more symetric and gets ↵florian2020-05-24-15/+25
| | | | rid of shutdown(2) which might cause problems. OK blambert
* Calculate correct pointer for fcgi_{begin,end}_request_body. input / OK blambertflorian2020-05-24-3/+3
|
* Calculate correct pointer for end_request; while there initialize reserved ↵florian2020-05-24-3/+6
| | | | to zero. OK blambert
* set FD_CLOEXEC OK blambertflorian2020-05-24-1/+8
|
* adjust the names to more accurately reflect the names of structs and ↵blambert2020-05-24-65/+65
| | | | | | | | functions as they relate to the FastCGI protocol style(9)ize some function declarations while here ok florian@
* Sprinkle some comments which clarify the protocol/process flow.blambert2020-05-24-1/+18
| | | | ok florian@
* When dumping FastCGI protocol headers during debug, dump the "request begin" ↵blambert2020-05-24-8/+43
| | | | | | | | | and "request end" protocol entries in addition While here, make the "FastCGI request body" struct's name more precise (fcgi_end_request -> fcgi_end_request_body). okay florian@
* Use the correct buffer size for memory allocation and reads.blambert2020-05-24-5/+9
| | | | okay florian@
* If the CGI script died due to receipt of signal, pass that back to the HTTP ↵blambert2020-05-24-6/+20
| | | | | | | | frontend as the "application return status". While here, add a pair of informative debugging statements. ok florian@
* slowcgi grows an option to specify an alternate FastCGI socket on which to ↵blambert2020-05-24-8/+17
| | | | | | | | listen. okay dcoppa@, henning@, florian@ manpage okay from jmc@
* Give slowcgi a style(9) scrubbing. No functional change.blambert2020-05-24-41/+47
| | | | ok florian@
* move bgplg and slowcgi sockets to /var/www/run input reyk@, guenther@ "move ↵florian2020-05-24-5/+5
| | | | fast" deraadt@ OK naddy@
* tweaks; ok florianjmc2020-05-24-7/+5
|
* off by one, from Henri Kemppainen <duclare-at-guu.fi>, thanks!florian2020-05-24-2/+2
|
* Fix pasto where 'c' instead of 'clients' is checked for NULL and add missing ↵jasper2020-05-24-2/+3
| | | | | | free for the fcgi_response. ok florian@
* Put slowcgi(8) a FastCGI to CGI wrapper in to work on it in tree. Not hooked ↵florian2020-05-24-0/+1101
up to the build yet. OK sthen@, deraadt@ agrees