src/server/daemon/webserver.c

Sat, 11 Mar 2023 13:57:30 +0100

author
Olaf Wintermann <olaf.wintermann@gmail.com>
date
Sat, 11 Mar 2023 13:57:30 +0100
changeset 463
4fd523fff13b
parent 461
9b20b8f3582b
child 556
b036ccad4b49
permissions
-rw-r--r--

add option to automatically bind new ldap sessions

/*
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
 *
 * Copyright 2013 Olaf Wintermann. All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 *
 *   1. Redistributions of source code must retain the above copyright
 *      notice, this list of conditions and the following disclaimer.
 *
 *   2. Redistributions in binary form must reproduce the above copyright
 *      notice, this list of conditions and the following disclaimer in the
 *      documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */


#ifdef __gnu_linux__
#define _GNU_SOURCE
#endif

#include <stdio.h>
#include <stdlib.h>
#include <dlfcn.h> 
#include <grp.h>
#include <sys/types.h>
#include <sys/stat.h>

#include <openssl/bio.h> 
#include <openssl/ssl.h> 
#include <openssl/err.h> 

#include "../public/nsapi.h"
#include "../public/auth.h"
#include "../util/systhr.h"
#include "../util/pblock.h"
#include "../util/util.h"

#include <cx/utils.h>
#include <cx/printf.h>
#include <cx/compare.h>

#include "../safs/common.h"

#include "func.h"
#include "config.h"
#include "configmanager.h"
#include "httplistener.h"
#include "webserver.h"
#include "auth.h"
#include "srvctrl.h"
#include "resourcepool.h"
#include "ldap_resource.h"

extern struct FuncStruct webserver_funcs[];

static RestartCallback *atrestart;

int webserver_init() { 
    // init NSPR
    systhread_init("webserver");
    
    log_ereport(LOG_VERBOSE, "webserver_init");
    
    // init ssl
    if(ws_init_ssl()) {
        log_ereport(LOG_FAILURE, "ssl init failed");
        return -1;
    }
    
    // init listener socket map
    if(http_listener_global_init()) {
        log_ereport(LOG_FAILURE, "listener global init failed");
        return -1;
    }
    
    // init NSAPI functions
    pblock_init_default_keys();
    atexit(pblock_free_default_keys);
    func_init();
    add_functions(webserver_funcs);
    
    // init resource pools
    if(init_resource_pools()) {
        log_ereport(LOG_FAILURE, "resource pool init failed");
        return -1;
    }
    if(resourcepool_register_type("ldap", ldap_get_resource_type())) {
        log_ereport(LOG_FAILURE, "webserver-init: Cannot register ldap resourcepool type");
        return -1;
    }
    
    // load init.conf
    InitConfig *init_config = load_init_conf("config/init.conf");
    if(!init_config) {
        return -1;
    }

    // load server.conf
    // Only the runtime infos are stored in the ServerConfiguration at
    // this stage. The remaining configuration is loaded after the uid
    // is changed (if needed).
    init_configuration_manager();
    CfgManager mgr;
    if(cfgmgr_load_config(&mgr) != 0) {
        return 1;
    }
    log_ereport(LOG_VERBOSE, "cfgmgr_load_config stage 1 successful");
    ServerConfiguration *cfg = mgr.cfg;
    
    // set global vars
    conf_global_vars_s *vars = conf_getglobals();
    
    WSBool changeuid = FALSE;
    uid_t ws_uid = geteuid();
    setpwent();
    char *pwbuf = malloc(DEF_PWBUF);
    vars->Vuserpw = malloc(sizeof(struct passwd));
    if(cfg->user.ptr) {
        if(!util_getpwnam(cfg->user.ptr, vars->Vuserpw, pwbuf, DEF_PWBUF)) {
            log_ereport(
                    LOG_MISCONFIG,
                    "user %s does not exist!",
                    cfg->user.ptr);
            free(vars->Vuserpw);
            vars->Vuserpw = NULL;
        } else {
            changeuid = TRUE;
        }
    } else {
        if(!util_getpwuid(ws_uid, vars->Vuserpw, pwbuf, DEF_PWBUF)) {
            log_ereport(LOG_FAILURE, "webserver_init: cannot get passwd data");
            free(vars->Vuserpw);
            vars->Vuserpw = NULL;
        }
    }
    if(!vars->Vuserpw) {
        log_ereport(LOG_VERBOSE, "globalvars->Vuserpw is null");
    }
    
    // change uid
    if(changeuid && ws_uid == 0) {
        // a webserver user is set and we are root
        log_ereport(LOG_VERBOSE, "setgid(%d)", vars->Vuserpw->pw_gid);
        if(setgid(vars->Vuserpw->pw_gid) != 0) {
            log_ereport(
                    LOG_FAILURE,
                    "setgid(%d) failed",
                    vars->Vuserpw->pw_gid);
            return -1;
        } else {
            // setgid was successful
            // we need to call initgroups to have all group permissions
            if(initgroups(vars->Vuserpw->pw_name, vars->Vuserpw->pw_gid)!=0) {
                log_ereport(LOG_FAILURE, "initgroups failed");
                return -1;
            }
        }
        
        // change the uid
        log_ereport(LOG_VERBOSE, "setuid(%d)", vars->Vuserpw->pw_uid);
        if(setuid(vars->Vuserpw->pw_uid)) {
            log_ereport(
                    LOG_FAILURE,
                    "setuid(%d) failed",
                    vars->Vuserpw->pw_uid);
            return -1;
        }
    } else if(vars->Vuserpw) {
        log_ereport(
                    LOG_WARN,
                    "server must be started as root to change uid");
    }
    
    // run Init directives
    // this must be done after setuid
    int err = apply_init_conf(init_config);
    free_init_conf(init_config);
    if(err) {
        log_ereport(LOG_FAILURE, "server init failed");
        return 1;
    }
    
    // init caches
    auth_cache_init();
    
    // init SAFs
    common_saf_init();
    
    
    // now that the process is running as the correct user, we can load
    // the remaining config
    if(cfgmgr_apply_config(&mgr)) {
        log_ereport(LOG_FAILURE, "load config stage 2 failed");
        return -1;
    }
    
    
    // create tmp dir and pid file
    char *mkdir_cmd = NULL;
    asprintf(&mkdir_cmd, "mkdir -p %s", cfg->tmp.ptr);
    system(mkdir_cmd);
    free(mkdir_cmd);

    char *pid_file_path = NULL;
    asprintf(&pid_file_path, "%s/pid", cfg->tmp.ptr);
    FILE *pidfile = fopen(pid_file_path, "w");
    if(!pidfile) {
        log_ereport(LOG_FAILURE, "cannot open pid file %s: %s", pid_file_path, strerror(errno));
        return -1;
    }
    pid_t pid = getpid();
    fprintf(pidfile, "%d", pid);
    fclose(pidfile);
    free(pid_file_path);
    
    // create unix domain socket for server control
    cxmutstr tmp_priv = cx_asprintf("%s/private", cfg->tmp.ptr);
    // TODO: remove existing private dir
    if(mkdir(tmp_priv.ptr, S_IRWXU)) {
        if(errno == EEXIST) {
            if(chmod(tmp_priv.ptr, S_IRWXU)) {
                log_ereport(
                        LOG_CATASTROPHE,
                        "cannot change permissions of tmp dir %s:",
                        tmp_priv.ptr,
                        strerror(errno));
                return -1;
            }
        } else {
            log_ereport(
                    LOG_CATASTROPHE,
                    "cannot create tmp dir %s:",
                    tmp_priv.ptr,
                    strerror(errno));
            return -1;
        }
    }
    
    
    // create srvctrl unix domain socket
    // this socket is used for stop, reconfigure and other operations
    if(srvctrl_init(cfg)) {
        return -1;
    }    
    
    //endpwent(); // TODO: close or not?
    //free(pwbuf); // TODO: ?
    
    return 0;
}

int webserver_run() {
    log_ereport(LOG_VERBOSE, "webserver_run");

    // start all http listener
    if(start_all_listener() != 0) {
        fprintf(stderr, "Error: Cannot start http listener\n");
    }
    
    log_ereport(LOG_INFORM, "webserver started");

    return 0;
}

void webserver_shutdown() {
    log_ereport(LOG_INFORM, "webserver shutdown");
    
    srvctrl_shutdown();
    
    // execute restart callbacks
    RestartCallback *re = atrestart;
    while(re) {
        re->func(re->data);
        re = re->next;
    }
}

int webserver_reconfig() {
    CfgManager mgr;
    if(cfgmgr_load_config(&mgr) != 0) {
        log_ereport(LOG_FAILURE, "cannot reload server.conf");
        return 1;
    } else {
        if(cfgmgr_apply_config(&mgr)) {
            log_ereport(LOG_FAILURE, "cannot reload config");
            return 1;
        }
    }
    
    // start newly created listeners
    start_all_listener();
    
    return 0;
}

void webserver_atrestart(void (*fn)(void *), void *data) {
    RestartCallback *cb = malloc(sizeof(RestartCallback));
    cb->func = fn;
    cb->data = data;
    cb->next = NULL;
    
    if(atrestart) {
        RestartCallback *elm = atrestart;
        while(elm) {
            if(!elm->next) {
                elm->next = cb;
                break;
            }
            elm = elm->next;
        }
    } else {
        atrestart = cb;
    }
}

int nsapi_runtime_version() {
    return 303;
}


int ws_init_ssl() {
    // TODO: handle errors
    SSL_load_error_strings();
    SSL_library_init();
    OpenSSL_add_all_algorithms();
    return 0;
}

mercurial