src/server/daemon/webserver.c@b169992137a8
src/server/daemon/webserver.c
Sat, 28 Jan 2017 10:38:34 +0100
- author
- Olaf Wintermann <olaf.wintermann@gmail.com>
- date
- Sat, 28 Jan 2017 10:38:34 +0100
- changeset 162
- b169992137a8
- parent 161
- aadda87bad1b
- child 179
- ef6827505bd2
- permissions
- -rw-r--r--
improves cgi error handling and allows requests with empty headers
also fixes broken windows porting commit
/* * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. * * Copyright 2013 Olaf Wintermann. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ #ifdef __gnu_linux__ #define _GNU_SOURCE #endif #include <stdio.h> #include <stdlib.h> #include <dlfcn.h> #include <grp.h> #include <sys/types.h> #include <sys/stat.h> #include <openssl/bio.h> #include <openssl/ssl.h> #include <openssl/err.h> #include "../public/nsapi.h" #include "../public/auth.h" #include "../util/systhr.h" #include "../util/io.h" #include "../util/util.h" #include "../safs/common.h" #include "func.h" #include "config.h" #include "configmanager.h" #include "httplistener.h" #include "webserver.h" #include "log.h" #include "auth.h" extern struct FuncStruct webserver_funcs[]; static RestartCallback *atrestart; int webserver_init() { // init NSPR systhread_init("webserver"); // init ssl if(ws_init_ssl()) { return -1; } // init NSAPI functions func_init(); add_functions(webserver_funcs); // load init.conf if(load_init_conf("config/init.conf")) { return -1; } // load server.conf init_configuration_manager(); ServerConfiguration *cfg; if(cfgmgr_load_config(&cfg) != 0) { fprintf(stderr, "Cannot load configuration\n"); return -1; } // init caches auth_cache_init(); // create tmp dir and pid file char *mkdir_cmd = NULL; asprintf(&mkdir_cmd, "mkdir -p %s", cfg->tmp.ptr); system(mkdir_cmd); free(mkdir_cmd); char *pid_file_path = NULL; asprintf(&pid_file_path, "%s/pid", cfg->tmp.ptr); FILE *pidfile = fopen(pid_file_path, "w"); // TODO: check error pid_t pid = getpid(); fprintf(pidfile, "%d", pid); fclose(pidfile); free(pid_file_path); // init SAFs common_saf_init(); // set global vars conf_global_vars_s *vars = conf_getglobals(); WSBool changeuid = FALSE; uid_t ws_uid = geteuid(); setpwent(); char *pwbuf = malloc(DEF_PWBUF); vars->Vuserpw = malloc(sizeof(struct passwd)); if(cfg->user.ptr) { if(!util_getpwnam(cfg->user.ptr, vars->Vuserpw, pwbuf, DEF_PWBUF)) { log_ereport( LOG_MISCONFIG, "user %s does not exist!", cfg->user.ptr); free(vars->Vuserpw); vars->Vuserpw = NULL; } else { changeuid = TRUE; } } else { if(!util_getpwuid(ws_uid, vars->Vuserpw, pwbuf, DEF_PWBUF)) { log_ereport(LOG_FAILURE, "webserver_init: cannot get passwd data"); free(vars->Vuserpw); vars->Vuserpw = NULL; } } if(!vars->Vuserpw) { log_ereport(LOG_WARN, "globalvars->Vuserpw is null"); } // change uid if(changeuid && ws_uid == 0) { // a webserver user is set and we are root if(setgid(vars->Vuserpw->pw_gid) != 0) { log_ereport( LOG_FAILURE, "setgid(%d) failed", vars->Vuserpw->pw_gid); } else { // setgid was successful // we need to call initgroups to have all group permissions if(initgroups(vars->Vuserpw->pw_name, vars->Vuserpw->pw_gid)!=0) { log_ereport(LOG_FAILURE, "initgroups failed"); } } // change the uid if(setuid(vars->Vuserpw->pw_uid)) { log_ereport( LOG_FAILURE, "setuid(%d) failed", vars->Vuserpw->pw_uid); } } else if(vars->Vuserpw) { log_ereport( LOG_WARN, "server must be started as root to change uid"); } //endpwent(); // TODO: close or not? //free(pwbuf); // TODO: ? return 0; } int webserver_run() { log_ereport(LOG_VERBOSE, "webserver_run"); // start all http listener if(start_all_listener() != 0) { fprintf(stderr, "Error: Cannot start http listener\n"); } log_ereport(LOG_INFORM, "webserver started"); return 0; } void webserver_shutdown() { log_ereport(LOG_INFORM, "webserver shutdown"); // execute restart callbacks RestartCallback *re = atrestart; while(re) { re->func(re->data); re = re->next; } } void webserver_atrestart(void (*fn)(void *), void *data) { RestartCallback *cb = malloc(sizeof(RestartCallback)); cb->func = fn; cb->data = data; cb->next = NULL; if(atrestart) { RestartCallback *elm = atrestart; while(elm) { if(!elm->next) { elm->next = cb; break; } elm = elm->next; } } else { atrestart = cb; } } int nsapi_runtime_version() { return 303; } int ws_init_ssl() { // TODO: handle errors SSL_load_error_strings(); SSL_library_init(); OpenSSL_add_all_algorithms(); return 0; }
