Makefile- acl.c
- acl.h
- acldata.c
- acldata.h
- auth.c
- auth.h
- config.c
- config.h
- configmanager.c
- configmanager.h
- error.c
- error.h
- event.c
- event.h
- event_bsd.c
- event_bsd.h
- event_linux.c
- event_linux.h
- event_solaris.c
- event_solaris.h
- func.c
- func.h
- http.c
- http.h
- httplistener.c
- httplistener.h
- httpparser.c
- httpparser.h
- httprequest.c
- httprequest.h
- keyfile_auth.c
- keyfile_auth.h
- ldap_auth.c
- ldap_auth.h
- log.c
- log.h
- main.c
- netsite.h
- objs.mk
- protocol.c
- protocol.h
- request.c
- request.h
- session.c
- session.h
- sessionhandler.c
- sessionhandler.h
- srvctrl.c
- srvctrl.h
- threadpools.c
- threadpools.h
- vfs.c
- vfs.h
- vserver.c
- vserver.h
- webserver.c
- webserver.h
- websocket.c
- websocket.h
- ws-fn.c
/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright 2013 Olaf Wintermann. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#ifdef __gnu_linux__
#define _GNU_SOURCE
#endif
#include <stdio.h>
#include <stdlib.h>
#include <dlfcn.h>
#include <grp.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <openssl/bio.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#include "../public/nsapi.h"
#include "../public/auth.h"
#include "../util/systhr.h"
#include "../util/io.h"
#include "../util/util.h"
#include "../../ucx/utils.h"
#include "../safs/common.h"
#include "func.h"
#include "config.h"
#include "configmanager.h"
#include "httplistener.h"
#include "webserver.h"
#include "log.h"
#include "auth.h"
#include "srvctrl.h"
extern struct FuncStruct webserver_funcs[];
static RestartCallback *atrestart;
int webserver_init() {
// init NSPR
systhread_init("webserver");
// init ssl
if(ws_init_ssl()) {
return -1;
}
// init NSAPI functions
func_init();
add_functions(webserver_funcs);
// load init.conf
if(load_init_conf("config/init.conf")) {
return -1;
}
// load server.conf
init_configuration_manager();
ServerConfiguration *cfg;
if(cfgmgr_load_config(&cfg) != 0) {
fprintf(stderr, "Cannot load configuration\n");
return -1;
}
// init caches
auth_cache_init();
// init SAFs
common_saf_init();
// set global vars
conf_global_vars_s *vars = conf_getglobals();
WSBool changeuid = FALSE;
uid_t ws_uid = geteuid();
setpwent();
char *pwbuf = malloc(DEF_PWBUF);
vars->Vuserpw = malloc(sizeof(struct passwd));
if(cfg->user.ptr) {
if(!util_getpwnam(cfg->user.ptr, vars->Vuserpw, pwbuf, DEF_PWBUF)) {
log_ereport(
LOG_MISCONFIG,
"user %s does not exist!",
cfg->user.ptr);
free(vars->Vuserpw);
vars->Vuserpw = NULL;
} else {
changeuid = TRUE;
}
} else {
if(!util_getpwuid(ws_uid, vars->Vuserpw, pwbuf, DEF_PWBUF)) {
log_ereport(LOG_FAILURE, "webserver_init: cannot get passwd data");
free(vars->Vuserpw);
vars->Vuserpw = NULL;
}
}
if(!vars->Vuserpw) {
log_ereport(LOG_WARN, "globalvars->Vuserpw is null");
}
// change uid
if(changeuid && ws_uid == 0) {
// a webserver user is set and we are root
if(setgid(vars->Vuserpw->pw_gid) != 0) {
log_ereport(
LOG_FAILURE,
"setgid(%d) failed",
vars->Vuserpw->pw_gid);
} else {
// setgid was successful
// we need to call initgroups to have all group permissions
if(initgroups(vars->Vuserpw->pw_name, vars->Vuserpw->pw_gid)!=0) {
log_ereport(LOG_FAILURE, "initgroups failed");
}
}
// change the uid
if(setuid(vars->Vuserpw->pw_uid)) {
log_ereport(
LOG_FAILURE,
"setuid(%d) failed",
vars->Vuserpw->pw_uid);
}
} else if(vars->Vuserpw) {
log_ereport(
LOG_WARN,
"server must be started as root to change uid");
}
// create tmp dir and pid file
char *mkdir_cmd = NULL;
asprintf(&mkdir_cmd, "mkdir -p %s", cfg->tmp.ptr);
system(mkdir_cmd);
free(mkdir_cmd);
char *pid_file_path = NULL;
asprintf(&pid_file_path, "%s/pid", cfg->tmp.ptr);
FILE *pidfile = fopen(pid_file_path, "w"); // TODO: check error
pid_t pid = getpid();
fprintf(pidfile, "%d", pid);
fclose(pidfile);
free(pid_file_path);
// create unix domain socket for server control
sstr_t tmp_priv = ucx_sprintf("%s/private", cfg->tmp.ptr);
// TODO: remove existing private dir
if(mkdir(tmp_priv.ptr, S_IRWXU)) {
if(errno == EEXIST) {
if(chmod(tmp_priv.ptr, S_IRWXU)) {
log_ereport(
LOG_CATASTROPHE,
"cannot change permissions of tmp dir %s:",
tmp_priv.ptr,
strerror(errno));
return 0;
}
} else {
log_ereport(
LOG_CATASTROPHE,
"cannot create tmp dir %s:",
tmp_priv.ptr,
strerror(errno));
return -1;
}
}
// create srvctrl unix domain socket
// this socket is used for stop, reconfigure and other operations
if(srvctrl_init(cfg)) {
return -1;
}
//endpwent(); // TODO: close or not?
//free(pwbuf); // TODO: ?
return 0;
}
int webserver_run() {
log_ereport(LOG_VERBOSE, "webserver_run");
// start all http listener
if(start_all_listener() != 0) {
fprintf(stderr, "Error: Cannot start http listener\n");
}
log_ereport(LOG_INFORM, "webserver started");
return 0;
}
void webserver_shutdown() {
log_ereport(LOG_INFORM, "webserver shutdown");
srvctrl_shutdown();
// execute restart callbacks
RestartCallback *re = atrestart;
while(re) {
re->func(re->data);
re = re->next;
}
}
int webserver_reconfig() {
if(cfgmgr_load_config(NULL) != 0) {
return -1;
}
// start newly created listeners
start_all_listener();
return 0;
}
void webserver_atrestart(void (*fn)(void *), void *data) {
RestartCallback *cb = malloc(sizeof(RestartCallback));
cb->func = fn;
cb->data = data;
cb->next = NULL;
if(atrestart) {
RestartCallback *elm = atrestart;
while(elm) {
if(!elm->next) {
elm->next = cb;
break;
}
elm = elm->next;
}
} else {
atrestart = cb;
}
}
int nsapi_runtime_version() {
return 303;
}
int ws_init_ssl() {
// TODO: handle errors
SSL_load_error_strings();
SSL_library_init();
OpenSSL_add_all_algorithms();
return 0;
}