1 #include "first.h" 2 3 #include "server.h" 4 #include "buffer.h" 5 #include "network.h" 6 #include "log.h" 7 #include "keyvalue.h" 8 #include "response.h" 9 #include "request.h" 10 #include "chunk.h" 11 #include "http_chunk.h" 12 #include "fdevent.h" 13 #include "connections.h" 14 #include "stat_cache.h" 15 #include "plugin.h" 16 #include "joblist.h" 17 #include "network_backends.h" 18 #include "version.h" 19 20 #include <sys/types.h> 21 #include <sys/time.h> 22 #include <sys/stat.h> 23 24 #include <string.h> 25 #include <errno.h> 26 #include <fcntl.h> 27 #include <unistd.h> 28 #include <stdlib.h> 29 #include <time.h> 30 #include <signal.h> 31 #include <assert.h> 32 #include <locale.h> 33 34 #include <stdio.h> 35 36 #ifdef HAVE_GETOPT_H 37 # include <getopt.h> 38 #endif 39 40 #ifdef HAVE_VALGRIND_VALGRIND_H 41 # include <valgrind/valgrind.h> 42 #endif 43 44 #ifdef HAVE_SYS_WAIT_H 45 # include <sys/wait.h> 46 #endif 47 48 #ifdef HAVE_PWD_H 49 # include <grp.h> 50 # include <pwd.h> 51 #endif 52 53 #ifdef HAVE_SYS_RESOURCE_H 54 # include <sys/resource.h> 55 #endif 56 57 #ifdef HAVE_SYS_PRCTL_H 58 # include <sys/prctl.h> 59 #endif 60 61 #ifdef USE_OPENSSL 62 # include <openssl/err.h> 63 #endif 64 65 #ifndef __sgi 66 /* IRIX doesn't like the alarm based time() optimization */ 67 /* #define USE_ALARM */ 68 #endif 69 70 #ifdef HAVE_GETUID 71 # ifndef HAVE_ISSETUGID 72 73 static int l_issetugid(void) { 74 return (geteuid() != getuid() || getegid() != getgid()); 75 } 76 77 # define issetugid l_issetugid 78 # endif 79 #endif 80 81 static int oneshot_fd = 0; 82 static volatile sig_atomic_t srv_shutdown = 0; 83 static volatile sig_atomic_t graceful_shutdown = 0; 84 static volatile sig_atomic_t handle_sig_alarm = 1; 85 static volatile sig_atomic_t handle_sig_hup = 0; 86 static volatile sig_atomic_t forwarded_sig_hup = 0; 87 88 #if defined(HAVE_SIGACTION) && defined(SA_SIGINFO) 89 static volatile siginfo_t last_sigterm_info; 90 static volatile siginfo_t last_sighup_info; 91 92 static void sigaction_handler(int sig, siginfo_t *si, void *context) { 93 static siginfo_t empty_siginfo; 94 UNUSED(context); 95 96 if (!si) si = &empty_siginfo; 97 98 switch (sig) { 99 case SIGTERM: 100 srv_shutdown = 1; 101 last_sigterm_info = *si; 102 break; 103 case SIGINT: 104 if (graceful_shutdown) { 105 srv_shutdown = 1; 106 } else { 107 graceful_shutdown = 1; 108 } 109 last_sigterm_info = *si; 110 111 break; 112 case SIGALRM: 113 handle_sig_alarm = 1; 114 break; 115 case SIGHUP: 116 /** 117 * we send the SIGHUP to all procs in the process-group 118 * this includes ourself 119 * 120 * make sure we only send it once and don't create a 121 * infinite loop 122 */ 123 if (!forwarded_sig_hup) { 124 handle_sig_hup = 1; 125 last_sighup_info = *si; 126 } else { 127 forwarded_sig_hup = 0; 128 } 129 break; 130 case SIGCHLD: 131 break; 132 } 133 } 134 #elif defined(HAVE_SIGNAL) || defined(HAVE_SIGACTION) 135 static void signal_handler(int sig) { 136 switch (sig) { 137 case SIGTERM: srv_shutdown = 1; break; 138 case SIGINT: 139 if (graceful_shutdown) srv_shutdown = 1; 140 else graceful_shutdown = 1; 141 142 break; 143 case SIGALRM: handle_sig_alarm = 1; break; 144 case SIGHUP: handle_sig_hup = 1; break; 145 case SIGCHLD: break; 146 } 147 } 148 #endif 149 150 #ifdef HAVE_FORK 151 static int daemonize(void) { 152 int pipefd[2]; 153 pid_t pid; 154 #ifdef SIGTTOU 155 signal(SIGTTOU, SIG_IGN); 156 #endif 157 #ifdef SIGTTIN 158 signal(SIGTTIN, SIG_IGN); 159 #endif 160 #ifdef SIGTSTP 161 signal(SIGTSTP, SIG_IGN); 162 #endif 163 164 if (pipe(pipefd) < 0) exit(-1); 165 166 if (0 > (pid = fork())) exit(-1); 167 168 if (0 < pid) { 169 char buf; 170 ssize_t bytes; 171 172 close(pipefd[1]); 173 /* parent waits for grandchild to be ready */ 174 do { 175 bytes = read(pipefd[0], &buf, sizeof(buf)); 176 } while (bytes < 0 && EINTR == errno); 177 close(pipefd[0]); 178 179 if (bytes <= 0) { 180 /* closed fd (without writing) == failure in grandchild */ 181 fputs("daemonized server failed to start; check error log for details\n", stderr); 182 exit(-1); 183 } 184 185 exit(0); 186 } 187 188 close(pipefd[0]); 189 190 if (-1 == setsid()) exit(0); 191 192 signal(SIGHUP, SIG_IGN); 193 194 if (0 != fork()) exit(0); 195 196 if (0 != chdir("/")) exit(0); 197 198 fd_close_on_exec(pipefd[1]); 199 return pipefd[1]; 200 } 201 #endif 202 203 static server *server_init(void) { 204 int i; 205 FILE *frandom = NULL; 206 207 server *srv = calloc(1, sizeof(*srv)); 208 force_assert(srv); 209 #define CLEAN(x) \ 210 srv->x = buffer_init(); 211 212 CLEAN(response_header); 213 CLEAN(parse_full_path); 214 CLEAN(ts_debug_str); 215 CLEAN(ts_date_str); 216 CLEAN(errorlog_buf); 217 CLEAN(response_range); 218 CLEAN(tmp_buf); 219 srv->empty_string = buffer_init_string(""); 220 CLEAN(cond_check_buf); 221 222 CLEAN(srvconf.errorlog_file); 223 CLEAN(srvconf.breakagelog_file); 224 CLEAN(srvconf.groupname); 225 CLEAN(srvconf.username); 226 CLEAN(srvconf.changeroot); 227 CLEAN(srvconf.bindhost); 228 CLEAN(srvconf.event_handler); 229 CLEAN(srvconf.pid_file); 230 231 CLEAN(tmp_chunk_len); 232 #undef CLEAN 233 234 #define CLEAN(x) \ 235 srv->x = array_init(); 236 237 CLEAN(config_context); 238 CLEAN(config_touched); 239 CLEAN(status); 240 #undef CLEAN 241 242 for (i = 0; i < FILE_CACHE_MAX; i++) { 243 srv->mtime_cache[i].mtime = (time_t)-1; 244 srv->mtime_cache[i].str = buffer_init(); 245 } 246 247 if ((NULL != (frandom = fopen("/dev/urandom", "rb")) || NULL != (frandom = fopen("/dev/random", "rb"))) 248 && 1 == fread(srv->entropy, sizeof(srv->entropy), 1, frandom)) { 249 unsigned int e; 250 memcpy(&e, srv->entropy, sizeof(e) < sizeof(srv->entropy) ? sizeof(e) : sizeof(srv->entropy)); 251 srand(e); 252 srv->is_real_entropy = 1; 253 } else { 254 unsigned int j; 255 srand(time(NULL) ^ getpid()); 256 srv->is_real_entropy = 0; 257 for (j = 0; j < sizeof(srv->entropy); j++) 258 srv->entropy[j] = rand(); 259 } 260 if (frandom) fclose(frandom); 261 262 srv->cur_ts = time(NULL); 263 srv->startup_ts = srv->cur_ts; 264 265 srv->conns = calloc(1, sizeof(*srv->conns)); 266 force_assert(srv->conns); 267 268 srv->joblist = calloc(1, sizeof(*srv->joblist)); 269 force_assert(srv->joblist); 270 271 srv->fdwaitqueue = calloc(1, sizeof(*srv->fdwaitqueue)); 272 force_assert(srv->fdwaitqueue); 273 274 srv->srvconf.modules = array_init(); 275 srv->srvconf.modules_dir = buffer_init_string(LIBRARY_DIR); 276 srv->srvconf.network_backend = buffer_init(); 277 srv->srvconf.upload_tempdirs = array_init(); 278 srv->srvconf.reject_expect_100_with_417 = 1; 279 srv->srvconf.xattr_name = buffer_init_string("Content-Type"); 280 srv->srvconf.http_header_strict = 1; 281 srv->srvconf.http_host_strict = 1; /*(implies http_host_normalize)*/ 282 srv->srvconf.http_host_normalize = 0; 283 284 /* use syslog */ 285 srv->errorlog_fd = STDERR_FILENO; 286 srv->errorlog_mode = ERRORLOG_FD; 287 288 srv->split_vals = array_init(); 289 290 return srv; 291 } 292 293 static void server_free(server *srv) { 294 size_t i; 295 296 for (i = 0; i < FILE_CACHE_MAX; i++) { 297 buffer_free(srv->mtime_cache[i].str); 298 } 299 300 if (oneshot_fd > 0) { 301 close(oneshot_fd); 302 } 303 304 #define CLEAN(x) \ 305 buffer_free(srv->x); 306 307 CLEAN(response_header); 308 CLEAN(parse_full_path); 309 CLEAN(ts_debug_str); 310 CLEAN(ts_date_str); 311 CLEAN(errorlog_buf); 312 CLEAN(response_range); 313 CLEAN(tmp_buf); 314 CLEAN(empty_string); 315 CLEAN(cond_check_buf); 316 317 CLEAN(srvconf.errorlog_file); 318 CLEAN(srvconf.breakagelog_file); 319 CLEAN(srvconf.groupname); 320 CLEAN(srvconf.username); 321 CLEAN(srvconf.changeroot); 322 CLEAN(srvconf.bindhost); 323 CLEAN(srvconf.event_handler); 324 CLEAN(srvconf.pid_file); 325 CLEAN(srvconf.modules_dir); 326 CLEAN(srvconf.network_backend); 327 CLEAN(srvconf.xattr_name); 328 329 CLEAN(tmp_chunk_len); 330 #undef CLEAN 331 332 #if 0 333 fdevent_unregister(srv->ev, srv->fd); 334 #endif 335 fdevent_free(srv->ev); 336 337 free(srv->conns); 338 339 if (srv->config_storage) { 340 for (i = 0; i < srv->config_context->used; i++) { 341 specific_config *s = srv->config_storage[i]; 342 343 if (!s) continue; 344 345 buffer_free(s->document_root); 346 buffer_free(s->server_name); 347 buffer_free(s->server_tag); 348 buffer_free(s->ssl_pemfile); 349 buffer_free(s->ssl_ca_file); 350 buffer_free(s->ssl_cipher_list); 351 buffer_free(s->ssl_dh_file); 352 buffer_free(s->ssl_ec_curve); 353 buffer_free(s->error_handler); 354 buffer_free(s->error_handler_404); 355 buffer_free(s->errorfile_prefix); 356 array_free(s->mimetypes); 357 buffer_free(s->ssl_verifyclient_username); 358 #ifdef USE_OPENSSL 359 SSL_CTX_free(s->ssl_ctx); 360 EVP_PKEY_free(s->ssl_pemfile_pkey); 361 X509_free(s->ssl_pemfile_x509); 362 if (NULL != s->ssl_ca_file_cert_names) sk_X509_NAME_pop_free(s->ssl_ca_file_cert_names, X509_NAME_free); 363 #endif 364 free(s); 365 } 366 free(srv->config_storage); 367 srv->config_storage = NULL; 368 } 369 370 #define CLEAN(x) \ 371 array_free(srv->x); 372 373 CLEAN(config_context); 374 CLEAN(config_touched); 375 CLEAN(status); 376 CLEAN(srvconf.upload_tempdirs); 377 #undef CLEAN 378 379 joblist_free(srv, srv->joblist); 380 fdwaitqueue_free(srv, srv->fdwaitqueue); 381 382 if (srv->stat_cache) { 383 stat_cache_free(srv->stat_cache); 384 } 385 386 array_free(srv->srvconf.modules); 387 array_free(srv->split_vals); 388 389 #ifdef USE_OPENSSL 390 if (srv->ssl_is_init) { 391 CRYPTO_cleanup_all_ex_data(); 392 ERR_free_strings(); 393 #if OPENSSL_VERSION_NUMBER >= 0x10100000L \ 394 && !defined(LIBRESSL_VERSION_NUMBER) 395 /*(OpenSSL libraries handle thread init and deinit) 396 * https://github.com/openssl/openssl/pull/1048 */ 397 #elif OPENSSL_VERSION_NUMBER >= 0x10000000L 398 ERR_remove_thread_state(NULL); 399 #else 400 ERR_remove_state(0); 401 #endif 402 EVP_cleanup(); 403 } 404 #endif 405 406 free(srv); 407 } 408 409 static void remove_pid_file(server *srv, int *pid_fd) { 410 if (!buffer_string_is_empty(srv->srvconf.pid_file) && 0 <= *pid_fd) { 411 if (0 != ftruncate(*pid_fd, 0)) { 412 log_error_write(srv, __FILE__, __LINE__, "sbds", 413 "ftruncate failed for:", 414 srv->srvconf.pid_file, 415 errno, 416 strerror(errno)); 417 } 418 } 419 if (0 <= *pid_fd) { 420 close(*pid_fd); 421 *pid_fd = -1; 422 } 423 if (!buffer_string_is_empty(srv->srvconf.pid_file) && 424 buffer_string_is_empty(srv->srvconf.changeroot)) { 425 if (0 != unlink(srv->srvconf.pid_file->ptr)) { 426 if (errno != EACCES && errno != EPERM) { 427 log_error_write(srv, __FILE__, __LINE__, "sbds", 428 "unlink failed for:", 429 srv->srvconf.pid_file, 430 errno, 431 strerror(errno)); 432 } 433 } 434 } 435 } 436 437 438 static server_socket * server_oneshot_getsock(server *srv, sock_addr *cnt_addr) { 439 server_socket *srv_socket, *srv_socket_wild = NULL; 440 size_t i; 441 for (i = 0; i < srv->srv_sockets.used; ++i) { 442 srv_socket = srv->srv_sockets.ptr[i]; 443 if (cnt_addr->plain.sa_family != srv_socket->addr.plain.sa_family) continue; 444 switch (cnt_addr->plain.sa_family) { 445 case AF_INET: 446 if (srv_socket->addr.ipv4.sin_port != cnt_addr->ipv4.sin_port) continue; 447 if (srv_socket->addr.ipv4.sin_addr.s_addr == cnt_addr->ipv4.sin_addr.s_addr) { 448 return srv_socket; 449 } 450 if (srv_socket->addr.ipv4.sin_addr.s_addr == htonl(INADDR_ANY)) { 451 srv_socket_wild = srv_socket; 452 } 453 continue; 454 #ifdef HAVE_IPV6 455 case AF_INET6: 456 if (srv_socket->addr.ipv6.sin6_port != cnt_addr->ipv6.sin6_port) continue; 457 if (0 == memcmp(&srv_socket->addr.ipv6.sin6_addr, &cnt_addr->ipv6.sin6_addr, sizeof(struct in6_addr))) { 458 return srv_socket; 459 } 460 if (0 == memcmp(&srv_socket->addr.ipv6.sin6_addr, &in6addr_any, sizeof(struct in6_addr))) { 461 srv_socket_wild = srv_socket; 462 } 463 continue; 464 #endif 465 #ifdef HAVE_SYS_UN_H 466 case AF_UNIX: 467 if (0 == strcmp(srv_socket->addr.un.sun_path, cnt_addr->un.sun_path)) { 468 return srv_socket; 469 } 470 continue; 471 #endif 472 default: continue; 473 } 474 } 475 476 if (NULL != srv_socket_wild) { 477 return srv_socket_wild; 478 } else if (srv->srv_sockets.used) { 479 return srv->srv_sockets.ptr[0]; 480 } else { 481 log_error_write(srv, __FILE__, __LINE__, "s", "no sockets configured"); 482 return NULL; 483 } 484 } 485 486 487 static int server_oneshot_init(server *srv, int fd) { 488 /* Note: does not work with netcat due to requirement that fd be socket. 489 * STDOUT_FILENO was not saved earlier in startup, and that is to where 490 * netcat expects output to be sent. Since lighttpd expects connections 491 * to be sockets, con->fd is where output is sent; separate fds are not 492 * stored for input and output, but netcat has different fds for stdin 493 * and * stdout. To support netcat, would additionally need to avoid 494 * S_ISSOCK(), getsockname(), and getpeername() below, reconstructing 495 * addresses from environment variables: 496 * NCAT_LOCAL_ADDR NCAT_LOCAL_PORT 497 * NCAT_REMOTE_ADDR NCAT_REMOTE_PORT 498 * NCAT_PROTO 499 */ 500 connection *con; 501 server_socket *srv_socket; 502 sock_addr cnt_addr; 503 socklen_t cnt_len; 504 struct stat st; 505 506 if (0 != fstat(fd, &st)) { 507 log_error_write(srv, __FILE__, __LINE__, "ss", "fstat:", strerror(errno)); 508 return 0; 509 } 510 511 if (!S_ISSOCK(st.st_mode)) { 512 /* require that fd is a socket 513 * (modules might expect STDIN_FILENO and STDOUT_FILENO opened to /dev/null) */ 514 log_error_write(srv, __FILE__, __LINE__, "s", "lighttpd -1 stdin is not a socket"); 515 return 0; 516 } 517 518 cnt_len = sizeof(cnt_addr); 519 if (0 != getsockname(fd, (struct sockaddr *)&cnt_addr, &cnt_len)) { 520 log_error_write(srv, __FILE__, __LINE__, "ss", "getsockname:", strerror(errno)); 521 return 0; 522 } 523 524 srv_socket = server_oneshot_getsock(srv, &cnt_addr); 525 if (NULL == srv_socket) return 0; 526 527 cnt_len = sizeof(cnt_addr); 528 if (0 != getpeername(fd, (struct sockaddr *)&cnt_addr, &cnt_len)) { 529 log_error_write(srv, __FILE__, __LINE__, "ss", "getpeername:", strerror(errno)); 530 return 0; 531 } 532 533 if (cnt_addr.plain.sa_family != AF_UNIX) { 534 network_accept_tcp_nagle_disable(fd); 535 } 536 537 con = connection_accepted(srv, srv_socket, &cnt_addr, fd); 538 if (NULL == con) return 0; 539 540 connection_state_machine(srv, con); 541 return 1; 542 } 543 544 545 static void show_version (void) { 546 #ifdef USE_OPENSSL 547 # define TEXT_SSL " (ssl)" 548 #else 549 # define TEXT_SSL 550 #endif 551 char *b = PACKAGE_DESC TEXT_SSL \ 552 " - a light and fast webserver\n" \ 553 "Build-Date: " __DATE__ " " __TIME__ "\n"; 554 ; 555 #undef TEXT_SSL 556 write_all(STDOUT_FILENO, b, strlen(b)); 557 } 558 559 static void show_features (void) { 560 const char features[] = "" 561 #ifdef USE_SELECT 562 "\t+ select (generic)\n" 563 #else 564 "\t- select (generic)\n" 565 #endif 566 #ifdef USE_POLL 567 "\t+ poll (Unix)\n" 568 #else 569 "\t- poll (Unix)\n" 570 #endif 571 #ifdef USE_LINUX_SIGIO 572 "\t+ rt-signals (Linux 2.4+)\n" 573 #else 574 "\t- rt-signals (Linux 2.4+)\n" 575 #endif 576 #ifdef USE_LINUX_EPOLL 577 "\t+ epoll (Linux 2.6)\n" 578 #else 579 "\t- epoll (Linux 2.6)\n" 580 #endif 581 #ifdef USE_SOLARIS_DEVPOLL 582 "\t+ /dev/poll (Solaris)\n" 583 #else 584 "\t- /dev/poll (Solaris)\n" 585 #endif 586 #ifdef USE_SOLARIS_PORT 587 "\t+ eventports (Solaris)\n" 588 #else 589 "\t- eventports (Solaris)\n" 590 #endif 591 #ifdef USE_FREEBSD_KQUEUE 592 "\t+ kqueue (FreeBSD)\n" 593 #else 594 "\t- kqueue (FreeBSD)\n" 595 #endif 596 #ifdef USE_LIBEV 597 "\t+ libev (generic)\n" 598 #else 599 "\t- libev (generic)\n" 600 #endif 601 "\nNetwork handler:\n\n" 602 #if defined USE_LINUX_SENDFILE 603 "\t+ linux-sendfile\n" 604 #else 605 "\t- linux-sendfile\n" 606 #endif 607 #if defined USE_FREEBSD_SENDFILE 608 "\t+ freebsd-sendfile\n" 609 #else 610 "\t- freebsd-sendfile\n" 611 #endif 612 #if defined USE_DARWIN_SENDFILE 613 "\t+ darwin-sendfile\n" 614 #else 615 "\t- darwin-sendfile\n" 616 #endif 617 #if defined USE_SOLARIS_SENDFILEV 618 "\t+ solaris-sendfilev\n" 619 #else 620 "\t- solaris-sendfilev\n" 621 #endif 622 #if defined USE_WRITEV 623 "\t+ writev\n" 624 #else 625 "\t- writev\n" 626 #endif 627 "\t+ write\n" 628 #ifdef USE_MMAP 629 "\t+ mmap support\n" 630 #else 631 "\t- mmap support\n" 632 #endif 633 "\nFeatures:\n\n" 634 #ifdef HAVE_IPV6 635 "\t+ IPv6 support\n" 636 #else 637 "\t- IPv6 support\n" 638 #endif 639 #if defined HAVE_ZLIB_H && defined HAVE_LIBZ 640 "\t+ zlib support\n" 641 #else 642 "\t- zlib support\n" 643 #endif 644 #if defined HAVE_BZLIB_H && defined HAVE_LIBBZ2 645 "\t+ bzip2 support\n" 646 #else 647 "\t- bzip2 support\n" 648 #endif 649 #if defined(HAVE_CRYPT) || defined(HAVE_CRYPT_R) || defined(HAVE_LIBCRYPT) 650 "\t+ crypt support\n" 651 #else 652 "\t- crypt support\n" 653 #endif 654 #ifdef USE_OPENSSL 655 "\t+ SSL Support\n" 656 #else 657 "\t- SSL Support\n" 658 #endif 659 #ifdef HAVE_LIBPCRE 660 "\t+ PCRE support\n" 661 #else 662 "\t- PCRE support\n" 663 #endif 664 #ifdef HAVE_MYSQL 665 "\t+ mySQL support\n" 666 #else 667 "\t- mySQL support\n" 668 #endif 669 #if defined(HAVE_LDAP_H) && defined(HAVE_LBER_H) && defined(HAVE_LIBLDAP) && defined(HAVE_LIBLBER) 670 "\t+ LDAP support\n" 671 #else 672 "\t- LDAP support\n" 673 #endif 674 #ifdef USE_MEMCACHED 675 "\t+ memcached support\n" 676 #else 677 "\t- memcached support\n" 678 #endif 679 #ifdef HAVE_FAM_H 680 "\t+ FAM support\n" 681 #else 682 "\t- FAM support\n" 683 #endif 684 #ifdef HAVE_LUA_H 685 "\t+ LUA support\n" 686 #else 687 "\t- LUA support\n" 688 #endif 689 #ifdef HAVE_LIBXML_H 690 "\t+ xml support\n" 691 #else 692 "\t- xml support\n" 693 #endif 694 #ifdef HAVE_SQLITE3_H 695 "\t+ SQLite support\n" 696 #else 697 "\t- SQLite support\n" 698 #endif 699 #ifdef HAVE_GDBM_H 700 "\t+ GDBM support\n" 701 #else 702 "\t- GDBM support\n" 703 #endif 704 "\n"; 705 show_version(); 706 printf("\nEvent Handlers:\n\n%s", features); 707 } 708 709 static void show_help (void) { 710 #ifdef USE_OPENSSL 711 # define TEXT_SSL " (ssl)" 712 #else 713 # define TEXT_SSL 714 #endif 715 char *b = PACKAGE_DESC TEXT_SSL " ("__DATE__ " " __TIME__ ")" \ 716 " - a light and fast webserver\n" \ 717 "usage:\n" \ 718 " -f <name> filename of the config-file\n" \ 719 " -m <name> module directory (default: "LIBRARY_DIR")\n" \ 720 " -i <secs> graceful shutdown after <secs> of inactivity\n" \ 721 " -1 process single (one) request on stdin socket, then exit\n" \ 722 " -p print the parsed config-file in internal form, and exit\n" \ 723 " -t test the config-file, and exit\n" \ 724 " -D don't go to background (default: go to background)\n" \ 725 " -v show version\n" \ 726 " -V show compile-time features\n" \ 727 " -h show this help\n" \ 728 "\n" 729 ; 730 #undef TEXT_SSL 731 #undef TEXT_IPV6 732 write_all(STDOUT_FILENO, b, strlen(b)); 733 } 734 735 int main (int argc, char **argv) { 736 server *srv = NULL; 737 int print_config = 0; 738 int test_config = 0; 739 int i_am_root; 740 int o; 741 int num_childs = 0; 742 int pid_fd = -1, fd; 743 size_t i; 744 time_t idle_limit = 0, last_active_ts = time(NULL); 745 #ifdef HAVE_SIGACTION 746 struct sigaction act; 747 #endif 748 #ifdef HAVE_GETRLIMIT 749 struct rlimit rlim; 750 #endif 751 752 #ifdef HAVE_FORK 753 int parent_pipe_fd = -1; 754 #endif 755 756 #ifdef USE_ALARM 757 struct itimerval interval; 758 759 interval.it_interval.tv_sec = 1; 760 interval.it_interval.tv_usec = 0; 761 interval.it_value.tv_sec = 1; 762 interval.it_value.tv_usec = 0; 763 #endif 764 765 /* for nice %b handling in strfime() */ 766 setlocale(LC_TIME, "C"); 767 768 if (NULL == (srv = server_init())) { 769 fprintf(stderr, "did this really happen?\n"); 770 return -1; 771 } 772 773 /* init structs done */ 774 775 srv->srvconf.port = 0; 776 #ifdef HAVE_GETUID 777 i_am_root = (getuid() == 0); 778 #else 779 i_am_root = 0; 780 #endif 781 srv->srvconf.dont_daemonize = 0; 782 srv->srvconf.preflight_check = 0; 783 784 while(-1 != (o = getopt(argc, argv, "f:m:i:hvVD1pt"))) { 785 switch(o) { 786 case 'f': 787 if (srv->config_storage) { 788 log_error_write(srv, __FILE__, __LINE__, "s", 789 "Can only read one config file. Use the include command to use multiple config files."); 790 791 server_free(srv); 792 return -1; 793 } 794 if (config_read(srv, optarg)) { 795 server_free(srv); 796 return -1; 797 } 798 break; 799 case 'm': 800 buffer_copy_string(srv->srvconf.modules_dir, optarg); 801 break; 802 case 'i': { 803 char *endptr; 804 long timeout = strtol(optarg, &endptr, 0); 805 if (!*optarg || *endptr || timeout < 0) { 806 log_error_write(srv, __FILE__, __LINE__, "ss", 807 "Invalid idle timeout value:", optarg); 808 server_free(srv); 809 return -1; 810 } 811 idle_limit = (time_t)timeout; 812 break; 813 } 814 case 'p': print_config = 1; break; 815 case 't': ++test_config; break; 816 case '1': oneshot_fd = dup(STDIN_FILENO); break; 817 case 'D': srv->srvconf.dont_daemonize = 1; break; 818 case 'v': show_version(); server_free(srv); return 0; 819 case 'V': show_features(); server_free(srv); return 0; 820 case 'h': show_help(); server_free(srv); return 0; 821 default: 822 show_help(); 823 server_free(srv); 824 return -1; 825 } 826 } 827 828 if (!srv->config_storage) { 829 log_error_write(srv, __FILE__, __LINE__, "s", 830 "No configuration available. Try using -f option."); 831 832 server_free(srv); 833 return -1; 834 } 835 836 if (print_config) { 837 data_unset *dc = srv->config_context->data[0]; 838 if (dc) { 839 dc->print(dc, 0); 840 fprintf(stdout, "\n"); 841 } else { 842 /* shouldn't happend */ 843 fprintf(stderr, "global config not found\n"); 844 } 845 } 846 847 if (test_config) { 848 if (1 == test_config) { 849 printf("Syntax OK\n"); 850 } else { /*(test_config > 1)*/ 851 test_config = 0; 852 srv->srvconf.preflight_check = 1; 853 srv->srvconf.dont_daemonize = 1; 854 buffer_reset(srv->srvconf.pid_file); 855 } 856 } 857 858 if (test_config || print_config) { 859 server_free(srv); 860 return 0; 861 } 862 863 if (oneshot_fd) { 864 if (oneshot_fd <= STDERR_FILENO) { 865 log_error_write(srv, __FILE__, __LINE__, "s", 866 "Invalid fds at startup with lighttpd -1"); 867 server_free(srv); 868 return -1; 869 } 870 graceful_shutdown = 1; 871 srv->sockets_disabled = 1; 872 srv->srvconf.dont_daemonize = 1; 873 buffer_reset(srv->srvconf.pid_file); 874 if (srv->srvconf.max_worker) { 875 srv->srvconf.max_worker = 0; 876 log_error_write(srv, __FILE__, __LINE__, "s", 877 "server one-shot command line option disables server.max-worker config file option."); 878 } 879 } 880 881 /* close stdin and stdout, as they are not needed */ 882 openDevNull(STDIN_FILENO); 883 openDevNull(STDOUT_FILENO); 884 885 if (0 != config_set_defaults(srv)) { 886 log_error_write(srv, __FILE__, __LINE__, "s", 887 "setting default values failed"); 888 server_free(srv); 889 return -1; 890 } 891 892 /* UID handling */ 893 #ifdef HAVE_GETUID 894 if (!i_am_root && issetugid()) { 895 /* we are setuid-root */ 896 897 log_error_write(srv, __FILE__, __LINE__, "s", 898 "Are you nuts ? Don't apply a SUID bit to this binary"); 899 900 server_free(srv); 901 return -1; 902 } 903 #endif 904 905 /* check document-root */ 906 if (buffer_string_is_empty(srv->config_storage[0]->document_root)) { 907 log_error_write(srv, __FILE__, __LINE__, "s", 908 "document-root is not set\n"); 909 910 server_free(srv); 911 912 return -1; 913 } 914 915 if (plugins_load(srv)) { 916 log_error_write(srv, __FILE__, __LINE__, "s", 917 "loading plugins finally failed"); 918 919 plugins_free(srv); 920 server_free(srv); 921 922 return -1; 923 } 924 925 /* open pid file BEFORE chroot */ 926 if (!buffer_string_is_empty(srv->srvconf.pid_file)) { 927 if (-1 == (pid_fd = open(srv->srvconf.pid_file->ptr, O_WRONLY | O_CREAT | O_EXCL | O_TRUNC, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH))) { 928 struct stat st; 929 if (errno != EEXIST) { 930 log_error_write(srv, __FILE__, __LINE__, "sbs", 931 "opening pid-file failed:", srv->srvconf.pid_file, strerror(errno)); 932 return -1; 933 } 934 935 if (0 != stat(srv->srvconf.pid_file->ptr, &st)) { 936 log_error_write(srv, __FILE__, __LINE__, "sbs", 937 "stating existing pid-file failed:", srv->srvconf.pid_file, strerror(errno)); 938 } 939 940 if (!S_ISREG(st.st_mode)) { 941 log_error_write(srv, __FILE__, __LINE__, "sb", 942 "pid-file exists and isn't regular file:", srv->srvconf.pid_file); 943 return -1; 944 } 945 946 if (-1 == (pid_fd = open(srv->srvconf.pid_file->ptr, O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH))) { 947 log_error_write(srv, __FILE__, __LINE__, "sbs", 948 "opening pid-file failed:", srv->srvconf.pid_file, strerror(errno)); 949 return -1; 950 } 951 } 952 fd_close_on_exec(pid_fd); 953 } 954 955 if (srv->event_handler == FDEVENT_HANDLER_SELECT) { 956 /* select limits itself 957 * 958 * as it is a hard limit and will lead to a segfault we add some safety 959 * */ 960 srv->max_fds = FD_SETSIZE - 200; 961 } else { 962 srv->max_fds = 4096; 963 } 964 965 if (i_am_root) { 966 struct group *grp = NULL; 967 struct passwd *pwd = NULL; 968 int use_rlimit = 1; 969 970 #ifdef HAVE_VALGRIND_VALGRIND_H 971 if (RUNNING_ON_VALGRIND) use_rlimit = 0; 972 #endif 973 974 #ifdef HAVE_GETRLIMIT 975 if (0 != getrlimit(RLIMIT_NOFILE, &rlim)) { 976 log_error_write(srv, __FILE__, __LINE__, 977 "ss", "couldn't get 'max filedescriptors'", 978 strerror(errno)); 979 return -1; 980 } 981 982 if (use_rlimit && srv->srvconf.max_fds) { 983 /* set rlimits */ 984 985 rlim.rlim_cur = srv->srvconf.max_fds; 986 rlim.rlim_max = srv->srvconf.max_fds; 987 988 if (0 != setrlimit(RLIMIT_NOFILE, &rlim)) { 989 log_error_write(srv, __FILE__, __LINE__, 990 "ss", "couldn't set 'max filedescriptors'", 991 strerror(errno)); 992 return -1; 993 } 994 } 995 996 if (srv->event_handler == FDEVENT_HANDLER_SELECT) { 997 srv->max_fds = rlim.rlim_cur < (rlim_t)FD_SETSIZE - 200 ? (int)rlim.rlim_cur : (int)FD_SETSIZE - 200; 998 } else { 999 srv->max_fds = rlim.rlim_cur; 1000 } 1001 1002 /* set core file rlimit, if enable_cores is set */ 1003 if (use_rlimit && srv->srvconf.enable_cores && getrlimit(RLIMIT_CORE, &rlim) == 0) { 1004 rlim.rlim_cur = rlim.rlim_max; 1005 setrlimit(RLIMIT_CORE, &rlim); 1006 } 1007 #endif 1008 if (srv->event_handler == FDEVENT_HANDLER_SELECT) { 1009 /* don't raise the limit above FD_SET_SIZE */ 1010 if (srv->max_fds > ((int)FD_SETSIZE) - 200) { 1011 log_error_write(srv, __FILE__, __LINE__, "sd", 1012 "can't raise max filedescriptors above", FD_SETSIZE - 200, 1013 "if event-handler is 'select'. Use 'poll' or something else or reduce server.max-fds."); 1014 return -1; 1015 } 1016 } 1017 1018 1019 #ifdef HAVE_PWD_H 1020 /* set user and group */ 1021 if (!buffer_string_is_empty(srv->srvconf.username)) { 1022 if (NULL == (pwd = getpwnam(srv->srvconf.username->ptr))) { 1023 log_error_write(srv, __FILE__, __LINE__, "sb", 1024 "can't find username", srv->srvconf.username); 1025 return -1; 1026 } 1027 1028 if (pwd->pw_uid == 0) { 1029 log_error_write(srv, __FILE__, __LINE__, "s", 1030 "I will not set uid to 0\n"); 1031 return -1; 1032 } 1033 } 1034 1035 if (!buffer_string_is_empty(srv->srvconf.groupname)) { 1036 if (NULL == (grp = getgrnam(srv->srvconf.groupname->ptr))) { 1037 log_error_write(srv, __FILE__, __LINE__, "sb", 1038 "can't find groupname", srv->srvconf.groupname); 1039 return -1; 1040 } 1041 if (grp->gr_gid == 0) { 1042 log_error_write(srv, __FILE__, __LINE__, "s", 1043 "I will not set gid to 0\n"); 1044 return -1; 1045 } 1046 } 1047 #endif 1048 /* we need root-perms for port < 1024 */ 1049 if (0 != network_init(srv)) { 1050 plugins_free(srv); 1051 server_free(srv); 1052 1053 return -1; 1054 } 1055 #ifdef HAVE_PWD_H 1056 /* 1057 * Change group before chroot, when we have access 1058 * to /etc/group 1059 * */ 1060 if (NULL != grp) { 1061 if (-1 == setgid(grp->gr_gid)) { 1062 log_error_write(srv, __FILE__, __LINE__, "ss", "setgid failed: ", strerror(errno)); 1063 return -1; 1064 } 1065 if (-1 == setgroups(0, NULL)) { 1066 log_error_write(srv, __FILE__, __LINE__, "ss", "setgroups failed: ", strerror(errno)); 1067 return -1; 1068 } 1069 if (!buffer_string_is_empty(srv->srvconf.username)) { 1070 initgroups(srv->srvconf.username->ptr, grp->gr_gid); 1071 } 1072 } 1073 #endif 1074 #ifdef HAVE_CHROOT 1075 if (!buffer_string_is_empty(srv->srvconf.changeroot)) { 1076 tzset(); 1077 1078 if (-1 == chroot(srv->srvconf.changeroot->ptr)) { 1079 log_error_write(srv, __FILE__, __LINE__, "ss", "chroot failed: ", strerror(errno)); 1080 return -1; 1081 } 1082 if (-1 == chdir("/")) { 1083 log_error_write(srv, __FILE__, __LINE__, "ss", "chdir failed: ", strerror(errno)); 1084 return -1; 1085 } 1086 } 1087 #endif 1088 #ifdef HAVE_PWD_H 1089 /* drop root privs */ 1090 if (NULL != pwd) { 1091 if (-1 == setuid(pwd->pw_uid)) { 1092 log_error_write(srv, __FILE__, __LINE__, "ss", "setuid failed: ", strerror(errno)); 1093 return -1; 1094 } 1095 } 1096 #endif 1097 #if defined(HAVE_SYS_PRCTL_H) && defined(PR_SET_DUMPABLE) 1098 /** 1099 * on IRIX 6.5.30 they have prctl() but no DUMPABLE 1100 */ 1101 if (srv->srvconf.enable_cores) { 1102 prctl(PR_SET_DUMPABLE, 1, 0, 0, 0); 1103 } 1104 #endif 1105 } else { 1106 1107 #ifdef HAVE_GETRLIMIT 1108 if (0 != getrlimit(RLIMIT_NOFILE, &rlim)) { 1109 log_error_write(srv, __FILE__, __LINE__, 1110 "ss", "couldn't get 'max filedescriptors'", 1111 strerror(errno)); 1112 return -1; 1113 } 1114 1115 /** 1116 * we are not root can can't increase the fd-limit above rlim_max, but we can reduce it 1117 */ 1118 if (srv->srvconf.max_fds && srv->srvconf.max_fds <= rlim.rlim_max) { 1119 /* set rlimits */ 1120 1121 rlim.rlim_cur = srv->srvconf.max_fds; 1122 1123 if (0 != setrlimit(RLIMIT_NOFILE, &rlim)) { 1124 log_error_write(srv, __FILE__, __LINE__, 1125 "ss", "couldn't set 'max filedescriptors'", 1126 strerror(errno)); 1127 return -1; 1128 } 1129 } 1130 1131 if (srv->event_handler == FDEVENT_HANDLER_SELECT) { 1132 srv->max_fds = rlim.rlim_cur < (rlim_t)FD_SETSIZE - 200 ? (int)rlim.rlim_cur : (int)FD_SETSIZE - 200; 1133 } else { 1134 srv->max_fds = rlim.rlim_cur; 1135 } 1136 1137 /* set core file rlimit, if enable_cores is set */ 1138 if (srv->srvconf.enable_cores && getrlimit(RLIMIT_CORE, &rlim) == 0) { 1139 rlim.rlim_cur = rlim.rlim_max; 1140 setrlimit(RLIMIT_CORE, &rlim); 1141 } 1142 1143 #endif 1144 if (srv->event_handler == FDEVENT_HANDLER_SELECT) { 1145 /* don't raise the limit above FD_SET_SIZE */ 1146 if (srv->max_fds > ((int)FD_SETSIZE) - 200) { 1147 log_error_write(srv, __FILE__, __LINE__, "sd", 1148 "can't raise max filedescriptors above", FD_SETSIZE - 200, 1149 "if event-handler is 'select'. Use 'poll' or something else or reduce server.max-fds."); 1150 return -1; 1151 } 1152 } 1153 1154 if (0 != network_init(srv)) { 1155 plugins_free(srv); 1156 server_free(srv); 1157 1158 return -1; 1159 } 1160 } 1161 1162 /* set max-conns */ 1163 if (srv->srvconf.max_conns > srv->max_fds/2) { 1164 /* we can't have more connections than max-fds/2 */ 1165 log_error_write(srv, __FILE__, __LINE__, "sdd", "can't have more connections than fds/2: ", srv->srvconf.max_conns, srv->max_fds); 1166 srv->max_conns = srv->max_fds/2; 1167 } else if (srv->srvconf.max_conns) { 1168 /* otherwise respect the wishes of the user */ 1169 srv->max_conns = srv->srvconf.max_conns; 1170 } else { 1171 /* or use the default: we really don't want to hit max-fds */ 1172 srv->max_conns = srv->max_fds/3; 1173 } 1174 1175 if (HANDLER_GO_ON != plugins_call_init(srv)) { 1176 log_error_write(srv, __FILE__, __LINE__, "s", "Initialization of plugins failed. Going down."); 1177 1178 plugins_free(srv); 1179 network_close(srv); 1180 server_free(srv); 1181 1182 return -1; 1183 } 1184 1185 #ifdef HAVE_FORK 1186 /* network is up, let's deamonize ourself */ 1187 if (srv->srvconf.dont_daemonize == 0) { 1188 parent_pipe_fd = daemonize(); 1189 } 1190 #endif 1191 1192 1193 #ifdef HAVE_SIGACTION 1194 memset(&act, 0, sizeof(act)); 1195 act.sa_handler = SIG_IGN; 1196 sigaction(SIGPIPE, &act, NULL); 1197 sigaction(SIGUSR1, &act, NULL); 1198 # if defined(SA_SIGINFO) 1199 act.sa_sigaction = sigaction_handler; 1200 sigemptyset(&act.sa_mask); 1201 act.sa_flags = SA_SIGINFO; 1202 # else 1203 act.sa_handler = signal_handler; 1204 sigemptyset(&act.sa_mask); 1205 act.sa_flags = 0; 1206 # endif 1207 sigaction(SIGINT, &act, NULL); 1208 sigaction(SIGTERM, &act, NULL); 1209 sigaction(SIGHUP, &act, NULL); 1210 sigaction(SIGALRM, &act, NULL); 1211 1212 /* it should be safe to restart syscalls after SIGCHLD */ 1213 act.sa_flags |= SA_RESTART | SA_NOCLDSTOP; 1214 sigaction(SIGCHLD, &act, NULL); 1215 1216 #elif defined(HAVE_SIGNAL) 1217 /* ignore the SIGPIPE from sendfile() */ 1218 signal(SIGPIPE, SIG_IGN); 1219 signal(SIGUSR1, SIG_IGN); 1220 signal(SIGALRM, signal_handler); 1221 signal(SIGTERM, signal_handler); 1222 signal(SIGHUP, signal_handler); 1223 signal(SIGCHLD, signal_handler); 1224 signal(SIGINT, signal_handler); 1225 #endif 1226 1227 #ifdef USE_ALARM 1228 signal(SIGALRM, signal_handler); 1229 1230 /* setup periodic timer (1 second) */ 1231 if (setitimer(ITIMER_REAL, &interval, NULL)) { 1232 log_error_write(srv, __FILE__, __LINE__, "s", "setting timer failed"); 1233 return -1; 1234 } 1235 1236 getitimer(ITIMER_REAL, &interval); 1237 #endif 1238 1239 1240 srv->gid = getgid(); 1241 srv->uid = getuid(); 1242 1243 /* write pid file */ 1244 if (pid_fd != -1) { 1245 buffer_copy_int(srv->tmp_buf, getpid()); 1246 buffer_append_string_len(srv->tmp_buf, CONST_STR_LEN("\n")); 1247 if (-1 == write_all(pid_fd, CONST_BUF_LEN(srv->tmp_buf))) { 1248 log_error_write(srv, __FILE__, __LINE__, "ss", "Couldn't write pid file:", strerror(errno)); 1249 close(pid_fd); 1250 return -1; 1251 } 1252 } 1253 1254 /* Close stderr ASAP in the child process to make sure that nothing 1255 * is being written to that fd which may not be valid anymore. */ 1256 if (!srv->srvconf.preflight_check && -1 == log_error_open(srv)) { 1257 log_error_write(srv, __FILE__, __LINE__, "s", "Opening errorlog failed. Going down."); 1258 1259 plugins_free(srv); 1260 network_close(srv); 1261 server_free(srv); 1262 return -1; 1263 } 1264 1265 if (HANDLER_GO_ON != plugins_call_set_defaults(srv)) { 1266 log_error_write(srv, __FILE__, __LINE__, "s", "Configuration of plugins failed. Going down."); 1267 1268 plugins_free(srv); 1269 network_close(srv); 1270 server_free(srv); 1271 1272 return -1; 1273 } 1274 1275 /* dump unused config-keys */ 1276 for (i = 0; i < srv->config_context->used; i++) { 1277 array *config = ((data_config *)srv->config_context->data[i])->value; 1278 size_t j; 1279 1280 for (j = 0; config && j < config->used; j++) { 1281 data_unset *du = config->data[j]; 1282 1283 /* all var.* is known as user defined variable */ 1284 if (strncmp(du->key->ptr, "var.", sizeof("var.") - 1) == 0) { 1285 continue; 1286 } 1287 1288 if (NULL == array_get_element(srv->config_touched, du->key->ptr)) { 1289 log_error_write(srv, __FILE__, __LINE__, "sbs", 1290 "WARNING: unknown config-key:", 1291 du->key, 1292 "(ignored)"); 1293 } 1294 } 1295 } 1296 1297 if (srv->config_unsupported) { 1298 log_error_write(srv, __FILE__, __LINE__, "s", 1299 "Configuration contains unsupported keys. Going down."); 1300 } 1301 1302 if (srv->config_deprecated) { 1303 log_error_write(srv, __FILE__, __LINE__, "s", 1304 "Configuration contains deprecated keys. Going down."); 1305 } 1306 1307 if (srv->config_unsupported || srv->config_deprecated) { 1308 plugins_free(srv); 1309 network_close(srv); 1310 server_free(srv); 1311 1312 return -1; 1313 } 1314 1315 if (srv->srvconf.preflight_check) { 1316 /*printf("Preflight OK");*//*(stdout reopened to /dev/null)*/ 1317 plugins_free(srv); 1318 network_close(srv); 1319 server_free(srv); 1320 1321 exit(0); 1322 } 1323 1324 1325 #ifdef HAVE_FORK 1326 /** 1327 * notify daemonize-grandparent of successful startup 1328 * do this before any further forking is done (workers) 1329 */ 1330 if (srv->srvconf.dont_daemonize == 0) { 1331 if (0 > write(parent_pipe_fd, "", 1)) return -1; 1332 close(parent_pipe_fd); 1333 } 1334 1335 if (idle_limit && srv->srvconf.max_worker) { 1336 srv->srvconf.max_worker = 0; 1337 log_error_write(srv, __FILE__, __LINE__, "s", 1338 "server idle time limit command line option disables server.max-worker config file option."); 1339 } 1340 1341 /* start watcher and workers */ 1342 num_childs = srv->srvconf.max_worker; 1343 if (num_childs > 0) { 1344 int child = 0; 1345 while (!child && !srv_shutdown && !graceful_shutdown) { 1346 if (num_childs > 0) { 1347 switch (fork()) { 1348 case -1: 1349 return -1; 1350 case 0: 1351 child = 1; 1352 break; 1353 default: 1354 num_childs--; 1355 break; 1356 } 1357 } else { 1358 int status; 1359 1360 if (-1 != wait(&status)) { 1361 /** 1362 * one of our workers went away 1363 */ 1364 num_childs++; 1365 } else { 1366 switch (errno) { 1367 case EINTR: 1368 /** 1369 * if we receive a SIGHUP we have to close our logs ourself as we don't 1370 * have the mainloop who can help us here 1371 */ 1372 if (handle_sig_hup) { 1373 handle_sig_hup = 0; 1374 1375 log_error_cycle(srv); 1376 1377 /** 1378 * forward to all procs in the process-group 1379 * 1380 * we also send it ourself 1381 */ 1382 if (!forwarded_sig_hup && 0 != srv->srvconf.max_worker) { 1383 forwarded_sig_hup = 1; 1384 kill(0, SIGHUP); 1385 } 1386 } 1387 break; 1388 default: 1389 break; 1390 } 1391 } 1392 } 1393 } 1394 1395 /** 1396 * for the parent this is the exit-point 1397 */ 1398 if (!child) { 1399 /** 1400 * kill all children too 1401 */ 1402 if (graceful_shutdown) { 1403 kill(0, SIGINT); 1404 } else if (srv_shutdown) { 1405 kill(0, SIGTERM); 1406 } 1407 1408 remove_pid_file(srv, &pid_fd); 1409 log_error_close(srv); 1410 network_close(srv); 1411 connections_free(srv); 1412 plugins_free(srv); 1413 server_free(srv); 1414 return 0; 1415 } 1416 1417 /** 1418 * make sure workers do not muck with pid-file 1419 */ 1420 if (0 <= pid_fd) { 1421 close(pid_fd); 1422 pid_fd = -1; 1423 } 1424 buffer_reset(srv->srvconf.pid_file); 1425 } 1426 #endif 1427 1428 if (NULL == (srv->ev = fdevent_init(srv, srv->max_fds + 1, srv->event_handler))) { 1429 log_error_write(srv, __FILE__, __LINE__, 1430 "s", "fdevent_init failed"); 1431 return -1; 1432 } 1433 1434 /* libev backend overwrites our SIGCHLD handler and calls waitpid on SIGCHLD; we want our own SIGCHLD handling. */ 1435 #ifdef HAVE_SIGACTION 1436 sigaction(SIGCHLD, &act, NULL); 1437 #elif defined(HAVE_SIGNAL) 1438 signal(SIGCHLD, signal_handler); 1439 #endif 1440 1441 /* 1442 * kqueue() is called here, select resets its internals, 1443 * all server sockets get their handlers 1444 * 1445 * */ 1446 if (0 != network_register_fdevents(srv)) { 1447 plugins_free(srv); 1448 network_close(srv); 1449 server_free(srv); 1450 1451 return -1; 1452 } 1453 1454 /* might fail if user is using fam (not gamin) and famd isn't running */ 1455 if (NULL == (srv->stat_cache = stat_cache_init())) { 1456 log_error_write(srv, __FILE__, __LINE__, "s", 1457 "stat-cache could not be setup, dieing."); 1458 return -1; 1459 } 1460 1461 #ifdef HAVE_FAM_H 1462 /* setup FAM */ 1463 if (srv->srvconf.stat_cache_engine == STAT_CACHE_ENGINE_FAM) { 1464 if (0 != FAMOpen2(&srv->stat_cache->fam, "lighttpd")) { 1465 log_error_write(srv, __FILE__, __LINE__, "s", 1466 "could not open a fam connection, dieing."); 1467 return -1; 1468 } 1469 #ifdef HAVE_FAMNOEXISTS 1470 FAMNoExists(&srv->stat_cache->fam); 1471 #endif 1472 1473 fdevent_register(srv->ev, FAMCONNECTION_GETFD(&srv->stat_cache->fam), stat_cache_handle_fdevent, NULL); 1474 fdevent_event_set(srv->ev, &(srv->stat_cache->fam_fcce_ndx), FAMCONNECTION_GETFD(&srv->stat_cache->fam), FDEVENT_IN); 1475 } 1476 #endif 1477 1478 1479 /* get the current number of FDs */ 1480 srv->cur_fds = open("/dev/null", O_RDONLY); 1481 close(srv->cur_fds); 1482 1483 for (i = 0; i < srv->srv_sockets.used; i++) { 1484 server_socket *srv_socket = srv->srv_sockets.ptr[i]; 1485 if (srv->sockets_disabled) continue; /* lighttpd -1 (one-shot mode) */ 1486 if (-1 == fdevent_fcntl_set(srv->ev, srv_socket->fd)) { 1487 log_error_write(srv, __FILE__, __LINE__, "ss", "fcntl failed:", strerror(errno)); 1488 return -1; 1489 } 1490 } 1491 1492 if (oneshot_fd && server_oneshot_init(srv, oneshot_fd)) { 1493 oneshot_fd = -1; 1494 } 1495 1496 /* main-loop */ 1497 while (!srv_shutdown) { 1498 int n; 1499 size_t ndx; 1500 time_t min_ts; 1501 1502 if (handle_sig_hup) { 1503 handler_t r; 1504 1505 /* reset notification */ 1506 handle_sig_hup = 0; 1507 1508 1509 /* cycle logfiles */ 1510 1511 switch(r = plugins_call_handle_sighup(srv)) { 1512 case HANDLER_GO_ON: 1513 break; 1514 default: 1515 log_error_write(srv, __FILE__, __LINE__, "sd", "sighup-handler return with an error", r); 1516 break; 1517 } 1518 1519 if (-1 == log_error_cycle(srv)) { 1520 log_error_write(srv, __FILE__, __LINE__, "s", "cycling errorlog failed, dying"); 1521 1522 return -1; 1523 } else { 1524 #ifdef HAVE_SIGACTION 1525 log_error_write(srv, __FILE__, __LINE__, "sdsd", 1526 "logfiles cycled UID =", 1527 last_sighup_info.si_uid, 1528 "PID =", 1529 last_sighup_info.si_pid); 1530 #else 1531 log_error_write(srv, __FILE__, __LINE__, "s", 1532 "logfiles cycled"); 1533 #endif 1534 } 1535 } 1536 1537 if (handle_sig_alarm) { 1538 /* a new second */ 1539 1540 #ifdef USE_ALARM 1541 /* reset notification */ 1542 handle_sig_alarm = 0; 1543 #endif 1544 1545 /* get current time */ 1546 min_ts = time(NULL); 1547 1548 if (min_ts != srv->cur_ts) { 1549 #ifdef DEBUG_CONNECTION_STATES 1550 int cs = 0; 1551 #endif 1552 connections *conns = srv->conns; 1553 handler_t r; 1554 1555 switch(r = plugins_call_handle_trigger(srv)) { 1556 case HANDLER_GO_ON: 1557 break; 1558 case HANDLER_ERROR: 1559 log_error_write(srv, __FILE__, __LINE__, "s", "one of the triggers failed"); 1560 break; 1561 default: 1562 log_error_write(srv, __FILE__, __LINE__, "d", r); 1563 break; 1564 } 1565 1566 /* trigger waitpid */ 1567 srv->cur_ts = min_ts; 1568 1569 /* check idle time limit, if enabled */ 1570 if (idle_limit && idle_limit < min_ts - last_active_ts && !graceful_shutdown) { 1571 log_error_write(srv, __FILE__, __LINE__, "sDs", "[note] idle timeout", (int)idle_limit, 1572 "s exceeded, initiating graceful shutdown"); 1573 graceful_shutdown = 2; /* value 2 indicates idle timeout */ 1574 } 1575 1576 /* cleanup stat-cache */ 1577 stat_cache_trigger_cleanup(srv); 1578 /** 1579 * check all connections for timeouts 1580 * 1581 */ 1582 for (ndx = 0; ndx < conns->used; ndx++) { 1583 connection * const con = conns->ptr[ndx]; 1584 const int waitevents = fdevent_event_get_interest(srv->ev, con->fd); 1585 int changed = 0; 1586 int t_diff; 1587 1588 if (waitevents & FDEVENT_IN) { 1589 if (con->request_count == 1 || con->state != CON_STATE_READ) { /* e.g. CON_STATE_READ_POST || CON_STATE_WRITE */ 1590 if (srv->cur_ts - con->read_idle_ts > con->conf.max_read_idle) { 1591 /* time - out */ 1592 if (con->conf.log_request_handling) { 1593 log_error_write(srv, __FILE__, __LINE__, "sd", 1594 "connection closed - read timeout:", con->fd); 1595 } 1596 1597 connection_set_state(srv, con, CON_STATE_ERROR); 1598 changed = 1; 1599 } 1600 } else { 1601 if (srv->cur_ts - con->read_idle_ts > con->keep_alive_idle) { 1602 /* time - out */ 1603 if (con->conf.log_request_handling) { 1604 log_error_write(srv, __FILE__, __LINE__, "sd", 1605 "connection closed - keep-alive timeout:", con->fd); 1606 } 1607 1608 connection_set_state(srv, con, CON_STATE_ERROR); 1609 changed = 1; 1610 } 1611 } 1612 } 1613 1614 /* max_write_idle timeout currently functions as backend timeout, 1615 * too, after response has been started. 1616 * future: have separate backend timeout, and then change this 1617 * to check for write interest before checking for timeout */ 1618 /*if (waitevents & FDEVENT_OUT)*/ 1619 if ((con->state == CON_STATE_WRITE) && 1620 (con->write_request_ts != 0)) { 1621 #if 0 1622 if (srv->cur_ts - con->write_request_ts > 60) { 1623 log_error_write(srv, __FILE__, __LINE__, "sdd", 1624 "connection closed - pre-write-request-timeout:", con->fd, srv->cur_ts - con->write_request_ts); 1625 } 1626 #endif 1627 1628 if (srv->cur_ts - con->write_request_ts > con->conf.max_write_idle) { 1629 /* time - out */ 1630 if (con->conf.log_timeouts) { 1631 log_error_write(srv, __FILE__, __LINE__, "sbsbsosds", 1632 "NOTE: a request from", 1633 con->dst_addr_buf, 1634 "for", 1635 con->request.uri, 1636 "timed out after writing", 1637 con->bytes_written, 1638 "bytes. We waited", 1639 (int)con->conf.max_write_idle, 1640 "seconds. If this a problem increase server.max-write-idle"); 1641 } 1642 connection_set_state(srv, con, CON_STATE_ERROR); 1643 changed = 1; 1644 } 1645 } 1646 1647 if (con->state == CON_STATE_CLOSE && (srv->cur_ts - con->close_timeout_ts > HTTP_LINGER_TIMEOUT)) { 1648 changed = 1; 1649 } 1650 1651 /* we don't like div by zero */ 1652 if (0 == (t_diff = srv->cur_ts - con->connection_start)) t_diff = 1; 1653 1654 if (con->traffic_limit_reached && 1655 (con->conf.kbytes_per_second == 0 || 1656 ((con->bytes_written / t_diff) < con->conf.kbytes_per_second * 1024))) { 1657 /* enable connection again */ 1658 con->traffic_limit_reached = 0; 1659 1660 changed = 1; 1661 } 1662 1663 if (changed) { 1664 connection_state_machine(srv, con); 1665 } 1666 con->bytes_written_cur_second = 0; 1667 *(con->conf.global_bytes_per_second_cnt_ptr) = 0; 1668 1669 #if DEBUG_CONNECTION_STATES 1670 if (cs == 0) { 1671 fprintf(stderr, "connection-state: "); 1672 cs = 1; 1673 } 1674 1675 fprintf(stderr, "c[%d,%d]: %s ", 1676 con->fd, 1677 con->fcgi.fd, 1678 connection_get_state(con->state)); 1679 #endif 1680 } 1681 1682 #ifdef DEBUG_CONNECTION_STATES 1683 if (cs == 1) fprintf(stderr, "\n"); 1684 #endif 1685 } 1686 } 1687 1688 if (srv->sockets_disabled) { 1689 /* our server sockets are disabled, why ? */ 1690 1691 if ((srv->cur_fds + srv->want_fds < srv->max_fds * 8 / 10) && /* we have enough unused fds */ 1692 (srv->conns->used <= srv->max_conns * 9 / 10) && 1693 (0 == graceful_shutdown)) { 1694 for (i = 0; i < srv->srv_sockets.used; i++) { 1695 server_socket *srv_socket = srv->srv_sockets.ptr[i]; 1696 fdevent_event_set(srv->ev, &(srv_socket->fde_ndx), srv_socket->fd, FDEVENT_IN); 1697 } 1698 1699 log_error_write(srv, __FILE__, __LINE__, "s", "[note] sockets enabled again"); 1700 1701 srv->sockets_disabled = 0; 1702 } 1703 } else { 1704 if ((srv->cur_fds + srv->want_fds > srv->max_fds * 9 / 10) || /* out of fds */ 1705 (srv->conns->used >= srv->max_conns) || /* out of connections */ 1706 (graceful_shutdown)) { /* graceful_shutdown */ 1707 1708 /* disable server-fds */ 1709 1710 for (i = 0; i < srv->srv_sockets.used; i++) { 1711 server_socket *srv_socket = srv->srv_sockets.ptr[i]; 1712 1713 if (graceful_shutdown) { 1714 /* we don't want this socket anymore, 1715 * 1716 * closing it right away will make it possible for 1717 * the next lighttpd to take over (graceful restart) 1718 * */ 1719 1720 fdevent_event_del(srv->ev, &(srv_socket->fde_ndx), srv_socket->fd); 1721 fdevent_unregister(srv->ev, srv_socket->fd); 1722 close(srv_socket->fd); 1723 srv_socket->fd = -1; 1724 1725 /* network_close() will cleanup after us */ 1726 } else { 1727 fdevent_event_set(srv->ev, &(srv_socket->fde_ndx), srv_socket->fd, 0); 1728 } 1729 } 1730 1731 if (graceful_shutdown) { 1732 remove_pid_file(srv, &pid_fd); 1733 log_error_write(srv, __FILE__, __LINE__, "s", "[note] graceful shutdown started"); 1734 } else if (srv->conns->used >= srv->max_conns) { 1735 log_error_write(srv, __FILE__, __LINE__, "s", "[note] sockets disabled, connection limit reached"); 1736 } else { 1737 log_error_write(srv, __FILE__, __LINE__, "s", "[note] sockets disabled, out-of-fds"); 1738 } 1739 1740 srv->sockets_disabled = 1; 1741 } 1742 } 1743 1744 if (graceful_shutdown && srv->conns->used == 0) { 1745 /* we are in graceful shutdown phase and all connections are closed 1746 * we are ready to terminate without harming anyone */ 1747 srv_shutdown = 1; 1748 break; 1749 } 1750 1751 /* we still have some fds to share */ 1752 if (srv->want_fds) { 1753 /* check the fdwaitqueue for waiting fds */ 1754 int free_fds = srv->max_fds - srv->cur_fds - 16; 1755 connection *con; 1756 1757 for (; free_fds > 0 && NULL != (con = fdwaitqueue_unshift(srv, srv->fdwaitqueue)); free_fds--) { 1758 connection_state_machine(srv, con); 1759 1760 srv->want_fds--; 1761 } 1762 } 1763 1764 if ((n = fdevent_poll(srv->ev, 1000)) > 0) { 1765 /* n is the number of events */ 1766 int revents; 1767 int fd_ndx; 1768 #if 0 1769 if (n > 0) { 1770 log_error_write(srv, __FILE__, __LINE__, "sd", 1771 "polls:", n); 1772 } 1773 #endif 1774 last_active_ts = srv->cur_ts; 1775 fd_ndx = -1; 1776 do { 1777 fdevent_handler handler; 1778 void *context; 1779 handler_t r; 1780 1781 fd_ndx = fdevent_event_next_fdndx (srv->ev, fd_ndx); 1782 if (-1 == fd_ndx) break; /* not all fdevent handlers know how many fds got an event */ 1783 1784 revents = fdevent_event_get_revent (srv->ev, fd_ndx); 1785 fd = fdevent_event_get_fd (srv->ev, fd_ndx); 1786 handler = fdevent_get_handler(srv->ev, fd); 1787 context = fdevent_get_context(srv->ev, fd); 1788 1789 #if 0 1790 log_error_write(srv, __FILE__, __LINE__, "sdd", 1791 "event for", fd, revents); 1792 #endif 1793 switch (r = (*handler)(srv, context, revents)) { 1794 case HANDLER_FINISHED: 1795 case HANDLER_GO_ON: 1796 case HANDLER_WAIT_FOR_EVENT: 1797 case HANDLER_WAIT_FOR_FD: 1798 break; 1799 case HANDLER_ERROR: 1800 /* should never happen */ 1801 SEGFAULT(); 1802 break; 1803 default: 1804 log_error_write(srv, __FILE__, __LINE__, "d", r); 1805 break; 1806 } 1807 } while (--n > 0); 1808 } else if (n < 0 && errno != EINTR) { 1809 log_error_write(srv, __FILE__, __LINE__, "ss", 1810 "fdevent_poll failed:", 1811 strerror(errno)); 1812 } 1813 1814 for (ndx = 0; ndx < srv->joblist->used; ndx++) { 1815 connection *con = srv->joblist->ptr[ndx]; 1816 connection_state_machine(srv, con); 1817 con->in_joblist = 0; 1818 } 1819 1820 srv->joblist->used = 0; 1821 } 1822 1823 if (0 == graceful_shutdown) { 1824 remove_pid_file(srv, &pid_fd); 1825 } 1826 1827 if (2 == graceful_shutdown) { /* value 2 indicates idle timeout */ 1828 log_error_write(srv, __FILE__, __LINE__, "s", 1829 "server stopped after idle timeout"); 1830 } else { 1831 #ifdef HAVE_SIGACTION 1832 log_error_write(srv, __FILE__, __LINE__, "sdsd", 1833 "server stopped by UID =", 1834 last_sigterm_info.si_uid, 1835 "PID =", 1836 last_sigterm_info.si_pid); 1837 #else 1838 log_error_write(srv, __FILE__, __LINE__, "s", 1839 "server stopped"); 1840 #endif 1841 } 1842 1843 /* clean-up */ 1844 log_error_close(srv); 1845 network_close(srv); 1846 connections_free(srv); 1847 plugins_free(srv); 1848 server_free(srv); 1849 1850 return 0; 1851 } 1852