| /* |
| * Functions about FCGI applications and filters. |
| * |
| * Copyright (C) 2019 HAProxy Technologies, Christopher Faulet <cfaulet@haproxy.com> |
| * |
| * This program is free software; you can redistribute it and/or |
| * modify it under the terms of the GNU General Public License |
| * as published by the Free Software Foundation; either version |
| * 2 of the License, or (at your option) any later version. |
| * |
| */ |
| |
| #include <haproxy/acl.h> |
| #include <haproxy/api.h> |
| #include <haproxy/cfgparse.h> |
| #include <haproxy/chunk.h> |
| #include <haproxy/errors.h> |
| #include <haproxy/fcgi-app.h> |
| #include <haproxy/filters.h> |
| #include <haproxy/http_fetch.h> |
| #include <haproxy/http_htx.h> |
| #include <haproxy/log.h> |
| #include <haproxy/proxy.h> |
| #include <haproxy/regex.h> |
| #include <haproxy/sample.h> |
| #include <haproxy/server-t.h> |
| #include <haproxy/session.h> |
| #include <haproxy/sink.h> |
| #include <haproxy/tools.h> |
| |
| |
| /* Global list of all FCGI applications */ |
| static struct fcgi_app *fcgi_apps = NULL; |
| |
| struct flt_ops fcgi_flt_ops; |
| const char *fcgi_flt_id = "FCGI filter"; |
| |
| DECLARE_STATIC_POOL(pool_head_fcgi_flt_ctx, "fcgi_flt_ctx", sizeof(struct fcgi_flt_ctx)); |
| DECLARE_STATIC_POOL(pool_head_fcgi_param_rule, "fcgi_param_rule", sizeof(struct fcgi_param_rule)); |
| DECLARE_STATIC_POOL(pool_head_fcgi_hdr_rule, "fcgi_hdr_rule", sizeof(struct fcgi_hdr_rule)); |
| |
| /**************************************************************************/ |
| /***************************** Uitls **************************************/ |
| /**************************************************************************/ |
| /* Makes a fcgi parameter name (prefixed by ':fcgi-') with <name> (in |
| * lowercase). All non alphanumeric character are replaced by an underscore |
| * ('_'). The result is copied into <dst>. the corresponding ist is returned. |
| */ |
| static struct ist fcgi_param_name(char *dst, const struct ist name) |
| { |
| size_t ofs1, ofs2; |
| |
| memcpy(dst, ":fcgi-", 6); |
| ofs1 = 6; |
| for (ofs2 = 0; ofs2 < name.len; ofs2++) { |
| if (isalnum((unsigned char)name.ptr[ofs2])) |
| dst[ofs1++] = ist_lc[(unsigned char)name.ptr[ofs2]]; |
| else |
| dst[ofs1++] = '_'; |
| } |
| return ist2(dst, ofs1); |
| } |
| |
| /* Returns a pointer to the FCGi application matching the name <name>. NULL is |
| * returned if no match found. |
| */ |
| struct fcgi_app *fcgi_app_find_by_name(const char *name) |
| { |
| struct fcgi_app *app; |
| |
| for (app = fcgi_apps; app != NULL; app = app->next) { |
| if (strcmp(app->name, name) == 0) |
| return app; |
| } |
| |
| return NULL; |
| } |
| |
| struct fcgi_flt_conf *find_px_fcgi_conf(struct proxy *px) |
| { |
| struct flt_conf *fconf; |
| |
| list_for_each_entry(fconf, &px->filter_configs, list) { |
| if (fconf->id == fcgi_flt_id) |
| return fconf->conf; |
| } |
| return NULL; |
| } |
| |
| struct fcgi_flt_ctx *find_strm_fcgi_ctx(struct stream *s) |
| { |
| struct filter *filter; |
| |
| if (!s) |
| return NULL; |
| |
| list_for_each_entry(filter, &strm_flt(s)->filters, list) { |
| if (FLT_ID(filter) == fcgi_flt_id) |
| return FLT_CONF(filter); |
| } |
| return NULL; |
| } |
| |
| struct fcgi_app *get_px_fcgi_app(struct proxy *px) |
| { |
| struct fcgi_flt_conf *fcgi_conf = find_px_fcgi_conf(px); |
| |
| if (fcgi_conf) |
| return fcgi_conf->app; |
| return NULL; |
| } |
| |
| struct fcgi_app *get_strm_fcgi_app(struct stream *s) |
| { |
| struct fcgi_flt_ctx *fcgi_ctx = find_strm_fcgi_ctx(s); |
| |
| if (fcgi_ctx) |
| return fcgi_ctx->app; |
| return NULL; |
| } |
| |
| static void fcgi_release_rule_conf(struct fcgi_rule_conf *rule) |
| { |
| if (!rule) |
| return; |
| free(rule->name); |
| free(rule->value); |
| if (rule->cond) { |
| prune_acl_cond(rule->cond); |
| free(rule->cond); |
| } |
| free(rule); |
| } |
| |
| static void fcgi_release_rule(struct fcgi_rule *rule) |
| { |
| if (!rule) |
| return; |
| |
| if (!LIST_ISEMPTY(&rule->value)) { |
| struct logformat_node *lf, *lfb; |
| |
| list_for_each_entry_safe(lf, lfb, &rule->value, list) { |
| LIST_DELETE(&lf->list); |
| release_sample_expr(lf->expr); |
| free(lf->arg); |
| free(lf); |
| } |
| } |
| /* ->cond and ->name are not owned by the rule */ |
| free(rule); |
| } |
| |
| /**************************************************************************/ |
| /*********************** FCGI Sample fetches ******************************/ |
| /**************************************************************************/ |
| |
| static int smp_fetch_fcgi_docroot(const struct arg *args, struct sample *smp, |
| const char *kw, void *private) |
| { |
| struct fcgi_app *app = get_strm_fcgi_app(smp->strm); |
| |
| if (!app) |
| return 0; |
| |
| smp->data.type = SMP_T_STR; |
| smp->data.u.str.area = app->docroot.ptr; |
| smp->data.u.str.data = app->docroot.len; |
| smp->flags = SMP_F_CONST; |
| return 1; |
| } |
| |
| static int smp_fetch_fcgi_index(const struct arg *args, struct sample *smp, |
| const char *kw, void *private) |
| { |
| struct fcgi_app *app = get_strm_fcgi_app(smp->strm); |
| |
| if (!app || !istlen(app->index)) |
| return 0; |
| |
| smp->data.type = SMP_T_STR; |
| smp->data.u.str.area = app->index.ptr; |
| smp->data.u.str.data = app->index.len; |
| smp->flags = SMP_F_CONST; |
| return 1; |
| } |
| |
| /**************************************************************************/ |
| /************************** FCGI filter ***********************************/ |
| /**************************************************************************/ |
| static int fcgi_flt_init(struct proxy *px, struct flt_conf *fconf) |
| { |
| fconf->flags |= FLT_CFG_FL_HTX; |
| return 0; |
| } |
| |
| static void fcgi_flt_deinit(struct proxy *px, struct flt_conf *fconf) |
| { |
| struct fcgi_flt_conf *fcgi_conf = fconf->conf; |
| struct fcgi_rule *rule, *back; |
| |
| if (!fcgi_conf) |
| return; |
| |
| free(fcgi_conf->name); |
| |
| list_for_each_entry_safe(rule, back, &fcgi_conf->param_rules, list) { |
| LIST_DELETE(&rule->list); |
| fcgi_release_rule(rule); |
| } |
| |
| list_for_each_entry_safe(rule, back, &fcgi_conf->hdr_rules, list) { |
| LIST_DELETE(&rule->list); |
| fcgi_release_rule(rule); |
| } |
| |
| free(fcgi_conf); |
| } |
| |
| static int fcgi_flt_check(struct proxy *px, struct flt_conf *fconf) |
| { |
| struct fcgi_flt_conf *fcgi_conf = fconf->conf; |
| struct fcgi_rule_conf *crule, *back; |
| struct fcgi_rule *rule = NULL; |
| struct flt_conf *f; |
| char *errmsg = NULL; |
| |
| fcgi_conf->app = fcgi_app_find_by_name(fcgi_conf->name); |
| if (!fcgi_conf->app) { |
| ha_alert("proxy '%s' : fcgi-app '%s' not found.\n", |
| px->id, fcgi_conf->name); |
| goto err; |
| } |
| |
| list_for_each_entry(f, &px->filter_configs, list) { |
| if (f->id == http_comp_flt_id || f->id == cache_store_flt_id) |
| continue; |
| else if ((f->id == fconf->id) && f->conf != fcgi_conf) { |
| ha_alert("proxy '%s' : only one fcgi-app supported per backend.\n", |
| px->id); |
| goto err; |
| } |
| else if (f->id != fconf->id) { |
| /* Implicit declaration is only allowed with the |
| * compression and cache. For other filters, an implicit |
| * declaration is required. */ |
| ha_alert("config: proxy '%s': require an explicit filter declaration " |
| "to use the fcgi-app '%s'.\n", px->id, fcgi_conf->name); |
| goto err; |
| } |
| } |
| |
| list_for_each_entry_safe(crule, back, &fcgi_conf->app->conf.rules, list) { |
| rule = calloc(1, sizeof(*rule)); |
| if (!rule) { |
| ha_alert("proxy '%s' : out of memory.\n", px->id); |
| goto err; |
| } |
| rule->type = crule->type; |
| rule->name = ist(crule->name); |
| rule->cond = crule->cond; |
| LIST_INIT(&rule->value); |
| |
| if (crule->value) { |
| if (!parse_logformat_string(crule->value, px, &rule->value, LOG_OPT_HTTP, |
| SMP_VAL_BE_HRQ_HDR, &errmsg)) { |
| ha_alert("proxy '%s' : %s.\n", px->id, errmsg); |
| goto err; |
| } |
| } |
| |
| if (rule->type == FCGI_RULE_SET_PARAM || rule->type == FCGI_RULE_UNSET_PARAM) |
| LIST_APPEND(&fcgi_conf->param_rules, &rule->list); |
| else /* FCGI_RULE_PASS_HDR/FCGI_RULE_HIDE_HDR */ |
| LIST_APPEND(&fcgi_conf->hdr_rules, &rule->list); |
| rule = NULL; |
| } |
| return 0; |
| |
| err: |
| free(errmsg); |
| free(rule); |
| return 1; |
| } |
| |
| static int fcgi_flt_start(struct stream *s, struct filter *filter) |
| { |
| struct fcgi_flt_conf *fcgi_conf = FLT_CONF(filter); |
| struct fcgi_flt_ctx *fcgi_ctx; |
| |
| fcgi_ctx = pool_alloc(pool_head_fcgi_flt_ctx); |
| if (fcgi_ctx == NULL) { |
| // FIXME: send a warning |
| return 0; |
| } |
| fcgi_ctx->filter = filter; |
| fcgi_ctx->app = fcgi_conf->app; |
| filter->ctx = fcgi_ctx; |
| |
| s->req.analysers |= AN_REQ_HTTP_BODY; |
| return 1; |
| } |
| |
| static void fcgi_flt_stop(struct stream *s, struct filter *filter) |
| { |
| struct flt_fcgi_ctx *fcgi_ctx = filter->ctx; |
| |
| if (!fcgi_ctx) |
| return; |
| pool_free(pool_head_fcgi_flt_ctx, fcgi_ctx); |
| filter->ctx = NULL; |
| } |
| |
| static int fcgi_flt_http_headers(struct stream *s, struct filter *filter, struct http_msg *msg) |
| { |
| struct session *sess = strm_sess(s); |
| struct buffer *value; |
| struct fcgi_flt_conf *fcgi_conf = FLT_CONF(filter); |
| struct fcgi_rule *rule; |
| struct fcgi_param_rule *param_rule; |
| struct fcgi_hdr_rule *hdr_rule; |
| struct ebpt_node *node, *next; |
| struct eb_root param_rules = EB_ROOT; |
| struct eb_root hdr_rules = EB_ROOT; |
| struct htx *htx; |
| struct http_hdr_ctx ctx; |
| int ret; |
| |
| htx = htxbuf(&msg->chn->buf); |
| |
| if (msg->chn->flags & CF_ISRESP) { |
| struct htx_sl *sl; |
| |
| /* Remove the header "Status:" from the response */ |
| ctx.blk = NULL; |
| while (http_find_header(htx, ist("status"), &ctx, 1)) |
| http_remove_header(htx, &ctx); |
| |
| /* Add the header "Date:" if not found */ |
| ctx.blk = NULL; |
| if (!http_find_header(htx, ist("date"), &ctx, 1)) { |
| struct tm tm; |
| |
| get_gmtime(date.tv_sec, &tm); |
| trash.data = strftime(trash.area, trash.size, "%a, %d %b %Y %T %Z", &tm); |
| if (trash.data) |
| http_add_header(htx, ist("date"), ist2(trash.area, trash.data)); |
| } |
| |
| /* Add the header "Content-Length:" if possible */ |
| sl = http_get_stline(htx); |
| if (s->txn->meth != HTTP_METH_HEAD && sl && |
| (msg->flags & (HTTP_MSGF_XFER_LEN|HTTP_MSGF_CNT_LEN|HTTP_MSGF_TE_CHNK)) == HTTP_MSGF_XFER_LEN && |
| (htx->flags & HTX_FL_EOM)) { |
| struct htx_blk * blk; |
| char *end; |
| size_t len = 0; |
| |
| for (blk = htx_get_first_blk(htx); blk; blk = htx_get_next_blk(htx, blk)) { |
| enum htx_blk_type type = htx_get_blk_type(blk); |
| |
| if (type == HTX_BLK_TLR || type == HTX_BLK_EOT) |
| break; |
| if (type == HTX_BLK_DATA) |
| len += htx_get_blksz(blk); |
| } |
| end = ultoa_o(len, trash.area, trash.size); |
| if (http_add_header(htx, ist("content-length"), ist2(trash.area, end-trash.area))) { |
| sl->flags |= HTX_SL_F_CLEN; |
| msg->flags |= HTTP_MSGF_CNT_LEN; |
| } |
| } |
| |
| return 1; |
| } |
| |
| /* Analyze the request's headers */ |
| |
| value = alloc_trash_chunk(); |
| if (!value) |
| goto end; |
| |
| list_for_each_entry(rule, &fcgi_conf->param_rules, list) { |
| if (rule->cond) { |
| ret = acl_exec_cond(rule->cond, s->be, sess, s, SMP_OPT_DIR_REQ|SMP_OPT_FINAL); |
| ret = acl_pass(ret); |
| if (rule->cond->pol == ACL_COND_UNLESS) |
| ret = !ret; |
| |
| /* the rule does not match */ |
| if (!ret) |
| continue; |
| } |
| |
| param_rule = NULL; |
| node = ebis_lookup_len(¶m_rules, rule->name.ptr, rule->name.len); |
| if (node) { |
| param_rule = container_of(node, struct fcgi_param_rule, node); |
| ebpt_delete(node); |
| } |
| else { |
| param_rule = pool_alloc(pool_head_fcgi_param_rule); |
| if (param_rule == NULL) |
| goto param_rule_err; |
| } |
| |
| param_rule->node.key = rule->name.ptr; |
| param_rule->name = rule->name; |
| param_rule->value = &rule->value; |
| ebis_insert(¶m_rules, ¶m_rule->node); |
| } |
| |
| list_for_each_entry(rule, &fcgi_conf->hdr_rules, list) { |
| if (rule->cond) { |
| ret = acl_exec_cond(rule->cond, s->be, sess, s, SMP_OPT_DIR_REQ|SMP_OPT_FINAL); |
| ret = acl_pass(ret); |
| if (rule->cond->pol == ACL_COND_UNLESS) |
| ret = !ret; |
| |
| /* the rule does not match */ |
| if (!ret) |
| continue; |
| } |
| |
| hdr_rule = NULL; |
| node = ebis_lookup_len(&hdr_rules, rule->name.ptr, rule->name.len); |
| if (node) { |
| hdr_rule = container_of(node, struct fcgi_hdr_rule, node); |
| ebpt_delete(node); |
| } |
| else { |
| hdr_rule = pool_alloc(pool_head_fcgi_hdr_rule); |
| if (hdr_rule == NULL) |
| goto hdr_rule_err; |
| } |
| |
| hdr_rule->node.key = rule->name.ptr; |
| hdr_rule->name = rule->name; |
| hdr_rule->pass = (rule->type == FCGI_RULE_PASS_HDR); |
| ebis_insert(&hdr_rules, &hdr_rule->node); |
| } |
| |
| node = ebpt_first(¶m_rules); |
| while (node) { |
| next = ebpt_next(node); |
| ebpt_delete(node); |
| param_rule = container_of(node, struct fcgi_param_rule, node); |
| node = next; |
| |
| b_reset(value); |
| value->data = build_logline(s, value->area, value->size, param_rule->value); |
| if (!value->data) { |
| pool_free(pool_head_fcgi_param_rule, param_rule); |
| continue; |
| } |
| if (!http_add_header(htx, param_rule->name, ist2(value->area, value->data))) |
| goto rewrite_err; |
| pool_free(pool_head_fcgi_param_rule, param_rule); |
| } |
| |
| node = ebpt_first(&hdr_rules); |
| while (node) { |
| next = ebpt_next(node); |
| ebpt_delete(node); |
| hdr_rule = container_of(node, struct fcgi_hdr_rule, node); |
| node = next; |
| |
| if (!hdr_rule->pass) { |
| ctx.blk = NULL; |
| while (http_find_header(htx, hdr_rule->name, &ctx, 1)) |
| http_remove_header(htx, &ctx); |
| } |
| pool_free(pool_head_fcgi_hdr_rule, hdr_rule); |
| } |
| |
| goto end; |
| |
| rewrite_err: |
| _HA_ATOMIC_INC(&sess->fe->fe_counters.failed_rewrites); |
| _HA_ATOMIC_INC(&s->be->be_counters.failed_rewrites); |
| if (sess->listener && sess->listener->counters) |
| _HA_ATOMIC_INC(&sess->listener->counters->failed_rewrites); |
| if (objt_server(s->target)) |
| _HA_ATOMIC_INC(&__objt_server(s->target)->counters.failed_rewrites); |
| hdr_rule_err: |
| node = ebpt_first(&hdr_rules); |
| while (node) { |
| next = ebpt_next(node); |
| ebpt_delete(node); |
| hdr_rule = container_of(node, struct fcgi_hdr_rule, node); |
| node = next; |
| pool_free(pool_head_fcgi_hdr_rule, hdr_rule); |
| } |
| param_rule_err: |
| node = ebpt_first(¶m_rules); |
| while (node) { |
| next = ebpt_next(node); |
| ebpt_delete(node); |
| param_rule = container_of(node, struct fcgi_param_rule, node); |
| node = next; |
| pool_free(pool_head_fcgi_param_rule, param_rule); |
| } |
| end: |
| free_trash_chunk(value); |
| return 1; |
| } |
| |
| struct flt_ops fcgi_flt_ops = { |
| .init = fcgi_flt_init, |
| .check = fcgi_flt_check, |
| .deinit = fcgi_flt_deinit, |
| |
| .attach = fcgi_flt_start, |
| .detach = fcgi_flt_stop, |
| |
| .http_headers = fcgi_flt_http_headers, |
| }; |
| |
| /**************************************************************************/ |
| /*********************** FCGI Config parsing ******************************/ |
| /**************************************************************************/ |
| static int |
| parse_fcgi_flt(char **args, int *cur_arg, struct proxy *px, |
| struct flt_conf *fconf, char **err, void *private) |
| { |
| struct flt_conf *f, *back; |
| struct fcgi_flt_conf *fcgi_conf = NULL; |
| char *name = NULL; |
| int pos = *cur_arg; |
| |
| /* Get the fcgi-app name*/ |
| if (!*args[pos + 1]) { |
| memprintf(err, "%s : expects a <name> argument", args[pos]); |
| goto err; |
| } |
| name = strdup(args[pos + 1]); |
| if (!name) { |
| memprintf(err, "%s '%s' : out of memory", args[pos], args[pos + 1]); |
| goto err; |
| } |
| pos += 2; |
| |
| /* Check if an fcgi-app filter with the same name already exists */ |
| list_for_each_entry_safe(f, back, &px->filter_configs, list) { |
| if (f->id != fcgi_flt_id) |
| continue; |
| fcgi_conf = f->conf; |
| if (strcmp(name, fcgi_conf->name) != 0) { |
| fcgi_conf = NULL; |
| continue; |
| } |
| |
| /* Place the filter at its right position */ |
| LIST_DELETE(&f->list); |
| free(f); |
| ha_free(&name); |
| break; |
| } |
| |
| /* No other fcgi-app filter found, create configuration for the explicit one */ |
| if (!fcgi_conf) { |
| fcgi_conf = calloc(1, sizeof(*fcgi_conf)); |
| if (!fcgi_conf) { |
| memprintf(err, "%s: out of memory", args[*cur_arg]); |
| goto err; |
| } |
| fcgi_conf->name = name; |
| LIST_INIT(&fcgi_conf->param_rules); |
| LIST_INIT(&fcgi_conf->hdr_rules); |
| } |
| |
| fconf->id = fcgi_flt_id; |
| fconf->conf = fcgi_conf; |
| fconf->ops = &fcgi_flt_ops; |
| |
| *cur_arg = pos; |
| return 0; |
| err: |
| free(name); |
| return -1; |
| } |
| |
| /* Parses the "use-fcgi-app" proxy keyword */ |
| static int proxy_parse_use_fcgi_app(char **args, int section, struct proxy *curpx, |
| const struct proxy *defpx, const char *file, int line, |
| char **err) |
| { |
| struct flt_conf *fconf = NULL; |
| struct fcgi_flt_conf *fcgi_conf = NULL; |
| int retval = 0; |
| |
| if ((curpx->cap & PR_CAP_DEF) || !(curpx->cap & PR_CAP_BE)) { |
| memprintf(err, "'%s' only available in backend or listen section", args[0]); |
| retval = -1; |
| goto end; |
| } |
| |
| if (!*(args[1])) { |
| memprintf(err, "'%s' expects <name> as argument", args[0]); |
| retval = -1; |
| goto end; |
| } |
| |
| /* check if a fcgi filter was already registered with this name, |
| * if that's the case, must use it. */ |
| list_for_each_entry(fconf, &curpx->filter_configs, list) { |
| if (fconf->id == fcgi_flt_id) { |
| fcgi_conf = fconf->conf; |
| if (fcgi_conf && strcmp((char *)fcgi_conf->name, args[1]) == 0) |
| goto end; |
| memprintf(err, "'%s' : only one fcgi-app supported per backend", args[0]); |
| retval = -1; |
| goto end; |
| } |
| } |
| |
| /* Create the FCGI filter config */ |
| fcgi_conf = calloc(1, sizeof(*fcgi_conf)); |
| if (!fcgi_conf) |
| goto err; |
| fcgi_conf->name = strdup(args[1]); |
| LIST_INIT(&fcgi_conf->param_rules); |
| LIST_INIT(&fcgi_conf->hdr_rules); |
| |
| /* Register the filter */ |
| fconf = calloc(1, sizeof(*fconf)); |
| if (!fconf) |
| goto err; |
| fconf->id = fcgi_flt_id; |
| fconf->conf = fcgi_conf; |
| fconf->ops = &fcgi_flt_ops; |
| LIST_APPEND(&curpx->filter_configs, &fconf->list); |
| |
| end: |
| return retval; |
| err: |
| if (fcgi_conf) { |
| free(fcgi_conf->name); |
| free(fcgi_conf); |
| } |
| memprintf(err, "out of memory"); |
| retval = -1; |
| goto end; |
| } |
| |
| /* Finishes the parsing of FCGI application of proxies and servers */ |
| static int cfg_fcgi_apps_postparser() |
| { |
| struct fcgi_app *curapp; |
| struct proxy *px; |
| struct server *srv; |
| struct logsrv *logsrv; |
| int err_code = 0; |
| |
| for (px = proxies_list; px; px = px->next) { |
| struct fcgi_flt_conf *fcgi_conf = find_px_fcgi_conf(px); |
| int nb_fcgi_srv = 0; |
| |
| if (px->mode == PR_MODE_TCP && fcgi_conf) { |
| ha_alert("proxy '%s': FCGI application cannot be used in non-HTTP mode.\n", |
| px->id); |
| err_code |= ERR_ALERT | ERR_FATAL; |
| goto end; |
| } |
| |
| /* By default, for FCGI-ready backend, HTTP request header names |
| * are restricted and the "delete" policy is set |
| */ |
| if (fcgi_conf && !(px->options2 & PR_O2_RSTRICT_REQ_HDR_NAMES_MASK)) |
| px->options2 |= PR_O2_RSTRICT_REQ_HDR_NAMES_DEL; |
| |
| for (srv = px->srv; srv; srv = srv->next) { |
| if (srv->mux_proto && isteq(srv->mux_proto->token, ist("fcgi"))) { |
| nb_fcgi_srv++; |
| if (fcgi_conf) |
| continue; |
| ha_alert("proxy '%s': FCGI server '%s' has no FCGI app configured.\n", |
| px->id, srv->id); |
| err_code |= ERR_ALERT | ERR_FATAL; |
| goto end; |
| } |
| } |
| if (fcgi_conf && !nb_fcgi_srv) { |
| ha_alert("proxy '%s': FCGI app configured but no FCGI server found.\n", |
| px->id); |
| err_code |= ERR_ALERT | ERR_FATAL; |
| goto end; |
| } |
| } |
| |
| for (curapp = fcgi_apps; curapp != NULL; curapp = curapp->next) { |
| if (!istlen(curapp->docroot)) { |
| ha_alert("fcgi-app '%s': no docroot configured.\n", |
| curapp->name); |
| err_code |= ERR_ALERT | ERR_FATAL; |
| goto end; |
| } |
| if (!(curapp->flags & (FCGI_APP_FL_MPXS_CONNS|FCGI_APP_FL_GET_VALUES))) { |
| if (curapp->maxreqs > 1) { |
| ha_warning("fcgi-app '%s': multiplexing not supported, " |
| "ignore the option 'max-reqs'.\n", |
| curapp->name); |
| err_code |= ERR_WARN; |
| } |
| curapp->maxreqs = 1; |
| } |
| |
| list_for_each_entry(logsrv, &curapp->logsrvs, list) { |
| if (logsrv->type == LOG_TARGET_BUFFER) { |
| struct sink *sink = sink_find(logsrv->ring_name); |
| |
| if (!sink || sink->type != SINK_TYPE_BUFFER) { |
| ha_alert("fcgi-app '%s' : log server uses unknown ring named '%s'.\n", |
| curapp->name, logsrv->ring_name); |
| err_code |= ERR_ALERT | ERR_FATAL; |
| } |
| logsrv->sink = sink; |
| } |
| } |
| } |
| |
| end: |
| return err_code; |
| } |
| |
| static int fcgi_app_add_rule(struct fcgi_app *curapp, enum fcgi_rule_type type, char *name, char *value, |
| struct acl_cond *cond, char **err) |
| { |
| struct fcgi_rule_conf *rule; |
| |
| /* Param not found, add a new one */ |
| rule = calloc(1, sizeof(*rule)); |
| if (!rule) |
| goto err; |
| LIST_INIT(&rule->list); |
| rule->type = type; |
| if (type == FCGI_RULE_SET_PARAM || type == FCGI_RULE_UNSET_PARAM) { |
| struct ist fname = fcgi_param_name(trash.area, ist(name)); |
| rule->name = my_strndup(fname.ptr, fname.len); |
| } |
| else { /* FCGI_RULE_PASS_HDR/FCGI_RULE_HIDE_HDR */ |
| struct ist fname = ist2bin_lc(trash.area, ist(name)); |
| rule->name = my_strndup(fname.ptr, fname.len); |
| } |
| if (!rule->name) |
| goto err; |
| |
| if (value) { |
| rule->value = strdup(value); |
| if (!rule->value) |
| goto err; |
| } |
| rule->cond = cond; |
| LIST_APPEND(&curapp->conf.rules, &rule->list); |
| return 1; |
| |
| err: |
| if (rule) { |
| free(rule->name); |
| free(rule->value); |
| free(rule); |
| } |
| if (cond) { |
| prune_acl_cond(cond); |
| free(cond); |
| } |
| memprintf(err, "out of memory"); |
| return 0; |
| } |
| |
| /* Parses "fcgi-app" section */ |
| static int cfg_parse_fcgi_app(const char *file, int linenum, char **args, int kwm) |
| { |
| static struct fcgi_app *curapp = NULL; |
| struct acl_cond *cond = NULL; |
| char *name, *value = NULL; |
| enum fcgi_rule_type type; |
| int err_code = 0; |
| const char *err; |
| char *errmsg = NULL; |
| |
| if (strcmp(args[0], "fcgi-app") == 0) { /* new fcgi-app */ |
| if (!*(args[1])) { |
| ha_alert("parsing [%s:%d]: '%s' expects <name> as argument.\n", |
| file, linenum, args[0]); |
| err_code |= ERR_ALERT | ERR_FATAL; |
| goto out; |
| } |
| if (alertif_too_many_args(1, file, linenum, args, &err_code)) |
| goto out; |
| |
| err = invalid_char(args[1]); |
| if (err) { |
| ha_alert("parsing [%s:%d]: character '%c' is not permitted in '%s' name '%s'.\n", |
| file, linenum, *err, args[0], args[1]); |
| err_code |= ERR_ALERT | ERR_FATAL; |
| goto out; |
| } |
| |
| for (curapp = fcgi_apps; curapp != NULL; curapp = curapp->next) { |
| if (strcmp(curapp->name, args[1]) == 0) { |
| ha_alert("Parsing [%s:%d]: fcgi-app section '%s' has the same name as another one declared at %s:%d.\n", |
| file, linenum, args[1], curapp->conf.file, curapp->conf.line); |
| err_code |= ERR_ALERT | ERR_FATAL; |
| } |
| } |
| |
| curapp = calloc(1, sizeof(*curapp)); |
| if (!curapp) { |
| ha_alert("parsing [%s:%d] : out of memory.\n", file, linenum); |
| err_code |= ERR_ALERT | ERR_ABORT; |
| goto out; |
| } |
| |
| curapp->next = fcgi_apps; |
| fcgi_apps = curapp; |
| curapp->flags = FCGI_APP_FL_KEEP_CONN; |
| curapp->docroot = ist(NULL); |
| curapp->index = ist(NULL); |
| curapp->pathinfo_re = NULL; |
| curapp->name = strdup(args[1]); |
| curapp->maxreqs = 1; |
| curapp->conf.file = strdup(file); |
| curapp->conf.line = linenum; |
| LIST_INIT(&curapp->acls); |
| LIST_INIT(&curapp->logsrvs); |
| LIST_INIT(&curapp->conf.args.list); |
| LIST_INIT(&curapp->conf.rules); |
| |
| /* Set info about authentication */ |
| if (!fcgi_app_add_rule(curapp, FCGI_RULE_SET_PARAM, "REMOTE_USER", "%[http_auth_user]", NULL, &errmsg) || |
| !fcgi_app_add_rule(curapp, FCGI_RULE_SET_PARAM, "AUTH_TYPE", "%[http_auth_type]", NULL, &errmsg)) { |
| ha_alert("parsing [%s:%d] : '%s' : %s.\n", file, linenum, |
| args[1], errmsg); |
| err_code |= ERR_ALERT | ERR_FATAL; |
| } |
| |
| /* Hide hop-by-hop headers by default */ |
| if (!fcgi_app_add_rule(curapp, FCGI_RULE_HIDE_HDR, "connection", NULL, NULL, &errmsg) || |
| !fcgi_app_add_rule(curapp, FCGI_RULE_HIDE_HDR, "keep-alive", NULL, NULL, &errmsg) || |
| !fcgi_app_add_rule(curapp, FCGI_RULE_HIDE_HDR, "authorization", NULL, NULL, &errmsg) || |
| !fcgi_app_add_rule(curapp, FCGI_RULE_HIDE_HDR, "proxy", NULL, NULL, &errmsg) || |
| !fcgi_app_add_rule(curapp, FCGI_RULE_HIDE_HDR, "proxy-authorization", NULL, NULL, &errmsg) || |
| !fcgi_app_add_rule(curapp, FCGI_RULE_HIDE_HDR, "proxy-authenticate", NULL, NULL, &errmsg) || |
| !fcgi_app_add_rule(curapp, FCGI_RULE_HIDE_HDR, "te", NULL, NULL, &errmsg) || |
| !fcgi_app_add_rule(curapp, FCGI_RULE_HIDE_HDR, "trailers", NULL, NULL, &errmsg) || |
| !fcgi_app_add_rule(curapp, FCGI_RULE_HIDE_HDR, "transfer-encoding", NULL, NULL, &errmsg) || |
| !fcgi_app_add_rule(curapp, FCGI_RULE_HIDE_HDR, "upgrade", NULL, NULL, &errmsg)) { |
| ha_alert("parsing [%s:%d] : '%s' : %s.\n", file, linenum, |
| args[1], errmsg); |
| err_code |= ERR_ALERT | ERR_FATAL; |
| } |
| } |
| else if (strcmp(args[0], "docroot") == 0) { |
| if (!*(args[1])) { |
| ha_alert("parsing [%s:%d] : '%s' expects <path> as argument.\n", |
| file, linenum, args[0]); |
| err_code |= ERR_ALERT | ERR_FATAL; |
| goto out; |
| } |
| if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code)) |
| goto out; |
| istfree(&curapp->docroot); |
| curapp->docroot = ist(strdup(args[1])); |
| if (!isttest(curapp->docroot)) { |
| ha_alert("parsing [%s:%d] : out of memory.\n", file, linenum); |
| err_code |= ERR_ALERT | ERR_ABORT; |
| } |
| } |
| else if (strcmp(args[0], "path-info") == 0) { |
| if (!*(args[1])) { |
| ha_alert("parsing [%s:%d] : '%s' expects <regex> as argument.\n", |
| file, linenum, args[0]); |
| err_code |= ERR_ALERT | ERR_FATAL; |
| goto out; |
| } |
| if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code)) |
| goto out; |
| regex_free(curapp->pathinfo_re); |
| curapp->pathinfo_re = regex_comp(args[1], 1, 1, &errmsg); |
| if (!curapp->pathinfo_re) { |
| ha_alert("parsing [%s:%d] : '%s' : %s.\n", file, linenum, |
| args[1], errmsg); |
| err_code |= ERR_ALERT | ERR_FATAL; |
| } |
| } |
| else if (strcmp(args[0], "index") == 0) { |
| if (!*(args[1])) { |
| ha_alert("parsing [%s:%d] : '%s' expects <filename> as argument.\n", |
| file, linenum, args[0]); |
| err_code |= ERR_ALERT | ERR_FATAL; |
| goto out; |
| } |
| if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code)) |
| goto out; |
| istfree(&curapp->index); |
| curapp->index = ist(strdup(args[1])); |
| if (!isttest(curapp->index)) { |
| ha_alert("parsing [%s:%d] : out of memory.\n", file, linenum); |
| err_code |= ERR_ALERT | ERR_ABORT; |
| } |
| } |
| else if (strcmp(args[0], "acl") == 0) { |
| const char *err; |
| err = invalid_char(args[1]); |
| if (err) { |
| ha_alert("parsing [%s:%d] : character '%c' is not permitted in acl name '%s'.\n", |
| file, linenum, *err, args[1]); |
| err_code |= ERR_ALERT | ERR_FATAL; |
| goto out; |
| } |
| if (strcasecmp(args[1], "or") == 0) { |
| ha_alert("parsing [%s:%d] : acl name '%s' will never match. 'or' is used to express a " |
| "logical disjunction within a condition.\n", |
| file, linenum, args[1]); |
| err_code |= ERR_ALERT | ERR_FATAL; |
| goto out; |
| } |
| if (parse_acl((const char **)args+1, &curapp->acls, &errmsg, &curapp->conf.args, file, linenum) == NULL) { |
| ha_alert("parsing [%s:%d] : error detected while parsing ACL '%s' : %s.\n", |
| file, linenum, args[1], errmsg); |
| err_code |= ERR_ALERT | ERR_FATAL; |
| goto out; |
| } |
| } |
| else if (strcmp(args[0], "set-param") == 0) { |
| if (!*(args[1]) || !*(args[2])) { |
| ha_alert("parsing [%s:%d] : '%s' expects <name> and <value> as arguments.\n", |
| file, linenum, args[0]); |
| err_code |= ERR_ALERT | ERR_FATAL; |
| goto out; |
| } |
| type = FCGI_RULE_SET_PARAM; |
| name = args[1]; |
| value = args[2]; |
| cond = NULL; |
| args += 3; |
| |
| parse_cond_rule: |
| if (!*(args[0])) /* No condition */ |
| goto add_rule; |
| |
| if (strcmp(args[0], "if") == 0) |
| cond = parse_acl_cond((const char **)args+1, &curapp->acls, ACL_COND_IF, &errmsg, &curapp->conf.args, |
| file, linenum); |
| else if (strcmp(args[0], "unless") == 0) |
| cond = parse_acl_cond((const char **)args+1, &curapp->acls, ACL_COND_UNLESS, &errmsg, &curapp->conf.args, |
| file, linenum); |
| if (!cond) { |
| ha_alert("parsing [%s:%d] : '%s' : %s.\n", file, linenum, |
| name, errmsg); |
| err_code |= ERR_ALERT | ERR_FATAL; |
| } |
| add_rule: |
| if (!fcgi_app_add_rule(curapp, type, name, value, cond, &errmsg)) { |
| ha_alert("parsing [%s:%d] : '%s' : %s.\n", file, linenum, |
| name, errmsg); |
| err_code |= ERR_ALERT | ERR_FATAL; |
| } |
| } |
| #if 0 /* Disabled for now */ |
| else if (!strcmp(args[0], "unset-param")) { |
| if (!*(args[1])) { |
| ha_alert("parsing [%s:%d] : '%s' expects <name> as arguments.\n", |
| file, linenum, args[0]); |
| err_code |= ERR_ALERT | ERR_FATAL; |
| goto out; |
| } |
| type = FCGI_RULE_UNSET_PARAM; |
| name = args[1]; |
| value = NULL; |
| cond = NULL; |
| args += 2; |
| goto parse_cond_rule; |
| } |
| #endif |
| else if (strcmp(args[0], "pass-header") == 0) { |
| if (!*(args[1])) { |
| ha_alert("parsing [%s:%d] : '%s' expects <name> as arguments.\n", |
| file, linenum, args[0]); |
| err_code |= ERR_ALERT | ERR_FATAL; |
| goto out; |
| } |
| type = FCGI_RULE_PASS_HDR; |
| name = args[1]; |
| value = NULL; |
| cond = NULL; |
| args += 2; |
| goto parse_cond_rule; |
| } |
| #if 0 /* Disabled for now */ |
| else if (!strcmp(args[0], "hide-header")) { |
| if (!*(args[1])) { |
| ha_alert("parsing [%s:%d] : '%s' expects <name> as arguments.\n", |
| file, linenum, args[0]); |
| err_code |= ERR_ALERT | ERR_FATAL; |
| goto out; |
| } |
| type = FCGI_RULE_HIDE_HDR; |
| name = args[1]; |
| value = NULL; |
| cond = NULL; |
| args += 2; |
| goto parse_cond_rule; |
| } |
| #endif |
| else if (strcmp(args[0], "option") == 0) { |
| if (!*(args[1])) { |
| ha_alert("parsing [%s:%d]: '%s' expects an option name.\n", |
| file, linenum, args[0]); |
| err_code |= ERR_ALERT | ERR_FATAL; |
| } |
| else if (strcmp(args[1], "keep-conn") == 0) { |
| if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code)) |
| goto out; |
| if (kwm == KWM_STD) |
| curapp->flags |= FCGI_APP_FL_KEEP_CONN; |
| else if (kwm == KWM_NO) |
| curapp->flags &= ~FCGI_APP_FL_KEEP_CONN; |
| } |
| else if (strcmp(args[1], "get-values") == 0) { |
| if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code)) |
| goto out; |
| if (kwm == KWM_STD) |
| curapp->flags |= FCGI_APP_FL_GET_VALUES; |
| else if (kwm == KWM_NO) |
| curapp->flags &= ~FCGI_APP_FL_GET_VALUES; |
| } |
| else if (strcmp(args[1], "mpxs-conns") == 0) { |
| if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code)) |
| goto out; |
| if (kwm == KWM_STD) |
| curapp->flags |= FCGI_APP_FL_MPXS_CONNS; |
| else if (kwm == KWM_NO) |
| curapp->flags &= ~FCGI_APP_FL_MPXS_CONNS; |
| } |
| else if (strcmp(args[1], "max-reqs") == 0) { |
| if (kwm != KWM_STD) { |
| ha_alert("parsing [%s:%d]: negation/default is not supported for option '%s'.\n", |
| file, linenum, args[1]); |
| err_code |= ERR_ALERT | ERR_FATAL; |
| goto out; |
| } |
| if (!*(args[2])) { |
| ha_alert("parsing [%s:%d]: option '%s' expects an integer argument.\n", |
| file, linenum, args[1]); |
| err_code |= ERR_ALERT | ERR_FATAL; |
| goto out; |
| } |
| if (alertif_too_many_args_idx(1, 1, file, linenum, args, &err_code)) |
| goto out; |
| |
| curapp->maxreqs = atol(args[2]); |
| if (!curapp->maxreqs) { |
| ha_alert("parsing [%s:%d]: option '%s' expects a strictly positive integer argument.\n", |
| file, linenum, args[1]); |
| err_code |= ERR_ALERT | ERR_FATAL; |
| goto out; |
| } |
| } |
| else { |
| ha_alert("parsing [%s:%d] : unknown option '%s'.\n", file, linenum, args[1]); |
| err_code |= ERR_ALERT | ERR_FATAL; |
| } |
| } |
| else if (strcmp(args[0], "log-stderr") == 0) { |
| if (!parse_logsrv(args, &curapp->logsrvs, (kwm == KWM_NO), file, linenum, &errmsg)) { |
| ha_alert("parsing [%s:%d] : %s : %s\n", file, linenum, args[0], errmsg); |
| err_code |= ERR_ALERT | ERR_FATAL; |
| } |
| } |
| else { |
| ha_alert("parsing [%s:%d]: unknown keyword '%s' in '%s' section\n", file, linenum, args[0], "fcgi-app"); |
| err_code |= ERR_ALERT | ERR_FATAL; |
| } |
| |
| out: |
| free(errmsg); |
| return err_code; |
| } |
| |
| |
| /**************************************************************************/ |
| /*********************** FCGI Deinit functions ****************************/ |
| /**************************************************************************/ |
| void fcgi_apps_deinit() |
| { |
| struct fcgi_app *curapp, *nextapp; |
| struct logsrv *log, *logb; |
| |
| for (curapp = fcgi_apps; curapp != NULL; curapp = nextapp) { |
| struct fcgi_rule_conf *rule, *back; |
| |
| free(curapp->name); |
| istfree(&curapp->docroot); |
| istfree(&curapp->index); |
| regex_free(curapp->pathinfo_re); |
| free(curapp->conf.file); |
| |
| list_for_each_entry_safe(log, logb, &curapp->logsrvs, list) { |
| LIST_DELETE(&log->list); |
| free(log); |
| } |
| |
| list_for_each_entry_safe(rule, back, &curapp->conf.rules, list) { |
| LIST_DELETE(&rule->list); |
| fcgi_release_rule_conf(rule); |
| } |
| |
| nextapp = curapp->next; |
| free(curapp); |
| } |
| } |
| |
| |
| /**************************************************************************/ |
| /*************** Keywords definition and registration *********************/ |
| /**************************************************************************/ |
| static struct cfg_kw_list cfg_kws = {ILH, { |
| { CFG_LISTEN, "use-fcgi-app", proxy_parse_use_fcgi_app }, |
| { 0, NULL, NULL }, |
| }}; |
| |
| // FIXME: Add rep.fcgi smp_fetch |
| static struct sample_fetch_kw_list sample_fetch_keywords = {ILH, { |
| { "fcgi.docroot", smp_fetch_fcgi_docroot, 0, NULL, SMP_T_STR, SMP_USE_HRQHV }, |
| { "fcgi.index", smp_fetch_fcgi_index, 0, NULL, SMP_T_STR, SMP_USE_HRQHV }, |
| { /* END */ } |
| }}; |
| |
| /* Declare the filter parser for "fcgi-app" keyword */ |
| static struct flt_kw_list filter_kws = { "FCGI", { }, { |
| { "fcgi-app", parse_fcgi_flt, NULL }, |
| { NULL, NULL, NULL }, |
| } |
| }; |
| |
| INITCALL1(STG_REGISTER, sample_register_fetches, &sample_fetch_keywords); |
| INITCALL1(STG_REGISTER, cfg_register_keywords, &cfg_kws); |
| INITCALL1(STG_REGISTER, flt_register_keywords, &filter_kws); |
| |
| INITCALL1(STG_REGISTER, hap_register_post_deinit, fcgi_apps_deinit); |
| |
| REGISTER_CONFIG_SECTION("fcgi-app", cfg_parse_fcgi_app, NULL); |
| REGISTER_CONFIG_POSTPARSER("fcgi-apps", cfg_fcgi_apps_postparser); |
| |
| /* |
| * Local variables: |
| * c-indent-level: 8 |
| * c-basic-offset: 8 |
| * End: |
| */ |