passenger 4.0.5 → 4.0.6

data/ext/common/UnionStation.h

@@ -710,7 +710,7 @@ public:
 	}
 
 	void checkinConnection(const ConnectionPtr &connection) {
-		lock_guard<boost::mutex> l(syncher);
+		boost::lock_guard<boost::mutex> l(syncher);
 		if (connectionPool.size() < CONNECTION_POOL_MAX_SIZE) {
 			connectionPool.push_back(connection);
 		} else {
@@ -786,7 +786,7 @@ public:
 			
 			vector<string> args;
 			if (!readArrayMessage(connection->fd, args, &timeout)) {
-				lock_guard<boost::mutex> l(syncher);
+				boost::lock_guard<boost::mutex> l(syncher);
 				P_WARN("The logging agent at " << serverAddress <<
 					" closed the connection (no error message given);" <<
 					" will reconnect in " << reconnectTimeout / 1000000 <<
@@ -794,7 +794,7 @@ public:
 				nextReconnectTime = SystemTime::getUsec() + reconnectTimeout;
 				return createNullLogger();
 			} else if (args.size() == 2 && args[0] == "error") {
-				lock_guard<boost::mutex> l(syncher);
+				boost::lock_guard<boost::mutex> l(syncher);
 				P_WARN("The logging agent at " << serverAddress <<
 					" closed the connection (error message: " << args[1] <<
 					"); will reconnect in " << reconnectTimeout / 1000000 <<
@@ -802,7 +802,7 @@ public:
 				nextReconnectTime = SystemTime::getUsec() + reconnectTimeout;
 				return createNullLogger();
 			} else if (args.empty() || args[0] != "ok") {
-				lock_guard<boost::mutex> l(syncher);
+				boost::lock_guard<boost::mutex> l(syncher);
 				P_WARN("The logging agent at " << serverAddress <<
 					" sent an unexpected reply;" <<
 					" will reconnect in " << reconnectTimeout / 1000000 <<
@@ -819,7 +819,7 @@ public:
 				unionStationKey);
 			
 		} catch (const TimeoutException &) {
-			lock_guard<boost::mutex> l(syncher);
+			boost::lock_guard<boost::mutex> l(syncher);
 			P_WARN("Timeout trying to communicate with the logging agent at " << serverAddress << "; " <<
 				"will reconnect in " << reconnectTimeout / 1000000 << " second(s).");
 			nextReconnectTime = SystemTime::getUsec() + reconnectTimeout;
@@ -832,7 +832,7 @@ public:
 				
 				guard.clear();
 				gotErrorResponse = connection->disconnect(errorResponse);
-				lock_guard<boost::mutex> l(syncher);
+				boost::lock_guard<boost::mutex> l(syncher);
 				if (gotErrorResponse) {
 					P_WARN("The logging agent at " << serverAddress <<
 						" closed the connection (error message: " << errorResponse <<
@@ -891,7 +891,7 @@ public:
 				unionStationKey);
 			
 		} catch (const TimeoutException &) {
-			lock_guard<boost::mutex> l(syncher);
+			boost::lock_guard<boost::mutex> l(syncher);
 			P_WARN("Timeout trying to communicate with the logging agent at " << serverAddress << "; " <<
 				"will reconnect in " << reconnectTimeout / 1000000 << " second(s).");
 			nextReconnectTime = SystemTime::getUsec() + reconnectTimeout;
@@ -904,7 +904,7 @@ public:
 				
 				guard.clear();
 				gotErrorResponse = connection->disconnect(errorResponse);
-				lock_guard<boost::mutex> l(syncher);
+				boost::lock_guard<boost::mutex> l(syncher);
 				if (gotErrorResponse) {
 					P_WARN("The logging agent at " << serverAddress <<
 						" closed the connection (error message: " << errorResponse <<
@@ -925,12 +925,12 @@ public:
 	}
 	
 	void setMaxConnectTries(unsigned int value) {
-		lock_guard<boost::mutex> l(syncher);
+		boost::lock_guard<boost::mutex> l(syncher);
 		maxConnectTries = value;
 	}
 	
 	void setReconnectTimeout(unsigned long long usec) {
-		lock_guard<boost::mutex> l(syncher);
+		boost::lock_guard<boost::mutex> l(syncher);
 		reconnectTimeout = usec;
 	}
 	

data/ext/common/Utils.cpp

@@ -412,7 +412,7 @@ parseModeString(const StaticString &mode) {
 		
 		if (clause.empty()) {
 			continue;
-		} else if (clause.size() < 2 || clause[1] != '=') {
+		} else if (clause.size() < 2 || (clause[0] != '+' && clause[1] != '=')) {
 			throw InvalidModeStringException("Invalid mode clause specification '" + clause + "'");
 		}
 		
@@ -483,6 +483,20 @@ parseModeString(const StaticString &mode) {
 				}
 			}
 			break;
+		case '+':
+			for (string::size_type i = 1; i < clause.size(); i++) {
+				switch (clause[i]) {
+				case 't':
+					modeBits |= S_ISVTX;
+					break;
+				default:
+					throw InvalidModeStringException("Invalid permission '" +
+						string(1, clause[i]) +
+						"' in mode clause specification '" +
+						clause + "'");
+				}
+			}
+			break;
 		default:
 			throw InvalidModeStringException("Invalid owner '" + string(1, clause[0]) +
 				"' in mode clause specification '" + clause + "'");
@@ -962,12 +976,24 @@ runShellCommand(const StaticString &command) {
 	}
 }
 
-// Async-signal safe way to fork().
-// http://sourceware.org/bugzilla/show_bug.cgi?id=4737
+#ifdef __APPLE__
+	// http://www.opensource.apple.com/source/Libc/Libc-825.26/sys/fork.c
+	// This bypasses atfork handlers.
+	extern "C" {
+		extern pid_t __fork(void);
+	}
+#endif
+
 pid_t
 asyncFork() {
 	#if defined(__linux__)
-		return (pid_t) syscall(SYS_fork);
+		#if defined(SYS_fork)
+			return (pid_t) syscall(SYS_fork);
+		#else
+			return syscall(SYS_clone, SIGCHLD, 0, 0, 0, 0);
+		#endif
+	#elif defined(__APPLE__)
+		return __fork();
 	#else
 		return fork();
 	#endif

data/ext/common/Utils.h

@@ -413,7 +413,14 @@ int runShellCommand(const StaticString &command);
 
 /**
  * Async-signal safe way to fork().
+ *
+ * On Linux, the fork() glibc wrapper grabs a ptmalloc lock, so
+ * if malloc causes a segfault then we can't fork.
  * http://sourceware.org/bugzilla/show_bug.cgi?id=4737
+ *
+ * OS X apparently does something similar, except they use a
+ * spinlock so it results in 100% CPU. See _cthread_fork_prepare()
+ * at http://www.opensource.apple.com/source/Libc/Libc-166/threads.subproj/cthreads.c
  */
 pid_t asyncFork();
 

data/ext/common/Utils/BlockingQueue.h

@@ -53,7 +53,7 @@ public:
 	}
 	
 	unsigned int size() const {
-		lock_guard<timed_mutex> l(lock);
+		boost::lock_guard<timed_mutex> l(lock);
 		return queue.size();
 	}
 	
@@ -70,7 +70,7 @@ public:
 	}
 	
 	bool tryAdd(const T &item) {
-		lock_guard<timed_mutex> l(lock);
+		boost::lock_guard<timed_mutex> l(lock);
 		if (!atMaxCapacity()) {
 			queue.push(item);
 			added.notify_one();

data/ext/common/Utils/Lock.h

@@ -8,8 +8,8 @@ namespace Passenger {
 using namespace boost;
 
 /** Shortcut typedefs. */
-typedef lock_guard<boost::mutex> LockGuard;
-typedef unique_lock<boost::mutex> ScopedLock;
+typedef boost::lock_guard<boost::mutex> LockGuard;
+typedef boost::unique_lock<boost::mutex> ScopedLock;
 
 /** Nicer syntax for conditionally locking the mutex during construction. */
 class DynamicScopedLock: public unique_lock<boost::mutex> {

data/ext/common/Utils/MessagePassing.h

@@ -198,7 +198,7 @@ class MessageBox: public enable_shared_from_this<MessageBox> {
 
 public:
 	void send(const MessagePtr &message) {
-		lock_guard<boost::mutex> l(syncher);
+		boost::lock_guard<boost::mutex> l(syncher);
 		message->setFrom(shared_from_this());
 		messages.push_back(message);
 		cond.notify_all();
@@ -287,7 +287,7 @@ public:
 	}
 
 	unsigned int size() const {
-		lock_guard<boost::mutex> l(syncher);
+		boost::lock_guard<boost::mutex> l(syncher);
 		return messages.size();
 	}
 };

data/ext/common/Utils/Timer.h

@@ -74,7 +74,7 @@ public:
 		// TODO: We really use should clock_gettime() and the monotonic
 		// clock whenever possible, instead of gettimeofday()...
 		// On OS X we can use mach_absolute_time()
-		lock_guard<boost::mutex> l(lock);
+		boost::lock_guard<boost::mutex> l(lock);
 		int ret;
 		do {
 			ret = gettimeofday(&startTime, NULL);
@@ -87,7 +87,7 @@ public:
 	 * and sufficient amount of time has elapsed.
 	 */
 	void stop() {
-		lock_guard<boost::mutex> l(lock);
+		boost::lock_guard<boost::mutex> l(lock);
 		startTime.tv_sec = 0;
 		startTime.tv_usec = 0;
 	}
@@ -97,7 +97,7 @@ public:
 	 * in miliseconds. If the timer is currently stopped, then 0 is returned.
 	 */
 	unsigned long long elapsed() const {
-		lock_guard<boost::mutex> l(lock);
+		boost::lock_guard<boost::mutex> l(lock);
 		if (startTime.tv_sec == 0 && startTime.tv_usec == 0) {
 			return 0;
 		} else {
@@ -119,7 +119,7 @@ public:
 	 * in microseconds. If the timer is currently stopped, then 0 is returned.
 	 */
 	unsigned long long usecElapsed() const {
-		lock_guard<boost::mutex> l(lock);
+		boost::lock_guard<boost::mutex> l(lock);
 		if (startTime.tv_sec == 0 && startTime.tv_usec == 0) {
 			return 0;
 		} else {

data/ext/common/agents/HelperAgent/AgentOptions.h

@@ -53,6 +53,7 @@ struct AgentOptions {
 	string exitPassword;
 	string loggingAgentAddress;
 	string loggingAgentPassword;
+	string adminToolStatusPassword;
 	vector<string> prestartUrls;
 
 	string requestSocketLink;
@@ -84,6 +85,7 @@ struct AgentOptions {
 		exitPassword          = options.get("helper_agent_exit_password");
 		loggingAgentAddress   = options.get("logging_agent_address");
 		loggingAgentPassword  = options.get("logging_agent_password");
+		adminToolStatusPassword = options.get("admin_tool_status_password");
 		
 		// Optional options.
 		prestartUrls          = options.getStrSet("prestart_urls", false);

data/ext/common/agents/HelperAgent/Main.cpp

@@ -51,7 +51,6 @@
 
 #include <agents/HelperAgent/RequestHandler.h>
 #include <agents/HelperAgent/RequestHandler.cpp>
-#include <agents/HelperAgent/BacktracesServer.h>
 #include <agents/HelperAgent/AgentOptions.h>
 
 #include <agents/Base.h>
@@ -85,6 +84,7 @@ private:
 	
 	typedef MessageServer::CommonClientContext CommonClientContext;
 	
+	shared_ptr<RequestHandler> requestHandler;
 	PoolPtr pool;
 	
 	
@@ -92,17 +92,30 @@ private:
 	 * Message handler methods
 	 *********************************************/
 	
-	void processDetach(CommonClientContext &commonContext, SpecificContext *specificContext, const vector<string> &args) {
+	void processDetachProcess(CommonClientContext &commonContext, SpecificContext *specificContext,
+		const vector<string> &args)
+	{
 		TRACE_POINT();
 		commonContext.requireRights(Account::DETACH);
-		/* if (pool->detach(args[1])) {
+		if (pool->detachProcess((pid_t) atoi(args[1]))) {
 			writeArrayMessage(commonContext.fd, "true", NULL);
-		} else { */
+		} else {
 			writeArrayMessage(commonContext.fd, "false", NULL);
-		//}
+		}
+	}
+
+	void processDetachProcessByKey(CommonClientContext &commonContext, SpecificContext *specificContext,
+		const vector<string> &args)
+	{
+		TRACE_POINT();
+		commonContext.requireRights(Account::DETACH);
+		// TODO: implement this
+		writeArrayMessage(commonContext.fd, "false", NULL);
 	}
 	
-	bool processInspect(CommonClientContext &commonContext, SpecificContext *specificContext, const vector<string> &args) {
+	bool processInspect(CommonClientContext &commonContext, SpecificContext *specificContext,
+		const vector<string> &args)
+	{
 		TRACE_POINT();
 		commonContext.requireRights(Account::INSPECT_BASIC_INFO);
 		if ((args.size() - 1) % 2 != 0) {
@@ -123,7 +136,9 @@ private:
 		return true;
 	}
 	
-	void processToXml(CommonClientContext &commonContext, SpecificContext *specificContext, const vector<string> &args) {
+	void processToXml(CommonClientContext &commonContext, SpecificContext *specificContext,
+		const vector<string> &args)
+	{
 		TRACE_POINT();
 		commonContext.requireRights(Account::INSPECT_BASIC_INFO);
 		bool includeSensitiveInfo =
@@ -131,9 +146,28 @@ private:
 			args[1] == "true";
 		writeScalarMessage(commonContext.fd, pool->toXml(includeSensitiveInfo));
 	}
+
+	void processBacktraces(CommonClientContext &commonContext, SpecificContext *specificContext,
+		const vector<string> &args)
+	{
+		TRACE_POINT();
+		commonContext.requireRights(Account::INSPECT_BACKTRACES);
+		writeScalarMessage(commonContext.fd, oxt::thread::all_backtraces());
+	}
+
+	void processRequests(CommonClientContext &commonContext, SpecificContext *specificContext,
+		const vector<string> &args)
+	{
+		TRACE_POINT();
+		stringstream stream;
+		commonContext.requireRights(Account::INSPECT_REQUESTS);
+		requestHandler->inspect(stream);
+		writeScalarMessage(commonContext.fd, stream.str());
+	}
 	
 public:
-	RemoteController(const PoolPtr &pool) {
+	RemoteController(const shared_ptr<RequestHandler> &requestHandler, const PoolPtr &pool) {
+		this->requestHandler = requestHandler;
 		this->pool = pool;
 	}
 	
@@ -147,12 +181,18 @@ public:
 	{
 		SpecificContext *specificContext = (SpecificContext *) _specificContext.get();
 		try {
-			if (args[0] == "detach" && args.size() == 2) {
-				processDetach(commonContext, specificContext, args);
+			if (args[0] == "detach_process" && args.size() == 2) {
+				processDetachProcess(commonContext, specificContext, args);
+			} else if (args[0] == "detach_process_by_key" && args.size() == 2) {
+				processDetachProcessByKey(commonContext, specificContext, args);
 			} else if (args[0] == "inspect") {
 				return processInspect(commonContext, specificContext, args);
 			} else if (args[0] == "toXml" && args.size() == 2) {
 				processToXml(commonContext, specificContext, args);
+			} else if (args[0] == "backtraces") {
+				processBacktraces(commonContext, specificContext, args);
+			} else if (args[0] == "requests") {
+				processRequests(commonContext, specificContext, args);
 			} else {
 				return false;
 			}
@@ -381,8 +421,10 @@ public:
 		UPDATE_TRACE_POINT();
 		generation = serverInstanceDir.getGeneration(options.generationNumber);
 		startListening();
-		accountsDatabase = AccountsDatabase::createDefault(generation,
-			options.userSwitching, options.defaultUser, options.defaultGroup);
+		accountsDatabase = make_shared<AccountsDatabase>();
+		accountsDatabase->add("_passenger-status", options.adminToolStatusPassword, false,
+			Account::INSPECT_BASIC_INFO | Account::INSPECT_SENSITIVE_INFO |
+			Account::INSPECT_BACKTRACES | Account::INSPECT_REQUESTS);
 		accountsDatabase->add("_web_server", options.exitPassword, false, Account::EXIT);
 		messageServer = make_shared<MessageServer>(
 			parseUnixSocketAddress(options.adminSocketAddress), accountsDatabase);
@@ -415,13 +457,12 @@ public:
 		//pool->setMaxPerApp(maxInstancesPerApp);
 		pool->setMaxIdleTime(options.poolIdleTime * 1000000);
 		
-		messageServer->addHandler(make_shared<RemoteController>(pool));
-		messageServer->addHandler(make_shared<BacktracesServer>());
-		messageServer->addHandler(ptr(new ExitHandler(exitEvent)));
-
 		requestHandler = make_shared<RequestHandler>(requestLoop.safe,
 			requestSocket, pool, options);
 
+		messageServer->addHandler(make_shared<RemoteController>(requestHandler, pool));
+		messageServer->addHandler(ptr(new ExitHandler(exitEvent)));
+
 		sigquitWatcher.set(requestLoop.loop);
 		sigquitWatcher.set(SIGQUIT);
 		sigquitWatcher.set<Server, &Server::onSigquit>(this);

data/ext/common/agents/HelperAgent/RequestHandler.h

@@ -398,6 +398,8 @@ public:
 		timeoutTimer.stop();
 
 		freeScopeLogs();
+
+		requestHandler = NULL;
 	}
 
 	bool reassociateable() const {
@@ -507,7 +509,8 @@ public:
 		if (session == NULL) {
 			stream << indent << "session                     = NULL\n";
 		} else {
-			stream << indent << "session pid                 = " << session->getPid() << "\n";
+			stream << indent << "session pid                 = " << session->getPid() << " (" <<
+				session->getGroup()->name << ")\n";
 			stream << indent << "session gupid               = " << session->getGupid() << "\n";
 			stream << indent << "session initiated           = " << boolStr(session->initiated()) << "\n";
 		}

data/ext/common/agents/LoggingAgent/AdminController.h

@@ -0,0 +1,91 @@
+/*
+ *  Phusion Passenger - https://www.phusionpassenger.com/
+ *  Copyright (c) 2013 Phusion
+ *
+ *  "Phusion Passenger" is a trademark of Hongli Lai & Ninh Bui.
+ *
+ *  Permission is hereby granted, free of charge, to any person obtaining a copy
+ *  of this software and associated documentation files (the "Software"), to deal
+ *  in the Software without restriction, including without limitation the rights
+ *  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ *  copies of the Software, and to permit persons to whom the Software is
+ *  furnished to do so, subject to the following conditions:
+ *
+ *  The above copyright notice and this permission notice shall be included in
+ *  all copies or substantial portions of the Software.
+ *
+ *  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ *  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ *  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ *  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ *  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ *  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ *  THE SOFTWARE.
+ */
+#ifndef _PASSENGER_ADMIN_CONTROLLER_H_
+#define _PASSENGER_ADMIN_CONTROLLER_H_
+
+
+#include <agents/LoggingAgent/LoggingServer.h>
+#include <MessageServer.h>
+#include <sstream>
+
+namespace Passenger {
+
+using namespace std;
+using namespace boost;
+using namespace oxt;
+
+
+class AdminController: public MessageServer::Handler {
+private:
+	struct SpecificContext: public MessageServer::ClientContext {
+	};
+	
+	typedef MessageServer::CommonClientContext CommonClientContext;
+	
+	const LoggingServer *server;
+	
+	
+	/*********************************************
+	 * Message handler methods
+	 *********************************************/
+	
+	void processStatus(CommonClientContext &commonContext, SpecificContext *specificContext, const vector<string> &args) {
+		TRACE_POINT();
+		stringstream stream;
+		server->dump(stream);
+		writeScalarMessage(commonContext.fd, stream.str());
+	}
+	
+	bool isCommand(const vector<string> &args, const string &command, unsigned int nargs = 0) const {
+		return args.size() == nargs + 1 && args[0] == command;
+	}
+	
+public:
+	AdminController(const LoggingServer *server) {
+		this->server = server;
+	}
+	
+	virtual MessageServer::ClientContextPtr newClient(CommonClientContext &commonContext) {
+		return make_shared<SpecificContext>();
+	}
+	
+	virtual bool processMessage(CommonClientContext &commonContext,
+	                            MessageServer::ClientContextPtr &_specificContext,
+	                            const vector<string> &args)
+	{
+		SpecificContext *specificContext = (SpecificContext *) _specificContext.get();
+		if (isCommand(args, "status", 0)) {
+			processStatus(commonContext, specificContext, args);
+		} else {
+			return false;
+		}
+		return true;
+	}
+};
+
+
+} // namespace Passenger
+
+#endif /* _PASSENGER_ADMIN_CONTROLLER_H_ */