* be an absolute path; will be fed to execvp.
*
* -g<ident>
- * Use <ident> rather than hex(sha256(<script>))
+ * Use <ident> rather than hex(sha256(<interp>\0<script>\0))
* as the basename of the leafname of the fcgi rendezvous
* socket. If <ident> contains only hex digit characters it
* ought to be no more than 32 characters. <ident> should
* cgi-fcgi-interp automatically expires old sockets, including
* ones where the named script is out of date.
*/
-
/*
* Uses one of two directories
* /var/run/user/<UID>/cgi-fcgi-interp/
* s<ident>
* l<ident> used to lock around garbage collection
*
- * If -M<ident> is not specified then an initial substricg of the
- * lowercase hex of the sha256 of the <script> (ie, our argv[1]) is
+ * If -M<ident> is not specified then an initial substring of the
+ * lowercase hex of the sha256 of <interp>\0<script>\0 is
* used. The substring is chosen so that the whole path is 10 bytes
* shorter than sizeof(sun_path). But always at least 33 characters.
*
* - stat the socket and check its timestamp
* if it is too old, unlink it
* - dup stderr, mark no cloexec
- * - run cgi-fcgi -connect SOCKET \
- * cgi-fcgi-interp \
- * --stage2 <was-stderr> <socket> \
- -c<check-interval> \
- * \
- * <interp> <script>
+ * - set CHIARKUTILS_CGIFCGIINTERP_STAGE2=<stderr-copy-fd>
+ * - run cgi-fcgi -connect SOCKET <script>
*
- * --stage2 does this:
+ * When CHIARKUTILS_CGIFCGIINTERP_STAGE2 is set, --stage2 does this:
* - dup2 <was-stderr> to fd 2
* - open /dev/null and expect fd 1 (and if not, close it)
* - become a new process group
#include <fcntl.h>
#include <pwd.h>
#include <err.h>
+#include <time.h>
+#include <signal.h>
+#include <sys/wait.h>
#include <nettle/sha.h>
#define diee common_diee
#define MINHEXHASH 33
+#define STAGE2_VAR "CHIARKUTILS_CGIFCGIINTERP_STAGE2"
static const char *interp, *ident;
-static int numservers=4, debugmode, stage2;
+static int numservers=4, debugmode;
static int check_interval=300;
+static struct sha256_ctx identsc;
+
+const char *stage2;
+
void diee(const char *m) {
err(127, "error: %s failed", m);
}
*ci->iassignto = v;
}
+static void ident_addstring(const struct cmdinfo *ci, const char *string) {
+ /* ci may be 0 and is provided so this can be .call */
+ sha256_update(&identsc,strlen(string)+1,string);
+}
+
#define MAX_OPTS 5
static const struct cmdinfo cmdinfos[]= {
{ 0, 'M', 1, .call=of_iassign, .iassignto= &numservers },
{ 0, 'D', 0, .iassignto= &debugmode, .arg= 1 },
{ 0, 'c', 1, .call=of_iassign, .iassignto= &check_interval },
- { "--stage2",0, 0, .iassignto= &stage2, .arg= 1 },
{ 0 }
};
static uid_t us;
static const char *run_base, *script, *socket_path;
+static const char *run_base_mkdir_p;
static int stderr_copy;
static bool find_run_base_var_run(void) {
if (sizeof(ut.nodename) > 32)
ut.nodename[32] = 0;
- try = m_asprintf("%s/%s/%s", pw->pw_dir, ".cgi-fcgi-interp", ut.nodename);
+ run_base_mkdir_p = m_asprintf("%s/%s", pw->pw_dir, ".cgi-fcgi-interp");
+ try = m_asprintf("%/%s", run_base_mkdir_p, ut.nodename);
run_base = try;
return 1;
}
int identlen = maxidentlen > 64 ? 64 : maxidentlen;
char *hexident = xmalloc(identlen + 2);
- struct sha256_ctx sc;
unsigned char bbuf[32];
int i;
- sha256_init(&sc);
- sha256_update(&sc,strlen(interp)+1,interp);
- sha256_update(&sc,strlen(script)+1,script);
- sha256_digest(&sc,sizeof(bbuf),bbuf);
+ ident_addstring(0,interp);
+ ident_addstring(0,script);
+ sha256_digest(&identsc,sizeof(bbuf),bbuf);
for (i=0; i<identlen; i += 2)
sprintf(hexident+i, "%02x", bbuf[i/2]);
run_base, ident, maxidentlen);
r = mkdir(run_base, 0700);
+ if (r && errno==ENOENT && run_base_mkdir_p) {
+ r = mkdir(run_base_mkdir_p, 0700);
+ if (r) err(127,"mkdir %s (since %s was ENOENT)",run_base_mkdir_p,run_base);
+ r = mkdir(run_base, 0700);
+ }
if (r) {
if (!(errno == EEXIST))
err(127,"mkdir %s",run_base);
}
- socket_path = m_asprintf("%s/g%s",run_base,ident);
+ socket_path = m_asprintf("%s/s%s",run_base,ident);
}
/*
-static bool stab_isnewer(const struct stat *a, const struct stat *b) {
#ifdef st_mtime
+
+static bool stab_isnewer(const struct stat *a, const struct stat *b) {
+ if (debugmode)
+ fprintf(stderr,"stab_isnewer mtim %lu.%06lu %lu.06%lu\n",
+ (unsigned long)a->st_mtim.tv_sec,
+ (unsigned long)a->st_mtim.tv_nsec,
+ (unsigned long)b->st_mtim.tv_sec,
+ (unsigned long)b->st_mtim.tv_nsec);
return timespeccmp(&a->st_mtim, &b->st_mtim, >);
-#else
+}
+
+static void stab_mtimenow(struct stat *out) {
+ int r = clock_gettime(CLOCK_REALTIME, &out->st_mtim);
+ if (r) err(127,"(stage2) clock_gettime");
+ if (debugmode)
+ fprintf(stderr,"stab_mtimenow mtim %lu.%06lu\n",
+ (unsigned long)out->st_mtim.tv_sec,
+ (unsigned long)out->st_mtim.tv_nsec);
+}
+
+#else /* !defined(st_mtime) */
+
+static bool stab_isnewer(const struct stat *a, const struct stat *b) {
+ if (debugmode)
+ fprintf(stderr,"stab_isnewer mtime %lu %lu\n",
+ (unsigned long)a->st_mtime,
+ (unsigned long)b->st_mtime);
return a->st_mtime > &b->st_mtime;
-#endif
}
+static void stab_mtimenow(struct stat *out) {
+ out->st_mtime = time(NULL);
+ if (baseline_time.st_mtime == (time_t)-1) err(127,"(stage2) time()");
+ if (debugmode)
+ fprintf(stderr,"stab_mtimenow mtime %lu\n",
+ (unsigned long)out->st_mtime);
+}
+
+#endif /* !defined(st_mtime) */
+
static bool check_garbage_vs(const struct stat *started) {
struct stat script_stab;
- struct stat sock_stab;
int r;
r = lstat(script, &script_stab);
if (r) err(127,"lstat script (%s)",script);
- if (stab_isnewer(&script_stab, &sock_stab))
+ if (stab_isnewer(&script_stab, started))
return 1;
if (S_ISLNK(script_stab.st_mode)) {
r = stat(script, &script_stab);
if (r) err(127,"stat script (%s0",script);
- if (stab_isnewer(&script_stab, &sock_stab))
+ if (stab_isnewer(&script_stab, started))
return 1;
}
if (stderr_copy < 0) err(127,"dup stderr (for copy for stage2)");
}
+static void prep_stage2(void) {
+ int r;
+
+ const char *stage2_val = m_asprintf("%d", stderr_copy);
+ r = setenv(STAGE2_VAR, stage2_val, 1);
+ if (r) err(127,"set %s (to announce to stage2)", STAGE2_VAR);
+}
+
static void shbang_opts(const char *const **argv_io,
const struct cmdinfo *cmdinfos) {
myopt(argv_io, cmdinfos);
static void setup_handlers(void);
static void spawn_script(void);
static void queue_alarm(void);
+static void await_something(void);
int main(int argc, const char *const *argv) {
- const char *smashedopt, *us;
+ const char *smashedopt;
int r;
- us = argv[0];
-
- if (argc>=4 && !strcmp(argv[1],"--stage2")) {
- ++argv;
- stage2 = 1;
+ stage2 = getenv(STAGE2_VAR);
+ if (stage2) {
+ int stderrfd = atoi(stage2);
+ assert(stderrfd>2);
- int stderrfd = atoi(*++argv);
r = dup2(stderrfd, 2);
assert(r==2);
if (r<0) err(127,"open /dev/null as stdout");
if (r>=3) close(r);
else if (r!=1) errx(127,"open /dev/null for stdout gave bad fd %d",r);
-
- socket_path = *++argv;
}
+ sha256_init(&identsc);
+
if (argc>=2 &&
(smashedopt = argv[1]) &&
smashedopt[0]=='-' &&
tidy_garbage();
make_stderr_copy();
+ prep_stage2();
execlp("cgi-fcgi",
- "cgi-fcti", "-connect", socket_path,
- us, "--stage2",
- m_asprintf("-c%d", check_interval),
- m_asprintf("%d", stderr_copy), socket_path,
- interp, script,
+ "cgi-fcgi", "-connect", socket_path,
+ script,
+ m_asprintf("%d", numservers),
(char*)0);
err(127,"exec cgi-fcgi");
* and the main program has signals blocked except in sigsuspend, so
* we don't need to worry about async-signal-safety, or errno. */
-static struct stab baseline_time;
+static struct stat baseline_time;
static pid_t script_child, stage2_pgrp;
static bool out_of_date;
static void record_baseline_time(void) {
-#ifdef st_mtime
- int r = clock_gettime(CLOCK_REALTIME, &baselime_time.st_mtim);
- if (r) err(127,"(stage2) clock_gettime");
-#else
- baseline_time.st_mtime = time(NULL);
- if (baseline_time.st_mtime == (time_t)-1) err(127,"(stage2) time()");
-#endif
+ stab_mtimenow(&baseline_time);
}
static void become_pgrp(void) {
queue_alarm();
}
+static void child_handler(int dummy) {
+ for (;;) {
+ int status;
+ pid_t got = waitpid(-1, &status, WNOHANG);
+ if (got == (pid_t)-1) err(127,"(stage2) waitpid");
+ if (got != script_child) {
+ warn("(stage2) waitpid got status %d for unknown child [%lu]",
+ status, (unsigned long)got);
+ continue;
+ }
+ if (WIFEXITED(status)) {
+ int v = WEXITSTATUS(status);
+ if (v) warn("program failed with error exit status %d", v);
+ exit(status);
+ } else if (WIFSIGNALED(status)) {
+ int s = WTERMSIG(status);
+ err(status & 0xff, "program died due to fatal signal %s%s",
+ strsignal(s), WCOREDUMP(status) ? " (core dumped" : "");
+ } else {
+ err(127, "program failed with crazy wait status %#x", status);
+ }
+ }
+ exit(127);
+}
+
static void setup_handlers(void) {
struct sigaction sa;
int r;
static void queue_alarm(void) {
alarm(check_interval);
}
+
+static void await_something(void) {
+ int r;
+ sigset_t mask;
+ sigemptyset(&mask);
+
+ for (;;) {
+ r = sigsuspend(&mask);
+ assert(r==-1);
+ if (errno != EINTR) err(127,"(stage2) sigsuspend");
+ }
+}