search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
[*nix Security] - When FastCgiWrapper (FastCgiSuexec) was in use
[mod_fastcgi.git] / fcgi_config.c
blob210e9c5da60e3c437b70c3ee0b20a7f4319a89ca
1 /*
2 * $Id: fcgi_config.c,v 1.46 2002/12/23 03:13:15 robs Exp $
3 */
4
5 #define CORE_PRIVATE
6 #include "fcgi.h"
7
8 #ifdef APACHE2
9
10 #include <limits.h>
11 #include "mpm_common.h" /* ap_uname2id, ap_gname2id */
12
13 #ifdef WIN32
14 #include <direct.h>
15 #else
16 #include <unistd.h>
17 #include "unixd.h"
18 #endif
19
20 #endif
21
22 #ifdef WIN32
23 /* warning C4100: unreferenced formal parameter */
24 /* warning C4706: assignment within conditional expression */
25 #pragma warning( disable : 4100 4706 )
26 #endif
27
28 /*******************************************************************************
29 * Get the next configuration directive argument, & return an in_addr and port.
30 * The arg must be in the form "host:port" where host can be an IP or hostname.
31 * The pool arg should be persistant storage.
32 */
33 static const char *get_host_n_port(pool *p, const char **arg,
34 const char **host, u_short *port)
35 {
36 char *cvptr, *portStr;
37 long tmp;
38
39 *host = ap_getword_conf(p, arg);
40 if (**host == '\0')
41 return "\"\"";
42
43 portStr = strchr(*host, ':');
44 if (portStr == NULL)
45 return "missing port specification";
46
47 /* Split the host and port portions */
48 *portStr++ = '\0';
49
50 /* Convert port number */
51 tmp = (u_short) strtol(portStr, &cvptr, 10);
52 if (*cvptr != '\0' || tmp < 1 || tmp > USHRT_MAX)
53 return ap_pstrcat(p, "bad port number \"", portStr, "\"", NULL);
54
55 *port = (unsigned short) tmp;
56
57 return NULL;
58 }
59 \f
60 /*******************************************************************************
61 * Get the next configuration directive argument, & return an u_short.
62 * The pool arg should be temporary storage.
63 */
64 static const char *get_u_short(pool *p, const char **arg,
65 u_short *num, u_short min)
66 {
67 char *ptr;
68 long tmp;
69 const char *txt = ap_getword_conf(p, arg);
70
71 if (*txt == '\0') {
72 return "\"\"";
73 }
74
75 tmp = strtol(txt, &ptr, 10);
76
77 if (*ptr != '\0') {
78 return ap_pstrcat(p, "\"", txt, "\" must be a positive integer", NULL);
79 }
80
81 if (tmp < min || tmp > USHRT_MAX) {
82 return ap_psprintf(p, "\"%u\" must be >= %u and < %u", *num, min, USHRT_MAX);
83 }
84
85 *num = (u_short) tmp;
86
87 return NULL;
88 }
89
90 static const char *get_int(pool *p, const char **arg, int *num, int min)
91 {
92 char *cp;
93 const char *val = ap_getword_conf(p, arg);
94
95 if (*val == '\0')
96 {
97 return "\"\"";
98 }
99
100 *num = (int) strtol(val, &cp, 10);
101
102 if (*cp != '\0')
103 {
104 return ap_pstrcat(p, "can't parse ", "\"", val, "\"", NULL);
105 }
106 else if (*num < min)
107 {
108 return ap_psprintf(p, "\"%d\" must be >= %d", *num, min);
109 }
110
111 return NULL;
112 }
113
114 /*******************************************************************************
115 * Get the next configuration directive argument, & return an u_int.
116 * The pool arg should be temporary storage.
117 */
118 static const char *get_u_int(pool *p, const char **arg,
119 u_int *num, u_int min)
120 {
121 char *ptr;
122 const char *val = ap_getword_conf(p, arg);
123
124 if (*val == '\0')
125 return "\"\"";
126 *num = (u_int)strtol(val, &ptr, 10);
127
128 if (*ptr != '\0')
129 return ap_pstrcat(p, "\"", val, "\" must be a positive integer", NULL);
130 else if (*num < min)
131 return ap_psprintf(p, "\"%u\" must be >= %u", *num, min);
132 return NULL;
133 }
134
135 /*******************************************************************************
136 * Get the next configuration directive argument, & return a float.
137 * The pool arg should be temporary storage.
138 */
139 static const char *get_float(pool *p, const char **arg,
140 float *num, float min, float max)
141 {
142 char *ptr;
143 const char *val = ap_getword_conf(p, arg);
144
145 if (*val == '\0')
146 return "\"\"";
147 *num = (float) strtod(val, &ptr);
148
149 if (*ptr != '\0')
150 return ap_pstrcat(p, "\"", val, "\" is not a floating point number", NULL);
151 if (*num < min || *num > max)
152 return ap_psprintf(p, "\"%f\" is not between %f and %f", *num, min, max);
153 return NULL;
154 }
155
156 const char *fcgi_config_set_env_var(pool *p, char **envp, unsigned int *envc, char * var)
157 {
158 if (*envc >= MAX_INIT_ENV_VARS) {
159 return "too many variables, must be <= MAX_INIT_ENV_VARS";
160 }
161
162 if (strchr(var, '=') == NULL) {
163 *(envp + *envc) = ap_pstrcat(p, var, "=", getenv(var), NULL);
164 }
165 else {
166 *(envp + *envc) = var;
167 }
168
169 (*envc)++;
170
171 return NULL;
172 }
173
174 /*******************************************************************************
175 * Get the next configuration directive argument, & add it to an env array.
176 * The pool arg should be permanent storage.
177 */
178 static const char *get_env_var(pool *p, const char **arg, char **envp, unsigned int *envc)
179 {
180 char * const val = ap_getword_conf(p, arg);
181
182 if (*val == '\0') {
183 return "\"\"";
184 }
185
186 return fcgi_config_set_env_var(p, envp, envc, val);
187 }
188
189 static const char *get_pass_header(pool *p, const char **arg, array_header **array)
190 {
191 const char **header;
192
193 if (!*array) {
194 *array = ap_make_array(p, 10, sizeof(char*));
195 }
196
197 header = (const char **)ap_push_array(*array);
198 *header = ap_getword_conf(p, arg);
199
200 return header ? NULL : "\"\"";
201 }
202
203 /*******************************************************************************
204 * Return a "standard" message for common configuration errors.
205 */
206 static const char *invalid_value(pool *p, const char *cmd, const char *id,
207 const char *opt, const char *err)
208 {
209 return ap_psprintf(p, "%s%s%s: invalid value for %s: %s",
210 cmd, id ? " " : "", id ? id : "", opt, err);
211 }
212
213 /*******************************************************************************
214 * Set/Reset the uid/gid that Apache and the PM will run as. This is ap_user_id
215 * and ap_group_id if we're started as root, and euid/egid otherwise. Also try
216 * to check that the config files don't set the User/Group after a FastCGI
217 * directive is used that depends on it.
218 */
219 /*@@@ To be complete, we should save a handle to the server each AppClass is
220 * configured in and at init() check that the user/group is still what we
221 * thought it was. Also the other directives should only be allowed in the
222 * parent Apache server.
223 */
224 const char *fcgi_config_set_fcgi_uid_n_gid(int set)
225 {
226 static int isSet = 0;
227
228 #ifndef WIN32
229
230 uid_t uid = geteuid();
231 gid_t gid = getegid();
232
233 if (set == 0) {
234 isSet = 0;
235 fcgi_user_id = (uid_t)-1;
236 fcgi_group_id = (gid_t)-1;
237 return NULL;
238 }
239
240 if (uid == 0) {
241 uid = ap_user_id;
242 }
243
244 if (gid == 0) {
245 gid = ap_group_id;
246 }
247
248 if (isSet && (uid != fcgi_user_id || gid != fcgi_group_id)) {
249 return "User/Group commands must preceed FastCGI server definitions";
250 }
251
252 isSet = 1;
253 fcgi_user_id = uid;
254 fcgi_group_id = gid;
255
256 #endif /* !WIN32 */
257
258 return NULL;
259 }
260
261 apcb_t fcgi_config_reset_globals(void* dummy)
262 {
263 fcgi_config_pool = NULL;
264 fcgi_servers = NULL;
265 fcgi_config_set_fcgi_uid_n_gid(0);
266 fcgi_wrapper = NULL;
267 fcgi_socket_dir = NULL;
268
269 fcgi_dynamic_total_proc_count = 0;
270 fcgi_dynamic_epoch = 0;
271 fcgi_dynamic_last_analyzed = 0;
272
273 dynamicMaxProcs = FCGI_DEFAULT_MAX_PROCS;
274 dynamicMinProcs = FCGI_DEFAULT_MIN_PROCS;
275 dynamicMaxClassProcs = FCGI_DEFAULT_MAX_CLASS_PROCS;
276 dynamicKillInterval = FCGI_DEFAULT_KILL_INTERVAL;
277 dynamicUpdateInterval = FCGI_DEFAULT_UPDATE_INTERVAL;
278 dynamicGain = FCGI_DEFAULT_GAIN;
279 dynamicThreshold1 = FCGI_DEFAULT_THRESHOLD_1;
280 dynamicThresholdN = FCGI_DEFAULT_THRESHOLD_N;
281 dynamicPleaseStartDelay = FCGI_DEFAULT_START_PROCESS_DELAY;
282 dynamicAppConnectTimeout = FCGI_DEFAULT_APP_CONN_TIMEOUT;
283 dynamicEnvp = &fcgi_empty_env;
284 dynamicProcessSlack = FCGI_DEFAULT_PROCESS_SLACK;
285 dynamicAutoRestart = FCGI_DEFAULT_RESTART_DYNAMIC;
286 dynamicAutoUpdate = FCGI_DEFAULT_AUTOUPDATE;
287 dynamicListenQueueDepth = FCGI_DEFAULT_LISTEN_Q;
288 dynamicInitStartDelay = DEFAULT_INIT_START_DELAY;
289 dynamicRestartDelay = FCGI_DEFAULT_RESTART_DELAY;
290 dynamic_pass_headers = NULL;
291 dynamic_idle_timeout = FCGI_DEFAULT_IDLE_TIMEOUT;
292 dynamicFlush = FCGI_FLUSH;
293
294 #ifndef WIN32
295 /* Close any old pipe (HUP/USR1) */
296 if (fcgi_pm_pipe[0] != -1) {
297 close(fcgi_pm_pipe[0]);
298 fcgi_pm_pipe[0] = -1;
299 }
300 if (fcgi_pm_pipe[1] != -1) {
301 close(fcgi_pm_pipe[1]);
302 fcgi_pm_pipe[1] = -1;
303 }
304 #endif
305
306 return APCB_OK;
307 }
308
309 /*******************************************************************************
310 * Create a directory to hold Unix/Domain sockets.
311 */
312 const char *fcgi_config_make_dir(pool *tp, char *path)
313 {
314 struct stat finfo;
315 const char *err = NULL;
316
317 /* Is the directory spec'd correctly */
318 if (*path != '/') {
319 return "path is not absolute (it must start with a \"/\")";
320 }
321 else {
322 int i = strlen(path) - 1;
323
324 /* Strip trailing "/"s */
325 while(i > 0 && path[i] == '/') path[i--] = '\0';
326 }
327
328 /* Does it exist? */
329 if (stat(path, &finfo) != 0) {
330 /* No, but maybe we can create it */
331 #ifdef WIN32
332 if (mkdir(path) != 0)
333 #else
334 if (mkdir(path, S_IRWXU) != 0)
335 #endif
336 {
337 return ap_psprintf(tp,
338 "doesn't exist and can't be created: %s",
339 strerror(errno));
340 }
341
342 #ifndef WIN32
343 /* If we're root, we're gonna setuid/setgid so we need to chown */
344 if (geteuid() == 0 && chown(path, ap_user_id, ap_group_id) != 0) {
345 return ap_psprintf(tp,
346 "can't chown() to the server (uid %ld, gid %ld): %s",
347 (long)ap_user_id, (long)ap_group_id, strerror(errno));
348 }
349 #endif
350 }
351 else {
352 /* Yes, is it a directory? */
353 if (!S_ISDIR(finfo.st_mode))
354 return "isn't a directory!";
355
356 /* Can we RWX in there? */
357 #ifdef WIN32
358 err = fcgi_util_check_access(tp, NULL, &finfo, _S_IREAD | _S_IWRITE | _S_IEXEC, fcgi_user_id, fcgi_group_id);
359 #else
360 err = fcgi_util_check_access(tp, NULL, &finfo, R_OK | W_OK | X_OK,
361 fcgi_user_id, fcgi_group_id);
362 #endif
363 if (err != NULL) {
364 return ap_psprintf(tp,
365 "access for server (uid %ld, gid %ld) failed: %s",
366 (long)fcgi_user_id, (long)fcgi_group_id, err);
367 }
368 }
369 return NULL;
370 }
371
372 /*******************************************************************************
373 * Create a "dynamic" subdirectory. If the directory
374 * already exists we don't mess with it unless 'wax' is set.
375 */
376 #ifndef WIN32
377 const char *fcgi_config_make_dynamic_dir(pool *p, const int wax)
378 {
379 const char *err;
380 pool *tp;
381
382 fcgi_dynamic_dir = ap_pstrcat(p, fcgi_socket_dir, "/dynamic", NULL);
383
384 if ((err = fcgi_config_make_dir(p, fcgi_dynamic_dir)))
385 return ap_psprintf(p, "can't create dynamic directory \"%s\": %s", fcgi_dynamic_dir, err);
386
387 /* Don't step on a running server unless its OK. */
388 if (!wax)
389 return NULL;
390
391 #ifdef APACHE2
392 {
393 apr_dir_t * dir;
394 apr_finfo_t finfo;
395
396 if (apr_pool_create(&tp, p))
397 return "apr_pool_create() failed";
398
399 if (apr_dir_open(&dir, fcgi_dynamic_dir, tp))
400 return "apr_dir_open() failed";
401
402 /* delete the contents */
403
404 while (apr_dir_read(&finfo, APR_FINFO_NAME, dir) == APR_SUCCESS)
405 {
406 if (strcmp(finfo.name, ".") == 0 || strcmp(finfo.name, "..") == 0)
407 continue;
408
409 apr_file_remove(finfo.name, tp);
410 }
411 }
412
413 #else /* !APACHE2 */
414 {
415 DIR *dp;
416 struct dirent *dirp = NULL;
417
418 tp = ap_make_sub_pool(p);
419
420 dp = ap_popendir(tp, fcgi_dynamic_dir);
421 if (dp == NULL) {
422 ap_destroy_pool(tp);
423 return ap_psprintf(p, "can't open dynamic directory \"%s\": %s",
424 fcgi_dynamic_dir, strerror(errno));
425 }
426
427 /* delete the contents */
428
429 while ((dirp = readdir(dp)) != NULL)
430 {
431 if (strcmp(dirp->d_name, ".") == 0 || strcmp(dirp->d_name, "..") == 0)
432 continue;
433
434 unlink(ap_pstrcat(tp, fcgi_dynamic_dir, "/", dirp->d_name, NULL));
435 }
436 }
437
438 #endif /* !APACHE2 */
439
440 ap_destroy_pool(tp);
441
442 return NULL;
443 }
444 #endif
445
446 /*******************************************************************************
447 * Change the directory used for the Unix/Domain sockets from the default.
448 * Create the directory and the "dynamic" subdirectory.
449 */
450 const char *fcgi_config_set_socket_dir(cmd_parms *cmd, void *dummy, const char *arg)
451 {
452 pool * const tp = cmd->temp_pool;
453 const char * const name = cmd->cmd->name;
454 const char *err;
455 char * arg_nc;
456
457 if (fcgi_socket_dir) {
458 return ap_psprintf(tp, "%s %s: already defined as \"%s\"",
459 name, arg, fcgi_socket_dir);
460 }
461
462 err = fcgi_config_set_fcgi_uid_n_gid(1);
463 if (err != NULL)
464 return ap_psprintf(tp, "%s %s: %s", name, arg, err);
465
466 if (fcgi_servers != NULL) {
467 return ap_psprintf(tp,
468 "The %s command must preceed static FastCGI server definitions",
469 name);
470 }
471
472 arg_nc = ap_pstrdup(cmd->pool, arg);
473
474 #ifndef WIN32
475
476 #ifdef APACHE2
477 if (apr_filepath_merge(&arg_nc, "", arg, 0, cmd->pool))
478 return ap_psprintf(tp, "%s %s: invalid filepath", name, arg);
479 #else
480 arg_nc = ap_os_canonical_filename(cmd->pool, arg_nc);
481 #endif
482
483 arg_nc = ap_server_root_relative(cmd->pool, arg_nc);
484
485 #else /* WIN32 */
486
487 if (strncmp(arg_nc, "\\\\.\\pipe\\", 9) != 0)
488 return ap_psprintf(tp, "%s %s is invalid format",name, arg_nc);
489
490 #endif
491
492 fcgi_socket_dir = arg_nc;
493
494 #ifdef WIN32
495 fcgi_dynamic_dir = ap_pstrcat(cmd->pool, fcgi_socket_dir, "dynamic", NULL);
496 #else
497 err = fcgi_config_make_dir(tp, fcgi_socket_dir);
498 if (err != NULL)
499 return ap_psprintf(tp, "%s %s: %s", name, arg_nc, err);
500
501 err = fcgi_config_make_dynamic_dir(cmd->pool, 0);
502 if (err != NULL)
503 return ap_psprintf(tp, "%s %s: %s", name, arg_nc, err);
504 #endif
505
506 return NULL;
507 }
508 \f
509 /*******************************************************************************
510 * Enable, disable, or specify the path to a wrapper used to invoke all
511 * FastCGI applications.
512 */
513 const char *fcgi_config_set_wrapper(cmd_parms *cmd, void *dummy, const char *arg)
514 {
515 #ifdef WIN32
516 return ap_psprintf(cmd->temp_pool,
517 "the %s directive is not supported on WIN", cmd->cmd->name);
518 #else
519
520 const char *err = NULL;
521 const char * const name = cmd->cmd->name;
522 pool * const tp = cmd->temp_pool;
523 char * wrapper = NULL;
524
525 err = fcgi_config_set_fcgi_uid_n_gid(1);
526 if (err != NULL)
527 return ap_psprintf(tp, "%s %s: %s", name, arg, err);
528
529 if (fcgi_servers != NULL) {
530 return ap_psprintf(tp,
531 "The %s command must preceed static FastCGI server definitions", name);
532 }
533
534 if (strcasecmp(arg, "Off") == 0) {
535 fcgi_wrapper = NULL;
536 return NULL;
537 }
538
539 if (strcasecmp(arg, "On") == 0)
540 {
541 wrapper = SUEXEC_BIN;
542 }
543 else
544 {
545 #ifdef APACHE2
546 if (apr_filepath_merge(&wrapper, "", arg, 0, cmd->pool))
547 return ap_psprintf(tp, "%s %s: invalid filepath", name, arg);
548 #else
549 wrapper = ap_os_canonical_filename(cmd->pool, (char *) arg);
550 #endif
551
552 wrapper = ap_server_root_relative(cmd->pool, wrapper);
553 }
554
555 err = fcgi_util_check_access(tp, wrapper, NULL, X_OK, fcgi_user_id, fcgi_group_id);
556 if (err)
557 {
558 return ap_psprintf(tp, "%s: \"%s\" execute access for server "
559 "(uid %ld, gid %ld) failed: %s", name, wrapper,
560 (long) fcgi_user_id, (long) fcgi_group_id, err);
561 }
562
563 fcgi_wrapper = wrapper;
564
565 return NULL;
566 #endif /* !WIN32 */
567 }
568
569 /*******************************************************************************
570 * Configure a static FastCGI server.
571 */
572 const char *fcgi_config_new_static_server(cmd_parms *cmd, void *dummy, const char *arg)
573 {
574 fcgi_server *s;
575 pool *p = cmd->pool, *tp = cmd->temp_pool;
576 const char *name = cmd->cmd->name;
577 char *fs_path = ap_getword_conf(p, &arg);
578 const char *option, *err;
579
580 /* Allocate temp storage for the array of initial environment variables */
581 char **envp = ap_pcalloc(tp, sizeof(char *) * (MAX_INIT_ENV_VARS + 3));
582 unsigned int envc = 0;
583
584 #ifdef WIN32
585 HANDLE mutex;
586 #endif
587
588 if (*fs_path == '\0')
589 return "AppClass requires a pathname!?";
590
591 if ((err = fcgi_config_set_fcgi_uid_n_gid(1)) != NULL)
592 return ap_psprintf(tp, "%s %s: %s", name, fs_path, err);
593
594 #ifdef APACHE2
595 if (apr_filepath_merge(&fs_path, "", fs_path, 0, p))
596 return ap_psprintf(tp, "%s %s: invalid filepath", name, fs_path);
597 #else
598 fs_path = ap_os_canonical_filename(p, fs_path);
599 #endif
600 fs_path = ap_server_root_relative(p, fs_path);
601
602 ap_getparents(fs_path);
603 ap_no2slash(fs_path);
604
605 /* See if we've already got one of these configured */
606 s = fcgi_util_fs_get_by_id(fs_path, fcgi_util_get_server_uid(cmd->server),
607 fcgi_util_get_server_gid(cmd->server));
608 if (s != NULL) {
609 if (fcgi_wrapper) {
610 return ap_psprintf(tp,
611 "%s: redefinition of a previously defined FastCGI "
612 "server \"%s\" with uid=%ld and gid=%ld",
613 name, fs_path, (long) fcgi_util_get_server_uid(cmd->server),
614 (long) fcgi_util_get_server_gid(cmd->server));
615 }
616 else {
617 return ap_psprintf(tp,
618 "%s: redefinition of a previously defined FastCGI server \"%s\"",
619 name, fs_path);
620 }
621 }
622
623 err = fcgi_util_fs_is_path_ok(tp, fs_path, NULL);
624 if (err != NULL) {
625 return ap_psprintf(tp, "%s: \"%s\" %s", name, fs_path, err);
626 }
627
628 s = fcgi_util_fs_new(p);
629 s->fs_path = fs_path;
630 s->directive = APP_CLASS_STANDARD;
631 s->restartOnExit = TRUE;
632 s->numProcesses = 1;
633
634 #ifdef WIN32
635
636 // TCP FastCGI applications require SystemRoot be present in the environment
637 // Put it in both for consistency to the application
638 fcgi_config_set_env_var(tp, envp, &envc, "SystemRoot");
639
640 mutex = CreateMutex(NULL, FALSE, fs_path);
641
642 if (mutex == NULL)
643 {
644 ap_log_error(FCGI_LOG_ALERT, fcgi_apache_main_server,
645 "FastCGI: CreateMutex() failed");
646 return "failed to create FastCGI application accept mutex";
647 }
648
649 SetHandleInformation(mutex, HANDLE_FLAG_INHERIT, TRUE);
650
651 s->mutex_env_string = ap_psprintf(p, "_FCGI_MUTEX_=%ld", mutex);
652
653 #endif
654
655 /* Parse directive arguments */
656 while (*arg) {
657 option = ap_getword_conf(tp, &arg);
658
659 if (strcasecmp(option, "-processes") == 0) {
660 if ((err = get_u_int(tp, &arg, &s->numProcesses, 1)))
661 return invalid_value(tp, name, fs_path, option, err);
662 }
663 else if (strcasecmp(option, "-restart-delay") == 0) {
664 if ((err = get_u_int(tp, &arg, &s->restartDelay, 0)))
665 return invalid_value(tp, name, fs_path, option, err);
666 }
667 else if (strcasecmp(option, "-init-start-delay") == 0) {
668 if ((err = get_int(tp, &arg, &s->initStartDelay, 0)))
669 return invalid_value(tp, name, fs_path, option, err);
670 }
671 else if (strcasecmp(option, "-priority") == 0) {
672 if ((err = get_u_int(tp, &arg, &s->processPriority, 0)))
673 return invalid_value(tp, name, fs_path, option, err);
674 }
675 else if (strcasecmp(option, "-listen-queue-depth") == 0) {
676 if ((err = get_u_int(tp, &arg, &s->listenQueueDepth, 1)))
677 return invalid_value(tp, name, fs_path, option, err);
678 }
679 else if (strcasecmp(option, "-appConnTimeout") == 0) {
680 if ((err = get_u_int(tp, &arg, &s->appConnectTimeout, 0)))
681 return invalid_value(tp, name, fs_path, option, err);
682 }
683 else if (strcasecmp(option, "-idle-timeout") == 0) {
684 if ((err = get_u_int(tp, &arg, &s->idle_timeout, 1)))
685 return invalid_value(tp, name, fs_path, option, err);
686 }
687 else if (strcasecmp(option, "-port") == 0) {
688 if ((err = get_u_short(tp, &arg, &s->port, 1)))
689 return invalid_value(tp, name, fs_path, option, err);
690 }
691 else if (strcasecmp(option, "-socket") == 0) {
692 s->socket_path = ap_getword_conf(tp, &arg);
693 if (*s->socket_path == '\0')
694 return invalid_value(tp, name, fs_path, option, "\"\"");
695 }
696 else if (strcasecmp(option, "-initial-env") == 0) {
697 if ((err = get_env_var(p, &arg, envp, &envc)))
698 return invalid_value(tp, name, fs_path, option, err);
699 }
700 else if (strcasecmp(option, "-pass-header") == 0) {
701 if ((err = get_pass_header(p, &arg, &s->pass_headers)))
702 return invalid_value(tp, name, fs_path, option, err);
703 }
704 else if (strcasecmp(option, "-flush") == 0) {
705 s->flush = 1;
706 }
707 else if (strcasecmp(option, "-user") == 0) {
708 #ifdef WIN32
709 return ap_psprintf(tp,
710 "%s %s: the -user option isn't supported on WIN", name, fs_path);
711 #else
712 s->user = ap_getword_conf(tp, &arg);
713 if (*s->user == '\0')
714 return invalid_value(tp, name, fs_path, option, "\"\"");
715 #endif
716 }
717 else if (strcasecmp(option, "-group") == 0) {
718 #ifdef WIN32
719 return ap_psprintf(tp,
720 "%s %s: the -group option isn't supported on WIN", name, fs_path);
721 #else
722 s->group = ap_getword_conf(tp, &arg);
723 if (*s->group == '\0')
724 return invalid_value(tp, name, fs_path, option, "\"\"");
725 #endif
726 }
727 else {
728 return ap_psprintf(tp, "%s %s: invalid option: %s", name, fs_path, option);
729 }
730 } /* while */
731
732 #ifndef WIN32
733 if (fcgi_wrapper)
734 {
735 if (s->group == NULL)
736 {
737 s->group = ap_psprintf(tp, "#%ld", fcgi_util_get_server_gid(cmd->server));
738 }
739
740 if (s->user == NULL)
741 {
742 s->user = ap_psprintf(p, "#%ld", fcgi_util_get_server_uid(cmd->server));
743 }
744
745 s->uid = ap_uname2id(s->user);
746 s->gid = ap_gname2id(s->group);
747 }
748 else if (s->user || s->group)
749 {
750 ap_log_error(FCGI_LOG_WARN, cmd->server, "FastCGI: there is no "
751 "fastcgi wrapper set, user/group options are ignored");
752 }
753
754 if ((err = fcgi_util_fs_set_uid_n_gid(p, s, s->uid, s->gid)))
755 {
756 return ap_psprintf(tp,
757 "%s %s: invalid user or group: %s", name, fs_path, err);
758 }
759 #endif /* !WIN32 */
760
761 if (s->socket_path != NULL && s->port != 0) {
762 return ap_psprintf(tp,
763 "%s %s: -port and -socket are mutually exclusive options",
764 name, fs_path);
765 }
766
767 /* Move env array to a surviving pool */
768 s->envp = (char **)ap_pcalloc(p, sizeof(char *) * (envc + 4));
769 memcpy(s->envp, envp, sizeof(char *) * envc);
770
771 /* Initialize process structs */
772 s->procs = fcgi_util_fs_create_procs(p, s->numProcesses);
773
774 /* Build the appropriate sockaddr structure */
775 if (s->port != 0) {
776 err = fcgi_util_socket_make_inet_addr(p, (struct sockaddr_in **)&s->socket_addr,
777 &s->socket_addr_len, NULL, s->port);
778 if (err != NULL)
779 return ap_psprintf(tp, "%s %s: %s", name, fs_path, err);
780 #ifdef WIN32
781 err = fcgi_util_socket_make_inet_addr(p, (struct sockaddr_in **)&s->dest_addr,
782 &s->socket_addr_len, "localhost", s->port);
783 if (err != NULL)
784 return ap_psprintf(tp, "%s %s: %s", name, fs_path, err);
785 #endif
786 } else {
787 if (s->socket_path == NULL)
788 s->socket_path = fcgi_util_socket_hash_filename(tp, fs_path, s->user, s->group);
789
790 if (fcgi_socket_dir == NULL)
791 {
792 #ifdef WIN32
793 fcgi_socket_dir = DEFAULT_SOCK_DIR;
794 #else
795 fcgi_socket_dir = ap_server_root_relative(p, DEFAULT_SOCK_DIR);
796 #endif
797 }
798
799 s->socket_path = fcgi_util_socket_make_path_absolute(p, s->socket_path, 0);
800 #ifndef WIN32
801 err = fcgi_util_socket_make_domain_addr(p, (struct sockaddr_un **)&s->socket_addr,
802 &s->socket_addr_len, s->socket_path);
803 if (err != NULL)
804 return ap_psprintf(tp, "%s %s: %s", name, fs_path, err);
805 #endif
806 }
807
808 /* Add it to the list of FastCGI servers */
809 fcgi_util_fs_add(s);
810
811 return NULL;
812 }
813 \f
814 /*******************************************************************************
815 * Configure a static FastCGI server that is started/managed elsewhere.
816 */
817 const char *fcgi_config_new_external_server(cmd_parms *cmd, void *dummy, const char *arg)
818 {
819 fcgi_server *s;
820 pool * const p = cmd->pool, *tp = cmd->temp_pool;
821 const char * const name = cmd->cmd->name;
822 char *fs_path = ap_getword_conf(p, &arg);
823 const char *option, *err;
824
825 if (!*fs_path) {
826 return ap_pstrcat(tp, name, " requires a path and either a -socket or -host option", NULL);
827 }
828
829 #ifdef APACHE2
830 if (apr_filepath_merge(&fs_path, "", fs_path, 0, p))
831 return ap_psprintf(tp, "%s %s: invalid filepath", name, fs_path);
832 #else
833 fs_path = ap_os_canonical_filename(p, fs_path);
834 #endif
835
836 fs_path = ap_server_root_relative(p, fs_path);
837
838 ap_getparents(fs_path);
839 ap_no2slash(fs_path);
840
841 /* See if we've already got one of these bettys configured */
842 s = fcgi_util_fs_get_by_id(fs_path, fcgi_util_get_server_uid(cmd->server),
843 fcgi_util_get_server_gid(cmd->server));
844 if (s != NULL) {
845 if (fcgi_wrapper) {
846 return ap_psprintf(tp,
847 "%s: redefinition of a previously defined class \"%s\" "
848 "with uid=%ld and gid=%ld",
849 name, fs_path, (long) fcgi_util_get_server_uid(cmd->server),
850 (long) fcgi_util_get_server_gid(cmd->server));
851 }
852 else
853 {
854 return ap_psprintf(tp,
855 "%s: redefinition of previously defined class \"%s\"", name, fs_path);
856 }
857 }
858
859 s = fcgi_util_fs_new(p);
860 s->fs_path = fs_path;
861 s->directive = APP_CLASS_EXTERNAL;
862
863 /* Parse directive arguments */
864 while (*arg != '\0') {
865 option = ap_getword_conf(tp, &arg);
866
867 if (strcasecmp(option, "-host") == 0) {
868 if ((err = get_host_n_port(p, &arg, &s->host, &s->port)))
869 return invalid_value(tp, name, fs_path, option, err);
870 }
871 else if (strcasecmp(option, "-socket") == 0) {
872 s->socket_path = ap_getword_conf(tp, &arg);
873 if (*s->socket_path == '\0')
874 return invalid_value(tp, name, fs_path, option, "\"\"");
875 }
876 else if (strcasecmp(option, "-appConnTimeout") == 0) {
877 if ((err = get_u_int(tp, &arg, &s->appConnectTimeout, 0)))
878 return invalid_value(tp, name, fs_path, option, err);
879 }
880 else if (strcasecmp(option, "-idle-timeout") == 0) {
881 if ((err = get_u_int(tp, &arg, &s->idle_timeout, 1)))
882 return invalid_value(tp, name, fs_path, option, err);
883 }
884 else if (strcasecmp(option, "-pass-header") == 0) {
885 if ((err = get_pass_header(p, &arg, &s->pass_headers)))
886 return invalid_value(tp, name, fs_path, option, err);
887 }
888 else if (strcasecmp(option, "-flush") == 0) {
889 s->flush = 1;
890 }
891 else if (strcasecmp(option, "-user") == 0) {
892 #ifdef WIN32
893 return ap_psprintf(tp,
894 "%s %s: the -user option isn't supported on WIN", name, fs_path);
895 #else
896 s->user = ap_getword_conf(tp, &arg);
897 if (*s->user == '\0')
898 return invalid_value(tp, name, fs_path, option, "\"\"");
899 #endif
900 }
901 else if (strcasecmp(option, "-group") == 0) {
902 #ifdef WIN32
903 return ap_psprintf(tp,
904 "%s %s: the -group option isn't supported on WIN", name, fs_path);
905 #else
906 s->group = ap_getword_conf(tp, &arg);
907 if (*s->group == '\0')
908 return invalid_value(tp, name, fs_path, option, "\"\"");
909 #endif
910 }
911 else {
912 return ap_psprintf(tp, "%s %s: invalid option: %s", name, fs_path, option);
913 }
914 } /* while */
915
916
917 #ifndef WIN32
918 if (fcgi_wrapper)
919 {
920 if (s->group == NULL)
921 {
922 s->group = ap_psprintf(tp, "#%ld", fcgi_util_get_server_gid(cmd->server));
923 }
924
925 if (s->user == NULL)
926 {
927 s->user = ap_psprintf(p, "#%ld", fcgi_util_get_server_uid(cmd->server));
928 }
929
930 s->uid = ap_uname2id(s->user);
931 s->gid = ap_gname2id(s->group);
932 }
933 else if (s->user || s->group)
934 {
935 ap_log_error(FCGI_LOG_WARN, cmd->server, "FastCGI: there is no "
936 "fastcgi wrapper set, user/group options are ignored");
937 }
938
939 if ((err = fcgi_util_fs_set_uid_n_gid(p, s, s->uid, s->gid)))
940 {
941 return ap_psprintf(tp,
942 "%s %s: invalid user or group: %s", name, fs_path, err);
943 }
944 #endif /* !WIN32 */
945
946 /* Require one of -socket or -host, but not both */
947 if (s->socket_path != NULL && s->port != 0) {
948 return ap_psprintf(tp,
949 "%s %s: -host and -socket are mutually exclusive options",
950 name, fs_path);
951 }
952 if (s->socket_path == NULL && s->port == 0) {
953 return ap_psprintf(tp,
954 "%s %s: -socket or -host option missing", name, fs_path);
955 }
956
957 /* Build the appropriate sockaddr structure */
958 if (s->port != 0) {
959 err = fcgi_util_socket_make_inet_addr(p, (struct sockaddr_in **)&s->socket_addr,
960 &s->socket_addr_len, s->host, s->port);
961 if (err != NULL)
962 return ap_psprintf(tp, "%s %s: %s", name, fs_path, err);
963 } else {
964
965 if (fcgi_socket_dir == NULL)
966 {
967 #ifdef WIN32
968 fcgi_socket_dir = DEFAULT_SOCK_DIR;
969 #else
970 fcgi_socket_dir = ap_server_root_relative(p, DEFAULT_SOCK_DIR);
971 #endif
972 }
973
974 s->socket_path = fcgi_util_socket_make_path_absolute(p, s->socket_path, 0);
975 #ifndef WIN32
976 err = fcgi_util_socket_make_domain_addr(p, (struct sockaddr_un **)&s->socket_addr,
977 &s->socket_addr_len, s->socket_path);
978 if (err != NULL)
979 return ap_psprintf(tp, "%s %s: %s", name, fs_path, err);
980 #endif
981 }
982
983 /* Add it to the list of FastCGI servers */
984 fcgi_util_fs_add(s);
985
986 return NULL;
987 }
988 \f
989 /*
990 *----------------------------------------------------------------------
991 *
992 * fcgi_config_set_config --
993 *
994 * Implements the FastCGI FCGIConfig configuration directive.
995 * This command adds routines to control the execution of the
996 * dynamic FastCGI processes.
997 *
998 *
999 *----------------------------------------------------------------------
1000 */
1001 const char *fcgi_config_set_config(cmd_parms *cmd, void *dummy, const char *arg)
1002 {
1003 pool * const p = cmd->pool;
1004 pool * const tp = cmd->temp_pool;
1005 const char *err, *option;
1006 const char * const name = cmd->cmd->name;
1007
1008 /* Allocate temp storage for an initial environment */
1009 unsigned int envc = 0;
1010 char **envp = (char **)ap_pcalloc(tp, sizeof(char *) * (MAX_INIT_ENV_VARS + 3));
1011
1012 /* Parse the directive arguments */
1013 while (*arg) {
1014 option = ap_getword_conf(tp, &arg);
1015
1016 if (strcasecmp(option, "-maxProcesses") == 0) {
1017 if ((err = get_u_int(tp, &arg, &dynamicMaxProcs, 1)))
1018 return invalid_value(tp, name, NULL, option, err);
1019 }
1020 else if (strcasecmp(option, "-minProcesses") == 0) {
1021 if ((err = get_int(tp, &arg, &dynamicMinProcs, 0)))
1022 return invalid_value(tp, name, NULL, option, err);
1023 }
1024 else if (strcasecmp(option, "-maxClassProcesses") == 0) {
1025 if ((err = get_int(tp, &arg, &dynamicMaxClassProcs, 1)))
1026 return invalid_value(tp, name, NULL, option, err);
1027 }
1028 else if (strcasecmp(option, "-killInterval") == 0) {
1029 if ((err = get_u_int(tp, &arg, &dynamicKillInterval, 1)))
1030 return invalid_value(tp, name, NULL, option, err);
1031 }
1032 else if (strcasecmp(option, "-updateInterval") == 0) {
1033 if ((err = get_u_int(tp, &arg, &dynamicUpdateInterval, 1)))
1034 return invalid_value(tp, name, NULL, option, err);
1035 }
1036 else if (strcasecmp(option, "-gainValue") == 0) {
1037 if ((err = get_float(tp, &arg, &dynamicGain, 0.0, 1.0)))
1038 return invalid_value(tp, name, NULL, option, err);
1039 }
1040 else if ((strcasecmp(option, "-singleThreshold") == 0)
1041 || (strcasecmp(option, "-singleThreshhold") == 0))
1042 {
1043 if ((err = get_int(tp, &arg, &dynamicThreshold1, 0)))
1044 return invalid_value(tp, name, NULL, option, err);
1045 }
1046 else if ((strcasecmp(option, "-multiThreshold") == 0)
1047 || (strcasecmp(option, "-multiThreshhold") == 0))
1048 {
1049 if ((err = get_int(tp, &arg, &dynamicThresholdN, 0)))
1050 return invalid_value(tp, name, NULL, option, err);
1051 }
1052 else if (strcasecmp(option, "-startDelay") == 0) {
1053 if ((err = get_u_int(tp, &arg, &dynamicPleaseStartDelay, 1)))
1054 return invalid_value(tp, name, NULL, option, err);
1055 }
1056 else if (strcasecmp(option, "-initial-env") == 0) {
1057 if ((err = get_env_var(p, &arg, envp, &envc)))
1058 return invalid_value(tp, name, NULL, option, err);
1059 }
1060 else if (strcasecmp(option, "-pass-header") == 0) {
1061 if ((err = get_pass_header(p, &arg, &dynamic_pass_headers)))
1062 return invalid_value(tp, name, NULL, option, err);
1063 }
1064 else if (strcasecmp(option, "-appConnTimeout") == 0) {
1065 if ((err = get_u_int(tp, &arg, &dynamicAppConnectTimeout, 0)))
1066 return invalid_value(tp, name, NULL, option, err);
1067 }
1068 else if (strcasecmp(option, "-idle-timeout") == 0) {
1069 if ((err = get_u_int(tp, &arg, &dynamic_idle_timeout, 1)))
1070 return invalid_value(tp, name, NULL, option, err);
1071 }
1072 else if (strcasecmp(option, "-listen-queue-depth") == 0) {
1073 if ((err = get_u_int(tp, &arg, &dynamicListenQueueDepth, 1)))
1074 return invalid_value(tp, name, NULL, option, err);
1075 }
1076 else if (strcasecmp(option, "-restart-delay") == 0) {
1077 if ((err = get_u_int(tp, &arg, &dynamicRestartDelay, 0)))
1078 return invalid_value(tp, name, NULL, option, err);
1079 }
1080 else if (strcasecmp(option, "-init-start-delay") == 0) {
1081 if ((err = get_u_int(tp, &arg, &dynamicInitStartDelay, 0)))
1082 return invalid_value(tp, name, NULL, option, err);
1083 }
1084 else if (strcasecmp(option, "-processSlack") == 0) {
1085 if ((err = get_u_int(tp, &arg, &dynamicProcessSlack, 1)))
1086 return invalid_value(tp, name, NULL, option, err);
1087 }
1088 else if (strcasecmp(option, "-restart") == 0) {
1089 dynamicAutoRestart = 1;
1090 }
1091 else if (strcasecmp(option, "-autoUpdate") == 0) {
1092 dynamicAutoUpdate = 1;
1093 }
1094 else if (strcasecmp(option, "-flush") == 0) {
1095 dynamicFlush = TRUE;
1096 }
1097 else {
1098 return ap_psprintf(tp, "%s: invalid option: %s", name, option);
1099 }
1100 } /* while */
1101
1102 if (dynamicProcessSlack >= dynamicMaxProcs + 1) {
1103 /* the kill policy would work unexpectedly */
1104 return ap_psprintf(tp,
1105 "%s: processSlack (%u) must be less than maxProcesses (%u) + 1",
1106 name, dynamicProcessSlack, dynamicMaxProcs);
1107 }
1108
1109 /* Move env array to a surviving pool, leave 2 extra slots for
1110 * WIN32 _FCGI_MUTEX_ and _FCGI_SHUTDOWN_EVENT_ */
1111 dynamicEnvp = (char **)ap_pcalloc(p, sizeof(char *) * (envc + 4));
1112 memcpy(dynamicEnvp, envp, sizeof(char *) * envc);
1113
1114 return NULL;
1115 }
1116
1117 void *fcgi_config_create_dir_config(pool *p, char *dummy)
1118 {
1119 fcgi_dir_config *dir_config = ap_pcalloc(p, sizeof(fcgi_dir_config));
1120
1121 dir_config->authenticator_options = FCGI_AUTHORITATIVE;
1122 dir_config->authorizer_options = FCGI_AUTHORITATIVE;
1123 dir_config->access_checker_options = FCGI_AUTHORITATIVE;
1124
1125 return dir_config;
1126 }
1127
1128
1129 const char *fcgi_config_new_auth_server(cmd_parms * cmd,
1130 void * dircfg, const char *fs_path, const char * compat)
1131 {
1132 fcgi_dir_config * dir_config = (fcgi_dir_config *) dircfg;
1133 pool * const tp = cmd->temp_pool;
1134 char * auth_server;
1135
1136 #ifdef APACHE2
1137 if (apr_filepath_merge(&auth_server, "", fs_path, 0, cmd->pool))
1138 return ap_psprintf(tp, "%s %s: invalid filepath", cmd->cmd->name, fs_path);
1139 #else
1140 auth_server = (char *) ap_os_canonical_filename(cmd->pool, fs_path);
1141 #endif
1142
1143 auth_server = ap_server_root_relative(cmd->pool, auth_server);
1144
1145 /* Make sure its already configured or at least a candidate for dynamic */
1146 if (fcgi_util_fs_get_by_id(auth_server, fcgi_util_get_server_uid(cmd->server),
1147 fcgi_util_get_server_gid(cmd->server)) == NULL)
1148 {
1149 const char *err = fcgi_util_fs_is_path_ok(tp, auth_server, NULL);
1150 if (err)
1151 return ap_psprintf(tp, "%s: \"%s\" %s", cmd->cmd->name, auth_server, err);
1152 }
1153
1154 if (compat && strcasecmp(compat, "-compat"))
1155 return ap_psprintf(cmd->temp_pool, "%s: unknown option: \"%s\"", cmd->cmd->name, compat);
1156
1157 switch((int)cmd->info) {
1158 case FCGI_AUTH_TYPE_AUTHENTICATOR:
1159 dir_config->authenticator = auth_server;
1160 dir_config->authenticator_options |= (compat) ? FCGI_COMPAT : 0;
1161 break;
1162 case FCGI_AUTH_TYPE_AUTHORIZER:
1163 dir_config->authorizer = auth_server;
1164 dir_config->authorizer_options |= (compat) ? FCGI_COMPAT : 0;
1165 break;
1166 case FCGI_AUTH_TYPE_ACCESS_CHECKER:
1167 dir_config->access_checker = auth_server;
1168 dir_config->access_checker_options |= (compat) ? FCGI_COMPAT : 0;
1169 break;
1170 }
1171
1172 return NULL;
1173 }
1174
1175 const char *fcgi_config_set_authoritative_slot(cmd_parms * cmd,
1176 void * dir_config, int arg)
1177 {
1178 int offset = (int)(long)cmd->info;
1179
1180 if (arg)
1181 *((u_char *)dir_config + offset) |= FCGI_AUTHORITATIVE;
1182 else
1183 *((u_char *)dir_config + offset) &= ~FCGI_AUTHORITATIVE;
1184
1185 return NULL;
1186 }
FastCGI Apache module