passenger 3.9.2.beta → 4.0.0.rc4

data/ext/common/agents/HelperAgent/Main.cpp

@@ -1,6 +1,6 @@
 /*
  *  Phusion Passenger - https://www.phusionpassenger.com/
- *  Copyright (c) 2010, 2011, 2012 Phusion
+ *  Copyright (c) 2010-2013 Phusion
  *
  *  "Phusion Passenger" is a trademark of Hongli Lai & Ninh Bui.
  *
@@ -235,7 +235,7 @@ private:
 		this_thread::disable_syscall_interruption dsi;
 		requestSocket = createUnixServer(getRequestSocketFilename().c_str());
 		
-		int ret;
+		int ret, e;
 		do {
 			ret = chmod(getRequestSocketFilename().c_str(), S_ISVTX |
 				S_IRUSR | S_IWUSR | S_IXUSR |
@@ -244,6 +244,44 @@ private:
 		} while (ret == -1 && errno == EINTR);
 
 		setNonBlocking(requestSocket);
+
+		if (!options.requestSocketLink.empty()) {
+			struct stat buf;
+
+			// If this is a symlink then we'll want to check the file the symlink
+			// points to, so we use stat() instead of lstat().
+			ret = syscalls::stat(options.requestSocketLink.c_str(), &buf);
+			if (ret == 0 || (ret == -1 && errno == ENOENT)) {
+				if (ret == -1 || buf.st_mode & S_IFSOCK) {
+					if (syscalls::unlink(options.requestSocketLink.c_str()) == -1) {
+						e = errno;
+						throw FileSystemException("Cannot delete existing socket file '" +
+							options.requestSocketLink + "'", e, options.requestSocketLink);
+					}
+				} else {
+					throw RuntimeException("File '" + options.requestSocketLink +
+						"' already exists and is not a Unix domain socket");
+				}
+			} else if (ret == -1 && errno != ENOENT) {
+				e = errno;
+				throw FileSystemException("Cannot stat() file '" + options.requestSocketLink + "'",
+					e,
+					options.requestSocketLink);
+			}
+
+			do {
+				ret = symlink(getRequestSocketFilename().c_str(),
+					options.requestSocketLink.c_str());
+			} while (ret == -1 && errno == EINTR);
+			if (ret == -1) {
+				e = errno;
+				throw FileSystemException("Cannot create a symlink '" +
+					options.requestSocketLink +
+					"' to '" + getRequestSocketFilename() + "'",
+					e,
+					options.requestSocketLink);
+			}
+		}
 	}
 	
 	/**
@@ -287,14 +325,6 @@ private:
 		}
 	}
 	
-	void resetWorkerThreadInactivityTimers() {
-		requestHandler->resetInactivityTimer();
-	}
-	
-	unsigned long long minWorkerThreadInactivityTime() const {
-		return requestHandler->inactivityTime();
-	}
-
 	void onSigquit(ev::sig &signal, int revents) {
 		requestHandler->inspect(cerr);
 		cerr.flush();
@@ -314,14 +344,27 @@ private:
 
 	static void dumpDiagnosticsOnCrash(void *userData) {
 		Server *self = (Server *) userData;
+
+		cerr << "### Request handler state\n";
 		self->requestHandler->inspect(cerr);
+		cerr << "\n";
 		cerr.flush();
+		
+		cerr << "### Pool state (simple)\n";
 		// Do not lock, the crash may occur within the pool.
 		Pool::InspectOptions options;
 		options.verbose = true;
-		cerr << "\n" << self->pool->inspect(options, false);
+		cerr << self->pool->inspect(options, false);
+		cerr << "\n";
 		cerr.flush();
-		cerr << "\n" << oxt::thread::all_backtraces();
+
+		cerr << "### Pool state (XML)\n";
+		cerr << self->pool->toXml(true, false);
+		cerr << "\n\n";
+		cerr.flush();
+
+		cerr << "### Backtraces\n";
+		cerr << oxt::thread::all_backtraces();
 		cerr.flush();
 	}
 	
@@ -349,15 +392,24 @@ public:
 		if (geteuid() == 0 && !options.userSwitching) {
 			lowerPrivilege(options.defaultUser, options.defaultGroup);
 		}
+
+		UPDATE_TRACE_POINT();
+		randomGenerator = make_shared<RandomGenerator>();
+		// Check whether /dev/urandom is actually random.
+		// https://code.google.com/p/phusion-passenger/issues/detail?id=516
+		if (randomGenerator->generateByteString(16) == randomGenerator->generateByteString(16)) {
+			throw RuntimeException("Your random number device, /dev/urandom, appears to be broken. "
+				"It doesn't seem to be returning random data. Please fix this.");
+		}
 		
 		UPDATE_TRACE_POINT();
 		loggerFactory = make_shared<UnionStation::LoggerFactory>(options.loggingAgentAddress,
 			"logging", options.loggingAgentPassword);
-		randomGenerator = make_shared<RandomGenerator>();
 		spawnerFactory = make_shared<SpawnerFactory>(poolLoop.safe,
-			resourceLocator, generation, randomGenerator);
+			resourceLocator, generation, make_shared<SpawnerConfig>(randomGenerator));
 		pool = make_shared<Pool>(poolLoop.safe.get(), spawnerFactory, loggerFactory,
 			randomGenerator);
+		pool->initialize();
 		pool->setMax(options.maxPoolSize);
 		//pool->setMaxPerApp(maxInstancesPerApp);
 		pool->setMaxIdleTime(options.poolIdleTime * 1000000);
@@ -402,11 +454,17 @@ public:
 		}
 		
 		messageServer.reset();
+		P_DEBUG("Destroying application pool...");
 		pool->destroy();
+		uninstallDiagnosticsDumper();
 		pool.reset();
-		requestHandler.reset();
 		poolLoop.stop();
 		requestLoop.stop();
+		requestHandler.reset();
+
+		if (!options.requestSocketLink.empty()) {
+			syscalls::unlink(options.requestSocketLink.c_str());
+		}
 		
 		P_TRACE(2, "All threads have been shut down.");
 	}
@@ -443,7 +501,6 @@ public:
 			uninstallDiagnosticsDumper();
 			throw SystemException("select() failed", e);
 		}
-		uninstallDiagnosticsDumper();
 		
 		if (FD_ISSET(feedbackFd, &fds)) {
 			/* If the watchdog has been killed then we'll kill all descendant
@@ -459,12 +516,15 @@ public:
 			_exit(2); // In case killpg() fails.
 		} else {
 			/* We received an exit command. We want to exit 5 seconds after
-			 * all worker threads have become inactive.
+			 * all clients have disconnected have become inactive.
 			 */
-			resetWorkerThreadInactivityTimers();
-			while (minWorkerThreadInactivityTime() < 5000) {
+			P_DEBUG("Received command to exit gracefully. "
+				"Waiting until 5 seconds after all clients have disconnected...");
+			while (requestHandler->inactivityTime() < 5000) {
 				syscalls::usleep(250000);
 			}
+			P_DEBUG("It's now 5 seconds after all clients have disconnected. "
+				"Proceeding with graceful exit.");
 		}
 	}
 

data/ext/common/agents/HelperAgent/RequestHandler.h

@@ -1,6 +1,6 @@
 /*
  *  Phusion Passenger - https://www.phusionpassenger.com/
- *  Copyright (c) 2011, 2012 Phusion
+ *  Copyright (c) 2011-2013 Phusion
  *
  *  "Phusion Passenger" is a trademark of Hongli Lai & Ninh Bui.
  *
@@ -98,12 +98,12 @@
 #include <EventedBufferedInput.h>
 #include <MessageReadersWriters.h>
 #include <Constants.h>
-#include <HttpConstants.h>
 #include <UnionStation.h>
 #include <ApplicationPool2/Pool.h>
 #include <Utils/StrIntUtils.h>
 #include <Utils/IOUtils.h>
 #include <Utils/HttpHeaderBufferer.h>
+#include <Utils/HttpConstants.h>
 #include <Utils/Template.h>
 #include <Utils/Timer.h>
 #include <Utils/Dechunker.h>
@@ -795,10 +795,15 @@ private:
 		string::size_type begin = headerData.find(' ');
 		string::size_type end = headerData.find("\r\n");
 		if (begin != string::npos && end != string::npos) {
-			StaticString status(headerData.data() + begin, end - begin);
-			headerData.append("Status: ");
-			headerData.append(status);
-			headerData.append("\r\n");
+			StaticString statusValue(headerData.data() + begin, end - begin);
+			char header[statusValue.size() + 20];
+			char *pos = header;
+			const char *end = header + statusValue.size() + 20;
+
+			pos = appendData(pos, end, "Status: ");
+			pos = appendData(pos, end, statusValue);
+			pos = appendData(pos, end, "\r\n");
+			headerData.append(header);
 			return true;
 		} else {
 			disconnectWithError(client, "application sent malformed response: the HTTP status line is invalid.");
@@ -925,6 +930,21 @@ private:
 			headerData.append("X-Powered-By: Phusion Passenger\r\n");
 		}
 
+		// Add Date header. https://code.google.com/p/phusion-passenger/issues/detail?id=485
+		if (lookupHeader(headerData, "Date", "date").empty()) {
+			char dateStr[60];
+			char *pos = dateStr;
+			const char *end = dateStr + sizeof(dateStr) - 1;
+			time_t the_time = time(NULL);
+			struct tm the_tm;
+
+			pos = appendData(pos, end, "Date: ");
+			localtime_r(&the_time, &the_tm);
+			pos += strftime(pos, end - pos, "%a, %d %b %G %H:%M:%S %Z", &the_tm);
+			pos = appendData(pos, end, "\r\n");
+			headerData.append(dateStr, pos - dateStr);
+		}
+
 		// Detect out of band work request
 		Header oobw = lookupHeader(headerData, "X-Passenger-Request-OOB-Work", "x-passenger-request-oob-work");
 		if (!oobw.empty()) {
@@ -1064,8 +1084,9 @@ private:
 				RH_TRACE(client, 3, "Waiting until the client socket is writable again.");
 				client->clientOutputWatcher.start();
 				consumed(0, true);
-			} else if (e == EPIPE) {
+			} else if (e == EPIPE || e == ECONNRESET) {
 				// If the client closed the connection then disconnect quietly.
+				RH_TRACE(client, 3, "Client stopped reading prematurely");
 				if (client->useUnionStation()) {
 					client->logMessage("Disconnecting: client stopped reading prematurely");
 				}
@@ -1384,7 +1405,7 @@ private:
 
 	void checkConnectPassword(const ClientPtr &client, const char *data, unsigned int len) {
 		RH_TRACE(client, 3, "Given connect password: \"" << cEscapeString(StaticString(data, len)) << "\"");
-		if (StaticString(data, len) == options.requestSocketPassword) {
+		if (constantTimeCompare(StaticString(data, len), options.requestSocketPassword)) {
 			RH_TRACE(client, 3, "Connect password is correct; reading header");
 			client->state = Client::READING_HEADER;
 			client->freeBufferedConnectPassword();
@@ -1527,6 +1548,7 @@ private:
 		fillPoolOption(client, options.appType, "PASSENGER_APP_TYPE");
 		fillPoolOption(client, options.environment, "PASSENGER_ENV");
 		fillPoolOption(client, options.ruby, "PASSENGER_RUBY");
+		fillPoolOption(client, options.python, "PASSENGER_PYTHON");
 		fillPoolOption(client, options.user, "PASSENGER_USER");
 		fillPoolOption(client, options.group, "PASSENGER_GROUP");
 		fillPoolOption(client, options.minProcesses, "PASSENGER_MIN_INSTANCES");
@@ -1745,7 +1767,7 @@ private:
 			client->endScopeLog(&client->scopeLogs.getFromPool, false);
 			shared_ptr<SpawnException> e2 = dynamic_pointer_cast<SpawnException>(e);
 			if (e2 != NULL) {
-				if (e2->getErrorPage().empty()) {
+				if (strip(e2->getErrorPage()).empty()) {
 					RH_WARN(client, "Cannot checkout session. " << e2->what());
 					writeErrorResponse(client, e2->what());
 				} else {
@@ -1938,6 +1960,7 @@ private:
 				1, client->appOutputBuffer);
 			if (ret == -1 && errno != EAGAIN) {
 				disconnectWithAppSocketWriteError(client, errno);
+				// TODO: what about other errors?
 			} else if (!client->appOutputBuffer.empty()) {
 				client->state = Client::SENDING_HEADER_TO_APP;
 				client->appOutputWatcher.start();
@@ -1952,9 +1975,10 @@ private:
 
 		ssize_t ret = gatheredWrite(client->session->fd(), NULL, 0, client->appOutputBuffer);
 		if (ret == -1) {
-			if (errno != EAGAIN && errno != EPIPE) {
+			if (errno != EAGAIN && errno != EPIPE && errno != ECONNRESET) {
 				disconnectWithAppSocketWriteError(client, errno);
 			}
+			// TODO: what about other errors?
 		} else if (client->appOutputBuffer.empty()) {
 			client->appOutputWatcher.stop();
 			sendBodyToApp(client);
@@ -2009,7 +2033,7 @@ private:
 				RH_TRACE(client, 3, "Waiting until the application socket is writable again.");
 				client->clientInput->stop();
 				client->appOutputWatcher.start();
-			} else if (e == EPIPE) {
+			} else if (e == EPIPE || e == ECONNRESET) {
 				// Client will be disconnected after response forwarding is done.
 				client->clientInput->stop();
 				syscalls::shutdown(client->fd, SHUT_RD);
@@ -2073,7 +2097,7 @@ private:
 				RH_TRACE(client, 3, "Waiting until the application socket is writable again.");
 				client->appOutputWatcher.start();
 				consumed(0, true);
-			} else if (e == EPIPE) {
+			} else if (e == EPIPE || e == ECONNRESET) {
 				// Client will be disconnected after response forwarding is done.
 				syscalls::shutdown(client->fd, SHUT_RD);
 				consumed(0, true);
@@ -2136,10 +2160,6 @@ public:
 		}
 	}
 
-	void resetInactivityTimer() {
-		libev->run(boost::bind(&Timer::start, &inactivityTimer));
-	}
-
 	unsigned long long inactivityTime() const {
 		unsigned long long result;
 		libev->run(boost::bind(&RequestHandler::getInactivityTime, this, &result));

data/ext/common/agents/LoggingAgent/LoggingServer.h

@@ -1,6 +1,6 @@
 /*
  *  Phusion Passenger - https://www.phusionpassenger.com/
- *  Copyright (c) 2010-2012 Phusion
+ *  Copyright (c) 2010-2013 Phusion
  *
  *  "Phusion Passenger" is a trademark of Hongli Lai & Ninh Bui.
  *
@@ -1084,14 +1084,12 @@ public:
 		const string &unionStationGatewayAddress = DEFAULT_UNION_STATION_GATEWAY_ADDRESS,
 		unsigned short unionStationGatewayPort = DEFAULT_UNION_STATION_GATEWAY_PORT,
 		const string &unionStationGatewayCert = "",
-		const string &unionStationProxyAddress = "",
-		const string &unionStationProxyPort = "")
+		const string &unionStationProxyAddress = "")
 		: EventedMessageServer(loop, fd, accountsDatabase),
 		  remoteSender(unionStationGatewayAddress,
 		               unionStationGatewayPort,
 		               unionStationGatewayCert,
-		               unionStationProxyAddress,
-		               unionStationProxyPort),
+		               unionStationProxyAddress),
 		  garbageCollectionTimer(loop),
 		  sinkFlushingTimer(loop),
 		  exitTimer(loop)

data/ext/common/agents/LoggingAgent/Main.cpp

@@ -1,6 +1,6 @@
 /*
  *  Phusion Passenger - https://www.phusionpassenger.com/
- *  Copyright (c) 2010-2012 Phusion
+ *  Copyright (c) 2010-2013 Phusion
  *
  *  "Phusion Passenger" is a trademark of Hongli Lai & Ninh Bui.
  *
@@ -166,7 +166,6 @@ main(int argc, char *argv[]) {
 		false, DEFAULT_UNION_STATION_GATEWAY_PORT);
 	string unionStationGatewayCert  = options.get("union_station_gateway_cert", false);
 	string unionStationProxyAddress = options.get("union_station_proxy_address", false);
-	string unionStationProxyType    = options.get("union_station_proxy_type", false);
 	
 	curl_global_init(CURL_GLOBAL_ALL);
 	
@@ -246,8 +245,7 @@ main(int argc, char *argv[]) {
 			unionStationGatewayAddress,
 			unionStationGatewayPort,
 			unionStationGatewayCert,
-			unionStationProxyAddress,
-			unionStationProxyType);
+			unionStationProxyAddress);
 		loggingServer = &server;
 		
 		

data/ext/common/agents/LoggingAgent/RemoteSender.h

@@ -1,6 +1,6 @@
 /*
  *  Phusion Passenger - https://www.phusionpassenger.com/
- *  Copyright (c) 2010 Phusion
+ *  Copyright (c) 2010-2013 Phusion
  *
  *  "Phusion Passenger" is a trademark of Hongli Lai & Ninh Bui.
  *
@@ -43,6 +43,7 @@
 #include <Utils/SystemTime.h>
 #include <Utils/ScopeGuard.h>
 #include <Utils/Base64.h>
+#include <Utils/Curl.h>
 
 namespace Passenger {
 
@@ -72,8 +73,7 @@ private:
 		string ip;
 		unsigned short port;
 		string certificate;
-		string proxyAddress;
-		string proxyType;
+		const CurlProxyInfo *proxyInfo;
 		
 		CURL *curl;
 		struct curl_slist *headers;
@@ -105,16 +105,6 @@ private:
 			curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers);
 			curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, curlDataReceived);
 			curl_easy_setopt(curl, CURLOPT_WRITEDATA, this);
-			if (!proxyAddress.empty()) {
-				curl_easy_setopt(curl, CURLOPT_PROXY, proxyAddress.c_str());
-				if (proxyType.empty() || proxyType == "http") {
-					curl_easy_setopt(curl, CURLOPT_PROXYTYPE, CURLPROXY_HTTP);
-				} else if (proxyType == "socks5") {
-					curl_easy_setopt(curl, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);
-				} else {
-					throw RuntimeException("Only 'http' and 'socks5' proxies are supported.");
-				}
-			}
 			if (certificate.empty()) {
 				curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0);
 			} else {
@@ -126,6 +116,7 @@ private:
 			 * certificate then it doesn't matter.
 			 */
 			curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0);
+			setCurlProxy(curl, *proxyInfo);
 			responseBody.clear();
 		}
 		
@@ -142,13 +133,12 @@ private:
 		
 	public:
 		Server(const string &ip, const string &hostName, unsigned short port, const string &cert,
-			const string &proxyAddress, const string &proxyType)
+			const CurlProxyInfo *proxyInfo)
 		{
 			this->ip = ip;
 			this->port = port;
 			certificate = cert;
-			this->proxyAddress = proxyAddress;
-			this->proxyType = proxyType;
+			this->proxyInfo = proxyInfo;
 			
 			hostHeader = "Host: " + hostName;
 			headers = NULL;
@@ -247,7 +237,7 @@ private:
 			CURLcode code = curl_easy_perform(curl);
 			curl_formfree(post);
 			
-			if (code == 0) {
+			if (code == CURLE_OK) {
 				guard.clear();
 				// TODO: check response
 				return true;
@@ -264,8 +254,7 @@ private:
 	string gatewayAddress;
 	unsigned short gatewayPort;
 	string certificate;
-	string proxyAddress;
-	string proxyType;
+	CurlProxyInfo proxyInfo;
 	BlockingQueue<Item> queue;
 	oxt::thread *thr;
 	
@@ -320,7 +309,7 @@ private:
 		servers.clear();
 		for (it = ips.begin(); it != ips.end(); it++) {
 			ServerPtr server = make_shared<Server>(*it, gatewayAddress, gatewayPort,
-				certificate, proxyAddress, proxyType);
+				certificate, &proxyInfo);
 			if (server->ping()) {
 				servers.push_back(server);
 			} else {
@@ -441,18 +430,23 @@ private:
 	
 public:
 	RemoteSender(const string &gatewayAddress, unsigned short gatewayPort, const string &certificate,
-		const string &proxyAddress, const string &proxyType)
+		const string &proxyAddress)
 		: queue(1024)
 	{
+		TRACE_POINT();
 		this->gatewayAddress = gatewayAddress;
 		this->gatewayPort = gatewayPort;
 		this->certificate = certificate;
-		this->proxyAddress = proxyAddress;
-		this->proxyType = proxyType;
+		try {
+			this->proxyInfo = prepareCurlProxy(proxyAddress);
+		} catch (const ArgumentException &e) {
+			throw RuntimeException("Invalid Union Station proxy address \"" +
+				proxyAddress + "\": " + e.what());
+		}
 		thr = new oxt::thread(
 			boost::bind(&RemoteSender::threadMain, this),
 			"RemoteSender thread",
-			1024 * 64
+			1024 * 512
 		);
 	}