lighttpd 1.4.x
https://www.lighttpd.net/
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2098 lines
59 KiB
2098 lines
59 KiB
#include "first.h" |
|
|
|
#include "base.h" |
|
#include "buffer.h" |
|
#include "network.h" |
|
#include "log.h" |
|
#include "rand.h" |
|
#include "chunk.h" |
|
#include "h2.h" /* h2_send_1xx() */ |
|
#include "fdevent.h" |
|
#include "fdlog.h" |
|
#include "connections.h" |
|
#include "sock_addr.h" |
|
#include "stat_cache.h" |
|
#include "plugin.h" |
|
#include "plugin_config.h" /* config_plugin_value_tobool() */ |
|
#include "network_write.h" /* network_write_show_handlers() */ |
|
#include "reqpool.h" /* request_pool_init() request_pool_free() */ |
|
#include "response.h" /* http_response_send_1xx_cb_set() strftime_cache_reset() */ |
|
|
|
#ifdef HAVE_VERSIONSTAMP_H |
|
# include "versionstamp.h" |
|
#else |
|
# define REPO_VERSION "" |
|
#endif |
|
|
|
#define PACKAGE_DESC PACKAGE_NAME "/" PACKAGE_VERSION REPO_VERSION |
|
static const buffer default_server_tag = { CONST_STR_LEN(PACKAGE_DESC)+1, 0 }; |
|
|
|
#include <sys/types.h> |
|
#include <sys/stat.h> |
|
#include "sys-time.h" |
|
|
|
#include <string.h> |
|
#include <errno.h> |
|
#include <fcntl.h> |
|
#include <unistd.h> |
|
#include <stdlib.h> |
|
#include <signal.h> |
|
#include <locale.h> |
|
|
|
#include <stdio.h> |
|
|
|
#ifdef HAVE_GETOPT_H |
|
# include <getopt.h> |
|
#endif |
|
|
|
#ifdef HAVE_VALGRIND_VALGRIND_H |
|
# include <valgrind/valgrind.h> |
|
#endif |
|
|
|
#ifdef HAVE_PWD_H |
|
# include <grp.h> |
|
# include <pwd.h> |
|
#endif |
|
|
|
#ifdef HAVE_SYS_LOADAVG_H |
|
# include <sys/loadavg.h> |
|
#endif |
|
|
|
#ifdef HAVE_SYS_RESOURCE_H |
|
# include <sys/resource.h> |
|
#endif |
|
|
|
#ifdef HAVE_SYS_PRCTL_H |
|
# include <sys/prctl.h> |
|
#endif |
|
|
|
#ifdef HAVE_MALLOC_H |
|
#ifndef LIGHTTPD_STATIC |
|
#ifdef HAVE_DLFCN_H |
|
#include <dlfcn.h> |
|
#endif |
|
#endif |
|
#include <malloc.h> |
|
#if defined(HAVE_MALLOC_TRIM) |
|
static int(*malloc_trim_fn)(size_t); |
|
static size_t malloc_top_pad; |
|
#endif |
|
#endif |
|
|
|
#include "sys-crypto.h" |
|
#if defined(USE_OPENSSL_CRYPTO) \ |
|
|| defined(USE_MBEDTLS_CRYPTO) \ |
|
|| defined(USE_NSS_CRYPTO) \ |
|
|| defined(USE_GNUTLS_CRYPTO) \ |
|
|| defined(USE_WOLFTLS_CRYPTO) |
|
#define TEXT_SSL " (ssl)" |
|
#else |
|
#define TEXT_SSL |
|
#endif |
|
|
|
#ifndef __sgi |
|
/* IRIX doesn't like the alarm based time() optimization */ |
|
/* #define USE_ALARM */ |
|
#endif |
|
|
|
static int oneshot_fd = 0; |
|
static int oneshot_fdout = -1; |
|
static fdnode *oneshot_fdn = NULL; |
|
static int (*oneshot_read_cq)(connection *con, chunkqueue *cq, off_t max_bytes); |
|
static volatile int pid_fd = -2; |
|
static server_socket_array graceful_sockets; |
|
static server_socket_array inherited_sockets; |
|
static volatile sig_atomic_t graceful_restart = 0; |
|
static volatile sig_atomic_t graceful_shutdown = 0; |
|
static volatile sig_atomic_t srv_shutdown = 0; |
|
static volatile sig_atomic_t handle_sig_child = 0; |
|
static volatile sig_atomic_t handle_sig_alarm = 1; |
|
static volatile sig_atomic_t handle_sig_hup = 0; |
|
static int idle_limit = 0; |
|
|
|
#if defined(HAVE_SIGACTION) && defined(SA_SIGINFO) |
|
static volatile siginfo_t last_sigterm_info; |
|
static volatile siginfo_t last_sighup_info; |
|
|
|
static void sigaction_handler(int sig, siginfo_t *si, void *context) { |
|
static const siginfo_t empty_siginfo; |
|
UNUSED(context); |
|
|
|
if (!si) *(const siginfo_t **)&si = &empty_siginfo; |
|
|
|
switch (sig) { |
|
case SIGTERM: |
|
srv_shutdown = 1; |
|
last_sigterm_info = *si; |
|
break; |
|
case SIGUSR1: |
|
if (!graceful_shutdown) { |
|
graceful_restart = 1; |
|
graceful_shutdown = 1; |
|
last_sigterm_info = *si; |
|
} |
|
break; |
|
case SIGINT: |
|
if (graceful_shutdown) { |
|
if (2 == graceful_restart) |
|
graceful_restart = 1; |
|
else |
|
srv_shutdown = 1; |
|
} else { |
|
graceful_shutdown = 1; |
|
} |
|
last_sigterm_info = *si; |
|
|
|
break; |
|
case SIGALRM: |
|
handle_sig_alarm = 1; |
|
break; |
|
case SIGHUP: |
|
handle_sig_hup = 1; |
|
last_sighup_info = *si; |
|
break; |
|
case SIGCHLD: |
|
handle_sig_child = 1; |
|
break; |
|
} |
|
} |
|
#elif defined(HAVE_SIGNAL) || defined(HAVE_SIGACTION) |
|
static void signal_handler(int sig) { |
|
switch (sig) { |
|
case SIGTERM: srv_shutdown = 1; break; |
|
case SIGUSR1: |
|
if (!graceful_shutdown) { |
|
graceful_restart = 1; |
|
graceful_shutdown = 1; |
|
} |
|
break; |
|
case SIGINT: |
|
if (graceful_shutdown) { |
|
if (2 == graceful_restart) |
|
graceful_restart = 1; |
|
else |
|
srv_shutdown = 1; |
|
} else { |
|
graceful_shutdown = 1; |
|
} |
|
break; |
|
case SIGALRM: handle_sig_alarm = 1; break; |
|
case SIGHUP: handle_sig_hup = 1; break; |
|
case SIGCHLD: handle_sig_child = 1; break; |
|
} |
|
} |
|
#endif |
|
|
|
#ifdef HAVE_FORK |
|
static int daemonize(void) { |
|
int pipefd[2]; |
|
pid_t pid; |
|
#ifdef SIGTTOU |
|
signal(SIGTTOU, SIG_IGN); |
|
#endif |
|
#ifdef SIGTTIN |
|
signal(SIGTTIN, SIG_IGN); |
|
#endif |
|
#ifdef SIGTSTP |
|
signal(SIGTSTP, SIG_IGN); |
|
#endif |
|
|
|
if (pipe(pipefd) < 0) exit(-1); |
|
|
|
if (0 > (pid = fork())) exit(-1); |
|
|
|
if (0 < pid) { |
|
char buf; |
|
ssize_t bytes; |
|
|
|
close(pipefd[1]); |
|
/* parent waits for grandchild to be ready */ |
|
do { |
|
bytes = read(pipefd[0], &buf, sizeof(buf)); |
|
} while (bytes < 0 && EINTR == errno); |
|
close(pipefd[0]); |
|
|
|
if (bytes <= 0) { |
|
/* closed fd (without writing) == failure in grandchild */ |
|
fputs("daemonized server failed to start; check error log for details\n", stderr); |
|
exit(-1); |
|
} |
|
|
|
exit(0); |
|
} |
|
|
|
close(pipefd[0]); |
|
|
|
if (-1 == setsid()) exit(0); |
|
|
|
signal(SIGHUP, SIG_IGN); |
|
|
|
if (0 != fork()) exit(0); |
|
|
|
if (0 != chdir("/")) exit(0); |
|
|
|
fdevent_setfd_cloexec(pipefd[1]); |
|
return pipefd[1]; |
|
} |
|
#endif |
|
|
|
static int clockid_mono_coarse = 0; |
|
|
|
static unix_time64_t |
|
server_monotonic_secs (void) |
|
{ |
|
unix_timespec64_t ts; |
|
return (0 == log_clock_gettime(clockid_mono_coarse, &ts)) |
|
? ts.tv_sec |
|
: log_monotonic_secs; |
|
} |
|
|
|
static unix_time64_t |
|
server_epoch_secs (server * const srv) |
|
{ |
|
const unix_time64_t cur_ts = log_epoch_secs; |
|
const unix_time64_t new_ts = TIME64_CAST(time(NULL)); |
|
/* attempt to detect large clock jump */ |
|
if (new_ts < cur_ts || new_ts - cur_ts > 300) { /*(5 mins)*/ |
|
log_error(srv->errh, __FILE__, __LINE__, |
|
"warning: clock jumped %lld secs", |
|
(long long)((int64_t)new_ts - (int64_t)cur_ts)); |
|
data_unset * const du = (NULL != srv->srvconf.feature_flags) |
|
? array_get_data_unset(srv->srvconf.feature_flags, |
|
CONST_STR_LEN("server.clock-jump-restart")) |
|
: NULL; |
|
int delta = config_plugin_value_to_int32(du, 1800);/*(30 mins default)*/ |
|
if (delta && (new_ts > cur_ts ? new_ts-cur_ts : cur_ts-new_ts) > delta){ |
|
log_error(srv->errh, __FILE__, __LINE__, |
|
"attempting graceful restart in < ~5 seconds, else hard restart"); |
|
srv->graceful_expire_ts = log_monotonic_secs + 5; |
|
raise(SIGUSR1); |
|
} |
|
} |
|
return new_ts; |
|
} |
|
|
|
__attribute_cold__ |
|
__attribute_noinline__ |
|
static server *server_init(void) { |
|
server *srv = calloc(1, sizeof(*srv)); |
|
force_assert(srv); |
|
|
|
srv->tmp_buf = buffer_init(); |
|
|
|
strftime_cache_reset(); |
|
|
|
li_rand_reseed(); |
|
|
|
srv->startup_ts = log_epoch_secs = TIME64_CAST(time(NULL)); |
|
#ifdef HAVE_CLOCK_GETTIME |
|
unix_timespec64_t ts; |
|
UNUSED(&ts); |
|
#ifdef CLOCK_MONOTONIC_COARSE |
|
if (0 == log_clock_gettime(CLOCK_MONOTONIC_COARSE, &ts)) |
|
clockid_mono_coarse = CLOCK_MONOTONIC_COARSE; |
|
else |
|
#endif |
|
#ifdef CLOCK_MONOTONIC_RAW_APPROX |
|
if (0 == log_clock_gettime(CLOCK_MONOTONIC_RAW_APPROX, &ts)) |
|
clockid_mono_coarse = CLOCK_MONOTONIC_RAW_APPROX; |
|
else |
|
#endif |
|
#ifdef CLOCK_MONOTONIC_RAW |
|
if (0 == log_clock_gettime(CLOCK_MONOTONIC_RAW, &ts)) |
|
clockid_mono_coarse = CLOCK_MONOTONIC_RAW; |
|
else |
|
#endif |
|
clockid_mono_coarse = CLOCK_MONOTONIC; |
|
#endif |
|
log_monotonic_secs = server_monotonic_secs(); |
|
|
|
srv->errh = log_error_st_init(); |
|
|
|
config_init(srv); |
|
|
|
srv->request_env = plugins_call_handle_request_env; |
|
|
|
srv->loadavg[0] = 0.0; |
|
srv->loadavg[1] = 0.0; |
|
srv->loadavg[2] = 0.0; |
|
srv->stdin_fd = -1; |
|
|
|
log_con_jqueue = (connection *)(uintptr_t)&log_con_jqueue;/*(sentinel)*/ |
|
|
|
return srv; |
|
} |
|
|
|
__attribute_cold__ |
|
__attribute_noinline__ |
|
static void server_free(server *srv) { |
|
if (oneshot_fd > 0) { |
|
if (oneshot_fdn) { |
|
fdevent_fdnode_event_del(srv->ev, oneshot_fdn); |
|
fdevent_unregister(srv->ev, oneshot_fd); |
|
oneshot_fdn = NULL; |
|
} |
|
close(oneshot_fd); |
|
} |
|
if (oneshot_fdout >= 0) { |
|
close(oneshot_fdout); |
|
} |
|
if (srv->stdin_fd >= 0) { |
|
close(srv->stdin_fd); |
|
} |
|
|
|
buffer_free(srv->tmp_buf); |
|
|
|
fdevent_free(srv->ev); |
|
|
|
config_free(srv); |
|
|
|
stat_cache_free(); |
|
|
|
li_rand_cleanup(); |
|
chunkqueue_chunk_pool_free(); |
|
|
|
log_error_st_free(srv->errh); |
|
free(srv); |
|
} |
|
|
|
__attribute_cold__ |
|
__attribute_noinline__ |
|
static void remove_pid_file(server *srv) { |
|
if (pid_fd <= -2) return; |
|
if (srv->srvconf.pid_file && 0 <= pid_fd) { |
|
if (0 != ftruncate(pid_fd, 0)) { |
|
log_perror(srv->errh, __FILE__, __LINE__, |
|
"ftruncate failed for: %s", srv->srvconf.pid_file->ptr); |
|
} |
|
} |
|
if (0 <= pid_fd) { |
|
close(pid_fd); |
|
pid_fd = -1; |
|
} |
|
if (srv->srvconf.pid_file && !srv->srvconf.changeroot) { |
|
if (0 != unlink(srv->srvconf.pid_file->ptr)) { |
|
if (errno != EACCES && errno != EPERM) { |
|
log_perror(srv->errh, __FILE__, __LINE__, |
|
"unlink failed for: %s", srv->srvconf.pid_file->ptr); |
|
} |
|
} |
|
} |
|
} |
|
|
|
|
|
__attribute_cold__ |
|
static server_socket * server_oneshot_getsock(server *srv, sock_addr *cnt_addr) { |
|
server_socket *srv_socket, *srv_socket_wild = NULL; |
|
for (uint32_t i = 0; i < srv->srv_sockets.used; ++i) { |
|
srv_socket = srv->srv_sockets.ptr[i]; |
|
if (!sock_addr_is_port_eq(&srv_socket->addr,cnt_addr)) continue; |
|
if (sock_addr_is_addr_eq(&srv_socket->addr,cnt_addr)) return srv_socket; |
|
|
|
if (NULL != srv_socket_wild) continue; |
|
if (sock_addr_is_addr_wildcard(&srv_socket->addr)) { |
|
srv_socket_wild = srv_socket; |
|
} |
|
} |
|
|
|
if (NULL != srv_socket_wild) { |
|
return srv_socket_wild; |
|
} else if (srv->srv_sockets.used) { |
|
return srv->srv_sockets.ptr[0]; |
|
} else { |
|
log_error(srv->errh, __FILE__, __LINE__, "no sockets configured"); |
|
return NULL; |
|
} |
|
} |
|
|
|
|
|
static int server_oneshot_read_cq(connection *con, chunkqueue *cq, off_t max_bytes) { |
|
/* temporary set con->fd to oneshot_fd (fd input) rather than outshot_fdout |
|
* (lighttpd generally assumes operation on sockets, so this is a kludge) */ |
|
int fd = con->fd; |
|
con->fd = oneshot_fdn->fd; |
|
int rc = oneshot_read_cq(con, cq, max_bytes); |
|
con->fd = fd; |
|
|
|
/* note: optimistic reads (elsewhere) may or may not be enough to re-enable |
|
* read interest after FDEVENT_IN interest was paused for other reasons */ |
|
|
|
const int events = fdevent_fdnode_interest(oneshot_fdn); |
|
int n = con->is_readable > 0 ? 0 : FDEVENT_IN; |
|
if (events & FDEVENT_RDHUP) |
|
n |= FDEVENT_RDHUP; |
|
fdevent_fdnode_event_set(con->srv->ev, oneshot_fdn, n); |
|
return rc; |
|
} |
|
|
|
|
|
static handler_t server_oneshot_handle_fdevent(void *context, int revents) { |
|
connection *con = context; |
|
|
|
/* note: not sync'd with con->fdn or connection_set_fdevent_interest() */ |
|
int rdhup = 0; |
|
int n = fdevent_fdnode_interest(oneshot_fdn); |
|
if (revents & FDEVENT_IN) |
|
n &= ~FDEVENT_IN; |
|
request_st * const r = &con->request; |
|
if (r->state != CON_STATE_ERROR && (revents & (FDEVENT_HUP|FDEVENT_RDHUP))){ |
|
revents &= ~(FDEVENT_HUP|FDEVENT_RDHUP); |
|
/* copied and modified from connection_handle_fdevent() |
|
* fdevent_is_tcp_half_closed() will fail on pipe |
|
* and, besides, read end of pipes should treat POLLHUP as POLLRDHUP */ |
|
n &= ~(FDEVENT_IN|FDEVENT_RDHUP); |
|
rdhup = 1; |
|
} |
|
fdevent_fdnode_event_set(con->srv->ev, oneshot_fdn, n); |
|
|
|
fdnode * const fdn = con->fdn; /* fdn->ctx == con */ |
|
handler_t rc = ((fdevent_handler)NULL != fdn->handler) |
|
? (*fdn->handler)(con, revents) |
|
: HANDLER_FINISHED; |
|
|
|
if (rdhup) { |
|
r->conf.stream_request_body &= |
|
~(FDEVENT_STREAM_REQUEST_BUFMIN|FDEVENT_STREAM_REQUEST_POLLIN); |
|
r->conf.stream_request_body |= FDEVENT_STREAM_REQUEST_POLLRDHUP; |
|
r->conf.stream_request_body |= FDEVENT_STREAM_REQUEST_TCP_FIN; |
|
con->is_readable = 1; /*(can read 0 for end-of-stream)*/ |
|
if (chunkqueue_is_empty(con->read_queue)) r->keep_alive = 0; |
|
if (r->reqbody_length < -1) /*(transparent proxy mode; no more data)*/ |
|
r->reqbody_length = r->reqbody_queue.bytes_in; |
|
} |
|
|
|
return rc; |
|
} |
|
|
|
|
|
__attribute_cold__ |
|
static int server_oneshot_init_pipe(server *srv, int fdin, int fdout) { |
|
/* Note: attempt to work with netcat pipes though other code expects socket. |
|
* netcat has different fds (pipes) for stdin and stdout. To support |
|
* netcat, need to avoid S_ISSOCK(), getsockname(), and getpeername(), |
|
* reconstructing addresses from environment variables: |
|
* NCAT_LOCAL_ADDR NCAT_LOCAL_PORT |
|
* NCAT_REMOTE_ADDR NCAT_REMOTE_PORT |
|
* NCAT_PROTO (TCP, UDP, SCTP) |
|
*/ |
|
connection *con; |
|
const server_socket *srv_socket; |
|
sock_addr cnt_addr; |
|
|
|
/* detect if called from netcat or else fabricate localhost addrs */ |
|
const char * const ncat = |
|
getenv("NCAT_LOCAL_ADDR"); |
|
const char * const ncat_local_addr = |
|
ncat ? ncat : "127.0.0.1"; /*(fabricated)*/ |
|
const char * const ncat_local_port = |
|
ncat ? getenv("NCAT_LOCAL_PORT") : "80"; /*(fabricated)*/ |
|
const char * const ncat_remote_addr = |
|
ncat ? getenv("NCAT_REMOTE_ADDR") : "127.0.0.1"; /*(fabricated)*/ |
|
const char * const ncat_remote_port = |
|
ncat ? getenv("NCAT_REMOTE_PORT") : "48080"; /*(fabricated)*/ |
|
if (NULL == ncat_local_addr || NULL == ncat_local_port) return 0; |
|
if (NULL == ncat_remote_addr || NULL == ncat_remote_port) return 0; |
|
|
|
const int family = ncat && strchr(ncat_local_addr,':') ? AF_INET6 : AF_INET; |
|
unsigned short port; |
|
|
|
port = (unsigned short)strtol(ncat_local_port, NULL, 10); |
|
if (1 != sock_addr_inet_pton(&cnt_addr, ncat_local_addr, family, port)) { |
|
log_error(srv->errh, __FILE__, __LINE__, "invalid local addr"); |
|
return 0; |
|
} |
|
|
|
srv_socket = server_oneshot_getsock(srv, &cnt_addr); |
|
if (NULL == srv_socket) return 0; |
|
|
|
port = (unsigned short)strtol(ncat_remote_port, NULL, 10); |
|
if (1 != sock_addr_inet_pton(&cnt_addr, ncat_remote_addr, family, port)) { |
|
log_error(srv->errh, __FILE__, __LINE__, "invalid remote addr"); |
|
return 0; |
|
} |
|
|
|
/*(must set flags; fd did not pass through fdevent accept() logic)*/ |
|
if (-1 == fdevent_fcntl_set_nb_cloexec(fdin)) { |
|
log_perror(srv->errh, __FILE__, __LINE__, "fcntl()"); |
|
return 0; |
|
} |
|
if (-1 == fdevent_fcntl_set_nb_cloexec(fdout)) { |
|
log_perror(srv->errh, __FILE__, __LINE__, "fcntl()"); |
|
return 0; |
|
} |
|
|
|
con = connection_accepted(srv, srv_socket, &cnt_addr, fdout); |
|
if (NULL == con) return 0; |
|
|
|
/* note: existing routines assume socket, not pipe |
|
* connections.c:connection_read_cq() |
|
* uses recv() ifdef __WIN32 |
|
* passes S_IFSOCK to fdevent_ioctl_fionread() |
|
* (The routine could be copied and modified, if required) |
|
* This is unlikely to work if TLS is used over pipe since the SSL_CTX |
|
* is associated with the other end of the pipe. However, if using |
|
* pipes, using TLS is unexpected behavior. |
|
*/ |
|
|
|
/*assert(oneshot_fd == fdin);*/ |
|
oneshot_read_cq = con->network_read; |
|
con->network_read = server_oneshot_read_cq; |
|
oneshot_fdn = |
|
fdevent_register(srv->ev, fdin, server_oneshot_handle_fdevent, con); |
|
fdevent_fdnode_event_set(srv->ev, oneshot_fdn, FDEVENT_RDHUP); |
|
|
|
connection_state_machine(con); |
|
return 1; |
|
} |
|
|
|
|
|
__attribute_cold__ |
|
static int server_oneshot_init(server *srv, int fd) { |
|
connection *con; |
|
const server_socket *srv_socket; |
|
sock_addr cnt_addr; |
|
socklen_t cnt_len; |
|
|
|
cnt_len = sizeof(cnt_addr); |
|
if (0 != getsockname(fd, (struct sockaddr *)&cnt_addr, &cnt_len)) { |
|
log_perror(srv->errh, __FILE__, __LINE__, "getsockname()"); |
|
return 0; |
|
} |
|
|
|
srv_socket = server_oneshot_getsock(srv, &cnt_addr); |
|
if (NULL == srv_socket) return 0; |
|
|
|
#ifdef __clang_analyzer__ |
|
memset(&cnt_addr, 0, sizeof(cnt_addr)); |
|
#endif |
|
cnt_len = sizeof(cnt_addr); |
|
if (0 != getpeername(fd, (struct sockaddr *)&cnt_addr, &cnt_len)) { |
|
log_perror(srv->errh, __FILE__, __LINE__, "getpeername()"); |
|
return 0; |
|
} |
|
|
|
/*(must set flags; fd did not pass through fdevent accept() logic)*/ |
|
if (-1 == fdevent_fcntl_set_nb_cloexec(fd)) { |
|
log_perror(srv->errh, __FILE__, __LINE__, "fcntl()"); |
|
return 0; |
|
} |
|
|
|
if (sock_addr_get_family(&cnt_addr) != AF_UNIX) { |
|
network_accept_tcp_nagle_disable(fd); |
|
} |
|
|
|
con = connection_accepted(srv, srv_socket, &cnt_addr, fd); |
|
if (NULL == con) return 0; |
|
|
|
connection_state_machine(con); |
|
return 1; |
|
} |
|
|
|
|
|
__attribute_cold__ |
|
static void show_version (void) { |
|
char *b = PACKAGE_DESC TEXT_SSL \ |
|
" - a light and fast webserver\n" |
|
#ifdef NONREPRODUCIBLE_BUILD |
|
"Build-Date: " __DATE__ " " __TIME__ "\n"; |
|
#endif |
|
; |
|
write_all(STDOUT_FILENO, b, strlen(b)); |
|
} |
|
|
|
__attribute_cold__ |
|
static void show_features (void) { |
|
static const char features[] = |
|
"\nFeatures:\n\n" |
|
#ifdef HAVE_IPV6 |
|
"\t+ IPv6 support\n" |
|
#else |
|
"\t- IPv6 support\n" |
|
#endif |
|
#if defined HAVE_ZLIB_H && defined HAVE_LIBZ |
|
"\t+ zlib support\n" |
|
#else |
|
"\t- zlib support\n" |
|
#endif |
|
#if defined HAVE_ZSTD_H && defined HAVE_ZSTD |
|
"\t+ zstd support\n" |
|
#else |
|
"\t- zstd support\n" |
|
#endif |
|
#if defined HAVE_BZLIB_H && defined HAVE_LIBBZ2 |
|
"\t+ bzip2 support\n" |
|
#else |
|
"\t- bzip2 support\n" |
|
#endif |
|
#if defined HAVE_BROTLI_ENCODE_H && defined HAVE_BROTLI |
|
"\t+ brotli support\n" |
|
#else |
|
"\t- brotli support\n" |
|
#endif |
|
#if defined(HAVE_CRYPT) || defined(HAVE_CRYPT_R) || defined(HAVE_LIBCRYPT) |
|
"\t+ crypt support\n" |
|
#else |
|
"\t- crypt support\n" |
|
#endif |
|
#ifdef USE_OPENSSL_CRYPTO |
|
"\t+ OpenSSL support\n" |
|
#else |
|
"\t- OpenSSL support\n" |
|
#endif |
|
#ifdef USE_MBEDTLS_CRYPTO |
|
"\t+ mbedTLS support\n" |
|
#else |
|
"\t- mbedTLS support\n" |
|
#endif |
|
#ifdef USE_NSS_CRYPTO |
|
"\t+ NSS crypto support\n" |
|
#else |
|
"\t- NSS crypto support\n" |
|
#endif |
|
#ifdef USE_GNUTLS_CRYPTO |
|
"\t+ GnuTLS support\n" |
|
#else |
|
"\t- GnuTLS support\n" |
|
#endif |
|
#ifdef USE_WOLFSSL_CRYPTO |
|
"\t+ WolfSSL support\n" |
|
#else |
|
"\t- WolfSSL support\n" |
|
#endif |
|
#ifdef USE_NETTLE_CRYPTO |
|
"\t+ Nettle support\n" |
|
#else |
|
"\t- Nettle support\n" |
|
#endif |
|
#ifdef HAVE_LIBPCRE |
|
"\t+ PCRE support\n" |
|
#else |
|
"\t- PCRE support\n" |
|
#endif |
|
#ifdef HAVE_MYSQL |
|
"\t+ MySQL support\n" |
|
#else |
|
"\t- MySQL support\n" |
|
#endif |
|
#ifdef HAVE_PGSQL |
|
"\t+ PgSQL support\n" |
|
#else |
|
"\t- PgSQL support\n" |
|
#endif |
|
#ifdef HAVE_DBI |
|
"\t+ DBI support\n" |
|
#else |
|
"\t- DBI support\n" |
|
#endif |
|
#ifdef HAVE_KRB5 |
|
"\t+ Kerberos support\n" |
|
#else |
|
"\t- Kerberos support\n" |
|
#endif |
|
#if defined(HAVE_LDAP_H) && defined(HAVE_LBER_H) && defined(HAVE_LIBLDAP) && defined(HAVE_LIBLBER) |
|
"\t+ LDAP support\n" |
|
#else |
|
"\t- LDAP support\n" |
|
#endif |
|
#ifdef HAVE_PAM |
|
"\t+ PAM support\n" |
|
#else |
|
"\t- PAM support\n" |
|
#endif |
|
#ifdef USE_MEMCACHED |
|
"\t+ memcached support\n" |
|
#else |
|
"\t- memcached support\n" |
|
#endif |
|
#ifdef HAVE_FAM_H |
|
"\t+ FAM support\n" |
|
#else |
|
"\t- FAM support\n" |
|
#endif |
|
#ifdef HAVE_LUA_H |
|
"\t+ LUA support\n" |
|
#else |
|
"\t- LUA support\n" |
|
#endif |
|
#ifdef HAVE_LIBXML_H |
|
"\t+ xml support\n" |
|
#else |
|
"\t- xml support\n" |
|
#endif |
|
#ifdef HAVE_SQLITE3_H |
|
"\t+ SQLite support\n" |
|
#else |
|
"\t- SQLite support\n" |
|
#endif |
|
#ifdef HAVE_GDBM_H |
|
"\t+ GDBM support\n" |
|
#else |
|
"\t- GDBM support\n" |
|
#endif |
|
; |
|
show_version(); |
|
printf("%s%s%s%s\n", |
|
fdevent_show_event_handlers(), |
|
network_write_show_handlers(), |
|
features, |
|
sizeof(time_t) > 4 || (sizeof(time_t) == 4 && (time_t)-1 > (time_t)1) |
|
? "\t+ Y2038 support\n" |
|
: "\t- Y2038 support (unsafe 32-bit signed time_t)\n"); |
|
} |
|
|
|
__attribute_cold__ |
|
static void show_help (void) { |
|
char *b = PACKAGE_DESC TEXT_SSL |
|
#ifdef NONREPRODUCIBLE_BUILD |
|
" ("__DATE__ " " __TIME__ ")" |
|
#endif |
|
" - a light and fast webserver\n" \ |
|
"usage:\n" \ |
|
" -f <name> filename of the config-file\n" \ |
|
" -m <name> module directory (default: "LIBRARY_DIR")\n" \ |
|
" -i <secs> graceful shutdown after <secs> of inactivity\n" \ |
|
" -1 process single (one) request on stdin socket, then exit\n" \ |
|
" -p print the parsed config-file in internal form, and exit\n" \ |
|
" -t test config-file syntax, then exit\n" \ |
|
" -tt test config-file syntax, load and init modules, then exit\n" \ |
|
" -D don't go to background (default: go to background)\n" \ |
|
" -v show version\n" \ |
|
" -V show compile-time features\n" \ |
|
" -h show this help\n" \ |
|
"\n" |
|
; |
|
write_all(STDOUT_FILENO, b, strlen(b)); |
|
} |
|
|
|
__attribute_cold__ |
|
__attribute_noinline__ |
|
static void server_sockets_save (server *srv) { /* graceful_restart */ |
|
for (uint32_t i = 0; i < srv->srv_sockets.used; ++i) |
|
srv->srv_sockets.ptr[i]->srv = NULL; /* srv will shortly be invalid */ |
|
for (uint32_t i = 0; i < srv->srv_sockets_inherited.used; ++i) |
|
srv->srv_sockets_inherited.ptr[i]->srv = NULL; /* srv to be invalid */ |
|
memcpy(&graceful_sockets, &srv->srv_sockets, sizeof(server_socket_array)); |
|
memset(&srv->srv_sockets, 0, sizeof(server_socket_array)); |
|
memcpy(&inherited_sockets, &srv->srv_sockets_inherited, sizeof(server_socket_array)); |
|
memset(&srv->srv_sockets_inherited, 0, sizeof(server_socket_array)); |
|
} |
|
|
|
__attribute_cold__ |
|
__attribute_noinline__ |
|
static void server_sockets_restore (server *srv) { /* graceful_restart */ |
|
memcpy(&srv->srv_sockets, &graceful_sockets, sizeof(server_socket_array)); |
|
memset(&graceful_sockets, 0, sizeof(server_socket_array)); |
|
memcpy(&srv->srv_sockets_inherited, &inherited_sockets, sizeof(server_socket_array)); |
|
memset(&inherited_sockets, 0, sizeof(server_socket_array)); |
|
for (uint32_t i = 0; i < srv->srv_sockets.used; ++i) |
|
srv->srv_sockets.ptr[i]->srv = srv; /* update ptr */ |
|
for (uint32_t i = 0; i < srv->srv_sockets_inherited.used; ++i) |
|
srv->srv_sockets_inherited.ptr[i]->srv = srv; /* update ptr */ |
|
} |
|
|
|
__attribute_cold__ |
|
static int server_sockets_set_nb_cloexec (server *srv) { |
|
if (srv->sockets_disabled) return 0; /* lighttpd -1 (one-shot mode) */ |
|
for (uint32_t i = 0; i < srv->srv_sockets.used; ++i) { |
|
server_socket *srv_socket = srv->srv_sockets.ptr[i]; |
|
if (-1 == fdevent_fcntl_set_nb_cloexec_sock(srv_socket->fd)) { |
|
log_perror(srv->errh, __FILE__, __LINE__, "fcntl()"); |
|
return -1; |
|
} |
|
} |
|
return 0; |
|
} |
|
|
|
__attribute_cold__ |
|
static void server_sockets_set_event (server *srv, int event) { |
|
for (uint32_t i = 0; i < srv->srv_sockets.used; ++i) { |
|
server_socket *srv_socket = srv->srv_sockets.ptr[i]; |
|
fdevent_fdnode_event_set(srv->ev, srv_socket->fdn, event); |
|
} |
|
} |
|
|
|
__attribute_cold__ |
|
static void server_sockets_unregister (server *srv) { |
|
if (2 == srv->sockets_disabled) return; |
|
srv->sockets_disabled = 2; |
|
for (uint32_t i = 0; i < srv->srv_sockets.used; ++i) |
|
network_unregister_sock(srv, srv->srv_sockets.ptr[i]); |
|
} |
|
|
|
__attribute_cold__ |
|
static void server_sockets_close (server *srv) { |
|
/* closing socket right away will make it possible for the next lighttpd |
|
* to take over (old-style graceful restart), but only if backends |
|
* (e.g. fastcgi, scgi, etc) are independent from lighttpd, rather |
|
* than started by lighttpd via "bin-path") |
|
*/ |
|
if (3 == srv->sockets_disabled) return; |
|
for (uint32_t i = 0; i < srv->srv_sockets.used; ++i) { |
|
server_socket *srv_socket = srv->srv_sockets.ptr[i]; |
|
if (-1 == srv_socket->fd) continue; |
|
if (2 != srv->sockets_disabled) network_unregister_sock(srv,srv_socket); |
|
close(srv_socket->fd); |
|
srv_socket->fd = -1; |
|
/* network_close() will cleanup after us */ |
|
} |
|
srv->sockets_disabled = 3; |
|
} |
|
|
|
__attribute_cold__ |
|
static void server_graceful_signal_prev_generation (void) |
|
{ |
|
const char * const prev_gen = getenv("LIGHTTPD_PREV_GEN"); |
|
if (NULL == prev_gen) return; |
|
pid_t pid = (pid_t)strtol(prev_gen, NULL, 10); |
|
unsetenv("LIGHTTPD_PREV_GEN"); |
|
if (pid <= 0) return; /*(should not happen)*/ |
|
if (pid == fdevent_waitpid(pid,NULL,1)) return; /*(pid exited; unexpected)*/ |
|
kill(pid, SIGINT); /* signal previous generation for graceful shutdown */ |
|
} |
|
|
|
__attribute_cold__ |
|
static int server_graceful_state_bg (server *srv) { |
|
/*assert(graceful_restart);*/ |
|
/*(SIGUSR1 set to SIG_IGN in workers, so should not reach here if worker)*/ |
|
if (srv_shutdown) return 0; |
|
if (NULL == srv->srvconf.feature_flags) return 0; |
|
|
|
/* check if server should fork and background (bg) itself |
|
* to continue processing requests already in progress */ |
|
data_unset * const du = |
|
array_get_data_unset(srv->srvconf.feature_flags, |
|
CONST_STR_LEN("server.graceful-restart-bg")); |
|
if (!config_plugin_value_tobool(du, 0)) return 0; |
|
|
|
/*(set flag to false to avoid repeating)*/ |
|
if (du->type == TYPE_STRING) |
|
buffer_copy_string_len(&((data_string *)du)->value, |
|
CONST_STR_LEN("false")); |
|
else /* (du->type == TYPE_INTEGER) */ |
|
((data_integer *)du)->value = 0; |
|
|
|
/* require exec'd via absolute path or daemon in foreground |
|
* and exec'd with path containing '/' (e.g. "./xxxxx") */ |
|
char ** const argv = srv->argv; |
|
if (0 == srv->srvconf.dont_daemonize |
|
? argv[0][0] != '/' |
|
: NULL == strchr(argv[0], '/')) return 0; |
|
|
|
#if 0 |
|
/* disabled; not fully implemented |
|
* srv->srvconf.systemd_socket_activation might be cleared in network_init() |
|
* leading to issuing a false warning |
|
*/ |
|
/* warn if server.systemd-socket-activation not enabled |
|
* (While this warns on existing config rather than new config, |
|
* it is probably a decent predictor for presence in new config) */ |
|
if (!srv->srvconf.systemd_socket_activation) |
|
log_error(srv->errh, __FILE__, __LINE__, |
|
"[note] server.systemd-socket-activation not enabled; " |
|
"listen sockets will be closed and reopened"); |
|
#endif |
|
|
|
/* flush log buffers to avoid potential duplication of entries |
|
* server_handle_sighup(srv) does the following, but skip logging */ |
|
plugins_call_handle_sighup(srv); |
|
config_log_error_cycle(srv); |
|
|
|
/* backgrounding to continue processing requests in progress */ |
|
/* re-exec lighttpd in original process |
|
* Note: using path in re-exec is portable and allows lighttpd upgrade. |
|
* OTOH, getauxval() AT_EXECFD and fexecve() could be used on Linux to |
|
* re-exec without access to original executable on disk, which might be |
|
* desirable in some situations, but is not implemented here. |
|
* Alternatively, if argv[] was not available, could use readlink() on |
|
* /proc/self/exe (Linux-specific), though there are ways on many other |
|
* platforms to achieve the same: |
|
* https://stackoverflow.com/questions/1023306/finding-current-executables-path-without-proc-self-exe |
|
*/ |
|
#if defined(HAVE_KQUEUE) |
|
#if defined(__FreeBSD__) || defined(__DragonFly__) |
|
/*(must *exclude* rfork RFFDG flag for kqueue to work across rfork)*/ |
|
pid_t pid = rfork(RFPROC); |
|
#else |
|
pid_t pid = -1; |
|
if (pid < 0) { |
|
/* kqueue is not inherited across fork |
|
* future: fdevent kqueue and stat_cache kqueue would need to be closed, |
|
* re-opened, and active fds re-registered. Not current done. |
|
* Need to create some routines like fdevent_reinit_after_fork*/ |
|
log_error(srv->errh, __FILE__, __LINE__, |
|
"server.graceful-restart-bg ignored on OpenBSD and NetBSD " |
|
"due to limitation in kqueue inheritance and lacking rfork"); |
|
return 0; |
|
} |
|
#endif |
|
#else |
|
pid_t pid = fork(); |
|
#endif |
|
if (pid) { /* original process */ |
|
if (pid < 0) return 0; |
|
network_socket_activation_to_env(srv); |
|
/* save pid of original server in environment so that it can be |
|
* signalled by restarted server once restarted server is ready |
|
* to accept new connections */ |
|
server_graceful_signal_prev_generation();/*(expect no prev gen active)*/ |
|
if (0 == srv->srvconf.max_worker) { |
|
buffer * const tb = srv->tmp_buf; |
|
buffer_clear(tb); |
|
buffer_append_int(tb, pid); |
|
setenv("LIGHTTPD_PREV_GEN", tb->ptr, 1); |
|
} |
|
/*fdevent_waitpid(pid, NULL, 0);*//* detach? */ |
|
execv(argv[0], argv); |
|
_exit(1); |
|
} |
|
/* else child/grandchild */ |
|
|
|
/*if (-1 == setsid()) _exit(1);*//* should we detach? */ |
|
/* Note: restarted server will fail with socket-in-use error if |
|
* server.systemd-socket-activation not enabled in restarted server */ |
|
if (0 != srv->srvconf.max_worker) |
|
server_sockets_close(srv);/*(close before parent reaps pid in waitpid)*/ |
|
/*if (0 != fork()) _exit(0);*//* should we detach? */ |
|
/*(grandchild is now backgrounded and detached from original process)*/ |
|
|
|
/* XXX: might extend code to have new server.feature-flags param specify |
|
* max lifetime before aborting remaining connections */ |
|
|
|
/* (reached if lighttpd workers or if sole process w/o workers) |
|
* use same code as comment elsewhere in server.c: |
|
* make sure workers do not muck with pid-file */ |
|
if (0 <= pid_fd) { |
|
close(pid_fd); |
|
pid_fd = -1; |
|
} |
|
if (srv->srvconf.pid_file) buffer_clear(srv->srvconf.pid_file); |
|
|
|
/* (original process is backgrounded -- even if no active connections -- |
|
* to allow graceful shutdown tasks to be run by server and by modules) */ |
|
log_error(srv->errh, __FILE__, __LINE__, |
|
"[note] pid %lld continuing to handle %u connection(s) in progress", |
|
(long long)getpid(), srv->srvconf.max_conns - srv->lim_conns); |
|
|
|
if (0 == srv->srvconf.max_worker) { |
|
/* reset graceful_shutdown; wait for signal from restarted server */ |
|
srv->graceful_expire_ts = 0; |
|
graceful_shutdown = 0; |
|
} |
|
graceful_restart = 0; |
|
return 1; |
|
} |
|
|
|
__attribute_cold__ |
|
__attribute_noinline__ |
|
static void server_graceful_shutdown_maint (server *srv) { |
|
if (oneshot_fd) { |
|
/* permit keep-alive on one-shot connections until graceful_expire_ts */ |
|
if (!srv->graceful_expire_ts) return; |
|
if (srv->graceful_expire_ts >= log_monotonic_secs) return; |
|
} |
|
connection_graceful_shutdown_maint(srv); |
|
} |
|
|
|
__attribute_cold__ |
|
__attribute_noinline__ |
|
static void server_graceful_state (server *srv) { |
|
|
|
if (!srv_shutdown) { |
|
if (0 == srv->graceful_expire_ts && srv->srvconf.feature_flags) { |
|
const data_unset * const du = |
|
array_get_element_klen(srv->srvconf.feature_flags, |
|
CONST_STR_LEN("server.graceful-shutdown-timeout")); |
|
srv->graceful_expire_ts = config_plugin_value_to_int32(du, 0); |
|
if (srv->graceful_expire_ts) |
|
srv->graceful_expire_ts += log_monotonic_secs; |
|
} |
|
server_graceful_shutdown_maint(srv); |
|
} |
|
|
|
if (2 == srv->sockets_disabled || 3 == srv->sockets_disabled) { |
|
if (oneshot_fd) graceful_restart = 0; |
|
return; |
|
} |
|
|
|
log_error(srv->errh,__FILE__,__LINE__,"[note] graceful shutdown started"); |
|
|
|
/* no graceful restart if chroot()ed, if oneshot mode, or if idle timeout */ |
|
if (srv->srvconf.changeroot || oneshot_fd || 2 == graceful_shutdown) |
|
graceful_restart = 0; |
|
|
|
if (graceful_restart) { |
|
if (!server_graceful_state_bg(srv)) |
|
server_sockets_unregister(srv); |
|
if (pid_fd > 0) pid_fd = -pid_fd; /*(flag to skip removing pid file)*/ |
|
} |
|
else { |
|
server_sockets_close(srv); |
|
remove_pid_file(srv); |
|
/*(prevent more removal attempts)*/ |
|
if (srv->srvconf.pid_file) buffer_clear(srv->srvconf.pid_file); |
|
} |
|
} |
|
|
|
__attribute_cold__ |
|
__attribute_noinline__ |
|
static void server_sockets_enable (server *srv) { |
|
server_sockets_set_event(srv, FDEVENT_IN); |
|
srv->sockets_disabled = 0; |
|
log_error(srv->errh, __FILE__, __LINE__, "[note] sockets enabled again"); |
|
} |
|
|
|
__attribute_cold__ |
|
__attribute_noinline__ |
|
static void server_sockets_disable (server *srv) { |
|
server_sockets_set_event(srv, 0); |
|
srv->sockets_disabled = 1; |
|
log_error(srv->errh, __FILE__, __LINE__, |
|
(0 == srv->lim_conns) |
|
? "[note] sockets disabled, connection limit reached" |
|
: "[note] sockets disabled, out-of-fds"); |
|
} |
|
|
|
__attribute_cold__ |
|
static void server_overload_check (server *srv) { |
|
if (srv->cur_fds < srv->max_fds_lowat && 0 != srv->lim_conns) |
|
server_sockets_enable(srv); |
|
} |
|
|
|
static void server_load_check (server *srv) { |
|
/* check if hit limits for num fds used or num connections */ |
|
if (srv->cur_fds > srv->max_fds_hiwat || 0 == srv->lim_conns) |
|
server_sockets_disable(srv); |
|
} |
|
|
|
__attribute_cold__ |
|
__attribute_noinline__ |
|
static int server_main_setup (server * const srv, int argc, char **argv) { |
|
int print_config = 0; |
|
int test_config = 0; |
|
int i_am_root = 0; |
|
int o; |
|
#ifdef HAVE_FORK |
|
int num_childs = 0; |
|
#endif |
|
uint32_t i; |
|
#ifdef HAVE_SIGACTION |
|
struct sigaction act; |
|
#endif |
|
|
|
#ifdef HAVE_FORK |
|
int parent_pipe_fd = -1; |
|
#endif |
|
|
|
#ifdef HAVE_GETUID |
|
i_am_root = (0 == getuid()); |
|
#endif |
|
|
|
/* initialize globals (including file-scoped static globals) */ |
|
oneshot_fd = 0; |
|
oneshot_fdout = -1; |
|
srv_shutdown = 0; |
|
graceful_shutdown = 0; |
|
handle_sig_alarm = 1; |
|
handle_sig_hup = 0; |
|
idle_limit = 0; |
|
chunkqueue_set_tempdirs_default_reset(); |
|
/*graceful_restart = 0;*//*(reset below to avoid further daemonizing)*/ |
|
/*(intentionally preserved)*/ |
|
/*memset(graceful_sockets, 0, sizeof(graceful_sockets));*/ |
|
/*memset(inherited_sockets, 0, sizeof(inherited_sockets));*/ |
|
/*pid_fd = -1;*/ |
|
srv->argv = argv; |
|
|
|
while(-1 != (o = getopt(argc, argv, "f:m:i:hvVD1pt"))) { |
|
switch(o) { |
|
case 'f': |
|
if (srv->config_data_base) { |
|
log_error(srv->errh, __FILE__, __LINE__, |
|
"Can only read one config file. Use the include command to use multiple config files."); |
|
return -1; |
|
} |
|
if (config_read(srv, optarg)) { |
|
return -1; |
|
} |
|
break; |
|
case 'm': |
|
buffer_copy_string(srv->srvconf.modules_dir, optarg); |
|
break; |
|
case 'i': { |
|
char *endptr; |
|
long timeout = strtol(optarg, &endptr, 0); |
|
if (!*optarg || *endptr || timeout < 0) { |
|
log_error(srv->errh, __FILE__, __LINE__, |
|
"Invalid idle timeout value: %s", optarg); |
|
return -1; |
|
} |
|
idle_limit = (int)timeout; |
|
break; |
|
} |
|
case 'p': print_config = 1; break; |
|
case 't': ++test_config; break; |
|
case '1': if (0 == oneshot_fd) oneshot_fd = dup(STDIN_FILENO); |
|
break; |
|
case 'D': srv->srvconf.dont_daemonize = 1; break; |
|
case 'v': show_version(); return 0; |
|
case 'V': show_features(); return 0; |
|
case 'h': show_help(); return 0; |
|
default: |
|
show_help(); |
|
return -1; |
|
} |
|
} |
|
|
|
#ifdef __CYGWIN__ |
|
if (!srv->config_data_base && NULL != getenv("NSSM_SERVICE_NAME")) { |
|
char *dir = getenv("NSSM_SERVICE_DIR"); |
|
if (NULL != dir && 0 != chdir(dir)) { |
|
log_perror(srv->errh, __FILE__, __LINE__, "chdir %s failed", dir); |
|
return -1; |
|
} |
|
srv->srvconf.dont_daemonize = 1; |
|
buffer_copy_string_len(srv->srvconf.modules_dir, CONST_STR_LEN("modules")); |
|
if (config_read(srv, "conf/lighttpd.conf")) return -1; |
|
} |
|
#endif |
|
|
|
if (!srv->config_data_base) { |
|
log_error(srv->errh, __FILE__, __LINE__, |
|
"No configuration available. Try using -f option."); |
|
return -1; |
|
} |
|
|
|
if (print_config) { |
|
config_print(srv); |
|
puts(srv->tmp_buf->ptr); |
|
} |
|
|
|
if (test_config) { |
|
if (srv->srvconf.pid_file) buffer_clear(srv->srvconf.pid_file); |
|
if (1 == test_config) { |
|
printf("Syntax OK\n"); |
|
} else { /*(test_config > 1)*/ |
|
test_config = 0; |
|
srv->srvconf.preflight_check = 1; |
|
srv->srvconf.dont_daemonize = 1; |
|
} |
|
} |
|
|
|
if (test_config || print_config) { |
|
return 0; |
|
} |
|
|
|
if (oneshot_fd) { |
|
if (oneshot_fd <= STDERR_FILENO) { |
|
log_error(srv->errh, __FILE__, __LINE__, |
|
"Invalid fds at startup with lighttpd -1"); |
|
return -1; |
|
} |
|
graceful_shutdown = 1; |
|
srv->sockets_disabled = 2; |
|
srv->srvconf.dont_daemonize = 1; |
|
if (srv->srvconf.pid_file) buffer_clear(srv->srvconf.pid_file); |
|
if (srv->srvconf.max_worker) { |
|
srv->srvconf.max_worker = 0; |
|
log_error(srv->errh, __FILE__, __LINE__, |
|
"server one-shot command line option disables server.max-worker config file option."); |
|
} |
|
|
|
struct stat st; |
|
if (0 != fstat(oneshot_fd, &st)) { |
|
log_perror(srv->errh, __FILE__, __LINE__, "fstat()"); |
|
return -1; |
|
} |
|
|
|
if (S_ISFIFO(st.st_mode)) { |
|
oneshot_fdout = dup(STDOUT_FILENO); |
|
if (oneshot_fdout <= STDERR_FILENO) { |
|
log_perror(srv->errh, __FILE__, __LINE__, "dup()"); |
|
return -1; |
|
} |
|
} |
|
else if (!S_ISSOCK(st.st_mode)) { |
|
/* require that fd is a socket |
|
* (modules might expect STDIN_FILENO and STDOUT_FILENO opened to /dev/null) */ |
|
log_error(srv->errh, __FILE__, __LINE__, |
|
"lighttpd -1 stdin is not a socket"); |
|
return -1; |
|
} |
|
} |
|
|
|
if (srv->srvconf.bindhost && buffer_is_equal_string(srv->srvconf.bindhost, CONST_STR_LEN("/dev/stdin"))) { |
|
if (-1 == srv->stdin_fd) |
|
srv->stdin_fd = dup(STDIN_FILENO); |
|
if (srv->stdin_fd <= STDERR_FILENO) { |
|
log_error(srv->errh, __FILE__, __LINE__, |
|
"Invalid fds at startup"); |
|
return -1; |
|
} |
|
} |
|
|
|
/* close stdin and stdout, as they are not needed */ |
|
{ |
|
struct stat st; |
|
int devnull; |
|
int errfd; |
|
do { |
|
/* coverity[overwrite_var : FALSE] */ |
|
devnull = fdevent_open_devnull(); |
|
#ifdef __COVERITY__ |
|
__coverity_escape__(devnull); |
|
#endif |
|
} while (-1 != devnull && devnull <= STDERR_FILENO); |
|
if (-1 == devnull) { |
|
log_perror(srv->errh, __FILE__, __LINE__, |
|
"opening /dev/null failed"); |
|
return -1; |
|
} |
|
errfd = (0 == fstat(STDERR_FILENO, &st)) ? -1 : devnull; |
|
if (0 != fdevent_set_stdin_stdout_stderr(devnull, devnull, errfd)) { |
|
log_perror(srv->errh, __FILE__, __LINE__, |
|
"setting default fds failed"); |
|
#ifdef FD_CLOEXEC |
|
if (-1 != errfd) close(errfd); |
|
if (devnull != errfd) close(devnull); |
|
#endif |
|
return -1; |
|
} |
|
#ifdef FD_CLOEXEC |
|
if (-1 != errfd) close(errfd); |
|
if (devnull != errfd) close(devnull); |
|
#endif |
|
} |
|
|
|
http_response_send_1xx_cb_set(NULL, HTTP_VERSION_2); |
|
if (srv->srvconf.feature_flags |
|
&& !config_plugin_value_tobool( |
|
array_get_element_klen(srv->srvconf.feature_flags, |
|
CONST_STR_LEN("server.h2-discard-backend-1xx")), 0)) |
|
http_response_send_1xx_cb_set(h2_send_1xx, |
|
HTTP_VERSION_2); |
|
|
|
http_response_send_1xx_cb_set(NULL, HTTP_VERSION_1_1); |
|
if (srv->srvconf.feature_flags |
|
&& !config_plugin_value_tobool( |
|
array_get_element_klen(srv->srvconf.feature_flags, |
|
CONST_STR_LEN("server.h1-discard-backend-1xx")), 0)) |
|
http_response_send_1xx_cb_set(connection_send_1xx, |
|
HTTP_VERSION_1_1); |
|
|
|
if (0 != config_set_defaults(srv)) { |
|
log_error(srv->errh, __FILE__, __LINE__, |
|
"setting default values failed"); |
|
return -1; |
|
} |
|
|
|
if (plugins_load(srv)) { |
|
log_error(srv->errh, __FILE__, __LINE__, |
|
"loading plugins finally failed"); |
|
return -1; |
|
} |
|
|
|
if (HANDLER_GO_ON != plugins_call_init(srv)) { |
|
log_error(srv->errh, __FILE__, __LINE__, |
|
"Initialization of plugins failed. Going down."); |
|
return -1; |
|
} |
|
|
|
/* mod_indexfile should be listed in server.modules prior to dynamic handlers */ |
|
i = 0; |
|
for (const char *pname = NULL; i < srv->plugins.used; ++i) { |
|
plugin *p = ((plugin **)srv->plugins.ptr)[i]; |
|
if (NULL != pname && 0 == strcmp(p->name, "indexfile")) { |
|
log_error(srv->errh, __FILE__, __LINE__, |
|
"Warning: mod_indexfile should be listed in server.modules prior to mod_%s", pname); |
|
break; |
|
} |
|
if (p->handle_subrequest_start && p->handle_subrequest) { |
|
if (!pname) pname = p->name; |
|
} |
|
} |
|
|
|
/* open pid file BEFORE chroot */ |
|
if (-2 == pid_fd) pid_fd = -1; /*(initial startup state)*/ |
|
if (-1 == pid_fd && srv->srvconf.pid_file) { |
|
const char *pidfile = srv->srvconf.pid_file->ptr; |
|
if (-1 == (pid_fd = fdevent_open_cloexec(pidfile, 0, O_WRONLY | O_CREAT | O_EXCL | O_TRUNC, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH))) { |
|
struct stat st; |
|
if (errno != EEXIST) { |
|
log_perror(srv->errh, __FILE__, __LINE__, |
|
"opening pid-file failed: %s", pidfile); |
|
return -1; |
|
} |
|
|
|
if (0 != stat(pidfile, &st)) { |
|
log_perror(srv->errh, __FILE__, __LINE__, |
|
"stating existing pid-file failed: %s", pidfile); |
|
} |
|
|
|
if (!S_ISREG(st.st_mode)) { |
|
log_error(srv->errh, __FILE__, __LINE__, |
|
"pid-file exists and isn't regular file: %s", pidfile); |
|
return -1; |
|
} |
|
|
|
if (-1 == (pid_fd = fdevent_open_cloexec(pidfile, 0, O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH))) { |
|
log_perror(srv->errh, __FILE__, __LINE__, |
|
"opening pid-file failed: %s", pidfile); |
|
return -1; |
|
} |
|
} |
|
} |
|
|
|
{ |
|
#ifdef HAVE_GETRLIMIT |
|
struct rlimit rlim = { 4096, 4096 }; |
|
int use_rlimit = 1; |
|
#ifdef HAVE_VALGRIND_VALGRIND_H |
|
if (RUNNING_ON_VALGRIND) use_rlimit = 0; |
|
#endif |
|
|
|
if (0 != getrlimit(RLIMIT_NOFILE, &rlim)) { |
|
log_perror(srv->errh, __FILE__, __LINE__, "getrlimit()"); |
|
use_rlimit = 0; |
|
} |
|
|
|
/** |
|
* if we are not root can can't increase the fd-limit above rlim_max, but we can reduce it |
|
*/ |
|
if (use_rlimit && srv->srvconf.max_fds |
|
&& (i_am_root || srv->srvconf.max_fds <= rlim.rlim_max)) { |
|
/* set rlimits */ |
|
|
|
rlim.rlim_cur = srv->srvconf.max_fds; |
|
if (i_am_root) rlim.rlim_max = srv->srvconf.max_fds; |
|
|
|
if (0 != setrlimit(RLIMIT_NOFILE, &rlim)) { |
|
log_perror(srv->errh, __FILE__, __LINE__, "setrlimit()"); |
|
return -1; |
|
} |
|
} |
|
|
|
/*(default upper limit of 4k if server.max-fds not specified)*/ |
|
if (0 == srv->srvconf.max_fds) |
|
srv->srvconf.max_fds = (rlim.rlim_cur <= 4096) |
|
? (unsigned short)rlim.rlim_cur |
|
: 4096; |
|
|
|
/* set core file rlimit, if enable_cores is set */ |
|
if (use_rlimit && srv->srvconf.enable_cores && getrlimit(RLIMIT_CORE, &rlim) == 0) { |
|
rlim.rlim_cur = rlim.rlim_max; |
|
setrlimit(RLIMIT_CORE, &rlim); |
|
} |
|
#endif |
|
} |
|
|
|
/* we need root-perms for port < 1024 */ |
|
if (0 != network_init(srv, srv->stdin_fd)) { |
|
return -1; |
|
} |
|
srv->stdin_fd = -1; |
|
|
|
if (i_am_root) { |
|
#ifdef HAVE_PWD_H |
|
/* set user and group */ |
|
struct group *grp = NULL; |
|
struct passwd *pwd = NULL; |
|
|
|
if (srv->srvconf.groupname) { |
|
if (NULL == (grp = getgrnam(srv->srvconf.groupname->ptr))) { |
|
log_error(srv->errh, __FILE__, __LINE__, |
|
"can't find groupname %s", srv->srvconf.groupname->ptr); |
|
return -1; |
|
} |
|
} |
|
|
|
if (srv->srvconf.username) { |
|
if (NULL == (pwd = getpwnam(srv->srvconf.username->ptr))) { |
|
log_error(srv->errh, __FILE__, __LINE__, |
|
"can't find username %s", srv->srvconf.username->ptr); |
|
return -1; |
|
} |
|
|
|
if (pwd->pw_uid == 0) { |
|
log_error(srv->errh, __FILE__, __LINE__, |
|
"I will not set uid to 0\n"); |
|
return -1; |
|
} |
|
|
|
if (NULL == grp && NULL == (grp = getgrgid(pwd->pw_gid))) { |
|
log_error(srv->errh, __FILE__, __LINE__, |
|
"can't find group id %d", (int)pwd->pw_gid); |
|
return -1; |
|
} |
|
} |
|
|
|
if (NULL != grp) { |
|
if (grp->gr_gid == 0) { |
|
log_error(srv->errh, __FILE__, __LINE__, |
|
"I will not set gid to 0\n"); |
|
return -1; |
|
} |
|
} |
|
|
|
/* |
|
* Change group before chroot, when we have access |
|
* to /etc/group |
|
* */ |
|
if (NULL != grp) { |
|
if (-1 == setgid(grp->gr_gid)) { |
|
log_perror(srv->errh, __FILE__, __LINE__, "setgid()"); |
|
return -1; |
|
} |
|
if (-1 == setgroups(0, NULL)) { |
|
log_perror(srv->errh, __FILE__, __LINE__, "setgroups()"); |
|
return -1; |
|
} |
|
if (srv->srvconf.username) { |
|
initgroups(srv->srvconf.username->ptr, grp->gr_gid); |
|
} |
|
} |
|
#endif |
|
#ifdef HAVE_CHROOT |
|
if (srv->srvconf.changeroot) { |
|
tzset(); |
|
|
|
if (-1 == chroot(srv->srvconf.changeroot->ptr)) { |
|
log_perror(srv->errh, __FILE__, __LINE__, "chroot()"); |
|
return -1; |
|
} |
|
if (-1 == chdir("/")) { |
|
log_perror(srv->errh, __FILE__, __LINE__, "chdir()"); |
|
return -1; |
|
} |
|
} |
|
#endif |
|
#ifdef HAVE_PWD_H |
|
/* drop root privs */ |
|
if (NULL != pwd) { |
|
if (-1 == setuid(pwd->pw_uid)) { |
|
log_perror(srv->errh, __FILE__, __LINE__, "setuid()"); |
|
return -1; |
|
} |
|
} |
|
#endif |
|
#if defined(HAVE_SYS_PRCTL_H) && defined(PR_SET_DUMPABLE) |
|
/** |
|
* on IRIX 6.5.30 they have prctl() but no DUMPABLE |
|
*/ |
|
if (srv->srvconf.enable_cores) { |
|
prctl(PR_SET_DUMPABLE, 1, 0, 0, 0); |
|
} |
|
#endif |
|
} |
|
|
|
#ifdef HAVE_FORK |
|
/* network is up, let's daemonize ourself */ |
|
if (0 == srv->srvconf.dont_daemonize && 0 == graceful_restart) { |
|
parent_pipe_fd = daemonize(); |
|
} |
|
#endif |
|
graceful_restart = 0;/*(reset here after avoiding further daemonizing)*/ |
|
if (0 == oneshot_fd) graceful_shutdown = 0; |
|
|
|
|
|
#ifdef HAVE_SIGACTION |
|
memset(&act, 0, sizeof(act)); |
|
act.sa_handler = SIG_IGN; |
|
sigaction(SIGPIPE, &act, NULL); |
|
# if defined(SA_SIGINFO) |
|
last_sighup_info.si_uid = 0, |
|
last_sighup_info.si_pid = 0; |
|
last_sigterm_info.si_uid = 0, |
|
last_sigterm_info.si_pid = 0; |
|
act.sa_sigaction = sigaction_handler; |
|
sigemptyset(&act.sa_mask); |
|
act.sa_flags = SA_SIGINFO; |
|
# else |
|
act.sa_handler = signal_handler; |
|
sigemptyset(&act.sa_mask); |
|
act.sa_flags = 0; |
|
# endif |
|
sigaction(SIGINT, &act, NULL); |
|
sigaction(SIGTERM, &act, NULL); |
|
sigaction(SIGHUP, &act, NULL); |
|
sigaction(SIGALRM, &act, NULL); |
|
sigaction(SIGUSR1, &act, NULL); |
|
|
|
/* it should be safe to restart syscalls after SIGCHLD */ |
|
act.sa_flags |= SA_RESTART | SA_NOCLDSTOP; |
|
sigaction(SIGCHLD, &act, NULL); |
|
|
|
#elif defined(HAVE_SIGNAL) |
|
/* ignore the SIGPIPE from sendfile() */ |
|
signal(SIGPIPE, SIG_IGN); |
|
signal(SIGALRM, signal_handler); |
|
signal(SIGTERM, signal_handler); |
|
signal(SIGHUP, signal_handler); |
|
signal(SIGCHLD, signal_handler); |
|
signal(SIGINT, signal_handler); |
|
signal(SIGUSR1, signal_handler); |
|
#endif |
|
|
|
|
|
srv->gid = getgid(); |
|
srv->uid = getuid(); |
|
srv->pid = getpid(); |
|
|
|
/* write pid file */ |
|
if (pid_fd > 2) { |
|
buffer * const tb = srv->tmp_buf; |
|
buffer_clear(tb); |
|
buffer_append_int(tb, srv->pid); |
|
buffer_append_string_len(tb, CONST_STR_LEN("\n")); |
|
if (-1 == write_all(pid_fd, BUF_PTR_LEN(tb))) { |
|
log_perror(srv->errh, __FILE__, __LINE__, "Couldn't write pid file"); |
|
close(pid_fd); |
|
pid_fd = -1; |
|
return -1; |
|
} |
|
} else if (pid_fd < -2) { |
|
pid_fd = -pid_fd; |
|
} |
|
|
|
/* Close stderr ASAP in the child process to make sure that nothing |
|
* is being written to that fd which may not be valid anymore. */ |
|
if (!srv->srvconf.preflight_check) { |
|
if (-1 == config_log_error_open(srv)) { |
|
log_error(srv->errh, __FILE__, __LINE__, "Opening errorlog failed. Going down."); |
|
return -1; |
|
} |
|
if (!oneshot_fd) |
|
log_error(srv->errh, __FILE__, __LINE__, "server started (" PACKAGE_DESC ")"); |
|
} |
|
|
|
if (HANDLER_GO_ON != plugins_call_set_defaults(srv)) { |
|
log_error(srv->errh, __FILE__, __LINE__, "Configuration of plugins failed. Going down."); |
|
return -1; |
|
} |
|
|
|
if (!config_finalize(srv, &default_server_tag)) { |
|
return -1; |
|
} |
|
|
|
if (srv->srvconf.preflight_check) { |
|
/*printf("Preflight OK");*//*(stdout reopened to /dev/null)*/ |
|
return 0; |
|
} |
|
|
|
|
|
#ifdef HAVE_FORK |
|
/** |
|
* notify daemonize-grandparent of successful startup |
|
* do this before any further forking is done (workers) |
|
*/ |
|
if (0 == srv->srvconf.dont_daemonize && -1 != parent_pipe_fd) { |
|
if (0 > write(parent_pipe_fd, "", 1)) return -1; |
|
close(parent_pipe_fd); |
|
} |
|
|
|
if (idle_limit && srv->srvconf.max_worker) { |
|
srv->srvconf.max_worker = 0; |
|
log_error(srv->errh, __FILE__, __LINE__, |
|
"server idle time limit command line option disables server.max-worker config file option."); |
|
} |
|
|
|
/* start watcher and workers */ |
|
num_childs = srv->srvconf.max_worker; |
|
if (num_childs > 0) { |
|
pid_t pids[num_childs]; |
|
pid_t pid; |
|
const int npids = num_childs; |
|
int child = 0; |
|
unsigned int timer = 0; |
|
for (int n = 0; n < npids; ++n) pids[n] = -1; |
|
server_graceful_signal_prev_generation(); |
|
while (!child && !srv_shutdown && !graceful_shutdown) { |
|
if (num_childs > 0) { |
|
switch ((pid = fork())) { |
|
case -1: |
|
return -1; |
|
case 0: |
|
child = 1; |
|
alarm(0); |
|
break; |
|
default: |
|
num_childs--; |
|
for (int n = 0; n < npids; ++n) { |
|
if (-1 == pids[n]) { |
|
pids[n] = pid; |
|
break; |
|
} |
|
} |
|
break; |
|
} |
|
} else { |
|
int status; |
|
|
|
if (-1 != (pid = fdevent_waitpid_intr(-1, &status))) { |
|
log_monotonic_secs = server_monotonic_secs(); |
|
log_epoch_secs = server_epoch_secs(srv); |
|
if (plugins_call_handle_waitpid(srv, pid, status) != HANDLER_GO_ON) { |
|
if (!timer) alarm((timer = 5)); |
|
continue; |
|
} |
|
switch (fdlog_pipes_waitpid_cb(pid)) { |
|
default: break; |
|
case -1: if (!timer) alarm((timer = 5)); |
|
__attribute_fallthrough__ |
|
case 1: continue; |
|
} |
|
/** |
|
* check if one of our workers went away |
|
*/ |
|
for (int n = 0; n < npids; ++n) { |
|
if (pid == pids[n]) { |
|
pids[n] = -1; |
|
num_childs++; |
|
break; |
|
} |
|
} |
|
} else { |
|
switch (errno) { |
|
case EINTR: |
|
log_monotonic_secs = server_monotonic_secs(); |
|
log_epoch_secs = server_epoch_secs(srv); |
|
/** |
|
* if we receive a SIGHUP we have to close our logs ourself as we don't |
|
* have the mainloop who can help us here |
|
*/ |
|
if (handle_sig_hup) { |
|
handle_sig_hup = 0; |
|
|
|
config_log_error_cycle(srv); |
|
|
|
/* forward SIGHUP to workers */ |
|
for (int n = 0; n < npids; ++n) { |
|
if (pids[n] > 0) kill(pids[n], SIGHUP); |
|
} |
|
} |
|
if (handle_sig_alarm) { |
|
handle_sig_alarm = 0; |
|
timer = 0; |
|
plugins_call_handle_trigger(srv); |
|
fdlog_pipes_restart(log_monotonic_secs); |
|
} |
|
break; |
|
default: |
|
break; |
|
} |
|
} |
|
} |
|
} |
|
|
|
/** |
|
* for the parent this is the exit-point |
|
*/ |
|
if (!child) { |
|
/** |
|
* kill all children too |
|
*/ |
|
if (graceful_shutdown || graceful_restart) { |
|
/* flag to ignore one SIGINT if graceful_restart */ |
|
if (graceful_restart) graceful_restart = 2; |
|
kill(0, SIGINT); |
|
server_graceful_state(srv); |
|
} else if (srv_shutdown) { |
|
kill(0, SIGTERM); |
|
} |
|
|
|
return 0; |
|
} |
|
|
|
/* ignore SIGUSR1 in workers; only parent directs graceful restart */ |
|
#ifdef HAVE_SIGACTION |
|
{ |
|
struct sigaction actignore; |
|
memset(&actignore, 0, sizeof(actignore)); |
|
actignore.sa_handler = SIG_IGN; |
|
sigaction(SIGUSR1, &actignore, NULL); |
|
} |
|
#elif defined(HAVE_SIGNAL) |
|
signal(SIGUSR1, SIG_IGN); |
|
#endif |
|
|
|
/** |
|
* make sure workers do not muck with pid-file |
|
*/ |
|
if (0 <= pid_fd) { |
|
close(pid_fd); |
|
pid_fd = -1; |
|
} |
|
if (srv->srvconf.pid_file) buffer_clear(srv->srvconf.pid_file); |
|
|
|
fdlog_pipes_abandon_pids(); |
|
srv->pid = getpid(); |
|
li_rand_reseed(); |
|
} |
|
#endif |
|
|
|
srv->max_fds = (int)srv->srvconf.max_fds; |
|
if (srv->max_fds < 32) /*(sanity check; not expected)*/ |
|
srv->max_fds = 32; /*(server load checks will fail if too low)*/ |
|
srv->ev = fdevent_init(srv->srvconf.event_handler, &srv->max_fds, &srv->cur_fds, srv->errh); |
|
if (NULL == srv->ev) { |
|
log_error(srv->errh, __FILE__, __LINE__, "fdevent_init failed"); |
|
return -1; |
|
} |
|
|
|
srv->max_fds_lowat = srv->max_fds * 8 / 10; |
|
srv->max_fds_hiwat = srv->max_fds * 9 / 10; |
|
|
|
/* set max-conns */ |
|
if (srv->srvconf.max_conns > srv->max_fds/2) { |
|
/* we can't have more connections than max-fds/2 */ |
|
log_error(srv->errh, __FILE__, __LINE__, |
|
"can't have more connections than fds/2: %hu %d", |
|
srv->srvconf.max_conns, srv->max_fds); |
|
srv->lim_conns = srv->srvconf.max_conns = srv->max_fds/2; |
|
} else if (srv->srvconf.max_conns) { |
|
/* otherwise respect the wishes of the user */ |
|
srv->lim_conns = srv->srvconf.max_conns; |
|
} else { |
|
/* or use the default: we really don't want to hit max-fds */ |
|
srv->lim_conns = srv->srvconf.max_conns = srv->max_fds/3; |
|
} |
|
|
|
/* libev backend overwrites our SIGCHLD handler and calls waitpid on SIGCHLD; we want our own SIGCHLD handling. */ |
|
#ifdef HAVE_SIGACTION |
|
sigaction(SIGCHLD, &act, NULL); |
|
#elif defined(HAVE_SIGNAL) |
|
signal(SIGCHLD, signal_handler); |
|
#endif |
|
|
|
/* |
|
* kqueue() is called here, select resets its internals, |
|
* all server sockets get their handlers |
|
* |
|
* */ |
|
if (0 != network_register_fdevents(srv)) { |
|
return -1; |
|
} |
|
|
|
/* might fail if user is using fam (not gamin) and famd isn't running */ |
|
if (!stat_cache_init(srv->ev, srv->errh)) { |
|
log_error(srv->errh, __FILE__, __LINE__, |
|
"stat-cache could not be setup, dying."); |
|
return -1; |
|
} |
|
|
|
#ifdef USE_ALARM |
|
{ |
|
/* setup periodic timer (1 second) */ |
|
struct itimerval interval; |
|
interval.it_interval.tv_sec = 1; |
|
interval.it_interval.tv_usec = 0; |
|
interval.it_value.tv_sec = 1; |
|
interval.it_value.tv_usec = 0; |
|
if (setitimer(ITIMER_REAL, &interval, NULL)) { |
|
log_perror(srv->errh, __FILE__, __LINE__, "setitimer()"); |
|
return -1; |
|
} |
|
} |
|
#endif |
|
|
|
/* get the current number of FDs */ |
|
{ |
|
int fd = fdevent_open_devnull(); |
|
if (fd >= 0) { |
|
srv->cur_fds = fd; |
|
close(fd); |
|
} |
|
} |
|
|
|
if (0 != server_sockets_set_nb_cloexec(srv)) { |
|
return -1; |
|
} |
|
|
|
/* plugin hook for worker_init */ |
|
if (HANDLER_GO_ON != plugins_call_worker_init(srv)) |
|
return -1; |
|
|
|
if (oneshot_fdout > 0) { |
|
if (server_oneshot_init_pipe(srv, oneshot_fd, oneshot_fdout)) { |
|
oneshot_fd = -1; |
|
oneshot_fdout = -1; |
|
} |
|
} |
|
else if (oneshot_fd && server_oneshot_init(srv, oneshot_fd)) { |
|
oneshot_fd = -1; |
|
} |
|
|
|
if (0 == srv->srvconf.max_worker) |
|
server_graceful_signal_prev_generation(); |
|
|
|
return 1; |
|
} |
|
|
|
__attribute_cold__ |
|
__attribute_noinline__ |
|
static void server_handle_sighup (server * const srv) { |
|
|
|
/* cycle logfiles */ |
|
|
|
plugins_call_handle_sighup(srv); |
|
|
|
config_log_error_cycle(srv); |
|
#ifdef HAVE_SIGACTION |
|
log_error(srv->errh, __FILE__, __LINE__, |
|
"logfiles cycled UID = %d PID = %d", |
|
(int)last_sighup_info.si_uid, |
|
(int)last_sighup_info.si_pid); |
|
#else |
|
log_error(srv->errh, __FILE__, __LINE__, |
|
"logfiles cycled"); |
|
#endif |
|
} |
|
|
|
__attribute_noinline__ |
|
static void server_handle_sigalrm (server * const srv, unix_time64_t mono_ts, unix_time64_t last_active_ts) { |
|
|
|
plugins_call_handle_trigger(srv); |
|
|
|
log_monotonic_secs = mono_ts; |
|
log_epoch_secs = server_epoch_secs(srv); |
|
|
|
/* check idle time limit, if enabled */ |
|
if (idle_limit && idle_limit < mono_ts - last_active_ts && !graceful_shutdown) { |
|
log_error(srv->errh, __FILE__, __LINE__, |
|
"[note] idle timeout %ds exceeded, " |
|
"initiating graceful shutdown", (int)idle_limit); |
|
graceful_shutdown = 2; /* value 2 indicates idle timeout */ |
|
if (graceful_restart) { |
|
graceful_restart = 0; |
|
if (pid_fd < -2) pid_fd = -pid_fd; |
|
server_sockets_close(srv); |
|
} |
|
} |
|
|
|
#ifdef HAVE_GETLOADAVG |
|
/* refresh loadavg data every 30 seconds */ |
|
if (srv->loadts + 30 < mono_ts) { |
|
if (-1 != getloadavg(srv->loadavg, 3)) { |
|
srv->loadts = mono_ts; |
|
} |
|
} |
|
#endif |
|
|
|
if (0 == (mono_ts & 0x3f)) { /*(once every 64 secs)*/ |
|
/* free excess chunkqueue buffers every 64 secs */ |
|
chunkqueue_chunk_pool_clear(); |
|
/* clear request and connection pools every 64 secs */ |
|
request_pool_free(); |
|
connections_pool_clear(srv); |
|
#if defined(HAVE_MALLOC_TRIM) |
|
if (malloc_trim_fn) malloc_trim_fn(malloc_top_pad); |
|
#endif |
|
/* attempt to restart dead piped loggers every 64 secs */ |
|
if (0 == srv->srvconf.max_worker) |
|
fdlog_pipes_restart(mono_ts); |
|
} |
|
/* cleanup stat-cache */ |
|
stat_cache_trigger_cleanup(); |
|
/* reset global/aggregate rate limit counters */ |
|
config_reset_config_bytes_sec(srv->config_data_base); |
|
/* if graceful_shutdown, accelerate cleanup of recently completed request/responses */ |
|
if (graceful_shutdown && !srv_shutdown) |
|
server_graceful_shutdown_maint(srv); |
|
connection_periodic_maint(srv, mono_ts); |
|
} |
|
|
|
__attribute_noinline__ |
|
static void server_handle_sigchld (server * const srv) { |
|
pid_t pid; |
|
do { |
|
int status; |
|
pid = fdevent_waitpid(-1, &status, 1); |
|
if (pid > 0) { |
|
if (plugins_call_handle_waitpid(srv, pid, status) != HANDLER_GO_ON) { |
|
continue; |
|
} |
|
if (0 == srv->srvconf.max_worker) { |
|
/* check piped-loggers and restart, even if shutting down */ |
|
if (fdlog_pipes_waitpid_cb(pid)) { |
|
continue; |
|
} |
|
} |
|
} |
|
} while (pid > 0 || (-1 == pid && errno == EINTR)); |
|
} |
|
|
|
__attribute_hot__ |
|
__attribute_nonnull__ |
|
static void server_run_con_queue (connection * const restrict joblist, const connection * const sentinel) { |
|
for (connection *con = joblist, *jqnext; con != sentinel; con = jqnext) { |
|
jqnext = con->jqnext; |
|
con->jqnext = NULL; |
|
connection_state_machine(con); |
|
} |
|
} |
|
|
|
__attribute_hot__ |
|
__attribute_noinline__ |
|
static void server_main_loop (server * const srv) { |
|
unix_time64_t last_active_ts = server_monotonic_secs(); |
|
log_epoch_secs = server_epoch_secs(srv); |
|
|
|
while (!srv_shutdown) { |
|
|
|
if (handle_sig_hup) { |
|
handle_sig_hup = 0; |
|
server_handle_sighup(srv); |
|
} |
|
|
|
/*(USE_ALARM not used; fdevent_poll() is effective periodic timer)*/ |
|
#ifdef USE_ALARM |
|
if (handle_sig_alarm) { |
|
handle_sig_alarm = 0; |
|
#endif |
|
unix_time64_t mono_ts = server_monotonic_secs(); |
|
if (mono_ts != log_monotonic_secs) { |
|
server_handle_sigalrm(srv, mono_ts, last_active_ts); |
|
} |
|
#ifdef USE_ALARM |
|
} |
|
#endif |
|
|
|
if (handle_sig_child) { |
|
handle_sig_child = 0; |
|
server_handle_sigchld(srv); |
|
} |
|
|
|
if (graceful_shutdown) { |
|
server_graceful_state(srv); |
|
if (NULL == srv->conns && graceful_shutdown) { |
|
/* we are in graceful shutdown phase and all connections are closed |
|
* we are ready to terminate without harming anyone */ |
|
srv_shutdown = 1; |
|
break; |
|
} |
|
} else if (srv->sockets_disabled) { |
|
server_overload_check(srv); |
|
} else { |
|
server_load_check(srv); |
|
} |
|
|
|
static connection * const sentinel = |
|
(connection *)(uintptr_t)&log_con_jqueue; |
|
connection * const joblist = log_con_jqueue; |
|
log_con_jqueue = sentinel; |
|
server_run_con_queue(joblist, sentinel); |
|
|
|
if (fdevent_poll(srv->ev, log_con_jqueue != sentinel ? 0 : 1000) > 0) |
|
last_active_ts = log_monotonic_secs; |
|
} |
|
} |
|
|
|
__attribute_cold__ |
|
__attribute_noinline__ |
|
static int main_init_once (void) { |
|
#ifdef HAVE_GETUID |
|
#ifndef HAVE_ISSETUGID |
|
#define issetugid() (geteuid() != getuid() || getegid() != getgid()) |
|
#endif |
|
if (0 != getuid() && issetugid()) { /*check as early as possible in main()*/ |
|
fprintf(stderr, |
|
"Are you nuts ? Don't apply a SUID bit to this binary\n"); |
|
return 0; |
|
} |
|
#endif |
|
|
|
#if defined(HAVE_MALLOPT) && defined(M_ARENA_MAX) |
|
#ifdef LIGHTTPD_STATIC |
|
mallopt(M_ARENA_MAX, 2); /*(ignore error, if any)*/ |
|
#else |
|
{ |
|
int (*mallopt_fn)(int, int); |
|
mallopt_fn = (int (*)(int, int))(intptr_t)dlsym(RTLD_DEFAULT,"mallopt"); |
|
if (mallopt_fn) mallopt_fn(M_ARENA_MAX, 2); /*(ignore error, if any)*/ |
|
} |
|
#endif |
|
#endif |
|
|
|
#if defined(HAVE_MALLOC_TRIM) |
|
malloc_top_pad = 524288; |
|
{ |
|
const char * const top_pad_str = getenv("MALLOC_TOP_PAD_"); |
|
if (top_pad_str) { |
|
unsigned long top_pad = strtoul(top_pad_str, NULL, 10); |
|
if (top_pad != ULONG_MAX) malloc_top_pad = (size_t)top_pad; |
|
} |
|
} |
|
#ifdef LIGHTTPD_STATIC |
|
malloc_trim_fn = malloc_trim; |
|
#else |
|
malloc_trim_fn = |
|
(int (*)(size_t))(intptr_t)dlsym(RTLD_DEFAULT,"malloc_trim"); |
|
#endif |
|
#endif |
|
|
|
/* for nice %b handling in strftime() */ |
|
setlocale(LC_TIME, "C"); |
|
tzset(); |
|
|
|
return 1; |
|
} |
|
|
|
__attribute_cold__ |
|
int main (int argc, char ** argv) { |
|
if (!main_init_once()) return -1; |
|
|
|
int rc; |
|
|
|
do { |
|
server * const srv = server_init(); |
|
|
|
if (graceful_restart) { |
|
server_sockets_restore(srv); |
|
optind = 1; |
|
} |
|
|
|
rc = server_main_setup(srv, argc, argv); |
|
if (rc > 0) { |
|
|
|
server_main_loop(srv); |
|
|
|
if (graceful_shutdown || graceful_restart) { |
|
server_graceful_state(srv); |
|
} |
|
|
|
if (NULL == srv->conns) rc = 0; |
|
if (2 == graceful_shutdown) { /* value 2 indicates idle timeout */ |
|
log_error(srv->errh, __FILE__, __LINE__, |
|
"server stopped after idle timeout"); |
|
} else if (!oneshot_fd) { |
|
#ifdef HAVE_SIGACTION |
|
log_error(srv->errh, __FILE__, __LINE__, |
|
"server stopped by UID = %d PID = %d", |
|
(int)last_sigterm_info.si_uid, |
|
(int)last_sigterm_info.si_pid); |
|
#else |
|
log_error(srv->errh, __FILE__, __LINE__, |
|
"server stopped"); |
|
#endif |
|
} |
|
} |
|
|
|
/* clean-up */ |
|
remove_pid_file(srv); |
|
config_log_error_close(srv); |
|
if (graceful_restart) |
|
server_sockets_save(srv); |
|
else |
|
network_close(srv); |
|
request_pool_free(); |
|
connections_free(srv); |
|
plugins_free(srv); |
|
server_free(srv); |
|
|
|
if (rc < 0 || !graceful_restart) break; |
|
|
|
/* wait for all children to exit before graceful restart */ |
|
while (fdevent_waitpid(-1, NULL, 0) > 0) ; |
|
} while (graceful_restart); |
|
|
|
return rc; |
|
}
|
|
|