src/server/daemon/webserver.c

Fri, 30 Dec 2016 18:47:26 +0100

author
Olaf Wintermann <olaf.wintermann@gmail.com>
date
Fri, 30 Dec 2016 18:47:26 +0100
changeset 142
55298bc9ed28
parent 133
87b405d61f64
child 146
a9591a91c004
permissions
-rw-r--r--

adds new a pathcheck saf and improves content type matchin and improves content type matching

/*
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
 *
 * Copyright 2013 Olaf Wintermann. All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 *
 *   1. Redistributions of source code must retain the above copyright
 *      notice, this list of conditions and the following disclaimer.
 *
 *   2. Redistributions in binary form must reproduce the above copyright
 *      notice, this list of conditions and the following disclaimer in the
 *      documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */


#ifdef __gnu_linux__
#define _GNU_SOURCE
#endif

#include <stdio.h>
#include <stdlib.h>
#include <dlfcn.h> 
#include <grp.h>
#include <sys/types.h>
#include <sys/stat.h>

#include <openssl/bio.h> 
#include <openssl/ssl.h> 
#include <openssl/err.h> 

#include "../public/nsapi.h"
#include "../public/auth.h"
#include "../util/systhr.h"
#include "../util/io.h"
#include "../util/util.h"

#include "func.h"
#include "config.h"
#include "configmanager.h"
#include "httplistener.h"
#include "webserver.h"
#include "log.h"
#include "auth.h"

extern struct FuncStruct webserver_funcs[];

static RestartCallback *atrestart;

int webserver_init() { 
    // init NSPR
    systhread_init("webserver");
    
    // init ssl
    if(ws_init_ssl()) {
        return -1;
    }
    
    // init NSAPI functions
    func_init();
    add_functions(webserver_funcs);
    
    // load init.conf
    if(load_init_conf("config/init.conf")) {
        return -1;
    }

    // load server.conf
    init_configuration_manager();
    ServerConfiguration *cfg;
    if(cfgmgr_load_config(&cfg) != 0) {
        fprintf(stderr, "Cannot load configuration\n");
        return -1;
    }
    
    // init caches
    auth_cache_init();
    
    // create tmp dir and pid file
    char *mkdir_cmd = NULL;
    asprintf(&mkdir_cmd, "mkdir -p %s", cfg->tmp.ptr);
    system(mkdir_cmd);
    free(mkdir_cmd);

    char *pid_file_path = NULL;
    asprintf(&pid_file_path, "%s/pid", cfg->tmp.ptr);
    FILE *pidfile = fopen(pid_file_path, "w");
    pid_t pid = getpid();
    fprintf(pidfile, "%d", pid);
    fclose(pidfile);
    free(pid_file_path);
    
    // set global vars
    conf_global_vars_s *vars = conf_getglobals();
    
    uid_t ws_uid = geteuid();
    setpwent();
    char *pwbuf = malloc(DEF_PWBUF);
    vars->Vuserpw = malloc(sizeof(struct passwd));
    if(cfg->user.ptr) {
        if(!util_getpwnam(cfg->user.ptr, vars->Vuserpw, pwbuf, DEF_PWBUF)) {
            log_ereport(
                    LOG_MISCONFIG,
                    "user %s does not exist!",
                    cfg->user.ptr);
            free(vars->Vuserpw);
            vars->Vuserpw = NULL;
        }
    } else {
        if(!util_getpwuid(ws_uid, vars->Vuserpw, pwbuf, DEF_PWBUF)) {
            log_ereport(LOG_FAILURE, "webserver_init: cannot get passwd data");
            free(vars->Vuserpw);
            vars->Vuserpw = NULL;
        }
    }
    if(!vars->Vuserpw) {
        log_ereport(LOG_WARN, "globalvars->Vuserpw is null");
    }
    
    if(cfg->user.ptr) {
        vars->Vuserpw = malloc(sizeof(struct passwd));
        // open user database
        //setpwent();
        if(!util_getpwnam(cfg->user.ptr, vars->Vuserpw, pwbuf, DEF_PWBUF)) {
            log_ereport(
                    LOG_MISCONFIG,
                    "user %s does not exist!",
                    cfg->user.ptr);
            free(vars->Vuserpw);
            vars->Vuserpw = NULL;
        }
        //endpwent(); // TODO: close or not?
    }
    free(pwbuf);

    // change uid
    if(vars->Vuserpw && ws_uid == 0) {
        // a webserver user is set and we are root
        
        if(setgid(vars->Vuserpw->pw_gid) != 0) {
            log_ereport(
                    LOG_FAILURE,
                    "setgid(%d) failed",
                    vars->Vuserpw->pw_gid);
        } else {
            // setgid was successful
            // we need to call initgroups to have all group permissions
            if(initgroups(vars->Vuserpw->pw_name, vars->Vuserpw->pw_gid)!=0) {
                log_ereport(LOG_FAILURE, "initgroups failed");
            }
        }
        
        // change the uid
        if(setuid(vars->Vuserpw->pw_uid)) {
            log_ereport(
                    LOG_FAILURE,
                    "setuid(%d) failed",
                    vars->Vuserpw->pw_uid);
        }
    } else if(vars->Vuserpw) {
        log_ereport(
                    LOG_WARN,
                    "server must be started as root to change uid");
    }
    
    return 0;
}

int webserver_run() {
    log_ereport(LOG_VERBOSE, "webserver_run");

    // start all http listener
    if(start_all_listener() != 0) {
        fprintf(stderr, "Error: Cannot start http listener\n");
    }
    
    log_ereport(LOG_INFORM, "webserver started");

    return 0;
}

void webserver_shutdown() {
    log_ereport(LOG_INFORM, "webserver shutdown");
    
    // execute restart callbacks
    RestartCallback *re = atrestart;
    while(re) {
        re->func(re->data);
        re = re->next;
    }
}

void webserver_atrestart(void (*fn)(void *), void *data) {
    RestartCallback *cb = malloc(sizeof(RestartCallback));
    cb->func = fn;
    cb->data = data;
    cb->next = NULL;
    
    if(atrestart) {
        RestartCallback *elm = atrestart;
        while(elm) {
            if(!elm->next) {
                elm->next = cb;
                break;
            }
            elm = elm->next;
        }
    } else {
        atrestart = cb;
    }
}

int nsapi_runtime_version() {
    return 303;
}


int ws_init_ssl() {
    // TODO: handle errors
    SSL_load_error_strings();
    SSL_library_init();
    OpenSSL_add_all_algorithms();
    return 0;
}

mercurial