passenger 4.0.36 → 4.0.37

data/ext/common/MultiLibeio.cpp

@@ -55,6 +55,10 @@ struct Data {
 		: libev(_libev),
 		  callback(_callback)
 	{
+		// If this assertion fails, then in the context of RequestHandler it means
+		// that it was operating on a client that has already been disconnected.
+		// The RequestHandler code is probably missing some necessary checks on
+		// `client->connected()`.
 		assert(_libev != NULL);
 	}
 };

data/ext/common/ServerInstanceDir.h

@@ -213,7 +213,7 @@ private:
 		 * generations no matter what user they're running as.
 		 */
 		if (owner) {
-			switch (getFileType(path)) {
+			switch (getFileTypeNoFollowSymlinks(path)) {
 			case FT_NONEXISTANT:
 				createDirectory(path);
 				break;

data/ext/common/Utils.cpp

@@ -143,6 +143,35 @@ getFileType(const StaticString &filename, CachedFileStat *cstat, unsigned int th
 	}
 }
 
+FileType
+getFileTypeNoFollowSymlinks(const StaticString &filename) {
+	struct stat buf;
+	int ret;
+	
+	ret = lstat(filename.c_str(), &buf);
+	if (ret == 0) {
+		if (S_ISREG(buf.st_mode)) {
+			return FT_REGULAR;
+		} else if (S_ISDIR(buf.st_mode)) {
+			return FT_DIRECTORY;
+		} else if (S_ISLNK(buf.st_mode)) {
+			return FT_SYMLINK;
+		} else {
+			return FT_OTHER;
+		}
+	} else {
+		if (errno == ENOENT) {
+			return FT_NONEXISTANT;
+		} else {
+			int e = errno;
+			string message("Cannot lstat '");
+			message.append(filename);
+			message.append("'");
+			throw FileSystemException(message, e, filename);
+		}
+	}
+}
+
 void
 createFile(const string &filename, const StaticString &contents, mode_t permissions, uid_t owner,
 	gid_t group, bool overwrite)

data/ext/common/Utils.h

@@ -65,6 +65,8 @@ typedef enum {
 	FT_REGULAR,
 	/** A directory. */
 	FT_DIRECTORY,
+	/** A symlink. Only returned by getFileTypeNoFollowSymlinks(), not by getFileType(). */
+	FT_SYMLINK,
 	/** Something else, e.g. a pipe or a socket. */
 	FT_OTHER
 } FileType;
@@ -110,7 +112,7 @@ bool fileExists(const StaticString &filename, CachedFileStat *cstat = 0,
 /**
  * Check whether 'filename' exists and what kind of file it is.
  *
- * @param filename The filename to check.
+ * @param filename The filename to check. It MUST be NULL-terminated.
  * @param mstat A CachedFileStat object, if you want to use cached statting.
  * @param throttleRate A throttle rate for cstat. Only applicable if cstat is not NULL.
  * @return The file type.
@@ -121,6 +123,10 @@ bool fileExists(const StaticString &filename, CachedFileStat *cstat = 0,
  */
 FileType getFileType(const StaticString &filename, CachedFileStat *cstat = 0,
                      unsigned int throttleRate = 0);
+/**
+ * Like getFileType(), but does not follow symlinks.
+ */
+FileType getFileTypeNoFollowSymlinks(const StaticString &filename);
 
 /**
  * Create the given file with the given contents, permissions and ownership.

data/ext/common/Utils/BufferedIO.h

@@ -171,6 +171,19 @@ public:
 		return output;
 	}
 	
+	/**
+	 * Reads a line and returns the line including the newline character. Upon
+	 * encountering EOF, the empty string is returned.
+	 *
+	 * The `max` parameter dictates the maximum length of the returned line.
+	 * If the line is longer than this number of characters, then a SecurityException
+	 * is thrown, and the BufferedIO becomes unusable (enters an undefined state).
+	 *
+	 * @throws SystemException
+	 * @throws TimeoutException
+	 * @throws SecurityException
+	 * @throws boost::thread_interrupted
+	 */
 	string readLine(unsigned int max = 1024, unsigned long long *timeout = NULL) {
 		string output;
 		readUntil(boost::bind(newlineFound, _1, _2, &output, max), timeout);

data/ext/common/agents/HelperAgent/Main.cpp

@@ -1,6 +1,6 @@
 /*
  *  Phusion Passenger - https://www.phusionpassenger.com/
- *  Copyright (c) 2010-2013 Phusion
+ *  Copyright (c) 2010-2014 Phusion
  *
  *  "Phusion Passenger" is a trademark of Hongli Lai & Ninh Bui.
  *
@@ -437,7 +437,7 @@ public:
 		accountsDatabase->add("_passenger-status", options.adminToolStatusPassword, false,
 			Account::INSPECT_BASIC_INFO | Account::INSPECT_SENSITIVE_INFO |
 			Account::INSPECT_BACKTRACES | Account::INSPECT_REQUESTS |
-			Account::RESTART);
+			Account::DETACH | Account::RESTART);
 		accountsDatabase->add("_web_server", options.exitPassword, false, Account::EXIT);
 		messageServer = boost::make_shared<MessageServer>(
 			parseUnixSocketAddress(options.adminSocketAddress), accountsDatabase);
@@ -584,6 +584,9 @@ public:
 			 * inaccessible.
 			 */
 			P_DEBUG("Watchdog seems to be killed; forcing shutdown of all subprocesses");
+			// We send a SIGTERM first to allow processes to gracefully shut down.
+			syscalls::killpg(getpgrp(), SIGTERM);
+			usleep(500000);
 			syscalls::killpg(getpgrp(), SIGKILL);
 			_exit(2); // In case killpg() fails.
 		} else {
@@ -592,6 +595,7 @@ public:
 			 */
 			P_DEBUG("Received command to exit gracefully. "
 				"Waiting until 5 seconds after all clients have disconnected...");
+			pool->prepareForShutdown();
 			requestHandler->resetInactivityTime();
 			while (requestHandler->inactivityTime() < 5000) {
 				syscalls::usleep(250000);

data/ext/common/agents/HelperAgent/RequestHandler.h

@@ -696,8 +696,17 @@ private:
 			status, (unsigned long) data.size());
 
 		client->clientOutputPipe->write(header, pos - header);
+		if (!client->connected()) {
+			return;
+		}
 		client->clientOutputPipe->write(data.data(), data.size());
+		if (!client->connected()) {
+			return;
+		}
 		client->clientOutputPipe->end();
+		if (!client->connected()) {
+			return;
+		}
 
 		if (client->useUnionStation()) {
 			snprintf(header, end - header, "Status: %d %s",
@@ -778,8 +787,17 @@ private:
 
 		const string header = str.str();
 		client->clientOutputPipe->write(header.data(), header.size());
+		if (!client->connected()) {
+			return;
+		}
 		client->clientOutputPipe->write(data.data(), data.size());
+		if (!client->connected()) {
+			return;
+		}
 		client->clientOutputPipe->end();
+		if (!client->connected()) {
+			return;
+		}
 
 		if (client->useUnionStation()) {
 			client->logMessage("Status: 500 Internal Server Error");
@@ -1094,6 +1112,10 @@ private:
 	void writeToClientOutputPipe(const ClientPtr &client, const StaticString &data) {
 		bool wasCommittingToDisk = client->clientOutputPipe->isCommittingToDisk();
 		bool nowCommittingToDisk = !client->clientOutputPipe->write(data.data(), data.size());
+		if (!client->connected()) {
+			// EPIPE/ECONNRESET detected.
+			return;
+		}
 		if (!wasCommittingToDisk && nowCommittingToDisk) {
 			RH_TRACE(client, 3, "Buffering response data to disk; temporarily stopping application socket.");
 			client->backgroundOperations++;
@@ -2010,6 +2032,7 @@ private:
 	}
 
 	void sessionCheckedOut_real(ClientPtr client, const SessionPtr &session, const ExceptionPtr &e) {
+		RH_LOG_EVENT(client, "sessionCheckedOut");
 		if (!client->connected()) {
 			return;
 		}
@@ -2200,7 +2223,6 @@ private:
 			data.append(" ");
 			data.append(parser.getHeader("REQUEST_URI"));
 			data.append(" HTTP/1.1\r\n");
-			data.append("Connection: close\r\n");
 
 			for (it = parser.begin(); it != end; it++) {
 				if (startsWith(it->first, "HTTP_") && it->first != "HTTP_CONNECTION") {
@@ -2221,6 +2243,15 @@ private:
 				}
 			}
 
+			StaticString connection = parser.getHeader("HTTP_CONNECTION");
+			if (connection == "upgrade" || connection == "Upgrade") {
+				data.append("Connection: ");
+				data.append(connection.data(), connection.size());
+				data.append("\r\n");
+			} else {
+				data.append("Connection: close\r\n");
+			}
+
 			StaticString header = parser.getHeader("CONTENT_LENGTH");
 			if (!header.empty()) {
 				data.append("Content-Length: ");

data/helper-scripts/meteor-loader.rb

@@ -1,7 +1,7 @@
 #!/usr/bin/env ruby
 # encoding: binary
 #  Phusion Passenger - https://www.phusionpassenger.com/
-#  Copyright (c) 2010-2013 Phusion
+#  Copyright (c) 2010-2014 Phusion
 #
 #  "Phusion Passenger" is a trademark of Hongli Lai & Ninh Bui.
 #
@@ -24,6 +24,8 @@
 #  THE SOFTWARE.
 
 require 'socket'
+require 'thread'
+require 'logger'
 
 module PhusionPassenger
 module App
@@ -52,6 +54,13 @@ module App
 		end
 	end
 
+	def self.init_passenger
+		require "#{options["ruby_libdir"]}/phusion_passenger"
+		PhusionPassenger.locate_directories(options["passenger_root"])
+		PhusionPassenger.require_passenger_lib 'message_channel'
+		PhusionPassenger.require_passenger_lib 'utils/tmpio'
+	end
+
 	def self.ping_port(port)
 		socket_domain = Socket::Constants::AF_INET
 		sockaddr = Socket.pack_sockaddr_in(port, '127.0.0.1')
@@ -77,7 +86,14 @@ module App
 		end
 	end
 	
-	def self.load_app
+	def self.create_control_server
+		dir = Utils.mktmpdir('meteor')
+		filename = "#{dir}/control"
+		server = UNIXServer.new(filename)
+		return [server, dir, filename]
+	end
+
+	def self.load_app(control_server)
 		port = nil
 		tries = 0
 		while port.nil? && tries < 200
@@ -101,34 +117,134 @@ module App
 			# Meteor its own process group, and sending signals to the
 			# entire process group.
 			Process.setpgrp
+			control_server.close
 			exec("meteor run -p #{port} #{production}")
 		end
 		$0 = options["process_title"] if options["process_title"]
 		$0 = "#{$0} (#{pid})"
 		return [pid, port]
 	end
+
+	class ExitFlag
+		def initialize
+			@mutex = Mutex.new
+			@cond  = ConditionVariable.new
+			@exit  = false
+		end
+
+		def set
+			@mutex.synchronize do
+				@exit = true
+				@cond.broadcast
+			end
+		end
+
+		def wait
+			@mutex.synchronize do
+				while !@exit
+					@cond.wait(@mutex)
+				end
+			end
+		end
+	end
+
+	# When the HelperAgent is shutting down, it first sends a message (A) to application
+	# processes through the control socket that this is happening. The HelperAgent then
+	# waits until all HTTP connections are closed, before sending another message
+	# to application processes that they should shut down (B).
+	# Because Meteor opens long-running connections (e.g. for WebSocket), we have to shut
+	# down the Meteor app when A arrives, otherwise the HelperAgent will never send B.
+	def self.wait_for_exit_message(control_server)
+		exit_flag = ExitFlag.new
+		start_control_server_thread(control_server, exit_flag)
+		start_stdin_waiter_thread(exit_flag)
+		exit_flag.wait
+	end
+
+	def self.start_control_server_thread(control_server, exit_flag)
+		Thread.new do
+			Thread.current.abort_on_exception = true
+			while true
+				process_next_control_client(control_server, exit_flag)
+			end
+		end
+	end
+
+	def self.process_next_control_client(control_server, exit_flag)
+		logger = Logger.new(STDERR)
+		begin
+			client = control_server.accept
+			channel = MessageChannel.new(client)
+			while message = channel.read
+				process_next_control_message(message, logger, exit_flag)
+			end
+		rescue Exception => e
+			logger.error("#{e} (#{e.class})\n  " + e.backtrace.join("\n  "))
+		ensure
+			begin
+				client.close if client
+			rescue SystemCallError, IOError, SocketError
+			end
+		end
+	end
+
+	def self.process_next_control_message(message, logger, exit_flag)
+		if message[0] == "abort_long_running_connections"
+			logger.debug("Aborting long-running connections")
+			exit_flag.set
+		else
+			logger.error("Invalid control message: #{message.inspect}")
+		end
+	end
+
+	def self.start_stdin_waiter_thread(exit_flag)
+		Thread.new do
+			Thread.current.abort_on_exception = true
+			begin
+				STDIN.readline
+			rescue EOFError
+			ensure
+				exit_flag.set
+			end
+		end
+	end
+
 	
 	
 	################## Main code ##################
 	
 	
 	handshake_and_read_startup_request
-	pid, port = load_app
+	init_passenger
 	begin
+		control_server, control_dir, control_filename = create_control_server
+		pid, port = load_app(control_server)
 		while !ping_port(port)
 			sleep 0.01
 		end
 		puts "!> Ready"
 		puts "!> socket: main;tcp://127.0.0.1:#{port};http_session;0"
+		puts "!> socket: control;unix:#{control_filename};control;0"
 		puts "!> "
-		begin
-			STDIN.readline
-		rescue EOFError
-		end
+		wait_for_exit_message(control_server)
 	ensure
-		Process.kill('INT', -pid) rescue nil
-		Process.waitpid(pid) rescue nil
-		Process.kill('INT', -pid) rescue nil
+		if pid
+			Process.kill('INT', -pid) rescue nil
+			Process.waitpid(pid) rescue nil
+			Process.kill('INT', -pid) rescue nil
+		end
+		if control_server
+			control_server.close
+			begin
+				File.unlink(control_filename)
+			rescue SystemCallError
+			end
+			require 'fileutils'
+			begin
+				FileUtils.remove_entry_secure(control_dir)
+			rescue SystemCallError
+			end
+		end
 	end
 	
 end # module App

data/helper-scripts/node-loader.js

@@ -135,15 +135,17 @@ function installServer() {
 		finalizeStartup();
 
 		PhusionPassenger.on('request', function(headers, socket, bodyBegin) {
-			var req = HttplibEmulation.createIncomingMessage(headers, socket, bodyBegin);
-			if (req.headers['upgrade']) {
+			var req, res;
+			if (headers['HTTP_UPGRADE']) {
 				if (EventEmitter.listenerCount(server, 'upgrade') > 0) {
+					req = HttplibEmulation.createIncomingMessage(headers, socket, bodyBegin);
 					server.emit('upgrade', req, socket, bodyBegin);
 				} else {
 					socket.destroy();
 				}
 			} else {
-				var res = HttplibEmulation.createServerResponse(req);
+				req = HttplibEmulation.createIncomingMessage(headers, socket, bodyBegin);
+				res = HttplibEmulation.createServerResponse(req);
 				server.emit('request', req, res);
 			}
 		});

data/helper-scripts/wsgi-loader.py

@@ -106,6 +106,7 @@ class RequestHandler:
 				if not client:
 					done = True
 					break
+				socket_hijacked = False
 				try:
 					try:
 						env, input_stream = self.parse_request(client)
@@ -113,7 +114,7 @@ class RequestHandler:
 							if env['REQUEST_METHOD'] == 'ping':
 								self.process_ping(env, input_stream, client)
 							else:
-								self.process_request(env, input_stream, client)
+								socket_hijacked = self.process_request(env, input_stream, client)
 					except KeyboardInterrupt:
 						done = True
 					except IOError:
@@ -123,16 +124,17 @@ class RequestHandler:
 					except Exception:
 						logging.exception("WSGI application raised an exception!")
 				finally:
-					try:
-						# Shutdown the socket like this just in case the app
-						# spawned a child process that keeps it open.
-						client.shutdown(socket.SHUT_WR)
-					except:
-						pass
-					try:
-						client.close()
-					except:
-						pass
+					if not socket_hijacked:
+						try:
+							# Shutdown the socket like this just in case the app
+							# spawned a child process that keeps it open.
+							client.shutdown(socket.SHUT_WR)
+						except:
+							pass
+						try:
+							client.close()
+						except:
+							pass
 		except KeyboardInterrupt:
 			pass
 
@@ -232,7 +234,16 @@ class RequestHandler:
 			headers_set[:] = [status, response_headers]
 			return write
 		
+		def hijack():
+			env['passenger.hijacked_socket'] = output_stream
+			return output_stream
+
+		env['passenger.hijack'] = hijack
+
 		result = self.app(env, start_response)
+		if 'passenger.hijacked_socket' in env:
+			# Socket connection hijacked. Don't do anything.
+			return True
 		try:
 			for data in result:
 				# Don't send headers until body appears.
@@ -244,6 +255,7 @@ class RequestHandler:
 		finally:
 			if hasattr(result, 'close'):
 				result.close()
+		return False
 	
 	def process_ping(self, env, input_stream, output_stream):
 		output_stream.sendall(b"pong")