1 /* $OpenBSD: http_main.c,v 1.49 2007/08/09 10:44:54 martynas Exp $ */
2 
3 /* ====================================================================
4  * The Apache Software License, Version 1.1
5  *
6  * Copyright © 2013
7  *	Thorsten “mirabilos” Glaser <tg@mirbsd.org>
8  * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
9  * reserved.
10  *
11  * Redistribution and use in source and binary forms, with or without
12  * modification, are permitted provided that the following conditions
13  * are met:
14  *
15  * 1. Redistributions of source code must retain the above copyright
16  *    notice, this list of conditions and the following disclaimer.
17  *
18  * 2. Redistributions in binary form must reproduce the above copyright
19  *    notice, this list of conditions and the following disclaimer in
20  *    the documentation and/or other materials provided with the
21  *    distribution.
22  *
23  * 3. The end-user documentation included with the redistribution,
24  *    if any, must include the following acknowledgment:
25  *       "This product includes software developed by the
26  *        Apache Software Foundation (http://www.apache.org/)."
27  *    Alternately, this acknowledgment may appear in the software itself,
28  *    if and wherever such third-party acknowledgments normally appear.
29  *
30  * 4. The names "Apache" and "Apache Software Foundation" must
31  *    not be used to endorse or promote products derived from this
32  *    software without prior written permission. For written
33  *    permission, please contact apache@apache.org.
34  *
35  * 5. Products derived from this software may not be called "Apache",
36  *    nor may "Apache" appear in their name, without prior written
37  *    permission of the Apache Software Foundation.
38  *
39  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
40  * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
41  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
42  * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
43  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
45  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
46  * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
47  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
48  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
49  * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50  * SUCH DAMAGE.
51  * ====================================================================
52  *
53  * This software consists of voluntary contributions made by many
54  * individuals on behalf of the Apache Software Foundation.  For more
55  * information on the Apache Software Foundation, please see
56  * <http://www.apache.org/>.
57  *
58  * Portions of this software are based upon public domain software
59  * originally written at the National Center for Supercomputing Applications,
60  * University of Illinois, Urbana-Champaign.
61  */
62 
63 /*
64  * httpd.c: simple http daemon for answering WWW file requests
65  *
66  *
67  * 03-21-93  Rob McCool wrote original code (up to NCSA HTTPd 1.3)
68  *
69  * 03-06-95  blong
70  *  changed server number for child-alone processes to 0 and changed name
71  *   of processes
72  *
73  * 03-10-95  blong
74  *      Added numerous speed hacks proposed by Robert S. Thau (rst@ai.mit.edu)
75  *      including set group before fork, and call gettime before to fork
76  *      to set up libraries.
77  *
78  * 04-14-95  rst / rh
79  *      Brandon's code snarfed from NCSA 1.4, but tinkered to work with the
80  *      Apache server, and also to have child processes do accept() directly.
81  *
82  * April-July '95 rst
83  *      Extensive rework for Apache.
84  */
85 
86 #define REALMAIN main
87 
88 #define CORE_PRIVATE
89 
90 #include "httpd.h"
91 #include "http_main.h"
92 #include "http_log.h"
93 #include "http_config.h"	/* for read_config */
94 #include "http_protocol.h"	/* for read_request */
95 #include "http_request.h"	/* for process_request */
96 #include "http_conf_globals.h"
97 #include "http_core.h"		/* for get_remote_host */
98 #include "http_vhost.h"
99 #include "util_script.h"	/* to force util_script.c linking */
100 #include "util_uri.h"
101 #include "fdcache.h"
102 #include "scoreboard.h"
103 #include "multithread.h"
104 #include <sys/stat.h>
105 #include <sys/time.h>
106 #include <sys/resource.h>
107 #include <netinet/tcp.h>
108 #ifdef MOD_SSL
109 #include <openssl/evp.h>
110 #endif
111 #ifdef HAVE_SET_DUMPABLE /* certain levels of Linux */
112 #include <sys/prctl.h>
113 #endif
114 #include "sa_len.h"
115 
116 __RCSID("$MirOS: src/usr.sbin/httpd/src/main/http_main.c,v 1.11 2013/10/31 20:07:23 tg Exp $");
117 
118 /* This next function is never used. It is here to ensure that if we
119  * make all the modules into shared libraries that core httpd still
120  * includes the full Apache API. Without this function the objects in
121  * main/util_script.c would not be linked into a minimal httpd.
122  * And the extra prototype is to make gcc -Wmissing-prototypes quiet.
123  */
124 API_EXPORT(void) ap_force_library_loading(void);
ap_force_library_loading(void)125 API_EXPORT(void) ap_force_library_loading(void) {
126     ap_add_cgi_vars(NULL);
127 }
128 
129 #include "explain.h"
130 
131 #if !defined(max)
132 #define max(a,b)        (a > b ? a : b)
133 #endif
134 
135 #define PATHSEPARATOR '/'
136 
137 DEF_Explain
138 
139 /* Defining GPROF when compiling uses the moncontrol() function to
140  * disable gprof profiling in the parent, and enable it only for
141  * request processing in children (or in one_process mode).  It's
142  * absolutely required to get useful gprof results under linux
143  * because the profile itimers and such are disabled across a
144  * fork().  It's probably useful elsewhere as well.
145  */
146 #ifdef GPROF
147 extern void moncontrol(int);
148 #define MONCONTROL(x) moncontrol(x)
149 #else
150 #define MONCONTROL(x)
151 #endif
152 
153 /* this just need to be anything non-NULL */
154 void *ap_dummy_mutex = &ap_dummy_mutex;
155 
156 /*
157  * Actual definitions of config globals... here because this is
158  * for the most part the only code that acts on 'em.  (Hmmm... mod_main.c?)
159  */
160 int ap_thread_count = 0;
161 API_VAR_EXPORT int ap_standalone=0;
162 API_VAR_EXPORT int ap_configtestonly=0;
163 int ap_docrootcheck=1;
164 API_VAR_EXPORT uid_t ap_user_id=0;
165 API_VAR_EXPORT char *ap_user_name=NULL;
166 API_VAR_EXPORT gid_t ap_group_id=0;
167 API_VAR_EXPORT int ap_max_requests_per_child=0;
168 API_VAR_EXPORT int ap_max_cpu_per_child=0;
169 API_VAR_EXPORT int ap_max_data_per_child=0;
170 API_VAR_EXPORT int ap_max_nofile_per_child=0;
171 API_VAR_EXPORT int ap_max_rss_per_child=0;
172 API_VAR_EXPORT int ap_max_stack_per_child=0;
173 #ifdef RLIMIT_TIME
174 API_VAR_EXPORT int ap_max_time_per_child=0;
175 #endif
176 API_VAR_EXPORT int ap_threads_per_child=0;
177 API_VAR_EXPORT int ap_excess_requests_per_child=0;
178 API_VAR_EXPORT char *ap_pid_fname=NULL;
179 API_VAR_EXPORT char *ap_scoreboard_fname=NULL;
180 API_VAR_EXPORT char *ap_lock_fname=NULL;
181 API_VAR_EXPORT char *ap_server_argv0=NULL;
182 #ifdef INET6
183 API_VAR_EXPORT int ap_default_family = PF_INET6;
184 #else
185 API_VAR_EXPORT int ap_default_family = PF_INET;
186 #endif
187 API_VAR_EXPORT struct sockaddr_storage ap_bind_address;
188 API_VAR_EXPORT int ap_daemons_to_start=0;
189 API_VAR_EXPORT int ap_daemons_min_free=0;
190 API_VAR_EXPORT int ap_daemons_max_free=0;
191 API_VAR_EXPORT int ap_daemons_limit=0;
192 API_VAR_EXPORT time_t ap_restart_time=0;
193 API_VAR_EXPORT int ap_suexec_enabled = 0;
194 API_VAR_EXPORT int ap_listenbacklog=0;
195 
196 struct accept_mutex_methods_s {
197     void (*child_init)(pool *p);
198     void (*init)(pool *p);
199     void (*on)(void);
200     void (*off)(void);
201     char *name;
202 };
203 typedef struct accept_mutex_methods_s accept_mutex_methods_s;
204 accept_mutex_methods_s *amutex;
205 
206 int ap_dump_settings = 0;
207 API_VAR_EXPORT int ap_extended_status = 0;
208 API_VAR_EXPORT ap_ctx *ap_global_ctx;
209 
210 /*
211  * The max child slot ever assigned, preserved across restarts.  Necessary
212  * to deal with MaxClients changes across SIGUSR1 restarts.  We use this
213  * value to optimize routines that have to scan the entire scoreboard.
214  */
215 static int max_daemons_limit = -1;
216 
217 /*
218  * During config time, listeners is treated as a NULL-terminated list.
219  * child_main previously would start at the beginning of the list each time
220  * through the loop, so a socket early on in the list could easily starve out
221  * sockets later on in the list.  The solution is to start at the listener
222  * after the last one processed.  But to do that fast/easily in child_main it's
223  * way more convenient for listeners to be a ring that loops back on itself.
224  * The routine setup_listeners() is called after config time to both open up
225  * the sockets and to turn the NULL-terminated list into a ring that loops back
226  * on itself.
227  *
228  * head_listener is used by each child to keep track of what they consider
229  * to be the "start" of the ring.  It is also set by make_child to ensure
230  * that new children also don't starve any sockets.
231  *
232  * Note that listeners != NULL is ensured by read_config().
233  */
234 listen_rec *ap_listeners=NULL;
235 static listen_rec *head_listener;
236 
237 API_VAR_EXPORT char ap_server_root[MAX_STRING_LEN]="";
238 API_VAR_EXPORT char ap_server_confname[MAX_STRING_LEN]="";
239 API_VAR_EXPORT char ap_coredump_dir[MAX_STRING_LEN]="";
240 
241 API_VAR_EXPORT array_header *ap_server_pre_read_config=NULL;
242 API_VAR_EXPORT array_header *ap_server_post_read_config=NULL;
243 API_VAR_EXPORT array_header *ap_server_config_defines=NULL;
244 
245 API_VAR_EXPORT int ap_server_chroot=1;
246 API_VAR_EXPORT int is_chrooted=0;
247 
248 /* *Non*-shared http_main globals... */
249 
250 static server_rec *server_conf;
251 static JMP_BUF APACHE_TLS jmpbuffer;
252 static int sd;
253 static fd_set listenfds;
254 static int listenmaxfd;
255 static pid_t pgrp;
256 
257 /* one_process --- debugging mode variable; can be set from the command line
258  * with the -X flag.  If set, this gets you the child_main loop running
259  * in the process which originally started up (no detach, no make_child),
260  * which is a pretty nice debugging environment.  (You'll get a SIGHUP
261  * early in standalone_main; just continue through.  This is the server
262  * trying to kill off any child processes which it might have lying
263  * around --- Apache doesn't keep track of their pids, it just sends
264  * SIGHUP to the process group, ignoring it in the root process.
265  * Continue through and you'll be fine.).
266  */
267 
268 static int one_process = 0;
269 
270 static int do_detach = 1;
271 
272 /* set if timeouts are to be handled by the children and not by the parent.
273  * i.e. child_timeouts = !standalone || one_process.
274  */
275 static int child_timeouts;
276 
277 #ifdef DEBUG_SIGSTOP
278 int raise_sigstop_flags;
279 #endif
280 
281 /* used to maintain list of children which aren't part of the scoreboard */
282 typedef struct other_child_rec other_child_rec;
283 struct other_child_rec {
284     other_child_rec *next;
285     int pid;
286     void (*maintenance) (int, void *, ap_wait_t);
287     void *data;
288     int write_fd;
289 };
290 static other_child_rec *other_children;
291 
292 static pool *pglobal;		/* Global pool */
293 static pool *pconf;		/* Pool for config stuff */
294 static pool *plog;		/* Pool for error-logging files */
295 static pool *ptrans;		/* Pool for per-transaction stuff */
296 static pool *pchild;		/* Pool for httpd child stuff */
297 static pool *pmutex;            /* Pool for accept mutex in child */
298 static pool *pcommands;	/* Pool for -C and -c switches */
299 
300 static int APACHE_TLS my_pid;	/* it seems silly to call getpid all the time */
301 static int my_child_num;
302 
303 
304 scoreboard *ap_scoreboard_image = NULL;
305 
306 /*
307  * Pieces for managing the contents of the Server response header
308  * field.
309  */
310 static char *server_version = NULL;
311 static int version_locked = 0;
312 
313 /* Global, alas, so http_core can talk to us */
314 enum server_token_type ap_server_tokens = SrvTk_OS;
315 
316 /* Also global, for http_core and http_protocol */
317 API_VAR_EXPORT int ap_protocol_req_check = 1;
318 
319 API_VAR_EXPORT int ap_change_shmem_uid = 0;
320 
321 /*
322  * This routine is called when the pconf pool is vacuumed.  It resets the
323  * server version string to a known value and [re]enables modifications
324  * (which are disabled by configuration completion).
325  */
reset_version(void * dummy)326 static void reset_version(void *dummy)
327 {
328     version_locked = 0;
329     ap_server_tokens = SrvTk_OS;
330     server_version = NULL;
331 }
332 
ap_get_server_version(void)333 API_EXPORT(const char *) ap_get_server_version(void)
334 {
335     return (server_version ? server_version : SERVER_BASEVERSION);
336 }
337 
ap_add_version_component(const char * component)338 API_EXPORT(void) ap_add_version_component(const char *component)
339 {
340     if (! version_locked) {
341         /*
342          * If the version string is null, register our cleanup to reset the
343          * pointer on pool destruction. We also know that, if NULL,
344 	 * we are adding the original SERVER_BASEVERSION string.
345          */
346         if (server_version == NULL) {
347 	    ap_register_cleanup(pconf, NULL, (void (*)(void *))reset_version,
348 				ap_null_cleanup);
349 	    server_version = ap_pstrdup(pconf, component);
350 	}
351 	else {
352 	    /*
353 	     * Tack the given component identifier to the end of
354 	     * the existing string.
355 	     */
356 	    server_version = ap_pstrcat(pconf, server_version, " ",
357 					component, NULL);
358 	}
359     }
360 }
361 
362 /*
363  * This routine adds the real server base identity to the version string,
364  * and then locks out changes until the next reconfig.
365  */
ap_set_version(void)366 static void ap_set_version(void)
367 {
368     if (ap_server_tokens == SrvTk_PRODUCT_ONLY) {
369 	ap_add_version_component(SERVER_PRODUCT);
370     }
371     else if (ap_server_tokens == SrvTk_MIN) {
372 	ap_add_version_component(SERVER_BASEVERSION);
373     }
374     else {
375 	ap_add_version_component(SERVER_BASEVERSION " (" PLATFORM ")");
376     }
377     /*
378      * Lock the server_version string if we're not displaying
379      * the full set of tokens
380      */
381     if (ap_server_tokens != SrvTk_FULL) {
382 	version_locked++;
383     }
384 }
385 
ap_add_config_define(const char * define)386 API_EXPORT(void) ap_add_config_define(const char *define)
387 {
388     char **var;
389     var = (char **)ap_push_array(ap_server_config_defines);
390     *var = ap_pstrdup(pcommands, define);
391     return;
392 }
393 
394 /*
395  * Invoke the `close_connection' hook of modules to let them do
396  * some connection dependent actions before we close it.
397  */
ap_call_close_connection_hook(conn_rec * c)398 static void ap_call_close_connection_hook(conn_rec *c)
399 {
400     module *m;
401     for (m = top_module; m != NULL; m = m->next)
402         if (m->magic == MODULE_MAGIC_COOKIE_EAPI)
403             if (m->close_connection != NULL)
404                 (*m->close_connection)(c);
405     return;
406 }
407 
408 static APACHE_TLS int volatile exit_after_unblock = 0;
409 
410 #ifdef GPROF
411 /*
412  * change directory for gprof to plop the gmon.out file
413  * configure in httpd.conf:
414  * GprofDir logs/   -> $ServerRoot/logs/gmon.out
415  * GprofDir logs/%  -> $ServerRoot/logs/gprof.$pid/gmon.out
416  */
chdir_for_gprof(void)417 static void chdir_for_gprof(void)
418 {
419     core_server_config *sconf =
420 	ap_get_module_config(server_conf->module_config, &core_module);
421     char *dir = sconf->gprof_dir;
422 
423     if(dir) {
424 	char buf[512];
425 	int len = strlen(sconf->gprof_dir) - 1;
426 	if(*(dir + len) == '%') {
427 	    dir[len] = '\0';
428 	    snprintf(buf, sizeof(buf), "%sgprof.%d", dir, (int)getpid());
429 	}
430 	dir = ap_server_root_relative(pconf, buf[0] ? buf : dir);
431 	if(mkdir(dir, 0755) < 0 && errno != EEXIST) {
432 	    ap_log_error(APLOG_MARK, APLOG_ERR, server_conf,
433 			 "gprof: error creating directory %s", dir);
434 	}
435     }
436     else {
437 	dir = ap_server_root_relative(pconf, "logs");
438     }
439 
440     chdir(dir);
441 }
442 #else
443 #define chdir_for_gprof()
444 #endif
445 
446 /* a clean exit from a child with proper cleanup */
447 static void clean_child_exit(int code) __attribute__((__noreturn__));
clean_child_exit(int code)448 static void clean_child_exit(int code)
449 {
450     if (pchild) {
451         /* make sure the accept mutex is released before calling child
452          * exit hooks and cleanups...  otherwise, modules can segfault
453          * in such code and, depending on the mutex mechanism, leave
454          * the server deadlocked...  even if the module doesn't segfault,
455          * if it performs extensive processing it can temporarily prevent
456          * the server from accepting new connections
457          */
458         ap_clear_pool(pmutex);
459 	ap_child_exit_modules(pchild, server_conf);
460 	ap_destroy_pool(pchild);
461     }
462     chdir_for_gprof();
463     exit(code);
464 }
465 
466 /*
467  * Start of accept() mutex fluff:
468  *  Concept: Each method has it's own distinct set of mutex functions,
469  *   which it shoves in a nice struct for us. We then pick
470  *   which struct to use. We tell Apache which methods we
471  *   support via HAVE_FOO_SERIALIZED_ACCEPT. We can
472  *   specify the default via USE_FOO_SERIALIZED_ACCEPT
473  *   (this pre-1.3.21 builds which use that at the command-
474  *   line during builds work as expected). Without a set
475  *   method, we pick the 1st from the following order:
476  *   uslock, pthread, sysvsem, fcntl, flock, os2sem, tpfcore and none.
477  */
478 
expand_lock_fname(pool * p)479 static void expand_lock_fname(pool *p)
480 {
481     /* XXXX possibly bogus cast */
482     ap_lock_fname = ap_psprintf(p, "%s.%lu",
483 	ap_server_root_relative(p, ap_lock_fname), (unsigned long)getpid());
484 }
485 
486 #include <sys/types.h>
487 #include <sys/ipc.h>
488 #include <sys/sem.h>
489 
490 static int sem_id = -1;
491 static struct sembuf op_on;
492 static struct sembuf op_off;
493 
494 /* We get a random semaphore ... the lame sysv semaphore interface
495  * means we have to be sure to clean this up or else we'll leak
496  * semaphores.
497  */
accept_mutex_cleanup_sysvsem(void * foo)498 static void accept_mutex_cleanup_sysvsem(void *foo)
499 {
500     union semun ick;
501 
502     if (sem_id < 0)
503 	return;
504     /* this is ignored anyhow */
505     ick.val = 0;
506     semctl(sem_id, 0, IPC_RMID, ick);
507 }
508 
509 #define accept_mutex_child_init_sysvsem(x)
510 
accept_mutex_init_sysvsem(pool * p)511 static void accept_mutex_init_sysvsem(pool *p)
512 {
513     union semun ick;
514     struct semid_ds buf;
515 
516     /* acquire the semaphore */
517     sem_id = semget(IPC_PRIVATE, 1, IPC_CREAT | 0600);
518     if (sem_id < 0) {
519 	perror("semget");
520 	exit(APEXIT_INIT);
521     }
522     ick.val = 1;
523     if (semctl(sem_id, 0, SETVAL, ick) < 0) {
524 	perror("semctl(SETVAL)");
525 	exit(APEXIT_INIT);
526     }
527     if (!getuid()) {
528 	/* restrict it to use only by the appropriate user_id ... not that this
529 	 * stops CGIs from acquiring it and dinking around with it.
530 	 */
531 	buf.sem_perm.uid = ap_user_id;
532 	buf.sem_perm.gid = ap_group_id;
533 	buf.sem_perm.mode = 0600;
534 	ick.buf = &buf;
535 	if (semctl(sem_id, 0, IPC_SET, ick) < 0) {
536 	    perror("semctl(IPC_SET)");
537 	    exit(APEXIT_INIT);
538 	}
539     }
540     ap_register_cleanup(p, NULL, accept_mutex_cleanup_sysvsem, ap_null_cleanup);
541 
542     /* pre-initialize these */
543     op_on.sem_num = 0;
544     op_on.sem_op = -1;
545     op_on.sem_flg = SEM_UNDO;
546     op_off.sem_num = 0;
547     op_off.sem_op = 1;
548     op_off.sem_flg = SEM_UNDO;
549 }
550 
accept_mutex_on_sysvsem(void)551 static void accept_mutex_on_sysvsem(void)
552 {
553     while (semop(sem_id, &op_on, 1) < 0) {
554 	if (errno != EINTR) {
555 	    perror("accept_mutex_on");
556 	    clean_child_exit(APEXIT_CHILDFATAL);
557 	}
558     }
559 }
560 
accept_mutex_off_sysvsem(void)561 static void accept_mutex_off_sysvsem(void)
562 {
563     while (semop(sem_id, &op_off, 1) < 0) {
564 	if (errno != EINTR) {
565 	    perror("accept_mutex_off");
566 	    clean_child_exit(APEXIT_CHILDFATAL);
567 	}
568     }
569 }
570 
571 accept_mutex_methods_s accept_mutex_sysvsem_s = {
572     NULL,
573     accept_mutex_init_sysvsem,
574     accept_mutex_on_sysvsem,
575     accept_mutex_off_sysvsem,
576     "sysvsem"
577 };
578 
579 static int flock_fd = -1;
580 
accept_mutex_cleanup_flock(void * foo)581 static void accept_mutex_cleanup_flock(void *foo)
582 {
583     unlink(ap_lock_fname);
584 }
585 
586 /*
587  * Initialize mutex lock.
588  * Done by each child at it's birth
589  */
accept_mutex_child_init_flock(pool * p)590 static void accept_mutex_child_init_flock(pool *p)
591 {
592 
593     flock_fd = ap_popenf_ex(p, ap_lock_fname, O_WRONLY, 0600, 1);
594     if (flock_fd == -1) {
595 	ap_log_error(APLOG_MARK, APLOG_EMERG, server_conf,
596 		    "Child cannot open lock file: %s", ap_lock_fname);
597 	clean_child_exit(APEXIT_CHILDINIT);
598     }
599 }
600 
601 /*
602  * Initialize mutex lock.
603  * Must be safe to call this on a restart.
604  */
accept_mutex_init_flock(pool * p)605 static void accept_mutex_init_flock(pool *p)
606 {
607     expand_lock_fname(p);
608     ap_server_strip_chroot(ap_lock_fname, 0);
609     unlink(ap_lock_fname);
610     flock_fd = ap_popenf_ex(p, ap_lock_fname, O_CREAT | O_WRONLY | O_EXCL, 0600, 1);
611     if (flock_fd == -1) {
612 	ap_log_error(APLOG_MARK, APLOG_EMERG, server_conf,
613 		    "Parent cannot open lock file: %s", ap_lock_fname);
614 	exit(APEXIT_INIT);
615     }
616     ap_register_cleanup(p, NULL, accept_mutex_cleanup_flock, ap_null_cleanup);
617 }
618 
accept_mutex_on_flock(void)619 static void accept_mutex_on_flock(void)
620 {
621     int ret;
622 
623     while ((ret = flock(flock_fd, LOCK_EX)) < 0 && errno == EINTR)
624 	continue;
625 
626     if (ret < 0) {
627 	ap_log_error(APLOG_MARK, APLOG_EMERG, server_conf,
628 		    "flock: LOCK_EX: Error getting accept lock. Exiting!");
629 	clean_child_exit(APEXIT_CHILDFATAL);
630     }
631 }
632 
accept_mutex_off_flock(void)633 static void accept_mutex_off_flock(void)
634 {
635     if (flock(flock_fd, LOCK_UN) < 0) {
636 	ap_log_error(APLOG_MARK, APLOG_EMERG, server_conf,
637 		    "flock: LOCK_UN: Error freeing accept lock. Exiting!");
638 	clean_child_exit(APEXIT_CHILDFATAL);
639     }
640 }
641 
642 accept_mutex_methods_s accept_mutex_flock_s = {
643     accept_mutex_child_init_flock,
644     accept_mutex_init_flock,
645     accept_mutex_on_flock,
646     accept_mutex_off_flock,
647     "flock"
648 };
649 
650 #define AP_FPTR1(x,y)	{ if (x) ((* x)(y)); }
651 #define AP_FPTR0(x)	{ if (x) ((* x)()); }
652 
653 #define accept_mutex_child_init(x) 	AP_FPTR1(amutex->child_init,x)
654 #define accept_mutex_init(x) 		AP_FPTR1(amutex->init,x)
655 #define accept_mutex_off() 		AP_FPTR0(amutex->off)
656 #define accept_mutex_on() 		AP_FPTR0(amutex->on)
657 
ap_default_mutex_method(void)658 char *ap_default_mutex_method(void)
659 {
660     char *t;
661     t = "sysvsem";
662     if ((!(strcasecmp(t,"default"))) || (!(strcasecmp(t,"sysvsem"))))
663     	return "sysvsem";
664     if ((!(strcasecmp(t,"default"))) || (!(strcasecmp(t,"flock"))))
665     	return "flock";
666     fprintf(stderr, "No default accept serialization known!!\n");
667     exit(APEXIT_INIT);
668     /*NOTREACHED */
669     return "unknown";
670 }
671 
ap_init_mutex_method(char * t)672 char *ap_init_mutex_method(char *t)
673 {
674     if (!(strcasecmp(t,"default")))
675 	t = ap_default_mutex_method();
676 
677     if (!(strcasecmp(t,"sysvsem"))) {
678     	amutex = &accept_mutex_sysvsem_s;
679     } else
680     if (!(strcasecmp(t,"flock"))) {
681     	amutex = &accept_mutex_flock_s;
682     } else
683     {
684 /* Ignore this directive on Windows */
685     if (server_conf) {
686         ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE, server_conf,
687                     "Requested serialization method '%s' not available",t);
688         exit(APEXIT_INIT);
689     } else {
690         fprintf(stderr, "Requested serialization method '%s' not available\n", t);
691         exit(APEXIT_INIT);
692     }
693     }
694     return NULL;
695 }
696 
697 /* On some architectures it's safe to do unserialized accept()s in the single
698  * Listen case.  But it's never safe to do it in the case where there's
699  * multiple Listen statements.  Define SINGLE_LISTEN_UNSERIALIZED_ACCEPT
700  * when it's safe in the single Listen case.
701  */
702 #define SAFE_ACCEPT(stmt) do {if(ap_listeners->next != ap_listeners) {stmt;}} while(0)
703 
usage(char * bin)704 static void usage(char *bin)
705 {
706     char pad[MAX_STRING_LEN];
707     unsigned i;
708 
709     for (i = 0; i < strlen(bin); i++)
710 	pad[i] = ' ';
711     pad[i] = '\0';
712     fprintf(stderr, "Usage: %s [-46FhLlSTtuVvX] [-C directive] [-c directive] [-D parameter]\n", bin);
713     fprintf(stderr, "       %s [-d serverroot] [-f config]\n", pad);
714     fprintf(stderr, "Options:\n");
715 #ifdef INET6
716     fprintf(stderr, "  -4               : assume IPv4 on parsing configuration file\n");
717     fprintf(stderr, "  -6               : assume IPv6 on parsing configuration file\n");
718 #endif
719     fprintf(stderr, "  -C directive     : process directive before reading config files\n");
720     fprintf(stderr, "  -c directive     : process directive after  reading config files\n");
721     fprintf(stderr, "  -D parameter     : define a parameter for use in <IfDefine name> directives\n");
722     fprintf(stderr, "  -d serverroot    : specify an alternate initial ServerRoot\n");
723     fprintf(stderr, "  -F               : run main process in foreground, for process supervisors\n");
724     fprintf(stderr, "  -f config        : specify an alternate ServerConfigFile\n");
725     fprintf(stderr, "  -h               : list available command line options (this page)\n");
726     fprintf(stderr, "  -L               : list available configuration directives\n");
727     fprintf(stderr, "  -l               : list compiled-in modules\n");
728     fprintf(stderr, "  -S               : show parsed settings (currently only vhost settings)\n");
729     fprintf(stderr, "  -T               : run syntax check for config files (without docroot check)\n");
730     fprintf(stderr, "  -t               : run syntax check for config files (with docroot check)\n");
731     fprintf(stderr, "  -u               : unsecure mode: do not chroot into ServerRoot\n");
732     fprintf(stderr, "  -V               : show compile settings\n");
733     fprintf(stderr, "  -v               : show version number\n");
734     fprintf(stderr, "  -X               : run in single-process mode\n");
735 
736     exit(1);
737 }
738 
739 
740 /*****************************************************************
741  *
742  * Timeout handling.  DISTINCTLY not thread-safe, but all this stuff
743  * has to change for threads anyway.  Note that this code allows only
744  * one timeout in progress at a time...
745  */
746 
747 static APACHE_TLS conn_rec *volatile current_conn;
748 static APACHE_TLS request_rec *volatile timeout_req;
749 static APACHE_TLS const char *volatile timeout_name = NULL;
750 static APACHE_TLS int volatile alarms_blocked = 0;
751 static APACHE_TLS int volatile alarm_pending = 0;
752 
753 
timeout(int sig)754 static void timeout(int sig)
755 {
756     void *dirconf;
757     if (alarms_blocked) {
758 	alarm_pending = 1;
759 	return;
760     }
761     if (exit_after_unblock) {
762 	clean_child_exit(0);
763     }
764 
765     if (!current_conn) {
766 	ap_longjmp(jmpbuffer, 1);
767     }
768 
769     if (timeout_req != NULL)
770 	dirconf = timeout_req->per_dir_config;
771     else
772 	dirconf = current_conn->server->lookup_defaults;
773     if (!current_conn->keptalive) {
774 	ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_INFO,
775 		     current_conn->server, "[client %s] %s timed out",
776 		     current_conn->remote_ip,
777 		     timeout_name ? timeout_name : "request");
778     }
779 
780     if (timeout_req) {
781 	/* Someone has asked for this transaction to just be aborted
782 	 * if it times out...
783 	 */
784 	request_rec *log_req = timeout_req;
785 	request_rec *save_req = timeout_req;
786 
787 	/* avoid looping... if ap_log_transaction started another
788 	 * timer (say via rfc1413.c) we could loop...
789 	 */
790 	timeout_req = NULL;
791 
792 	while (log_req->main || log_req->prev) {
793 	    /* Get back to original request... */
794 	    if (log_req->main)
795 		log_req = log_req->main;
796 	    else
797 		log_req = log_req->prev;
798 	}
799 
800 	if (!current_conn->keptalive) {
801 	    /* in some cases we come here before setting the time */
802 	    if (log_req->request_time == 0) {
803                 log_req->request_time = time(NULL);
804 	    }
805 	    ap_log_transaction(log_req);
806 	}
807 
808 	ap_call_close_connection_hook(save_req->connection);
809 
810 	ap_bsetflag(save_req->connection->client, B_EOUT, 1);
811 	ap_bclose(save_req->connection->client);
812 
813 	if (!ap_standalone)
814 	    exit(0);
815         ap_longjmp(jmpbuffer, 1);
816     }
817     else {			/* abort the connection */
818 	ap_call_close_connection_hook(current_conn);
819 	ap_bsetflag(current_conn->client, B_EOUT, 1);
820 	ap_bclose(current_conn->client);
821 	current_conn->aborted = 1;
822     }
823 }
824 
825 
826 /*
827  * These two called from alloc.c to protect its critical sections...
828  * Note that they can nest (as when destroying the sub_pools of a pool
829  * which is itself being cleared); we have to support that here.
830  */
831 
ap_block_alarms(void)832 API_EXPORT(void) ap_block_alarms(void)
833 {
834     ++alarms_blocked;
835 }
836 
ap_unblock_alarms(void)837 API_EXPORT(void) ap_unblock_alarms(void)
838 {
839     --alarms_blocked;
840     if (alarms_blocked == 0) {
841 	if (exit_after_unblock) {
842 	    /* We have a couple race conditions to deal with here, we can't
843 	     * allow a timeout that comes in this small interval to allow
844 	     * the child to jump back to the main loop.  Instead we block
845 	     * alarms again, and then note that exit_after_unblock is
846 	     * being dealt with.  We choose this way to solve this so that
847 	     * the common path through unblock_alarms() is really short.
848 	     */
849 	    ++alarms_blocked;
850 	    exit_after_unblock = 0;
851 	    clean_child_exit(0);
852 	}
853 	if (alarm_pending) {
854 	    alarm_pending = 0;
855 	    timeout(0);
856 	}
857     }
858 }
859 
860 static APACHE_TLS void (*volatile alarm_fn) (int) = NULL;
861 
alrm_handler(int sig)862 static void alrm_handler(int sig)
863 {
864     if (alarm_fn) {
865 	(*alarm_fn) (sig);
866     }
867 }
868 
ap_set_callback_and_alarm(void (* fn)(int),int x)869 API_EXPORT(unsigned int) ap_set_callback_and_alarm(void (*fn) (int), int x)
870 {
871     unsigned int old;
872 
873     if (alarm_fn && x && fn != alarm_fn) {
874 	ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, NULL,
875 	    "ap_set_callback_and_alarm: possible nested timer!");
876     }
877     alarm_fn = fn;
878     if (child_timeouts) {
879 	old = alarm(x);
880     }
881     else {
882 	/* Just note the timeout in our scoreboard, no need to call the system.
883 	 * We also note that the virtual time has gone forward.
884 	 */
885 	ap_check_signals();
886 	old = ap_scoreboard_image->servers[my_child_num].timeout_len;
887 	ap_scoreboard_image->servers[my_child_num].timeout_len = x;
888 	++ap_scoreboard_image->servers[my_child_num].cur_vtime;
889     }
890     return (old);
891 }
892 
893 
894 /* reset_timeout (request_rec *) resets the timeout in effect,
895  * as long as it hasn't expired already.
896  */
897 
ap_reset_timeout(request_rec * r)898 API_EXPORT(void) ap_reset_timeout(request_rec *r)
899 {
900     int i;
901     if (timeout_name) {		/* timeout has been set */
902 	i = ap_set_callback_and_alarm(alarm_fn, r->server->timeout);
903 	if (i == 0)		/* timeout already expired, so set it back to 0 */
904 	    ap_set_callback_and_alarm(alarm_fn, 0);
905     }
906 }
907 
908 
909 
910 
ap_keepalive_timeout(char * name,request_rec * r)911 API_EXPORT(void) ap_keepalive_timeout(char *name, request_rec *r)
912 {
913     unsigned int to;
914     timeout_req = r;
915     timeout_name = name;
916     if (r->connection->keptalive)
917 	to = r->server->keep_alive_timeout;
918     else
919 	to = r->server->timeout;
920     ap_set_callback_and_alarm(timeout, to);
921 }
922 
ap_hard_timeout(char * name,request_rec * r)923 API_EXPORT(void) ap_hard_timeout(char *name, request_rec *r)
924 {
925     timeout_req = r;
926     timeout_name = name;
927     ap_set_callback_and_alarm(timeout, r->server->timeout);
928 }
929 
ap_soft_timeout(char * name,request_rec * r)930 API_EXPORT(void) ap_soft_timeout(char *name, request_rec *r)
931 {
932     timeout_name = name;
933     ap_set_callback_and_alarm(timeout, r->server->timeout);
934 }
935 
ap_kill_timeout(request_rec * dummy)936 API_EXPORT(void) ap_kill_timeout(request_rec *dummy)
937 {
938     ap_check_signals();
939     ap_set_callback_and_alarm(NULL, 0);
940     timeout_req = NULL;
941     timeout_name = NULL;
942 }
943 
944 
945 /*
946  * More machine-dependent networking gooo... on some systems,
947  * you've got to be *really* sure that all the packets are acknowledged
948  * before closing the connection, since the client will not be able
949  * to see the last response if their TCP buffer is flushed by a RST
950  * packet from us, which is what the server's TCP stack will send
951  * if it receives any request data after closing the connection.
952  *
953  * In an ideal world, this function would be accomplished by simply
954  * setting the socket option SO_LINGER and handling it within the
955  * server's TCP stack while the process continues on to the next request.
956  * Unfortunately, it seems that most (if not all) operating systems
957  * block the server process on close() when SO_LINGER is used.
958  * For those that don't, see USE_SO_LINGER below.  For the rest,
959  * we have created a home-brew lingering_close.
960  *
961  * Many operating systems tend to block, puke, or otherwise mishandle
962  * calls to shutdown only half of the connection.
963  */
964 #ifndef MAX_SECS_TO_LINGER
965 #define MAX_SECS_TO_LINGER 30
966 #endif
967 
968 #define sock_enable_linger(s)	/* NOOP */
969 
970 /* Special version of timeout for lingering_close */
971 
lingerout(int sig)972 static void lingerout(int sig)
973 {
974     if (alarms_blocked) {
975 	alarm_pending = 1;
976 	return;
977     }
978 
979     if (!current_conn) {
980 	ap_longjmp(jmpbuffer, 1);
981     }
982     ap_bsetflag(current_conn->client, B_EOUT, 1);
983     current_conn->aborted = 1;
984 }
985 
linger_timeout(void)986 static void linger_timeout(void)
987 {
988     timeout_name = "lingering close";
989     ap_set_callback_and_alarm(lingerout, MAX_SECS_TO_LINGER);
990 }
991 
992 /* Since many clients will abort a connection instead of closing it,
993  * attempting to log an error message from this routine will only
994  * confuse the webmaster.  There doesn't seem to be any portable way to
995  * distinguish between a dropped connection and something that might be
996  * worth logging.
997  */
lingering_close(request_rec * r)998 static void lingering_close(request_rec *r)
999 {
1000     char dummybuf[512];
1001     struct timeval tv;
1002     fd_set lfds;
1003     int select_rv;
1004     int lsd;
1005 
1006     /* Prevent a slow-drip client from holding us here indefinitely */
1007 
1008     linger_timeout();
1009 
1010     /* Send any leftover data to the client, but never try to again */
1011 
1012     if (ap_bflush(r->connection->client) == -1) {
1013 	ap_call_close_connection_hook(r->connection);
1014 	ap_kill_timeout(r);
1015 	ap_bclose(r->connection->client);
1016 	return;
1017     }
1018     ap_call_close_connection_hook(r->connection);
1019     ap_bsetflag(r->connection->client, B_EOUT, 1);
1020 
1021     /* Close our half of the connection --- send the client a FIN */
1022 
1023     lsd = r->connection->client->fd;
1024 
1025     if ((shutdown(lsd, 1) != 0) || r->connection->aborted) {
1026 	ap_kill_timeout(r);
1027 	ap_bclose(r->connection->client);
1028 	return;
1029     }
1030 
1031     /* Set up to wait for readable data on socket... */
1032 
1033     FD_ZERO(&lfds);
1034 
1035     /* Wait for readable data or error condition on socket;
1036      * slurp up any data that arrives...  We exit when we go for an
1037      * interval of tv length without getting any more data, get an error
1038      * from select(), get an error or EOF on a read, or the timer expires.
1039      */
1040 
1041     do {
1042 	/* We use a 2 second timeout because current (Feb 97) browsers
1043 	 * fail to close a connection after the server closes it.  Thus,
1044 	 * to avoid keeping the child busy, we are only lingering long enough
1045 	 * for a client that is actively sending data on a connection.
1046 	 * This should be sufficient unless the connection is massively
1047 	 * losing packets, in which case we might have missed the RST anyway.
1048 	 * These parameters are reset on each pass, since they might be
1049 	 * changed by select.
1050 	 */
1051 
1052 	FD_SET(lsd, &lfds);
1053 	tv.tv_sec = 2;
1054 	tv.tv_usec = 0;
1055 
1056 	select_rv = ap_select(lsd + 1, &lfds, NULL, NULL, &tv);
1057 
1058     } while ((select_rv > 0) &&
1059              (read(lsd, dummybuf, sizeof(dummybuf)) > 0));
1060 
1061     /* Should now have seen final ack.  Safe to finally kill socket */
1062 
1063     ap_bclose(r->connection->client);
1064 
1065     ap_kill_timeout(r);
1066 }
1067 
1068 /*****************************************************************
1069  * dealing with other children
1070  */
1071 
ap_register_other_child(int pid,void (* maintenance)(int reason,void *,ap_wait_t status),void * data,int write_fd)1072 API_EXPORT(void) ap_register_other_child(int pid,
1073 		       void (*maintenance) (int reason, void *, ap_wait_t status),
1074 			  void *data, int write_fd)
1075 {
1076     other_child_rec *ocr;
1077 
1078     ocr = ap_palloc(pconf, sizeof(*ocr));
1079     ocr->pid = pid;
1080     ocr->maintenance = maintenance;
1081     ocr->data = data;
1082     ocr->write_fd = write_fd;
1083     ocr->next = other_children;
1084     other_children = ocr;
1085 }
1086 
1087 /* note that since this can be called by a maintenance function while we're
1088  * scanning the other_children list, all scanners should protect themself
1089  * by loading ocr->next before calling any maintenance function.
1090  */
ap_unregister_other_child(void * data)1091 API_EXPORT(void) ap_unregister_other_child(void *data)
1092 {
1093     other_child_rec **pocr, *nocr;
1094 
1095     for (pocr = &other_children; *pocr; pocr = &(*pocr)->next) {
1096 	if ((*pocr)->data == data) {
1097 	    nocr = (*pocr)->next;
1098 	    (*(*pocr)->maintenance) (OC_REASON_UNREGISTER, (*pocr)->data, (ap_wait_t)-1);
1099 	    *pocr = nocr;
1100 	    /* XXX: um, well we've just wasted some space in pconf ? */
1101 	    return;
1102 	}
1103     }
1104 }
1105 
1106 /* test to ensure that the write_fds are all still writable, otherwise
1107  * invoke the maintenance functions as appropriate */
probe_writable_fds(void)1108 static void probe_writable_fds(void)
1109 {
1110     fd_set writable_fds;
1111     int fd_max;
1112     other_child_rec *ocr, *nocr;
1113     struct timeval tv;
1114     int rc;
1115 
1116     if (other_children == NULL)
1117 	return;
1118 
1119     fd_max = 0;
1120     FD_ZERO(&writable_fds);
1121     do {
1122 	for (ocr = other_children; ocr; ocr = ocr->next) {
1123 	    if (ocr->write_fd == -1)
1124 		continue;
1125 	    FD_SET(ocr->write_fd, &writable_fds);
1126 	    if (ocr->write_fd > fd_max) {
1127 		fd_max = ocr->write_fd;
1128 	    }
1129 	}
1130 	if (fd_max == 0)
1131 	    return;
1132 
1133 	tv.tv_sec = 0;
1134 	tv.tv_usec = 0;
1135 	rc = ap_select(fd_max + 1, NULL, &writable_fds, NULL, &tv);
1136     } while (rc == -1 && errno == EINTR);
1137 
1138     if (rc == -1) {
1139 	/* XXX: uhh this could be really bad, we could have a bad file
1140 	 * descriptor due to a bug in one of the maintenance routines */
1141 	ap_log_unixerr("probe_writable_fds", "select",
1142 		    "could not probe writable fds", server_conf);
1143 	return;
1144     }
1145     if (rc == 0)
1146 	return;
1147 
1148     for (ocr = other_children; ocr; ocr = nocr) {
1149 	nocr = ocr->next;
1150 	if (ocr->write_fd == -1)
1151 	    continue;
1152 	if (FD_ISSET(ocr->write_fd, &writable_fds))
1153 	    continue;
1154 	(*ocr->maintenance) (OC_REASON_UNWRITABLE, ocr->data, (ap_wait_t)-1);
1155     }
1156 }
1157 
1158 /* possibly reap an other_child, return 0 if yes, -1 if not */
reap_other_child(int pid,ap_wait_t status)1159 static int reap_other_child(int pid, ap_wait_t status)
1160 {
1161     other_child_rec *ocr, *nocr;
1162 
1163     for (ocr = other_children; ocr; ocr = nocr) {
1164 	nocr = ocr->next;
1165 	if (ocr->pid != pid)
1166 	    continue;
1167 	ocr->pid = -1;
1168 	(*ocr->maintenance) (OC_REASON_DEATH, ocr->data, status);
1169 	return 0;
1170     }
1171     return -1;
1172 }
1173 
1174 /*****************************************************************
1175  *
1176  * Dealing with the scoreboard... a lot of these variables are global
1177  * only to avoid getting clobbered by the longjmp() that happens when
1178  * a hard timeout expires...
1179  *
1180  * We begin with routines which deal with the file itself...
1181  */
1182 
setup_shared_mem(pool * p)1183 static void setup_shared_mem(pool *p)
1184 {
1185     caddr_t m;
1186 
1187 /* BSD style */
1188     m = mmap((caddr_t) 0, SCOREBOARD_SIZE,
1189 	     PROT_READ | PROT_WRITE, MAP_ANON | MAP_SHARED, -1, 0);
1190     if (m == (caddr_t) - 1) {
1191 	perror("mmap");
1192 	fprintf(stderr, "%s: Could not mmap memory\n", ap_server_argv0);
1193 	exit(APEXIT_INIT);
1194     }
1195     ap_scoreboard_image = (scoreboard *) m;
1196     ap_scoreboard_image->global.running_generation = 0;
1197 }
1198 
1199 /* Called by parent process */
reinit_scoreboard(pool * p)1200 static void reinit_scoreboard(pool *p)
1201 {
1202     int running_gen = 0;
1203     if (ap_scoreboard_image)
1204 	running_gen = ap_scoreboard_image->global.running_generation;
1205 
1206     if (ap_scoreboard_image == NULL) {
1207 	setup_shared_mem(p);
1208     }
1209     memset(ap_scoreboard_image, 0, SCOREBOARD_SIZE);
1210     ap_scoreboard_image->global.running_generation = running_gen;
1211 }
1212 
1213 /* Routines called to deal with the scoreboard image
1214  * --- note that we do *not* need write locks, since update_child_status
1215  * only updates a *single* record in place, and only one process writes to
1216  * a given scoreboard slot at a time (either the child process owning that
1217  * slot, or the parent, noting that the child has died).
1218  *
1219  * As a final note --- setting the score entry to getpid() is always safe,
1220  * since when the parent is writing an entry, it's only noting SERVER_DEAD
1221  * anyway.
1222  */
1223 
ap_exists_scoreboard_image(void)1224 API_EXPORT(int) ap_exists_scoreboard_image(void)
1225 {
1226     return (ap_scoreboard_image ? 1 : 0);
1227 }
1228 
1229 /* a clean exit from the parent with proper cleanup */
1230 static void clean_parent_exit(int code) __attribute__((__noreturn__));
clean_parent_exit(int code)1231 static void clean_parent_exit(int code)
1232 {
1233     /* Clear the pool - including any registered cleanups */
1234     ap_destroy_pool(pglobal);
1235     ap_kill_alloc_shared();
1236     fdcache_closeall();
1237     exit(code);
1238 }
1239 
ap_update_child_status(int child_num,int status,request_rec * r)1240 API_EXPORT(int) ap_update_child_status(int child_num, int status, request_rec *r)
1241 {
1242     int old_status;
1243     short_score *ss;
1244 
1245     if (child_num < 0)
1246 	return -1;
1247 
1248     ap_check_signals();
1249 
1250     ss = &ap_scoreboard_image->servers[child_num];
1251     old_status = ss->status;
1252     ss->status = status;
1253 
1254     ++ss->cur_vtime;
1255 
1256     if (ap_extended_status) {
1257 	if (status == SERVER_READY || status == SERVER_DEAD) {
1258 	    /*
1259 	     * Reset individual counters
1260 	     */
1261 	    if (status == SERVER_DEAD) {
1262 		ss->my_access_count = 0L;
1263 		ss->my_bytes_served = 0L;
1264 	    }
1265 	    ss->conn_count = (unsigned short) 0;
1266 	    ss->conn_bytes = (unsigned long) 0;
1267 	}
1268         else if (status == SERVER_STARTING) {
1269             /* clean out the start_time so that mod_status will print Req=0 */
1270             /* Use memset to be independent from the type (struct timeval vs. clock_t) */
1271             memset (&ss->start_time, '\0', sizeof ss->start_time);
1272         }
1273 	if (r) {
1274 	    conn_rec *c = r->connection;
1275 	    ap_cpystrn(ss->client, ap_get_remote_host(c, r->per_dir_config,
1276 				  REMOTE_NOLOOKUP), sizeof(ss->client));
1277 	    if (r->the_request == NULL) {
1278 		    ap_cpystrn(ss->request, "NULL", sizeof(ss->request));
1279 	    } else if (r->parsed_uri.password == NULL) {
1280 		    ap_cpystrn(ss->request, r->the_request, sizeof(ss->request));
1281 	    } else {
1282 		/* Don't reveal the password in the server-status view */
1283 		    ap_cpystrn(ss->request, ap_pstrcat(r->pool, r->method, " ",
1284 					       ap_unparse_uri_components(r->pool, &r->parsed_uri, UNP_OMITPASSWORD),
1285 					       r->assbackwards ? NULL : " ", r->protocol, NULL),
1286 				       sizeof(ss->request));
1287 	    }
1288 	    ss->vhostrec =  r->server;
1289 	}
1290     }
1291     if (status == SERVER_STARTING && r == NULL) {
1292 	/* clean up the slot's vhostrec pointer (maybe re-used)
1293 	 * and mark the slot as belonging to a new generation.
1294 	 */
1295 	ss->vhostrec = NULL;
1296 	ap_scoreboard_image->parent[child_num].generation = ap_my_generation;
1297     }
1298 
1299     return old_status;
1300 }
1301 
ap_time_process_request(int child_num,int status)1302 void ap_time_process_request(int child_num, int status)
1303 {
1304     short_score *ss;
1305 
1306     if (child_num < 0)
1307 	return;
1308 
1309     ss = &ap_scoreboard_image->servers[child_num];
1310 
1311     if (status == START_PREQUEST) {
1312 	if (gettimeofday(&ss->start_time, (struct timezone *) 0) < 0)
1313 	    ss->start_time.tv_sec =
1314 		ss->start_time.tv_usec = 0L;
1315     }
1316     else if (status == STOP_PREQUEST) {
1317 	if (gettimeofday(&ss->stop_time, (struct timezone *) 0) < 0)
1318 	    ss->stop_time.tv_sec =
1319 		ss->stop_time.tv_usec =
1320 		ss->start_time.tv_sec =
1321 		ss->start_time.tv_usec = 0L;
1322 
1323     }
1324 }
1325 
increment_counts(int child_num,request_rec * r)1326 static void increment_counts(int child_num, request_rec *r)
1327 {
1328     long int bs = 0;
1329     short_score *ss;
1330 
1331     ss = &ap_scoreboard_image->servers[child_num];
1332 
1333     if (r->sent_bodyct)
1334 	ap_bgetopt(r->connection->client, BO_BYTECT, &bs);
1335 
1336     times(&ss->times);
1337     ss->access_count++;
1338     ss->my_access_count++;
1339     ss->conn_count++;
1340     ss->bytes_served += (unsigned long) bs;
1341     ss->my_bytes_served += (unsigned long) bs;
1342     ss->conn_bytes += (unsigned long) bs;
1343 }
1344 
find_child_by_pid(int pid)1345 static int find_child_by_pid(int pid)
1346 {
1347     int i;
1348 
1349     for (i = 0; i < max_daemons_limit; ++i)
1350 	if (ap_scoreboard_image->parent[i].pid == pid)
1351 	    return i;
1352 
1353     return -1;
1354 }
1355 
safe_child_kill(pid_t pid,int sig)1356 static int safe_child_kill(pid_t pid, int sig)
1357 {
1358     if (getpgid(pid) == getpgrp()) {
1359         return kill(pid, sig);
1360     }
1361     else {
1362         errno = EINVAL;
1363         return -1;
1364     }
1365 }
1366 
reclaim_child_processes(int terminate)1367 static void reclaim_child_processes(int terminate)
1368 {
1369     int i, status;
1370     long int waittime = 1024 * 16;	/* in usecs */
1371     struct timeval tv;
1372     int waitret, tries;
1373     int not_dead_yet;
1374     int ret;
1375     other_child_rec *ocr, *nocr;
1376 
1377     for (tries = terminate ? 4 : 1; tries <= 12; ++tries) {
1378 	/* don't want to hold up progress any more than
1379 	 * necessary, but we need to allow children a few moments to exit.
1380 	 * Set delay with an exponential backoff. NOTE: if we get
1381  	 * interrupted, we'll wait longer than expected...
1382 	 */
1383 	tv.tv_sec = waittime / 1000000;
1384 	tv.tv_usec = waittime % 1000000;
1385 	waittime = waittime * 4;
1386 	do {
1387 	    ret = ap_select(0, NULL, NULL, NULL, &tv);
1388 	} while (ret == -1 && errno == EINTR);
1389 
1390 	/* now see who is done */
1391 	not_dead_yet = 0;
1392 	for (i = 0; i < max_daemons_limit; ++i) {
1393 	    int pid = ap_scoreboard_image->parent[i].pid;
1394 
1395 	    if (pid == my_pid || pid == 0)
1396 		continue;
1397 
1398 	    waitret = waitpid(pid, &status, WNOHANG);
1399 	    if (waitret == pid || waitret == -1) {
1400 		ap_scoreboard_image->parent[i].pid = 0;
1401 		continue;
1402 	    }
1403 	    ++not_dead_yet;
1404 	    switch (tries) {
1405 	    case 1:     /*  16ms */
1406 	    case 2:     /*  82ms */
1407 		break;
1408 	    case 3:     /* 344ms */
1409 		/* perhaps it missed the SIGHUP, lets try again */
1410 		ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING,
1411 			    server_conf,
1412 		    "child process %d did not exit, sending another SIGHUP",
1413 			    pid);
1414 		safe_child_kill(pid, SIGHUP);
1415 		waittime = 1024 * 16;
1416 		break;
1417 	    case 4:     /*  16ms */
1418 	    case 5:     /*  82ms */
1419 	    case 6:     /* 344ms */
1420 		break;
1421 	    case 7:     /* 1.4sec */
1422 		/* ok, now it's being annoying */
1423 		ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING,
1424 			    server_conf,
1425 		   "child process %d still did not exit, sending a SIGTERM",
1426 			    pid);
1427 		safe_child_kill(pid, SIGTERM);
1428 		break;
1429 	    case 8:     /*  6 sec */
1430 		/* die child scum */
1431 		ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, server_conf,
1432 		   "child process %d still did not exit, sending a SIGKILL",
1433 			    pid);
1434 		safe_child_kill(pid, SIGKILL);
1435 		waittime = 1024 * 16; /* give them some time to die */
1436 		break;
1437 	    case 9:     /*   6 sec */
1438 	    case 10:    /* 6.1 sec */
1439 	    case 11:    /* 6.4 sec */
1440 		break;
1441 	    case 12:    /* 7.4 sec */
1442 		/* gave it our best shot, but alas...  If this really
1443 		 * is a child we are trying to kill and it really hasn't
1444 		 * exited, we will likely fail to bind to the port
1445 		 * after the restart.
1446 		 */
1447 		ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, server_conf,
1448 			    "could not make child process %d exit, "
1449 			    "attempting to continue anyway", pid);
1450 		break;
1451 	    }
1452 	}
1453 	for (ocr = other_children; ocr; ocr = nocr) {
1454 	    nocr = ocr->next;
1455 	    if (ocr->pid == -1)
1456 		continue;
1457 
1458 	    waitret = waitpid(ocr->pid, &status, WNOHANG);
1459 	    if (waitret == ocr->pid) {
1460 		ocr->pid = -1;
1461 		(*ocr->maintenance) (OC_REASON_RESTART, ocr->data, (ap_wait_t)status);
1462 	    }
1463 	    else if (waitret == 0) {
1464 		(*ocr->maintenance) (OC_REASON_RESTART, ocr->data, (ap_wait_t)-1);
1465 		++not_dead_yet;
1466 	    }
1467 	    else if (waitret == -1) {
1468 		/* uh what the heck? they didn't call unregister? */
1469 		ocr->pid = -1;
1470 		(*ocr->maintenance) (OC_REASON_LOST, ocr->data, (ap_wait_t)-1);
1471 	    }
1472 	}
1473 	if (!not_dead_yet) {
1474 	    /* nothing left to wait for */
1475 	    break;
1476 	}
1477     }
1478 }
1479 
1480 
1481 /* Finally, this routine is used by the caretaker process to wait for
1482  * a while...
1483  */
1484 
1485 /* number of calls to wait_or_timeout between writable probes */
1486 #ifndef INTERVAL_OF_WRITABLE_PROBES
1487 #define INTERVAL_OF_WRITABLE_PROBES 10
1488 #endif
1489 static int wait_or_timeout_counter;
1490 
wait_or_timeout(ap_wait_t * status)1491 static int wait_or_timeout(ap_wait_t *status)
1492 {
1493     struct timeval tv;
1494     int ret;
1495 
1496     ++wait_or_timeout_counter;
1497     if (wait_or_timeout_counter == INTERVAL_OF_WRITABLE_PROBES) {
1498 	wait_or_timeout_counter = 0;
1499 	probe_writable_fds();
1500     }
1501     ret = waitpid(-1, status, WNOHANG);
1502     if (ret == -1 && errno == EINTR) {
1503 	return -1;
1504     }
1505     if (ret > 0) {
1506 	return ret;
1507     }
1508     tv.tv_sec = SCOREBOARD_MAINTENANCE_INTERVAL / 1000000;
1509     tv.tv_usec = SCOREBOARD_MAINTENANCE_INTERVAL % 1000000;
1510     ap_select(0, NULL, NULL, NULL, &tv);
1511     return -1;
1512 }
1513 
1514 #if defined(NSIG)
1515 #define NumSIG NSIG
1516 #elif defined(_NSIG)
1517 #define NumSIG _NSIG
1518 #elif defined(__NSIG)
1519 #define NumSIG __NSIG
1520 #else
1521 #define NumSIG 32   /* for 1998's unixes, this is still a good assumption */
1522 #endif
1523 
1524 #define SYS_SIGLIST ap_sys_siglist
1525 #define INIT_SIGLIST() siglist_init();
1526 
1527 const char *ap_sys_siglist[NumSIG];
1528 
siglist_init(void)1529 static void siglist_init(void)
1530 {
1531     int sig;
1532 
1533     ap_sys_siglist[0] = "Signal 0";
1534     ap_sys_siglist[SIGHUP] = "Hangup";
1535     ap_sys_siglist[SIGINT] = "Interrupt";
1536     ap_sys_siglist[SIGQUIT] = "Quit";
1537     ap_sys_siglist[SIGILL] = "Illegal instruction";
1538     ap_sys_siglist[SIGTRAP] = "Trace/BPT trap";
1539     ap_sys_siglist[SIGIOT] = "IOT instruction";
1540     ap_sys_siglist[SIGABRT] = "Abort";
1541     ap_sys_siglist[SIGEMT] = "Emulator trap";
1542     ap_sys_siglist[SIGFPE] = "Arithmetic exception";
1543     ap_sys_siglist[SIGKILL] = "Killed";
1544     ap_sys_siglist[SIGBUS] = "Bus error";
1545     ap_sys_siglist[SIGSEGV] = "Segmentation fault";
1546     ap_sys_siglist[SIGSYS] = "Bad system call";
1547     ap_sys_siglist[SIGPIPE] = "Broken pipe";
1548     ap_sys_siglist[SIGALRM] = "Alarm clock";
1549     ap_sys_siglist[SIGTERM] = "Terminated";
1550     ap_sys_siglist[SIGUSR1] = "User defined signal 1";
1551     ap_sys_siglist[SIGUSR2] = "User defined signal 2";
1552     ap_sys_siglist[SIGCHLD] = "Child status change";
1553     ap_sys_siglist[SIGWINCH] = "Window changed";
1554     ap_sys_siglist[SIGURG] = "urgent socket condition";
1555     ap_sys_siglist[SIGIO] = "socket I/O possible";
1556     ap_sys_siglist[SIGSTOP] = "Stopped (signal)";
1557     ap_sys_siglist[SIGTSTP] = "Stopped";
1558     ap_sys_siglist[SIGCONT] = "Continued";
1559     ap_sys_siglist[SIGTTIN] = "Stopped (tty input)";
1560     ap_sys_siglist[SIGTTOU] = "Stopped (tty output)";
1561     ap_sys_siglist[SIGVTALRM] = "virtual timer expired";
1562     ap_sys_siglist[SIGPROF] = "profiling timer expired";
1563     ap_sys_siglist[SIGXCPU] = "exceeded cpu limit";
1564     ap_sys_siglist[SIGXFSZ] = "exceeded file size limit";
1565     for (sig=0; sig < sizeof(ap_sys_siglist)/sizeof(ap_sys_siglist[0]); ++sig)
1566         if (ap_sys_siglist[sig] == NULL)
1567             ap_sys_siglist[sig] = "";
1568 }
1569 
1570 /* handle all varieties of core dumping signals */
sig_coredump(int sig)1571 static void sig_coredump(int sig)
1572 {
1573     chdir(ap_coredump_dir);
1574     signal(sig, SIG_DFL);
1575     kill(getpid(), sig);
1576     /* At this point we've got sig blocked, because we're still inside
1577      * the signal handler.  When we leave the signal handler it will
1578      * be unblocked, and we'll take the signal... and coredump or whatever
1579      * is appropriate for this particular Unix.  In addition the parent
1580      * will see the real signal we received -- whereas if we called
1581      * abort() here, the parent would only see SIGABRT.
1582      */
1583 }
1584 
1585 /*****************************************************************
1586  * Connection structures and accounting...
1587  */
1588 
just_die(int sig)1589 static void just_die(int sig)
1590 {				/* SIGHUP to child process??? */
1591     /* if alarms are blocked we have to wait to die otherwise we might
1592      * end up with corruption in alloc.c's internal structures */
1593     if (alarms_blocked) {
1594 	exit_after_unblock = 1;
1595     }
1596     else {
1597 	clean_child_exit(0);
1598     }
1599 }
1600 
1601 static int volatile usr1_just_die = 1;
1602 static int volatile deferred_die;
1603 
usr1_handler(int sig)1604 static void usr1_handler(int sig)
1605 {
1606     if (usr1_just_die) {
1607 	just_die(sig);
1608     }
1609     deferred_die = 1;
1610 }
1611 
1612 /* volatile just in case */
1613 static int volatile shutdown_pending;
1614 static int volatile restart_pending;
1615 static int volatile is_graceful;
1616 API_VAR_EXPORT ap_generation_t volatile ap_my_generation=0;
1617 
1618 
1619 /*
1620  * ap_start_shutdown() and ap_start_restart(), below, are a first stab at
1621  * functions to initiate shutdown or restart without relying on signals.
1622  * Previously this was initiated in sig_term() and restart() signal handlers,
1623  * but we want to be able to start a shutdown/restart from other sources --
1624  * e.g. on Win32, from the service manager. Now the service manager can
1625  * call ap_start_shutdown() or ap_start_restart() as appropiate.  Note that
1626  * these functions can also be called by the child processes, since global
1627  * variables are no longer used to pass on the required action to the parent.
1628  */
1629 
ap_start_shutdown(void)1630 API_EXPORT(void) ap_start_shutdown(void)
1631 {
1632     if (shutdown_pending == 1) {
1633 	/* Um, is this _probably_ not an error, if the user has
1634 	 * tried to do a shutdown twice quickly, so we won't
1635 	 * worry about reporting it.
1636 	 */
1637 	return;
1638     }
1639     shutdown_pending = 1;
1640 }
1641 
1642 /* do a graceful restart if graceful == 1 */
ap_start_restart(int graceful)1643 API_EXPORT(void) ap_start_restart(int graceful)
1644 {
1645     if (restart_pending == 1) {
1646 	/* Probably not an error - don't bother reporting it */
1647 	return;
1648     }
1649     restart_pending = 1;
1650     is_graceful = graceful;
1651 }
1652 
sig_term(int sig)1653 static void sig_term(int sig)
1654 {
1655     ap_start_shutdown();
1656 }
1657 
restart(int sig)1658 static void restart(int sig)
1659 {
1660     ap_start_restart(sig == SIGUSR1);
1661 }
1662 
set_signals(void)1663 static void set_signals(void)
1664 {
1665     struct sigaction sa;
1666 
1667     sigemptyset(&sa.sa_mask);
1668     sa.sa_flags = 0;
1669 
1670     if (!one_process) {
1671 	sa.sa_handler = sig_coredump;
1672 	sa.sa_flags = SA_RESETHAND;
1673 	if (sigaction(SIGBUS, &sa, NULL) < 0)
1674 	    ap_log_error(APLOG_MARK, APLOG_WARNING, server_conf, "sigaction(SIGBUS)");
1675 	if (sigaction(SIGABRT, &sa, NULL) < 0)
1676 	    ap_log_error(APLOG_MARK, APLOG_WARNING, server_conf, "sigaction(SIGABRT)");
1677 	if (sigaction(SIGILL, &sa, NULL) < 0)
1678 	    ap_log_error(APLOG_MARK, APLOG_WARNING, server_conf, "sigaction(SIGILL)");
1679 	sa.sa_flags = 0;
1680     }
1681     sa.sa_handler = sig_term;
1682     if (sigaction(SIGTERM, &sa, NULL) < 0)
1683 	ap_log_error(APLOG_MARK, APLOG_WARNING, server_conf, "sigaction(SIGTERM)");
1684     if (sigaction(SIGINT, &sa, NULL) < 0)
1685         ap_log_error(APLOG_MARK, APLOG_WARNING, server_conf, "sigaction(SIGINT)");
1686     sa.sa_handler = SIG_DFL;
1687     if (sigaction(SIGXCPU, &sa, NULL) < 0)
1688 	ap_log_error(APLOG_MARK, APLOG_WARNING, server_conf, "sigaction(SIGXCPU)");
1689     sa.sa_handler = SIG_DFL;
1690     if (sigaction(SIGXFSZ, &sa, NULL) < 0)
1691 	ap_log_error(APLOG_MARK, APLOG_WARNING, server_conf, "sigaction(SIGXFSZ)");
1692     sa.sa_handler = SIG_IGN;
1693     if (sigaction(SIGPIPE, &sa, NULL) < 0)
1694 	ap_log_error(APLOG_MARK, APLOG_WARNING, server_conf, "sigaction(SIGPIPE)");
1695 
1696     /* we want to ignore HUPs and USR1 while we're busy processing one */
1697     sigaddset(&sa.sa_mask, SIGHUP);
1698     sigaddset(&sa.sa_mask, SIGUSR1);
1699     sa.sa_handler = restart;
1700     if (sigaction(SIGHUP, &sa, NULL) < 0)
1701 	ap_log_error(APLOG_MARK, APLOG_WARNING, server_conf, "sigaction(SIGHUP)");
1702     if (sigaction(SIGUSR1, &sa, NULL) < 0)
1703 	ap_log_error(APLOG_MARK, APLOG_WARNING, server_conf, "sigaction(SIGUSR1)");
1704 }
1705 
1706 
1707 /*****************************************************************
1708  * Here follows a long bunch of generic server bookkeeping stuff...
1709  */
1710 
detach(void)1711 static void detach(void)
1712 {
1713     int x;
1714 
1715     chdir("/");
1716     if (do_detach) {
1717         if ((x = fork()) > 0)
1718             exit(0);
1719         else if (x == -1) {
1720             perror("fork");
1721 	    fprintf(stderr, "%s: unable to fork new process\n", ap_server_argv0);
1722 	    exit(1);
1723         }
1724         RAISE_SIGSTOP(DETACH);
1725     }
1726     if ((pgrp = setsid()) == -1) {
1727 	perror("setsid");
1728 	fprintf(stderr, "%s: setsid failed\n", ap_server_argv0);
1729 	if (!do_detach)
1730 	    fprintf(stderr, "setsid() failed probably because you aren't "
1731 		"running under a process management tool like daemontools\n");
1732 	exit(1);
1733     }
1734 
1735     /* close out the standard file descriptors */
1736     if (freopen("/dev/null", "r", stdin) == NULL) {
1737 	fprintf(stderr, "%s: unable to replace stdin with /dev/null: %s\n",
1738 		ap_server_argv0, strerror(errno));
1739 	/* continue anyhow -- note we can't close out descriptor 0 because we
1740 	 * have nothing to replace it with, and if we didn't have a descriptor
1741 	 * 0 the next file would be created with that value ... leading to
1742 	 * havoc.
1743 	 */
1744     }
1745     if (freopen("/dev/null", "w", stdout) == NULL) {
1746 	fprintf(stderr, "%s: unable to replace stdout with /dev/null: %s\n",
1747 		ap_server_argv0, strerror(errno));
1748     }
1749     /* stderr is a tricky one, we really want it to be the error_log,
1750      * but we haven't opened that yet.  So leave it alone for now and it'll
1751      * be reopened moments later.
1752      */
1753 }
1754 
1755 /* Set group privileges.
1756  *
1757  * Note that we use the username as set in the config files, rather than
1758  * the lookup of to uid --- the same uid may have multiple passwd entries,
1759  * with different sets of groups for each.
1760  */
1761 
set_group_privs(void)1762 static void set_group_privs(void)
1763 {
1764     if (!geteuid()) {
1765 	char *name;
1766 
1767 	/* Get username if passed as a uid */
1768 
1769 	if (ap_user_name[0] == '#') {
1770 	    struct passwd *ent;
1771 	    uid_t uid = atoi(&ap_user_name[1]);
1772 
1773 	    if ((ent = getpwuid(uid)) == NULL) {
1774 		ap_log_error(APLOG_MARK, APLOG_ALERT, server_conf,
1775 			 "getpwuid: couldn't determine user name from uid %u, "
1776 			 "you probably need to modify the User directive",
1777 			 (unsigned)uid);
1778 		clean_child_exit(APEXIT_CHILDFATAL);
1779 	    }
1780 
1781 	    name = ent->pw_name;
1782 	}
1783 	else
1784 	    name = ap_user_name;
1785 
1786 	/*
1787 	 * Set the GID before initgroups(), since on some platforms
1788 	 * setgid() is known to zap the group list.
1789 	 */
1790 	if (setgid(ap_group_id) == -1) {
1791 	    ap_log_error(APLOG_MARK, APLOG_ALERT, server_conf,
1792 			"setgid: unable to set group id to Group %u",
1793 			(unsigned)ap_group_id);
1794 	    clean_child_exit(APEXIT_CHILDFATAL);
1795 	}
1796 
1797 	/* Reset `groups' attributes. */
1798 
1799 	if (initgroups(name, ap_group_id) == -1) {
1800 	    ap_log_error(APLOG_MARK, APLOG_ALERT, server_conf,
1801 			"initgroups: unable to set groups for User %s "
1802 			"and Group %u", name, (unsigned)ap_group_id);
1803 	    clean_child_exit(APEXIT_CHILDFATAL);
1804 	}
1805     }
1806 }
1807 
1808 /* check to see if we have the 'suexec' setuid wrapper installed */
init_suexec(void)1809 static int init_suexec(void)
1810 {
1811     int result = 0;
1812 
1813     struct stat wrapper;
1814 
1815     if ((stat(SUEXEC_BIN, &wrapper)) != 0) {
1816 	result = 0;
1817     }
1818     else if ((wrapper.st_mode & S_ISUID) && (wrapper.st_uid == 0)) {
1819 	result = 1;
1820     }
1821     return result;
1822 }
1823 
1824 /*****************************************************************
1825  * Connection structures and accounting...
1826  */
1827 
1828 
new_connection(pool * p,server_rec * server,BUFF * inout,const struct sockaddr * remaddr,const struct sockaddr * saddr,int child_num)1829 static conn_rec *new_connection(pool *p, server_rec *server, BUFF *inout,
1830 			     const struct sockaddr *remaddr,
1831 			     const struct sockaddr *saddr,
1832 			     int child_num)
1833 {
1834     conn_rec *conn = (conn_rec *) ap_pcalloc(p, sizeof(conn_rec));
1835     char hostnamebuf[MAXHOSTNAMELEN];
1836     size_t addr_len;
1837 
1838     /* Got a connection structure, so initialize what fields we can
1839      * (the rest are zeroed out by pcalloc).
1840      */
1841 
1842     conn->child_num = child_num;
1843 
1844     conn->pool = p;
1845 #ifndef SIN6_LEN
1846     addr_len = SA_LEN(saddr);
1847 #else
1848     addr_len = saddr->sa_len;
1849 #endif
1850     memcpy(&conn->local_addr, saddr, addr_len);
1851     getnameinfo((struct sockaddr *)&conn->local_addr, addr_len,
1852 	hostnamebuf, sizeof(hostnamebuf), NULL, 0, NI_NUMERICHOST);
1853     conn->local_ip = ap_pstrdup(conn->pool, hostnamebuf);
1854     conn->server = server; /* just a guess for now */
1855     ap_update_vhost_given_ip(conn);
1856     conn->base_server = conn->server;
1857     conn->client = inout;
1858 
1859 #ifndef SIN6_LEN
1860     addr_len = SA_LEN(remaddr);
1861 #else
1862     addr_len = remaddr->sa_len;
1863 #endif
1864     memcpy(&conn->remote_addr, remaddr, addr_len);
1865     getnameinfo((struct sockaddr *)&conn->remote_addr, addr_len,
1866 	hostnamebuf, sizeof(hostnamebuf), NULL, 0, NI_NUMERICHOST);
1867     conn->remote_ip = ap_pstrdup(conn->pool, hostnamebuf);
1868 
1869     conn->ctx = ap_ctx_new(conn->pool);
1870 
1871     /*
1872      * Invoke the `new_connection' hook of modules to let them do
1873      * some connection dependent actions before we go on with
1874      * processing the request on this connection.
1875      */
1876     {
1877         module *m;
1878         for (m = top_module; m != NULL; m = m->next)
1879             if (m->magic == MODULE_MAGIC_COOKIE_EAPI)
1880                 if (m->new_connection != NULL)
1881                     (*m->new_connection)(conn);
1882     }
1883 
1884     return conn;
1885 }
1886 
sock_disable_nagle(int s,struct sockaddr_in * sin_client)1887 static void sock_disable_nagle(int s, struct sockaddr_in *sin_client)
1888 {
1889     /* The Nagle algorithm says that we should delay sending partial
1890      * packets in hopes of getting more data.  We don't want to do
1891      * this; we are not telnet.  There are bad interactions between
1892      * persistent connections and Nagle's algorithm that have very severe
1893      * performance penalties.  (Failing to disable Nagle is not much of a
1894      * problem with simple HTTP.)
1895      *
1896      * In spite of these problems, failure here is not a shooting offense.
1897      */
1898     int just_say_no = 1;
1899 
1900     if (setsockopt(s, IPPROTO_TCP, TCP_NODELAY, (char *) &just_say_no,
1901 		   sizeof(int)) < 0) {
1902         if (sin_client) {
1903             ap_log_error(APLOG_MARK, APLOG_DEBUG, server_conf,
1904                          "setsockopt: (TCP_NODELAY), client %pA probably "
1905                          "dropped the connection", &sin_client->sin_addr);
1906         }
1907         else {
1908             ap_log_error(APLOG_MARK, APLOG_DEBUG, server_conf,
1909                          "setsockopt: (TCP_NODELAY)");
1910         }
1911     }
1912 }
1913 
make_sock(pool * p,const struct sockaddr * server)1914 static int make_sock(pool *p, const struct sockaddr *server)
1915 {
1916     int s;
1917     int one = 1;
1918     char addr[INET6_ADDRSTRLEN + 128];
1919     char a0[INET6_ADDRSTRLEN];
1920     char p0[NI_MAXSERV];
1921 #ifdef MPE
1922     int privport = 0;
1923 #endif
1924 
1925     switch(server->sa_family){
1926     case AF_INET:
1927 #ifdef INET6
1928     case AF_INET6:
1929 #endif
1930       break;
1931     default:
1932       ap_log_error(APLOG_MARK, APLOG_CRIT, server_conf,
1933                    "make_sock: unsupported address family %u",
1934 		   server->sa_family);
1935       ap_unblock_alarms();
1936       exit(1);
1937     }
1938 
1939     getnameinfo(server,
1940 #ifndef SIN6_LEN
1941 		SA_LEN(server),
1942 #else
1943 		server->sa_len,
1944 #endif
1945 		a0, sizeof(a0), p0, sizeof(p0), NI_NUMERICHOST | NI_NUMERICSERV);
1946     snprintf(addr, sizeof(addr), "address %s port %s", a0, p0);
1947 #ifdef MPE
1948     if (atoi(p0) < 1024)
1949       privport++;
1950 #endif
1951 
1952     /* note that because we're about to slack we don't use psocket */
1953     ap_block_alarms();
1954     if ((s = socket(server->sa_family, SOCK_STREAM, IPPROTO_TCP)) == -1) {
1955 	    ap_log_error(APLOG_MARK, APLOG_CRIT, server_conf,
1956 		    "make_sock: failed to get a socket for %s", addr);
1957 
1958 	    ap_unblock_alarms();
1959 	    exit(1);
1960     }
1961 
1962     s = ap_slack(s, AP_SLACK_HIGH);
1963 
1964     ap_note_cleanups_for_socket_ex(p, s, 1);	/* arrange to close on exec or restart */
1965 
1966     if (setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (char *) &one, sizeof(int)) < 0) {
1967 	ap_log_error(APLOG_MARK, APLOG_CRIT, server_conf,
1968 		    "make_sock: for %s, setsockopt: (SO_REUSEADDR)", addr);
1969 	closesocket(s);
1970 	ap_unblock_alarms();
1971 	exit(1);
1972     }
1973     one = 1;
1974     if (setsockopt(s, SOL_SOCKET, SO_KEEPALIVE, (char *) &one, sizeof(int)) < 0) {
1975 	ap_log_error(APLOG_MARK, APLOG_CRIT, server_conf,
1976 		    "make_sock: for %s, setsockopt: (SO_KEEPALIVE)", addr);
1977 	closesocket(s);
1978 
1979 	ap_unblock_alarms();
1980 	exit(1);
1981     }
1982 
1983     sock_disable_nagle(s, NULL);
1984     sock_enable_linger(s);
1985 
1986     /*
1987      * To send data over high bandwidth-delay connections at full
1988      * speed we must force the TCP window to open wide enough to keep the
1989      * pipe full.  The default window size on many systems
1990      * is only 4kB.  Cross-country WAN connections of 100ms
1991      * at 1Mb/s are not impossible for well connected sites.
1992      * If we assume 100ms cross-country latency,
1993      * a 4kB buffer limits throughput to 40kB/s.
1994      *
1995      * To avoid this problem I've added the SendBufferSize directive
1996      * to allow the web master to configure send buffer size.
1997      *
1998      * The trade-off of larger buffers is that more kernel memory
1999      * is consumed.  YMMV, know your customers and your network!
2000      *
2001      * -John Heidemann <johnh@isi.edu> 25-Oct-96
2002      *
2003      * If no size is specified, use the kernel default.
2004      */
2005     if (server_conf->send_buffer_size) {
2006 	if (setsockopt(s, SOL_SOCKET, SO_SNDBUF,
2007 		(char *) &server_conf->send_buffer_size, sizeof(int)) < 0) {
2008 	    ap_log_error(APLOG_MARK, APLOG_WARNING, server_conf,
2009 			"make_sock: failed to set SendBufferSize for %s, "
2010 			"using default", addr);
2011 	    /* not a fatal error */
2012 	}
2013     }
2014 
2015 #ifndef SIN6_LEN
2016     if (bind(s, server, SA_LEN(server)) == -1) {
2017 #else
2018     if (bind(s, server, server->sa_len) == -1) {
2019 #endif
2020 	ap_log_error(APLOG_MARK, APLOG_CRIT, server_conf,
2021 	    "make_sock: could not bind to %s", addr);
2022 
2023 	closesocket(s);
2024 	ap_unblock_alarms();
2025 	exit(1);
2026     }
2027 
2028     if (listen(s, ap_listenbacklog) == -1) {
2029 	ap_log_error(APLOG_MARK, APLOG_ERR, server_conf,
2030 	    "make_sock: unable to listen for connections on %s", addr);
2031 	closesocket(s);
2032 	ap_unblock_alarms();
2033 	exit(1);
2034     }
2035 
2036     ap_unblock_alarms();
2037 
2038     /* protect various fd_sets */
2039     if (s >= FD_SETSIZE) {
2040 	ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING, NULL,
2041 	    "make_sock: problem listening on %s, filedescriptor (%u) "
2042 	    "larger than FD_SETSIZE (%u) "
2043 	    "found, you probably need to rebuild Apache with a "
2044 	    "larger FD_SETSIZE", addr, s, FD_SETSIZE);
2045 	closesocket(s);
2046 	exit(1);
2047     }
2048 
2049     return s;
2050 }
2051 
2052 
2053 /*
2054  * During a restart we keep track of the old listeners here, so that we
2055  * can re-use the sockets.  We have to do this because we won't be able
2056  * to re-open the sockets ("Address already in use").
2057  *
2058  * Unlike the listeners ring, old_listeners is a NULL terminated list.
2059  *
2060  * copy_listeners() makes the copy, find_listener() finds an old listener
2061  * and close_unused_listener() cleans up whatever wasn't used.
2062  */
2063 static listen_rec *old_listeners;
2064 
2065 /* unfortunately copy_listeners may be called before listeners is a ring */
2066 static void copy_listeners(pool *p)
2067 {
2068     listen_rec *lr;
2069 
2070     ap_assert(old_listeners == NULL);
2071     if (ap_listeners == NULL) {
2072 	return;
2073     }
2074     lr = ap_listeners;
2075     do {
2076 	listen_rec *nr = malloc(sizeof *nr);
2077 
2078         if (nr == NULL) {
2079             fprintf(stderr, "Ouch!  malloc failed in copy_listeners()\n");
2080             exit(1);
2081         }
2082 	*nr = *lr;
2083 	ap_kill_cleanups_for_socket(p, nr->fd);
2084 	nr->next = old_listeners;
2085 	ap_assert(!nr->used);
2086 	old_listeners = nr;
2087 	lr = lr->next;
2088     } while (lr && lr != ap_listeners);
2089 }
2090 
2091 
2092 static int find_listener(listen_rec *lr)
2093 {
2094     listen_rec *or;
2095 
2096     for (or = old_listeners; or; or = or->next) {
2097 	if (!memcmp(&or->local_addr, &lr->local_addr, sizeof(or->local_addr))) {
2098 	    or->used = 1;
2099 	    return or->fd;
2100 	}
2101     }
2102     return -1;
2103 }
2104 
2105 
2106 static void close_unused_listeners(void)
2107 {
2108     listen_rec *or, *next;
2109 
2110     for (or = old_listeners; or; or = next) {
2111 	next = or->next;
2112 	if (!or->used)
2113 	    closesocket(or->fd);
2114 	free(or);
2115     }
2116     old_listeners = NULL;
2117 }
2118 
2119 
2120 /* open sockets, and turn the listeners list into a singly linked ring */
2121 static void setup_listeners(pool *p)
2122 {
2123     listen_rec *lr;
2124     int fd;
2125 
2126     listenmaxfd = -1;
2127     FD_ZERO(&listenfds);
2128     lr = ap_listeners;
2129     for (;;) {
2130 	fd = find_listener(lr);
2131 	if (fd < 0) {
2132 	    fd = make_sock(p, (struct sockaddr *)&lr->local_addr);
2133 	}
2134 	else {
2135 	    ap_note_cleanups_for_socket_ex(p, fd, 1);
2136 	}
2137 	/* if we get here, (fd >= 0) && (fd < FD_SETSIZE) */
2138 	if (fd >= 0) {
2139 	    FD_SET(fd, &listenfds);
2140 	    if (fd > listenmaxfd)
2141 		listenmaxfd = fd;
2142 	}
2143 	lr->fd = fd;
2144 	if (lr->next == NULL)
2145 	    break;
2146 	lr = lr->next;
2147     }
2148     /* turn the list into a ring */
2149     lr->next = ap_listeners;
2150     head_listener = ap_listeners;
2151     close_unused_listeners();
2152 
2153 }
2154 
2155 
2156 /*
2157  * Find a listener which is ready for accept().  This advances the
2158  * head_listener global.
2159  */
2160 static ap_inline listen_rec *find_ready_listener(fd_set * main_fds)
2161 {
2162     listen_rec *lr;
2163 
2164     lr = head_listener;
2165     do {
2166 	if (FD_ISSET(lr->fd, main_fds)) {
2167 	    head_listener = lr->next;
2168 	    return (lr);
2169 	}
2170 	lr = lr->next;
2171     } while (lr != head_listener);
2172     return NULL;
2173 }
2174 
2175 
2176 static void show_compile_settings(void)
2177 {
2178     printf("Server version: %s\n", ap_get_server_version());
2179     printf("Server's Module Magic Number: %u:%u\n",
2180 	   MODULE_MAGIC_NUMBER_MAJOR, MODULE_MAGIC_NUMBER_MINOR);
2181     printf("Server compiled with....\n");
2182     printf(" -D EAPI\n");
2183 #ifdef EAPI_MM
2184     printf(" -D EAPI_MM\n");
2185 #ifdef EAPI_MM_CORE_PATH
2186     printf(" -D EAPI_MM_CORE_PATH=\"" EAPI_MM_CORE_PATH "\"\n");
2187 #endif
2188 #endif
2189     printf(" -D HAVE_MMAP\n");
2190     printf(" -D HAVE_SHMGET\n");
2191     printf(" -D USE_MMAP_SCOREBOARD\n");
2192     printf(" -D USE_MMAP_FILES\n");
2193 #ifdef MMAP_SEGMENT_SIZE
2194 	printf(" -D MMAP_SEGMENT_SIZE=%ld\n",(long)MMAP_SEGMENT_SIZE);
2195 #endif
2196     printf(" -D HAVE_FLOCK_SERIALIZED_ACCEPT\n");
2197     printf(" -D HAVE_SYSVSEM_SERIALIZED_ACCEPT\n");
2198     printf(" -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT\n");
2199 #ifdef BUFFERED_LOGS
2200     printf(" -D BUFFERED_LOGS\n");
2201 #ifdef PIPE_BUF
2202 	printf(" -D PIPE_BUF=%ld\n",(long)PIPE_BUF);
2203 #endif
2204 #endif
2205     printf(" -D DYNAMIC_MODULE_LIMIT=%ld\n",(long)DYNAMIC_MODULE_LIMIT);
2206     printf(" -D HARD_SERVER_LIMIT=%ld\n",(long)HARD_SERVER_LIMIT);
2207 
2208 /* This list displays the compiled-in default paths: */
2209 #ifdef HTTPD_ROOT
2210     printf(" -D HTTPD_ROOT=\"" HTTPD_ROOT "\"\n");
2211 #endif
2212 #if defined(SUEXEC_BIN)
2213     printf(" -D SUEXEC_BIN=\"" SUEXEC_BIN "\"\n");
2214 #endif
2215 #ifdef DEFAULT_PIDLOG
2216     printf(" -D DEFAULT_PIDLOG=\"" DEFAULT_PIDLOG "\"\n");
2217 #endif
2218 #ifdef DEFAULT_SCOREBOARD
2219     printf(" -D DEFAULT_SCOREBOARD=\"" DEFAULT_SCOREBOARD "\"\n");
2220 #endif
2221 #ifdef DEFAULT_LOCKFILE
2222     printf(" -D DEFAULT_LOCKFILE=\"" DEFAULT_LOCKFILE "\"\n");
2223 #endif
2224 #ifdef DEFAULT_ERRORLOG
2225     printf(" -D DEFAULT_ERRORLOG=\"" DEFAULT_ERRORLOG "\"\n");
2226 #endif
2227 #ifdef TYPES_CONFIG_FILE
2228     printf(" -D TYPES_CONFIG_FILE=\"" TYPES_CONFIG_FILE "\"\n");
2229 #endif
2230 #ifdef SERVER_CONFIG_FILE
2231     printf(" -D SERVER_CONFIG_FILE=\"" SERVER_CONFIG_FILE "\"\n");
2232 #endif
2233 #ifdef ACCESS_CONFIG_FILE
2234     printf(" -D ACCESS_CONFIG_FILE=\"" ACCESS_CONFIG_FILE "\"\n");
2235 #endif
2236 #ifdef RESOURCE_CONFIG_FILE
2237     printf(" -D RESOURCE_CONFIG_FILE=\"" RESOURCE_CONFIG_FILE "\"\n");
2238 #endif
2239 }
2240 
2241 
2242 /* Some init code that's common between win32 and unix... well actually
2243  * some of it is #ifdef'd but was duplicated before anyhow.  This stuff
2244  * is still a mess.
2245  */
2246 static void common_init(void)
2247 {
2248     INIT_SIGLIST()
2249 
2250 
2251     pglobal = ap_init_alloc();
2252     pconf = ap_make_sub_pool(pglobal);
2253     plog = ap_make_sub_pool(pglobal);
2254     ptrans = ap_make_sub_pool(pconf);
2255 
2256     ap_util_init();
2257     ap_util_uri_init();
2258 
2259     pcommands = ap_make_sub_pool(NULL);
2260     ap_server_pre_read_config  = ap_make_array(pcommands, 1, sizeof(char *));
2261     ap_server_post_read_config = ap_make_array(pcommands, 1, sizeof(char *));
2262     ap_server_config_defines   = ap_make_array(pcommands, 1, sizeof(char *));
2263 
2264     ap_hook_init();
2265     ap_hook_configure("ap::buff::read",
2266                       AP_HOOK_SIG4(int,ptr,ptr,int), AP_HOOK_TOPMOST);
2267     ap_hook_configure("ap::buff::write",
2268                       AP_HOOK_SIG4(int,ptr,ptr,int), AP_HOOK_TOPMOST);
2269     ap_hook_configure("ap::buff::writev",
2270                       AP_HOOK_SIG4(int,ptr,ptr,int), AP_HOOK_TOPMOST);
2271     ap_hook_configure("ap::buff::sendwithtimeout",
2272                       AP_HOOK_SIG4(int,ptr,ptr,int), AP_HOOK_TOPMOST);
2273     ap_hook_configure("ap::buff::recvwithtimeout",
2274                       AP_HOOK_SIG4(int,ptr,ptr,int), AP_HOOK_TOPMOST);
2275 
2276     ap_global_ctx = ap_ctx_new(NULL);
2277 }
2278 
2279 /*****************************************************************
2280  * Child process main loop.
2281  * The following vars are static to avoid getting clobbered by longjmp();
2282  * they are really private to child_main.
2283  */
2284 
2285 static int srv;
2286 static int csd;
2287 static int dupped_csd;
2288 static int requests_this_child;
2289 static fd_set main_fds;
2290 
2291 API_EXPORT(void) ap_child_terminate(request_rec *r)
2292 {
2293     r->connection->keepalive = 0;
2294     requests_this_child = ap_max_requests_per_child = 1;
2295 }
2296 
2297 static void child_main(int child_num_arg)
2298 {
2299     NET_SIZE_T clen;
2300     struct sockaddr_storage sa_server;
2301     struct sockaddr_storage sa_client;
2302     listen_rec *lr;
2303     struct rlimit rlp;
2304 
2305     /* All of initialization is a critical section, we don't care if we're
2306      * told to HUP or USR1 before we're done initializing.  For example,
2307      * we could be half way through child_init_modules() when a restart
2308      * signal arrives, and we'd have no real way to recover gracefully
2309      * and exit properly.
2310      *
2311      * I suppose a module could take forever to initialize, but that would
2312      * be either a broken module, or a broken configuration (i.e. network
2313      * problems, file locking problems, whatever). -djg
2314      */
2315     ap_block_alarms();
2316 
2317     my_pid = getpid();
2318     csd = -1;
2319     dupped_csd = -1;
2320     my_child_num = child_num_arg;
2321     requests_this_child = 0;
2322 
2323     setproctitle("child");
2324 
2325     /*
2326      * set up rlimits to keep apache+scripting from leaking horribly
2327      */
2328     if (ap_max_cpu_per_child != 0){
2329 	rlp.rlim_cur = rlp.rlim_max = ap_max_cpu_per_child;
2330 	if (setrlimit(RLIMIT_CPU, &rlp) == -1){
2331 	    ap_log_error(APLOG_MARK, APLOG_ALERT, server_conf,
2332 		"setrlimit: unable to set CPU limit to %d",
2333 		ap_max_cpu_per_child);
2334 	    clean_child_exit(APEXIT_CHILDFATAL);
2335 	}
2336     }
2337     if (ap_max_data_per_child != 0){
2338 	rlp.rlim_cur = rlp.rlim_max = ap_max_data_per_child;
2339 	if (setrlimit(RLIMIT_DATA, &rlp) == -1){
2340 	    ap_log_error(APLOG_MARK, APLOG_ALERT, server_conf,
2341 		"setrlimit: unable to set data limit to %d",
2342 		ap_max_data_per_child);
2343 	    clean_child_exit(APEXIT_CHILDFATAL);
2344 	}
2345     }
2346     if (ap_max_nofile_per_child != 0){
2347 	rlp.rlim_cur = rlp.rlim_max = ap_max_nofile_per_child;
2348 	if (setrlimit(RLIMIT_NOFILE, &rlp) == -1){
2349 	    ap_log_error(APLOG_MARK, APLOG_ALERT, server_conf,
2350 		"setrlimit: unable to set open file limit to %d",
2351 		ap_max_nofile_per_child);
2352 	    clean_child_exit(APEXIT_CHILDFATAL);
2353 	}
2354     }
2355     if (ap_max_rss_per_child != 0){
2356 	rlp.rlim_cur = rlp.rlim_max = ap_max_rss_per_child;
2357 	if (setrlimit(RLIMIT_RSS, &rlp) == -1){
2358 	    ap_log_error(APLOG_MARK, APLOG_ALERT, server_conf,
2359 		"setrlimit: unable to set RSS limit to %d",
2360 		ap_max_rss_per_child);
2361 	    clean_child_exit(APEXIT_CHILDFATAL);
2362 	}
2363     }
2364     if (ap_max_stack_per_child != 0){
2365 	rlp.rlim_cur = rlp.rlim_max = ap_max_stack_per_child;
2366 	if (setrlimit(RLIMIT_STACK, &rlp) == -1){
2367 	    ap_log_error(APLOG_MARK, APLOG_ALERT, server_conf,
2368 		"setrlimit: unable to set stack size limit to %d",
2369 		ap_max_stack_per_child);
2370 	    clean_child_exit(APEXIT_CHILDFATAL);
2371 	}
2372     }
2373 #ifdef RLIMIT_TIME
2374     if (ap_max_time_per_child != 0){
2375 	rlp.rlim_cur = rlp.rlim_max = ap_max_time_per_child;
2376 	if (setrlimit(RLIMIT_TIME, &rlp) == -1){
2377 	    ap_log_error(APLOG_MARK, APLOG_ALERT, server_conf,
2378 		"setrlimit: unable to set humantime limit to %d",
2379 		ap_max_time_per_child);
2380 	    clean_child_exit(APEXIT_CHILDFATAL);
2381 	}
2382     }
2383 #endif
2384 
2385     /* Get a sub pool for global allocations in this child, so that
2386      * we can have cleanups occur when the child exits.
2387      */
2388     pchild = ap_make_sub_pool(pconf);
2389     /* associate accept mutex cleanup with a subpool of pchild so we can
2390      * make sure the mutex is released before calling module code at
2391      * termination
2392      */
2393     pmutex = ap_make_sub_pool(pchild);
2394 
2395     /* needs to be done before we switch UIDs so we have permissions */
2396     SAFE_ACCEPT(accept_mutex_child_init(pmutex));
2397 
2398     set_group_privs();
2399     /*
2400      * Only try to switch if we're running as root
2401      * In case of Cygwin we have the special super-user named SYSTEM
2402      */
2403     if (!geteuid() && (
2404 	setuid(ap_user_id) == -1)) {
2405 	ap_log_error(APLOG_MARK, APLOG_ALERT, server_conf,
2406 		    "setuid: unable to change to uid: %u", ap_user_id);
2407 	clean_child_exit(APEXIT_CHILDFATAL);
2408     }
2409 
2410     ap_child_init_modules(pchild, server_conf);
2411 
2412     /* done with the initialization critical section */
2413     ap_unblock_alarms();
2414 
2415     (void) ap_update_child_status(my_child_num, SERVER_READY, (request_rec *) NULL);
2416 
2417     /*
2418      * Setup the jump buffers so that we can return here after a timeout
2419      */
2420     ap_setjmp(jmpbuffer);
2421     signal(SIGURG, timeout);
2422     if (signal(SIGALRM, alrm_handler) == SIG_ERR) {
2423 	   fprintf(stderr, "installing signal handler for SIGALRM failed, errno %u\n", errno);
2424 	}
2425 
2426 
2427     while (1) {
2428 	BUFF *conn_io;
2429 	request_rec *r;
2430 
2431 	/* Prepare to receive a SIGUSR1 due to graceful restart so that
2432 	 * we can exit cleanly.  Since we're between connections right
2433 	 * now it's the right time to exit, but we might be blocked in a
2434 	 * system call when the graceful restart request is made. */
2435 	usr1_just_die = 1;
2436 	signal(SIGUSR1, usr1_handler);
2437 
2438 	/*
2439 	 * (Re)initialize this child to a pre-connection state.
2440 	 */
2441 
2442 	ap_kill_timeout(0);	/* Cancel any outstanding alarms. */
2443 	current_conn = NULL;
2444 
2445 	ap_clear_pool(ptrans);
2446 
2447 	if (ap_scoreboard_image->global.running_generation != ap_my_generation) {
2448 	    clean_child_exit(0);
2449 	}
2450 
2451 	if ((ap_max_requests_per_child > 0
2452 	     && requests_this_child++ >= ap_max_requests_per_child)) {
2453 	    clean_child_exit(0);
2454 	}
2455 
2456 	(void) ap_update_child_status(my_child_num, SERVER_READY, (request_rec *) NULL);
2457 
2458 	/*
2459 	 * Wait for an acceptable connection to arrive.
2460 	 */
2461 
2462 	/* Lock around "accept", if necessary */
2463 	SAFE_ACCEPT(accept_mutex_on());
2464 
2465 	for (;;) {
2466 	    if (ap_listeners->next != ap_listeners) {
2467 		/* more than one socket */
2468 		memcpy(&main_fds, &listenfds, sizeof(fd_set));
2469 		srv = ap_select(listenmaxfd + 1, &main_fds, NULL, NULL, NULL);
2470 
2471 		if (srv < 0 && errno != EINTR) {
2472 		    /* Single Unix documents select as returning errnos
2473 		     * EBADF, EINTR, and EINVAL... and in none of those
2474 		     * cases does it make sense to continue.  In fact
2475 		     * on Linux 2.0.x we seem to end up with EFAULT
2476 		     * occasionally, and we'd loop forever due to it.
2477 		     */
2478 		    ap_log_error(APLOG_MARK, APLOG_ERR, server_conf, "select: (listen)");
2479 		    clean_child_exit(1);
2480 		}
2481 
2482 		if (srv <= 0)
2483 		    continue;
2484 
2485 		lr = find_ready_listener(&main_fds);
2486 		if (lr == NULL)
2487 		    continue;
2488 		sd = lr->fd;
2489 	    }
2490 	    else {
2491 		/* only one socket, just pretend we did the other stuff */
2492 		sd = ap_listeners->fd;
2493 	    }
2494 
2495 	    /* if we accept() something we don't want to die, so we have to
2496 	     * defer the exit
2497 	     */
2498 	    deferred_die = 0;
2499 	    usr1_just_die = 0;
2500 	    for (;;) {
2501 		clen = sizeof(sa_client);
2502 		csd = ap_accept(sd, (struct sockaddr *)&sa_client, &clen);
2503 		if (csd >= 0 || errno != EINTR)
2504 		    break;
2505 		if (deferred_die) {
2506 		    /* we didn't get a socket, and we were told to die */
2507 		    clean_child_exit(0);
2508 		}
2509 	    }
2510 
2511 	    if (csd >= 0)
2512 		break;		/* We have a socket ready for reading */
2513 	    else {
2514 
2515 		/* Our old behaviour here was to continue after accept()
2516 		 * errors.  But this leads us into lots of troubles
2517 		 * because most of the errors are quite fatal.  For
2518 		 * example, EMFILE can be caused by slow descriptor
2519 		 * leaks (say in a 3rd party module, or libc).  It's
2520 		 * foolish for us to continue after an EMFILE.  We also
2521 		 * seem to tickle kernel bugs on some platforms which
2522 		 * lead to never-ending loops here.  So it seems best
2523 		 * to just exit in most cases.
2524 		 */
2525                 switch (errno) {
2526 
2527                 case ECONNABORTED:
2528 		    /* Linux generates the rest of these, other tcp
2529 		     * stacks (i.e. bsd) tend to hide them behind
2530 		     * getsockopt() interfaces.  They occur when
2531 		     * the net goes sour or the client disconnects
2532 		     * after the three-way handshake has been done
2533 		     * in the kernel but before userland has picked
2534 		     * up the socket.
2535 		     */
2536                 case ECONNRESET:
2537                 case ETIMEDOUT:
2538 		case EHOSTUNREACH:
2539 		case ENETUNREACH:
2540                     break;
2541 		case ENETDOWN:
2542 		     /*
2543 		      * When the network layer has been shut down, there
2544 		      * is not much use in simply exiting: the parent
2545 		      * would simply re-create us (and we'd fail again).
2546 		      * Use the CHILDFATAL code to tear the server down.
2547 		      * @@@ Martin's idea for possible improvement:
2548 		      * A different approach would be to define
2549 		      * a new APEXIT_NETDOWN exit code, the reception
2550 		      * of which would make the parent shutdown all
2551 		      * children, then idle-loop until it detected that
2552 		      * the network is up again, and restart the children.
2553 		      * Ben Hyde noted that temporary ENETDOWN situations
2554 		      * occur in mobile IP.
2555 		      */
2556 		    ap_log_error(APLOG_MARK, APLOG_EMERG, server_conf,
2557 			"accept: giving up.");
2558 		    clean_child_exit(APEXIT_CHILDFATAL);
2559 
2560 		default:
2561 		    ap_log_error(APLOG_MARK, APLOG_ERR, server_conf,
2562 				"accept: (client socket)");
2563 		    clean_child_exit(1);
2564 		}
2565 	    }
2566 
2567 	    /* go around again, safe to die */
2568 	    usr1_just_die = 1;
2569 	    if (deferred_die) {
2570 		/* ok maybe not, see ya later */
2571 		clean_child_exit(0);
2572 	    }
2573 	    /* or maybe we missed a signal, you never know on systems
2574 	     * without reliable signals
2575 	     */
2576 	    if (ap_scoreboard_image->global.running_generation != ap_my_generation) {
2577 		clean_child_exit(0);
2578 	    }
2579 	}
2580 
2581 	SAFE_ACCEPT(accept_mutex_off());	/* unlock after "accept" */
2582 
2583 
2584 	/* We've got a socket, let's at least process one request off the
2585 	 * socket before we accept a graceful restart request.
2586 	 */
2587 	signal(SIGUSR1, SIG_IGN);
2588 
2589 	ap_note_cleanups_for_socket_ex(ptrans, csd, 1);
2590 
2591 	/* protect various fd_sets */
2592 	if (csd >= FD_SETSIZE) {
2593 	    ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING, NULL,
2594 		"[csd] filedescriptor (%u) larger than FD_SETSIZE (%u) "
2595 		"found, you probably need to rebuild Apache with a "
2596 		"larger FD_SETSIZE", csd, FD_SETSIZE);
2597 	    continue;
2598 	}
2599 
2600 	/*
2601 	 * We now have a connection, so set it up with the appropriate
2602 	 * socket options, file descriptors, and read/write buffers.
2603 	 */
2604 
2605 	clen = sizeof(sa_server);
2606 	if (getsockname(csd, (struct sockaddr *)&sa_server, &clen) < 0) {
2607 	    ap_log_error(APLOG_MARK, APLOG_DEBUG, server_conf,
2608                          "getsockname, client %pA probably dropped the "
2609                          "connection",
2610                          &((struct sockaddr_in *)&sa_client)->sin_addr);
2611 	    continue;
2612 	}
2613 
2614 	sock_disable_nagle(csd, (struct sockaddr_in *)&sa_client);
2615 
2616 	(void) ap_update_child_status(my_child_num, SERVER_BUSY_READ,
2617 				   (request_rec *) NULL);
2618 
2619 	conn_io = ap_bcreate(ptrans, B_RDWR | B_SOCKET);
2620 
2621 	dupped_csd = csd;
2622 	ap_bpushfd(conn_io, csd, dupped_csd);
2623 
2624 	current_conn = new_connection(ptrans, server_conf, conn_io,
2625 				          (struct sockaddr *)&sa_client,
2626 				          (struct sockaddr *)&sa_server,
2627 				          my_child_num);
2628 
2629 	/*
2630 	 * Read and process each request found on our connection
2631 	 * until no requests are left or we decide to close.
2632 	 */
2633 
2634 	while ((r = ap_read_request(current_conn)) != NULL) {
2635 
2636 	    /* read_request_line has already done a
2637 	     * signal (SIGUSR1, SIG_IGN);
2638 	     */
2639 
2640 	    (void) ap_update_child_status(my_child_num, SERVER_BUSY_WRITE, r);
2641 
2642 	    /* process the request if it was read without error */
2643 
2644 	    if (r->status == HTTP_OK)
2645 		ap_process_request(r);
2646 
2647 	    if(ap_extended_status)
2648 		increment_counts(my_child_num, r);
2649 
2650 	    if (!current_conn->keepalive || current_conn->aborted)
2651 		break;
2652 
2653 	    ap_destroy_pool(r->pool);
2654 	    (void) ap_update_child_status(my_child_num, SERVER_BUSY_KEEPALIVE,
2655 				       (request_rec *) NULL);
2656 
2657 	    if (ap_scoreboard_image->global.running_generation != ap_my_generation) {
2658 		ap_call_close_connection_hook(current_conn);
2659 		ap_bclose(conn_io);
2660 		clean_child_exit(0);
2661 	    }
2662 
2663 	    /* In case we get a graceful restart while we're blocked
2664 	     * waiting for the request.
2665 	     *
2666 	     * XXX: This isn't perfect, we might actually read the
2667 	     * request and then just die without saying anything to
2668 	     * the client.  This can be fixed by using deferred_die
2669 	     * but you have to teach buff.c about it so that it can handle
2670 	     * the EINTR properly.
2671 	     *
2672 	     * In practice though browsers (have to) expect keepalive
2673 	     * connections to close before receiving a response because
2674 	     * of network latencies and server timeouts.
2675 	     */
2676 	    usr1_just_die = 1;
2677 	    signal(SIGUSR1, usr1_handler);
2678 	}
2679 
2680 	/*
2681 	 * Close the connection, being careful to send out whatever is still
2682 	 * in our buffers.  If possible, try to avoid a hard close until the
2683 	 * client has ACKed our FIN and/or has stopped sending us data.
2684 	 */
2685 
2686 	if (r && r->connection
2687 	    && !r->connection->aborted
2688 	    && r->connection->client
2689 	    && (r->connection->client->fd >= 0)) {
2690 
2691 	    lingering_close(r);
2692 	}
2693 	else {
2694 	    ap_call_close_connection_hook(current_conn);
2695 	    ap_bsetflag(conn_io, B_EOUT, 1);
2696 	    ap_bclose(conn_io);
2697 	}
2698     }
2699 }
2700 
2701 
2702 static int make_child(server_rec *s, int slot, time_t now)
2703 {
2704     int pid;
2705 
2706     if (slot + 1 > max_daemons_limit) {
2707 	max_daemons_limit = slot + 1;
2708     }
2709 
2710     if (one_process) {
2711 	signal(SIGHUP, just_die);
2712 	signal(SIGINT, just_die);
2713 	signal(SIGQUIT, SIG_DFL);
2714 	signal(SIGTERM, just_die);
2715 	child_main(slot);
2716     }
2717 
2718     /* avoid starvation */
2719     head_listener = head_listener->next;
2720 
2721     Explain1("Starting new child in slot %d", slot);
2722     (void) ap_update_child_status(slot, SERVER_STARTING, (request_rec *) NULL);
2723 
2724 
2725     if ((pid = fork()) == -1) {
2726 	ap_log_error(APLOG_MARK, APLOG_ERR, s, "fork: Unable to fork new process");
2727 
2728 	/* fork didn't succeed. Fix the scoreboard or else
2729 	 * it will say SERVER_STARTING forever and ever
2730 	 */
2731 	(void) ap_update_child_status(slot, SERVER_DEAD, (request_rec *) NULL);
2732 
2733 	/* In case system resources are maxxed out, we don't want
2734 	   Apache running away with the CPU trying to fork over and
2735 	   over and over again. */
2736 	sleep(10);
2737 
2738 	return -1;
2739     }
2740 
2741     if (!pid) {
2742 	RAISE_SIGSTOP(MAKE_CHILD);
2743 	MONCONTROL(1);
2744 	/* Disable the restart signal handlers and enable the just_die stuff.
2745 	 * Note that since restart() just notes that a restart has been
2746 	 * requested there's no race condition here.
2747 	 */
2748 	signal(SIGHUP, just_die);
2749 	signal(SIGUSR1, just_die);
2750 	signal(SIGTERM, just_die);
2751 	child_main(slot);
2752     }
2753 
2754     ap_scoreboard_image->parent[slot].last_rtime = now;
2755     ap_scoreboard_image->parent[slot].pid = pid;
2756     return 0;
2757 }
2758 
2759 
2760 /* start up a bunch of children */
2761 static void startup_children(int number_to_start)
2762 {
2763     int i;
2764     time_t now = time(NULL);
2765 
2766     for (i = 0; number_to_start && i < ap_daemons_limit; ++i) {
2767 	if (ap_scoreboard_image->servers[i].status != SERVER_DEAD) {
2768 	    continue;
2769 	}
2770 	if (make_child(server_conf, i, now) < 0) {
2771 	    break;
2772 	}
2773 	--number_to_start;
2774     }
2775 }
2776 
2777 
2778 /*
2779  * idle_spawn_rate is the number of children that will be spawned on the
2780  * next maintenance cycle if there aren't enough idle servers.  It is
2781  * doubled up to MAX_SPAWN_RATE, and reset only when a cycle goes by
2782  * without the need to spawn.
2783  */
2784 static int idle_spawn_rate = 1;
2785 #ifndef MAX_SPAWN_RATE
2786 #define MAX_SPAWN_RATE	(32)
2787 #endif
2788 static int hold_off_on_exponential_spawning;
2789 
2790 /*
2791  * Define the signal that is used to kill off children if idle_count
2792  * is greater then ap_daemons_max_free. Usually we will use SIGUSR1
2793  * to gracefully shutdown, but unfortunatly some OS will need other
2794  * signals to ensure that the child process is terminated and the
2795  * scoreboard pool is not growing to infinity. Also set the signal we
2796  * use to kill of childs that exceed timeout. This effect has been
2797 * seen at least on Cygwin 1.x. -- Stipe Tolj <tolj@wapme-systems.de>
2798  */
2799 #define SIG_IDLE_KILL SIGUSR1
2800 #define SIG_TIMEOUT_KILL SIGALRM
2801 
2802 static void perform_idle_server_maintenance(void)
2803 {
2804     int i;
2805     int to_kill;
2806     int idle_count;
2807     short_score *ss;
2808     time_t now = time(NULL);
2809     int free_length;
2810     int free_slots[MAX_SPAWN_RATE];
2811     int last_non_dead;
2812     int total_non_dead;
2813 
2814     /* initialize the free_list */
2815     free_length = 0;
2816 
2817     to_kill = -1;
2818     idle_count = 0;
2819     last_non_dead = -1;
2820     total_non_dead = 0;
2821 
2822     for (i = 0; i < ap_daemons_limit; ++i) {
2823 	int status;
2824 
2825 	if (i >= max_daemons_limit && free_length == idle_spawn_rate)
2826 	    break;
2827 	ss = &ap_scoreboard_image->servers[i];
2828 	status = ss->status;
2829 	if (status == SERVER_DEAD) {
2830 	    /* try to keep children numbers as low as possible */
2831 	    if (free_length < idle_spawn_rate) {
2832 		free_slots[free_length] = i;
2833 		++free_length;
2834 	    }
2835 	}
2836 	else {
2837 	    /* We consider a starting server as idle because we started it
2838 	     * at least a cycle ago, and if it still hasn't finished starting
2839 	     * then we're just going to swamp things worse by forking more.
2840 	     * So we hopefully won't need to fork more if we count it.
2841 	     * This depends on the ordering of SERVER_READY and SERVER_STARTING.
2842 	     */
2843 	    if (status <= SERVER_READY) {
2844 		++ idle_count;
2845 		/* always kill the highest numbered child if we have to...
2846 		 * no really well thought out reason ... other than observing
2847 		 * the server behaviour under linux where lower numbered children
2848 		 * tend to service more hits (and hence are more likely to have
2849 		 * their data in cpu caches).
2850 		 */
2851 		to_kill = i;
2852 	    }
2853 
2854 	    ++total_non_dead;
2855 	    last_non_dead = i;
2856 	    if (ss->timeout_len) {
2857 		/* if it's a live server, with a live timeout then
2858 		 * start checking its timeout */
2859 		parent_score *ps = &ap_scoreboard_image->parent[i];
2860 		if (ss->cur_vtime != ps->last_vtime) {
2861 		    /* it has made progress, so update its last_rtime,
2862 		     * last_vtime */
2863 		    ps->last_rtime = now;
2864 		    ps->last_vtime = ss->cur_vtime;
2865 		}
2866 		else if (ps->last_rtime + ss->timeout_len < now) {
2867 		    /* no progress, and the timeout length has been exceeded */
2868 		    ss->timeout_len = 0;
2869 		    safe_child_kill(ps->pid, SIG_TIMEOUT_KILL);
2870 		}
2871 	    }
2872 	}
2873     }
2874     max_daemons_limit = last_non_dead + 1;
2875     if (idle_count > ap_daemons_max_free) {
2876 	/* kill off one child... we use SIGUSR1 because that'll cause it to
2877 	 * shut down gracefully, in case it happened to pick up a request
2878 	 * while we were counting. Use the define SIG_IDLE_KILL to reflect
2879 	 * which signal should be used on the specific OS.
2880 	 */
2881 	safe_child_kill(ap_scoreboard_image->parent[to_kill].pid, SIG_IDLE_KILL);
2882 	idle_spawn_rate = 1;
2883     }
2884     else if (idle_count < ap_daemons_min_free) {
2885 	/* terminate the free list */
2886 	if (free_length == 0) {
2887 	    /* only report this condition once */
2888 	    static int reported = 0;
2889 
2890 	    if (!reported) {
2891 		ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, server_conf,
2892 			    "server reached MaxClients setting, consider"
2893 			    " raising the MaxClients setting");
2894 		reported = 1;
2895 	    }
2896 	    idle_spawn_rate = 1;
2897 	}
2898 	else {
2899 	    if (idle_spawn_rate >= 8) {
2900 		ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_INFO, server_conf,
2901 		    "server seems busy, (you may need "
2902 		    "to increase StartServers, or Min/MaxSpareServers), "
2903 		    "spawning %d children, there are %d idle, and "
2904 		    "%d total children", idle_spawn_rate,
2905 		    idle_count, total_non_dead);
2906 	    }
2907 	    for (i = 0; i < free_length; ++i) {
2908 		make_child(server_conf, free_slots[i], now);
2909 	    }
2910 	    /* the next time around we want to spawn twice as many if this
2911 	     * wasn't good enough, but not if we've just done a graceful
2912 	     */
2913 	    if (hold_off_on_exponential_spawning) {
2914 		--hold_off_on_exponential_spawning;
2915 	    }
2916 	    else if (idle_spawn_rate < MAX_SPAWN_RATE) {
2917 		idle_spawn_rate *= 2;
2918 	    }
2919 	}
2920     }
2921     else {
2922 	idle_spawn_rate = 1;
2923     }
2924 }
2925 
2926 
2927 static void process_child_status(int pid, ap_wait_t status)
2928 {
2929     /* Child died... if it died due to a fatal error,
2930 	* we should simply bail out.
2931 	*/
2932     if ((WIFEXITED(status)) &&
2933 	WEXITSTATUS(status) == APEXIT_CHILDFATAL) {
2934         /* cleanup pid file -- it is useless after our exiting */
2935         const char *pidfile = NULL;
2936         pidfile = ap_server_root_relative (pconf, ap_pid_fname);
2937         if ( pidfile != NULL && unlink(pidfile) == 0)
2938             ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_INFO,
2939                          server_conf,
2940                          "removed PID file %s (pid=%ld)",
2941                          pidfile, (long)getpid());
2942 	ap_log_error(APLOG_MARK, APLOG_ALERT|APLOG_NOERRNO, server_conf,
2943 			"Child %d returned a Fatal error... \n"
2944 			"Apache is exiting!",
2945 			pid);
2946 	exit(APEXIT_CHILDFATAL);
2947     }
2948     if (WIFSIGNALED(status)) {
2949 	switch (WTERMSIG(status)) {
2950 	case SIGTERM:
2951 	case SIGHUP:
2952 	case SIGUSR1:
2953 	case SIGKILL:
2954 	    break;
2955 	default:
2956 	    if (WCOREDUMP(status)) {
2957 		ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE,
2958 			     server_conf,
2959 			     "child pid %d exit signal %s (%d), "
2960 			     "possible coredump in %s",
2961 			     pid, (WTERMSIG(status) >= NumSIG) ? "" :
2962 			     SYS_SIGLIST[WTERMSIG(status)], WTERMSIG(status),
2963 			     ap_coredump_dir);
2964 	    }
2965 	    else {
2966 		ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE,
2967 			     server_conf,
2968 			     "child pid %d exit signal %s (%d)", pid,
2969 			     SYS_SIGLIST[WTERMSIG(status)], WTERMSIG(status));
2970 	    }
2971 	}
2972     }
2973 }
2974 
2975 
2976 /*****************************************************************
2977  * Executive routines.
2978  */
2979 
2980 #ifndef STANDALONE_MAIN
2981 #define STANDALONE_MAIN standalone_main
2982 
2983 static void standalone_main(int argc, char **argv)
2984 {
2985     int remaining_children_to_start;
2986 
2987 
2988     ap_standalone = 1;
2989 
2990     is_graceful = 0;
2991 
2992     if (!one_process) {
2993 	detach();
2994     }
2995     else {
2996 	MONCONTROL(1);
2997     }
2998 
2999     my_pid = getpid();
3000 
3001     do {
3002 	copy_listeners(pconf);
3003 	if (!is_graceful) {
3004 	    ap_restart_time = time(NULL);
3005 	}
3006 	ap_clear_pool(pconf);
3007 	ptrans = ap_make_sub_pool(pconf);
3008 
3009 	ap_init_mutex_method(ap_default_mutex_method());
3010 
3011 	server_conf = ap_read_config(pconf, ptrans, ap_server_confname);
3012 	setup_listeners(pconf);
3013 	ap_clear_pool(plog);
3014 
3015 	/*
3016 	 * we cannot reopen the logfiles once we dropped permissions,
3017 	 * we cannot write the pidfile (pointless anyway), and we can't
3018 	 * reload & reinit the modules.
3019 	 */
3020 
3021 	if (!is_chrooted) {
3022 	    ap_open_logs(server_conf, plog);
3023 	    ap_log_pid(pconf, ap_pid_fname);
3024 	}
3025 	ap_set_version();	/* create our server_version string */
3026 	ap_init_modules(pconf, server_conf);
3027 	ap_init_etag(pconf);
3028 	version_locked++;	/* no more changes to server_version */
3029 
3030 	if(!is_graceful && !is_chrooted) {
3031 	    if (ap_server_chroot) {
3032 		if (geteuid()) {
3033 		    ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_EMERG,
3034 			server_conf, "can't run in secure mode if not "
3035 			"started with root privs.");
3036 		    exit(1);
3037 		}
3038 
3039 		/* initialize /dev/crypto, XXX check for -DSSL option */
3040 #ifdef MOD_SSL
3041 		OpenSSL_add_all_algorithms();
3042 #endif
3043 
3044 		if (initgroups(ap_user_name, ap_group_id)) {
3045 		    ap_log_error(APLOG_MARK, APLOG_CRIT, server_conf,
3046 			"initgroups: unable to set groups for User %s "
3047 			"and Group %u", ap_user_name, (unsigned)ap_group_id);
3048 		    exit(1);
3049 		}
3050 
3051 		if (chroot(ap_server_root) < 0) {
3052 		    ap_log_error(APLOG_MARK, APLOG_EMERG, server_conf,
3053 			"unable to chroot into %s!", ap_server_root);
3054 		    exit(1);
3055 		}
3056 		ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE,
3057 		    server_conf, "chrooted in %s", ap_server_root);
3058 		chdir("/");
3059 		is_chrooted = 1;
3060 		setproctitle("parent [chroot %s]", ap_server_root);
3061 
3062 		if (setresgid(ap_group_id, ap_group_id, ap_group_id) != 0 ||
3063 		    setresuid(ap_user_id, ap_user_id, ap_user_id) != 0) {
3064 			ap_log_error(APLOG_MARK, APLOG_CRIT, server_conf,
3065 			    "can't drop privileges!");
3066 			exit(1);
3067 		} else
3068 		    ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE,
3069 			server_conf, "changed to uid %u, gid %u",
3070 			ap_user_id, ap_group_id);
3071 	    } else
3072 		setproctitle("parent");
3073 	}
3074 
3075 
3076 	SAFE_ACCEPT(accept_mutex_init(pconf));
3077 	if (!is_graceful) {
3078 	    reinit_scoreboard(pconf);
3079 	}
3080 	set_signals();
3081 
3082 	if (ap_daemons_max_free < ap_daemons_min_free + 1)	/* Don't thrash... */
3083 	    ap_daemons_max_free = ap_daemons_min_free + 1;
3084 
3085 	/* If we're doing a graceful_restart then we're going to see a lot
3086 	 * of children exiting immediately when we get into the main loop
3087 	 * below (because we just sent them SIGUSR1).  This happens pretty
3088 	 * rapidly... and for each one that exits we'll start a new one until
3089 	 * we reach at least daemons_min_free.  But we may be permitted to
3090 	 * start more than that, so we'll just keep track of how many we're
3091 	 * supposed to start up without the 1 second penalty between each fork.
3092 	 */
3093 	remaining_children_to_start = ap_daemons_to_start;
3094 	if (remaining_children_to_start > ap_daemons_limit) {
3095 	    remaining_children_to_start = ap_daemons_limit;
3096 	}
3097 	if (!is_graceful) {
3098 	    startup_children(remaining_children_to_start);
3099 	    remaining_children_to_start = 0;
3100 	}
3101 	else {
3102 	    /* give the system some time to recover before kicking into
3103 	     * exponential mode */
3104 	    hold_off_on_exponential_spawning = 10;
3105 	}
3106 
3107 	ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE, server_conf,
3108 		    "%s configured -- resuming normal operations",
3109 		    ap_get_server_version());
3110 	if (ap_suexec_enabled) {
3111 	    ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE, server_conf,
3112 		         "suEXEC mechanism enabled (wrapper: %s)", SUEXEC_BIN);
3113 	}
3114 	ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE, server_conf,
3115 		    "Accept mutex: %s (Default: %s)",
3116 		     amutex->name, ap_default_mutex_method());
3117 	restart_pending = shutdown_pending = 0;
3118 
3119 	while (!restart_pending && !shutdown_pending) {
3120 	    int child_slot;
3121 	    ap_wait_t status;
3122 	    int pid = wait_or_timeout(&status);
3123 
3124 	    /* XXX: if it takes longer than 1 second for all our children
3125 	     * to start up and get into IDLE state then we may spawn an
3126 	     * extra child
3127 	     */
3128 	    if (pid >= 0) {
3129 		process_child_status(pid, status);
3130 		/* non-fatal death... note that it's gone in the scoreboard. */
3131 		child_slot = find_child_by_pid(pid);
3132 		Explain2("Reaping child %d slot %d", pid, child_slot);
3133 		if (child_slot >= 0) {
3134 		    (void) ap_update_child_status(child_slot, SERVER_DEAD,
3135 					       (request_rec *) NULL);
3136 		    if (remaining_children_to_start
3137 			&& child_slot < ap_daemons_limit) {
3138 			/* we're still doing a 1-for-1 replacement of dead
3139 			 * children with new children
3140 			 */
3141 			make_child(server_conf, child_slot, time(NULL));
3142 			--remaining_children_to_start;
3143 		    }
3144 		}
3145 		else if (reap_other_child(pid, status) == 0) {
3146 		    /* handled */
3147 		}
3148 		else if (is_graceful) {
3149 		    /* Great, we've probably just lost a slot in the
3150 		     * scoreboard.  Somehow we don't know about this
3151 		     * child.
3152 		     */
3153 		    ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING, server_conf,
3154 				"long lost child came home! (pid %d)", pid);
3155 		}
3156 		/* Don't perform idle maintenance when a child dies,
3157 		 * only do it when there's a timeout.  Remember only a
3158 		 * finite number of children can die, and it's pretty
3159 		 * pathological for a lot to die suddenly.
3160 		 */
3161 		continue;
3162 	    }
3163 	    else if (remaining_children_to_start) {
3164 		/* we hit a 1 second timeout in which none of the previous
3165 		 * generation of children needed to be reaped... so assume
3166 		 * they're all done, and pick up the slack if any is left.
3167 		 */
3168 		startup_children(remaining_children_to_start);
3169 		remaining_children_to_start = 0;
3170 		/* In any event we really shouldn't do the code below because
3171 		 * few of the servers we just started are in the IDLE state
3172 		 * yet, so we'd mistakenly create an extra server.
3173 		 */
3174 		continue;
3175 	    }
3176 
3177 	    perform_idle_server_maintenance();
3178 	}
3179 
3180 	if (shutdown_pending) {
3181 	    /* Time to gracefully shut down:
3182 	     * Kill child processes, tell them to call child_exit, etc...
3183 	     */
3184 	    if (ap_killpg(pgrp, SIGTERM) < 0) {
3185 		ap_log_error(APLOG_MARK, APLOG_WARNING, server_conf, "killpg SIGTERM");
3186 	    }
3187 	    reclaim_child_processes(1);		/* Start with SIGTERM */
3188 
3189 	    /* cleanup pid file on normal shutdown */
3190 	    {
3191 		char *pidfile = NULL;
3192 		pidfile = ap_server_root_relative (pconf, ap_pid_fname);
3193 		ap_server_strip_chroot(pidfile, 0);
3194 		if ( pidfile != NULL && unlink(pidfile) == 0)
3195 		    ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_INFO,
3196 				 server_conf,
3197 				 "removed PID file %s (pid=%u)",
3198 				 pidfile, getpid());
3199 	    }
3200 
3201 	    ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE, server_conf,
3202 			"caught SIGTERM, shutting down");
3203 	    clean_parent_exit(0);
3204 	}
3205 
3206 	/* we've been told to restart */
3207 	signal(SIGHUP, SIG_IGN);
3208 	signal(SIGUSR1, SIG_IGN);
3209 
3210 	if (one_process) {
3211 	    /* not worth thinking about */
3212 	    clean_parent_exit(0);
3213 	}
3214 
3215 	/* advance to the next generation */
3216 	/* XXX: we really need to make sure this new generation number isn't in
3217 	 * use by any of the children.
3218 	 */
3219 	++ap_my_generation;
3220 	ap_scoreboard_image->global.running_generation = ap_my_generation;
3221 
3222 	if (is_graceful) {
3223 	    int i;
3224 	    ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE, server_conf,
3225 			"SIGUSR1 received.  Doing graceful restart");
3226 
3227 	    /* kill off the idle ones */
3228 	    if (ap_killpg(pgrp, SIGUSR1) < 0) {
3229 		ap_log_error(APLOG_MARK, APLOG_WARNING, server_conf, "killpg SIGUSR1");
3230 	    }
3231 	    /* This is mostly for debugging... so that we know what is still
3232 	     * gracefully dealing with existing request.  But we can't really
3233 	     * do it if we're in a SCOREBOARD_FILE because it'll cause
3234 	     * corruption too easily.
3235 	     */
3236 	    for (i = 0; i < ap_daemons_limit; ++i) {
3237 		if (ap_scoreboard_image->servers[i].status != SERVER_DEAD) {
3238 		    ap_scoreboard_image->servers[i].status = SERVER_GRACEFUL;
3239 		}
3240 	    }
3241 	}
3242 	else {
3243 	    /* Kill 'em off */
3244 	    if (ap_killpg(pgrp, SIGHUP) < 0) {
3245 		ap_log_error(APLOG_MARK, APLOG_WARNING, server_conf, "killpg SIGHUP");
3246 	    }
3247 	    reclaim_child_processes(0);		/* Not when just starting up */
3248 	    ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE, server_conf,
3249 			"SIGHUP received.  Attempting to restart");
3250 	}
3251     } while (restart_pending);
3252 
3253     /*add_common_vars(NULL);*/
3254 }				/* standalone_main */
3255 #else
3256 /* prototype */
3257 void STANDALONE_MAIN(int argc, char **argv);
3258 #endif /* STANDALONE_MAIN */
3259 
3260 extern char *optarg;
3261 extern int optind;
3262 
3263 int REALMAIN(int argc, char *argv[])
3264 {
3265     int c;
3266     int sock_in;
3267     int sock_out;
3268     char *s;
3269 
3270     MONCONTROL(0);
3271 
3272     common_init();
3273 
3274     if ((s = strrchr(argv[0], PATHSEPARATOR)) != NULL) {
3275 	ap_server_argv0 = ++s;
3276     }
3277     else {
3278 	ap_server_argv0 = argv[0];
3279     }
3280 
3281     ap_cpystrn(ap_server_root, HTTPD_ROOT, sizeof(ap_server_root));
3282     ap_cpystrn(ap_server_confname, SERVER_CONFIG_FILE, sizeof(ap_server_confname));
3283 
3284     ap_setup_prelinked_modules();
3285 
3286     while ((c = getopt(argc, argv,
3287 				    "D:C:c:xXd:Ff:vVlLR:StTh4u"
3288 #ifdef INET6
3289 				    "6"
3290 #endif
3291 #ifdef DEBUG_SIGSTOP
3292 				    "Z:"
3293 #endif
3294 			)) != -1) {
3295 	char **new;
3296 	switch (c) {
3297 	case 'c':
3298 	    new = (char **)ap_push_array(ap_server_post_read_config);
3299 	    *new = ap_pstrdup(pcommands, optarg);
3300 	    break;
3301 	case 'C':
3302 	    new = (char **)ap_push_array(ap_server_pre_read_config);
3303 	    *new = ap_pstrdup(pcommands, optarg);
3304 	    break;
3305 	case 'D':
3306 	    new = (char **)ap_push_array(ap_server_config_defines);
3307 	    *new = ap_pstrdup(pcommands, optarg);
3308 	    break;
3309 	case 'd':
3310 	    ap_cpystrn(ap_server_root, optarg, sizeof(ap_server_root));
3311 	    break;
3312 	case 'F':
3313 	    do_detach = 0;
3314 	    break;
3315 	case 'f':
3316 	    ap_cpystrn(ap_server_confname, optarg, sizeof(ap_server_confname));
3317 	    break;
3318 	case 'v':
3319 	    ap_server_tokens = SrvTk_FULL;
3320 	    ap_set_version();
3321 	    printf("Server version: %s\n", ap_get_server_version());
3322 	    exit(0);
3323 	case 'V':
3324 	    ap_server_tokens = SrvTk_FULL;
3325 	    ap_set_version();
3326 	    show_compile_settings();
3327 	    exit(0);
3328 	case 'l':
3329 	    ap_suexec_enabled = init_suexec();
3330 	    ap_show_modules();
3331 	    exit(0);
3332 	case 'L':
3333 	    ap_show_directives();
3334 	    exit(0);
3335 	case 'X':
3336 	    ++one_process;	/* Weird debugging mode. */
3337 	    break;
3338 #ifdef DEBUG_SIGSTOP
3339 	case 'Z':
3340 	    raise_sigstop_flags = atoi(optarg);
3341 	    break;
3342 #endif
3343 	case 'S':
3344 	    ap_dump_settings = 1;
3345 	    break;
3346 	case 't':
3347 	    ap_configtestonly = 1;
3348 	    ap_docrootcheck = 1;
3349 	    break;
3350 	case 'T':
3351 	    ap_configtestonly = 1;
3352 	    ap_docrootcheck = 0;
3353 	    break;
3354 	case 'h':
3355 	    usage(argv[0]);
3356 	case '4':
3357 	    ap_default_family = PF_INET;
3358 	    break;
3359 #ifdef INET6
3360 	case '6':
3361 	    ap_default_family = PF_INET6;
3362 	    break;
3363 #endif
3364 	case 'u':
3365 	    ap_server_chroot = 0;
3366 	    break;
3367 	case '?':
3368 	    usage(argv[0]);
3369 	}
3370     }
3371     ap_init_alloc_shared(TRUE);
3372 
3373     ap_suexec_enabled = init_suexec();
3374     server_conf = ap_read_config(pconf, ptrans, ap_server_confname);
3375 
3376     ap_init_alloc_shared(FALSE);
3377 
3378     if (ap_configtestonly) {
3379         fprintf(stderr, "Syntax OK\n");
3380         clean_parent_exit(0);
3381     }
3382     if (ap_dump_settings) {
3383         clean_parent_exit(0);
3384     }
3385 
3386     child_timeouts = !ap_standalone || one_process;
3387 
3388 
3389     if (ap_standalone) {
3390 	ap_open_logs(server_conf, plog);
3391 	ap_set_version();
3392 	ap_init_modules(pconf, server_conf);
3393 	version_locked++;
3394 	STANDALONE_MAIN(argc, argv);
3395     }
3396     else {
3397 	conn_rec *conn;
3398 	request_rec *r;
3399 	BUFF *cio;
3400 	struct sockaddr_storage sa_server, sa_client;
3401 	NET_SIZE_T l;
3402 	char servbuf[NI_MAXSERV];
3403 
3404 	ap_set_version();
3405 	/* Yes this is called twice. */
3406 	ap_init_modules(pconf, server_conf);
3407 	version_locked++;
3408 	ap_open_logs(server_conf, plog);
3409 	ap_init_modules(pconf, server_conf);
3410 	set_group_privs();
3411 
3412     /*
3413      * Only try to switch if we're running as root
3414      * In case of Cygwin we have the special super-user named SYSTEM
3415      * with a pre-defined uid.
3416      */
3417 	if (!geteuid() && setuid(ap_user_id) == -1) {
3418 	    ap_log_error(APLOG_MARK, APLOG_ALERT, server_conf,
3419 			"setuid: unable to change to uid: %u",
3420 			ap_user_id);
3421 	    exit(1);
3422 	}
3423 	if (ap_setjmp(jmpbuffer)) {
3424 	    exit(0);
3425 	}
3426 
3427     sock_in = fileno(stdin);
3428     sock_out = fileno(stdout);
3429 
3430 	l = sizeof(sa_client);
3431 	if ((getpeername(sock_in, (struct sockaddr *)&sa_client, &l)) < 0) {
3432 /* get peername will fail if the input isn't a socket */
3433 	    perror("getpeername");
3434 	    memset(&sa_client, '\0', sizeof(sa_client));
3435 	}
3436 
3437 	l = sizeof(sa_server);
3438 	if (getsockname(sock_in, (struct sockaddr *)&sa_server, &l) < 0) {
3439 	    perror("getsockname");
3440 	    fprintf(stderr, "Error getting local address\n");
3441 	    exit(1);
3442 	}
3443 	if (getnameinfo(((struct sockaddr *)&sa_server), l,
3444 			NULL, 0, servbuf, sizeof(servbuf),
3445 			NI_NUMERICSERV)){
3446 	    fprintf(stderr, "getnameinfo(): family=%d\n", sa_server.ss_family);
3447 	    exit(1);
3448 	}
3449 	servbuf[sizeof(servbuf)-1] = '\0';
3450 	server_conf->port = atoi(servbuf);
3451 	cio = ap_bcreate(ptrans, B_RDWR | B_SOCKET);
3452         cio->fd = sock_out;
3453         cio->fd_in = sock_in;
3454 	conn = new_connection(ptrans, server_conf, cio,
3455 			          (struct sockaddr *)&sa_client,
3456 			          (struct sockaddr *)&sa_server, -1);
3457 
3458 	while ((r = ap_read_request(conn)) != NULL) {
3459 
3460 	    if (r->status == HTTP_OK)
3461 		ap_process_request(r);
3462 
3463 	    if (!conn->keepalive || conn->aborted)
3464 		break;
3465 
3466 	    ap_destroy_pool(r->pool);
3467 	}
3468 
3469 	ap_call_close_connection_hook(conn);
3470 
3471 	ap_bclose(cio);
3472     }
3473     exit(0);
3474 }
3475 
3476 #include "httpd.h"
3477 /*
3478  * Force ap_validate_password() into the image so that modules like
3479  * mod_auth can use it even if they're dynamically loaded.
3480  */
3481 void suck_in_ap_validate_password(void);
3482 void suck_in_ap_validate_password(void)
3483 {
3484     ap_validate_password("a", "b");
3485 }
3486 
3487 API_EXPORT(void) ap_server_strip_chroot(char *src, int force)
3488 {
3489     char buf[MAX_STRING_LEN];
3490 
3491     if(src != NULL && ap_server_chroot && (is_chrooted || force)) {
3492 	if (strncmp(ap_server_root, src, strlen(ap_server_root)) == 0) {
3493 	    strlcpy(buf, src+strlen(ap_server_root), MAX_STRING_LEN);
3494 	    strlcpy(src, buf, strlen(src));
3495 	}
3496     }
3497 }
3498 
3499 API_EXPORT(int) ap_server_is_chrooted()
3500 {
3501     return(is_chrooted);
3502 }
3503 
3504 API_EXPORT(int) ap_server_chroot_desired()
3505 {
3506     return(ap_server_chroot);
3507 }
3508