1 /* $OpenBSD: http_main.c,v 1.49 2007/08/09 10:44:54 martynas Exp $ */
2
3 /* ====================================================================
4 * The Apache Software License, Version 1.1
5 *
6 * Copyright © 2013
7 * Thorsten “mirabilos” Glaser <tg@mirbsd.org>
8 * Copyright (c) 2000-2003 The Apache Software Foundation. All rights
9 * reserved.
10 *
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
13 * are met:
14 *
15 * 1. Redistributions of source code must retain the above copyright
16 * notice, this list of conditions and the following disclaimer.
17 *
18 * 2. Redistributions in binary form must reproduce the above copyright
19 * notice, this list of conditions and the following disclaimer in
20 * the documentation and/or other materials provided with the
21 * distribution.
22 *
23 * 3. The end-user documentation included with the redistribution,
24 * if any, must include the following acknowledgment:
25 * "This product includes software developed by the
26 * Apache Software Foundation (http://www.apache.org/)."
27 * Alternately, this acknowledgment may appear in the software itself,
28 * if and wherever such third-party acknowledgments normally appear.
29 *
30 * 4. The names "Apache" and "Apache Software Foundation" must
31 * not be used to endorse or promote products derived from this
32 * software without prior written permission. For written
33 * permission, please contact apache@apache.org.
34 *
35 * 5. Products derived from this software may not be called "Apache",
36 * nor may "Apache" appear in their name, without prior written
37 * permission of the Apache Software Foundation.
38 *
39 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
40 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
41 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
42 * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
45 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
46 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
47 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
48 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
49 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50 * SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This software consists of voluntary contributions made by many
54 * individuals on behalf of the Apache Software Foundation. For more
55 * information on the Apache Software Foundation, please see
56 * <http://www.apache.org/>.
57 *
58 * Portions of this software are based upon public domain software
59 * originally written at the National Center for Supercomputing Applications,
60 * University of Illinois, Urbana-Champaign.
61 */
62
63 /*
64 * httpd.c: simple http daemon for answering WWW file requests
65 *
66 *
67 * 03-21-93 Rob McCool wrote original code (up to NCSA HTTPd 1.3)
68 *
69 * 03-06-95 blong
70 * changed server number for child-alone processes to 0 and changed name
71 * of processes
72 *
73 * 03-10-95 blong
74 * Added numerous speed hacks proposed by Robert S. Thau (rst@ai.mit.edu)
75 * including set group before fork, and call gettime before to fork
76 * to set up libraries.
77 *
78 * 04-14-95 rst / rh
79 * Brandon's code snarfed from NCSA 1.4, but tinkered to work with the
80 * Apache server, and also to have child processes do accept() directly.
81 *
82 * April-July '95 rst
83 * Extensive rework for Apache.
84 */
85
86 #define REALMAIN main
87
88 #define CORE_PRIVATE
89
90 #include "httpd.h"
91 #include "http_main.h"
92 #include "http_log.h"
93 #include "http_config.h" /* for read_config */
94 #include "http_protocol.h" /* for read_request */
95 #include "http_request.h" /* for process_request */
96 #include "http_conf_globals.h"
97 #include "http_core.h" /* for get_remote_host */
98 #include "http_vhost.h"
99 #include "util_script.h" /* to force util_script.c linking */
100 #include "util_uri.h"
101 #include "fdcache.h"
102 #include "scoreboard.h"
103 #include "multithread.h"
104 #include <sys/stat.h>
105 #include <sys/time.h>
106 #include <sys/resource.h>
107 #include <netinet/tcp.h>
108 #ifdef MOD_SSL
109 #include <openssl/evp.h>
110 #endif
111 #ifdef HAVE_SET_DUMPABLE /* certain levels of Linux */
112 #include <sys/prctl.h>
113 #endif
114 #include "sa_len.h"
115
116 __RCSID("$MirOS: src/usr.sbin/httpd/src/main/http_main.c,v 1.11 2013/10/31 20:07:23 tg Exp $");
117
118 /* This next function is never used. It is here to ensure that if we
119 * make all the modules into shared libraries that core httpd still
120 * includes the full Apache API. Without this function the objects in
121 * main/util_script.c would not be linked into a minimal httpd.
122 * And the extra prototype is to make gcc -Wmissing-prototypes quiet.
123 */
124 API_EXPORT(void) ap_force_library_loading(void);
ap_force_library_loading(void)125 API_EXPORT(void) ap_force_library_loading(void) {
126 ap_add_cgi_vars(NULL);
127 }
128
129 #include "explain.h"
130
131 #if !defined(max)
132 #define max(a,b) (a > b ? a : b)
133 #endif
134
135 #define PATHSEPARATOR '/'
136
137 DEF_Explain
138
139 /* Defining GPROF when compiling uses the moncontrol() function to
140 * disable gprof profiling in the parent, and enable it only for
141 * request processing in children (or in one_process mode). It's
142 * absolutely required to get useful gprof results under linux
143 * because the profile itimers and such are disabled across a
144 * fork(). It's probably useful elsewhere as well.
145 */
146 #ifdef GPROF
147 extern void moncontrol(int);
148 #define MONCONTROL(x) moncontrol(x)
149 #else
150 #define MONCONTROL(x)
151 #endif
152
153 /* this just need to be anything non-NULL */
154 void *ap_dummy_mutex = &ap_dummy_mutex;
155
156 /*
157 * Actual definitions of config globals... here because this is
158 * for the most part the only code that acts on 'em. (Hmmm... mod_main.c?)
159 */
160 int ap_thread_count = 0;
161 API_VAR_EXPORT int ap_standalone=0;
162 API_VAR_EXPORT int ap_configtestonly=0;
163 int ap_docrootcheck=1;
164 API_VAR_EXPORT uid_t ap_user_id=0;
165 API_VAR_EXPORT char *ap_user_name=NULL;
166 API_VAR_EXPORT gid_t ap_group_id=0;
167 API_VAR_EXPORT int ap_max_requests_per_child=0;
168 API_VAR_EXPORT int ap_max_cpu_per_child=0;
169 API_VAR_EXPORT int ap_max_data_per_child=0;
170 API_VAR_EXPORT int ap_max_nofile_per_child=0;
171 API_VAR_EXPORT int ap_max_rss_per_child=0;
172 API_VAR_EXPORT int ap_max_stack_per_child=0;
173 #ifdef RLIMIT_TIME
174 API_VAR_EXPORT int ap_max_time_per_child=0;
175 #endif
176 API_VAR_EXPORT int ap_threads_per_child=0;
177 API_VAR_EXPORT int ap_excess_requests_per_child=0;
178 API_VAR_EXPORT char *ap_pid_fname=NULL;
179 API_VAR_EXPORT char *ap_scoreboard_fname=NULL;
180 API_VAR_EXPORT char *ap_lock_fname=NULL;
181 API_VAR_EXPORT char *ap_server_argv0=NULL;
182 #ifdef INET6
183 API_VAR_EXPORT int ap_default_family = PF_INET6;
184 #else
185 API_VAR_EXPORT int ap_default_family = PF_INET;
186 #endif
187 API_VAR_EXPORT struct sockaddr_storage ap_bind_address;
188 API_VAR_EXPORT int ap_daemons_to_start=0;
189 API_VAR_EXPORT int ap_daemons_min_free=0;
190 API_VAR_EXPORT int ap_daemons_max_free=0;
191 API_VAR_EXPORT int ap_daemons_limit=0;
192 API_VAR_EXPORT time_t ap_restart_time=0;
193 API_VAR_EXPORT int ap_suexec_enabled = 0;
194 API_VAR_EXPORT int ap_listenbacklog=0;
195
196 struct accept_mutex_methods_s {
197 void (*child_init)(pool *p);
198 void (*init)(pool *p);
199 void (*on)(void);
200 void (*off)(void);
201 char *name;
202 };
203 typedef struct accept_mutex_methods_s accept_mutex_methods_s;
204 accept_mutex_methods_s *amutex;
205
206 int ap_dump_settings = 0;
207 API_VAR_EXPORT int ap_extended_status = 0;
208 API_VAR_EXPORT ap_ctx *ap_global_ctx;
209
210 /*
211 * The max child slot ever assigned, preserved across restarts. Necessary
212 * to deal with MaxClients changes across SIGUSR1 restarts. We use this
213 * value to optimize routines that have to scan the entire scoreboard.
214 */
215 static int max_daemons_limit = -1;
216
217 /*
218 * During config time, listeners is treated as a NULL-terminated list.
219 * child_main previously would start at the beginning of the list each time
220 * through the loop, so a socket early on in the list could easily starve out
221 * sockets later on in the list. The solution is to start at the listener
222 * after the last one processed. But to do that fast/easily in child_main it's
223 * way more convenient for listeners to be a ring that loops back on itself.
224 * The routine setup_listeners() is called after config time to both open up
225 * the sockets and to turn the NULL-terminated list into a ring that loops back
226 * on itself.
227 *
228 * head_listener is used by each child to keep track of what they consider
229 * to be the "start" of the ring. It is also set by make_child to ensure
230 * that new children also don't starve any sockets.
231 *
232 * Note that listeners != NULL is ensured by read_config().
233 */
234 listen_rec *ap_listeners=NULL;
235 static listen_rec *head_listener;
236
237 API_VAR_EXPORT char ap_server_root[MAX_STRING_LEN]="";
238 API_VAR_EXPORT char ap_server_confname[MAX_STRING_LEN]="";
239 API_VAR_EXPORT char ap_coredump_dir[MAX_STRING_LEN]="";
240
241 API_VAR_EXPORT array_header *ap_server_pre_read_config=NULL;
242 API_VAR_EXPORT array_header *ap_server_post_read_config=NULL;
243 API_VAR_EXPORT array_header *ap_server_config_defines=NULL;
244
245 API_VAR_EXPORT int ap_server_chroot=1;
246 API_VAR_EXPORT int is_chrooted=0;
247
248 /* *Non*-shared http_main globals... */
249
250 static server_rec *server_conf;
251 static JMP_BUF APACHE_TLS jmpbuffer;
252 static int sd;
253 static fd_set listenfds;
254 static int listenmaxfd;
255 static pid_t pgrp;
256
257 /* one_process --- debugging mode variable; can be set from the command line
258 * with the -X flag. If set, this gets you the child_main loop running
259 * in the process which originally started up (no detach, no make_child),
260 * which is a pretty nice debugging environment. (You'll get a SIGHUP
261 * early in standalone_main; just continue through. This is the server
262 * trying to kill off any child processes which it might have lying
263 * around --- Apache doesn't keep track of their pids, it just sends
264 * SIGHUP to the process group, ignoring it in the root process.
265 * Continue through and you'll be fine.).
266 */
267
268 static int one_process = 0;
269
270 static int do_detach = 1;
271
272 /* set if timeouts are to be handled by the children and not by the parent.
273 * i.e. child_timeouts = !standalone || one_process.
274 */
275 static int child_timeouts;
276
277 #ifdef DEBUG_SIGSTOP
278 int raise_sigstop_flags;
279 #endif
280
281 /* used to maintain list of children which aren't part of the scoreboard */
282 typedef struct other_child_rec other_child_rec;
283 struct other_child_rec {
284 other_child_rec *next;
285 int pid;
286 void (*maintenance) (int, void *, ap_wait_t);
287 void *data;
288 int write_fd;
289 };
290 static other_child_rec *other_children;
291
292 static pool *pglobal; /* Global pool */
293 static pool *pconf; /* Pool for config stuff */
294 static pool *plog; /* Pool for error-logging files */
295 static pool *ptrans; /* Pool for per-transaction stuff */
296 static pool *pchild; /* Pool for httpd child stuff */
297 static pool *pmutex; /* Pool for accept mutex in child */
298 static pool *pcommands; /* Pool for -C and -c switches */
299
300 static int APACHE_TLS my_pid; /* it seems silly to call getpid all the time */
301 static int my_child_num;
302
303
304 scoreboard *ap_scoreboard_image = NULL;
305
306 /*
307 * Pieces for managing the contents of the Server response header
308 * field.
309 */
310 static char *server_version = NULL;
311 static int version_locked = 0;
312
313 /* Global, alas, so http_core can talk to us */
314 enum server_token_type ap_server_tokens = SrvTk_OS;
315
316 /* Also global, for http_core and http_protocol */
317 API_VAR_EXPORT int ap_protocol_req_check = 1;
318
319 API_VAR_EXPORT int ap_change_shmem_uid = 0;
320
321 /*
322 * This routine is called when the pconf pool is vacuumed. It resets the
323 * server version string to a known value and [re]enables modifications
324 * (which are disabled by configuration completion).
325 */
reset_version(void * dummy)326 static void reset_version(void *dummy)
327 {
328 version_locked = 0;
329 ap_server_tokens = SrvTk_OS;
330 server_version = NULL;
331 }
332
ap_get_server_version(void)333 API_EXPORT(const char *) ap_get_server_version(void)
334 {
335 return (server_version ? server_version : SERVER_BASEVERSION);
336 }
337
ap_add_version_component(const char * component)338 API_EXPORT(void) ap_add_version_component(const char *component)
339 {
340 if (! version_locked) {
341 /*
342 * If the version string is null, register our cleanup to reset the
343 * pointer on pool destruction. We also know that, if NULL,
344 * we are adding the original SERVER_BASEVERSION string.
345 */
346 if (server_version == NULL) {
347 ap_register_cleanup(pconf, NULL, (void (*)(void *))reset_version,
348 ap_null_cleanup);
349 server_version = ap_pstrdup(pconf, component);
350 }
351 else {
352 /*
353 * Tack the given component identifier to the end of
354 * the existing string.
355 */
356 server_version = ap_pstrcat(pconf, server_version, " ",
357 component, NULL);
358 }
359 }
360 }
361
362 /*
363 * This routine adds the real server base identity to the version string,
364 * and then locks out changes until the next reconfig.
365 */
ap_set_version(void)366 static void ap_set_version(void)
367 {
368 if (ap_server_tokens == SrvTk_PRODUCT_ONLY) {
369 ap_add_version_component(SERVER_PRODUCT);
370 }
371 else if (ap_server_tokens == SrvTk_MIN) {
372 ap_add_version_component(SERVER_BASEVERSION);
373 }
374 else {
375 ap_add_version_component(SERVER_BASEVERSION " (" PLATFORM ")");
376 }
377 /*
378 * Lock the server_version string if we're not displaying
379 * the full set of tokens
380 */
381 if (ap_server_tokens != SrvTk_FULL) {
382 version_locked++;
383 }
384 }
385
ap_add_config_define(const char * define)386 API_EXPORT(void) ap_add_config_define(const char *define)
387 {
388 char **var;
389 var = (char **)ap_push_array(ap_server_config_defines);
390 *var = ap_pstrdup(pcommands, define);
391 return;
392 }
393
394 /*
395 * Invoke the `close_connection' hook of modules to let them do
396 * some connection dependent actions before we close it.
397 */
ap_call_close_connection_hook(conn_rec * c)398 static void ap_call_close_connection_hook(conn_rec *c)
399 {
400 module *m;
401 for (m = top_module; m != NULL; m = m->next)
402 if (m->magic == MODULE_MAGIC_COOKIE_EAPI)
403 if (m->close_connection != NULL)
404 (*m->close_connection)(c);
405 return;
406 }
407
408 static APACHE_TLS int volatile exit_after_unblock = 0;
409
410 #ifdef GPROF
411 /*
412 * change directory for gprof to plop the gmon.out file
413 * configure in httpd.conf:
414 * GprofDir logs/ -> $ServerRoot/logs/gmon.out
415 * GprofDir logs/% -> $ServerRoot/logs/gprof.$pid/gmon.out
416 */
chdir_for_gprof(void)417 static void chdir_for_gprof(void)
418 {
419 core_server_config *sconf =
420 ap_get_module_config(server_conf->module_config, &core_module);
421 char *dir = sconf->gprof_dir;
422
423 if(dir) {
424 char buf[512];
425 int len = strlen(sconf->gprof_dir) - 1;
426 if(*(dir + len) == '%') {
427 dir[len] = '\0';
428 snprintf(buf, sizeof(buf), "%sgprof.%d", dir, (int)getpid());
429 }
430 dir = ap_server_root_relative(pconf, buf[0] ? buf : dir);
431 if(mkdir(dir, 0755) < 0 && errno != EEXIST) {
432 ap_log_error(APLOG_MARK, APLOG_ERR, server_conf,
433 "gprof: error creating directory %s", dir);
434 }
435 }
436 else {
437 dir = ap_server_root_relative(pconf, "logs");
438 }
439
440 chdir(dir);
441 }
442 #else
443 #define chdir_for_gprof()
444 #endif
445
446 /* a clean exit from a child with proper cleanup */
447 static void clean_child_exit(int code) __attribute__((__noreturn__));
clean_child_exit(int code)448 static void clean_child_exit(int code)
449 {
450 if (pchild) {
451 /* make sure the accept mutex is released before calling child
452 * exit hooks and cleanups... otherwise, modules can segfault
453 * in such code and, depending on the mutex mechanism, leave
454 * the server deadlocked... even if the module doesn't segfault,
455 * if it performs extensive processing it can temporarily prevent
456 * the server from accepting new connections
457 */
458 ap_clear_pool(pmutex);
459 ap_child_exit_modules(pchild, server_conf);
460 ap_destroy_pool(pchild);
461 }
462 chdir_for_gprof();
463 exit(code);
464 }
465
466 /*
467 * Start of accept() mutex fluff:
468 * Concept: Each method has it's own distinct set of mutex functions,
469 * which it shoves in a nice struct for us. We then pick
470 * which struct to use. We tell Apache which methods we
471 * support via HAVE_FOO_SERIALIZED_ACCEPT. We can
472 * specify the default via USE_FOO_SERIALIZED_ACCEPT
473 * (this pre-1.3.21 builds which use that at the command-
474 * line during builds work as expected). Without a set
475 * method, we pick the 1st from the following order:
476 * uslock, pthread, sysvsem, fcntl, flock, os2sem, tpfcore and none.
477 */
478
expand_lock_fname(pool * p)479 static void expand_lock_fname(pool *p)
480 {
481 /* XXXX possibly bogus cast */
482 ap_lock_fname = ap_psprintf(p, "%s.%lu",
483 ap_server_root_relative(p, ap_lock_fname), (unsigned long)getpid());
484 }
485
486 #include <sys/types.h>
487 #include <sys/ipc.h>
488 #include <sys/sem.h>
489
490 static int sem_id = -1;
491 static struct sembuf op_on;
492 static struct sembuf op_off;
493
494 /* We get a random semaphore ... the lame sysv semaphore interface
495 * means we have to be sure to clean this up or else we'll leak
496 * semaphores.
497 */
accept_mutex_cleanup_sysvsem(void * foo)498 static void accept_mutex_cleanup_sysvsem(void *foo)
499 {
500 union semun ick;
501
502 if (sem_id < 0)
503 return;
504 /* this is ignored anyhow */
505 ick.val = 0;
506 semctl(sem_id, 0, IPC_RMID, ick);
507 }
508
509 #define accept_mutex_child_init_sysvsem(x)
510
accept_mutex_init_sysvsem(pool * p)511 static void accept_mutex_init_sysvsem(pool *p)
512 {
513 union semun ick;
514 struct semid_ds buf;
515
516 /* acquire the semaphore */
517 sem_id = semget(IPC_PRIVATE, 1, IPC_CREAT | 0600);
518 if (sem_id < 0) {
519 perror("semget");
520 exit(APEXIT_INIT);
521 }
522 ick.val = 1;
523 if (semctl(sem_id, 0, SETVAL, ick) < 0) {
524 perror("semctl(SETVAL)");
525 exit(APEXIT_INIT);
526 }
527 if (!getuid()) {
528 /* restrict it to use only by the appropriate user_id ... not that this
529 * stops CGIs from acquiring it and dinking around with it.
530 */
531 buf.sem_perm.uid = ap_user_id;
532 buf.sem_perm.gid = ap_group_id;
533 buf.sem_perm.mode = 0600;
534 ick.buf = &buf;
535 if (semctl(sem_id, 0, IPC_SET, ick) < 0) {
536 perror("semctl(IPC_SET)");
537 exit(APEXIT_INIT);
538 }
539 }
540 ap_register_cleanup(p, NULL, accept_mutex_cleanup_sysvsem, ap_null_cleanup);
541
542 /* pre-initialize these */
543 op_on.sem_num = 0;
544 op_on.sem_op = -1;
545 op_on.sem_flg = SEM_UNDO;
546 op_off.sem_num = 0;
547 op_off.sem_op = 1;
548 op_off.sem_flg = SEM_UNDO;
549 }
550
accept_mutex_on_sysvsem(void)551 static void accept_mutex_on_sysvsem(void)
552 {
553 while (semop(sem_id, &op_on, 1) < 0) {
554 if (errno != EINTR) {
555 perror("accept_mutex_on");
556 clean_child_exit(APEXIT_CHILDFATAL);
557 }
558 }
559 }
560
accept_mutex_off_sysvsem(void)561 static void accept_mutex_off_sysvsem(void)
562 {
563 while (semop(sem_id, &op_off, 1) < 0) {
564 if (errno != EINTR) {
565 perror("accept_mutex_off");
566 clean_child_exit(APEXIT_CHILDFATAL);
567 }
568 }
569 }
570
571 accept_mutex_methods_s accept_mutex_sysvsem_s = {
572 NULL,
573 accept_mutex_init_sysvsem,
574 accept_mutex_on_sysvsem,
575 accept_mutex_off_sysvsem,
576 "sysvsem"
577 };
578
579 static int flock_fd = -1;
580
accept_mutex_cleanup_flock(void * foo)581 static void accept_mutex_cleanup_flock(void *foo)
582 {
583 unlink(ap_lock_fname);
584 }
585
586 /*
587 * Initialize mutex lock.
588 * Done by each child at it's birth
589 */
accept_mutex_child_init_flock(pool * p)590 static void accept_mutex_child_init_flock(pool *p)
591 {
592
593 flock_fd = ap_popenf_ex(p, ap_lock_fname, O_WRONLY, 0600, 1);
594 if (flock_fd == -1) {
595 ap_log_error(APLOG_MARK, APLOG_EMERG, server_conf,
596 "Child cannot open lock file: %s", ap_lock_fname);
597 clean_child_exit(APEXIT_CHILDINIT);
598 }
599 }
600
601 /*
602 * Initialize mutex lock.
603 * Must be safe to call this on a restart.
604 */
accept_mutex_init_flock(pool * p)605 static void accept_mutex_init_flock(pool *p)
606 {
607 expand_lock_fname(p);
608 ap_server_strip_chroot(ap_lock_fname, 0);
609 unlink(ap_lock_fname);
610 flock_fd = ap_popenf_ex(p, ap_lock_fname, O_CREAT | O_WRONLY | O_EXCL, 0600, 1);
611 if (flock_fd == -1) {
612 ap_log_error(APLOG_MARK, APLOG_EMERG, server_conf,
613 "Parent cannot open lock file: %s", ap_lock_fname);
614 exit(APEXIT_INIT);
615 }
616 ap_register_cleanup(p, NULL, accept_mutex_cleanup_flock, ap_null_cleanup);
617 }
618
accept_mutex_on_flock(void)619 static void accept_mutex_on_flock(void)
620 {
621 int ret;
622
623 while ((ret = flock(flock_fd, LOCK_EX)) < 0 && errno == EINTR)
624 continue;
625
626 if (ret < 0) {
627 ap_log_error(APLOG_MARK, APLOG_EMERG, server_conf,
628 "flock: LOCK_EX: Error getting accept lock. Exiting!");
629 clean_child_exit(APEXIT_CHILDFATAL);
630 }
631 }
632
accept_mutex_off_flock(void)633 static void accept_mutex_off_flock(void)
634 {
635 if (flock(flock_fd, LOCK_UN) < 0) {
636 ap_log_error(APLOG_MARK, APLOG_EMERG, server_conf,
637 "flock: LOCK_UN: Error freeing accept lock. Exiting!");
638 clean_child_exit(APEXIT_CHILDFATAL);
639 }
640 }
641
642 accept_mutex_methods_s accept_mutex_flock_s = {
643 accept_mutex_child_init_flock,
644 accept_mutex_init_flock,
645 accept_mutex_on_flock,
646 accept_mutex_off_flock,
647 "flock"
648 };
649
650 #define AP_FPTR1(x,y) { if (x) ((* x)(y)); }
651 #define AP_FPTR0(x) { if (x) ((* x)()); }
652
653 #define accept_mutex_child_init(x) AP_FPTR1(amutex->child_init,x)
654 #define accept_mutex_init(x) AP_FPTR1(amutex->init,x)
655 #define accept_mutex_off() AP_FPTR0(amutex->off)
656 #define accept_mutex_on() AP_FPTR0(amutex->on)
657
ap_default_mutex_method(void)658 char *ap_default_mutex_method(void)
659 {
660 char *t;
661 t = "sysvsem";
662 if ((!(strcasecmp(t,"default"))) || (!(strcasecmp(t,"sysvsem"))))
663 return "sysvsem";
664 if ((!(strcasecmp(t,"default"))) || (!(strcasecmp(t,"flock"))))
665 return "flock";
666 fprintf(stderr, "No default accept serialization known!!\n");
667 exit(APEXIT_INIT);
668 /*NOTREACHED */
669 return "unknown";
670 }
671
ap_init_mutex_method(char * t)672 char *ap_init_mutex_method(char *t)
673 {
674 if (!(strcasecmp(t,"default")))
675 t = ap_default_mutex_method();
676
677 if (!(strcasecmp(t,"sysvsem"))) {
678 amutex = &accept_mutex_sysvsem_s;
679 } else
680 if (!(strcasecmp(t,"flock"))) {
681 amutex = &accept_mutex_flock_s;
682 } else
683 {
684 /* Ignore this directive on Windows */
685 if (server_conf) {
686 ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE, server_conf,
687 "Requested serialization method '%s' not available",t);
688 exit(APEXIT_INIT);
689 } else {
690 fprintf(stderr, "Requested serialization method '%s' not available\n", t);
691 exit(APEXIT_INIT);
692 }
693 }
694 return NULL;
695 }
696
697 /* On some architectures it's safe to do unserialized accept()s in the single
698 * Listen case. But it's never safe to do it in the case where there's
699 * multiple Listen statements. Define SINGLE_LISTEN_UNSERIALIZED_ACCEPT
700 * when it's safe in the single Listen case.
701 */
702 #define SAFE_ACCEPT(stmt) do {if(ap_listeners->next != ap_listeners) {stmt;}} while(0)
703
usage(char * bin)704 static void usage(char *bin)
705 {
706 char pad[MAX_STRING_LEN];
707 unsigned i;
708
709 for (i = 0; i < strlen(bin); i++)
710 pad[i] = ' ';
711 pad[i] = '\0';
712 fprintf(stderr, "Usage: %s [-46FhLlSTtuVvX] [-C directive] [-c directive] [-D parameter]\n", bin);
713 fprintf(stderr, " %s [-d serverroot] [-f config]\n", pad);
714 fprintf(stderr, "Options:\n");
715 #ifdef INET6
716 fprintf(stderr, " -4 : assume IPv4 on parsing configuration file\n");
717 fprintf(stderr, " -6 : assume IPv6 on parsing configuration file\n");
718 #endif
719 fprintf(stderr, " -C directive : process directive before reading config files\n");
720 fprintf(stderr, " -c directive : process directive after reading config files\n");
721 fprintf(stderr, " -D parameter : define a parameter for use in <IfDefine name> directives\n");
722 fprintf(stderr, " -d serverroot : specify an alternate initial ServerRoot\n");
723 fprintf(stderr, " -F : run main process in foreground, for process supervisors\n");
724 fprintf(stderr, " -f config : specify an alternate ServerConfigFile\n");
725 fprintf(stderr, " -h : list available command line options (this page)\n");
726 fprintf(stderr, " -L : list available configuration directives\n");
727 fprintf(stderr, " -l : list compiled-in modules\n");
728 fprintf(stderr, " -S : show parsed settings (currently only vhost settings)\n");
729 fprintf(stderr, " -T : run syntax check for config files (without docroot check)\n");
730 fprintf(stderr, " -t : run syntax check for config files (with docroot check)\n");
731 fprintf(stderr, " -u : unsecure mode: do not chroot into ServerRoot\n");
732 fprintf(stderr, " -V : show compile settings\n");
733 fprintf(stderr, " -v : show version number\n");
734 fprintf(stderr, " -X : run in single-process mode\n");
735
736 exit(1);
737 }
738
739
740 /*****************************************************************
741 *
742 * Timeout handling. DISTINCTLY not thread-safe, but all this stuff
743 * has to change for threads anyway. Note that this code allows only
744 * one timeout in progress at a time...
745 */
746
747 static APACHE_TLS conn_rec *volatile current_conn;
748 static APACHE_TLS request_rec *volatile timeout_req;
749 static APACHE_TLS const char *volatile timeout_name = NULL;
750 static APACHE_TLS int volatile alarms_blocked = 0;
751 static APACHE_TLS int volatile alarm_pending = 0;
752
753
timeout(int sig)754 static void timeout(int sig)
755 {
756 void *dirconf;
757 if (alarms_blocked) {
758 alarm_pending = 1;
759 return;
760 }
761 if (exit_after_unblock) {
762 clean_child_exit(0);
763 }
764
765 if (!current_conn) {
766 ap_longjmp(jmpbuffer, 1);
767 }
768
769 if (timeout_req != NULL)
770 dirconf = timeout_req->per_dir_config;
771 else
772 dirconf = current_conn->server->lookup_defaults;
773 if (!current_conn->keptalive) {
774 ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_INFO,
775 current_conn->server, "[client %s] %s timed out",
776 current_conn->remote_ip,
777 timeout_name ? timeout_name : "request");
778 }
779
780 if (timeout_req) {
781 /* Someone has asked for this transaction to just be aborted
782 * if it times out...
783 */
784 request_rec *log_req = timeout_req;
785 request_rec *save_req = timeout_req;
786
787 /* avoid looping... if ap_log_transaction started another
788 * timer (say via rfc1413.c) we could loop...
789 */
790 timeout_req = NULL;
791
792 while (log_req->main || log_req->prev) {
793 /* Get back to original request... */
794 if (log_req->main)
795 log_req = log_req->main;
796 else
797 log_req = log_req->prev;
798 }
799
800 if (!current_conn->keptalive) {
801 /* in some cases we come here before setting the time */
802 if (log_req->request_time == 0) {
803 log_req->request_time = time(NULL);
804 }
805 ap_log_transaction(log_req);
806 }
807
808 ap_call_close_connection_hook(save_req->connection);
809
810 ap_bsetflag(save_req->connection->client, B_EOUT, 1);
811 ap_bclose(save_req->connection->client);
812
813 if (!ap_standalone)
814 exit(0);
815 ap_longjmp(jmpbuffer, 1);
816 }
817 else { /* abort the connection */
818 ap_call_close_connection_hook(current_conn);
819 ap_bsetflag(current_conn->client, B_EOUT, 1);
820 ap_bclose(current_conn->client);
821 current_conn->aborted = 1;
822 }
823 }
824
825
826 /*
827 * These two called from alloc.c to protect its critical sections...
828 * Note that they can nest (as when destroying the sub_pools of a pool
829 * which is itself being cleared); we have to support that here.
830 */
831
ap_block_alarms(void)832 API_EXPORT(void) ap_block_alarms(void)
833 {
834 ++alarms_blocked;
835 }
836
ap_unblock_alarms(void)837 API_EXPORT(void) ap_unblock_alarms(void)
838 {
839 --alarms_blocked;
840 if (alarms_blocked == 0) {
841 if (exit_after_unblock) {
842 /* We have a couple race conditions to deal with here, we can't
843 * allow a timeout that comes in this small interval to allow
844 * the child to jump back to the main loop. Instead we block
845 * alarms again, and then note that exit_after_unblock is
846 * being dealt with. We choose this way to solve this so that
847 * the common path through unblock_alarms() is really short.
848 */
849 ++alarms_blocked;
850 exit_after_unblock = 0;
851 clean_child_exit(0);
852 }
853 if (alarm_pending) {
854 alarm_pending = 0;
855 timeout(0);
856 }
857 }
858 }
859
860 static APACHE_TLS void (*volatile alarm_fn) (int) = NULL;
861
alrm_handler(int sig)862 static void alrm_handler(int sig)
863 {
864 if (alarm_fn) {
865 (*alarm_fn) (sig);
866 }
867 }
868
ap_set_callback_and_alarm(void (* fn)(int),int x)869 API_EXPORT(unsigned int) ap_set_callback_and_alarm(void (*fn) (int), int x)
870 {
871 unsigned int old;
872
873 if (alarm_fn && x && fn != alarm_fn) {
874 ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, NULL,
875 "ap_set_callback_and_alarm: possible nested timer!");
876 }
877 alarm_fn = fn;
878 if (child_timeouts) {
879 old = alarm(x);
880 }
881 else {
882 /* Just note the timeout in our scoreboard, no need to call the system.
883 * We also note that the virtual time has gone forward.
884 */
885 ap_check_signals();
886 old = ap_scoreboard_image->servers[my_child_num].timeout_len;
887 ap_scoreboard_image->servers[my_child_num].timeout_len = x;
888 ++ap_scoreboard_image->servers[my_child_num].cur_vtime;
889 }
890 return (old);
891 }
892
893
894 /* reset_timeout (request_rec *) resets the timeout in effect,
895 * as long as it hasn't expired already.
896 */
897
ap_reset_timeout(request_rec * r)898 API_EXPORT(void) ap_reset_timeout(request_rec *r)
899 {
900 int i;
901 if (timeout_name) { /* timeout has been set */
902 i = ap_set_callback_and_alarm(alarm_fn, r->server->timeout);
903 if (i == 0) /* timeout already expired, so set it back to 0 */
904 ap_set_callback_and_alarm(alarm_fn, 0);
905 }
906 }
907
908
909
910
ap_keepalive_timeout(char * name,request_rec * r)911 API_EXPORT(void) ap_keepalive_timeout(char *name, request_rec *r)
912 {
913 unsigned int to;
914 timeout_req = r;
915 timeout_name = name;
916 if (r->connection->keptalive)
917 to = r->server->keep_alive_timeout;
918 else
919 to = r->server->timeout;
920 ap_set_callback_and_alarm(timeout, to);
921 }
922
ap_hard_timeout(char * name,request_rec * r)923 API_EXPORT(void) ap_hard_timeout(char *name, request_rec *r)
924 {
925 timeout_req = r;
926 timeout_name = name;
927 ap_set_callback_and_alarm(timeout, r->server->timeout);
928 }
929
ap_soft_timeout(char * name,request_rec * r)930 API_EXPORT(void) ap_soft_timeout(char *name, request_rec *r)
931 {
932 timeout_name = name;
933 ap_set_callback_and_alarm(timeout, r->server->timeout);
934 }
935
ap_kill_timeout(request_rec * dummy)936 API_EXPORT(void) ap_kill_timeout(request_rec *dummy)
937 {
938 ap_check_signals();
939 ap_set_callback_and_alarm(NULL, 0);
940 timeout_req = NULL;
941 timeout_name = NULL;
942 }
943
944
945 /*
946 * More machine-dependent networking gooo... on some systems,
947 * you've got to be *really* sure that all the packets are acknowledged
948 * before closing the connection, since the client will not be able
949 * to see the last response if their TCP buffer is flushed by a RST
950 * packet from us, which is what the server's TCP stack will send
951 * if it receives any request data after closing the connection.
952 *
953 * In an ideal world, this function would be accomplished by simply
954 * setting the socket option SO_LINGER and handling it within the
955 * server's TCP stack while the process continues on to the next request.
956 * Unfortunately, it seems that most (if not all) operating systems
957 * block the server process on close() when SO_LINGER is used.
958 * For those that don't, see USE_SO_LINGER below. For the rest,
959 * we have created a home-brew lingering_close.
960 *
961 * Many operating systems tend to block, puke, or otherwise mishandle
962 * calls to shutdown only half of the connection.
963 */
964 #ifndef MAX_SECS_TO_LINGER
965 #define MAX_SECS_TO_LINGER 30
966 #endif
967
968 #define sock_enable_linger(s) /* NOOP */
969
970 /* Special version of timeout for lingering_close */
971
lingerout(int sig)972 static void lingerout(int sig)
973 {
974 if (alarms_blocked) {
975 alarm_pending = 1;
976 return;
977 }
978
979 if (!current_conn) {
980 ap_longjmp(jmpbuffer, 1);
981 }
982 ap_bsetflag(current_conn->client, B_EOUT, 1);
983 current_conn->aborted = 1;
984 }
985
linger_timeout(void)986 static void linger_timeout(void)
987 {
988 timeout_name = "lingering close";
989 ap_set_callback_and_alarm(lingerout, MAX_SECS_TO_LINGER);
990 }
991
992 /* Since many clients will abort a connection instead of closing it,
993 * attempting to log an error message from this routine will only
994 * confuse the webmaster. There doesn't seem to be any portable way to
995 * distinguish between a dropped connection and something that might be
996 * worth logging.
997 */
lingering_close(request_rec * r)998 static void lingering_close(request_rec *r)
999 {
1000 char dummybuf[512];
1001 struct timeval tv;
1002 fd_set lfds;
1003 int select_rv;
1004 int lsd;
1005
1006 /* Prevent a slow-drip client from holding us here indefinitely */
1007
1008 linger_timeout();
1009
1010 /* Send any leftover data to the client, but never try to again */
1011
1012 if (ap_bflush(r->connection->client) == -1) {
1013 ap_call_close_connection_hook(r->connection);
1014 ap_kill_timeout(r);
1015 ap_bclose(r->connection->client);
1016 return;
1017 }
1018 ap_call_close_connection_hook(r->connection);
1019 ap_bsetflag(r->connection->client, B_EOUT, 1);
1020
1021 /* Close our half of the connection --- send the client a FIN */
1022
1023 lsd = r->connection->client->fd;
1024
1025 if ((shutdown(lsd, 1) != 0) || r->connection->aborted) {
1026 ap_kill_timeout(r);
1027 ap_bclose(r->connection->client);
1028 return;
1029 }
1030
1031 /* Set up to wait for readable data on socket... */
1032
1033 FD_ZERO(&lfds);
1034
1035 /* Wait for readable data or error condition on socket;
1036 * slurp up any data that arrives... We exit when we go for an
1037 * interval of tv length without getting any more data, get an error
1038 * from select(), get an error or EOF on a read, or the timer expires.
1039 */
1040
1041 do {
1042 /* We use a 2 second timeout because current (Feb 97) browsers
1043 * fail to close a connection after the server closes it. Thus,
1044 * to avoid keeping the child busy, we are only lingering long enough
1045 * for a client that is actively sending data on a connection.
1046 * This should be sufficient unless the connection is massively
1047 * losing packets, in which case we might have missed the RST anyway.
1048 * These parameters are reset on each pass, since they might be
1049 * changed by select.
1050 */
1051
1052 FD_SET(lsd, &lfds);
1053 tv.tv_sec = 2;
1054 tv.tv_usec = 0;
1055
1056 select_rv = ap_select(lsd + 1, &lfds, NULL, NULL, &tv);
1057
1058 } while ((select_rv > 0) &&
1059 (read(lsd, dummybuf, sizeof(dummybuf)) > 0));
1060
1061 /* Should now have seen final ack. Safe to finally kill socket */
1062
1063 ap_bclose(r->connection->client);
1064
1065 ap_kill_timeout(r);
1066 }
1067
1068 /*****************************************************************
1069 * dealing with other children
1070 */
1071
ap_register_other_child(int pid,void (* maintenance)(int reason,void *,ap_wait_t status),void * data,int write_fd)1072 API_EXPORT(void) ap_register_other_child(int pid,
1073 void (*maintenance) (int reason, void *, ap_wait_t status),
1074 void *data, int write_fd)
1075 {
1076 other_child_rec *ocr;
1077
1078 ocr = ap_palloc(pconf, sizeof(*ocr));
1079 ocr->pid = pid;
1080 ocr->maintenance = maintenance;
1081 ocr->data = data;
1082 ocr->write_fd = write_fd;
1083 ocr->next = other_children;
1084 other_children = ocr;
1085 }
1086
1087 /* note that since this can be called by a maintenance function while we're
1088 * scanning the other_children list, all scanners should protect themself
1089 * by loading ocr->next before calling any maintenance function.
1090 */
ap_unregister_other_child(void * data)1091 API_EXPORT(void) ap_unregister_other_child(void *data)
1092 {
1093 other_child_rec **pocr, *nocr;
1094
1095 for (pocr = &other_children; *pocr; pocr = &(*pocr)->next) {
1096 if ((*pocr)->data == data) {
1097 nocr = (*pocr)->next;
1098 (*(*pocr)->maintenance) (OC_REASON_UNREGISTER, (*pocr)->data, (ap_wait_t)-1);
1099 *pocr = nocr;
1100 /* XXX: um, well we've just wasted some space in pconf ? */
1101 return;
1102 }
1103 }
1104 }
1105
1106 /* test to ensure that the write_fds are all still writable, otherwise
1107 * invoke the maintenance functions as appropriate */
probe_writable_fds(void)1108 static void probe_writable_fds(void)
1109 {
1110 fd_set writable_fds;
1111 int fd_max;
1112 other_child_rec *ocr, *nocr;
1113 struct timeval tv;
1114 int rc;
1115
1116 if (other_children == NULL)
1117 return;
1118
1119 fd_max = 0;
1120 FD_ZERO(&writable_fds);
1121 do {
1122 for (ocr = other_children; ocr; ocr = ocr->next) {
1123 if (ocr->write_fd == -1)
1124 continue;
1125 FD_SET(ocr->write_fd, &writable_fds);
1126 if (ocr->write_fd > fd_max) {
1127 fd_max = ocr->write_fd;
1128 }
1129 }
1130 if (fd_max == 0)
1131 return;
1132
1133 tv.tv_sec = 0;
1134 tv.tv_usec = 0;
1135 rc = ap_select(fd_max + 1, NULL, &writable_fds, NULL, &tv);
1136 } while (rc == -1 && errno == EINTR);
1137
1138 if (rc == -1) {
1139 /* XXX: uhh this could be really bad, we could have a bad file
1140 * descriptor due to a bug in one of the maintenance routines */
1141 ap_log_unixerr("probe_writable_fds", "select",
1142 "could not probe writable fds", server_conf);
1143 return;
1144 }
1145 if (rc == 0)
1146 return;
1147
1148 for (ocr = other_children; ocr; ocr = nocr) {
1149 nocr = ocr->next;
1150 if (ocr->write_fd == -1)
1151 continue;
1152 if (FD_ISSET(ocr->write_fd, &writable_fds))
1153 continue;
1154 (*ocr->maintenance) (OC_REASON_UNWRITABLE, ocr->data, (ap_wait_t)-1);
1155 }
1156 }
1157
1158 /* possibly reap an other_child, return 0 if yes, -1 if not */
reap_other_child(int pid,ap_wait_t status)1159 static int reap_other_child(int pid, ap_wait_t status)
1160 {
1161 other_child_rec *ocr, *nocr;
1162
1163 for (ocr = other_children; ocr; ocr = nocr) {
1164 nocr = ocr->next;
1165 if (ocr->pid != pid)
1166 continue;
1167 ocr->pid = -1;
1168 (*ocr->maintenance) (OC_REASON_DEATH, ocr->data, status);
1169 return 0;
1170 }
1171 return -1;
1172 }
1173
1174 /*****************************************************************
1175 *
1176 * Dealing with the scoreboard... a lot of these variables are global
1177 * only to avoid getting clobbered by the longjmp() that happens when
1178 * a hard timeout expires...
1179 *
1180 * We begin with routines which deal with the file itself...
1181 */
1182
setup_shared_mem(pool * p)1183 static void setup_shared_mem(pool *p)
1184 {
1185 caddr_t m;
1186
1187 /* BSD style */
1188 m = mmap((caddr_t) 0, SCOREBOARD_SIZE,
1189 PROT_READ | PROT_WRITE, MAP_ANON | MAP_SHARED, -1, 0);
1190 if (m == (caddr_t) - 1) {
1191 perror("mmap");
1192 fprintf(stderr, "%s: Could not mmap memory\n", ap_server_argv0);
1193 exit(APEXIT_INIT);
1194 }
1195 ap_scoreboard_image = (scoreboard *) m;
1196 ap_scoreboard_image->global.running_generation = 0;
1197 }
1198
1199 /* Called by parent process */
reinit_scoreboard(pool * p)1200 static void reinit_scoreboard(pool *p)
1201 {
1202 int running_gen = 0;
1203 if (ap_scoreboard_image)
1204 running_gen = ap_scoreboard_image->global.running_generation;
1205
1206 if (ap_scoreboard_image == NULL) {
1207 setup_shared_mem(p);
1208 }
1209 memset(ap_scoreboard_image, 0, SCOREBOARD_SIZE);
1210 ap_scoreboard_image->global.running_generation = running_gen;
1211 }
1212
1213 /* Routines called to deal with the scoreboard image
1214 * --- note that we do *not* need write locks, since update_child_status
1215 * only updates a *single* record in place, and only one process writes to
1216 * a given scoreboard slot at a time (either the child process owning that
1217 * slot, or the parent, noting that the child has died).
1218 *
1219 * As a final note --- setting the score entry to getpid() is always safe,
1220 * since when the parent is writing an entry, it's only noting SERVER_DEAD
1221 * anyway.
1222 */
1223
ap_exists_scoreboard_image(void)1224 API_EXPORT(int) ap_exists_scoreboard_image(void)
1225 {
1226 return (ap_scoreboard_image ? 1 : 0);
1227 }
1228
1229 /* a clean exit from the parent with proper cleanup */
1230 static void clean_parent_exit(int code) __attribute__((__noreturn__));
clean_parent_exit(int code)1231 static void clean_parent_exit(int code)
1232 {
1233 /* Clear the pool - including any registered cleanups */
1234 ap_destroy_pool(pglobal);
1235 ap_kill_alloc_shared();
1236 fdcache_closeall();
1237 exit(code);
1238 }
1239
ap_update_child_status(int child_num,int status,request_rec * r)1240 API_EXPORT(int) ap_update_child_status(int child_num, int status, request_rec *r)
1241 {
1242 int old_status;
1243 short_score *ss;
1244
1245 if (child_num < 0)
1246 return -1;
1247
1248 ap_check_signals();
1249
1250 ss = &ap_scoreboard_image->servers[child_num];
1251 old_status = ss->status;
1252 ss->status = status;
1253
1254 ++ss->cur_vtime;
1255
1256 if (ap_extended_status) {
1257 if (status == SERVER_READY || status == SERVER_DEAD) {
1258 /*
1259 * Reset individual counters
1260 */
1261 if (status == SERVER_DEAD) {
1262 ss->my_access_count = 0L;
1263 ss->my_bytes_served = 0L;
1264 }
1265 ss->conn_count = (unsigned short) 0;
1266 ss->conn_bytes = (unsigned long) 0;
1267 }
1268 else if (status == SERVER_STARTING) {
1269 /* clean out the start_time so that mod_status will print Req=0 */
1270 /* Use memset to be independent from the type (struct timeval vs. clock_t) */
1271 memset (&ss->start_time, '\0', sizeof ss->start_time);
1272 }
1273 if (r) {
1274 conn_rec *c = r->connection;
1275 ap_cpystrn(ss->client, ap_get_remote_host(c, r->per_dir_config,
1276 REMOTE_NOLOOKUP), sizeof(ss->client));
1277 if (r->the_request == NULL) {
1278 ap_cpystrn(ss->request, "NULL", sizeof(ss->request));
1279 } else if (r->parsed_uri.password == NULL) {
1280 ap_cpystrn(ss->request, r->the_request, sizeof(ss->request));
1281 } else {
1282 /* Don't reveal the password in the server-status view */
1283 ap_cpystrn(ss->request, ap_pstrcat(r->pool, r->method, " ",
1284 ap_unparse_uri_components(r->pool, &r->parsed_uri, UNP_OMITPASSWORD),
1285 r->assbackwards ? NULL : " ", r->protocol, NULL),
1286 sizeof(ss->request));
1287 }
1288 ss->vhostrec = r->server;
1289 }
1290 }
1291 if (status == SERVER_STARTING && r == NULL) {
1292 /* clean up the slot's vhostrec pointer (maybe re-used)
1293 * and mark the slot as belonging to a new generation.
1294 */
1295 ss->vhostrec = NULL;
1296 ap_scoreboard_image->parent[child_num].generation = ap_my_generation;
1297 }
1298
1299 return old_status;
1300 }
1301
ap_time_process_request(int child_num,int status)1302 void ap_time_process_request(int child_num, int status)
1303 {
1304 short_score *ss;
1305
1306 if (child_num < 0)
1307 return;
1308
1309 ss = &ap_scoreboard_image->servers[child_num];
1310
1311 if (status == START_PREQUEST) {
1312 if (gettimeofday(&ss->start_time, (struct timezone *) 0) < 0)
1313 ss->start_time.tv_sec =
1314 ss->start_time.tv_usec = 0L;
1315 }
1316 else if (status == STOP_PREQUEST) {
1317 if (gettimeofday(&ss->stop_time, (struct timezone *) 0) < 0)
1318 ss->stop_time.tv_sec =
1319 ss->stop_time.tv_usec =
1320 ss->start_time.tv_sec =
1321 ss->start_time.tv_usec = 0L;
1322
1323 }
1324 }
1325
increment_counts(int child_num,request_rec * r)1326 static void increment_counts(int child_num, request_rec *r)
1327 {
1328 long int bs = 0;
1329 short_score *ss;
1330
1331 ss = &ap_scoreboard_image->servers[child_num];
1332
1333 if (r->sent_bodyct)
1334 ap_bgetopt(r->connection->client, BO_BYTECT, &bs);
1335
1336 times(&ss->times);
1337 ss->access_count++;
1338 ss->my_access_count++;
1339 ss->conn_count++;
1340 ss->bytes_served += (unsigned long) bs;
1341 ss->my_bytes_served += (unsigned long) bs;
1342 ss->conn_bytes += (unsigned long) bs;
1343 }
1344
find_child_by_pid(int pid)1345 static int find_child_by_pid(int pid)
1346 {
1347 int i;
1348
1349 for (i = 0; i < max_daemons_limit; ++i)
1350 if (ap_scoreboard_image->parent[i].pid == pid)
1351 return i;
1352
1353 return -1;
1354 }
1355
safe_child_kill(pid_t pid,int sig)1356 static int safe_child_kill(pid_t pid, int sig)
1357 {
1358 if (getpgid(pid) == getpgrp()) {
1359 return kill(pid, sig);
1360 }
1361 else {
1362 errno = EINVAL;
1363 return -1;
1364 }
1365 }
1366
reclaim_child_processes(int terminate)1367 static void reclaim_child_processes(int terminate)
1368 {
1369 int i, status;
1370 long int waittime = 1024 * 16; /* in usecs */
1371 struct timeval tv;
1372 int waitret, tries;
1373 int not_dead_yet;
1374 int ret;
1375 other_child_rec *ocr, *nocr;
1376
1377 for (tries = terminate ? 4 : 1; tries <= 12; ++tries) {
1378 /* don't want to hold up progress any more than
1379 * necessary, but we need to allow children a few moments to exit.
1380 * Set delay with an exponential backoff. NOTE: if we get
1381 * interrupted, we'll wait longer than expected...
1382 */
1383 tv.tv_sec = waittime / 1000000;
1384 tv.tv_usec = waittime % 1000000;
1385 waittime = waittime * 4;
1386 do {
1387 ret = ap_select(0, NULL, NULL, NULL, &tv);
1388 } while (ret == -1 && errno == EINTR);
1389
1390 /* now see who is done */
1391 not_dead_yet = 0;
1392 for (i = 0; i < max_daemons_limit; ++i) {
1393 int pid = ap_scoreboard_image->parent[i].pid;
1394
1395 if (pid == my_pid || pid == 0)
1396 continue;
1397
1398 waitret = waitpid(pid, &status, WNOHANG);
1399 if (waitret == pid || waitret == -1) {
1400 ap_scoreboard_image->parent[i].pid = 0;
1401 continue;
1402 }
1403 ++not_dead_yet;
1404 switch (tries) {
1405 case 1: /* 16ms */
1406 case 2: /* 82ms */
1407 break;
1408 case 3: /* 344ms */
1409 /* perhaps it missed the SIGHUP, lets try again */
1410 ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING,
1411 server_conf,
1412 "child process %d did not exit, sending another SIGHUP",
1413 pid);
1414 safe_child_kill(pid, SIGHUP);
1415 waittime = 1024 * 16;
1416 break;
1417 case 4: /* 16ms */
1418 case 5: /* 82ms */
1419 case 6: /* 344ms */
1420 break;
1421 case 7: /* 1.4sec */
1422 /* ok, now it's being annoying */
1423 ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING,
1424 server_conf,
1425 "child process %d still did not exit, sending a SIGTERM",
1426 pid);
1427 safe_child_kill(pid, SIGTERM);
1428 break;
1429 case 8: /* 6 sec */
1430 /* die child scum */
1431 ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, server_conf,
1432 "child process %d still did not exit, sending a SIGKILL",
1433 pid);
1434 safe_child_kill(pid, SIGKILL);
1435 waittime = 1024 * 16; /* give them some time to die */
1436 break;
1437 case 9: /* 6 sec */
1438 case 10: /* 6.1 sec */
1439 case 11: /* 6.4 sec */
1440 break;
1441 case 12: /* 7.4 sec */
1442 /* gave it our best shot, but alas... If this really
1443 * is a child we are trying to kill and it really hasn't
1444 * exited, we will likely fail to bind to the port
1445 * after the restart.
1446 */
1447 ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, server_conf,
1448 "could not make child process %d exit, "
1449 "attempting to continue anyway", pid);
1450 break;
1451 }
1452 }
1453 for (ocr = other_children; ocr; ocr = nocr) {
1454 nocr = ocr->next;
1455 if (ocr->pid == -1)
1456 continue;
1457
1458 waitret = waitpid(ocr->pid, &status, WNOHANG);
1459 if (waitret == ocr->pid) {
1460 ocr->pid = -1;
1461 (*ocr->maintenance) (OC_REASON_RESTART, ocr->data, (ap_wait_t)status);
1462 }
1463 else if (waitret == 0) {
1464 (*ocr->maintenance) (OC_REASON_RESTART, ocr->data, (ap_wait_t)-1);
1465 ++not_dead_yet;
1466 }
1467 else if (waitret == -1) {
1468 /* uh what the heck? they didn't call unregister? */
1469 ocr->pid = -1;
1470 (*ocr->maintenance) (OC_REASON_LOST, ocr->data, (ap_wait_t)-1);
1471 }
1472 }
1473 if (!not_dead_yet) {
1474 /* nothing left to wait for */
1475 break;
1476 }
1477 }
1478 }
1479
1480
1481 /* Finally, this routine is used by the caretaker process to wait for
1482 * a while...
1483 */
1484
1485 /* number of calls to wait_or_timeout between writable probes */
1486 #ifndef INTERVAL_OF_WRITABLE_PROBES
1487 #define INTERVAL_OF_WRITABLE_PROBES 10
1488 #endif
1489 static int wait_or_timeout_counter;
1490
wait_or_timeout(ap_wait_t * status)1491 static int wait_or_timeout(ap_wait_t *status)
1492 {
1493 struct timeval tv;
1494 int ret;
1495
1496 ++wait_or_timeout_counter;
1497 if (wait_or_timeout_counter == INTERVAL_OF_WRITABLE_PROBES) {
1498 wait_or_timeout_counter = 0;
1499 probe_writable_fds();
1500 }
1501 ret = waitpid(-1, status, WNOHANG);
1502 if (ret == -1 && errno == EINTR) {
1503 return -1;
1504 }
1505 if (ret > 0) {
1506 return ret;
1507 }
1508 tv.tv_sec = SCOREBOARD_MAINTENANCE_INTERVAL / 1000000;
1509 tv.tv_usec = SCOREBOARD_MAINTENANCE_INTERVAL % 1000000;
1510 ap_select(0, NULL, NULL, NULL, &tv);
1511 return -1;
1512 }
1513
1514 #if defined(NSIG)
1515 #define NumSIG NSIG
1516 #elif defined(_NSIG)
1517 #define NumSIG _NSIG
1518 #elif defined(__NSIG)
1519 #define NumSIG __NSIG
1520 #else
1521 #define NumSIG 32 /* for 1998's unixes, this is still a good assumption */
1522 #endif
1523
1524 #define SYS_SIGLIST ap_sys_siglist
1525 #define INIT_SIGLIST() siglist_init();
1526
1527 const char *ap_sys_siglist[NumSIG];
1528
siglist_init(void)1529 static void siglist_init(void)
1530 {
1531 int sig;
1532
1533 ap_sys_siglist[0] = "Signal 0";
1534 ap_sys_siglist[SIGHUP] = "Hangup";
1535 ap_sys_siglist[SIGINT] = "Interrupt";
1536 ap_sys_siglist[SIGQUIT] = "Quit";
1537 ap_sys_siglist[SIGILL] = "Illegal instruction";
1538 ap_sys_siglist[SIGTRAP] = "Trace/BPT trap";
1539 ap_sys_siglist[SIGIOT] = "IOT instruction";
1540 ap_sys_siglist[SIGABRT] = "Abort";
1541 ap_sys_siglist[SIGEMT] = "Emulator trap";
1542 ap_sys_siglist[SIGFPE] = "Arithmetic exception";
1543 ap_sys_siglist[SIGKILL] = "Killed";
1544 ap_sys_siglist[SIGBUS] = "Bus error";
1545 ap_sys_siglist[SIGSEGV] = "Segmentation fault";
1546 ap_sys_siglist[SIGSYS] = "Bad system call";
1547 ap_sys_siglist[SIGPIPE] = "Broken pipe";
1548 ap_sys_siglist[SIGALRM] = "Alarm clock";
1549 ap_sys_siglist[SIGTERM] = "Terminated";
1550 ap_sys_siglist[SIGUSR1] = "User defined signal 1";
1551 ap_sys_siglist[SIGUSR2] = "User defined signal 2";
1552 ap_sys_siglist[SIGCHLD] = "Child status change";
1553 ap_sys_siglist[SIGWINCH] = "Window changed";
1554 ap_sys_siglist[SIGURG] = "urgent socket condition";
1555 ap_sys_siglist[SIGIO] = "socket I/O possible";
1556 ap_sys_siglist[SIGSTOP] = "Stopped (signal)";
1557 ap_sys_siglist[SIGTSTP] = "Stopped";
1558 ap_sys_siglist[SIGCONT] = "Continued";
1559 ap_sys_siglist[SIGTTIN] = "Stopped (tty input)";
1560 ap_sys_siglist[SIGTTOU] = "Stopped (tty output)";
1561 ap_sys_siglist[SIGVTALRM] = "virtual timer expired";
1562 ap_sys_siglist[SIGPROF] = "profiling timer expired";
1563 ap_sys_siglist[SIGXCPU] = "exceeded cpu limit";
1564 ap_sys_siglist[SIGXFSZ] = "exceeded file size limit";
1565 for (sig=0; sig < sizeof(ap_sys_siglist)/sizeof(ap_sys_siglist[0]); ++sig)
1566 if (ap_sys_siglist[sig] == NULL)
1567 ap_sys_siglist[sig] = "";
1568 }
1569
1570 /* handle all varieties of core dumping signals */
sig_coredump(int sig)1571 static void sig_coredump(int sig)
1572 {
1573 chdir(ap_coredump_dir);
1574 signal(sig, SIG_DFL);
1575 kill(getpid(), sig);
1576 /* At this point we've got sig blocked, because we're still inside
1577 * the signal handler. When we leave the signal handler it will
1578 * be unblocked, and we'll take the signal... and coredump or whatever
1579 * is appropriate for this particular Unix. In addition the parent
1580 * will see the real signal we received -- whereas if we called
1581 * abort() here, the parent would only see SIGABRT.
1582 */
1583 }
1584
1585 /*****************************************************************
1586 * Connection structures and accounting...
1587 */
1588
just_die(int sig)1589 static void just_die(int sig)
1590 { /* SIGHUP to child process??? */
1591 /* if alarms are blocked we have to wait to die otherwise we might
1592 * end up with corruption in alloc.c's internal structures */
1593 if (alarms_blocked) {
1594 exit_after_unblock = 1;
1595 }
1596 else {
1597 clean_child_exit(0);
1598 }
1599 }
1600
1601 static int volatile usr1_just_die = 1;
1602 static int volatile deferred_die;
1603
usr1_handler(int sig)1604 static void usr1_handler(int sig)
1605 {
1606 if (usr1_just_die) {
1607 just_die(sig);
1608 }
1609 deferred_die = 1;
1610 }
1611
1612 /* volatile just in case */
1613 static int volatile shutdown_pending;
1614 static int volatile restart_pending;
1615 static int volatile is_graceful;
1616 API_VAR_EXPORT ap_generation_t volatile ap_my_generation=0;
1617
1618
1619 /*
1620 * ap_start_shutdown() and ap_start_restart(), below, are a first stab at
1621 * functions to initiate shutdown or restart without relying on signals.
1622 * Previously this was initiated in sig_term() and restart() signal handlers,
1623 * but we want to be able to start a shutdown/restart from other sources --
1624 * e.g. on Win32, from the service manager. Now the service manager can
1625 * call ap_start_shutdown() or ap_start_restart() as appropiate. Note that
1626 * these functions can also be called by the child processes, since global
1627 * variables are no longer used to pass on the required action to the parent.
1628 */
1629
ap_start_shutdown(void)1630 API_EXPORT(void) ap_start_shutdown(void)
1631 {
1632 if (shutdown_pending == 1) {
1633 /* Um, is this _probably_ not an error, if the user has
1634 * tried to do a shutdown twice quickly, so we won't
1635 * worry about reporting it.
1636 */
1637 return;
1638 }
1639 shutdown_pending = 1;
1640 }
1641
1642 /* do a graceful restart if graceful == 1 */
ap_start_restart(int graceful)1643 API_EXPORT(void) ap_start_restart(int graceful)
1644 {
1645 if (restart_pending == 1) {
1646 /* Probably not an error - don't bother reporting it */
1647 return;
1648 }
1649 restart_pending = 1;
1650 is_graceful = graceful;
1651 }
1652
sig_term(int sig)1653 static void sig_term(int sig)
1654 {
1655 ap_start_shutdown();
1656 }
1657
restart(int sig)1658 static void restart(int sig)
1659 {
1660 ap_start_restart(sig == SIGUSR1);
1661 }
1662
set_signals(void)1663 static void set_signals(void)
1664 {
1665 struct sigaction sa;
1666
1667 sigemptyset(&sa.sa_mask);
1668 sa.sa_flags = 0;
1669
1670 if (!one_process) {
1671 sa.sa_handler = sig_coredump;
1672 sa.sa_flags = SA_RESETHAND;
1673 if (sigaction(SIGBUS, &sa, NULL) < 0)
1674 ap_log_error(APLOG_MARK, APLOG_WARNING, server_conf, "sigaction(SIGBUS)");
1675 if (sigaction(SIGABRT, &sa, NULL) < 0)
1676 ap_log_error(APLOG_MARK, APLOG_WARNING, server_conf, "sigaction(SIGABRT)");
1677 if (sigaction(SIGILL, &sa, NULL) < 0)
1678 ap_log_error(APLOG_MARK, APLOG_WARNING, server_conf, "sigaction(SIGILL)");
1679 sa.sa_flags = 0;
1680 }
1681 sa.sa_handler = sig_term;
1682 if (sigaction(SIGTERM, &sa, NULL) < 0)
1683 ap_log_error(APLOG_MARK, APLOG_WARNING, server_conf, "sigaction(SIGTERM)");
1684 if (sigaction(SIGINT, &sa, NULL) < 0)
1685 ap_log_error(APLOG_MARK, APLOG_WARNING, server_conf, "sigaction(SIGINT)");
1686 sa.sa_handler = SIG_DFL;
1687 if (sigaction(SIGXCPU, &sa, NULL) < 0)
1688 ap_log_error(APLOG_MARK, APLOG_WARNING, server_conf, "sigaction(SIGXCPU)");
1689 sa.sa_handler = SIG_DFL;
1690 if (sigaction(SIGXFSZ, &sa, NULL) < 0)
1691 ap_log_error(APLOG_MARK, APLOG_WARNING, server_conf, "sigaction(SIGXFSZ)");
1692 sa.sa_handler = SIG_IGN;
1693 if (sigaction(SIGPIPE, &sa, NULL) < 0)
1694 ap_log_error(APLOG_MARK, APLOG_WARNING, server_conf, "sigaction(SIGPIPE)");
1695
1696 /* we want to ignore HUPs and USR1 while we're busy processing one */
1697 sigaddset(&sa.sa_mask, SIGHUP);
1698 sigaddset(&sa.sa_mask, SIGUSR1);
1699 sa.sa_handler = restart;
1700 if (sigaction(SIGHUP, &sa, NULL) < 0)
1701 ap_log_error(APLOG_MARK, APLOG_WARNING, server_conf, "sigaction(SIGHUP)");
1702 if (sigaction(SIGUSR1, &sa, NULL) < 0)
1703 ap_log_error(APLOG_MARK, APLOG_WARNING, server_conf, "sigaction(SIGUSR1)");
1704 }
1705
1706
1707 /*****************************************************************
1708 * Here follows a long bunch of generic server bookkeeping stuff...
1709 */
1710
detach(void)1711 static void detach(void)
1712 {
1713 int x;
1714
1715 chdir("/");
1716 if (do_detach) {
1717 if ((x = fork()) > 0)
1718 exit(0);
1719 else if (x == -1) {
1720 perror("fork");
1721 fprintf(stderr, "%s: unable to fork new process\n", ap_server_argv0);
1722 exit(1);
1723 }
1724 RAISE_SIGSTOP(DETACH);
1725 }
1726 if ((pgrp = setsid()) == -1) {
1727 perror("setsid");
1728 fprintf(stderr, "%s: setsid failed\n", ap_server_argv0);
1729 if (!do_detach)
1730 fprintf(stderr, "setsid() failed probably because you aren't "
1731 "running under a process management tool like daemontools\n");
1732 exit(1);
1733 }
1734
1735 /* close out the standard file descriptors */
1736 if (freopen("/dev/null", "r", stdin) == NULL) {
1737 fprintf(stderr, "%s: unable to replace stdin with /dev/null: %s\n",
1738 ap_server_argv0, strerror(errno));
1739 /* continue anyhow -- note we can't close out descriptor 0 because we
1740 * have nothing to replace it with, and if we didn't have a descriptor
1741 * 0 the next file would be created with that value ... leading to
1742 * havoc.
1743 */
1744 }
1745 if (freopen("/dev/null", "w", stdout) == NULL) {
1746 fprintf(stderr, "%s: unable to replace stdout with /dev/null: %s\n",
1747 ap_server_argv0, strerror(errno));
1748 }
1749 /* stderr is a tricky one, we really want it to be the error_log,
1750 * but we haven't opened that yet. So leave it alone for now and it'll
1751 * be reopened moments later.
1752 */
1753 }
1754
1755 /* Set group privileges.
1756 *
1757 * Note that we use the username as set in the config files, rather than
1758 * the lookup of to uid --- the same uid may have multiple passwd entries,
1759 * with different sets of groups for each.
1760 */
1761
set_group_privs(void)1762 static void set_group_privs(void)
1763 {
1764 if (!geteuid()) {
1765 char *name;
1766
1767 /* Get username if passed as a uid */
1768
1769 if (ap_user_name[0] == '#') {
1770 struct passwd *ent;
1771 uid_t uid = atoi(&ap_user_name[1]);
1772
1773 if ((ent = getpwuid(uid)) == NULL) {
1774 ap_log_error(APLOG_MARK, APLOG_ALERT, server_conf,
1775 "getpwuid: couldn't determine user name from uid %u, "
1776 "you probably need to modify the User directive",
1777 (unsigned)uid);
1778 clean_child_exit(APEXIT_CHILDFATAL);
1779 }
1780
1781 name = ent->pw_name;
1782 }
1783 else
1784 name = ap_user_name;
1785
1786 /*
1787 * Set the GID before initgroups(), since on some platforms
1788 * setgid() is known to zap the group list.
1789 */
1790 if (setgid(ap_group_id) == -1) {
1791 ap_log_error(APLOG_MARK, APLOG_ALERT, server_conf,
1792 "setgid: unable to set group id to Group %u",
1793 (unsigned)ap_group_id);
1794 clean_child_exit(APEXIT_CHILDFATAL);
1795 }
1796
1797 /* Reset `groups' attributes. */
1798
1799 if (initgroups(name, ap_group_id) == -1) {
1800 ap_log_error(APLOG_MARK, APLOG_ALERT, server_conf,
1801 "initgroups: unable to set groups for User %s "
1802 "and Group %u", name, (unsigned)ap_group_id);
1803 clean_child_exit(APEXIT_CHILDFATAL);
1804 }
1805 }
1806 }
1807
1808 /* check to see if we have the 'suexec' setuid wrapper installed */
init_suexec(void)1809 static int init_suexec(void)
1810 {
1811 int result = 0;
1812
1813 struct stat wrapper;
1814
1815 if ((stat(SUEXEC_BIN, &wrapper)) != 0) {
1816 result = 0;
1817 }
1818 else if ((wrapper.st_mode & S_ISUID) && (wrapper.st_uid == 0)) {
1819 result = 1;
1820 }
1821 return result;
1822 }
1823
1824 /*****************************************************************
1825 * Connection structures and accounting...
1826 */
1827
1828
new_connection(pool * p,server_rec * server,BUFF * inout,const struct sockaddr * remaddr,const struct sockaddr * saddr,int child_num)1829 static conn_rec *new_connection(pool *p, server_rec *server, BUFF *inout,
1830 const struct sockaddr *remaddr,
1831 const struct sockaddr *saddr,
1832 int child_num)
1833 {
1834 conn_rec *conn = (conn_rec *) ap_pcalloc(p, sizeof(conn_rec));
1835 char hostnamebuf[MAXHOSTNAMELEN];
1836 size_t addr_len;
1837
1838 /* Got a connection structure, so initialize what fields we can
1839 * (the rest are zeroed out by pcalloc).
1840 */
1841
1842 conn->child_num = child_num;
1843
1844 conn->pool = p;
1845 #ifndef SIN6_LEN
1846 addr_len = SA_LEN(saddr);
1847 #else
1848 addr_len = saddr->sa_len;
1849 #endif
1850 memcpy(&conn->local_addr, saddr, addr_len);
1851 getnameinfo((struct sockaddr *)&conn->local_addr, addr_len,
1852 hostnamebuf, sizeof(hostnamebuf), NULL, 0, NI_NUMERICHOST);
1853 conn->local_ip = ap_pstrdup(conn->pool, hostnamebuf);
1854 conn->server = server; /* just a guess for now */
1855 ap_update_vhost_given_ip(conn);
1856 conn->base_server = conn->server;
1857 conn->client = inout;
1858
1859 #ifndef SIN6_LEN
1860 addr_len = SA_LEN(remaddr);
1861 #else
1862 addr_len = remaddr->sa_len;
1863 #endif
1864 memcpy(&conn->remote_addr, remaddr, addr_len);
1865 getnameinfo((struct sockaddr *)&conn->remote_addr, addr_len,
1866 hostnamebuf, sizeof(hostnamebuf), NULL, 0, NI_NUMERICHOST);
1867 conn->remote_ip = ap_pstrdup(conn->pool, hostnamebuf);
1868
1869 conn->ctx = ap_ctx_new(conn->pool);
1870
1871 /*
1872 * Invoke the `new_connection' hook of modules to let them do
1873 * some connection dependent actions before we go on with
1874 * processing the request on this connection.
1875 */
1876 {
1877 module *m;
1878 for (m = top_module; m != NULL; m = m->next)
1879 if (m->magic == MODULE_MAGIC_COOKIE_EAPI)
1880 if (m->new_connection != NULL)
1881 (*m->new_connection)(conn);
1882 }
1883
1884 return conn;
1885 }
1886
sock_disable_nagle(int s,struct sockaddr_in * sin_client)1887 static void sock_disable_nagle(int s, struct sockaddr_in *sin_client)
1888 {
1889 /* The Nagle algorithm says that we should delay sending partial
1890 * packets in hopes of getting more data. We don't want to do
1891 * this; we are not telnet. There are bad interactions between
1892 * persistent connections and Nagle's algorithm that have very severe
1893 * performance penalties. (Failing to disable Nagle is not much of a
1894 * problem with simple HTTP.)
1895 *
1896 * In spite of these problems, failure here is not a shooting offense.
1897 */
1898 int just_say_no = 1;
1899
1900 if (setsockopt(s, IPPROTO_TCP, TCP_NODELAY, (char *) &just_say_no,
1901 sizeof(int)) < 0) {
1902 if (sin_client) {
1903 ap_log_error(APLOG_MARK, APLOG_DEBUG, server_conf,
1904 "setsockopt: (TCP_NODELAY), client %pA probably "
1905 "dropped the connection", &sin_client->sin_addr);
1906 }
1907 else {
1908 ap_log_error(APLOG_MARK, APLOG_DEBUG, server_conf,
1909 "setsockopt: (TCP_NODELAY)");
1910 }
1911 }
1912 }
1913
make_sock(pool * p,const struct sockaddr * server)1914 static int make_sock(pool *p, const struct sockaddr *server)
1915 {
1916 int s;
1917 int one = 1;
1918 char addr[INET6_ADDRSTRLEN + 128];
1919 char a0[INET6_ADDRSTRLEN];
1920 char p0[NI_MAXSERV];
1921 #ifdef MPE
1922 int privport = 0;
1923 #endif
1924
1925 switch(server->sa_family){
1926 case AF_INET:
1927 #ifdef INET6
1928 case AF_INET6:
1929 #endif
1930 break;
1931 default:
1932 ap_log_error(APLOG_MARK, APLOG_CRIT, server_conf,
1933 "make_sock: unsupported address family %u",
1934 server->sa_family);
1935 ap_unblock_alarms();
1936 exit(1);
1937 }
1938
1939 getnameinfo(server,
1940 #ifndef SIN6_LEN
1941 SA_LEN(server),
1942 #else
1943 server->sa_len,
1944 #endif
1945 a0, sizeof(a0), p0, sizeof(p0), NI_NUMERICHOST | NI_NUMERICSERV);
1946 snprintf(addr, sizeof(addr), "address %s port %s", a0, p0);
1947 #ifdef MPE
1948 if (atoi(p0) < 1024)
1949 privport++;
1950 #endif
1951
1952 /* note that because we're about to slack we don't use psocket */
1953 ap_block_alarms();
1954 if ((s = socket(server->sa_family, SOCK_STREAM, IPPROTO_TCP)) == -1) {
1955 ap_log_error(APLOG_MARK, APLOG_CRIT, server_conf,
1956 "make_sock: failed to get a socket for %s", addr);
1957
1958 ap_unblock_alarms();
1959 exit(1);
1960 }
1961
1962 s = ap_slack(s, AP_SLACK_HIGH);
1963
1964 ap_note_cleanups_for_socket_ex(p, s, 1); /* arrange to close on exec or restart */
1965
1966 if (setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (char *) &one, sizeof(int)) < 0) {
1967 ap_log_error(APLOG_MARK, APLOG_CRIT, server_conf,
1968 "make_sock: for %s, setsockopt: (SO_REUSEADDR)", addr);
1969 closesocket(s);
1970 ap_unblock_alarms();
1971 exit(1);
1972 }
1973 one = 1;
1974 if (setsockopt(s, SOL_SOCKET, SO_KEEPALIVE, (char *) &one, sizeof(int)) < 0) {
1975 ap_log_error(APLOG_MARK, APLOG_CRIT, server_conf,
1976 "make_sock: for %s, setsockopt: (SO_KEEPALIVE)", addr);
1977 closesocket(s);
1978
1979 ap_unblock_alarms();
1980 exit(1);
1981 }
1982
1983 sock_disable_nagle(s, NULL);
1984 sock_enable_linger(s);
1985
1986 /*
1987 * To send data over high bandwidth-delay connections at full
1988 * speed we must force the TCP window to open wide enough to keep the
1989 * pipe full. The default window size on many systems
1990 * is only 4kB. Cross-country WAN connections of 100ms
1991 * at 1Mb/s are not impossible for well connected sites.
1992 * If we assume 100ms cross-country latency,
1993 * a 4kB buffer limits throughput to 40kB/s.
1994 *
1995 * To avoid this problem I've added the SendBufferSize directive
1996 * to allow the web master to configure send buffer size.
1997 *
1998 * The trade-off of larger buffers is that more kernel memory
1999 * is consumed. YMMV, know your customers and your network!
2000 *
2001 * -John Heidemann <johnh@isi.edu> 25-Oct-96
2002 *
2003 * If no size is specified, use the kernel default.
2004 */
2005 if (server_conf->send_buffer_size) {
2006 if (setsockopt(s, SOL_SOCKET, SO_SNDBUF,
2007 (char *) &server_conf->send_buffer_size, sizeof(int)) < 0) {
2008 ap_log_error(APLOG_MARK, APLOG_WARNING, server_conf,
2009 "make_sock: failed to set SendBufferSize for %s, "
2010 "using default", addr);
2011 /* not a fatal error */
2012 }
2013 }
2014
2015 #ifndef SIN6_LEN
2016 if (bind(s, server, SA_LEN(server)) == -1) {
2017 #else
2018 if (bind(s, server, server->sa_len) == -1) {
2019 #endif
2020 ap_log_error(APLOG_MARK, APLOG_CRIT, server_conf,
2021 "make_sock: could not bind to %s", addr);
2022
2023 closesocket(s);
2024 ap_unblock_alarms();
2025 exit(1);
2026 }
2027
2028 if (listen(s, ap_listenbacklog) == -1) {
2029 ap_log_error(APLOG_MARK, APLOG_ERR, server_conf,
2030 "make_sock: unable to listen for connections on %s", addr);
2031 closesocket(s);
2032 ap_unblock_alarms();
2033 exit(1);
2034 }
2035
2036 ap_unblock_alarms();
2037
2038 /* protect various fd_sets */
2039 if (s >= FD_SETSIZE) {
2040 ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING, NULL,
2041 "make_sock: problem listening on %s, filedescriptor (%u) "
2042 "larger than FD_SETSIZE (%u) "
2043 "found, you probably need to rebuild Apache with a "
2044 "larger FD_SETSIZE", addr, s, FD_SETSIZE);
2045 closesocket(s);
2046 exit(1);
2047 }
2048
2049 return s;
2050 }
2051
2052
2053 /*
2054 * During a restart we keep track of the old listeners here, so that we
2055 * can re-use the sockets. We have to do this because we won't be able
2056 * to re-open the sockets ("Address already in use").
2057 *
2058 * Unlike the listeners ring, old_listeners is a NULL terminated list.
2059 *
2060 * copy_listeners() makes the copy, find_listener() finds an old listener
2061 * and close_unused_listener() cleans up whatever wasn't used.
2062 */
2063 static listen_rec *old_listeners;
2064
2065 /* unfortunately copy_listeners may be called before listeners is a ring */
2066 static void copy_listeners(pool *p)
2067 {
2068 listen_rec *lr;
2069
2070 ap_assert(old_listeners == NULL);
2071 if (ap_listeners == NULL) {
2072 return;
2073 }
2074 lr = ap_listeners;
2075 do {
2076 listen_rec *nr = malloc(sizeof *nr);
2077
2078 if (nr == NULL) {
2079 fprintf(stderr, "Ouch! malloc failed in copy_listeners()\n");
2080 exit(1);
2081 }
2082 *nr = *lr;
2083 ap_kill_cleanups_for_socket(p, nr->fd);
2084 nr->next = old_listeners;
2085 ap_assert(!nr->used);
2086 old_listeners = nr;
2087 lr = lr->next;
2088 } while (lr && lr != ap_listeners);
2089 }
2090
2091
2092 static int find_listener(listen_rec *lr)
2093 {
2094 listen_rec *or;
2095
2096 for (or = old_listeners; or; or = or->next) {
2097 if (!memcmp(&or->local_addr, &lr->local_addr, sizeof(or->local_addr))) {
2098 or->used = 1;
2099 return or->fd;
2100 }
2101 }
2102 return -1;
2103 }
2104
2105
2106 static void close_unused_listeners(void)
2107 {
2108 listen_rec *or, *next;
2109
2110 for (or = old_listeners; or; or = next) {
2111 next = or->next;
2112 if (!or->used)
2113 closesocket(or->fd);
2114 free(or);
2115 }
2116 old_listeners = NULL;
2117 }
2118
2119
2120 /* open sockets, and turn the listeners list into a singly linked ring */
2121 static void setup_listeners(pool *p)
2122 {
2123 listen_rec *lr;
2124 int fd;
2125
2126 listenmaxfd = -1;
2127 FD_ZERO(&listenfds);
2128 lr = ap_listeners;
2129 for (;;) {
2130 fd = find_listener(lr);
2131 if (fd < 0) {
2132 fd = make_sock(p, (struct sockaddr *)&lr->local_addr);
2133 }
2134 else {
2135 ap_note_cleanups_for_socket_ex(p, fd, 1);
2136 }
2137 /* if we get here, (fd >= 0) && (fd < FD_SETSIZE) */
2138 if (fd >= 0) {
2139 FD_SET(fd, &listenfds);
2140 if (fd > listenmaxfd)
2141 listenmaxfd = fd;
2142 }
2143 lr->fd = fd;
2144 if (lr->next == NULL)
2145 break;
2146 lr = lr->next;
2147 }
2148 /* turn the list into a ring */
2149 lr->next = ap_listeners;
2150 head_listener = ap_listeners;
2151 close_unused_listeners();
2152
2153 }
2154
2155
2156 /*
2157 * Find a listener which is ready for accept(). This advances the
2158 * head_listener global.
2159 */
2160 static ap_inline listen_rec *find_ready_listener(fd_set * main_fds)
2161 {
2162 listen_rec *lr;
2163
2164 lr = head_listener;
2165 do {
2166 if (FD_ISSET(lr->fd, main_fds)) {
2167 head_listener = lr->next;
2168 return (lr);
2169 }
2170 lr = lr->next;
2171 } while (lr != head_listener);
2172 return NULL;
2173 }
2174
2175
2176 static void show_compile_settings(void)
2177 {
2178 printf("Server version: %s\n", ap_get_server_version());
2179 printf("Server's Module Magic Number: %u:%u\n",
2180 MODULE_MAGIC_NUMBER_MAJOR, MODULE_MAGIC_NUMBER_MINOR);
2181 printf("Server compiled with....\n");
2182 printf(" -D EAPI\n");
2183 #ifdef EAPI_MM
2184 printf(" -D EAPI_MM\n");
2185 #ifdef EAPI_MM_CORE_PATH
2186 printf(" -D EAPI_MM_CORE_PATH=\"" EAPI_MM_CORE_PATH "\"\n");
2187 #endif
2188 #endif
2189 printf(" -D HAVE_MMAP\n");
2190 printf(" -D HAVE_SHMGET\n");
2191 printf(" -D USE_MMAP_SCOREBOARD\n");
2192 printf(" -D USE_MMAP_FILES\n");
2193 #ifdef MMAP_SEGMENT_SIZE
2194 printf(" -D MMAP_SEGMENT_SIZE=%ld\n",(long)MMAP_SEGMENT_SIZE);
2195 #endif
2196 printf(" -D HAVE_FLOCK_SERIALIZED_ACCEPT\n");
2197 printf(" -D HAVE_SYSVSEM_SERIALIZED_ACCEPT\n");
2198 printf(" -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT\n");
2199 #ifdef BUFFERED_LOGS
2200 printf(" -D BUFFERED_LOGS\n");
2201 #ifdef PIPE_BUF
2202 printf(" -D PIPE_BUF=%ld\n",(long)PIPE_BUF);
2203 #endif
2204 #endif
2205 printf(" -D DYNAMIC_MODULE_LIMIT=%ld\n",(long)DYNAMIC_MODULE_LIMIT);
2206 printf(" -D HARD_SERVER_LIMIT=%ld\n",(long)HARD_SERVER_LIMIT);
2207
2208 /* This list displays the compiled-in default paths: */
2209 #ifdef HTTPD_ROOT
2210 printf(" -D HTTPD_ROOT=\"" HTTPD_ROOT "\"\n");
2211 #endif
2212 #if defined(SUEXEC_BIN)
2213 printf(" -D SUEXEC_BIN=\"" SUEXEC_BIN "\"\n");
2214 #endif
2215 #ifdef DEFAULT_PIDLOG
2216 printf(" -D DEFAULT_PIDLOG=\"" DEFAULT_PIDLOG "\"\n");
2217 #endif
2218 #ifdef DEFAULT_SCOREBOARD
2219 printf(" -D DEFAULT_SCOREBOARD=\"" DEFAULT_SCOREBOARD "\"\n");
2220 #endif
2221 #ifdef DEFAULT_LOCKFILE
2222 printf(" -D DEFAULT_LOCKFILE=\"" DEFAULT_LOCKFILE "\"\n");
2223 #endif
2224 #ifdef DEFAULT_ERRORLOG
2225 printf(" -D DEFAULT_ERRORLOG=\"" DEFAULT_ERRORLOG "\"\n");
2226 #endif
2227 #ifdef TYPES_CONFIG_FILE
2228 printf(" -D TYPES_CONFIG_FILE=\"" TYPES_CONFIG_FILE "\"\n");
2229 #endif
2230 #ifdef SERVER_CONFIG_FILE
2231 printf(" -D SERVER_CONFIG_FILE=\"" SERVER_CONFIG_FILE "\"\n");
2232 #endif
2233 #ifdef ACCESS_CONFIG_FILE
2234 printf(" -D ACCESS_CONFIG_FILE=\"" ACCESS_CONFIG_FILE "\"\n");
2235 #endif
2236 #ifdef RESOURCE_CONFIG_FILE
2237 printf(" -D RESOURCE_CONFIG_FILE=\"" RESOURCE_CONFIG_FILE "\"\n");
2238 #endif
2239 }
2240
2241
2242 /* Some init code that's common between win32 and unix... well actually
2243 * some of it is #ifdef'd but was duplicated before anyhow. This stuff
2244 * is still a mess.
2245 */
2246 static void common_init(void)
2247 {
2248 INIT_SIGLIST()
2249
2250
2251 pglobal = ap_init_alloc();
2252 pconf = ap_make_sub_pool(pglobal);
2253 plog = ap_make_sub_pool(pglobal);
2254 ptrans = ap_make_sub_pool(pconf);
2255
2256 ap_util_init();
2257 ap_util_uri_init();
2258
2259 pcommands = ap_make_sub_pool(NULL);
2260 ap_server_pre_read_config = ap_make_array(pcommands, 1, sizeof(char *));
2261 ap_server_post_read_config = ap_make_array(pcommands, 1, sizeof(char *));
2262 ap_server_config_defines = ap_make_array(pcommands, 1, sizeof(char *));
2263
2264 ap_hook_init();
2265 ap_hook_configure("ap::buff::read",
2266 AP_HOOK_SIG4(int,ptr,ptr,int), AP_HOOK_TOPMOST);
2267 ap_hook_configure("ap::buff::write",
2268 AP_HOOK_SIG4(int,ptr,ptr,int), AP_HOOK_TOPMOST);
2269 ap_hook_configure("ap::buff::writev",
2270 AP_HOOK_SIG4(int,ptr,ptr,int), AP_HOOK_TOPMOST);
2271 ap_hook_configure("ap::buff::sendwithtimeout",
2272 AP_HOOK_SIG4(int,ptr,ptr,int), AP_HOOK_TOPMOST);
2273 ap_hook_configure("ap::buff::recvwithtimeout",
2274 AP_HOOK_SIG4(int,ptr,ptr,int), AP_HOOK_TOPMOST);
2275
2276 ap_global_ctx = ap_ctx_new(NULL);
2277 }
2278
2279 /*****************************************************************
2280 * Child process main loop.
2281 * The following vars are static to avoid getting clobbered by longjmp();
2282 * they are really private to child_main.
2283 */
2284
2285 static int srv;
2286 static int csd;
2287 static int dupped_csd;
2288 static int requests_this_child;
2289 static fd_set main_fds;
2290
2291 API_EXPORT(void) ap_child_terminate(request_rec *r)
2292 {
2293 r->connection->keepalive = 0;
2294 requests_this_child = ap_max_requests_per_child = 1;
2295 }
2296
2297 static void child_main(int child_num_arg)
2298 {
2299 NET_SIZE_T clen;
2300 struct sockaddr_storage sa_server;
2301 struct sockaddr_storage sa_client;
2302 listen_rec *lr;
2303 struct rlimit rlp;
2304
2305 /* All of initialization is a critical section, we don't care if we're
2306 * told to HUP or USR1 before we're done initializing. For example,
2307 * we could be half way through child_init_modules() when a restart
2308 * signal arrives, and we'd have no real way to recover gracefully
2309 * and exit properly.
2310 *
2311 * I suppose a module could take forever to initialize, but that would
2312 * be either a broken module, or a broken configuration (i.e. network
2313 * problems, file locking problems, whatever). -djg
2314 */
2315 ap_block_alarms();
2316
2317 my_pid = getpid();
2318 csd = -1;
2319 dupped_csd = -1;
2320 my_child_num = child_num_arg;
2321 requests_this_child = 0;
2322
2323 setproctitle("child");
2324
2325 /*
2326 * set up rlimits to keep apache+scripting from leaking horribly
2327 */
2328 if (ap_max_cpu_per_child != 0){
2329 rlp.rlim_cur = rlp.rlim_max = ap_max_cpu_per_child;
2330 if (setrlimit(RLIMIT_CPU, &rlp) == -1){
2331 ap_log_error(APLOG_MARK, APLOG_ALERT, server_conf,
2332 "setrlimit: unable to set CPU limit to %d",
2333 ap_max_cpu_per_child);
2334 clean_child_exit(APEXIT_CHILDFATAL);
2335 }
2336 }
2337 if (ap_max_data_per_child != 0){
2338 rlp.rlim_cur = rlp.rlim_max = ap_max_data_per_child;
2339 if (setrlimit(RLIMIT_DATA, &rlp) == -1){
2340 ap_log_error(APLOG_MARK, APLOG_ALERT, server_conf,
2341 "setrlimit: unable to set data limit to %d",
2342 ap_max_data_per_child);
2343 clean_child_exit(APEXIT_CHILDFATAL);
2344 }
2345 }
2346 if (ap_max_nofile_per_child != 0){
2347 rlp.rlim_cur = rlp.rlim_max = ap_max_nofile_per_child;
2348 if (setrlimit(RLIMIT_NOFILE, &rlp) == -1){
2349 ap_log_error(APLOG_MARK, APLOG_ALERT, server_conf,
2350 "setrlimit: unable to set open file limit to %d",
2351 ap_max_nofile_per_child);
2352 clean_child_exit(APEXIT_CHILDFATAL);
2353 }
2354 }
2355 if (ap_max_rss_per_child != 0){
2356 rlp.rlim_cur = rlp.rlim_max = ap_max_rss_per_child;
2357 if (setrlimit(RLIMIT_RSS, &rlp) == -1){
2358 ap_log_error(APLOG_MARK, APLOG_ALERT, server_conf,
2359 "setrlimit: unable to set RSS limit to %d",
2360 ap_max_rss_per_child);
2361 clean_child_exit(APEXIT_CHILDFATAL);
2362 }
2363 }
2364 if (ap_max_stack_per_child != 0){
2365 rlp.rlim_cur = rlp.rlim_max = ap_max_stack_per_child;
2366 if (setrlimit(RLIMIT_STACK, &rlp) == -1){
2367 ap_log_error(APLOG_MARK, APLOG_ALERT, server_conf,
2368 "setrlimit: unable to set stack size limit to %d",
2369 ap_max_stack_per_child);
2370 clean_child_exit(APEXIT_CHILDFATAL);
2371 }
2372 }
2373 #ifdef RLIMIT_TIME
2374 if (ap_max_time_per_child != 0){
2375 rlp.rlim_cur = rlp.rlim_max = ap_max_time_per_child;
2376 if (setrlimit(RLIMIT_TIME, &rlp) == -1){
2377 ap_log_error(APLOG_MARK, APLOG_ALERT, server_conf,
2378 "setrlimit: unable to set humantime limit to %d",
2379 ap_max_time_per_child);
2380 clean_child_exit(APEXIT_CHILDFATAL);
2381 }
2382 }
2383 #endif
2384
2385 /* Get a sub pool for global allocations in this child, so that
2386 * we can have cleanups occur when the child exits.
2387 */
2388 pchild = ap_make_sub_pool(pconf);
2389 /* associate accept mutex cleanup with a subpool of pchild so we can
2390 * make sure the mutex is released before calling module code at
2391 * termination
2392 */
2393 pmutex = ap_make_sub_pool(pchild);
2394
2395 /* needs to be done before we switch UIDs so we have permissions */
2396 SAFE_ACCEPT(accept_mutex_child_init(pmutex));
2397
2398 set_group_privs();
2399 /*
2400 * Only try to switch if we're running as root
2401 * In case of Cygwin we have the special super-user named SYSTEM
2402 */
2403 if (!geteuid() && (
2404 setuid(ap_user_id) == -1)) {
2405 ap_log_error(APLOG_MARK, APLOG_ALERT, server_conf,
2406 "setuid: unable to change to uid: %u", ap_user_id);
2407 clean_child_exit(APEXIT_CHILDFATAL);
2408 }
2409
2410 ap_child_init_modules(pchild, server_conf);
2411
2412 /* done with the initialization critical section */
2413 ap_unblock_alarms();
2414
2415 (void) ap_update_child_status(my_child_num, SERVER_READY, (request_rec *) NULL);
2416
2417 /*
2418 * Setup the jump buffers so that we can return here after a timeout
2419 */
2420 ap_setjmp(jmpbuffer);
2421 signal(SIGURG, timeout);
2422 if (signal(SIGALRM, alrm_handler) == SIG_ERR) {
2423 fprintf(stderr, "installing signal handler for SIGALRM failed, errno %u\n", errno);
2424 }
2425
2426
2427 while (1) {
2428 BUFF *conn_io;
2429 request_rec *r;
2430
2431 /* Prepare to receive a SIGUSR1 due to graceful restart so that
2432 * we can exit cleanly. Since we're between connections right
2433 * now it's the right time to exit, but we might be blocked in a
2434 * system call when the graceful restart request is made. */
2435 usr1_just_die = 1;
2436 signal(SIGUSR1, usr1_handler);
2437
2438 /*
2439 * (Re)initialize this child to a pre-connection state.
2440 */
2441
2442 ap_kill_timeout(0); /* Cancel any outstanding alarms. */
2443 current_conn = NULL;
2444
2445 ap_clear_pool(ptrans);
2446
2447 if (ap_scoreboard_image->global.running_generation != ap_my_generation) {
2448 clean_child_exit(0);
2449 }
2450
2451 if ((ap_max_requests_per_child > 0
2452 && requests_this_child++ >= ap_max_requests_per_child)) {
2453 clean_child_exit(0);
2454 }
2455
2456 (void) ap_update_child_status(my_child_num, SERVER_READY, (request_rec *) NULL);
2457
2458 /*
2459 * Wait for an acceptable connection to arrive.
2460 */
2461
2462 /* Lock around "accept", if necessary */
2463 SAFE_ACCEPT(accept_mutex_on());
2464
2465 for (;;) {
2466 if (ap_listeners->next != ap_listeners) {
2467 /* more than one socket */
2468 memcpy(&main_fds, &listenfds, sizeof(fd_set));
2469 srv = ap_select(listenmaxfd + 1, &main_fds, NULL, NULL, NULL);
2470
2471 if (srv < 0 && errno != EINTR) {
2472 /* Single Unix documents select as returning errnos
2473 * EBADF, EINTR, and EINVAL... and in none of those
2474 * cases does it make sense to continue. In fact
2475 * on Linux 2.0.x we seem to end up with EFAULT
2476 * occasionally, and we'd loop forever due to it.
2477 */
2478 ap_log_error(APLOG_MARK, APLOG_ERR, server_conf, "select: (listen)");
2479 clean_child_exit(1);
2480 }
2481
2482 if (srv <= 0)
2483 continue;
2484
2485 lr = find_ready_listener(&main_fds);
2486 if (lr == NULL)
2487 continue;
2488 sd = lr->fd;
2489 }
2490 else {
2491 /* only one socket, just pretend we did the other stuff */
2492 sd = ap_listeners->fd;
2493 }
2494
2495 /* if we accept() something we don't want to die, so we have to
2496 * defer the exit
2497 */
2498 deferred_die = 0;
2499 usr1_just_die = 0;
2500 for (;;) {
2501 clen = sizeof(sa_client);
2502 csd = ap_accept(sd, (struct sockaddr *)&sa_client, &clen);
2503 if (csd >= 0 || errno != EINTR)
2504 break;
2505 if (deferred_die) {
2506 /* we didn't get a socket, and we were told to die */
2507 clean_child_exit(0);
2508 }
2509 }
2510
2511 if (csd >= 0)
2512 break; /* We have a socket ready for reading */
2513 else {
2514
2515 /* Our old behaviour here was to continue after accept()
2516 * errors. But this leads us into lots of troubles
2517 * because most of the errors are quite fatal. For
2518 * example, EMFILE can be caused by slow descriptor
2519 * leaks (say in a 3rd party module, or libc). It's
2520 * foolish for us to continue after an EMFILE. We also
2521 * seem to tickle kernel bugs on some platforms which
2522 * lead to never-ending loops here. So it seems best
2523 * to just exit in most cases.
2524 */
2525 switch (errno) {
2526
2527 case ECONNABORTED:
2528 /* Linux generates the rest of these, other tcp
2529 * stacks (i.e. bsd) tend to hide them behind
2530 * getsockopt() interfaces. They occur when
2531 * the net goes sour or the client disconnects
2532 * after the three-way handshake has been done
2533 * in the kernel but before userland has picked
2534 * up the socket.
2535 */
2536 case ECONNRESET:
2537 case ETIMEDOUT:
2538 case EHOSTUNREACH:
2539 case ENETUNREACH:
2540 break;
2541 case ENETDOWN:
2542 /*
2543 * When the network layer has been shut down, there
2544 * is not much use in simply exiting: the parent
2545 * would simply re-create us (and we'd fail again).
2546 * Use the CHILDFATAL code to tear the server down.
2547 * @@@ Martin's idea for possible improvement:
2548 * A different approach would be to define
2549 * a new APEXIT_NETDOWN exit code, the reception
2550 * of which would make the parent shutdown all
2551 * children, then idle-loop until it detected that
2552 * the network is up again, and restart the children.
2553 * Ben Hyde noted that temporary ENETDOWN situations
2554 * occur in mobile IP.
2555 */
2556 ap_log_error(APLOG_MARK, APLOG_EMERG, server_conf,
2557 "accept: giving up.");
2558 clean_child_exit(APEXIT_CHILDFATAL);
2559
2560 default:
2561 ap_log_error(APLOG_MARK, APLOG_ERR, server_conf,
2562 "accept: (client socket)");
2563 clean_child_exit(1);
2564 }
2565 }
2566
2567 /* go around again, safe to die */
2568 usr1_just_die = 1;
2569 if (deferred_die) {
2570 /* ok maybe not, see ya later */
2571 clean_child_exit(0);
2572 }
2573 /* or maybe we missed a signal, you never know on systems
2574 * without reliable signals
2575 */
2576 if (ap_scoreboard_image->global.running_generation != ap_my_generation) {
2577 clean_child_exit(0);
2578 }
2579 }
2580
2581 SAFE_ACCEPT(accept_mutex_off()); /* unlock after "accept" */
2582
2583
2584 /* We've got a socket, let's at least process one request off the
2585 * socket before we accept a graceful restart request.
2586 */
2587 signal(SIGUSR1, SIG_IGN);
2588
2589 ap_note_cleanups_for_socket_ex(ptrans, csd, 1);
2590
2591 /* protect various fd_sets */
2592 if (csd >= FD_SETSIZE) {
2593 ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING, NULL,
2594 "[csd] filedescriptor (%u) larger than FD_SETSIZE (%u) "
2595 "found, you probably need to rebuild Apache with a "
2596 "larger FD_SETSIZE", csd, FD_SETSIZE);
2597 continue;
2598 }
2599
2600 /*
2601 * We now have a connection, so set it up with the appropriate
2602 * socket options, file descriptors, and read/write buffers.
2603 */
2604
2605 clen = sizeof(sa_server);
2606 if (getsockname(csd, (struct sockaddr *)&sa_server, &clen) < 0) {
2607 ap_log_error(APLOG_MARK, APLOG_DEBUG, server_conf,
2608 "getsockname, client %pA probably dropped the "
2609 "connection",
2610 &((struct sockaddr_in *)&sa_client)->sin_addr);
2611 continue;
2612 }
2613
2614 sock_disable_nagle(csd, (struct sockaddr_in *)&sa_client);
2615
2616 (void) ap_update_child_status(my_child_num, SERVER_BUSY_READ,
2617 (request_rec *) NULL);
2618
2619 conn_io = ap_bcreate(ptrans, B_RDWR | B_SOCKET);
2620
2621 dupped_csd = csd;
2622 ap_bpushfd(conn_io, csd, dupped_csd);
2623
2624 current_conn = new_connection(ptrans, server_conf, conn_io,
2625 (struct sockaddr *)&sa_client,
2626 (struct sockaddr *)&sa_server,
2627 my_child_num);
2628
2629 /*
2630 * Read and process each request found on our connection
2631 * until no requests are left or we decide to close.
2632 */
2633
2634 while ((r = ap_read_request(current_conn)) != NULL) {
2635
2636 /* read_request_line has already done a
2637 * signal (SIGUSR1, SIG_IGN);
2638 */
2639
2640 (void) ap_update_child_status(my_child_num, SERVER_BUSY_WRITE, r);
2641
2642 /* process the request if it was read without error */
2643
2644 if (r->status == HTTP_OK)
2645 ap_process_request(r);
2646
2647 if(ap_extended_status)
2648 increment_counts(my_child_num, r);
2649
2650 if (!current_conn->keepalive || current_conn->aborted)
2651 break;
2652
2653 ap_destroy_pool(r->pool);
2654 (void) ap_update_child_status(my_child_num, SERVER_BUSY_KEEPALIVE,
2655 (request_rec *) NULL);
2656
2657 if (ap_scoreboard_image->global.running_generation != ap_my_generation) {
2658 ap_call_close_connection_hook(current_conn);
2659 ap_bclose(conn_io);
2660 clean_child_exit(0);
2661 }
2662
2663 /* In case we get a graceful restart while we're blocked
2664 * waiting for the request.
2665 *
2666 * XXX: This isn't perfect, we might actually read the
2667 * request and then just die without saying anything to
2668 * the client. This can be fixed by using deferred_die
2669 * but you have to teach buff.c about it so that it can handle
2670 * the EINTR properly.
2671 *
2672 * In practice though browsers (have to) expect keepalive
2673 * connections to close before receiving a response because
2674 * of network latencies and server timeouts.
2675 */
2676 usr1_just_die = 1;
2677 signal(SIGUSR1, usr1_handler);
2678 }
2679
2680 /*
2681 * Close the connection, being careful to send out whatever is still
2682 * in our buffers. If possible, try to avoid a hard close until the
2683 * client has ACKed our FIN and/or has stopped sending us data.
2684 */
2685
2686 if (r && r->connection
2687 && !r->connection->aborted
2688 && r->connection->client
2689 && (r->connection->client->fd >= 0)) {
2690
2691 lingering_close(r);
2692 }
2693 else {
2694 ap_call_close_connection_hook(current_conn);
2695 ap_bsetflag(conn_io, B_EOUT, 1);
2696 ap_bclose(conn_io);
2697 }
2698 }
2699 }
2700
2701
2702 static int make_child(server_rec *s, int slot, time_t now)
2703 {
2704 int pid;
2705
2706 if (slot + 1 > max_daemons_limit) {
2707 max_daemons_limit = slot + 1;
2708 }
2709
2710 if (one_process) {
2711 signal(SIGHUP, just_die);
2712 signal(SIGINT, just_die);
2713 signal(SIGQUIT, SIG_DFL);
2714 signal(SIGTERM, just_die);
2715 child_main(slot);
2716 }
2717
2718 /* avoid starvation */
2719 head_listener = head_listener->next;
2720
2721 Explain1("Starting new child in slot %d", slot);
2722 (void) ap_update_child_status(slot, SERVER_STARTING, (request_rec *) NULL);
2723
2724
2725 if ((pid = fork()) == -1) {
2726 ap_log_error(APLOG_MARK, APLOG_ERR, s, "fork: Unable to fork new process");
2727
2728 /* fork didn't succeed. Fix the scoreboard or else
2729 * it will say SERVER_STARTING forever and ever
2730 */
2731 (void) ap_update_child_status(slot, SERVER_DEAD, (request_rec *) NULL);
2732
2733 /* In case system resources are maxxed out, we don't want
2734 Apache running away with the CPU trying to fork over and
2735 over and over again. */
2736 sleep(10);
2737
2738 return -1;
2739 }
2740
2741 if (!pid) {
2742 RAISE_SIGSTOP(MAKE_CHILD);
2743 MONCONTROL(1);
2744 /* Disable the restart signal handlers and enable the just_die stuff.
2745 * Note that since restart() just notes that a restart has been
2746 * requested there's no race condition here.
2747 */
2748 signal(SIGHUP, just_die);
2749 signal(SIGUSR1, just_die);
2750 signal(SIGTERM, just_die);
2751 child_main(slot);
2752 }
2753
2754 ap_scoreboard_image->parent[slot].last_rtime = now;
2755 ap_scoreboard_image->parent[slot].pid = pid;
2756 return 0;
2757 }
2758
2759
2760 /* start up a bunch of children */
2761 static void startup_children(int number_to_start)
2762 {
2763 int i;
2764 time_t now = time(NULL);
2765
2766 for (i = 0; number_to_start && i < ap_daemons_limit; ++i) {
2767 if (ap_scoreboard_image->servers[i].status != SERVER_DEAD) {
2768 continue;
2769 }
2770 if (make_child(server_conf, i, now) < 0) {
2771 break;
2772 }
2773 --number_to_start;
2774 }
2775 }
2776
2777
2778 /*
2779 * idle_spawn_rate is the number of children that will be spawned on the
2780 * next maintenance cycle if there aren't enough idle servers. It is
2781 * doubled up to MAX_SPAWN_RATE, and reset only when a cycle goes by
2782 * without the need to spawn.
2783 */
2784 static int idle_spawn_rate = 1;
2785 #ifndef MAX_SPAWN_RATE
2786 #define MAX_SPAWN_RATE (32)
2787 #endif
2788 static int hold_off_on_exponential_spawning;
2789
2790 /*
2791 * Define the signal that is used to kill off children if idle_count
2792 * is greater then ap_daemons_max_free. Usually we will use SIGUSR1
2793 * to gracefully shutdown, but unfortunatly some OS will need other
2794 * signals to ensure that the child process is terminated and the
2795 * scoreboard pool is not growing to infinity. Also set the signal we
2796 * use to kill of childs that exceed timeout. This effect has been
2797 * seen at least on Cygwin 1.x. -- Stipe Tolj <tolj@wapme-systems.de>
2798 */
2799 #define SIG_IDLE_KILL SIGUSR1
2800 #define SIG_TIMEOUT_KILL SIGALRM
2801
2802 static void perform_idle_server_maintenance(void)
2803 {
2804 int i;
2805 int to_kill;
2806 int idle_count;
2807 short_score *ss;
2808 time_t now = time(NULL);
2809 int free_length;
2810 int free_slots[MAX_SPAWN_RATE];
2811 int last_non_dead;
2812 int total_non_dead;
2813
2814 /* initialize the free_list */
2815 free_length = 0;
2816
2817 to_kill = -1;
2818 idle_count = 0;
2819 last_non_dead = -1;
2820 total_non_dead = 0;
2821
2822 for (i = 0; i < ap_daemons_limit; ++i) {
2823 int status;
2824
2825 if (i >= max_daemons_limit && free_length == idle_spawn_rate)
2826 break;
2827 ss = &ap_scoreboard_image->servers[i];
2828 status = ss->status;
2829 if (status == SERVER_DEAD) {
2830 /* try to keep children numbers as low as possible */
2831 if (free_length < idle_spawn_rate) {
2832 free_slots[free_length] = i;
2833 ++free_length;
2834 }
2835 }
2836 else {
2837 /* We consider a starting server as idle because we started it
2838 * at least a cycle ago, and if it still hasn't finished starting
2839 * then we're just going to swamp things worse by forking more.
2840 * So we hopefully won't need to fork more if we count it.
2841 * This depends on the ordering of SERVER_READY and SERVER_STARTING.
2842 */
2843 if (status <= SERVER_READY) {
2844 ++ idle_count;
2845 /* always kill the highest numbered child if we have to...
2846 * no really well thought out reason ... other than observing
2847 * the server behaviour under linux where lower numbered children
2848 * tend to service more hits (and hence are more likely to have
2849 * their data in cpu caches).
2850 */
2851 to_kill = i;
2852 }
2853
2854 ++total_non_dead;
2855 last_non_dead = i;
2856 if (ss->timeout_len) {
2857 /* if it's a live server, with a live timeout then
2858 * start checking its timeout */
2859 parent_score *ps = &ap_scoreboard_image->parent[i];
2860 if (ss->cur_vtime != ps->last_vtime) {
2861 /* it has made progress, so update its last_rtime,
2862 * last_vtime */
2863 ps->last_rtime = now;
2864 ps->last_vtime = ss->cur_vtime;
2865 }
2866 else if (ps->last_rtime + ss->timeout_len < now) {
2867 /* no progress, and the timeout length has been exceeded */
2868 ss->timeout_len = 0;
2869 safe_child_kill(ps->pid, SIG_TIMEOUT_KILL);
2870 }
2871 }
2872 }
2873 }
2874 max_daemons_limit = last_non_dead + 1;
2875 if (idle_count > ap_daemons_max_free) {
2876 /* kill off one child... we use SIGUSR1 because that'll cause it to
2877 * shut down gracefully, in case it happened to pick up a request
2878 * while we were counting. Use the define SIG_IDLE_KILL to reflect
2879 * which signal should be used on the specific OS.
2880 */
2881 safe_child_kill(ap_scoreboard_image->parent[to_kill].pid, SIG_IDLE_KILL);
2882 idle_spawn_rate = 1;
2883 }
2884 else if (idle_count < ap_daemons_min_free) {
2885 /* terminate the free list */
2886 if (free_length == 0) {
2887 /* only report this condition once */
2888 static int reported = 0;
2889
2890 if (!reported) {
2891 ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, server_conf,
2892 "server reached MaxClients setting, consider"
2893 " raising the MaxClients setting");
2894 reported = 1;
2895 }
2896 idle_spawn_rate = 1;
2897 }
2898 else {
2899 if (idle_spawn_rate >= 8) {
2900 ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_INFO, server_conf,
2901 "server seems busy, (you may need "
2902 "to increase StartServers, or Min/MaxSpareServers), "
2903 "spawning %d children, there are %d idle, and "
2904 "%d total children", idle_spawn_rate,
2905 idle_count, total_non_dead);
2906 }
2907 for (i = 0; i < free_length; ++i) {
2908 make_child(server_conf, free_slots[i], now);
2909 }
2910 /* the next time around we want to spawn twice as many if this
2911 * wasn't good enough, but not if we've just done a graceful
2912 */
2913 if (hold_off_on_exponential_spawning) {
2914 --hold_off_on_exponential_spawning;
2915 }
2916 else if (idle_spawn_rate < MAX_SPAWN_RATE) {
2917 idle_spawn_rate *= 2;
2918 }
2919 }
2920 }
2921 else {
2922 idle_spawn_rate = 1;
2923 }
2924 }
2925
2926
2927 static void process_child_status(int pid, ap_wait_t status)
2928 {
2929 /* Child died... if it died due to a fatal error,
2930 * we should simply bail out.
2931 */
2932 if ((WIFEXITED(status)) &&
2933 WEXITSTATUS(status) == APEXIT_CHILDFATAL) {
2934 /* cleanup pid file -- it is useless after our exiting */
2935 const char *pidfile = NULL;
2936 pidfile = ap_server_root_relative (pconf, ap_pid_fname);
2937 if ( pidfile != NULL && unlink(pidfile) == 0)
2938 ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_INFO,
2939 server_conf,
2940 "removed PID file %s (pid=%ld)",
2941 pidfile, (long)getpid());
2942 ap_log_error(APLOG_MARK, APLOG_ALERT|APLOG_NOERRNO, server_conf,
2943 "Child %d returned a Fatal error... \n"
2944 "Apache is exiting!",
2945 pid);
2946 exit(APEXIT_CHILDFATAL);
2947 }
2948 if (WIFSIGNALED(status)) {
2949 switch (WTERMSIG(status)) {
2950 case SIGTERM:
2951 case SIGHUP:
2952 case SIGUSR1:
2953 case SIGKILL:
2954 break;
2955 default:
2956 if (WCOREDUMP(status)) {
2957 ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE,
2958 server_conf,
2959 "child pid %d exit signal %s (%d), "
2960 "possible coredump in %s",
2961 pid, (WTERMSIG(status) >= NumSIG) ? "" :
2962 SYS_SIGLIST[WTERMSIG(status)], WTERMSIG(status),
2963 ap_coredump_dir);
2964 }
2965 else {
2966 ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE,
2967 server_conf,
2968 "child pid %d exit signal %s (%d)", pid,
2969 SYS_SIGLIST[WTERMSIG(status)], WTERMSIG(status));
2970 }
2971 }
2972 }
2973 }
2974
2975
2976 /*****************************************************************
2977 * Executive routines.
2978 */
2979
2980 #ifndef STANDALONE_MAIN
2981 #define STANDALONE_MAIN standalone_main
2982
2983 static void standalone_main(int argc, char **argv)
2984 {
2985 int remaining_children_to_start;
2986
2987
2988 ap_standalone = 1;
2989
2990 is_graceful = 0;
2991
2992 if (!one_process) {
2993 detach();
2994 }
2995 else {
2996 MONCONTROL(1);
2997 }
2998
2999 my_pid = getpid();
3000
3001 do {
3002 copy_listeners(pconf);
3003 if (!is_graceful) {
3004 ap_restart_time = time(NULL);
3005 }
3006 ap_clear_pool(pconf);
3007 ptrans = ap_make_sub_pool(pconf);
3008
3009 ap_init_mutex_method(ap_default_mutex_method());
3010
3011 server_conf = ap_read_config(pconf, ptrans, ap_server_confname);
3012 setup_listeners(pconf);
3013 ap_clear_pool(plog);
3014
3015 /*
3016 * we cannot reopen the logfiles once we dropped permissions,
3017 * we cannot write the pidfile (pointless anyway), and we can't
3018 * reload & reinit the modules.
3019 */
3020
3021 if (!is_chrooted) {
3022 ap_open_logs(server_conf, plog);
3023 ap_log_pid(pconf, ap_pid_fname);
3024 }
3025 ap_set_version(); /* create our server_version string */
3026 ap_init_modules(pconf, server_conf);
3027 ap_init_etag(pconf);
3028 version_locked++; /* no more changes to server_version */
3029
3030 if(!is_graceful && !is_chrooted) {
3031 if (ap_server_chroot) {
3032 if (geteuid()) {
3033 ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_EMERG,
3034 server_conf, "can't run in secure mode if not "
3035 "started with root privs.");
3036 exit(1);
3037 }
3038
3039 /* initialize /dev/crypto, XXX check for -DSSL option */
3040 #ifdef MOD_SSL
3041 OpenSSL_add_all_algorithms();
3042 #endif
3043
3044 if (initgroups(ap_user_name, ap_group_id)) {
3045 ap_log_error(APLOG_MARK, APLOG_CRIT, server_conf,
3046 "initgroups: unable to set groups for User %s "
3047 "and Group %u", ap_user_name, (unsigned)ap_group_id);
3048 exit(1);
3049 }
3050
3051 if (chroot(ap_server_root) < 0) {
3052 ap_log_error(APLOG_MARK, APLOG_EMERG, server_conf,
3053 "unable to chroot into %s!", ap_server_root);
3054 exit(1);
3055 }
3056 ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE,
3057 server_conf, "chrooted in %s", ap_server_root);
3058 chdir("/");
3059 is_chrooted = 1;
3060 setproctitle("parent [chroot %s]", ap_server_root);
3061
3062 if (setresgid(ap_group_id, ap_group_id, ap_group_id) != 0 ||
3063 setresuid(ap_user_id, ap_user_id, ap_user_id) != 0) {
3064 ap_log_error(APLOG_MARK, APLOG_CRIT, server_conf,
3065 "can't drop privileges!");
3066 exit(1);
3067 } else
3068 ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE,
3069 server_conf, "changed to uid %u, gid %u",
3070 ap_user_id, ap_group_id);
3071 } else
3072 setproctitle("parent");
3073 }
3074
3075
3076 SAFE_ACCEPT(accept_mutex_init(pconf));
3077 if (!is_graceful) {
3078 reinit_scoreboard(pconf);
3079 }
3080 set_signals();
3081
3082 if (ap_daemons_max_free < ap_daemons_min_free + 1) /* Don't thrash... */
3083 ap_daemons_max_free = ap_daemons_min_free + 1;
3084
3085 /* If we're doing a graceful_restart then we're going to see a lot
3086 * of children exiting immediately when we get into the main loop
3087 * below (because we just sent them SIGUSR1). This happens pretty
3088 * rapidly... and for each one that exits we'll start a new one until
3089 * we reach at least daemons_min_free. But we may be permitted to
3090 * start more than that, so we'll just keep track of how many we're
3091 * supposed to start up without the 1 second penalty between each fork.
3092 */
3093 remaining_children_to_start = ap_daemons_to_start;
3094 if (remaining_children_to_start > ap_daemons_limit) {
3095 remaining_children_to_start = ap_daemons_limit;
3096 }
3097 if (!is_graceful) {
3098 startup_children(remaining_children_to_start);
3099 remaining_children_to_start = 0;
3100 }
3101 else {
3102 /* give the system some time to recover before kicking into
3103 * exponential mode */
3104 hold_off_on_exponential_spawning = 10;
3105 }
3106
3107 ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE, server_conf,
3108 "%s configured -- resuming normal operations",
3109 ap_get_server_version());
3110 if (ap_suexec_enabled) {
3111 ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE, server_conf,
3112 "suEXEC mechanism enabled (wrapper: %s)", SUEXEC_BIN);
3113 }
3114 ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE, server_conf,
3115 "Accept mutex: %s (Default: %s)",
3116 amutex->name, ap_default_mutex_method());
3117 restart_pending = shutdown_pending = 0;
3118
3119 while (!restart_pending && !shutdown_pending) {
3120 int child_slot;
3121 ap_wait_t status;
3122 int pid = wait_or_timeout(&status);
3123
3124 /* XXX: if it takes longer than 1 second for all our children
3125 * to start up and get into IDLE state then we may spawn an
3126 * extra child
3127 */
3128 if (pid >= 0) {
3129 process_child_status(pid, status);
3130 /* non-fatal death... note that it's gone in the scoreboard. */
3131 child_slot = find_child_by_pid(pid);
3132 Explain2("Reaping child %d slot %d", pid, child_slot);
3133 if (child_slot >= 0) {
3134 (void) ap_update_child_status(child_slot, SERVER_DEAD,
3135 (request_rec *) NULL);
3136 if (remaining_children_to_start
3137 && child_slot < ap_daemons_limit) {
3138 /* we're still doing a 1-for-1 replacement of dead
3139 * children with new children
3140 */
3141 make_child(server_conf, child_slot, time(NULL));
3142 --remaining_children_to_start;
3143 }
3144 }
3145 else if (reap_other_child(pid, status) == 0) {
3146 /* handled */
3147 }
3148 else if (is_graceful) {
3149 /* Great, we've probably just lost a slot in the
3150 * scoreboard. Somehow we don't know about this
3151 * child.
3152 */
3153 ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING, server_conf,
3154 "long lost child came home! (pid %d)", pid);
3155 }
3156 /* Don't perform idle maintenance when a child dies,
3157 * only do it when there's a timeout. Remember only a
3158 * finite number of children can die, and it's pretty
3159 * pathological for a lot to die suddenly.
3160 */
3161 continue;
3162 }
3163 else if (remaining_children_to_start) {
3164 /* we hit a 1 second timeout in which none of the previous
3165 * generation of children needed to be reaped... so assume
3166 * they're all done, and pick up the slack if any is left.
3167 */
3168 startup_children(remaining_children_to_start);
3169 remaining_children_to_start = 0;
3170 /* In any event we really shouldn't do the code below because
3171 * few of the servers we just started are in the IDLE state
3172 * yet, so we'd mistakenly create an extra server.
3173 */
3174 continue;
3175 }
3176
3177 perform_idle_server_maintenance();
3178 }
3179
3180 if (shutdown_pending) {
3181 /* Time to gracefully shut down:
3182 * Kill child processes, tell them to call child_exit, etc...
3183 */
3184 if (ap_killpg(pgrp, SIGTERM) < 0) {
3185 ap_log_error(APLOG_MARK, APLOG_WARNING, server_conf, "killpg SIGTERM");
3186 }
3187 reclaim_child_processes(1); /* Start with SIGTERM */
3188
3189 /* cleanup pid file on normal shutdown */
3190 {
3191 char *pidfile = NULL;
3192 pidfile = ap_server_root_relative (pconf, ap_pid_fname);
3193 ap_server_strip_chroot(pidfile, 0);
3194 if ( pidfile != NULL && unlink(pidfile) == 0)
3195 ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_INFO,
3196 server_conf,
3197 "removed PID file %s (pid=%u)",
3198 pidfile, getpid());
3199 }
3200
3201 ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE, server_conf,
3202 "caught SIGTERM, shutting down");
3203 clean_parent_exit(0);
3204 }
3205
3206 /* we've been told to restart */
3207 signal(SIGHUP, SIG_IGN);
3208 signal(SIGUSR1, SIG_IGN);
3209
3210 if (one_process) {
3211 /* not worth thinking about */
3212 clean_parent_exit(0);
3213 }
3214
3215 /* advance to the next generation */
3216 /* XXX: we really need to make sure this new generation number isn't in
3217 * use by any of the children.
3218 */
3219 ++ap_my_generation;
3220 ap_scoreboard_image->global.running_generation = ap_my_generation;
3221
3222 if (is_graceful) {
3223 int i;
3224 ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE, server_conf,
3225 "SIGUSR1 received. Doing graceful restart");
3226
3227 /* kill off the idle ones */
3228 if (ap_killpg(pgrp, SIGUSR1) < 0) {
3229 ap_log_error(APLOG_MARK, APLOG_WARNING, server_conf, "killpg SIGUSR1");
3230 }
3231 /* This is mostly for debugging... so that we know what is still
3232 * gracefully dealing with existing request. But we can't really
3233 * do it if we're in a SCOREBOARD_FILE because it'll cause
3234 * corruption too easily.
3235 */
3236 for (i = 0; i < ap_daemons_limit; ++i) {
3237 if (ap_scoreboard_image->servers[i].status != SERVER_DEAD) {
3238 ap_scoreboard_image->servers[i].status = SERVER_GRACEFUL;
3239 }
3240 }
3241 }
3242 else {
3243 /* Kill 'em off */
3244 if (ap_killpg(pgrp, SIGHUP) < 0) {
3245 ap_log_error(APLOG_MARK, APLOG_WARNING, server_conf, "killpg SIGHUP");
3246 }
3247 reclaim_child_processes(0); /* Not when just starting up */
3248 ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE, server_conf,
3249 "SIGHUP received. Attempting to restart");
3250 }
3251 } while (restart_pending);
3252
3253 /*add_common_vars(NULL);*/
3254 } /* standalone_main */
3255 #else
3256 /* prototype */
3257 void STANDALONE_MAIN(int argc, char **argv);
3258 #endif /* STANDALONE_MAIN */
3259
3260 extern char *optarg;
3261 extern int optind;
3262
3263 int REALMAIN(int argc, char *argv[])
3264 {
3265 int c;
3266 int sock_in;
3267 int sock_out;
3268 char *s;
3269
3270 MONCONTROL(0);
3271
3272 common_init();
3273
3274 if ((s = strrchr(argv[0], PATHSEPARATOR)) != NULL) {
3275 ap_server_argv0 = ++s;
3276 }
3277 else {
3278 ap_server_argv0 = argv[0];
3279 }
3280
3281 ap_cpystrn(ap_server_root, HTTPD_ROOT, sizeof(ap_server_root));
3282 ap_cpystrn(ap_server_confname, SERVER_CONFIG_FILE, sizeof(ap_server_confname));
3283
3284 ap_setup_prelinked_modules();
3285
3286 while ((c = getopt(argc, argv,
3287 "D:C:c:xXd:Ff:vVlLR:StTh4u"
3288 #ifdef INET6
3289 "6"
3290 #endif
3291 #ifdef DEBUG_SIGSTOP
3292 "Z:"
3293 #endif
3294 )) != -1) {
3295 char **new;
3296 switch (c) {
3297 case 'c':
3298 new = (char **)ap_push_array(ap_server_post_read_config);
3299 *new = ap_pstrdup(pcommands, optarg);
3300 break;
3301 case 'C':
3302 new = (char **)ap_push_array(ap_server_pre_read_config);
3303 *new = ap_pstrdup(pcommands, optarg);
3304 break;
3305 case 'D':
3306 new = (char **)ap_push_array(ap_server_config_defines);
3307 *new = ap_pstrdup(pcommands, optarg);
3308 break;
3309 case 'd':
3310 ap_cpystrn(ap_server_root, optarg, sizeof(ap_server_root));
3311 break;
3312 case 'F':
3313 do_detach = 0;
3314 break;
3315 case 'f':
3316 ap_cpystrn(ap_server_confname, optarg, sizeof(ap_server_confname));
3317 break;
3318 case 'v':
3319 ap_server_tokens = SrvTk_FULL;
3320 ap_set_version();
3321 printf("Server version: %s\n", ap_get_server_version());
3322 exit(0);
3323 case 'V':
3324 ap_server_tokens = SrvTk_FULL;
3325 ap_set_version();
3326 show_compile_settings();
3327 exit(0);
3328 case 'l':
3329 ap_suexec_enabled = init_suexec();
3330 ap_show_modules();
3331 exit(0);
3332 case 'L':
3333 ap_show_directives();
3334 exit(0);
3335 case 'X':
3336 ++one_process; /* Weird debugging mode. */
3337 break;
3338 #ifdef DEBUG_SIGSTOP
3339 case 'Z':
3340 raise_sigstop_flags = atoi(optarg);
3341 break;
3342 #endif
3343 case 'S':
3344 ap_dump_settings = 1;
3345 break;
3346 case 't':
3347 ap_configtestonly = 1;
3348 ap_docrootcheck = 1;
3349 break;
3350 case 'T':
3351 ap_configtestonly = 1;
3352 ap_docrootcheck = 0;
3353 break;
3354 case 'h':
3355 usage(argv[0]);
3356 case '4':
3357 ap_default_family = PF_INET;
3358 break;
3359 #ifdef INET6
3360 case '6':
3361 ap_default_family = PF_INET6;
3362 break;
3363 #endif
3364 case 'u':
3365 ap_server_chroot = 0;
3366 break;
3367 case '?':
3368 usage(argv[0]);
3369 }
3370 }
3371 ap_init_alloc_shared(TRUE);
3372
3373 ap_suexec_enabled = init_suexec();
3374 server_conf = ap_read_config(pconf, ptrans, ap_server_confname);
3375
3376 ap_init_alloc_shared(FALSE);
3377
3378 if (ap_configtestonly) {
3379 fprintf(stderr, "Syntax OK\n");
3380 clean_parent_exit(0);
3381 }
3382 if (ap_dump_settings) {
3383 clean_parent_exit(0);
3384 }
3385
3386 child_timeouts = !ap_standalone || one_process;
3387
3388
3389 if (ap_standalone) {
3390 ap_open_logs(server_conf, plog);
3391 ap_set_version();
3392 ap_init_modules(pconf, server_conf);
3393 version_locked++;
3394 STANDALONE_MAIN(argc, argv);
3395 }
3396 else {
3397 conn_rec *conn;
3398 request_rec *r;
3399 BUFF *cio;
3400 struct sockaddr_storage sa_server, sa_client;
3401 NET_SIZE_T l;
3402 char servbuf[NI_MAXSERV];
3403
3404 ap_set_version();
3405 /* Yes this is called twice. */
3406 ap_init_modules(pconf, server_conf);
3407 version_locked++;
3408 ap_open_logs(server_conf, plog);
3409 ap_init_modules(pconf, server_conf);
3410 set_group_privs();
3411
3412 /*
3413 * Only try to switch if we're running as root
3414 * In case of Cygwin we have the special super-user named SYSTEM
3415 * with a pre-defined uid.
3416 */
3417 if (!geteuid() && setuid(ap_user_id) == -1) {
3418 ap_log_error(APLOG_MARK, APLOG_ALERT, server_conf,
3419 "setuid: unable to change to uid: %u",
3420 ap_user_id);
3421 exit(1);
3422 }
3423 if (ap_setjmp(jmpbuffer)) {
3424 exit(0);
3425 }
3426
3427 sock_in = fileno(stdin);
3428 sock_out = fileno(stdout);
3429
3430 l = sizeof(sa_client);
3431 if ((getpeername(sock_in, (struct sockaddr *)&sa_client, &l)) < 0) {
3432 /* get peername will fail if the input isn't a socket */
3433 perror("getpeername");
3434 memset(&sa_client, '\0', sizeof(sa_client));
3435 }
3436
3437 l = sizeof(sa_server);
3438 if (getsockname(sock_in, (struct sockaddr *)&sa_server, &l) < 0) {
3439 perror("getsockname");
3440 fprintf(stderr, "Error getting local address\n");
3441 exit(1);
3442 }
3443 if (getnameinfo(((struct sockaddr *)&sa_server), l,
3444 NULL, 0, servbuf, sizeof(servbuf),
3445 NI_NUMERICSERV)){
3446 fprintf(stderr, "getnameinfo(): family=%d\n", sa_server.ss_family);
3447 exit(1);
3448 }
3449 servbuf[sizeof(servbuf)-1] = '\0';
3450 server_conf->port = atoi(servbuf);
3451 cio = ap_bcreate(ptrans, B_RDWR | B_SOCKET);
3452 cio->fd = sock_out;
3453 cio->fd_in = sock_in;
3454 conn = new_connection(ptrans, server_conf, cio,
3455 (struct sockaddr *)&sa_client,
3456 (struct sockaddr *)&sa_server, -1);
3457
3458 while ((r = ap_read_request(conn)) != NULL) {
3459
3460 if (r->status == HTTP_OK)
3461 ap_process_request(r);
3462
3463 if (!conn->keepalive || conn->aborted)
3464 break;
3465
3466 ap_destroy_pool(r->pool);
3467 }
3468
3469 ap_call_close_connection_hook(conn);
3470
3471 ap_bclose(cio);
3472 }
3473 exit(0);
3474 }
3475
3476 #include "httpd.h"
3477 /*
3478 * Force ap_validate_password() into the image so that modules like
3479 * mod_auth can use it even if they're dynamically loaded.
3480 */
3481 void suck_in_ap_validate_password(void);
3482 void suck_in_ap_validate_password(void)
3483 {
3484 ap_validate_password("a", "b");
3485 }
3486
3487 API_EXPORT(void) ap_server_strip_chroot(char *src, int force)
3488 {
3489 char buf[MAX_STRING_LEN];
3490
3491 if(src != NULL && ap_server_chroot && (is_chrooted || force)) {
3492 if (strncmp(ap_server_root, src, strlen(ap_server_root)) == 0) {
3493 strlcpy(buf, src+strlen(ap_server_root), MAX_STRING_LEN);
3494 strlcpy(src, buf, strlen(src));
3495 }
3496 }
3497 }
3498
3499 API_EXPORT(int) ap_server_is_chrooted()
3500 {
3501 return(is_chrooted);
3502 }
3503
3504 API_EXPORT(int) ap_server_chroot_desired()
3505 {
3506 return(ap_server_chroot);
3507 }
3508