📄 mod_cgid.c
字号:
rv = send_req(sd, r, argv0, env, CGI_REQ); if (rv != APR_SUCCESS) { ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, "write to cgi daemon process"); } info = apr_palloc(r->pool, sizeof(struct cleanup_script_info)); info->r = r; info->conn_id = r->connection->id; info->conf = conf; apr_pool_cleanup_register(r->pool, info, cleanup_script, apr_pool_cleanup_null); /* We are putting the socket discriptor into an apr_file_t so that we can * use a pipe bucket to send the data to the client. APR will create * a cleanup for the apr_file_t which will close the socket, so we'll * get rid of the cleanup we registered when we created the socket. */ apr_os_pipe_put_ex(&tempsock, &sd, 1, r->pool); apr_pool_cleanup_kill(r->pool, (void *)sd, close_unix_socket); if ((argv0 = strrchr(r->filename, '/')) != NULL) argv0++; else argv0 = r->filename; /* Transfer any put/post args, CERN style... * Note that we already ignore SIGPIPE in the core server. */ bb = apr_brigade_create(r->pool, r->connection->bucket_alloc); seen_eos = 0; child_stopped_reading = 0; if (conf->logname) { dbuf = apr_palloc(r->pool, conf->bufbytes + 1); dbpos = 0; } do { apr_bucket *bucket; rv = ap_get_brigade(r->input_filters, bb, AP_MODE_READBYTES, APR_BLOCK_READ, HUGE_STRING_LEN); if (rv != APR_SUCCESS) { return rv; } APR_BRIGADE_FOREACH(bucket, bb) { const char *data; apr_size_t len; if (APR_BUCKET_IS_EOS(bucket)) { seen_eos = 1; break; } /* We can't do much with this. */ if (APR_BUCKET_IS_FLUSH(bucket)) { continue; } /* If the child stopped, we still must read to EOS. */ if (child_stopped_reading) { continue; } /* read */ apr_bucket_read(bucket, &data, &len, APR_BLOCK_READ); if (conf->logname && dbpos < conf->bufbytes) { int cursize; if ((dbpos + len) > conf->bufbytes) { cursize = conf->bufbytes - dbpos; } else { cursize = len; } memcpy(dbuf + dbpos, data, cursize); dbpos += cursize; } /* Keep writing data to the child until done or too much time * elapses with no progress or an error occurs. */ rv = apr_file_write_full(tempsock, data, len, NULL); if (rv != APR_SUCCESS) { /* silly script stopped reading, soak up remaining message */ child_stopped_reading = 1; } } apr_brigade_cleanup(bb); } while (!seen_eos); if (conf->logname) { dbuf[dbpos] = '\0'; } /* we're done writing, or maybe we didn't write at all; * force EOF on child's stdin so that the cgi detects end (or * absence) of data */ shutdown(sd, 1); /* Handle script return... */ if (!nph) { const char *location; char sbuf[MAX_STRING_LEN]; int ret; bb = apr_brigade_create(r->pool, c->bucket_alloc); b = apr_bucket_pipe_create(tempsock, c->bucket_alloc); APR_BRIGADE_INSERT_TAIL(bb, b); b = apr_bucket_eos_create(c->bucket_alloc); APR_BRIGADE_INSERT_TAIL(bb, b); if ((ret = ap_scan_script_header_err_brigade(r, bb, sbuf))) { return log_script(r, conf, ret, dbuf, sbuf, bb, NULL); } location = apr_table_get(r->headers_out, "Location"); if (location && location[0] == '/' && r->status == 200) { /* Soak up all the script output */ discard_script_output(bb); apr_brigade_destroy(bb); /* This redirect needs to be a GET no matter what the original * method was. */ r->method = apr_pstrdup(r->pool, "GET"); r->method_number = M_GET; /* We already read the message body (if any), so don't allow * the redirected request to think it has one. We can ignore * Transfer-Encoding, since we used REQUEST_CHUNKED_ERROR. */ apr_table_unset(r->headers_in, "Content-Length"); ap_internal_redirect_handler(location, r); return OK; } else if (location && r->status == 200) { /* XX Note that if a script wants to produce its own Redirect * body, it now has to explicitly *say* "Status: 302" */ discard_script_output(bb); apr_brigade_destroy(bb); return HTTP_MOVED_TEMPORARILY; } ap_pass_brigade(r->output_filters, bb); } if (nph) { struct ap_filter_t *cur; /* get rid of all filters up through protocol... since we * haven't parsed off the headers, there is no way they can * work */ cur = r->proto_output_filters; while (cur && cur->frec->ftype < AP_FTYPE_CONNECTION) { cur = cur->next; } r->output_filters = r->proto_output_filters = cur; bb = apr_brigade_create(r->pool, c->bucket_alloc); b = apr_bucket_pipe_create(tempsock, c->bucket_alloc); APR_BRIGADE_INSERT_TAIL(bb, b); b = apr_bucket_eos_create(c->bucket_alloc); APR_BRIGADE_INSERT_TAIL(bb, b); ap_pass_brigade(r->output_filters, bb); } return OK; /* NOT r->status, even if it has changed. */ } /*============================================================================ *============================================================================ * This is the beginning of the cgi filter code moved from mod_include. This * is the code required to handle the "exec" SSI directive. *============================================================================ *============================================================================*/static int include_cgi(char *s, request_rec *r, ap_filter_t *next, apr_bucket *head_ptr, apr_bucket **inserted_head){ request_rec *rr = ap_sub_req_lookup_uri(s, r, next); int rr_status; apr_bucket *tmp_buck, *tmp2_buck; if (rr->status != HTTP_OK) { ap_destroy_sub_req(rr); return -1; } /* No hardwired path info or query allowed */ if ((rr->path_info && rr->path_info[0]) || rr->args) { ap_destroy_sub_req(rr); return -1; } if (rr->finfo.filetype != APR_REG) { ap_destroy_sub_req(rr); return -1; } /* Script gets parameters of the *document*, for back compatibility */ rr->path_info = r->path_info; /* hard to get right; see mod_cgi.c */ rr->args = r->args; /* Force sub_req to be treated as a CGI request, even if ordinary * typing rules would have called it something else. */ ap_set_content_type(rr, CGI_MAGIC_TYPE); /* Run it. */ rr_status = ap_run_sub_req(rr); if (ap_is_HTTP_REDIRECT(rr_status)) { apr_size_t len_loc; const char *location = apr_table_get(rr->headers_out, "Location"); conn_rec *c = r->connection; location = ap_escape_html(rr->pool, location); len_loc = strlen(location); /* XXX: if most of this stuff is going to get copied anyway, * it'd be more efficient to pstrcat it into a single pool buffer * and a single pool bucket */ tmp_buck = apr_bucket_immortal_create("<A HREF=\"", sizeof("<A HREF=\"") - 1, c->bucket_alloc); APR_BUCKET_INSERT_BEFORE(head_ptr, tmp_buck); tmp2_buck = apr_bucket_heap_create(location, len_loc, NULL, c->bucket_alloc); APR_BUCKET_INSERT_BEFORE(head_ptr, tmp2_buck); tmp2_buck = apr_bucket_immortal_create("\">", sizeof("\">") - 1, c->bucket_alloc); APR_BUCKET_INSERT_BEFORE(head_ptr, tmp2_buck); tmp2_buck = apr_bucket_heap_create(location, len_loc, NULL, c->bucket_alloc); APR_BUCKET_INSERT_BEFORE(head_ptr, tmp2_buck); tmp2_buck = apr_bucket_immortal_create("</A>", sizeof("</A>") - 1, c->bucket_alloc); APR_BUCKET_INSERT_BEFORE(head_ptr, tmp2_buck); if (*inserted_head == NULL) { *inserted_head = tmp_buck; } } ap_destroy_sub_req(rr); return 0;}/* This is the special environment used for running the "exec cmd=" * variety of SSI directives. */static void add_ssi_vars(request_rec *r, ap_filter_t *next){ apr_table_t *e = r->subprocess_env; if (r->path_info && r->path_info[0] != '\0') { request_rec *pa_req; apr_table_setn(e, "PATH_INFO", ap_escape_shell_cmd(r->pool, r->path_info)); pa_req = ap_sub_req_lookup_uri(ap_escape_uri(r->pool, r->path_info), r, NULL); if (pa_req->filename) { apr_table_setn(e, "PATH_TRANSLATED", apr_pstrcat(r->pool, pa_req->filename, pa_req->path_info, NULL)); } ap_destroy_sub_req(pa_req); } if (r->args) { char *arg_copy = apr_pstrdup(r->pool, r->args); apr_table_setn(e, "QUERY_STRING", r->args); ap_unescape_url(arg_copy); apr_table_setn(e, "QUERY_STRING_UNESCAPED", ap_escape_shell_cmd(r->pool, arg_copy)); }}static int include_cmd(include_ctx_t *ctx, apr_bucket_brigade **bb, char *command, request_rec *r, ap_filter_t *f){ char **env; int sd; apr_status_t rc = APR_SUCCESS; int retval; apr_bucket_brigade *bcgi; apr_bucket *b; apr_file_t *tempsock = NULL; cgid_server_conf *conf = ap_get_module_config(r->server->module_config, &cgid_module); struct cleanup_script_info *info; add_ssi_vars(r, f->next); env = ap_create_environment(r->pool, r->subprocess_env); if ((retval = connect_to_daemon(&sd, r, conf)) != OK) { return retval; } SPLIT_AND_PASS_PRETAG_BUCKETS(*bb, ctx, f->next, rc); if (rc != APR_SUCCESS) { return rc; } send_req(sd, r, command, env, SSI_REQ); info = apr_palloc(r->pool, sizeof(struct cleanup_script_info)); info->r = r; info->conn_id = r->connection->id; info->conf = conf; /* for this type of request, the script is invoked through an * intermediate shell process... cleanup_script is only able * to knock out the shell process, not the actual script */ apr_pool_cleanup_register(r->pool, info, cleanup_script, apr_pool_cleanup_null); /* We are putting the socket discriptor into an apr_file_t so that we can * use a pipe bucket to send the data to the client. APR will create * a cleanup for the apr_file_t which will close the socket, so we'll * get rid of the cleanup we registered when we created the socket. */ apr_os_pipe_put_ex(&tempsock, &sd, 1, r->pool); apr_pool_cleanup_kill(r->pool, (void *)sd, close_unix_socket); bcgi = apr_brigade_create(r->pool, r->connection->bucket_alloc); b = apr_bucket_pipe_create(tempsock, r->connection->bucket_alloc); APR_BRIGADE_INSERT_TAIL(bcgi, b); ap_pass_brigade(f->next, bcgi); return 0;}static int handle_exec(include_ctx_t *ctx, apr_bucket_brigade **bb, request_rec *r, ap_filter_t *f, apr_bucket *head_ptr, apr_bucket **inserted_head){ char *tag = NULL; char *tag_val = NULL; char *file = r->filename; apr_bucket *tmp_buck; char parsed_string[MAX_STRING_LEN]; *inserted_head = NULL; if (ctx->flags & FLAG_PRINTING) { if (ctx->flags & FLAG_NO_EXEC) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "exec used but not allowed in %s", r->filename); CREATE_ERROR_BUCKET(ctx, tmp_buck, head_ptr, *inserted_head); } else { while (1) { cgid_pfn_gtv(ctx, &tag, &tag_val, 1); if (tag_val == NULL) { if (tag == NULL) { return (0); } else { return 1; } } if (!strcmp(tag, "cmd")) { cgid_pfn_ps(r, ctx, tag_val, parsed_string, sizeof(parsed_string), 1); if (include_cmd(ctx, bb, parsed_string, r, f) == -1) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "execution failure for parameter \"%s\" " "to tag exec in file %s", tag, r->filename); CREATE_ERROR_BUCKET(ctx, tmp_buck, head_ptr, *inserted_head); } /* just in case some stooge changed directories */ } else if (!strcmp(tag, "cgi")) { apr_status_t retval = APR_SUCCESS; cgid_pfn_ps(r, ctx, tag_val, parsed_string, sizeof(parsed_string), 0); SPLIT_AND_PASS_PRETAG_BUCKETS(*bb, ctx, f->next, retval); if (retval != APR_SUCCESS) { return retval; } if (include_cgi(parsed_string, r, f->next, head_ptr, inserted_head) == -1) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "invalid CGI ref \"%s\" in %s", tag_val, file); CREATE_ERROR_BUCKET(ctx, tmp_buck, head_ptr, *inserted_head); } } else { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "unknown parameter \"%s\" to tag exec in %s", tag, file); CREATE_ERROR_BUCKET(ctx, tmp_buck, head_ptr, *inserted_head); } } } } return 0;}/*============================================================================ *============================================================================ * This is the end of the cgi filter code moved from mod_include. *============================================================================ *============================================================================*/static void register_hook(apr_pool_t *p){ static const char * const aszPre[] = { "mod_include.c", NULL }; ap_hook_post_config(cgid_init, aszPre, NULL, APR_HOOK_MIDDLE); ap_hook_handler(cgid_handler, NULL, NULL, APR_HOOK_MIDDLE);}module AP_MODULE_DECLARE_DATA cgid_module = { STANDARD20_MODULE_STUFF, NULL, /* dir config creater */ NULL, /* dir merger --- default is to override */ create_cgid_config, /* server config */ merge_cgid_config, /* merge server config */ cgid_cmds, /* command table */ register_hook /* register_handlers */ }; ⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -