lighttpd 1.4.x https://www.lighttpd.net/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

2084 lines
55 KiB

#include "first.h"
#include "server.h"
#include "buffer.h"
#include "burl.h"
#include "network.h"
#include "log.h"
#include "rand.h"
#include "chunk.h"
#include "http_auth.h"
#include "http_vhostdb.h"
#include "fdevent.h"
#include "connections.h"
#include "sock_addr.h"
#include "stat_cache.h"
#include "configfile.h"
#include "plugin.h"
#include "joblist.h"
#include "network_write.h"
#ifdef HAVE_VERSIONSTAMP_H
# include "versionstamp.h"
#else
# define REPO_VERSION ""
#endif
#define PACKAGE_DESC PACKAGE_NAME "/" PACKAGE_VERSION REPO_VERSION
#include <sys/types.h>
#include <sys/time.h>
#include <sys/stat.h>
[core] graceful restart with SIGUSR1 (fixes #2785) more consistent cleanup of resources at shutdown (e.g. upon error conditions) Notes: graceful restart with SIGUSR1 - not available if chroot()ed, oneshot mode, or if idle timeout occurs - preserve process id (pid) - preserve existing listen sockets - i.e. does not close old listen sockets from prior configs (even if old listen sockets no longer in the new config) (sockets may have been bound w/ root privileges no longer available) - will fail to add listen sockets from new config if privileges lighttpd configured to drop privileges to non-root user, and new listen socket attempts to bind to low-numbered port requiring root privileges. - will fail if listen sockets in new config conflict with any previous old listen sockets - These failure modes will result in lighttpd shutting down instead of graceful restart. These failure modes are not detectable with preflight checks ('lighttpd -tt -f lighttpd.conf') because the new instance of lighttpd running the preflight check does not known config state of n prior graceful restarts, or even the config state of the currently running lighttpd server. - due to lighttpd feature of optionally managing backends (e.g. fastcgi and scgi via "bin-path"), lighttpd must wait for all child processes to exit prior to restarting. Restarting new workers while old workers (and old backends) were still running would result in failure of restarted lighttpd process to be able to bind to sockets already in use by old backends (e.g. unix "socket" path) x-ref: "graceful restart with SIGUSR1" https://redmine.lighttpd.net/issues/2785
5 years ago
#include <sys/wait.h>
#include <string.h>
#include <errno.h>
#include <fcntl.h>
#include <unistd.h>
#include <stdlib.h>
#include <time.h>
#include <signal.h>
#include <locale.h>
#include <stdio.h>
#ifdef HAVE_GETOPT_H
# include <getopt.h>
#endif
#ifdef HAVE_VALGRIND_VALGRIND_H
# include <valgrind/valgrind.h>
#endif
#ifdef HAVE_SYS_WAIT_H
# include <sys/wait.h>
#endif
#ifdef HAVE_PWD_H
# include <grp.h>
# include <pwd.h>
#endif
#ifdef HAVE_SYSLOG_H
# include <syslog.h>
#endif
#ifdef HAVE_SYS_RESOURCE_H
# include <sys/resource.h>
#endif
#ifdef HAVE_SYS_PRCTL_H
# include <sys/prctl.h>
#endif
#if defined HAVE_LIBSSL && defined HAVE_OPENSSL_SSL_H
#define USE_SSL
#define TEXT_SSL " (ssl)"
#else
#define TEXT_SSL
#endif
#ifndef __sgi
/* IRIX doesn't like the alarm based time() optimization */
/* #define USE_ALARM */
#endif
static int oneshot_fd = 0;
static volatile int pid_fd = -2;
[core] graceful restart with SIGUSR1 (fixes #2785) more consistent cleanup of resources at shutdown (e.g. upon error conditions) Notes: graceful restart with SIGUSR1 - not available if chroot()ed, oneshot mode, or if idle timeout occurs - preserve process id (pid) - preserve existing listen sockets - i.e. does not close old listen sockets from prior configs (even if old listen sockets no longer in the new config) (sockets may have been bound w/ root privileges no longer available) - will fail to add listen sockets from new config if privileges lighttpd configured to drop privileges to non-root user, and new listen socket attempts to bind to low-numbered port requiring root privileges. - will fail if listen sockets in new config conflict with any previous old listen sockets - These failure modes will result in lighttpd shutting down instead of graceful restart. These failure modes are not detectable with preflight checks ('lighttpd -tt -f lighttpd.conf') because the new instance of lighttpd running the preflight check does not known config state of n prior graceful restarts, or even the config state of the currently running lighttpd server. - due to lighttpd feature of optionally managing backends (e.g. fastcgi and scgi via "bin-path"), lighttpd must wait for all child processes to exit prior to restarting. Restarting new workers while old workers (and old backends) were still running would result in failure of restarted lighttpd process to be able to bind to sockets already in use by old backends (e.g. unix "socket" path) x-ref: "graceful restart with SIGUSR1" https://redmine.lighttpd.net/issues/2785
5 years ago
static server_socket_array graceful_sockets;
static volatile sig_atomic_t graceful_restart = 0;
static volatile sig_atomic_t graceful_shutdown = 0;
[core] graceful restart with SIGUSR1 (fixes #2785) more consistent cleanup of resources at shutdown (e.g. upon error conditions) Notes: graceful restart with SIGUSR1 - not available if chroot()ed, oneshot mode, or if idle timeout occurs - preserve process id (pid) - preserve existing listen sockets - i.e. does not close old listen sockets from prior configs (even if old listen sockets no longer in the new config) (sockets may have been bound w/ root privileges no longer available) - will fail to add listen sockets from new config if privileges lighttpd configured to drop privileges to non-root user, and new listen socket attempts to bind to low-numbered port requiring root privileges. - will fail if listen sockets in new config conflict with any previous old listen sockets - These failure modes will result in lighttpd shutting down instead of graceful restart. These failure modes are not detectable with preflight checks ('lighttpd -tt -f lighttpd.conf') because the new instance of lighttpd running the preflight check does not known config state of n prior graceful restarts, or even the config state of the currently running lighttpd server. - due to lighttpd feature of optionally managing backends (e.g. fastcgi and scgi via "bin-path"), lighttpd must wait for all child processes to exit prior to restarting. Restarting new workers while old workers (and old backends) were still running would result in failure of restarted lighttpd process to be able to bind to sockets already in use by old backends (e.g. unix "socket" path) x-ref: "graceful restart with SIGUSR1" https://redmine.lighttpd.net/issues/2785
5 years ago
static volatile sig_atomic_t srv_shutdown = 0;
static volatile sig_atomic_t handle_sig_child = 0;
static volatile sig_atomic_t handle_sig_alarm = 1;
static volatile sig_atomic_t handle_sig_hup = 0;
#if defined(HAVE_SIGACTION) && defined(SA_SIGINFO)
static volatile siginfo_t last_sigterm_info;
static volatile siginfo_t last_sighup_info;
static void sigaction_handler(int sig, siginfo_t *si, void *context) {
static const siginfo_t empty_siginfo;
UNUSED(context);
if (!si) *(const siginfo_t **)&si = &empty_siginfo;
switch (sig) {
case SIGTERM:
srv_shutdown = 1;
last_sigterm_info = *si;
break;
[core] graceful restart with SIGUSR1 (fixes #2785) more consistent cleanup of resources at shutdown (e.g. upon error conditions) Notes: graceful restart with SIGUSR1 - not available if chroot()ed, oneshot mode, or if idle timeout occurs - preserve process id (pid) - preserve existing listen sockets - i.e. does not close old listen sockets from prior configs (even if old listen sockets no longer in the new config) (sockets may have been bound w/ root privileges no longer available) - will fail to add listen sockets from new config if privileges lighttpd configured to drop privileges to non-root user, and new listen socket attempts to bind to low-numbered port requiring root privileges. - will fail if listen sockets in new config conflict with any previous old listen sockets - These failure modes will result in lighttpd shutting down instead of graceful restart. These failure modes are not detectable with preflight checks ('lighttpd -tt -f lighttpd.conf') because the new instance of lighttpd running the preflight check does not known config state of n prior graceful restarts, or even the config state of the currently running lighttpd server. - due to lighttpd feature of optionally managing backends (e.g. fastcgi and scgi via "bin-path"), lighttpd must wait for all child processes to exit prior to restarting. Restarting new workers while old workers (and old backends) were still running would result in failure of restarted lighttpd process to be able to bind to sockets already in use by old backends (e.g. unix "socket" path) x-ref: "graceful restart with SIGUSR1" https://redmine.lighttpd.net/issues/2785
5 years ago
case SIGUSR1:
if (!graceful_shutdown) {
graceful_restart = 1;
graceful_shutdown = 1;
last_sigterm_info = *si;
}
break;
case SIGINT:
if (graceful_shutdown) {
[core] graceful restart with SIGUSR1 (fixes #2785) more consistent cleanup of resources at shutdown (e.g. upon error conditions) Notes: graceful restart with SIGUSR1 - not available if chroot()ed, oneshot mode, or if idle timeout occurs - preserve process id (pid) - preserve existing listen sockets - i.e. does not close old listen sockets from prior configs (even if old listen sockets no longer in the new config) (sockets may have been bound w/ root privileges no longer available) - will fail to add listen sockets from new config if privileges lighttpd configured to drop privileges to non-root user, and new listen socket attempts to bind to low-numbered port requiring root privileges. - will fail if listen sockets in new config conflict with any previous old listen sockets - These failure modes will result in lighttpd shutting down instead of graceful restart. These failure modes are not detectable with preflight checks ('lighttpd -tt -f lighttpd.conf') because the new instance of lighttpd running the preflight check does not known config state of n prior graceful restarts, or even the config state of the currently running lighttpd server. - due to lighttpd feature of optionally managing backends (e.g. fastcgi and scgi via "bin-path"), lighttpd must wait for all child processes to exit prior to restarting. Restarting new workers while old workers (and old backends) were still running would result in failure of restarted lighttpd process to be able to bind to sockets already in use by old backends (e.g. unix "socket" path) x-ref: "graceful restart with SIGUSR1" https://redmine.lighttpd.net/issues/2785
5 years ago
if (2 == graceful_restart)
graceful_restart = 1;
else
srv_shutdown = 1;
} else {
graceful_shutdown = 1;
}
last_sigterm_info = *si;
break;
case SIGALRM:
handle_sig_alarm = 1;
break;
case SIGHUP:
handle_sig_hup = 1;
last_sighup_info = *si;
break;
case SIGCHLD:
handle_sig_child = 1;
break;
}
}
#elif defined(HAVE_SIGNAL) || defined(HAVE_SIGACTION)
static void signal_handler(int sig) {
switch (sig) {
case SIGTERM: srv_shutdown = 1; break;
case SIGUSR1:
if (!graceful_shutdown) {
graceful_restart = 1;
graceful_shutdown = 1;
}
break;
case SIGINT:
[core] graceful restart with SIGUSR1 (fixes #2785) more consistent cleanup of resources at shutdown (e.g. upon error conditions) Notes: graceful restart with SIGUSR1 - not available if chroot()ed, oneshot mode, or if idle timeout occurs - preserve process id (pid) - preserve existing listen sockets - i.e. does not close old listen sockets from prior configs (even if old listen sockets no longer in the new config) (sockets may have been bound w/ root privileges no longer available) - will fail to add listen sockets from new config if privileges lighttpd configured to drop privileges to non-root user, and new listen socket attempts to bind to low-numbered port requiring root privileges. - will fail if listen sockets in new config conflict with any previous old listen sockets - These failure modes will result in lighttpd shutting down instead of graceful restart. These failure modes are not detectable with preflight checks ('lighttpd -tt -f lighttpd.conf') because the new instance of lighttpd running the preflight check does not known config state of n prior graceful restarts, or even the config state of the currently running lighttpd server. - due to lighttpd feature of optionally managing backends (e.g. fastcgi and scgi via "bin-path"), lighttpd must wait for all child processes to exit prior to restarting. Restarting new workers while old workers (and old backends) were still running would result in failure of restarted lighttpd process to be able to bind to sockets already in use by old backends (e.g. unix "socket" path) x-ref: "graceful restart with SIGUSR1" https://redmine.lighttpd.net/issues/2785
5 years ago
if (graceful_shutdown) {
if (2 == graceful_restart)
graceful_restart = 1;
else
srv_shutdown = 1;
} else {
graceful_shutdown = 1;
}
break;
case SIGALRM: handle_sig_alarm = 1; break;
case SIGHUP: handle_sig_hup = 1; break;
case SIGCHLD: handle_sig_child = 1; break;
}
}
#endif
#ifdef HAVE_FORK
static int daemonize(void) {
int pipefd[2];
pid_t pid;
#ifdef SIGTTOU
signal(SIGTTOU, SIG_IGN);
#endif
#ifdef SIGTTIN
signal(SIGTTIN, SIG_IGN);
#endif
#ifdef SIGTSTP
signal(SIGTSTP, SIG_IGN);
#endif
if (pipe(pipefd) < 0) exit(-1);
if (0 > (pid = fork())) exit(-1);
if (0 < pid) {
char buf;
ssize_t bytes;
close(pipefd[1]);
/* parent waits for grandchild to be ready */
do {
bytes = read(pipefd[0], &buf, sizeof(buf));
} while (bytes < 0 && EINTR == errno);
close(pipefd[0]);
if (bytes <= 0) {
/* closed fd (without writing) == failure in grandchild */
fputs("daemonized server failed to start; check error log for details\n", stderr);
exit(-1);
}
exit(0);
}
close(pipefd[0]);
if (-1 == setsid()) exit(0);
signal(SIGHUP, SIG_IGN);
if (0 != fork()) exit(0);
if (0 != chdir("/")) exit(0);
fdevent_setfd_cloexec(pipefd[1]);
return pipefd[1];
}
#endif
static server *server_init(void) {
int i;
server *srv = calloc(1, sizeof(*srv));
force_assert(srv);
#define CLEAN(x) \
srv->x = buffer_init();
CLEAN(response_header);
CLEAN(parse_full_path);
CLEAN(ts_debug_str);
CLEAN(ts_date_str);
CLEAN(errorlog_buf);
CLEAN(response_range);
CLEAN(tmp_buf);
srv->empty_string = buffer_init_string("");
CLEAN(cond_check_buf);
CLEAN(srvconf.errorlog_file);
CLEAN(srvconf.breakagelog_file);
CLEAN(srvconf.groupname);
CLEAN(srvconf.username);
CLEAN(srvconf.changeroot);
CLEAN(srvconf.bindhost);
CLEAN(srvconf.event_handler);
CLEAN(srvconf.pid_file);
CLEAN(srvconf.syslog_facility);
CLEAN(tmp_chunk_len);
#undef CLEAN
#define CLEAN(x) \
srv->x = array_init();
CLEAN(config_context);
CLEAN(config_touched);
CLEAN(status);
#undef CLEAN
for (i = 0; i < FILE_CACHE_MAX; i++) {
srv->mtime_cache[i].mtime = (time_t)-1;
srv->mtime_cache[i].str = buffer_init();
}
li_rand_reseed();
srv->cur_ts = time(NULL);
srv->startup_ts = srv->cur_ts;
srv->conns = calloc(1, sizeof(*srv->conns));
force_assert(srv->conns);
srv->joblist = calloc(1, sizeof(*srv->joblist));
force_assert(srv->joblist);
srv->fdwaitqueue = calloc(1, sizeof(*srv->fdwaitqueue));
force_assert(srv->fdwaitqueue);
srv->srvconf.modules = array_init();
srv->srvconf.modules_dir = buffer_init_string(LIBRARY_DIR);
srv->srvconf.network_backend = buffer_init();
srv->srvconf.upload_tempdirs = array_init();
srv->srvconf.reject_expect_100_with_417 = 1;
srv->srvconf.xattr_name = buffer_init_string("Content-Type");
[config] opts for http header parsing strictness (fixes #551, fixes #1086, fixes #1184, fixes #2143, #2258, #2281, fixes #946, fixes #1330, fixes #602, #1016) server.http-parseopt-header-strict = "enable" server.http-parseopt-host-strict = "enable" (implies host-normalize) server.http-parseopt-host-normalize = "disable" defaults retain current behavior, which is strict header parsing and strict host parsing, with enhancement to normalize IPv4 address and port number strings. For lighttpd tests, these need to be enabled (and are by default) For marginally faster HTTP header parsing for benchmarks, disable these. To allow - underscores in hostname - hypen ('-') at beginning of hostname - all-numeric TLDs server.http-parseopt-host-strict = "disable" x-ref: "lighttpd doesn't allow underscores in host names" https://redmine.lighttpd.net/issues/551 "hyphen in hostname" https://redmine.lighttpd.net/issues/1086 "a numeric tld" https://redmine.lighttpd.net/issues/1184 "Numeric tld's" https://redmine.lighttpd.net/issues/2143 "Bad Request" https://redmine.lighttpd.net/issues/2258 "400 Bad Request when using Numeric TLDs" https://redmine.lighttpd.net/issues/2281 To allow a variety of numerical formats to be converted to IP addresses server.http-parseopt-host-strict = "disable" server.http-parseopt-host-normalize = "enable" x-ref: "URL encoding leads to "400 - Bad Request"" https://redmine.lighttpd.net/issues/946 "400 Bad Request when using IP's numeric value ("ip2long()")" https://redmine.lighttpd.net/issues/1330 To allow most 8-bit and 7-bit chars in headers server.http-parseopt-header-strict = "disable" (not recommended) x-ref: "Russian letters not alowed?" https://redmine.lighttpd.net/issues/602 "header Content-Disposition with russian '?' (CP1251, ascii code 255) causes error" https://redmine.lighttpd.net/issues/1016
6 years ago
srv->srvconf.http_header_strict = 1;
srv->srvconf.http_host_strict = 1; /*(implies http_host_normalize)*/
srv->srvconf.http_host_normalize = 0;
#if 0
srv->srvconf.http_url_normalize = HTTP_PARSEOPT_URL_NORMALIZE
| HTTP_PARSEOPT_URL_NORMALIZE_UNRESERVED
| HTTP_PARSEOPT_URL_NORMALIZE_CTRLS_REJECT
| HTTP_PARSEOPT_URL_NORMALIZE_PATH_BACKSLASH_TRANS
| HTTP_PARSEOPT_URL_NORMALIZE_PATH_2F_DECODE
| HTTP_PARSEOPT_URL_NORMALIZE_PATH_DOTSEG_REMOVE;
#endif
srv->srvconf.http_url_normalize = 0; /* temporary; change in future */
srv->srvconf.high_precision_timestamps = 0;
srv->srvconf.max_request_field_size = 8192;
srv->srvconf.loadavg[0] = 0.0;
srv->srvconf.loadavg[1] = 0.0;
srv->srvconf.loadavg[2] = 0.0;
/* use syslog */
srv->errorlog_fd = STDERR_FILENO;
srv->errorlog_mode = ERRORLOG_FD;
srv->split_vals = array_init();
srv->request_env = plugins_call_handle_request_env;
return srv;
}
static void server_free(server *srv) {
size_t i;
for (i = 0; i < FILE_CACHE_MAX; i++) {
buffer_free(srv->mtime_cache[i].str);
}
if (oneshot_fd > 0) {
close(oneshot_fd);
}
#define CLEAN(x) \
buffer_free(srv->x);
CLEAN(response_header);
CLEAN(parse_full_path);
CLEAN(ts_debug_str);
CLEAN(ts_date_str);
CLEAN(errorlog_buf);
CLEAN(response_range);
CLEAN(tmp_buf);
CLEAN(empty_string);
CLEAN(cond_check_buf);
CLEAN(srvconf.errorlog_file);
CLEAN(srvconf.breakagelog_file);
CLEAN(srvconf.groupname);
CLEAN(srvconf.username);
CLEAN(srvconf.changeroot);
CLEAN(srvconf.bindhost);
CLEAN(srvconf.event_handler);
CLEAN(srvconf.pid_file);
CLEAN(srvconf.modules_dir);
CLEAN(srvconf.network_backend);
CLEAN(srvconf.xattr_name);
CLEAN(srvconf.syslog_facility);
CLEAN(tmp_chunk_len);
#undef CLEAN
#if 0
fdevent_unregister(srv->ev, srv->fd);
#endif
fdevent_free(srv->ev);
free(srv->conns);
if (srv->config_storage) {
for (i = 0; i < srv->config_context->used; i++) {
specific_config *s = srv->config_storage[i];
if (!s) continue;
buffer_free(s->document_root);
buffer_free(s->server_name);
buffer_free(s->server_tag);
buffer_free(s->error_handler);
[core] server.error-handler new directive for error pages (fixes #2702) server.error-handler preserves HTTP status error code when error page is static, and allows dynamic handlers to change HTTP status code when error page is provided by dynamic handler. server.error-handler intercepts all HTTP status codes >= 400 except when the content is generated by a dynamic handler (cgi, ssi, fastcgi, scgi, proxy, lua). The request method is unconditionally changed to GET for the request to service the error handler, and the original request method is later restored (for logging purposes). request body from the original request, if present, is discarded. server.error-handler is somewhat similar to server.error-handler-404, but server.error-handler-404 is now deprecated, intercepts only 404 and 403 HTTP status codes, and returns 200 OK for static error pages, a source of confusion for some admins. On the other hand, the new server.error-handler, when set, will intercept all HTTP status error codes >= 400. server.error-handler takes precedence over server.error-handler-404 when both are set. NOTE: a major difference between server.error-handler and the now-deprecated server.error-handler-404 is that the values of the non-standard CGI environment variables REQUEST_URI and REDIRECT_URI have been swapped. Since REDIRECT_STATUS is the original HTTP status code, REDIRECT_URI is now the original request, and REQUEST_URI is the current request (e.g. the URI/URL to the error handler). The prior behavior -- which reversed REQUEST_URI and REDIRECT_URI values from those described above -- is preserved for server.error-handler-404. Additionally, REDIRECT_STATUS is now available to mod_magnet, which continues to have access to request.uri and request.orig_uri. See further discussion at https://redmine.lighttpd.net/issues/2702 and https://redmine.lighttpd.net/issues/1828 github: closes #36
6 years ago
buffer_free(s->error_handler_404);
buffer_free(s->errorfile_prefix);
buffer_free(s->socket_perms);
array_free(s->mimetypes);
free(s);
}
free(srv->config_storage);
srv->config_storage = NULL;
}
#define CLEAN(x) \
array_free(srv->x);
CLEAN(config_context);
CLEAN(config_touched);
CLEAN(status);
CLEAN(srvconf.upload_tempdirs);
#undef CLEAN
joblist_free(srv, srv->joblist);
fdwaitqueue_free(srv, srv->fdwaitqueue);
if (srv->stat_cache) {
stat_cache_free(srv->stat_cache);
}
array_free(srv->srvconf.modules);
array_free(srv->split_vals);
li_rand_cleanup();
free(srv);
}
[core] graceful restart with SIGUSR1 (fixes #2785) more consistent cleanup of resources at shutdown (e.g. upon error conditions) Notes: graceful restart with SIGUSR1 - not available if chroot()ed, oneshot mode, or if idle timeout occurs - preserve process id (pid) - preserve existing listen sockets - i.e. does not close old listen sockets from prior configs (even if old listen sockets no longer in the new config) (sockets may have been bound w/ root privileges no longer available) - will fail to add listen sockets from new config if privileges lighttpd configured to drop privileges to non-root user, and new listen socket attempts to bind to low-numbered port requiring root privileges. - will fail if listen sockets in new config conflict with any previous old listen sockets - These failure modes will result in lighttpd shutting down instead of graceful restart. These failure modes are not detectable with preflight checks ('lighttpd -tt -f lighttpd.conf') because the new instance of lighttpd running the preflight check does not known config state of n prior graceful restarts, or even the config state of the currently running lighttpd server. - due to lighttpd feature of optionally managing backends (e.g. fastcgi and scgi via "bin-path"), lighttpd must wait for all child processes to exit prior to restarting. Restarting new workers while old workers (and old backends) were still running would result in failure of restarted lighttpd process to be able to bind to sockets already in use by old backends (e.g. unix "socket" path) x-ref: "graceful restart with SIGUSR1" https://redmine.lighttpd.net/issues/2785
5 years ago
static void remove_pid_file(server *srv) {
if (pid_fd <= -2) return;
[core] graceful restart with SIGUSR1 (fixes #2785) more consistent cleanup of resources at shutdown (e.g. upon error conditions) Notes: graceful restart with SIGUSR1 - not available if chroot()ed, oneshot mode, or if idle timeout occurs - preserve process id (pid) - preserve existing listen sockets - i.e. does not close old listen sockets from prior configs (even if old listen sockets no longer in the new config) (sockets may have been bound w/ root privileges no longer available) - will fail to add listen sockets from new config if privileges lighttpd configured to drop privileges to non-root user, and new listen socket attempts to bind to low-numbered port requiring root privileges. - will fail if listen sockets in new config conflict with any previous old listen sockets - These failure modes will result in lighttpd shutting down instead of graceful restart. These failure modes are not detectable with preflight checks ('lighttpd -tt -f lighttpd.conf') because the new instance of lighttpd running the preflight check does not known config state of n prior graceful restarts, or even the config state of the currently running lighttpd server. - due to lighttpd feature of optionally managing backends (e.g. fastcgi and scgi via "bin-path"), lighttpd must wait for all child processes to exit prior to restarting. Restarting new workers while old workers (and old backends) were still running would result in failure of restarted lighttpd process to be able to bind to sockets already in use by old backends (e.g. unix "socket" path) x-ref: "graceful restart with SIGUSR1" https://redmine.lighttpd.net/issues/2785
5 years ago
if (!buffer_string_is_empty(srv->srvconf.pid_file) && 0 <= pid_fd) {
if (0 != ftruncate(pid_fd, 0)) {
log_error_write(srv, __FILE__, __LINE__, "sbds",
"ftruncate failed for:",
srv->srvconf.pid_file,
errno,
strerror(errno));
}
}
[core] graceful restart with SIGUSR1 (fixes #2785) more consistent cleanup of resources at shutdown (e.g. upon error conditions) Notes: graceful restart with SIGUSR1 - not available if chroot()ed, oneshot mode, or if idle timeout occurs - preserve process id (pid) - preserve existing listen sockets - i.e. does not close old listen sockets from prior configs (even if old listen sockets no longer in the new config) (sockets may have been bound w/ root privileges no longer available) - will fail to add listen sockets from new config if privileges lighttpd configured to drop privileges to non-root user, and new listen socket attempts to bind to low-numbered port requiring root privileges. - will fail if listen sockets in new config conflict with any previous old listen sockets - These failure modes will result in lighttpd shutting down instead of graceful restart. These failure modes are not detectable with preflight checks ('lighttpd -tt -f lighttpd.conf') because the new instance of lighttpd running the preflight check does not known config state of n prior graceful restarts, or even the config state of the currently running lighttpd server. - due to lighttpd feature of optionally managing backends (e.g. fastcgi and scgi via "bin-path"), lighttpd must wait for all child processes to exit prior to restarting. Restarting new workers while old workers (and old backends) were still running would result in failure of restarted lighttpd process to be able to bind to sockets already in use by old backends (e.g. unix "socket" path) x-ref: "graceful restart with SIGUSR1" https://redmine.lighttpd.net/issues/2785
5 years ago
if (0 <= pid_fd) {
close(pid_fd);
pid_fd = -1;
}
if (!buffer_string_is_empty(srv->srvconf.pid_file) &&
buffer_string_is_empty(srv->srvconf.changeroot)) {
if (0 != unlink(srv->srvconf.pid_file->ptr)) {
if (errno != EACCES && errno != EPERM) {
log_error_write(srv, __FILE__, __LINE__, "sbds",
"unlink failed for:",
srv->srvconf.pid_file,
errno,
strerror(errno));
}
}
}
}
static server_socket * server_oneshot_getsock(server *srv, sock_addr *cnt_addr) {
server_socket *srv_socket, *srv_socket_wild = NULL;
size_t i;
for (i = 0; i < srv->srv_sockets.used; ++i) {
srv_socket = srv->srv_sockets.ptr[i];
if (!sock_addr_is_port_eq(&srv_socket->addr,cnt_addr)) continue;
if (sock_addr_is_addr_eq(&srv_socket->addr,cnt_addr)) return srv_socket;
if (NULL != srv_socket_wild) continue;
if (sock_addr_is_addr_wildcard(&srv_socket->addr)) {
srv_socket_wild = srv_socket;
}
}
if (NULL != srv_socket_wild) {
return srv_socket_wild;
} else if (srv->srv_sockets.used) {
return srv->srv_sockets.ptr[0];
} else {
log_error_write(srv, __FILE__, __LINE__, "s", "no sockets configured");
return NULL;
}
}
static int server_oneshot_init(server *srv, int fd) {
/* Note: does not work with netcat due to requirement that fd be socket.
* STDOUT_FILENO was not saved earlier in startup, and that is to where
* netcat expects output to be sent. Since lighttpd expects connections
* to be sockets, con->fd is where output is sent; separate fds are not
* stored for input and output, but netcat has different fds for stdin
* and * stdout. To support netcat, would additionally need to avoid
* S_ISSOCK(), getsockname(), and getpeername() below, reconstructing
* addresses from environment variables:
* NCAT_LOCAL_ADDR NCAT_LOCAL_PORT
* NCAT_REMOTE_ADDR NCAT_REMOTE_PORT
* NCAT_PROTO
*/
connection *con;
server_socket *srv_socket;
sock_addr cnt_addr;
socklen_t cnt_len;
struct stat st;
if (0 != fstat(fd, &st)) {
log_error_write(srv, __FILE__, __LINE__, "ss", "fstat:", strerror(errno));
return 0;
}
if (!S_ISSOCK(st.st_mode)) {
/* require that fd is a socket
* (modules might expect STDIN_FILENO and STDOUT_FILENO opened to /dev/null) */
log_error_write(srv, __FILE__, __LINE__, "s", "lighttpd -1 stdin is not a socket");
return 0;
}
cnt_len = sizeof(cnt_addr);
if (0 != getsockname(fd, (struct sockaddr *)&cnt_addr, &cnt_len)) {
log_error_write(srv, __FILE__, __LINE__, "ss", "getsockname:", strerror(errno));
return 0;
}
srv_socket = server_oneshot_getsock(srv, &cnt_addr);
if (NULL == srv_socket) return 0;
cnt_len = sizeof(cnt_addr);
if (0 != getpeername(fd, (struct sockaddr *)&cnt_addr, &cnt_len)) {
log_error_write(srv, __FILE__, __LINE__, "ss", "getpeername:", strerror(errno));
return 0;
}
/*(must set flags; fd did not pass through fdevent accept() logic)*/
if (-1 == fdevent_fcntl_set_nb_cloexec(srv->ev, fd)) {
log_error_write(srv, __FILE__, __LINE__, "ss", "fcntl:", strerror(errno));
return 0;
}
if (sock_addr_get_family(&cnt_addr) != AF_UNIX) {
network_accept_tcp_nagle_disable(fd);
}
con = connection_accepted(srv, srv_socket, &cnt_addr, fd);
if (NULL == con) return 0;
connection_state_machine(srv, con);
return 1;
}
static void show_version (void) {
char *b = PACKAGE_DESC TEXT_SSL \
" - a light and fast webserver\n"
#ifdef NONREPRODUCIBLE_BUILD
"Build-Date: " __DATE__ " " __TIME__ "\n";
#endif
;
write_all(STDOUT_FILENO, b, strlen(b));
}
static void show_features (void) {
static const char features[] =
"\nFeatures:\n\n"
#ifdef HAVE_IPV6
"\t+ IPv6 support\n"
#else
"\t- IPv6 support\n"
#endif
#if defined HAVE_ZLIB_H && defined HAVE_LIBZ
"\t+ zlib support\n"
#else
"\t- zlib support\n"
#endif
#if defined HAVE_BZLIB_H && defined HAVE_LIBBZ2
"\t+ bzip2 support\n"
#else
"\t- bzip2 support\n"
#endif
#if defined(HAVE_CRYPT) || defined(HAVE_CRYPT_R) || defined(HAVE_LIBCRYPT)
"\t+ crypt support\n"
#else
"\t- crypt support\n"
#endif
#ifdef USE_SSL
"\t+ SSL support\n"
#else
"\t- SSL support\n"
#endif
#ifdef HAVE_LIBPCRE
"\t+ PCRE support\n"
#else
"\t- PCRE support\n"
#endif
#ifdef HAVE_MYSQL
"\t+ MySQL support\n"
#else
"\t- MySQL support\n"
#endif
#ifdef HAVE_PGSQL
"\t+ PgSQL support\n"
#else
"\t- PgSQL support\n"
#endif
#ifdef HAVE_DBI
"\t+ DBI support\n"
#else
"\t- DBI support\n"
#endif
#ifdef HAVE_KRB5
"\t+ Kerberos support\n"
#else
"\t- Kerberos support\n"
#endif
#if defined(HAVE_LDAP_H) && defined(HAVE_LBER_H) && defined(HAVE_LIBLDAP) && defined(HAVE_LIBLBER)
"\t+ LDAP support\n"
#else
"\t- LDAP support\n"
#endif
#ifdef USE_MEMCACHED
"\t+ memcached support\n"
#else
"\t- memcached support\n"
#endif
#ifdef HAVE_FAM_H
"\t+ FAM support\n"
#else
"\t- FAM support\n"
#endif
#ifdef HAVE_LUA_H
"\t+ LUA support\n"
#else
"\t- LUA support\n"
#endif
#ifdef HAVE_LIBXML_H
"\t+ xml support\n"
#else
"\t- xml support\n"
#endif
#ifdef HAVE_SQLITE3_H
"\t+ SQLite support\n"
#else
"\t- SQLite support\n"
#endif
#ifdef HAVE_GDBM_H
"\t+ GDBM support\n"
#else
"\t- GDBM support\n"
#endif
;
show_version();
printf("%s%s%s\n", fdevent_show_event_handlers(), network_write_show_handlers(), features);
}
static void show_help (void) {
char *b = PACKAGE_DESC TEXT_SSL
#ifdef NONREPRODUCIBLE_BUILD
" ("__DATE__ " " __TIME__ ")"
#endif
" - a light and fast webserver\n" \
"usage:\n" \
" -f <name> filename of the config-file\n" \
" -m <name> module directory (default: "LIBRARY_DIR")\n" \
" -i <secs> graceful shutdown after <secs> of inactivity\n" \
" -1 process single (one) request on stdin socket, then exit\n" \
" -p print the parsed config-file in internal form, and exit\n" \
" -t test config-file syntax, then exit\n" \
" -tt test config-file syntax, load and init modules, then exit\n" \
" -D don't go to background (default: go to background)\n" \
" -v show version\n" \
" -V show compile-time features\n" \
" -h show this help\n" \
"\n"
;
write_all(STDOUT_FILENO, b, strlen(b));
}
/**
* open the errorlog
*
* we have 4 possibilities:
* - stderr (default)
* - syslog
* - logfile
* - pipe
*
*/
static int log_error_open(server *srv) {
int errfd;
#ifdef HAVE_SYSLOG_H
/* perhaps someone wants to use syslog() */
int facility = -1;
if (!buffer_string_is_empty(srv->srvconf.syslog_facility)) {
static const struct facility_name_st {
const char *name;
int val;
} facility_names[] = {
{ "auth", LOG_AUTH }
#ifdef LOG_AUTHPRIV
,{ "authpriv", LOG_AUTHPRIV }
#endif
#ifdef LOG_CRON
,{ "cron", LOG_CRON }
#endif
,{ "daemon", LOG_DAEMON }
#ifdef LOG_FTP
,{ "ftp", LOG_FTP }
#endif
#ifdef LOG_KERN
,{ "kern", LOG_KERN }
#endif
#ifdef LOG_LPR