aboutsummaryrefslogtreecommitdiffstats
path: root/slowcgi.c (unfollow)
Commit message (Collapse)AuthorLines
2020-05-24Include grp.hWynn Wolf Arbor-0/+1
This is needed for setgroups(2)
2020-05-24Add queue.h from OpenBSDWynn Wolf Arbor-1/+2
The original file location in the OpenBSD tree - sys/sys/queue.h
2020-05-24Add strlcpy(3) from OpenBSDWynn Wolf Arbor-0/+6
The original file location in the OpenBSD tree - lib/libc/string/strlcpy.c
2020-05-24Use pledge(2) only on OpenBSDWynn Wolf Arbor-0/+4
2020-05-24Use corresponding attributes for __packed and __deadWynn Wolf Arbor-0/+8
2020-05-24When calculating the fd limit before accepting a new connection also account ↵claudio-2/+2
for the inflight fds caused by the new connection. Without this slowcgi could fail when close to the limit because FD_RESERVE is smaller then FD_NEEDED. OK florian@, tested by Kristaps Dzonsons
2020-05-24Call daemon with 0 as first argument so that it changes the cwd to /. It is ↵florian-2/+2
not a problem in slowcgi since it calls chroot(2) and then chdir(2) shortly afterwards but hopefully prevents copying code into daemons where it does matter. Problem first observed by dlg in ntpd(8) which keeps sitting in the directory from where it was started which might for example prevent an unmount. Discussed with deraadt@
2020-05-24Make the owner of fcgi socket configurable.florian-6/+12
Andrew Daugherity (andrew.daugherity AT gmail) pointed out that this is helpful for his port to linux. For example on openSUSE nginx and Apache run as different users so a compile time default user won't cut it. Man page tweaks jmc@ While here, consistently log users at debug level; from Andrew.
2020-05-24consistently use the evtimer wrappers around the connection timeout.florian-3/+3
this is instead of setting the timeout up with event_set and event_add, but removing it with evtimer_del. this uses evtimer_set and evtimer_add. prompted by dlg's commit to identd OK dlg
2020-05-24Sync the severity of the syslog_* functions shared between identd, slowcgi, ↵florian-5/+5
tftp-proxy and tftpd to the severity used in log.c style loggers. This also fixes an issue where syslog_err and syslog_errx logged with different severities. Sure deraadt@
2020-05-24Add format attribute to logger functions. Fix format string while here. ↵florian-15/+28
Input & OK benno@
2020-05-24As suggested by the FastCGI spec, zero-pad the response buffers to be ↵reyk-3/+22
aligned to 8 bytes. This matches what most other implementations are doing. While here, make sure that the allocated response buffers are zero'ed out. OK florian@
2020-05-24typo in error message: to -> tootb@openbsd.org-2/+2
ok florian@
2020-05-24pledge(2) for slowcgi. After initialization slowcgi accepts from a AF_UNIX ↵florian-1/+6
socket, forks and execs. After fork we only need to close(2), chdir(2) and exec. OK benno@
2020-05-24re-shuffle slowcgi_listen to run less code as root. OK benno@florian-15/+16
2020-05-24Output the contents of the environment in debug mode which is most helpful ↵millert-1/+2
in debugging interactions between httpd and slowcgi. OK florian@
2020-05-24Clean up includes, while here fix a white space which lead to a false ↵florian-5/+5
positive during grep'ing. OK reyk
2020-05-24The kernel doesn't actually care what a sockaddr's sa_len is on input, so ↵guenther-5/+3
don't waste code setting it improvment and ok florian@
2020-05-24Replace <sys/param.h> with <limits.h> and other less dirty headers where ↵deraadt-4/+5
possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
2020-05-24read(2) returns ssize_t, not size_tblambert-2/+3
ok florian@
2020-05-24Bail out if the buffer is too small to contain the length of a parameter ↵florian-4/+4
value. Found while investigating a dead store pointed out by llvm scan-build.
2020-05-24dead stores; pointed out by llvm scan-build; no binary changeflorian-5/+1
2020-05-24pause shadows global; pointed out by gcc; no binary changeflorian-5/+5
2020-05-24mode is unused; pointed out by gcc; no binary changeflorian-2/+2
2020-05-24declare lerr and lerrx __dead; unconfuses llvm scan-buildflorian-12/+12
2020-05-24Instead of doing the fcntl(2) and ioctl(2) song and dance just tell ↵florian-11/+5
socket(2) and accept4(2) that we want non-blocking-close-on-exec sockets. OK benno@
2020-05-24Use lerrx instead of errx since the logging subsystem is already ↵claudio-3/+3
initialized. OK florian@
2020-05-24Implement -u (user to drop privs to) and -p flag (path to chroot to). This ↵florian-12/+29
allows to run slowcgi non-chrooted with -p /, requested by at least ratchov@ and henning@. Input by many, OK ratchov@ on a previous diff, "looks good" millert@, man page bits tweak and OK schwarze@ (all some time ago); OK henning@
2020-05-24Cleanup socket creation. Input ajacoutot some time ago; OK henning@florian-10/+7
2020-05-24My previous attempt to chdir(2) to the directory containing the cgi script ↵florian-5/+10
was not quite right. slowcgi would try to chdir("") with a SCRIPT_NAME of /foo.cgi; chdir("/") in that case. I'm not sure how one would configure nginx/slowcgi to get to that point though. OK benno@
2020-05-24Calculate the length of name and value for parameters the right way around ↵florian-6/+6
for the 4 byte encoding. With this QUERY_STRING can be longer than 127 bytes. Found the hard way while playing with smokeping. OK benno@
2020-05-24httpd(8) did a chdir(2) to the directory containing the cgi script. As there ↵florian-1/+10
might be scripts depending on this do the same in slowcgi(8). pointed out and OK ratchov@
2020-05-24jturner pointed out that if one wants to run cgi scripts outside /cgi-bin ↵florian-2/+6
SCRIPT_NAME doesn't cut it. The spec says: "The SCRIPT_NAME variable MUST be set to a URL path". Use SCRIPT_FILENAME which can be an absolute filesystem path for these cases and fall back to using SCRIPT_NAME if SCRIPT_FILENAME is not present. Details how to handle this worked out by jturner and sthen. Based on an erlier diff by jturner. Tested by jturner OK jturner, sthen
2020-05-24fix reaper loop that could run indefinitelydjm-2/+5
log execve() failures to syslog (very useful for debugging SCRIPT_NAME problems) ok florian@
2020-05-24Initialize sun_len, pointed out by deraadt@. While there also check length ↵florian-2/+6
of socket path, more relevant now since an alternative socket can be specified. OK benno@
2020-05-24Fix a potential file descriptor overlap in exec_cgi() by making sure that ↵florian-2/+26
file descriptors zero to two are always open when starting slowcgi. pointed out, with and looks good to deraadt@
2020-05-24We need to loop around waitpid to catch all exited children as we are not ↵florian-19/+20
guaranteed to get one signal per child. pointed out by deraadt OK benno, blambert
2020-05-24Do not leak fds in fork(2) error path. pointed out by deraadt@florian-1/+17
2020-05-24Check for EINTR, too. pointed out by deraadt@florian-3/+3
2020-05-24No need for volatile here. pointed out by deraadt@florian-2/+2
2020-05-24spelling, spacing, etcderaadt-18/+20
2020-05-24reserve file descriptors for incoming connections so we will be able to ↵benno-3/+35
actually run the cgi for them later on. mirrored on relayd. ok florian@ blambert@
2020-05-24Keep track of which fds were closed before and only close those still open. ↵florian-4/+16
Otherwise if there are parallel requests and the timing is just right we were closing random fds from other connections. OK blambert
2020-05-24Do not fiddle with the response queue directly but go through a new ↵florian-9/+12
slowcgi_add_response() function. This ensures that we always do an event_add. OK blambert
2020-05-24Logging to syslog works better with openlog(3). OK blambertflorian-1/+7
2020-05-24Use a dedicated socketpair for stdin, makes the code more symetric and gets ↵florian-15/+25
rid of shutdown(2) which might cause problems. OK blambert
2020-05-24Calculate correct pointer for fcgi_{begin,end}_request_body. input / OK blambertflorian-3/+3
2020-05-24Calculate correct pointer for end_request; while there initialize reserved ↵florian-3/+6
to zero. OK blambert
2020-05-24set FD_CLOEXEC OK blambertflorian-1/+8
2020-05-24adjust the names to more accurately reflect the names of structs and ↵blambert-65/+65
functions as they relate to the FastCGI protocol style(9)ize some function declarations while here ok florian@