1: #ifdef HAVE_CONFIG_H
2: # include "config.h"
3: #endif
4:
5: #include <sys/types.h>
6: #include <sys/time.h>
7: #include <sys/stat.h>
8:
9: #include <stdlib.h>
10: #include <string.h>
11: #include <errno.h>
12: #include <stdio.h>
13: #include <unistd.h>
14: #include <fcntl.h>
15:
16: #ifdef HAVE_PWD_H
17: # include <grp.h>
18: # include <pwd.h>
19: #endif
20:
21: #ifdef HAVE_GETOPT_H
22: # include <getopt.h>
23: #endif
24:
25: #define FCGI_LISTENSOCK_FILENO 0
26:
27: /* "sys-socket.h" */
28: #ifdef __WIN32
29:
30: # include <winsock2.h>
31:
32: # define ECONNRESET WSAECONNRESET
33: # define EINPROGRESS WSAEINPROGRESS
34: # define EALREADY WSAEALREADY
35: # define ECONNABORTED WSAECONNABORTED
36: # define ioctl ioctlsocket
37: # define hstrerror(x) ""
38:
39: #else /* _WIN32 */
40:
41: # include <sys/socket.h>
42: # include <sys/ioctl.h>
43: # include <netinet/in.h>
44: # include <netinet/tcp.h>
45: # include <sys/un.h>
46: # include <arpa/inet.h>
47:
48: # include <netdb.h>
49:
50: #endif /* _WIN32 */
51: /* end "sys-socket.h" */
52:
53: #ifdef HAVE_SYS_WAIT_H
54: # include <sys/wait.h>
55: #endif
56:
57: /* for solaris 2.5 and netbsd 1.3.x */
58: #ifndef HAVE_SOCKLEN_T
59: typedef int socklen_t;
60: #endif
61:
62: #ifndef HAVE_ISSETUGID
63: static int issetugid() {
64: return (geteuid() != getuid() || getegid() != getgid());
65: }
66: #endif
67:
68: #if defined(HAVE_IPV6) && defined(HAVE_INET_PTON)
69: # define USE_IPV6
70: #endif
71:
72: #ifdef USE_IPV6
73: #define PACKAGE_FEATURES " (ipv6)"
74: #else
75: #define PACKAGE_FEATURES ""
76: #endif
77:
78: #define PACKAGE_DESC "spawn-fcgi v" PACKAGE_VERSION PACKAGE_FEATURES " - spawns FastCGI processes\n"
79:
80: #define CONST_STR_LEN(s) s, sizeof(s) - 1
81:
82: static int bind_socket(const char *addr, unsigned short port, const char *unixsocket, uid_t uid, gid_t gid, int mode) {
83: int fcgi_fd, socket_type, val;
84:
85: struct sockaddr_un fcgi_addr_un;
86: struct sockaddr_in fcgi_addr_in;
87: #ifdef USE_IPV6
88: struct sockaddr_in6 fcgi_addr_in6;
89: #endif
90: struct sockaddr *fcgi_addr;
91:
92: socklen_t servlen;
93:
94: if (unixsocket) {
95: memset(&fcgi_addr_un, 0, sizeof(fcgi_addr_un));
96:
97: fcgi_addr_un.sun_family = AF_UNIX;
98: strcpy(fcgi_addr_un.sun_path, unixsocket);
99:
100: #ifdef SUN_LEN
101: servlen = SUN_LEN(&fcgi_addr_un);
102: #else
103: /* stevens says: */
104: servlen = strlen(fcgi_addr_un.sun_path) + sizeof(fcgi_addr_un.sun_family);
105: #endif
106: socket_type = AF_UNIX;
107: fcgi_addr = (struct sockaddr *) &fcgi_addr_un;
108:
109: /* check if some backend is listening on the socket
110: * as if we delete the socket-file and rebind there will be no "socket already in use" error
111: */
112: if (-1 == (fcgi_fd = socket(socket_type, SOCK_STREAM, 0))) {
113: fprintf(stderr, "spawn-fcgi: couldn't create socket: %s\n", strerror(errno));
114: return -1;
115: }
116:
117: if (0 == connect(fcgi_fd, fcgi_addr, servlen)) {
118: fprintf(stderr, "spawn-fcgi: socket is already in use, can't spawn\n");
119: close(fcgi_fd);
120: return -1;
121: }
122:
123: /* cleanup previous socket if it exists */
124: if (-1 == unlink(unixsocket)) {
125: switch (errno) {
126: case ENOENT:
127: break;
128: default:
129: fprintf(stderr, "spawn-fcgi: removing old socket failed: %s\n", strerror(errno));
130: return -1;
131: }
132: }
133:
134: close(fcgi_fd);
135: } else {
136: memset(&fcgi_addr_in, 0, sizeof(fcgi_addr_in));
137: fcgi_addr_in.sin_family = AF_INET;
138: fcgi_addr_in.sin_port = htons(port);
139:
140: servlen = sizeof(fcgi_addr_in);
141: socket_type = AF_INET;
142: fcgi_addr = (struct sockaddr *) &fcgi_addr_in;
143:
144: #ifdef USE_IPV6
145: memset(&fcgi_addr_in6, 0, sizeof(fcgi_addr_in6));
146: fcgi_addr_in6.sin6_family = AF_INET6;
147: fcgi_addr_in6.sin6_port = fcgi_addr_in.sin_port;
148: #endif
149:
150: if (addr == NULL) {
151: fcgi_addr_in.sin_addr.s_addr = htonl(INADDR_ANY);
152: #ifdef HAVE_INET_PTON
153: } else if (1 == inet_pton(AF_INET, addr, &fcgi_addr_in.sin_addr)) {
154: /* nothing to do */
155: #ifdef HAVE_IPV6
156: } else if (1 == inet_pton(AF_INET6, addr, &fcgi_addr_in6.sin6_addr)) {
157: servlen = sizeof(fcgi_addr_in6);
158: socket_type = AF_INET6;
159: fcgi_addr = (struct sockaddr *) &fcgi_addr_in6;
160: #endif
161: } else {
162: fprintf(stderr, "spawn-fcgi: '%s' is not a valid IP address\n", addr);
163: return -1;
164: #else
165: } else {
166: if ((in_addr_t)(-1) == (fcgi_addr_in.sin_addr.s_addr = inet_addr(addr))) {
167: fprintf(stderr, "spawn-fcgi: '%s' is not a valid IPv4 address\n", addr);
168: return -1;
169: }
170: #endif
171: }
172: }
173:
174:
175: if (-1 == (fcgi_fd = socket(socket_type, SOCK_STREAM, 0))) {
176: fprintf(stderr, "spawn-fcgi: couldn't create socket: %s\n", strerror(errno));
177: return -1;
178: }
179:
180: val = 1;
181: if (setsockopt(fcgi_fd, SOL_SOCKET, SO_REUSEADDR, &val, sizeof(val)) < 0) {
182: fprintf(stderr, "spawn-fcgi: couldn't set SO_REUSEADDR: %s\n", strerror(errno));
183: return -1;
184: }
185:
186: if (-1 == bind(fcgi_fd, fcgi_addr, servlen)) {
187: fprintf(stderr, "spawn-fcgi: bind failed: %s\n", strerror(errno));
188: return -1;
189: }
190:
191: if (unixsocket) {
192: if (0 != uid || 0 != gid) {
193: if (0 == uid) uid = -1;
194: if (0 == gid) gid = -1;
195: if (-1 == chown(unixsocket, uid, gid)) {
196: fprintf(stderr, "spawn-fcgi: couldn't chown socket: %s\n", strerror(errno));
197: close(fcgi_fd);
198: unlink(unixsocket);
199: return -1;
200: }
201: }
202:
203: if (-1 != mode && -1 == chmod(unixsocket, mode)) {
204: fprintf(stderr, "spawn-fcgi: couldn't chmod socket: %s\n", strerror(errno));
205: close(fcgi_fd);
206: unlink(unixsocket);
207: return -1;
208: }
209: }
210:
211: if (-1 == listen(fcgi_fd, 1024)) {
212: fprintf(stderr, "spawn-fcgi: listen failed: %s\n", strerror(errno));
213: return -1;
214: }
215:
216: return fcgi_fd;
217: }
218:
219: static int fcgi_spawn_connection(char *appPath, char **appArgv, int fcgi_fd, int fork_count, int child_count, int pid_fd, int nofork) {
220: int status, rc = 0;
221: struct timeval tv = { 0, 100 * 1000 };
222:
223: pid_t child;
224:
225: while (fork_count-- > 0) {
226:
227: if (!nofork) {
228: child = fork();
229: } else {
230: child = 0;
231: }
232:
233: switch (child) {
234: case 0: {
235: char cgi_childs[64];
236: int max_fd = 0;
237:
238: int i = 0;
239:
240: if (child_count >= 0) {
241: snprintf(cgi_childs, sizeof(cgi_childs), "PHP_FCGI_CHILDREN=%d", child_count);
242: putenv(cgi_childs);
243: }
244:
245: if(fcgi_fd != FCGI_LISTENSOCK_FILENO) {
246: close(FCGI_LISTENSOCK_FILENO);
247: dup2(fcgi_fd, FCGI_LISTENSOCK_FILENO);
248: close(fcgi_fd);
249: }
250:
251: /* loose control terminal */
252: if (!nofork) {
253: setsid();
254:
255: max_fd = open("/dev/null", O_RDWR);
256: if (-1 != max_fd) {
257: if (max_fd != STDOUT_FILENO) dup2(max_fd, STDOUT_FILENO);
258: if (max_fd != STDERR_FILENO) dup2(max_fd, STDERR_FILENO);
259: if (max_fd != STDOUT_FILENO && max_fd != STDERR_FILENO) close(max_fd);
260: } else {
261: fprintf(stderr, "spawn-fcgi: couldn't open and redirect stdout/stderr to '/dev/null': %s\n", strerror(errno));
262: }
263: }
264:
265: /* we don't need the client socket */
266: for (i = 3; i < max_fd; i++) {
267: if (i != FCGI_LISTENSOCK_FILENO) close(i);
268: }
269:
270: /* fork and replace shell */
271: if (appArgv) {
272: execv(appArgv[0], appArgv);
273:
274: } else {
275: char *b = malloc((sizeof("exec ") - 1) + strlen(appPath) + 1);
276: strcpy(b, "exec ");
277: strcat(b, appPath);
278:
279: /* exec the cgi */
280: execl("/bin/sh", "sh", "-c", b, (char *)NULL);
281: }
282:
283: /* in nofork mode stderr is still open */
284: fprintf(stderr, "spawn-fcgi: exec failed: %s\n", strerror(errno));
285: exit(errno);
286:
287: break;
288: }
289: case -1:
290: /* error */
291: fprintf(stderr, "spawn-fcgi: fork failed: %s\n", strerror(errno));
292: break;
293: default:
294: /* father */
295:
296: /* wait */
297: select(0, NULL, NULL, NULL, &tv);
298:
299: switch (waitpid(child, &status, WNOHANG)) {
300: case 0:
301: fprintf(stdout, "spawn-fcgi: child spawned successfully: PID: %d\n", child);
302:
303: /* write pid file */
304: if (pid_fd != -1) {
305: /* assume a 32bit pid_t */
306: char pidbuf[12];
307:
308: snprintf(pidbuf, sizeof(pidbuf) - 1, "%d", child);
309:
310: write(pid_fd, pidbuf, strlen(pidbuf));
311: /* avoid eol for the last one */
312: if (fork_count != 0) {
313: write(pid_fd, "\n", 1);
314: }
315: }
316:
317: break;
318: case -1:
319: break;
320: default:
321: if (WIFEXITED(status)) {
322: fprintf(stderr, "spawn-fcgi: child exited with: %d\n",
323: WEXITSTATUS(status));
324: rc = WEXITSTATUS(status);
325: } else if (WIFSIGNALED(status)) {
326: fprintf(stderr, "spawn-fcgi: child signaled: %d\n",
327: WTERMSIG(status));
328: rc = 1;
329: } else {
330: fprintf(stderr, "spawn-fcgi: child died somehow: exit status = %d\n",
331: status);
332: rc = status;
333: }
334: }
335:
336: break;
337: }
338: }
339: close(pid_fd);
340:
341: close(fcgi_fd);
342:
343: return rc;
344: }
345:
346: static int find_user_group(const char *user, const char *group, uid_t *uid, gid_t *gid, const char **username) {
347: uid_t my_uid = 0;
348: gid_t my_gid = 0;
349: struct passwd *my_pwd = NULL;
350: struct group *my_grp = NULL;
351: char *endptr = NULL;
352: *uid = 0; *gid = 0;
353: if (username) *username = NULL;
354:
355: if (user) {
356: my_uid = strtol(user, &endptr, 10);
357:
358: if (my_uid <= 0 || *endptr) {
359: if (NULL == (my_pwd = getpwnam(user))) {
360: fprintf(stderr, "spawn-fcgi: can't find user name %s\n", user);
361: return -1;
362: }
363: my_uid = my_pwd->pw_uid;
364:
365: if (my_uid == 0) {
366: fprintf(stderr, "spawn-fcgi: I will not set uid to 0\n");
367: return -1;
368: }
369:
370: if (username) *username = user;
371: } else {
372: my_pwd = getpwuid(my_uid);
373: if (username && my_pwd) *username = my_pwd->pw_name;
374: }
375: }
376:
377: if (group) {
378: my_gid = strtol(group, &endptr, 10);
379:
380: if (my_gid <= 0 || *endptr) {
381: if (NULL == (my_grp = getgrnam(group))) {
382: fprintf(stderr, "spawn-fcgi: can't find group name %s\n", group);
383: return -1;
384: }
385: my_gid = my_grp->gr_gid;
386:
387: if (my_gid == 0) {
388: fprintf(stderr, "spawn-fcgi: I will not set gid to 0\n");
389: return -1;
390: }
391: }
392: } else if (my_pwd) {
393: my_gid = my_pwd->pw_gid;
394:
395: if (my_gid == 0) {
396: fprintf(stderr, "spawn-fcgi: I will not set gid to 0\n");
397: return -1;
398: }
399: }
400:
401: *uid = my_uid;
402: *gid = my_gid;
403: return 0;
404: }
405:
406: static void show_version () {
407: write(1, CONST_STR_LEN(
408: PACKAGE_DESC \
409: "Build-Date: " __DATE__ " " __TIME__ "\n"
410: ));
411: }
412:
413: static void show_help () {
414: write(1, CONST_STR_LEN(
415: "Usage: spawn-fcgi [options] [-- <fcgiapp> [fcgi app arguments]]\n" \
416: "\n" \
417: PACKAGE_DESC \
418: "\n" \
419: "Options:\n" \
420: " -f <path> filename of the fcgi-application (deprecated; ignored if\n" \
421: " <fcgiapp> is given; needs /bin/sh)\n" \
422: " -d <directory> chdir to directory before spawning\n" \
423: " -a <address> bind to IPv4/IPv6 address (defaults to 0.0.0.0)\n" \
424: " -p <port> bind to TCP-port\n" \
425: " -s <path> bind to Unix domain socket\n" \
426: " -M <mode> change Unix domain socket mode\n" \
427: " -C <children> (PHP only) numbers of childs to spawn (default: not setting\n" \
428: " the PHP_FCGI_CHILDREN environment variable - PHP defaults to 0)\n" \
429: " -F <children> number of children to fork (default 1)\n" \
430: " -P <path> name of PID-file for spawned process (ignored in no-fork mode)\n" \
431: " -n no fork (for daemontools)\n" \
432: " -v show version\n" \
433: " -?, -h show this help\n" \
434: "(root only)\n" \
435: " -c <directory> chroot to directory\n" \
436: " -S create socket before chroot() (default is to create the socket\n" \
437: " in the chroot)\n" \
438: " -u <user> change to user-id\n" \
439: " -g <group> change to group-id (default: primary group of user if -u\n" \
440: " is given)\n" \
441: " -U <user> change Unix domain socket owner to user-id\n" \
442: " -G <group> change Unix domain socket group to group-id\n" \
443: ));
444: }
445:
446:
447: int main(int argc, char **argv) {
448: char *fcgi_app = NULL, *changeroot = NULL, *username = NULL,
449: *groupname = NULL, *unixsocket = NULL, *pid_file = NULL,
450: *sockusername = NULL, *sockgroupname = NULL, *fcgi_dir = NULL,
451: *addr = NULL;
452: char **fcgi_app_argv = { NULL };
453: char *endptr = NULL;
454: unsigned short port = 0;
455: int sockmode = -1;
456: int child_count = -1;
457: int fork_count = 1;
458: int i_am_root, o;
459: int pid_fd = -1;
460: int nofork = 0;
461: int sockbeforechroot = 0;
462: struct sockaddr_un un;
463: int fcgi_fd = -1;
464:
465: if (argc < 2) { /* no arguments given */
466: show_help();
467: return -1;
468: }
469:
470: i_am_root = (getuid() == 0);
471:
472: while (-1 != (o = getopt(argc, argv, "c:d:f:g:?hna:p:u:vC:F:s:P:U:G:M:S"))) {
473: switch(o) {
474: case 'f': fcgi_app = optarg; break;
475: case 'd': fcgi_dir = optarg; break;
476: case 'a': addr = optarg;/* ip addr */ break;
477: case 'p': port = strtol(optarg, &endptr, 10);/* port */
478: if (*endptr) {
479: fprintf(stderr, "spawn-fcgi: invalid port: %u\n", (unsigned int) port);
480: return -1;
481: }
482: break;
483: case 'C': child_count = strtol(optarg, NULL, 10);/* */ break;
484: case 'F': fork_count = strtol(optarg, NULL, 10);/* */ break;
485: case 's': unixsocket = optarg; /* unix-domain socket */ break;
486: case 'c': if (i_am_root) { changeroot = optarg; }/* chroot() */ break;
487: case 'u': if (i_am_root) { username = optarg; } /* set user */ break;
488: case 'g': if (i_am_root) { groupname = optarg; } /* set group */ break;
489: case 'U': if (i_am_root) { sockusername = optarg; } /* set socket user */ break;
490: case 'G': if (i_am_root) { sockgroupname = optarg; } /* set socket group */ break;
491: case 'S': if (i_am_root) { sockbeforechroot = 1; } /* open socket before chroot() */ break;
492: case 'M': sockmode = strtol(optarg, NULL, 0); /* set socket mode */ break;
493: case 'n': nofork = 1; break;
494: case 'P': pid_file = optarg; /* PID file */ break;
495: case 'v': show_version(); return 0;
496: case '?':
497: case 'h': show_help(); return 0;
498: default:
499: show_help();
500: return -1;
501: }
502: }
503:
504: if (optind < argc) {
505: fcgi_app_argv = &argv[optind];
506: }
507:
508: if (NULL == fcgi_app && NULL == fcgi_app_argv) {
509: fprintf(stderr, "spawn-fcgi: no FastCGI application given\n");
510: return -1;
511: }
512:
513: if (0 == port && NULL == unixsocket) {
514: fprintf(stderr, "spawn-fcgi: no socket given (use either -p or -s)\n");
515: return -1;
516: } else if (0 != port && NULL != unixsocket) {
517: fprintf(stderr, "spawn-fcgi: either a Unix domain socket or a TCP-port, but not both\n");
518: return -1;
519: }
520:
521: if (unixsocket && strlen(unixsocket) > sizeof(un.sun_path) - 1) {
522: fprintf(stderr, "spawn-fcgi: path of the Unix domain socket is too long\n");
523: return -1;
524: }
525:
526: /* SUID handling */
527: if (!i_am_root && issetugid()) {
528: fprintf(stderr, "spawn-fcgi: Are you nuts? Don't apply a SUID bit to this binary\n");
529: return -1;
530: }
531:
532: if (nofork) pid_file = NULL; /* ignore pid file in no-fork mode */
533:
534: if (pid_file &&
535: (-1 == (pid_fd = open(pid_file, O_WRONLY | O_CREAT | O_EXCL | O_TRUNC, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH)))) {
536: struct stat st;
537: if (errno != EEXIST) {
538: fprintf(stderr, "spawn-fcgi: opening PID-file '%s' failed: %s\n",
539: pid_file, strerror(errno));
540: return -1;
541: }
542:
543: /* ok, file exists */
544:
545: if (0 != stat(pid_file, &st)) {
546: fprintf(stderr, "spawn-fcgi: stating PID-file '%s' failed: %s\n",
547: pid_file, strerror(errno));
548: return -1;
549: }
550:
551: /* is it a regular file ? */
552:
553: if (!S_ISREG(st.st_mode)) {
554: fprintf(stderr, "spawn-fcgi: PID-file exists and isn't regular file: '%s'\n",
555: pid_file);
556: return -1;
557: }
558:
559: if (-1 == (pid_fd = open(pid_file, O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH))) {
560: fprintf(stderr, "spawn-fcgi: opening PID-file '%s' failed: %s\n",
561: pid_file, strerror(errno));
562: return -1;
563: }
564: }
565:
566: if (i_am_root) {
567: uid_t uid, sockuid;
568: gid_t gid, sockgid;
569: const char* real_username;
570:
571: if (-1 == find_user_group(username, groupname, &uid, &gid, &real_username))
572: return -1;
573:
574: if (-1 == find_user_group(sockusername, sockgroupname, &sockuid, &sockgid, NULL))
575: return -1;
576:
577: if (uid != 0 && gid == 0) {
578: fprintf(stderr, "spawn-fcgi: WARNING: couldn't find the user for uid %i and no group was specified, so only the user privileges will be dropped\n", (int) uid);
579: }
580:
581: if (0 == sockuid) sockuid = uid;
582: if (0 == sockgid) sockgid = gid;
583:
584: if (sockbeforechroot && -1 == (fcgi_fd = bind_socket(addr, port, unixsocket, sockuid, sockgid, sockmode)))
585: return -1;
586:
587: /* Change group before chroot, when we have access
588: * to /etc/group
589: */
590: if (gid != 0) {
591: setgid(gid);
592: setgroups(0, NULL);
593: if (real_username) {
594: initgroups(real_username, gid);
595: }
596: }
597:
598: if (changeroot) {
599: if (-1 == chroot(changeroot)) {
600: fprintf(stderr, "spawn-fcgi: chroot('%s') failed: %s\n", changeroot, strerror(errno));
601: return -1;
602: }
603: if (-1 == chdir("/")) {
604: fprintf(stderr, "spawn-fcgi: chdir('/') failed: %s\n", strerror(errno));
605: return -1;
606: }
607: }
608:
609: if (!sockbeforechroot && -1 == (fcgi_fd = bind_socket(addr, port, unixsocket, sockuid, sockgid, sockmode)))
610: return -1;
611:
612: /* drop root privs */
613: if (uid != 0) {
614: setuid(uid);
615: }
616: } else {
617: if (-1 == (fcgi_fd = bind_socket(addr, port, unixsocket, 0, 0, sockmode)))
618: return -1;
619: }
620:
621: if (fcgi_dir && -1 == chdir(fcgi_dir)) {
622: fprintf(stderr, "spawn-fcgi: chdir('%s') failed: %s\n", fcgi_dir, strerror(errno));
623: return -1;
624: }
625:
626: return fcgi_spawn_connection(fcgi_app, fcgi_app_argv, fcgi_fd, fork_count, child_count, pid_fd, nofork);
627: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to spawn-fcgi.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / spawn-fcgi / src