aboutsummaryrefslogtreecommitdiffstats
path: root/slowcgi.c (follow)
Commit message (Collapse)AuthorAgeLines
* Ignore SIGPIPE by default and restore default behaviour before executing the ↵claudio2021-05-27-8/+4
| | | | CGI. OK bluhm@ florian@
* accept_reserve() counter function argument doesn't need to be volatile. ↵millert2021-05-27-4/+3
| | | | Revision 1.21 removed the volatile from the cgi_inflight global but accept_reserve() was not updated to match. OK florian@
* Do not send debug messages to syslog by default6.8.1Wynn Wolf Arbor2021-01-26-0/+3
| | | | | | | | | | | | | | | | | | | This partially reverts 56691b1 (Allow specifying -d multiple times, 2020-05-11). In that commit, a check for the debug variable in syslog_debug was removed because a debug level of > 0 would have slowcgi log to the console instead of syslog, making the check pointless. However, this also means that slowcgi will now print debug messages by default, even if run without the '-d' flag. The commit messages states that the syslog daemon should handle debug output instead. We feel that this is unsound reasoning, and that it goes against a de-facto standard seen in the wild so far: only issue debug output (whether to console or not), if specifically asked for. Therefore, reintroduce the check for the debug variable. Whilst this will in fact make the whole syslog_debug method pointless, we do not want to commit to a complete rewrite of the debug functionality at this time (even if such an undertaking is, in our opinion, warranted).
* Allow specifying -d multiple times. Only print the fcgi header data if debug ↵claudio2020-05-24-7/+4
| | | | > 1 (-dd) since it adds a lot of noise to the output. In syslog_debug do not check for the debug variable instead let syslog handle it. Currently syslog_debug() would never print anything since it is only called with debug = 0 (debug > 0 implies the console logger). OK florian@
* Just a bit of KNF. OK florian@claudio2020-05-24-4/+4
|
* Use -1 instead of WAIT_ANYWynn Wolf Arbor2020-05-24-1/+1
| | | | | This change is needed to build slowcgi(8) successfully on musl-based systems, as the musl libc does not define WAIT_ANY.
* Add getdtablecount(2)Wynn Wolf Arbor2020-05-24-0/+1
| | | | This was taken from https://github.com/Duncaen/lobase
* Include grp.hWynn Wolf Arbor2020-05-24-0/+1
| | | | This is needed for setgroups(2)
* Add queue.h from OpenBSDWynn Wolf Arbor2020-05-24-1/+2
| | | | | The original file location in the OpenBSD tree - sys/sys/queue.h
* Add strlcpy(3) from OpenBSDWynn Wolf Arbor2020-05-24-0/+6
| | | | | The original file location in the OpenBSD tree - lib/libc/string/strlcpy.c
* Use pledge(2) only on OpenBSDWynn Wolf Arbor2020-05-24-0/+4
|
* Use corresponding attributes for __packed and __deadWynn Wolf Arbor2020-05-24-0/+8
|
* When calculating the fd limit before accepting a new connection also account ↵claudio2020-05-24-2/+2
| | | | for the inflight fds caused by the new connection. Without this slowcgi could fail when close to the limit because FD_RESERVE is smaller then FD_NEEDED. OK florian@, tested by Kristaps Dzonsons
* Call daemon with 0 as first argument so that it changes the cwd to /. It is ↵florian2020-05-24-2/+2
| | | | not a problem in slowcgi since it calls chroot(2) and then chdir(2) shortly afterwards but hopefully prevents copying code into daemons where it does matter. Problem first observed by dlg in ntpd(8) which keeps sitting in the directory from where it was started which might for example prevent an unmount. Discussed with deraadt@
* Make the owner of fcgi socket configurable.florian2020-05-24-6/+12
| | | | | | | | | | Andrew Daugherity (andrew.daugherity AT gmail) pointed out that this is helpful for his port to linux. For example on openSUSE nginx and Apache run as different users so a compile time default user won't cut it. Man page tweaks jmc@ While here, consistently log users at debug level; from Andrew.
* consistently use the evtimer wrappers around the connection timeout.florian2020-05-24-3/+3
| | | | | | | | | this is instead of setting the timeout up with event_set and event_add, but removing it with evtimer_del. this uses evtimer_set and evtimer_add. prompted by dlg's commit to identd OK dlg
* Sync the severity of the syslog_* functions shared between identd, slowcgi, ↵florian2020-05-24-5/+5
| | | | | | tftp-proxy and tftpd to the severity used in log.c style loggers. This also fixes an issue where syslog_err and syslog_errx logged with different severities. Sure deraadt@
* Add format attribute to logger functions. Fix format string while here. ↵florian2020-05-24-15/+28
| | | | Input & OK benno@
* As suggested by the FastCGI spec, zero-pad the response buffers to be ↵reyk2020-05-24-3/+22
| | | | | | aligned to 8 bytes. This matches what most other implementations are doing. While here, make sure that the allocated response buffers are zero'ed out. OK florian@
* typo in error message: to -> tootb@openbsd.org2020-05-24-2/+2
| | | | ok florian@
* pledge(2) for slowcgi. After initialization slowcgi accepts from a AF_UNIX ↵florian2020-05-24-1/+6
| | | | socket, forks and execs. After fork we only need to close(2), chdir(2) and exec. OK benno@
* re-shuffle slowcgi_listen to run less code as root. OK benno@florian2020-05-24-15/+16
|
* Output the contents of the environment in debug mode which is most helpful ↵millert2020-05-24-1/+2
| | | | in debugging interactions between httpd and slowcgi. OK florian@
* Clean up includes, while here fix a white space which lead to a false ↵florian2020-05-24-5/+5
| | | | positive during grep'ing. OK reyk
* The kernel doesn't actually care what a sockaddr's sa_len is on input, so ↵guenther2020-05-24-5/+3
| | | | | | don't waste code setting it improvment and ok florian@
* Replace <sys/param.h> with <limits.h> and other less dirty headers where ↵deraadt2020-05-24-4/+5
| | | | possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
* read(2) returns ssize_t, not size_tblambert2020-05-24-2/+3
| | | | ok florian@
* Bail out if the buffer is too small to contain the length of a parameter ↵florian2020-05-24-4/+4
| | | | value. Found while investigating a dead store pointed out by llvm scan-build.
* dead stores; pointed out by llvm scan-build; no binary changeflorian2020-05-24-5/+1
|
* pause shadows global; pointed out by gcc; no binary changeflorian2020-05-24-5/+5
|
* mode is unused; pointed out by gcc; no binary changeflorian2020-05-24-2/+2
|
* declare lerr and lerrx __dead; unconfuses llvm scan-buildflorian2020-05-24-12/+12
|
* Instead of doing the fcntl(2) and ioctl(2) song and dance just tell ↵florian2020-05-24-11/+5
| | | | socket(2) and accept4(2) that we want non-blocking-close-on-exec sockets. OK benno@
* Use lerrx instead of errx since the logging subsystem is already ↵claudio2020-05-24-3/+3
| | | | initialized. OK florian@
* Implement -u (user to drop privs to) and -p flag (path to chroot to). This ↵florian2020-05-24-12/+29
| | | | allows to run slowcgi non-chrooted with -p /, requested by at least ratchov@ and henning@. Input by many, OK ratchov@ on a previous diff, "looks good" millert@, man page bits tweak and OK schwarze@ (all some time ago); OK henning@
* Cleanup socket creation. Input ajacoutot some time ago; OK henning@florian2020-05-24-10/+7
|
* My previous attempt to chdir(2) to the directory containing the cgi script ↵florian2020-05-24-5/+10
| | | | was not quite right. slowcgi would try to chdir("") with a SCRIPT_NAME of /foo.cgi; chdir("/") in that case. I'm not sure how one would configure nginx/slowcgi to get to that point though. OK benno@
* Calculate the length of name and value for parameters the right way around ↵florian2020-05-24-6/+6
| | | | for the 4 byte encoding. With this QUERY_STRING can be longer than 127 bytes. Found the hard way while playing with smokeping. OK benno@
* httpd(8) did a chdir(2) to the directory containing the cgi script. As there ↵florian2020-05-24-1/+10
| | | | | | might be scripts depending on this do the same in slowcgi(8). pointed out and OK ratchov@
* jturner pointed out that if one wants to run cgi scripts outside /cgi-bin ↵florian2020-05-24-2/+6
| | | | SCRIPT_NAME doesn't cut it. The spec says: "The SCRIPT_NAME variable MUST be set to a URL path". Use SCRIPT_FILENAME which can be an absolute filesystem path for these cases and fall back to using SCRIPT_NAME if SCRIPT_FILENAME is not present. Details how to handle this worked out by jturner and sthen. Based on an erlier diff by jturner. Tested by jturner OK jturner, sthen
* fix reaper loop that could run indefinitelydjm2020-05-24-2/+5
| | | | | | | log execve() failures to syslog (very useful for debugging SCRIPT_NAME problems) ok florian@
* Initialize sun_len, pointed out by deraadt@. While there also check length ↵florian2020-05-24-2/+6
| | | | of socket path, more relevant now since an alternative socket can be specified. OK benno@
* Fix a potential file descriptor overlap in exec_cgi() by making sure that ↵florian2020-05-24-2/+26
| | | | file descriptors zero to two are always open when starting slowcgi. pointed out, with and looks good to deraadt@
* We need to loop around waitpid to catch all exited children as we are not ↵florian2020-05-24-19/+20
| | | | guaranteed to get one signal per child. pointed out by deraadt OK benno, blambert
* Do not leak fds in fork(2) error path. pointed out by deraadt@florian2020-05-24-1/+17
|
* Check for EINTR, too. pointed out by deraadt@florian2020-05-24-3/+3
|
* No need for volatile here. pointed out by deraadt@florian2020-05-24-2/+2
|
* spelling, spacing, etcderaadt2020-05-24-18/+20
|
* reserve file descriptors for incoming connections so we will be able to ↵benno2020-05-24-3/+35
| | | | actually run the cgi for them later on. mirrored on relayd. ok florian@ blambert@
* Keep track of which fds were closed before and only close those still open. ↵florian2020-05-24-4/+16
| | | | Otherwise if there are parallel requests and the timing is just right we were closing random fds from other connections. OK blambert