passenger 5.0.27 → 5.0.28

data/build/support/general.rb

@@ -0,0 +1,106 @@
+#  Phusion Passenger - https://www.phusionpassenger.com/
+#  Copyright (c) 2010-2016 Phusion Holding B.V.
+#
+#  "Passenger", "Phusion Passenger" and "Union Station" are registered
+#  trademarks of Phusion Holding B.V.
+#
+#  Permission is hereby granted, free of charge, to any person obtaining a copy
+#  of this software and associated documentation files (the "Software"), to deal
+#  in the Software without restriction, including without limitation the rights
+#  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+#  copies of the Software, and to permit persons to whom the Software is
+#  furnished to do so, subject to the following conditions:
+#
+#  The above copyright notice and this permission notice shall be included in
+#  all copies or substantial portions of the Software.
+#
+#  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+#  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+#  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+#  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+#  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+#  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+#  THE SOFTWARE.
+
+class TemplateRenderer
+  def initialize(filename)
+    require 'erb' if !defined?(ERB)
+    @erb = ERB.new(File.read(filename), nil, "-")
+    @erb.filename = filename
+  end
+
+  def render
+    return @erb.result(binding)
+  end
+
+  def render_to(filename)
+    puts "Creating #{filename}"
+    text = render
+    # When packaging, some timestamps may be modified. The user may not
+    # have write access to the source root (for example, when Passenger
+    # Standalone is compiling its runtime), so we only write to the file
+    # when necessary.
+    if !File.exist?(filename) || File.writable?(filename) || File.read(filename) != text
+      File.open(filename, 'w') do |f|
+        f.write(text)
+      end
+    end
+  end
+end
+
+class Pathname
+  if !method_defined?(:/)
+    def /(other)
+      self + other.to_s
+    end
+  end
+end
+
+def string_option(name, default_value = nil)
+  value = ENV[name]
+  if value.nil? || value.empty?
+    if default_value.respond_to?(:call)
+      default_value.call
+    else
+      default_value
+    end
+  else
+    value
+  end
+end
+
+def pathname_option(name, default_value)
+  Pathname.new(string_option(name, default_value))
+end
+
+def compiler_flag_option(name, default_value = '')
+  string_option(name, default_value).gsub("\n", " ")
+end
+
+def boolean_option(name, default_value = false)
+  value = ENV[name]
+  if value.nil? || value.empty?
+    default_value
+  else
+    value == "yes" || value == "on" || value == "true" || value == "1"
+  end
+end
+
+def maybe_wrap_in_ccache(command)
+  if boolean_option('USE_CCACHE', false) && command !~ /^ccache /
+    "ccache #{command}"
+  else
+    command
+  end
+end
+
+def ensure_target_directory_exists(target)
+  dir = File.dirname(target)
+  if !File.exist?(dir)
+    sh "mkdir -p #{dir}"
+  end
+end
+
+def shesc(path)
+  Shellwords.escape(path)
+end

data/dev/ci/run_travis.sh

@@ -16,6 +16,8 @@ fi
 
 COMPILE_CONCURRENCY=${COMPILE_CONCURRENCY:-2}
 
+TEST_DYNAMIC_WITH_NGINX_VERSION=1.9.15
+
 export VERBOSE=1
 export TRACE=1
 export DEVDEPS_DEFAULT=no
@@ -213,6 +215,13 @@ if [[ "$TEST_NGINX" = 1 ]]; then
 	install_node_and_modules
 	run ./bin/passenger-install-nginx-module --auto --prefix=/tmp/nginx --auto-download
 	run bundle exec drake -j$COMPILE_CONCURRENCY test:integration:nginx
+
+	run curl -sSLO http://www.nginx.org/download/nginx-$TEST_DYNAMIC_WITH_NGINX_VERSION.tar.gz
+	run tar zxf nginx-$TEST_DYNAMIC_WITH_NGINX_VERSION.tar.gz
+	run cd nginx-$TEST_DYNAMIC_WITH_NGINX_VERSION
+	run ./configure --add-dynamic-module=$(../bin/passenger-config --nginx-addon-dir)
+	run make
+	run cd ..
 fi
 
 if [[ "$TEST_APACHE2" = 1 ]]; then

data/dev/vagrant/nginx_rakefile

@@ -27,7 +27,7 @@ task :configure do
     " --with-http_ssl_module" +
     " --with-http_gzip_static_module" +
     " --with-http_stub_status_module" +
-    " --with-http_spdy_module" +
+    " --with-http_v2_module" +
     " --with-ipv6" +
     " --with-debug"
   sh "sed", "-E", "-i", 's/ -O[0-9]? / -ggdb /g', "objs/Makefile"

data/src/agent/Core/ApplicationPool/Options.h

@@ -237,6 +237,9 @@ public:
 	/** See class overview. Defaults to the defaultUser's primary group. */
 	StaticString defaultGroup;
 
+	/** Minimum user id starting from which entering LVE and CageFS is allowed. */
+	unsigned int lveMinUid;
+
 	/**
 	 * The directory which contains restart.txt and always_restart.txt.
 	 * An empty string means that the default directory should be used.
@@ -474,6 +477,7 @@ public:
 		  baseURI("/", 1),
 		  spawnMethod(DEFAULT_SPAWN_METHOD, sizeof(DEFAULT_SPAWN_METHOD) - 1),
 		  defaultUser(PASSENGER_DEFAULT_USER, sizeof(PASSENGER_DEFAULT_USER) - 1),
+		  lveMinUid(DEFAULT_LVE_MIN_UID),
 		  integrationMode(DEFAULT_INTEGRATION_MODE, sizeof(DEFAULT_INTEGRATION_MODE) - 1),
 		  ruby(DEFAULT_RUBY, sizeof(DEFAULT_RUBY) - 1),
 		  python(DEFAULT_PYTHON, sizeof(DEFAULT_PYTHON) - 1),

data/src/agent/Core/Controller/CheckoutSession.cpp

@@ -378,8 +378,7 @@ Controller::friendlyErrorPagesEnabled(Request *req) {
 	bool defaultValue;
 	string defaultStr = agentsOptions->get("friendly_error_pages");
 	if (defaultStr == "auto") {
-		defaultValue = req->options.environment != "staging"
-			&& req->options.environment != "production";
+		defaultValue = (req->options.environment == "development");
 	} else {
 		defaultValue = defaultStr == "true";
 	}

data/src/agent/Core/Controller/InitRequest.cpp

@@ -383,6 +383,7 @@ Controller::createNewPoolOptions(Client *client, Request *req,
 	fillPoolOption(req, options.loadShellEnvvars, "!~PASSENGER_LOAD_SHELL_ENVVARS");
 	fillPoolOption(req, options.fileDescriptorUlimit, "!~PASSENGER_APP_FILE_DESCRIPTOR_ULIMIT");
 	fillPoolOption(req, options.raiseInternalError, "!~PASSENGER_RAISE_INTERNAL_ERROR");
+	fillPoolOption(req, options.lveMinUid, "!~PASSENGER_LVE_MIN_UID");
 	/******************/
 
 	boost::shared_ptr<Options> optionsCopy = boost::make_shared<Options>(options);

data/src/agent/Core/SpawningKit/DirectSpawner.h

@@ -28,9 +28,11 @@
 
 #include <Core/SpawningKit/Spawner.h>
 #include <Constants.h>
+#include <LveLoggingDecorator.h>
 #include <limits.h>  // for PTHREAD_STACK_MIN
 #include <pthread.h>
 
+#include <adhoc_lve.h>
 
 namespace Passenger {
 namespace SpawningKit {
@@ -167,6 +169,14 @@ public:
 			preparation.userSwitching.gid);
 		pid_t pid;
 
+		adhoc_lve::LveEnter scopedLveEnter(LveLoggingDecorator::lveInitOnce(),
+		                                   preparation.userSwitching.uid,
+		                                   options.lveMinUid,
+		                                   LveLoggingDecorator::lveExitCallback);
+		LveLoggingDecorator::logLveEnter(scopedLveEnter,
+		                                 preparation.userSwitching.uid,
+		                                 options.lveMinUid);
+
 		pid = syscalls::fork();
 		if (pid == 0) {
 			setenv("PASSENGER_DEBUG_DIR", debugDir->getPath().c_str(), 1);
@@ -203,6 +213,8 @@ public:
 
 		} else {
 			UPDATE_TRACE_POINT();
+			scopedLveEnter.exit();
+
 			P_LOG_FILE_DESCRIPTOR_PURPOSE(adminSocket.first,
 				"App " << pid << " (" << options.appRoot << ") adminSocket[0]");
 			P_LOG_FILE_DESCRIPTOR_PURPOSE(adminSocket.second,

data/src/agent/Core/SpawningKit/SmartSpawner.h

@@ -29,6 +29,9 @@
 #include <Core/SpawningKit/Spawner.h>
 #include <Core/SpawningKit/PipeWatcher.h>
 #include <Constants.h>
+#include <LveLoggingDecorator.h>
+
+#include <adhoc_lve.h>
 
 namespace Passenger {
 namespace SpawningKit {
@@ -212,9 +215,15 @@ private:
 		Pipe errorPipe = createPipe(__FILE__, __LINE__);
 		DebugDirPtr debugDir = boost::make_shared<DebugDir>(preparation.userSwitching.uid,
 			preparation.userSwitching.gid);
-		pid_t pid;
 
-		pid = syscalls::fork();
+		adhoc_lve::LveEnter scopedLveEnter(LveLoggingDecorator::lveInitOnce(),
+		                                   preparation.userSwitching.uid,
+		                                   options.lveMinUid,
+		                                   LveLoggingDecorator::lveExitCallback);
+		LveLoggingDecorator::logLveEnter(scopedLveEnter,
+		                                 preparation.userSwitching.uid,
+		                                 options.lveMinUid);
+		pid_t pid = syscalls::fork();
 		if (pid == 0) {
 			setenv("PASSENGER_DEBUG_DIR", debugDir->getPath().c_str(), 1);
 			purgeStdio(stdout);
@@ -249,6 +258,8 @@ private:
 			throw SystemException("Cannot fork a new process", e);
 
 		} else {
+			scopedLveEnter.exit();
+
 			UPDATE_TRACE_POINT();
 			P_LOG_FILE_DESCRIPTOR_PURPOSE(adminSocket.first,
 				"Preloader " << pid << " (" << options.appRoot << ") adminSocket[0]");

data/src/agent/Core/SpawningKit/Spawner.h

@@ -78,6 +78,7 @@
 #include <pwd.h>
 #include <grp.h>
 #include <dirent.h>
+#include <adhoc_lve.h>
 #include <modp_b64.h>
 #include <FileDescriptor.h>
 #include <Exceptions.h>
@@ -871,8 +872,42 @@ protected:
 		}
 	}
 
+	void enterLveJail(const struct passwd * pw) {
+		if (!pw)
+			return;
+
+		string lve_init_err;
+		adhoc_lve::LibLve& liblve = adhoc_lve::LveInitSignleton::getInstance(&lve_init_err);
+		if (liblve.is_error())
+		{
+			printf("!> Error\n");
+			printf("!> \n");
+			printf("!> Failed to init LVE library%s%s\n",
+			       lve_init_err.empty()? "" : ": ",
+			       lve_init_err.c_str());
+			fflush(stdout);
+			_exit(1);
+		}
+
+		if (!liblve.is_lve_available())
+			return;
+
+		string jail_err;
+		int rc = liblve.jail(pw, jail_err);
+		if (rc < 0)
+		{
+			printf("!> Error\n");
+			printf("!> \n");
+			printf("enterLve() failed: %s\n", jail_err.c_str());
+			fflush(stdout);
+			_exit(1);
+		}
+	}
+
 	void switchUser(const SpawnPreparationInfo &info) {
 		if (info.userSwitching.enabled) {
+			enterLveJail(&info.userSwitching.lveUserPwd);
+
 			bool setgroupsCalled = false;
 			#ifdef HAVE_GETGROUPLIST
 				if (info.userSwitching.ngroups <= NGROUPS_MAX) {

data/src/agent/Core/SpawningKit/UserSwitchingRules.h

@@ -55,7 +55,10 @@ struct UserSwitchingInfo {
 	uid_t uid;
 	gid_t gid;
 	int ngroups;
-	shared_array<gid_t> gidset;
+	boost::shared_array<gid_t> gidset;
+
+	struct passwd lveUserPwd, *lveUserPwdComplete;
+	boost::shared_array<char> lveUserPwdStrBuf;
 };
 
 inline UserSwitchingInfo
@@ -64,9 +67,10 @@ prepareUserSwitching(const Options &options) {
 	UserSwitchingInfo info;
 
 	if (geteuid() != 0) {
-		struct passwd pwd, *userInfo;
+		struct passwd &pwd = info.lveUserPwd;
+		boost::shared_array<char> &strings = info.lveUserPwdStrBuf;
+		struct passwd *userInfo;
 		long bufSize;
-		shared_array<char> strings;
 
 		// _SC_GETPW_R_SIZE_MAX is not a maximum:
 		// http://tomlee.co/2012/10/problems-with-large-linux-unix-groups-and-getgrgid_r-getgrnam_r/
@@ -97,11 +101,13 @@ prepareUserSwitching(const Options &options) {
 	string defaultGroup;
 	string startupFile = absolutizePath(options.getStartupFile(),
 		absolutizePath(options.appRoot));
-	struct passwd pwd, *userInfo;
+	struct passwd &pwd = info.lveUserPwd;
+	boost::shared_array<char> &pwdBuf = info.lveUserPwdStrBuf;
+	struct passwd *userInfo;
 	struct group  grp;
 	gid_t  groupId = (gid_t) -1;
 	long pwdBufSize, grpBufSize;
-	shared_array<char> pwdBuf, grpBuf;
+	boost::shared_array<char> grpBuf;
 	int ret;
 
 	// _SC_GETPW_R_SIZE_MAX/_SC_GETGR_R_SIZE_MAX are not maximums:
@@ -250,7 +256,7 @@ prepareUserSwitching(const Options &options) {
 			int e = errno;
 			throw SystemException("getgrouplist() failed", e);
 		}
-		info.gidset = shared_array<gid_t>(new gid_t[info.ngroups]);
+		info.gidset = boost::shared_array<gid_t>(new gid_t[info.ngroups]);
 		for (int i = 0; i < info.ngroups; i++) {
 			info.gidset[i] = groups[i];
 		}

data/src/apache2_module/ConfigurationCommands.cpp

@@ -237,6 +237,13 @@
 		"Force Passenger to believe that an application process can handle the given number of concurrent requests per process"),
 
 	
+	AP_INIT_TAKE1("PassengerLveMinUid",
+		(Take1Func) cmd_passenger_lve_min_uid,
+		NULL,
+		RSRC_CONF,
+		"Minimum user id starting from which entering LVE and CageFS is allowed."),
+
+	
 	AP_INIT_TAKE1("RailsEnv",
 		(Take1Func) cmd_passenger_app_env,
 		NULL,

data/src/apache2_module/ConfigurationFields.hpp

@@ -61,6 +61,8 @@ struct GeneratedDirConfigPart {
 	Threeway stickySessionsCookieName;
 	/** Force Passenger to believe that an application process can handle the given number of concurrent requests per process */
 	int forceMaxConcurrentRequestsPerProcess;
+	/** Minimum user id starting from which entering LVE and CageFS is allowed. */
+	int lveMinUid;
 	/** The maximum number of simultaneously alive application instances a single application may occupy. */
 	int maxInstancesPerApp;
 	/** The maximum number of seconds that a preloader process may be idle before it is shutdown. */

data/src/apache2_module/ConfigurationSetters.cpp

@@ -444,4 +444,38 @@
 			}
 		}
 	
+	
+		static const char *
+		cmd_passenger_lve_min_uid(cmd_parms *cmd, void *pcfg, const char *arg) {
+			DirConfig *config = (DirConfig *) pcfg;
+			char *end;
+			long result;
+
+			result = strtol(arg, &end, 10);
+			if (*end != '\0') {
+				string message = "Invalid number specified for ";
+				message.append(cmd->directive->directive);
+				message.append(".");
+
+				char *messageStr = (char *) apr_palloc(cmd->temp_pool,
+					message.size() + 1);
+				memcpy(messageStr, message.c_str(), message.size() + 1);
+				return messageStr;
+			
+				} else if (result < 0) {
+					string message = "Value for ";
+					message.append(cmd->directive->directive);
+					message.append(" must be greater than or equal to 0.");
+
+					char *messageStr = (char *) apr_palloc(cmd->temp_pool,
+						message.size() + 1);
+					memcpy(messageStr, message.c_str(), message.size() + 1);
+					return messageStr;
+			
+			} else {
+				config->lveMinUid = (int) result;
+				return NULL;
+			}
+		}
+	
 

data/src/apache2_module/CreateDirConfig.cpp

@@ -67,4 +67,5 @@
 				config->restartDir = NULL;
 				config->appGroupName = NULL;
 				config->forceMaxConcurrentRequestsPerProcess = UNSET_INT_VALUE;
+				config->lveMinUid = UNSET_INT_VALUE;
 	

data/src/apache2_module/MergeDirConfig.cpp

@@ -236,3 +236,10 @@
 			add->forceMaxConcurrentRequestsPerProcess;
 	
 
+	
+		config->lveMinUid =
+			(add->lveMinUid == UNSET_INT_VALUE) ?
+			base->lveMinUid :
+			add->lveMinUid;
+	
+

data/src/apache2_module/SetHeaders.cpp

@@ -155,3 +155,8 @@
 			sizeof("!~PASSENGER_FORCE_MAX_CONCURRENT_REQUESTS_PER_PROCESS") - 1), config->forceMaxConcurrentRequestsPerProcess);
 	
 
+	
+		addHeader(r, result, StaticString("!~PASSENGER_LVE_MIN_UID",
+			sizeof("!~PASSENGER_LVE_MIN_UID") - 1), config->lveMinUid);
+	
+

data/src/cxx_supportlib/Constants.h

@@ -65,6 +65,8 @@
 
 	#define DEFAULT_LOG_LEVEL 3
 
+	#define DEFAULT_LVE_MIN_UID 500
+
 	#define DEFAULT_MAX_POOL_SIZE 6
 
 	#define DEFAULT_MAX_PRELOADER_IDLE_TIME 300
@@ -121,7 +123,7 @@
 
 	#define PASSENGER_DEFAULT_USER "nobody"
 
-	#define PASSENGER_VERSION "5.0.27"
+	#define PASSENGER_VERSION "5.0.28"
 
 	#define POOL_HELPER_THREAD_STACK_SIZE 262144