passenger 2.1.2 → 2.1.3

data/ext/apache2/Utils.h

@@ -219,58 +219,114 @@ string canonicalizePath(const string &path);
 string escapeForXml(const string &input);
 
 /**
- * Return the path name for the directory in which temporary files are
- * to be stored.
+ * Given a username that's supposed to be the "lowest user" in the user switching mechanism,
+ * checks whether this username exists. If so, this users's UID and GID will be stored into
+ * the arguments of the same names. If not, <em>uid</em> and <em>gid</em> will be set to
+ * the UID and GID of the "nobody" user. If that user doesn't exist either, then <em>uid</em>
+ * and <em>gid</em> will be set to -1.
+ */
+void determineLowestUserAndGroup(const string &user, uid_t &uid, gid_t &gid);
+
+/**
+ * Return the path name for the directory in which the system stores general
+ * temporary files. This is usually "/tmp", but might be something else depending
+ * on some environment variables.
  *
  * @ensure result != NULL
  * @ingroup Support
  */
-const char *getTempDir();
+const char *getSystemTempDir();
 
 /**
  * Return the path name for the directory in which Phusion Passenger-specific
  * temporary files are to be stored. This directory is unique for this instance
  * of the web server in which Phusion Passenger is running.
  *
- * The result will be cached into the PHUSION_PASSENGER_TMP environment variable,
- * which will be used for future calls to this function. To bypass this cache,
+ * If the environment variable PASSENGER_INSTANCE_TEMP_DIR is set, then that value
+ * will be returned. If this environment variable is not set, then it will be set
+ * with the return value.
+ *
+ * To bypass the usage of the PASSENGER_INSTANCE_TEMP_DIR environment variable,
  * set 'bypassCache' to true.
  *
+ * @param bypassCache Whether PASSENGER_INSTANCE_TEMP_DIR should be bypassed.
+ * @param systemTempDir The directory under which the Phusion Passenger-specific
+ *                      temp directory should be located. If set to the empty string,
+ *                      then the return value of getSystemTempDir() will be used.
  * @ensure !result.empty()
  * @ingroup Support
  */
-string getPassengerTempDir(bool bypassCache = false);
+string getPassengerTempDir(bool bypassCache = false, const string &systemTempDir = "");
 
-/* Create a temp folder for storing Phusion Passenger-specific temp files,
- * such as temporarily buffered uploads, sockets for backend processes, etc.
- * This call also sets the PHUSION_PASSENGER_TMP environment variable, which
- * allows backend processes to find this temp folder.
+/* Create a temp directory under <em>systemTempDir</em>, for storing Phusion
+ * Passenger-specific temp files, such as temporarily buffered uploads,
+ * sockets for backend processes, etc. This call also sets the
+ * PASSENGER_INSTANCE_TEMP_DIR environment variable, which allows subprocesses
+ * to find this temp directory.
+ *
+ * The created temp directory will have several subdirectories:
+ * - webserver_private - for storing the web server's buffered uploads.
+ * - info - for storing files that allow external tools to query information
+ *          about a running Phusion Passenger instance.
+ * - backends - for storing Unix sockets created by backend processes.
+ * - var - for storing all other kinds of temp files that the backend processes
+ *         create.
  *
- * Does nothing if this folder already exists.
+ * If a (sub)directory already exists, then it will not result in an error.
  *
+ * The <em>userSwitching</em> and <em>lowestUser</em> arguments passed to
+ * this method are used for determining the optimal permissions for the
+ * (sub)directories. The permissions will be set as tightly as possible based
+ * on the values. The <em>workerUid</em> and <em>workerGid</em> arguments
+ * will be used for determining the owner of certain subdirectories.
+ *
+ * @note You should only call this method inside the web server's master
+ *       process. In case of Apache, this is the Apache control process,
+ *       the one that tends to run as root. This is because this function
+ *       will set directory permissions and owners/groups, which may require
+ *       root privileges.
+ *
+ * @param systemTempDir The directory under which the Phusion Passenger-specific
+ *                      temp directory should be created. You should normally
+ *                      specify the return value of getSystemTempDir().
+ * @param userSwitching Whether user switching is turned on.
+ * @param lowestUser The user that the spawn manager and the pool server will
+ *                   run as, if user switching is turned off.
+ * @param workerUid The UID that the web server's worker processes are running
+ *                  as. On Apache, this is the UID that's associated with the
+ *                  'User' directive.
+ * @param workerGid The GID that the web server's worker processes are running
+ *                  as. On Apache, this is the GID that's associated with the
+ *                  'Group' directive.
  * @throws IOException Something went wrong.
  * @throws SystemException Something went wrong.
+ * @throws FileSystemException Something went wrong.
  */
-void createPassengerTempDir();
+void createPassengerTempDir(const string &systemTempDir, bool userSwitching,
+                            const string &lowestUser,
+                            uid_t workerUid, gid_t workerGid);
 
 /**
  * Create the directory at the given path, creating intermediate directories
  * if necessary. The created directories' permissions are as specified by the
- * 'mode' parameter.
+ * 'mode' parameter. You can specify this directory's owner and group through
+ * the 'owner' and 'group' parameters. A value of -1 for 'owner' or 'group'
+ * means that the owner/group should not be changed.
  *
  * If 'path' already exists, then nothing will happen.
  *
  * @throws IOException Something went wrong.
  * @throws SystemException Something went wrong.
+ * @throws FileSystemException Something went wrong.
  */
-void makeDirTree(const char *path, const char *mode = "u=rwx,g=,o=");
+void makeDirTree(const string &path, const char *mode = "u=rwx,g=,o=", uid_t owner = -1, gid_t group = -1);
 
 /**
  * Remove an entire directory tree recursively.
  *
- * @throws SystemException Something went wrong.
+ * @throws FileSystemException Something went wrong.
  */
-void removeDirTree(const char *path);
+void removeDirTree(const string &path);
 
 /**
  * Check whether the specified directory is a valid Ruby on Rails
@@ -309,53 +365,58 @@ bool verifyWSGIDir(const string &dir, CachedMultiFileStat *mstat = 0,
                    unsigned int throttleRate = 0);
 
 /**
- * Represents a temporary file. The associated file is automatically
- * deleted upon object destruction.
+ * Represents a buffered upload file.
  *
  * @ingroup Support
  */
-class TempFile {
+class BufferedUpload {
 public:
-	/** The filename. If this temp file is anonymous, then the filename is an empty string. */
-	string filename;
 	/** The file handle. */
 	FILE *handle;
 	
 	/**
-	 * Create an empty, temporary file, and open it for reading and writing.
+	 * Create an empty upload bufer file, and open it for reading and writing.
 	 *
-	 * @param anonymous Set to true if this temp file should be unlinked
-	 *        immediately. Anonymous temp files are useful if one just wants
-	 *        a big not-in-memory buffer to work with.
 	 * @throws SystemException Something went wrong.
 	 */
-	TempFile(const char *identifier = "temp", bool anonymous = true) {
+	BufferedUpload(const char *identifier = "temp") {
 		char templ[PATH_MAX];
 		int fd;
 		
-		snprintf(templ, sizeof(templ), "%s/%s.XXXXXX", getPassengerTempDir().c_str(), identifier);
+		snprintf(templ, sizeof(templ), "%s/%s.XXXXXX", getDir().c_str(), identifier);
 		templ[sizeof(templ) - 1] = '\0';
 		fd = mkstemp(templ);
 		if (fd == -1) {
 			char message[1024];
+			int e = errno;
+			
 			snprintf(message, sizeof(message), "Cannot create a temporary file '%s'", templ);
 			message[sizeof(message) - 1] = '\0';
-			throw SystemException(message, errno);
-		}
-		if (anonymous) {
-			fchmod(fd, 0000);
-			unlink(templ);
-		} else {
-			filename.assign(templ);
+			throw SystemException(message, e);
 		}
+		
+		/* We use a POSIX trick here: the file's permissions are set to "u=,g=,o="
+		 * and the file is deleted immediately from the filesystem, while we
+		 * keep its file handle open. The result is that no other processes
+		 * will be able to access this file's contents anymore, except us.
+		 * We now have an anonymous disk-backed buffer.
+		 */
+		fchmod(fd, 0000);
+		unlink(templ);
+		
 		handle = fdopen(fd, "w+");
 	}
 	
-	~TempFile() {
+	~BufferedUpload() {
 		fclose(handle);
-		if (!filename.empty()) {
-			unlink(filename.c_str());
-		}
+	}
+	
+	/**
+	 * Returns the directory in which upload buffer files are stored.
+	 * This is a subdirectory of the directory returned by getPassengerTempDir(). 
+	 */
+	static string getDir() {
+		return getPassengerTempDir() + "/webserver_private";
 	}
 };
 

data/ext/boost/cstdint.hpp

@@ -123,7 +123,7 @@ namespace boost
 } // namespace boost
 
 #elif defined(__FreeBSD__) && (__FreeBSD__ <= 4) || defined(__osf__) || \
-      defined(__SOLARIS9__)
+      defined(__SOLARIS9__) || defined(__NetBSD__)
 // FreeBSD, Tru64 and Solaris 9 have an <inttypes.h> that contains much of 
 // what we need.
 # include <inttypes.h>
@@ -362,6 +362,7 @@ BOOST_HAS_STDINT_H is defined (John Maddock).
 #  define INTMAX_C(value)   value##i64
 #  define UINTMAX_C(value)  value##ui64
 
+# elif defined(__NetBSD__)
 # else
 //  do it the old fashioned way:
 

data/ext/oxt/system_calls.cpp

@@ -139,7 +139,11 @@ syscalls::recvmsg(int s, struct msghdr *msg, int flags) {
 	ssize_t ret;
 	CHECK_INTERRUPTION(
 		ret == -1,
-		ret = ::recvmsg(s, msg, flags)
+		#ifdef _AIX53
+			ret = ::nrecvmsg(s, msg, flags)
+		#else
+			ret = ::recvmsg(s, msg, flags)
+		#endif
 	);
 	return ret;
 }
@@ -149,7 +153,11 @@ syscalls::sendmsg(int s, const struct msghdr *msg, int flags) {
 	ssize_t ret;
 	CHECK_INTERRUPTION(
 		ret == -1,
-		ret = ::sendmsg(s, msg, flags)
+		#ifdef _AIX53
+			ret = ::nsendmsg(s, msg, flags)
+		#else
+			ret = ::sendmsg(s, msg, flags)
+		#endif
 	);
 	return ret;
 }
@@ -194,6 +202,16 @@ syscalls::fclose(FILE *fp) {
 	return ret;
 }
 
+int
+syscalls::stat(const char *path, struct stat *buf) {
+	int ret;
+	CHECK_INTERRUPTION(
+		ret == -1,
+		ret = ::stat(path, buf)
+	);
+	return ret;
+}
+
 time_t
 syscalls::time(time_t *t) {
 	time_t ret;

data/ext/oxt/system_calls.hpp

@@ -27,6 +27,7 @@
 
 #include <boost/thread/tss.hpp>
 #include <sys/types.h>
+#include <sys/stat.h>
 #include <sys/wait.h>
 #include <sys/socket.h>
 #include <pthread.h>
@@ -131,6 +132,7 @@ namespace oxt {
 		
 		FILE *fopen(const char *path, const char *mode);
 		int fclose(FILE *fp);
+		int stat(const char *path, struct stat *buf);
 		
 		time_t time(time_t *t);
 		int usleep(useconds_t usec);

data/lib/phusion_passenger/abstract_request_handler.rb

@@ -259,12 +259,16 @@ private
 				else
 					unix_path_max = 100
 				end
-				@socket_name = "#{passenger_tmpdir}/passenger_backend.#{generate_random_id(:base64)}"
+				@socket_name = "#{passenger_tmpdir}/backends/backend.#{generate_random_id(:base64)}"
 				@socket_name = @socket_name.slice(0, unix_path_max - 1)
 				@socket = UNIXServer.new(@socket_name)
 				@socket.listen(BACKLOG_SIZE)
 				@socket_type = "unix"
 				File.chmod(0600, @socket_name)
+				
+				# The SpawnManager class will set tighter permissions on the
+				# socket later on. See sendSpawnCommand in SpawnManager.h.
+				
 				done = true
 			rescue Errno::EADDRINUSE
 				# Do nothing, try again with another name.

data/lib/phusion_passenger/admin_tools.rb

@@ -2,7 +2,7 @@ module PhusionPassenger
 
 module AdminTools
 	def self.tmpdir
-		["PASSENGER_TMPDIR", "TMPDIR"].each do |name|
+		["PASSENGER_TEMP_DIR", "PASSENGER_TMPDIR"].each do |name|
 			if ENV.has_key?(name) && !ENV[name].empty?
 				return ENV[name]
 			end

data/lib/phusion_passenger/admin_tools/control_process.rb

@@ -27,6 +27,7 @@ class ControlProcess
 				# Stale Passenger temp folder. Clean it up if instructed.
 				if clean_stale
 					puts "*** Cleaning stale folder #{dir}"
+					FileUtils.chmod_R(0700, dir) if File.exist?(dir)
 					FileUtils.rm_rf(dir)
 				end
 			end
@@ -70,7 +71,7 @@ class ControlProcess
 private
 	def reload
 		return if @status
-		File.open("#{path}/status.fifo", 'r') do |f|
+		File.open("#{path}/info/status.fifo", 'r') do |f|
 			channel = MessageChannel.new(f)
 			@status = channel.read_scalar
 			@xml = channel.read_scalar

data/lib/phusion_passenger/dependencies.rb

@@ -129,7 +129,10 @@ module Dependencies # :nodoc: all
 				require 'mkmf'
 				header_dir = Config::CONFIG['rubyhdrdir'] || Config::CONFIG['archdir']
 				result.found(File.exist?("#{header_dir}/ruby.h"))
-			rescue LoadError
+			rescue LoadError, SystemExit
+				# On RedHat/Fedora/CentOS, if ruby-devel is not installed then
+				# mkmf.rb will print an error and call 'exit'. So here we
+				# catch SystemExit.
 				result.not_found
 			end
 		end
@@ -197,7 +200,7 @@ module Dependencies # :nodoc: all
 			end
 		end
 		dep.website = "http://rake.rubyforge.org/"
-		dep.install_instructions = "Please install RubyGems first, then run <b>#{PlatformInfo::GEM} install rake</b>"
+		dep.install_instructions = "Please install RubyGems first, then run <b>#{PlatformInfo::GEM || "gem"} install rake</b>"
 	end
 	
 	Apache2 = Dependency.new do |dep|
@@ -306,7 +309,7 @@ module Dependencies # :nodoc: all
 				result.not_found
 			end
 		end
-		dep.install_instructions = "Please install RubyGems first, then run <b>#{PlatformInfo::GEM} install fastthread</b>"
+		dep.install_instructions = "Please install RubyGems first, then run <b>#{PlatformInfo::GEM || "gem"} install fastthread</b>"
 	end
 
 	Rack = Dependency.new do |dep|
@@ -323,7 +326,7 @@ module Dependencies # :nodoc: all
 				result.not_found
 			end
 		end
-		dep.install_instructions = "Please install RubyGems first, then run <b>#{PlatformInfo::GEM} install rack</b>"
+		dep.install_instructions = "Please install RubyGems first, then run <b>#{PlatformInfo::GEM || "gem"} install rack</b>"
 	end
 end
 

data/lib/phusion_passenger/platform_info.rb

@@ -143,6 +143,8 @@ private
 			if RUBY_PLATFORM =~ /solaris/
 				# Remove flags not supported by GCC
 				flags = flags.split(/ +/).reject{ |f| f =~ /^\-mt/ }.join(' ')
+			elsif RUBY_PLATFORM =~ /aix/
+				libs << " -Wl,-G -Wl,-brtl"
 			end
 			return [flags, libs]
 		end
@@ -330,14 +332,18 @@ public
 	# when invoking the compiler.
 	def self.portability_cflags
 		# _GLIBCPP__PTHREADS is for fixing Boost compilation on OpenBSD.
-		flags = ["-D_REENTRANT -D_GLIBCPP__PTHREADS -I/usr/local/include"]
+		flags = ["-D_REENTRANT -I/usr/local/include"]
 		if RUBY_PLATFORM =~ /solaris/
 			flags << '-D_XOPEN_SOURCE=500 -D_XPG4_2 -D__EXTENSIONS__ -D__SOLARIS__'
 			flags << '-DBOOST_HAS_STDINT_H' unless RUBY_PLATFORM =~ /solaris2.9/
 			flags << '-D__SOLARIS9__ -DBOOST__STDC_CONSTANT_MACROS_DEFINED' if RUBY_PLATFORM =~ /solaris2.9/
 			flags << '-mcpu=ultrasparc' if RUBY_PLATFORM =~ /sparc/
 		elsif RUBY_PLATFORM =~ /openbsd/
-			flags << '-DBOOST_HAS_STDINT_H'
+			flags << '-DBOOST_HAS_STDINT_H -D_GLIBCPP__PTHREADS'
+		elsif RUBY_PLATFORM =~ /aix/
+			flags << '-DOXT_DISABLE_BACKTRACES'
+		elsif RUBY_PLATFORM =~ /sparc-linux/
+			flags << '-DBOOST_SP_USE_PTHREADS'
 		end
 		return flags.compact.join(" ").strip
 	end

data/lib/phusion_passenger/rack/application_spawner.rb

@@ -106,7 +106,7 @@ private
 	end
 
 	def load_rack_app
-		rackup_code = File.read("config.ru")
+		rackup_code = ::File.read("config.ru")
 		eval("Rack::Builder.new {( #{rackup_code}\n )}.to_app", TOPLEVEL_BINDING, "config.ru")
 	end
 end

data/lib/phusion_passenger/templates/version_not_found.html.erb

@@ -20,6 +20,15 @@
 		</div>
 		
 	<% end %>
+	
+	<p>
+	If you are unable to install Ruby on Rails (e.g. because you do not have
+	control over this server) then you could also <em>vendor</em> (bundle)
+	your Rails version into your application by running <pre>rake vendor:rails</pre>
+	in your application's source directory, and redeploying your application.
+	Please search the Internet for "vendor rails" if you're not familiar with
+	this technique.
+	</p>
 
 </div>
 <% end %>

data/lib/phusion_passenger/utils.rb

@@ -336,12 +336,19 @@ protected
 	# temporary files. If +create+ is true, then this method creates the
 	# directory if it doesn't exist.
 	def passenger_tmpdir(create = true)
-		dir = ENV['PHUSION_PASSENGER_TMP']
+		dir = ENV['PASSENGER_INSTANCE_TEMP_DIR']
 		if dir.nil? || dir.empty?
-			dir = Dir.tmpdir
+			dir = "#{Dir.tmpdir}/passenger.#{Process.pid}"
+			ENV['PASSENGER_INSTANCE_TEMP_DIR'] = dir
 		end
 		if create && !File.exist?(dir)
-			system("mkdir", "-p", "-m", "u=rwxs,g=wx,o=wx", dir)
+			# This is a very minimal implementation of the function
+			# passengerCreateTempDir() in Utils.cpp. This implementation
+			# is only meant to make the unit tests pass. For production
+			# systems one should pre-create the temp directory with
+			# passengerCreateTempDir().
+			system("mkdir", "-p", "-m", "u=wxs,g=wx,o=wx", dir)
+			system("mkdir", "-p", "-m", "u=wxs,g=wx,o=wx", "#{dir}/backends")
 		end
 		return dir
 	end
@@ -484,9 +491,9 @@ module Signal
 end
 
 # Ruby's implementation of UNIXSocket#recv_io and UNIXSocket#send_io
-# are broken on 64-bit FreeBSD 7. So we override them with our own
-# implementation.
-if RUBY_PLATFORM =~ /freebsd/
+# are broken on 64-bit FreeBSD 7 and x86_64/ppc64 OS X. So we override them
+# with our own implementation.
+if RUBY_PLATFORM =~ /freebsd/ || (RUBY_PLATFORM =~ /darwin/ && RUBY_PLATFORM !~ /universal/)
 	require 'socket'
 	UNIXSocket.class_eval do
 		def recv_io