--- parser3/src/main/pa_exec.C	2002/04/16 09:38:49	1.35
+++ parser3/src/main/pa_exec.C	2009/10/02 01:18:27	1.78
@@ -1,15 +1,14 @@
 /** @file
 	Parser: program executing for different OS-es.
 
-	Copyright(c) 2000,2001, 2002 ArtLebedev Group(http://www.artlebedev.com)
+	Copyright(c) 2000-2009 ArtLebedev Group(http://www.artlebedev.com)
 	Author: Alexandr Petrosian <paf@design.ru> (http://paf.design.ru)
 
-	$Id: pa_exec.C,v 1.35 2002/04/16 09:38:49 paf Exp $
-
-
 	@todo setrlimit
 */
 
+static const char * const IDENT_EXEC_C="$Date: 2009/10/02 01:18:27 $";
+
 #include "pa_config_includes.h"
 
 #include "pa_exec.h"
@@ -27,133 +26,158 @@
 #ifdef WIN32
 
 /// this func from http://www.ccas.ru/~posp/popov/spawn.htm
-static BOOL WINAPI CreateHiddenConsoleProcess(LPCTSTR szCmdLine,
+static DWORD CreateHiddenConsoleProcess(LPCTSTR szCmdLine,
+										LPCTSTR szScriptFileSpec,
 										char *szEnv,
-                                        PROCESS_INFORMATION* ppi, 
-                                        LPHANDLE phInWrite,
-                                        LPHANDLE phOutRead,
-                                        LPHANDLE phErrRead)
+										PROCESS_INFORMATION* ppi, 
+										LPHANDLE phInWrite,
+										LPHANDLE phOutRead,
+										LPHANDLE phErrRead)
 {
-    BOOL fCreated;
-    STARTUPINFO si;
-    SECURITY_ATTRIBUTES sa={0};
-    HANDLE hInRead;
-    HANDLE hOutWrite;
-    HANDLE hErrWrite;
-
-    // Create pipes
-    // initialize security attributes for handle inheritance (for WinNT)
-    sa.nLength=sizeof(sa);
-    sa.bInheritHandle=TRUE;
-    sa.lpSecurityDescriptor=NULL;
-
-    // create STDIN pipe
-    if(!CreatePipe(&hInRead, phInWrite, &sa, 0))
-        goto error;
-
-    // create STDOUT pipe
-    if(!CreatePipe(phOutRead, &hOutWrite, &sa, 0))
-        goto error;
-
-    // create STDERR pipe
-    if(!CreatePipe(phErrRead, &hErrWrite, &sa, 0))
-        goto error;
-
-    // process startup information
-    memset(&si, 0, sizeof(si));
-    si.cb=sizeof(si); 
-    si.dwFlags=STARTF_USESHOWWINDOW | STARTF_USESTDHANDLES;
-    // child process' console must be hidden for Win95 compatibility
-    si.wShowWindow=SW_HIDE;
-    // assign "other" sides of pipes
-    si.hStdInput=hInRead;
-    si.hStdOutput=hOutWrite;
-    si.hStdError=hErrWrite;
-
+	DWORD result=0;
+	BOOL fCreated;
+	STARTUPINFO si;
+	SECURITY_ATTRIBUTES sa={0};
+	HANDLE hInRead;
+	HANDLE hOutWrite;
+	HANDLE hErrWrite;
+	
+	// Create pipes
+	// initialize security attributes for handle inheritance (for WinNT)
+	sa.nLength=sizeof(sa);
+	sa.bInheritHandle=TRUE;
+	sa.lpSecurityDescriptor=NULL;
+	
+	// create STDIN pipe
+	if(!CreatePipe(&hInRead, phInWrite, &sa, 0))
+		goto error;
+	
+	// create STDOUT pipe
+	if(!CreatePipe(phOutRead, &hOutWrite, &sa, 0))
+		goto error;
+	
+	// create STDERR pipe
+	if(!CreatePipe(phErrRead, &hErrWrite, &sa, 0))
+		goto error;
+	
+	// process startup information
+	memset(&si, 0, sizeof(si));
+	si.cb=sizeof(si); 
+	si.dwFlags=STARTF_USESHOWWINDOW | STARTF_USESTDHANDLES;
+	// child process' console must be hidden for Win95 compatibility
+	si.wShowWindow=SW_HIDE;
+	// assign "other" sides of pipes
+	si.hStdInput=hInRead;
+	si.hStdOutput=hOutWrite;
+	si.hStdError=hErrWrite;
+	
 	// calculating script's directory
 	char dir[MAX_STRING];
-	strncpy(dir, szCmdLine, MAX_STRING-1); dir[MAX_STRING-1]=0;
+	strncpy(dir, szScriptFileSpec, MAX_STRING-1); dir[MAX_STRING-1]=0;
 	lsplit(dir,' '); // trim arguments
 	rsplit(dir,'/'); rsplit(dir,'\\'); // trim filename
-	chdir(dir);
-
-    // Create a child process (suspended)
-    fCreated=CreateProcess(NULL,
-                              (LPTSTR)szCmdLine,
-                              NULL,
-                              NULL,
-                              TRUE,
-                              CREATE_NO_WINDOW,
-                              szEnv,
-                              dir,
-                              &si,
-                              ppi);
-
-    CloseHandle(hInRead);
-    CloseHandle(hOutWrite);
-    CloseHandle(hErrWrite);
-
-    if(!fCreated)
-        goto error;
-
-    return TRUE;
-
+	
+	// Create a child process (suspended)
+	fCreated=CreateProcess(NULL,
+		(LPTSTR)szCmdLine,
+		NULL,
+		NULL,
+		TRUE,
+		CREATE_NO_WINDOW,
+		szEnv,
+		dir,
+		&si,
+		ppi);
+	if(!fCreated)
+		result=GetLastError();
+	
+	CloseHandle(hInRead);
+	CloseHandle(hOutWrite);
+	CloseHandle(hErrWrite);
+	
+	if(!fCreated)
+		goto error;
+	
+	return result;
+	
 error:
-    CloseHandle(*phInWrite);
-    CloseHandle(*phOutRead);
-    CloseHandle(*phErrRead);
-
-    return FALSE;
+	if(!result/*yet*/)
+		result=GetLastError(); // get it
+	
+	CloseHandle(*phInWrite);
+	CloseHandle(*phOutRead);
+	CloseHandle(*phErrRead);
+	
+	return result;
 }
 
-static void read_pipe(String& result, HANDLE hOutRead, const char *file_spec, 
-					  String::Untaint_lang lang){
+static void read_pipe(String& result, HANDLE hOutRead, String::Language lang){
 	while(true) {
-		char *buf=(char *)result.pool().malloc(MAX_STRING);
-		unsigned long size;
+		char *buf=new(PointerFreeGC) char[MAX_STRING+1];
+		DWORD size=0;
 		if(!ReadFile(hOutRead, buf, MAX_STRING, &size, NULL) || !size) 
 			break;
-		result.APPEND(buf, size, lang, file_spec, 0);
-    }
+		buf[size]=0;
+		result.append_know_length(buf, size, lang);
+	}
 }
 
+static void read_pipe(File_read_result& result, HANDLE hOutRead){
+
+	char *buf=(char*)pa_malloc(MAX_STRING+1);
+	DWORD bufsize = MAX_STRING;
+
+	result.headers = 0;
+	result.length = 0;
+	result.str = 0;
+	result.success = false;
+
+	while(true) {
+		DWORD size=0;
+		if(!ReadFile(hOutRead, buf + result.length, bufsize - result.length, &size, NULL) || !size)
+			break;
+		result.length += size;
+		if(result.length >= bufsize){
+			bufsize *= 2;
+			buf=(char*)pa_realloc(buf, bufsize+1);
+		}
+		result.str=buf;
+	}
+}
 
-static const char *buildCommand(Pool& pool, 
-								const String& origin_string,
-								const char *file_spec_cstr, const Array *argv) {
-	const char *result=file_spec_cstr;
+static const char* buildCommand(const char* file_spec_cstr, const ArrayString& argv) {
+	const char* result=file_spec_cstr;
 	if(FILE *f=fopen(file_spec_cstr, "r")) {
+		try {
 		char buf[MAX_STRING];
 		size_t size=fread(buf, 1, MAX_STRING-1, f);
 		if(size>2) {
 			buf[size]=0;
 			if(strncmp(buf, "#!", 2)==0) {
-				const char *begin=buf+2;
-				if(*begin==' ') // alx: were an old magic for some linux-es
+				const char* begin=buf+2;
+				while(*begin==' ') // alx: were an old magic for some linux-es
 					begin++;
-				if(char *end=strchr(begin, '\n')) {
-					String string(pool);
-					string.APPEND_AS_IS(begin, end-begin, 
-						origin_string.origin().file, 0);
+				if(const char *end=strchr(begin, '\n')) {
+					String string(pa_strdup(begin, end-begin));
 					string << " " << file_spec_cstr;
-					if(argv)
-						for(int i=0; i<argv->size(); i++)
-							string << argv->get_string(i)->cstr();
 					result=string.cstr();
 				}
 			}
 		}
+		} catch(...) {
+			fclose(f);
+			rethrow;
+		}
 		fclose(f);
 	}
-	if(argv) {
-		String buf(pool);
-		buf << result;
-		for(int i=0; i<argv->size(); i++) {
-			buf << " ";
-			buf << *argv->get_string(i);
+	{ // appending argv
+		String string(result);
+		for(size_t i=0; i<argv.count(); i++) {
+			string << " ";
+			string << *argv[i];
 		}
 
-		result=buf.cstr();
+		result=string.cstr();
 	}
 
 	return result;
@@ -161,10 +185,10 @@ static const char *buildCommand(Pool& po
 
 #else
 
-static int execve_piped(const char *file_spec_cstr, 
+static pid_t execve_piped(const char* file_spec_cstr, 
 			char * const argv[], char * const env[],
 			int *pipe_in, int *pipe_out, int *pipe_err) {
-	int pid;
+	pid_t pid;
 	int in_fds[2];
 	int out_fds[2];
 	int err_fds[2];
@@ -209,7 +233,7 @@ static int execve_piped(const char *file
 			close(err_fds[0]); close(err_fds[1]);
 		}
 		errno=save_errno;
-		return 0;
+		return -1;
 	}
 	
 	if(!pid) {
@@ -233,7 +257,8 @@ static int execve_piped(const char *file
 			close(err_fds[1]);
 		}
 		
-		/* HP-UX SIGCHLD fix goes here, if someone will remind me what it is... */
+		/* grabbed this from Apache source: */
+		/*  HP-UX SIGCHLD fix goes here, if someone will remind me what it is... */
 		signal(SIGCHLD, SIG_DFL);	/* Was that it? */
 	
 		// chdir to script's directory
@@ -269,51 +294,88 @@ static int execve_piped(const char *file
 
 static int get_exit_status(int pid) {
 	int status;
-	if(!waitpid(pid, &status, 0))
+	pid_t cid;
+	while ((cid=waitpid(pid, &status, WUNTRACED)) == -1 && errno == EINTR);	
+	if(!cid)
 		return -1;
 	return WIFEXITED(status) ? 
 		WEXITSTATUS(status) : -2;
 }
 
-static void read_pipe(String& result, int file, const char *file_spec, String::Untaint_lang lang){
+static void read_pipe(String& result, int file, String::Language lang){
+	while(true) {
+		char *buf=new(PointerFreeGC) char[MAX_STRING+1];
+		ssize_t length=read(file, buf, MAX_STRING);
+		if(length<=0)
+			break;
+		buf[length]=0;
+		result.append_know_length(buf, length, lang);
+	}
+}
+
+static void read_pipe(File_read_result& result, int file){
+	char *buf=(char*)pa_malloc(MAX_STRING+1);
+	ssize_t bufsize = MAX_STRING;
+
+	result.headers = 0;
+	result.length = 0;
+	result.str = 0;
+	result.success = false;
+
 	while(true) {
-		char *buf=(char *)result.pool().malloc(MAX_STRING);
-		size_t size=read(file, buf, MAX_STRING);
-		if(!size)
+		ssize_t size=read(file, buf + result.length, bufsize - result.length);
+		if(size <= 0)
 			break;
-		result.APPEND(buf, size, lang, file_spec, 0);
-    }
+		result.length += size;
+		if(result.length >= bufsize){
+			bufsize *= 2;
+			buf=(char*)pa_realloc(buf, bufsize+1);
+		}
+		result.str=buf;
+	}
 }
 
 #endif
 
-///@test maybe here and at argv construction --- cstr(String::UL_UNSPECIFIED
-static void append_env_pair(const Hash::Key& key, Hash::Val *value, void *info) {
+#ifndef DOXYGEN
+struct Append_env_pair_info {
 #ifdef WIN32
-	String& string=*static_cast<String *>(info);
-	
-	string << key << "=" << *static_cast<String *>(value);
-	string.APPEND_AS_IS("", 1, 0, 0); // zero byte
+	String::Body& body;
+	Append_env_pair_info(String::Body& abody): body(abody) {}
+#else
+	char **env_ref;
+#endif
+};
+#endif
+///@test maybe here and at argv construction --- untaint_cstr(String::L_AS_IS
+static void append_env_pair(HashStringString::key_type key, HashStringString::value_type value,
+		Append_env_pair_info *info) {
+#ifdef WIN32
+	info->body << key << "=" << value;
+	info->body.append_know_length("\1", 1); // placeholder for of zero byte
 #else
-	String string(key.pool());
-	string << key << "=" << *static_cast<String *>(value);
+	String::Body body;
+	body << key << "=" << value.cstr();
 
-	char ***env_ref=static_cast<char ***>(info);
-	**env_ref=string.cstr();  (*env_ref)++;
+	*(info->env_ref++)=body.cstrm();
 #endif
 }
 
-int pa_exec(
-			bool forced_allow,
+PA_exec_result pa_exec(
+			bool 
+#if defined(NO_PA_EXEC) || defined(PA_SAFE_MODE)
+			forced_allow
+#endif
+			, 
 			const String& file_spec, 
-			const Hash *env,
-			const Array *argv,
-			const String& in, String& out, String& err) {
-	Pool& pool=file_spec.pool();
+			const HashStringString* env, 
+			const ArrayString& argv, 
+			String& in) {
+	PA_exec_result result;
 
 #ifdef NO_PA_EXECS
 	if(!forced_allow)
-		throw Exception("parser.runtime",
+		throw Exception(PARSER_RUNTIME,
 			&file_spec,
 			"parser execs are disabled [recompile parser without --disable-execs configure option]");
 #endif
@@ -322,115 +384,119 @@ int pa_exec(
 
 	PROCESS_INFORMATION pi;	
 	HANDLE hInWrite, hOutRead, hErrRead;
-	char *file_spec_cstr=file_spec.cstr(String::UL_FILE_SPEC); 
-	const char *cmd=buildCommand(file_spec.pool(), file_spec, file_spec_cstr, argv);
-	char *env_cstr=0;
+	const char* script_spec_cstr=file_spec.taint_cstr(String::L_FILE_SPEC);
+	const char* cmd=buildCommand(script_spec_cstr, argv);
+	char* env_cstr=0;
 	if(env) {
-		String string(env->pool());
-		env->for_each(append_env_pair, &string);
-		env_cstr=string.cstr();
+		String::Body body;
+		Append_env_pair_info info(body);
+		env->for_each<Append_env_pair_info*>(append_env_pair, &info);
+		env_cstr=info.body.cstrm();
+		for(char* replacer=env_cstr; *replacer; replacer++)
+			if(*replacer=='\1')
+				*replacer=0;
 	}
-	if(CreateHiddenConsoleProcess(cmd, env_cstr, &pi, &hInWrite, &hOutRead, &hErrRead)) {
-		const char *in_cstr=in.cstr();
+	if(DWORD error=CreateHiddenConsoleProcess(cmd, script_spec_cstr, env_cstr, &pi, &hInWrite, &hOutRead, &hErrRead)) {
+		char szErrorDesc[MAX_STRING];
+		const char* param="the file you tried to run";
+		size_t error_size=FormatMessage(
+			FORMAT_MESSAGE_FROM_SYSTEM|FORMAT_MESSAGE_ARGUMENT_ARRAY , NULL, error,
+			MAKELANGID(LANG_NEUTRAL, SUBLANG_NEUTRAL),
+			szErrorDesc, sizeof(szErrorDesc), (va_list *)&param);
+		if(error_size>3) // ".\r\n"
+			szErrorDesc[error_size-3]=0;
+
+		throw Exception("file.execute",
+			&file_spec,
+			"exec failed - %s (%u). Consider adding shbang line (#!x:\\interpreter\\command line)", 
+				error_size?szErrorDesc:"<unknown>", error);
+	} else {
+		const char* in_cstr=in.cstr();
 		DWORD written_size;
-		WriteFile(hInWrite, in_cstr, in.size(), &written_size, NULL);
+		WriteFile(hInWrite, in_cstr, in.length(), &written_size, NULL);
 		// EOF for stupid text reads
 		// normally they should read CONTENT_LENGTH bytes,
 		// without this char
 		WriteFile(hInWrite, "\x1A", 1, &written_size, NULL);
 		CloseHandle(hInWrite);
-		read_pipe(out, hOutRead, file_spec_cstr, String::UL_AS_IS);
+		read_pipe(result.out, hOutRead);
 		CloseHandle(hOutRead);
-		read_pipe(err, hErrRead, file_spec_cstr, String::UL_TAINTED);		
+		read_pipe(result.err, hErrRead, String::L_TAINTED);		
 		CloseHandle(hErrRead);
 /*	
 from http://www.apache.org/websrc/cvsweb.cgi/apache-1.3/src/main/util_script.c?rev=1.151&content-type=text/vnd.viewcvs-markup
 
 	* We must close the handles to the new process and its main thread
-    * to prevent handle and memory leaks.
+	* to prevent handle and memory leaks.
 */	
 		CloseHandle(pi.hProcess);
-        CloseHandle(pi.hThread);
-	} else {
-		DWORD error=GetLastError();
-		char szErrorDesc[MAX_STRING];
-		FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, NULL, error,
-                MAKELANGID(LANG_NEUTRAL, SUBLANG_NEUTRAL),
-                szErrorDesc, sizeof(szErrorDesc), NULL);
-		size_t error_size=strlen(szErrorDesc);
-		if(error_size>3) // ".\r\n"
-			szErrorDesc[error_size-3]=0;
-            
-		throw Exception(0,
-			&file_spec,
-			"(real command line=\"%s\") exec failed - %s (%ld)",
-				cmd,
-				szErrorDesc, (long)error);
+		CloseHandle(pi.hThread);
 	}
 
 #else
 
+	// execve needs non const
+	char* file_spec_cstr=file_spec.taint_cstrm(String::L_FILE_SPEC); 
+
 	int pipe_write, pipe_read, pipe_err;
-	char *file_spec_cstr=file_spec.cstr(String::UL_FILE_SPEC);
 
-#ifdef NO_FOREIGN_GROUP_FILES
+#ifdef PA_SAFE_MODE
 	if(!forced_allow) {
 		struct stat finfo;
 		if(stat(file_spec_cstr, &finfo)!=0)
 			throw Exception("file.missing", 
-					&file_spec, 
-					"stat failed: %s (%d), actual filename '%s'", 
-						strerror(errno), errno, file_spec_cstr);
-
-		if(finfo.st_gid/*foreign?*/!=getegid())
-			throw Exception("parser.runtime",
-				&file_spec,
-				"parser executing files of foreign group is	disabled [recompile parser without --disable-foreign-group-files configure option], actual filename '%s'", 
-					file_spec_cstr);
+				&file_spec, 
+				"stat failed: %s (%d), actual filename '%s'", 
+					strerror(errno), errno, file_spec_cstr);
+
+		check_safe_mode(finfo, file_spec, file_spec_cstr);
 	}
 #endif
 
-	char *argv_cstrs[1+10+1]={file_spec_cstr, 0};
-	if(argv) {
-		const int argv_size=argv->size();
-		const int argv_max=sizeof(argv_cstrs)/sizeof(argv_cstrs[0])-1-1;
-		if(argv_size>argv_max)
-			throw Exception("parser.runtime",
-				&file_spec,
-				"too many arguments (%d > max %d)", argv_size, argv_max);
-		for(int i=0; i<argv_size; i++)
-			argv_cstrs[1+i]=argv->get_string(i)->cstr();
-		argv_cstrs[1+argv_size]=0;
-	}
-	char **env_cstrs=0;
+	char* argv_cstrs[1+100+1]={file_spec_cstr, 0};
+	const int argv_size=argv.count();
+	const int argv_max=sizeof(argv_cstrs)/sizeof(argv_cstrs[0])-1-1;
+	if(argv_size>argv_max)
+		throw Exception(PARSER_RUNTIME,
+			&file_spec,
+			"too many arguments (%d > max %d)", argv_size, argv_max);
+	for(int i=0; i<argv_size; i++)
+		argv_cstrs[1+i]=argv[i]->cstrm();
+	argv_cstrs[1+argv_size]=0;
+
+	char **env_cstrs;
 	if(env) {
-		env_cstrs=
-			(char **)env->pool().malloc(sizeof(char *)*(env->size()+1/*0*/));
-		char **env_ref=env_cstrs;
-		env->for_each(append_env_pair, &env_ref);
-		*env_ref=0;
-	}
+		env_cstrs=new(PointerFreeGC) char *[env->count()+1/*0*/];
+		Append_env_pair_info info={env_cstrs}; 
+		env->for_each(append_env_pair, &info);
+		*info.env_ref=0;
+	} else
+		env_cstrs=0;
 
-	int pid=execve_piped(
+	pid_t pid=execve_piped(
 		file_spec_cstr,
 		argv_cstrs, env_cstrs,
 		&pipe_write, &pipe_read, &pipe_err);
-	if(pid) {
+	if(pid>0) {
 		// in child
-		const char *in_cstr=in.cstr();
-		write(pipe_write, in_cstr, in.size());
+		if(!in.is_empty()) {// there is some in data
+			const char* in_cstr=in.cstr();
+			write(pipe_write, in_cstr, in.length());
+		}
 		close(pipe_write);
-		read_pipe(out, pipe_read, file_spec_cstr, String::UL_AS_IS);
+		read_pipe(result.out, pipe_read);
 		close(pipe_read);
-		read_pipe(err, pipe_err, file_spec_cstr, String::UL_TAINTED);
+		read_pipe(result.err, pipe_err, String::L_TAINTED);
 		close(pipe_err);
 
-		return get_exit_status(pid); // negative may mean "-errno[execl()]"
-	} else 
-		throw Exception(0,
+		result.status=get_exit_status(pid); // negative may mean "-errno[execl()]"
+	} else { 
+		const char* str=strerror(errno);
+		throw Exception("file.execute",
 			&file_spec,
-			"pipe error");
+			"%s error: %s (%d)", pid<0?"fork":"pipe", str?str:"<unknown>", errno); 
+	}
 #endif
 
-	return 0;
+	return result;
 }