2

I installed an OpenBSD 5.3 in Virtualbox. Webserver is apache: httpd_flags="" in rc.conf.

httpd.conf

# cat /var/www/conf/httpd.conf                                                                                                                                                                             
<Directory "/var/www/htdocs/cgi-bin/">
    AllowOverride None
    Options +ExecCGI
    Options None
    Order allow,deny
    Allow from all
</Directory>

AddHandler cgi-script .cgi
<Location /cgi-bin/*.cgi>
Options +ExecCGI
</Location>

ServerType standalone
ServerRoot "/var/www"
PidFile logs/httpd.pid
ScoreBoardFile logs/apache_runtime_status
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15
MinSpareServers 5
MaxSpareServers 10
StartServers 5
MaxClients 150
MaxRequestsPerChild 0
MaxCPUPerChild 0
MaxDATAPerChild 0
MaxNOFILEPerChild 0
MaxRSSPerChild 0
MaxSTACKPerChild 0
Include /var/www/conf/modules/*.conf
Port 80
<IfDefine SSL>
Listen 80
Listen 443
</IfDefine>
User www
Group www
ServerAdmin [email protected]
DocumentRoot "/var/www/htdocs"
<Directory />
    Options FollowSymLinks
    AllowOverride None
</Directory>
<Directory "/var/www/htdocs">
    Options Indexes FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>
UserDir disabled
DirectoryIndex index.html
AccessFileName .htaccess
<Files .htaccess>
    Order allow,deny
    Deny from all
</Files>
UseCanonicalName On
TypesConfig conf/mime.types
DefaultType text/plain
<IfModule mod_mime_magic.c>
    MIMEMagicFile conf/magic
</IfModule>
HostnameLookups Off
ErrorLog logs/error_log
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
CustomLog logs/access_log common
Alias /icons/ "/var/www/icons/"
<Directory "/var/www/icons">
    Options Indexes MultiViews
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>
IndexOptions FancyIndexing
AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*
AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /icons/text.gif .txt
AddIcon /icons/c.gif .c
AddIcon /icons/p.gif .pl .py
AddIcon /icons/f.gif .for
AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex
AddIcon /icons/bomb.gif core
AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^
DefaultIcon /icons/unknown.gif
ReadmeName README
HeaderName HEADER
IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
AddEncoding x-compress Z
AddEncoding x-gzip gz
AddLanguage en .en
AddLanguage fr .fr
AddLanguage de .de
AddLanguage da .da
AddLanguage el .el
AddLanguage it .it
LanguagePriority en fr de
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
<IfDefine SSL>
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
</IfDefine>
<IfModule mod_ssl.c>
SSLPassPhraseDialog  builtin
SSLSessionCache         dbm:logs/ssl_scache
SSLSessionCacheTimeout  300
SSLMutex  sem
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLRandomSeed startup file:/dev/arandom  512
SSLLog      logs/ssl_engine_log
SSLLogLevel info
</IfModule>
<IfDefine SSL>
<VirtualHost _default_:443>
DocumentRoot /var/www/htdocs
ServerName new.host.name
ServerAdmin [email protected]
ErrorLog logs/error_log
TransferLog logs/access_log
SSLEngine on
SSLCertificateFile    /etc/ssl/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key
CustomLog logs/ssl_request_log \
      "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>                                  
</IfDefine>
#

files: 

# ls -la /var/www/bin/ 
total 3284
drwxr-xr-x   2 root  daemon     512 Aug 26 10:23 .
drwxr-xr-x  10 root  daemon     512 Aug 24 19:09 ..
----------   1 root  bin     250676 Mar 13 01:23 bgpctl
----------   1 root  bin     222004 Mar 13 01:23 ping
----------   1 root  bin     238388 Mar 13 01:23 ping6
-r-xr-xr-x   1 root  daemon   10704 Aug 26 09:51 printf
----------   1 root  bin     189236 Mar 13 01:23 traceroute
----------   1 root  bin     193332 Mar 13 01:23 traceroute6
# ls -laR /var/www/htdocs/                                                                                                                                                                                 
total 12
drwxr-xr-x   3 root  daemon  512 Aug 26 09:13 .
drwxr-xr-x  10 root  daemon  512 Aug 24 19:09 ..
drwxr-xr-x   2 root  daemon  512 Aug 26 10:02 cgi-bin

/var/www/htdocs/cgi-bin:
total 16
drwxr-xr-x  2 root  daemon  512 Aug 26 10:02 .
drwxr-xr-x  3 root  daemon  512 Aug 26 09:13 ..
-rwxr-xr-x  1 root  daemon   61 Aug 26 10:24 SEARCH.cgi
# 
# cat /var/www/htdocs/cgi-bin/SEARCH.cgi
printf "Content-type: text/html\n\n"; 
printf hi
# 
# which printf
/usr/bin/printf
# 
# cksum /usr/bin/printf /var/www/bin/printf
4034907417 10704 /usr/bin/printf
4034907417 10704 /var/www/bin/printf

testing it

[user@notebook ~] wget http://domain.foo:8080/cgi-bin/SEARCH.cgi -O -
--2013-08-26 08:09:16--  http://domain.foo:8080/cgi-bin/SEARCH.cgi
Resolving domain.foo (domain.foo)... ::1, 127.0.0.1
Connecting to domain.foo (domain.foo)|::1|:8080... failed: Connection refused.
Connecting to domain.foo (domain.foo)|127.0.0.1|:8080... connected.
HTTP request sent, awaiting response... 500 Internal Server Error
2013-08-26 08:09:16 ERROR 500: Internal Server Error.

[user@notebook ~]

logs

# cat /var/www/logs/error_log  
[Mon Aug 26 10:09:13 2013] [error] [client 10.0.2.2] Premature end of script headers: /htdocs/cgi-bin/SEARCH.cgi
#

I copied the "printf" binary for the test..

Q: How can I enable CGI on OpenBSD? I just want to have echo/sed/ifthenelse/tr/head/awk/egrep in the cgi.. (the purposie is to enable users to use the "grep" from the website in files) but even a simple test with printf doesn't work..what am I missing?

UPDATE#1: what's wrong with the

printf "Content-type: text/html\n\n";

line in the SEARCH.cgi? (because I think the problem is there..) - is printf needed in /var/www/bin? I copied it there, but it still doesn't work (because of the "Premature end of script headers").

p.s.: the "http://domain.foo:8080" is the obsd machine, I just used port forward from virtualbox.

UPDATE#2: I removed the ksh from the cgi head (later I added back, see comments)

UPDATE#3: 

# cat error_log  
Abort trap 
[Thu Aug 29 09:44:09 2013] [error] [client 10.0.2.2] Premature end of script headers: /htdocs/cgi-bin/SEARCH.cgi
# cat /var/www/htdocs/cgi-bin/SEARCH.cgi                                                                                                                                                                   
#!/bin/ksh

perl -e 'print"Content-type: text/html\n\n";'
#
gasko peter
  • 5,434
  • 22
  • 83
  • 145
  • Since you mention `httpd.conf` I assume you have installed apache. Have you [enabled any sites](https://help.ubuntu.com/10.04/serverguide/httpd.html)? – terdon Aug 24 '13 at 15:44
  • it's an OpenBSD, not Ubuntu. – gasko peter Aug 24 '13 at 16:12
  • I know, that was just one of the first links when searching for a howto, the configuration details should be the same. Specifically, the parts about apache's `sites-available` and `sites-enabled`. – terdon Aug 24 '13 at 16:14
  • 1
    The /etc/apache2/* is a debian/ubuntu-ism. OpenBSD has a monolithic `/var/www/conf/httpd.conf`. – Drav Sloan Aug 24 '13 at 20:44
  • `printf` is probably overkill for your needs, `echo` would be better, though that printf is perfectly valid to use. You can see it working in the chroot with `chroot /var/www /usr/bin/printf "Content-type: text/html\n\n"` - What is your `error_log` showing, use `tail -f /var/www/logs/error_log` to watch what errors are thrown when you refresh the page. – Drav Sloan Aug 26 '13 at 06:27
  • Also you use the shebang `#! ...` in your cgi of `#!/bin/ksh` so you will need to copy over ksh and it's library dependencies to make that cgi work... don't forget you can test in place with `chroot /var/www /htdocs/cgi-bin/SEARCH.cgi` to see any errors. – Drav Sloan Aug 26 '13 at 06:31
  • yes, I updated, copied ksh – gasko peter Aug 26 '13 at 06:32
  • `not a dynamic executable` means that you have no libraries to worry about. The `500: Internal Server Error.` _should_ throw errors in your `error_log`, as well as potentially throwing them up when the cgi is called through `chroot` – Drav Sloan Aug 26 '13 at 06:37
  • You will need the shebang to tell apache what shell/command to run the cgi in (this case being ksh). With the same httpd.conf and cgi location and file I get the "hi" if I browse to it. Make sure you copy over `/bin/ksh` and make sure it resides in `/var/www/bin/ksh`. – Drav Sloan Aug 26 '13 at 06:56
  • it's the same error message if I copy ksh to the /var/www/bin – gasko peter Aug 26 '13 at 07:24
  • If I try it with perl, it's the same again - and I copied the things that ldd said (and user only perl in the cgi) – gasko peter Aug 26 '13 at 07:29
  • have you `chmod 755 SEARCH.cgi` ? That may needed. Make sure you do print `"Content-type: text/html\n\n";` in the perl script. – Drav Sloan Aug 28 '13 at 04:29
  • ...also does `chroot /var/www /usr/bin/perl -e print` give any errors (checking that at least perl in the chroot works) – Drav Sloan Aug 28 '13 at 15:43
  • chmod 755 SEARCH.cgi - see above for permission, yes, it has exec too. see for content-type too – gasko peter Aug 29 '13 at 10:36
  • chroot /var/www /usr/bin/perl -e print -> this gives 1 error message: "Abort trap" and an exit code: 134 – gasko peter Aug 29 '13 at 10:37

1 Answers1

2

First off check your /var/www/logs/error_log that will give your biggest clue as to why it is potentially not working.

If you put your <Directory> setting at the end of your httpd.conf the earlier <Directory "/var/www/htdocs"> will override it. And your error_log will show:

 [error] [client x.x.x.x] Options ExecCGI is off in this directory /htdocs/a/a.cgi

Make sure you place it above this to make it take effect. You may also have to chmod the cgi as executable, and depending on which user created the /var/www/htdocs/a directory set the appropriate permissions/ownership.

It's also worth noting that OpenBSD by default uses chroot, so commands will have to be put in the chroot if you want to make them work.

Assuming you want to use perl as an example, first you will need to make the directories required.

$ cd /var/www
$ mkdir -p /var/www/usr/{bin,lib,libexec}

Next we need to work out what libraries perl uses:

$ ldd /usr/bin/perl
/usr/bin/perl:
    Start    End      Type Open Ref GrpRef Name
    1c000000 3c004000 exe  1    0   0      /usr/bin/perl
    07f3f000 27f58000 rlib 0    1   0      /usr/lib/libperl.so.12.0
    0d61c000 2d625000 rlib 0    1   0      /usr/lib/libm.so.7.1
    0fb24000 2fb28000 rlib 0    1   0      /usr/lib/libutil.so.11.4
    01b37000 21b65000 rlib 0    1   0      /usr/lib/libc.so.66.2
    0b671000 0b671000 rtld 0    1   0      /usr/libexec/ld.so

and copy these over to the chroot:

$ cp /usr/lib/{libperl.so.12.0,libm.so.7.1,libutil.so.11.4,libc.so.66.2} /var/www/usr/lib
$ cp /usr/libexec/ld.so /var/www/usr/libexec

And then perl itself:

$ cp /usr/bin/perl /var/www/usr/bin

then you can check your cgi will work with:

$ chroot /var/www/ /htdocs/a/a.cgi
Content-type: text/html

Test!
Drav Sloan
  • 14,145
  • 4
  • 45
  • 43