cgi-fcgi-interp: Import timespeccmp from FreeBSD

[chiark-utils.git] / cprogs / cgi-fcgi-interp.c

/*
 * "Interpreter" that you can put in #! like this
 *   #!/usr/bin/cgi-fcgi-interp [<options>] <interpreter>
 *   #!/usr/bin/cgi-fcgi-interp [<options>],<interpreter>
 */
/*
 * cgi-fcgi-interp.[ch] - C helpers common to the whole of chiark-utils
 *
 * Copyright 2016 Ian Jackson
 * Copyright 1982,1986,1993 The Regents of the University of California
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public
 * License along with this file; if not, consult the Free Software
 * Foundation's website at www.fsf.org, or the GNU Project website at
 * www.gnu.org.
 *
 * See below for a BSD 3-clause notice regarding timespeccmp.
 */
/*
 * The result is a program which looks, when executed via the #!
 * line, like a CGI program.  But the script inside will be executed
 * via <interpreter> in an fcgi context.
 *
 * Options:
 *
 *  <interpreter>
 *          The real interpreter to use.  Eg "perl".  Need not
 *          be an absolute path; will be fed to execvp.
 *
 *  -g<ident>
 *          Use <ident> rather than hex(sha256(<script>))
 *          as the basename of the leafname of the fcgi rendezvous
 *          socket.  If <ident> contains only hex digit characters it
 *          ought to be no more than 32 characters.  <ident> should
 *          not contain spaces or commas (see below).
 *
 *  -M<numservers>
 *         Start <numservers> instances of the program.  This
 *         determines the maximum concurrency.  (Note that unlike
 *         speedy, the specified number of servers is started
 *         right away.)  The default is 4.
 *
 *  -D
 *         Debug mode.  Do not actually run program.  Instead, print
 *         out what we would do.
 *
 * <options> and <interpreter> can be put into a single argument
 * to cgi-fcgi-interp, separated by spaces or commas.  <interpreter>
 * must come last.
 *
 * cgi-fcgi-interp automatically expires old sockets, including
 * ones where the named script is out of date.
 */

/*
 * Uses one of two directories
 *   /var/run/user/<UID>/cgi-fcgi-interp/
 *   ~/.cgi-fcgi-interp/<node>/
 * and inside there uses these paths
 *   s<ident>
 *   g<inum>
 *
 * If -M<ident> is not specified then an initial substricg of the
 * lowercase hex of the sha256 of the <script> (ie, our argv[1]) is
 * used.  The substring is chosen so that the whole path is 10 bytes
 * shorter than sizeof(sun_path).  But always at least 33 characters.
 *
 * <node> is truncated at the first `.' and after the first 32
 * characters.
 *
 * Algorithm:
 *  - see if /var/run/user exists
 *       if so, lstat /var/run/user/<UID> and check that
 *         we own it and it's X700; if not, fail
 *         if it's ok then <base> is /var/run/user/<UID>
 *       otherwise, look for and maybe create ~/.cgi-fcgi-interp
 *         (where ~ is HOME or from getpwuid)
 *         and then <base> is ~/.cgi-fcgi-interp/<node>
 *  - calculate pathname (checking <ident> length is OK)
 *  - check for and maybe create <base>
 *  - stat and lstat the <script>
 *  - stat the socket and check its timestamp
 *       if it is too old, rename it to g<inum>.<pid> (where
 *       <inum> and <pid> are in decimal)
 *       and run garbage collection
 *  - run  cgi-fcgi -connect SOCKET SCRIPT
 */

#include "common.h"

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <stdbool.h>
#include <assert.h>
#include <limits.h>

#include <sys/types.h>
#include <sys/stat.h>
#include <sys/utsname.h>
#include <sys/socket.h>
#include <sys/un.h>
#include <unistd.h>
#include <pwd.h>
#include <err.h>

#include <nettle/sha.h>

#include "myopt.h"

#define die  common_die
#define diee common_diee

#define MINHEXHASH 33

static const char *interp, *ident;
static int numservers, debugmode;

void diee(const char *m) {
  err(127, "error: %s failed", m);
}

static void fusagemessage(FILE *f) {
  fprintf(f, "usage: #!/usr/bin/cgi-fcgi-interp [<options>]\n");
}

void usagemessage(void) { fusagemessage(stderr); }

static void of_help(const struct cmdinfo *ci, const char *val) {
  fusagemessage(stdout);
  if (ferror(stdout)) diee("write usage message to stdout");
  exit(0);
}

static void of_iassign(const struct cmdinfo *ci, const char *val) {
  long v;
  char *ep;
  errno= 0; v= strtol(val,&ep,10);
  if (!*val || *ep || errno || v<INT_MIN || v>INT_MAX)
    badusage("bad integer argument `%s' for --%s",val,ci->olong);
  *ci->iassignto = v;
}

#define MAX_OPTS 5

static const struct cmdinfo cmdinfos[]= {
  { "help",   0, .call= of_help               },
  { 0, 'g',   1, .sassignto= &ident           },
  { 0, 'M',   1, .call=of_iassign, .iassignto= &numservers      },
  { 0, 'D',   0, .iassignto= &debugmode, .arg= 1 },
  { 0 }
};

static uid_t us;
static const char *run_base, *script, *socket_path;

static bool find_run_base_var_run(void) {
  struct stat stab;
  char *try;
  int r;

  try = m_asprintf("%s/%lu", "/var/run/user", us);
  r = lstat(try, &stab);
  if (r<0) {
    if (errno == ENOENT ||
        errno == ENOTDIR ||
        errno == EACCES ||
        errno == EPERM)
      return 0; /* oh well */
    diee("stat /var/run/user/UID");
  }
  if (!S_ISDIR(stab.st_mode)) {
    warnx("%s not a directory, falling back to ~\n", try);
    return 0;
  }
  if (stab.st_uid != us) {
    warnx("%s not owned by uid %lu, falling back to ~\n", try,
          (unsigned long)us);
    return 0;
  }
  if (stab.st_mode & 0077) {
    warnx("%s writeable by group or other, falling back to ~\n", try);
    return 0;
  }
  run_base = m_asprintf("%s/%s", try, "cgi-fcgi-interp");
  return 1;
}

static bool find_run_base_home(void) {
  struct passwd *pw;
  struct utsname ut;
  char *dot, *try;
  int r;

  pw = getpwuid(us);  if (!pw) diee("getpwent(uid)");

  r = uname(&ut);   if (r) diee("uname(2)");
  dot = strchr(ut.nodename, '.');
  if (dot) *dot = 0;
  if (sizeof(ut.nodename) > 32)
    ut.nodename[32] = 0;

  try = m_asprintf("%s/%s/%s", pw->pw_dir, ".cgi-fcgi-interp", ut.nodename);
  run_base = try;
  return 1;
}

static void find_socket_path(void) {
  struct sockaddr_un sun;
  int r;

  us = getuid();  if (us==(uid_t)-1) diee("getuid");

  find_run_base_var_run() ||
    find_run_base_home() ||
    (abort(),0);

  int maxidentlen = sizeof(sun.sun_path) - strlen(run_base) - 10 - 2;

  if (!ident) {
    if (maxidentlen < MINHEXHASH)
      errx(127,"base directory `%s'"
           " leaves only %d characters for id hash"
           " which is too little (<%d)",
           run_base, maxidentlen, MINHEXHASH);

    int identlen = maxidentlen > 64 ? 64 : maxidentlen;
    char *hexident = xmalloc(identlen + 2);
    struct sha256_ctx sc;
    unsigned char bbuf[32];
    int i;

    sha256_init(&sc);
    sha256_update(&sc,strlen(interp)+1,interp);
    sha256_update(&sc,strlen(script)+1,script);
    sha256_digest(&sc,sizeof(bbuf),bbuf);

    for (i=0; i<identlen; i += 2)
      sprintf(hexident+i, "%02x", bbuf[i/2]);

    hexident[identlen] = 0;
    ident = hexident;
  }

  if (strlen(ident) > maxidentlen)
    errx(127, "base directory `%s' plus ident `%s' too long"
         " (with spare) for socket (max ident %d)\n",
         run_base, ident, maxidentlen);

  r = mkdir(run_base, 0700);
  if (r) {
    if (!(errno == EEXIST))
      err(127,"mkdir %s",run_base);
  }

  socket_path = m_asprintf("%s/g%s",run_base,ident);
}  

/*
 * Regarding the macro timespeccmp:
 *
 * Copyright (c) 1982, 1986, 1993
 *      The Regents of the University of California.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 4. Neither the name of the University nor the names of its contributors
 *    may be used to endorse or promote products derived from this software
 *    without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 *      @(#)time.h      8.5 (Berkeley) 5/4/95
 * $FreeBSD: head/sys/sys/time.h 275985 2014-12-21 05:07:11Z imp $
 */
#ifndef timespeccmp
#define timespeccmp(tvp, uvp, cmp)                                      \
        (((tvp)->tv_sec == (uvp)->tv_sec) ?                             \
            ((tvp)->tv_nsec cmp (uvp)->tv_nsec) :                       \
            ((tvp)->tv_sec cmp (uvp)->tv_sec))
#endif /*timespeccmp*/

static bool stab_isnewer(const struct stat *a, const struct stat *b) {
  return 0;
}

static bool check_garbage(void) {
  struct stat sock_stab, script_stab;
  int r;

  r = lstat(script, &script_stab);
  if (r) err(127,"lstat script (%s)",script);

  r = lstat(socket_path, &sock_stab);
  if (r) {
    if ((errno == ENOENT))
      return 0; /* well, no garbage then */
    err(127,"stat socket (%s)",socket_path);
  }

  if (stab_isnewer(&script_stab, &sock_stab))
    return 1;

  if (S_ISLNK(script_stab.st_mode)) {
    r = stat(script, &script_stab);
    if (r) err(127,"stat script (%s0",script);

    if (stab_isnewer(&script_stab, &sock_stab))
      return 1;
  }

  return 0;
}

static void shbang_opts(const char *const **argv_io,
                        const struct cmdinfo *cmdinfos) {
  myopt(argv_io, cmdinfos);

  interp = *(*argv_io)++;
  if (!interp) errx(127,"need interpreter argument");
}

int main(int argc, const char *const *argv) {
  const char *smashedopt;

  if (argc>=2 &&
      (smashedopt = argv[1]) &&
      smashedopt[0]=='-' &&
      (strchr(smashedopt,' ') || strchr(smashedopt,','))) {
    /* single argument containg all the options and <interp> */
    argv += 2; /* eat argv[0] and smashedopt */
    const char *split_args[MAX_OPTS+1];
    int split_argc = 0;
    split_args[split_argc++] = argv[0];
    for (;;) {
      if (split_argc >= MAX_OPTS) errx(127,"too many options in combined arg");
      split_args[split_argc++] = smashedopt;
      if (smashedopt[0] != '-') /* never true on first iteration */
        break;
      char *delim = strchr(smashedopt,' ');
      if (!delim) delim = strchr(smashedopt,',');
      if (!delim)
        errx(127,"combined arg lacks <interpreter>");
      *delim = 0;
      smashedopt = delim+1;
    }
    assert(split_argc <= MAX_OPTS);
    split_args[split_argc++] = 0;

    const char *const *split_argv = split_args;

    shbang_opts(&split_argv, cmdinfos);
    /* sets interp */
    if (!split_argv) errx(127,"combined arg too many non-option arguments");
  } else {
    shbang_opts(&argv, cmdinfos);
  }

  script = *argv++;
  if (!script) errx(127,"need script argument");
  if (*argv) errx(127,"too many arguments");

  find_socket_path();

  check_garbage();

  if (debugmode) {
    printf("socket: %s\n",socket_path);
    printf("interp: %s\n",interp);
    printf("script: %s\n",script);
  }

  exit(0);
}