fcgi_util.c

   1 /*
   2  * $Id: fcgi_util.c,v 1.30 2003/10/30 01:08:34 robs Exp $
   3  */
   4
   5 #include "fcgi.h"
   6
   7 #ifdef WIN32
   8 #pragma warning( disable : 4100 )
   9 #elif defined(APACHE2)
  10 #include <netdb.h>
  11 #include <unistd.h>
  12 #include <grp.h>
  13 #include <pwd.h>
  14
  15 #if APR_HAVE_ARPA_INET_H
  16 #include <arpa/inet.h>
  17 #endif
  18
  19 #include "unixd.h"
  20 #endif
  21
  22 uid_t
  23 fcgi_util_get_server_uid(const server_rec * const s)
  24 {
  25 #if defined(WIN32)
  26     return (uid_t) 0;
  27 #elif defined(APACHE2)
  28     /* the main server's uid */
  29     return ap_user_id;
  30 #else
  31     /* the vhost's uid */
  32     return s->server_uid;
  33 #endif
  34 }
  35
  36 uid_t
  37 fcgi_util_get_server_gid(const server_rec * const s)
  38 {
  39 #if defined(WIN32)
  40     return (uid_t) 0;
  41 #elif defined(APACHE2)
  42     /* the main server's gid */
  43     return ap_group_id;
  44 #else
  45     /* the vhost's gid */
  46     return s->server_gid;
  47 #endif
  48 }
  49
  50 /*******************************************************************************
  51  * Compute printable MD5 hash. Pool p is used for scratch as well as for
  52  * allocating the hash - use temp storage, and dup it if you need to keep it.
  53  */
  54 char *
  55 fcgi_util_socket_hash_filename(pool *p, const char *path,
  56         const char *user, const char *group)
  57 {
  58     char *buf = ap_pstrcat(p, path, user, group, NULL);
  59
  60     /* Canonicalize the path (remove "//", ".", "..") */
  61     ap_getparents(buf);
  62
  63     return ap_md5(p, (unsigned char *)buf);
  64 }
  65
  66
  67  /*******************************************************************************
  68   * Concat src1 and src2 using the approprate path seperator for the platform.
  69   */
  70 static char * make_full_path(pool *a, const char *src1, const char *src2)
  71 {
  72 #ifdef WIN32
  73     register int x;
  74     char * p ;
  75     char * q ;
  76
  77     x = strlen(src1);
  78
  79     if (x == 0) {
  80             p = ap_pstrcat(a, "\\", src2, NULL);
  81     }
  82     else if (src1[x - 1] != '\\' && src1[x - 1] != '/') {
  83             p = ap_pstrcat(a, src1, "\\", src2, NULL);
  84     }
  85     else {
  86             p = ap_pstrcat(a, src1, src2, NULL);
  87     }
  88
  89     q = p ;
  90     while (*q)
  91         {
  92         if (*q == '/') {
  93                 *q = '\\' ;
  94         }
  95             ++q;
  96         }
  97
  98     return p ;
  99 #else
 100     return ap_make_full_path(a, src1, src2);
 101 #endif
 102 }
 103
 104 /*******************************************************************************
 105  * Return absolute path to file in either "regular" FCGI socket directory or
 106  * the dynamic directory.  Result is allocated in pool p.
 107  */
 108 const char *
 109 fcgi_util_socket_make_path_absolute(pool * const p,
 110         const char *const file, const int dynamic)
 111 {
 112 #ifdef APACHE2
 113     if (ap_os_is_path_absolute(p, (char *) file))
 114 #else
 115     if (ap_os_is_path_absolute(file))
 116 #endif
 117     {
 118             return file;
 119     }
 120     else
 121     {
 122         const char * parent_dir = dynamic ? fcgi_dynamic_dir : fcgi_socket_dir;
 123         return (const char *) make_full_path(p, parent_dir, file);
 124     }
 125 }
 126
 127 #ifndef WIN32
 128 /*******************************************************************************
 129  * Build a Domain Socket Address structure, and calculate its size.
 130  * The error message is allocated from the pool p.  If you don't want the
 131  * struct sockaddr_un also allocated from p, pass it preallocated (!=NULL).
 132  */
 133 const char *
 134 fcgi_util_socket_make_domain_addr(pool *p, struct sockaddr_un **socket_addr,
 135         int *socket_addr_len, const char *socket_path)
 136 {
 137     int socket_pathLen = strlen(socket_path);
 138
 139     if (socket_pathLen >= sizeof((*socket_addr)->sun_path)) {
 140         return ap_pstrcat(p, "path \"", socket_path,
 141                        "\" is too long for a Domain socket", NULL);
 142     }
 143
 144     if (*socket_addr == NULL)
 145         *socket_addr = ap_pcalloc(p, sizeof(struct sockaddr_un));
 146     else
 147         memset(*socket_addr, 0, sizeof(struct sockaddr_un));
 148
 149     (*socket_addr)->sun_family = AF_UNIX;
 150     strcpy((*socket_addr)->sun_path, socket_path);
 151
 152     *socket_addr_len = SUN_LEN(*socket_addr);
 153     return NULL;
 154 }
 155 #endif
 156
 157 /*******************************************************************************
 158  * Convert a hostname or IP address string to an in_addr struct.
 159  */
 160 static int
 161 convert_string_to_in_addr(const char * const hostname, struct in_addr * const addr)
 162 {
 163     struct hostent *hp;
 164     int count;
 165
 166     addr->s_addr = inet_addr((char *)hostname);
 167
 168 #if !defined(INADDR_NONE) && defined(APACHE2)
 169 #define INADDR_NONE APR_INADDR_NONE
 170 #endif
 171
 172     if (addr->s_addr == INADDR_NONE) {
 173         if ((hp = gethostbyname((char *)hostname)) == NULL)
 174             return -1;
 175
 176         memcpy((char *) addr, hp->h_addr, hp->h_length);
 177         count = 0;
 178         while (hp->h_addr_list[count] != 0)
 179             count++;
 180
 181         return count;
 182     }
 183     return 1;
 184 }
 185
 186
 187 /*******************************************************************************
 188  * Build an Inet Socket Address structure, and calculate its size.
 189  * The error message is allocated from the pool p. If you don't want the
 190  * struct sockaddr_in also allocated from p, pass it preallocated (!=NULL).
 191  */
 192 const char *
 193 fcgi_util_socket_make_inet_addr(pool *p, struct sockaddr_in **socket_addr,
 194         int *socket_addr_len, const char *host, unsigned short port)
 195 {
 196     if (*socket_addr == NULL)
 197         *socket_addr = ap_pcalloc(p, sizeof(struct sockaddr_in));
 198     else
 199         memset(*socket_addr, 0, sizeof(struct sockaddr_in));
 200
 201     (*socket_addr)->sin_family = AF_INET;
 202     (*socket_addr)->sin_port = htons(port);
 203
 204     /* Get an in_addr represention of the host */
 205     if (host != NULL) {
 206         if (convert_string_to_in_addr(host, &(*socket_addr)->sin_addr) != 1) {
 207             return ap_pstrcat(p, "failed to resolve \"", host,
 208                            "\" to exactly one IP address", NULL);
 209         }
 210     } else {
 211       (*socket_addr)->sin_addr.s_addr = htonl(INADDR_ANY);
 212     }
 213
 214     *socket_addr_len = sizeof(struct sockaddr_in);
 215     return NULL;
 216 }
 217
 218 /*******************************************************************************
 219  * Determine if a process with uid/gid can access a file with mode permissions.
 220  */
 221 const char *
 222 fcgi_util_check_access(pool *tp,
 223         const char * const path, const struct stat *statBuf,
 224         const int mode, const uid_t uid, const gid_t gid)
 225 {
 226     struct stat myStatBuf;
 227
 228     if (statBuf == NULL) {
 229         if (stat(path, &myStatBuf) < 0)
 230             return ap_psprintf(tp, "stat(%s) failed: %s", path, strerror(errno));
 231         statBuf = &myStatBuf;
 232     }
 233
 234 #ifndef WIN32
 235     /* If the uid owns the file, check the owner bits */
 236     if (uid == statBuf->st_uid) {
 237         if (mode & R_OK && !(statBuf->st_mode & S_IRUSR))
 238             return "read not allowed by owner";
 239         if (mode & W_OK && !(statBuf->st_mode & S_IWUSR))
 240             return "write not allowed by owner";
 241         if (mode & X_OK && !(statBuf->st_mode & S_IXUSR))
 242             return "execute not allowed by owner";
 243         return NULL;
 244     }
 245 #else
 246     if (mode & _S_IREAD && !(statBuf->st_mode & _S_IREAD))
 247         return "read not allowed";
 248     if (mode & _S_IWRITE && !(statBuf->st_mode & _S_IWRITE))
 249         return "write not allowed";
 250
 251     /* I don't think this works on FAT, but since I don't know how to check..
 252      * if (mode & _S_IEXEC && !(statBuf->st_mode & _S_IEXEC))
 253      *     return "execute not allowed"; */
 254 #endif
 255
 256 #if  !defined(__EMX__) && !defined(WIN32)
 257     /* If the gid is same as the file's group, check the group bits */
 258     if (gid == statBuf->st_gid) {
 259         if (mode & R_OK && !(statBuf->st_mode & S_IRGRP))
 260             return "read not allowed by group";
 261         if (mode & W_OK && !(statBuf->st_mode & S_IWGRP))
 262             return "write not allowed by group";
 263         if (mode & X_OK && !(statBuf->st_mode & S_IXGRP))
 264             return "execute not allowed by group";
 265         return NULL;
 266     }
 267
 268     /* Get the user membership for the file's group.  If the
 269      * uid is a member, check the group bits. */
 270     {
 271         const struct group * const gr = getgrgid(statBuf->st_gid);
 272         const struct passwd * const pw = getpwuid(uid);
 273
 274         if (gr != NULL && pw != NULL) {
 275             char **user = gr->gr_mem;
 276             for ( ; *user != NULL; user++) {
 277                 if (strcmp(*user, pw->pw_name) == 0) {
 278                     if (mode & R_OK && !(statBuf->st_mode & S_IRGRP))
 279                         return "read not allowed by group";
 280                     if (mode & W_OK && !(statBuf->st_mode & S_IWGRP))
 281                         return "write not allowed by group";
 282                     if (mode & X_OK && !(statBuf->st_mode & S_IXGRP))
 283                         return "execute not allowed by group";
 284                     return NULL;
 285                 }
 286             }
 287         }
 288     }
 289
 290     /* That just leaves the other bits.. */
 291     if (mode & R_OK && !(statBuf->st_mode & S_IROTH))
 292         return "read not allowed";
 293     if (mode & W_OK && !(statBuf->st_mode & S_IWOTH))
 294         return "write not allowed";
 295     if (mode & X_OK && !(statBuf->st_mode & S_IXOTH))
 296         return "execute not allowed";
 297 #endif
 298
 299     return NULL;
 300 }
 301
 302
 303 /*******************************************************************************
 304  * Find a FastCGI server with a matching fs_path, and if fcgi_wrapper is
 305  * enabled with matching uid and gid.
 306  */
 307 fcgi_server *
 308 fcgi_util_fs_get_by_id(const char *ePath, uid_t uid, gid_t gid)
 309 {
 310     char path[FCGI_MAXPATH];
 311     fcgi_server *s;
 312
 313     /* @@@ This should now be done in the loop below */
 314     ap_cpystrn(path, ePath, FCGI_MAXPATH);
 315     ap_no2slash(path);
 316
 317     for (s = fcgi_servers; s != NULL; s = s->next) {
 318         int i;
 319         const char *fs_path = s->fs_path;
 320         for (i = 0; fs_path[i] && path[i]; ++i) {
 321             if (fs_path[i] != path[i]) {
 322                 break;
 323             }
 324         }
 325         if (fs_path[i]) {
 326             continue;
 327         }
 328         if (path[i] == '\0' || path[i] == '/') {
 329         if (fcgi_wrapper == NULL || (uid == s->uid && gid == s->gid))
 330             return s;
 331         }
 332     }
 333     return NULL;
 334 }
 335
 336 /*******************************************************************************
 337  * Find a FastCGI server with a matching fs_path, and if fcgi_wrapper is
 338  * enabled with matching user and group.
 339  */
 340 fcgi_server *
 341 fcgi_util_fs_get(const char *ePath, const char *user, const char *group)
 342 {
 343     char path[FCGI_MAXPATH];
 344     fcgi_server *s;
 345
 346     ap_cpystrn(path, ePath, FCGI_MAXPATH);
 347     ap_no2slash(path);
 348
 349     for (s = fcgi_servers; s != NULL; s = s->next) {
 350         if (strcmp(s->fs_path, path) == 0) {
 351             if (fcgi_wrapper == NULL)
 352                 return s;
 353
 354             if (strcmp(user, s->user) == 0
 355                 && (user[0] == '~' || strcmp(group, s->group) == 0))
 356             {
 357                 return s;
 358             }
 359         }
 360     }
 361     return NULL;
 362 }
 363
 364 const char *
 365 fcgi_util_fs_is_path_ok(pool * const p, const char * const fs_path, struct stat *finfo)
 366 {
 367     const char *err;
 368
 369     if (finfo == NULL) {
 370         finfo = (struct stat *)ap_palloc(p, sizeof(struct stat));
 371         if (stat(fs_path, finfo) < 0)
 372             return ap_psprintf(p, "stat(%s) failed: %s", fs_path, strerror(errno));
 373     }
 374
 375     /* No Parse Header scripts aren't allowed.
 376      * @@@ Well... we really could quite easily */
 377     if (strncmp(strrchr(fs_path, '/'), "/nph-", 5) == 0)
 378         return ap_psprintf(p, "NPH scripts cannot be run as FastCGI");
 379
 380     if (finfo->st_mode == 0)
 381         return ap_psprintf(p, "script not found or unable to stat()");
 382
 383     if (S_ISDIR(finfo->st_mode))
 384         return ap_psprintf(p, "script is a directory!");
 385
 386     /* Let the wrapper determine what it can and can't execute */
 387     if (! fcgi_wrapper)
 388     {
 389 #ifdef WIN32
 390         err = fcgi_util_check_access(p, fs_path, finfo, _S_IEXEC, fcgi_user_id, fcgi_group_id);
 391 #else
 392         err = fcgi_util_check_access(p, fs_path, finfo, X_OK, fcgi_user_id, fcgi_group_id);
 393 #endif
 394         if (err) {
 395             return ap_psprintf(p,
 396                 "access for server (uid %ld, gid %ld) not allowed: %s",
 397                 (long)fcgi_user_id, (long)fcgi_group_id, err);
 398         }
 399     }
 400
 401     return NULL;
 402 }
 403
 404
 405 \f
 406 /*******************************************************************************
 407  * Allocate a new FastCGI server record from pool p with default values.
 408  */
 409 fcgi_server *
 410 fcgi_util_fs_new(pool *p)
 411 {
 412     fcgi_server *s = (fcgi_server *) ap_pcalloc(p, sizeof(fcgi_server));
 413
 414     /* Initialize anything who's init state is not zeroizzzzed */
 415     s->listenQueueDepth = FCGI_DEFAULT_LISTEN_Q;
 416     s->appConnectTimeout = FCGI_DEFAULT_APP_CONN_TIMEOUT;
 417     s->idle_timeout = FCGI_DEFAULT_IDLE_TIMEOUT;
 418     s->initStartDelay = DEFAULT_INIT_START_DELAY;
 419     s->restartDelay = FCGI_DEFAULT_RESTART_DELAY;
 420     s->restartOnExit = FALSE;
 421     s->directive = APP_CLASS_UNKNOWN;
 422     s->processPriority = FCGI_DEFAULT_PRIORITY;
 423     s->envp = &fcgi_empty_env;
 424
 425 #ifdef WIN32
 426     s->listenFd = (int) INVALID_HANDLE_VALUE;
 427 #else
 428     s->listenFd = -2;
 429 #endif
 430
 431     return s;
 432 }
 433
 434 /*******************************************************************************
 435  * Add the server to the linked list of FastCGI servers.
 436  */
 437 void
 438 fcgi_util_fs_add(fcgi_server *s)
 439 {
 440     s->next = fcgi_servers;
 441     fcgi_servers = s;
 442 }
 443
 444 /*******************************************************************************
 445  * Configure uid, gid, user, group, username for wrapper.
 446  */
 447 const char *
 448 fcgi_util_fs_set_uid_n_gid(pool *p, fcgi_server *s, uid_t uid, gid_t gid)
 449 {
 450 #ifndef WIN32
 451
 452     struct passwd *pw;
 453     struct group  *gr;
 454
 455     if (fcgi_wrapper == NULL)
 456         return NULL;
 457
 458     if (uid == 0 || gid == 0) {
 459         return "invalid uid or gid, see the -user and -group options";
 460     }
 461
 462     s->uid = uid;
 463     pw = getpwuid(uid);
 464     if (pw == NULL) {
 465         return ap_psprintf(p,
 466             "getpwuid() couldn't determine the username for uid '%ld', "
 467             "you probably need to modify the User directive: %s",
 468             (long)uid, strerror(errno));
 469     }
 470     s->user = ap_pstrdup(p, pw->pw_name);
 471     s->username = s->user;
 472
 473     s->gid = gid;
 474     gr = getgrgid(gid);
 475     if (gr == NULL) {
 476         return ap_psprintf(p,
 477             "getgrgid() couldn't determine the group name for gid '%ld', "
 478             "you probably need to modify the Group directive: %s",
 479             (long)gid, strerror(errno));
 480     }
 481     s->group = ap_pstrdup(p, gr->gr_name);
 482
 483 #endif /* !WIN32 */
 484
 485     return NULL;
 486 }
 487
 488 /*******************************************************************************
 489  * Allocate an array of ServerProcess records.
 490  */
 491 ServerProcess *
 492 fcgi_util_fs_create_procs(pool *p, int num)
 493 {
 494     int i;
 495     ServerProcess *proc = (ServerProcess *)ap_pcalloc(p, sizeof(ServerProcess) * num);
 496
 497     for (i = 0; i < num; i++) {
 498 #ifdef WIN32
 499         proc[i].handle = INVALID_HANDLE_VALUE;
 500         proc[i].terminationEvent = INVALID_HANDLE_VALUE;
 501 #endif
 502         proc[i].pid = 0;
 503         proc[i].state = FCGI_READY_STATE;
 504     }
 505     return proc;
 506 }
 507
 508 int fcgi_util_ticks(struct timeval * tv)
 509 {
 510 #ifdef WIN32
 511     /* millisecs is sufficent granularity */
 512     DWORD millis = GetTickCount();
 513
 514     tv->tv_sec = millis / 1000;
 515     tv->tv_usec = (millis % 1000) * 1000;
 516
 517     return 0;
 518 #else
 519     return gettimeofday(tv, NULL);
 520 #endif
 521 }
 522
 523