passenger 5.0.9 → 5.0.10

data/ext/common/agents/HelperAgent/Main.cpp

@@ -55,6 +55,7 @@
 #include <algorithm>
 #include <iostream>
 #include <sstream>
+#include <stdexcept>
 
 #include <boost/thread.hpp>
 #include <boost/shared_ptr.hpp>
@@ -67,8 +68,9 @@
 
 #include <agents/HelperAgent/OptionParser.h>
 #include <agents/HelperAgent/RequestHandler.h>
-#include <agents/HelperAgent/AdminServer.h>
+#include <agents/HelperAgent/ApiServer.h>
 #include <agents/Base.h>
+#include <agents/ApiServerUtils.h>
 #include <Constants.h>
 #include <ServerKit/Server.h>
 #include <ServerKit/AcceptLoadBalancer.h>
@@ -109,29 +111,29 @@ namespace ServerAgent {
 			{ }
 	};
 
-	struct AdminWorkingObjects {
+	struct ApiWorkingObjects {
 		BackgroundEventLoop *bgloop;
 		ServerKit::Context *serverKitContext;
-		AdminServer *adminServer;
+		ApiServer *apiServer;
 
-		AdminWorkingObjects()
+		ApiWorkingObjects()
 			: bgloop(NULL),
 			  serverKitContext(NULL),
-			  adminServer(NULL)
+			  apiServer(NULL)
 			{ }
 	};
 
 	struct WorkingObjects {
 		int serverFds[SERVER_KIT_MAX_SERVER_ENDPOINTS];
-		int adminServerFds[SERVER_KIT_MAX_SERVER_ENDPOINTS];
+		int apiServerFds[SERVER_KIT_MAX_SERVER_ENDPOINTS];
 		string password;
-		vector<ServerAgent::AdminServer::Authorization> adminAuthorizations;
+		ApiAccountDatabase apiAccountDatabase;
 
 		ResourceLocator resourceLocator;
 		RandomGeneratorPtr randomGenerator;
 		UnionStation::CorePtr unionStationCore;
-		SpawnerConfigPtr spawnerConfig;
-		SpawnerFactoryPtr spawnerFactory;
+		SpawningKit::ConfigPtr spawningKitConfig;
+		SpawningKit::FactoryPtr spawningKitFactory;
 		PoolPtr appPool;
 
 		ServerKit::AcceptLoadBalancer<RequestHandler> loadBalancer;
@@ -140,7 +142,7 @@ namespace ServerAgent {
 		struct ev_signal sigtermWatcher;
 		struct ev_signal sigquitWatcher;
 
-		AdminWorkingObjects adminWorkingObjects;
+		ApiWorkingObjects apiWorkingObjects;
 
 		EventFd exitEvent;
 		EventFd allClientsDisconnectedEvent;
@@ -156,7 +158,7 @@ namespace ServerAgent {
 		{
 			for (unsigned int i = 0; i < SERVER_KIT_MAX_SERVER_ENDPOINTS; i++) {
 				serverFds[i] = -1;
-				adminServerFds[i] = -1;
+				apiServerFds[i] = -1;
 			}
 		}
 
@@ -170,9 +172,9 @@ namespace ServerAgent {
 				delete it->bgloop;
 			}
 
-			delete adminWorkingObjects.adminServer;
-			delete adminWorkingObjects.serverKitContext;
-			delete adminWorkingObjects.bgloop;
+			delete apiWorkingObjects.apiServer;
+			delete apiWorkingObjects.serverKitContext;
+			delete apiWorkingObjects.bgloop;
 		}
 	};
 } // namespace ServerAgent
@@ -191,33 +193,9 @@ static void cleanup();
 static void deletePidFile();
 static void abortLongRunningConnections(const ApplicationPool2::ProcessPtr &process);
 static void requestHandlerShutdownFinished(RequestHandler *server);
-static void adminServerShutdownFinished(ServerAgent::AdminServer *server);
+static void apiServerShutdownFinished(ServerAgent::ApiServer *server);
 static void printInfoInThread();
 
-static void
-parseAndAddAdminAuthorization(const string &description) {
-	TRACE_POINT();
-	WorkingObjects *wo = workingObjects;
-	ServerAgent::AdminServer::Authorization auth;
-	vector<string> args;
-
-	split(description, ':', args);
-
-	if (args.size() == 2) {
-		auth.level = ServerAgent::AdminServer::FULL;
-		auth.username = args[0];
-		auth.password = strip(readAll(args[1]));
-	} else if (args.size() == 3) {
-		auth.level = ServerAgent::AdminServer::parseLevel(args[0]);
-		auth.username = args[1];
-		auth.password = strip(readAll(args[2]));
-	} else {
-		P_BUG("Too many elements in authorization description");
-	}
-
-	wo->adminAuthorizations.push_back(auth);
-}
-
 static void
 initializePrivilegedWorkingObjects() {
 	TRACE_POINT();
@@ -239,7 +217,11 @@ initializePrivilegedWorkingObjects() {
 
 	UPDATE_TRACE_POINT();
 	foreach (description, authorizations) {
-		parseAndAddAdminAuthorization(description);
+		try {
+			wo->apiAccountDatabase.add(description);
+		} catch (const ArgumentException &e) {
+			throw std::runtime_error(e.what());
+		}
 	}
 }
 
@@ -332,7 +314,7 @@ startListening() {
 	TRACE_POINT();
 	WorkingObjects *wo = workingObjects;
 	vector<string> addresses = agentsOptions->getStrSet("server_addresses");
-	vector<string> adminAddresses = agentsOptions->getStrSet("server_admin_addresses", false);
+	vector<string> apiAddresses = agentsOptions->getStrSet("server_api_addresses", false);
 
 	#ifdef USE_SELINUX
 		// Set SELinux context on the first socket that we create
@@ -352,13 +334,13 @@ startListening() {
 			makeFileWorldReadableAndWritable(parseUnixSocketAddress(addresses[i]));
 		}
 	}
-	for (unsigned int i = 0; i < adminAddresses.size(); i++) {
-		wo->adminServerFds[i] = createServer(adminAddresses[i], 0, true,
+	for (unsigned int i = 0; i < apiAddresses.size(); i++) {
+		wo->apiServerFds[i] = createServer(apiAddresses[i], 0, true,
 			__FILE__, __LINE__);
-		P_LOG_FILE_DESCRIPTOR_PURPOSE(wo->adminServerFds[i],
-			"AdminServer address: " << adminAddresses[i]);
-		if (getSocketAddressType(adminAddresses[i]) == SAT_UNIX) {
-			makeFileWorldReadableAndWritable(parseUnixSocketAddress(adminAddresses[i]));
+		P_LOG_FILE_DESCRIPTOR_PURPOSE(wo->apiServerFds[i],
+			"ApiServer address: " << apiAddresses[i]);
+		if (getSocketAddressType(apiAddresses[i]) == SAT_UNIX) {
+			makeFileWorldReadableAndWritable(parseUnixSocketAddress(apiAddresses[i]));
 		}
 	}
 }
@@ -488,7 +470,7 @@ dumpDiagnosticsOnCrash(void *userData) {
 
 	cerr << "### Pool state (simple)\n";
 	// Do not lock, the crash may occur within the pool.
-	Pool::InspectOptions options;
+	Pool::InspectOptions options(Pool::InspectOptions::makeAuthorized());
 	options.verbose = true;
 	cerr << wo->appPool->inspect(options, false);
 	cerr << "\n";
@@ -505,7 +487,9 @@ dumpDiagnosticsOnCrash(void *userData) {
 	cerr.flush();
 
 	cerr << "### Pool state (XML)\n";
-	cerr << wo->appPool->toXml(true, false);
+	Pool::ToXmlOptions options2(Pool::ToXmlOptions::makeAuthorized());
+	options2.secrets = true;
+	cerr << wo->appPool->toXml(options2, false);
 	cerr << "\n\n";
 	cerr.flush();
 }
@@ -528,6 +512,11 @@ onTerminationSignal(EV_P_ struct ev_signal *watcher, int revents) {
 	}
 }
 
+static void
+spawningKitErrorHandler(const SpawningKit::ConfigPtr &config, SpawnException &e, const Options &options) {
+	ApplicationPool2::processAndLogNewSpawnException(e, options, config);
+}
+
 static void
 initializeNonPrivilegedWorkingObjects() {
 	TRACE_POINT();
@@ -544,7 +533,7 @@ initializeNonPrivilegedWorkingObjects() {
 	options.set("data_buffer_dir", absolutizePath(options.get("data_buffer_dir")));
 
 	vector<string> addresses = options.getStrSet("server_addresses");
-	vector<string> adminAddresses = options.getStrSet("server_admin_addresses", false);
+	vector<string> apiAddresses = options.getStrSet("server_api_addresses", false);
 
 	wo->resourceLocator = ResourceLocator(options.get("passenger_root"));
 
@@ -565,19 +554,22 @@ initializeNonPrivilegedWorkingObjects() {
 	}
 
 	UPDATE_TRACE_POINT();
-	wo->spawnerConfig = boost::make_shared<SpawnerConfig>();
-	wo->spawnerConfig->resourceLocator = &wo->resourceLocator;
-	wo->spawnerConfig->agentsOptions = agentsOptions;
-	wo->spawnerConfig->randomGenerator = wo->randomGenerator;
-	wo->spawnerConfig->instanceDir = options.get("instance_dir", false);
-	if (!wo->spawnerConfig->instanceDir.empty()) {
-		wo->spawnerConfig->instanceDir = absolutizePath(wo->spawnerConfig->instanceDir);
+	wo->spawningKitConfig = boost::make_shared<SpawningKit::Config>();
+	wo->spawningKitConfig->resourceLocator = &wo->resourceLocator;
+	wo->spawningKitConfig->agentsOptions = agentsOptions;
+	wo->spawningKitConfig->errorHandler = spawningKitErrorHandler;
+	wo->spawningKitConfig->unionStationCore = wo->unionStationCore;
+	wo->spawningKitConfig->randomGenerator = wo->randomGenerator;
+	wo->spawningKitConfig->instanceDir = options.get("instance_dir", false);
+	if (!wo->spawningKitConfig->instanceDir.empty()) {
+		wo->spawningKitConfig->instanceDir = absolutizePath(
+			wo->spawningKitConfig->instanceDir);
 	}
-	wo->spawnerConfig->finalize();
+	wo->spawningKitConfig->finalize();
 
 	UPDATE_TRACE_POINT();
-	wo->spawnerFactory = boost::make_shared<SpawnerFactory>(wo->spawnerConfig);
-	wo->appPool = boost::make_shared<Pool>(wo->spawnerFactory, agentsOptions);
+	wo->spawningKitFactory = boost::make_shared<SpawningKit::Factory>(wo->spawningKitConfig);
+	wo->appPool = boost::make_shared<Pool>(wo->spawningKitFactory, agentsOptions);
 	wo->appPool->initialize();
 	wo->appPool->setMax(options.getInt("max_pool_size"));
 	wo->appPool->setMaxIdleTime(options.getInt("pool_idle_time") * 1000000ULL);
@@ -630,9 +622,9 @@ initializeNonPrivilegedWorkingObjects() {
 	ev_signal_start(firstLoop->libev_loop, &wo->sigtermWatcher);
 
 	UPDATE_TRACE_POINT();
-	if (!adminAddresses.empty()) {
+	if (!apiAddresses.empty()) {
 		UPDATE_TRACE_POINT();
-		AdminWorkingObjects *awo = &wo->adminWorkingObjects;
+		ApiWorkingObjects *awo = &wo->apiWorkingObjects;
 
 		awo->bgloop = new BackgroundEventLoop(true, true);
 		awo->serverKitContext = new ServerKit::Context(awo->bgloop->safe,
@@ -644,16 +636,18 @@ initializeNonPrivilegedWorkingObjects() {
 			options.getUint("file_buffer_threshold");
 
 		UPDATE_TRACE_POINT();
-		awo->adminServer = new ServerAgent::AdminServer(awo->serverKitContext);
-		awo->adminServer->requestHandlers.reserve(wo->threadWorkingObjects.size());
+		awo->apiServer = new ServerAgent::ApiServer(awo->serverKitContext);
+		awo->apiServer->requestHandlers.reserve(wo->threadWorkingObjects.size());
 		for (unsigned int i = 0; i < wo->threadWorkingObjects.size(); i++) {
-			awo->adminServer->requestHandlers.push_back(
+			awo->apiServer->requestHandlers.push_back(
 				wo->threadWorkingObjects[i].requestHandler);
 		}
-		awo->adminServer->appPool = wo->appPool;
-		awo->adminServer->exitEvent = &wo->exitEvent;
-		awo->adminServer->shutdownFinishCallback = adminServerShutdownFinished;
-		awo->adminServer->authorizations = wo->adminAuthorizations;
+		awo->apiServer->apiAccountDatabase = &wo->apiAccountDatabase;
+		awo->apiServer->appPool = wo->appPool;
+		awo->apiServer->instanceDir = options.get("instance_dir", false);
+		awo->apiServer->fdPassingPassword = options.get("watchdog_fd_passing_password", false);
+		awo->apiServer->exitEvent = &wo->exitEvent;
+		awo->apiServer->shutdownFinishCallback = apiServerShutdownFinished;
 
 		wo->shutdownCounter.fetch_add(1, boost::memory_order_relaxed);
 	}
@@ -685,8 +679,8 @@ initializeNonPrivilegedWorkingObjects() {
 			wo->loadBalancer.servers.push_back(two->requestHandler);
 		}
 	}
-	for (unsigned int i = 0; i < adminAddresses.size(); i++) {
-		wo->adminWorkingObjects.adminServer->listen(wo->adminServerFds[i]);
+	for (unsigned int i = 0; i < apiAddresses.size(); i++) {
+		wo->apiWorkingObjects.apiServer->listen(wo->apiServerFds[i]);
 	}
 }
 
@@ -716,7 +710,7 @@ reportInitializationInfo() {
 			NULL);
 	} else {
 		vector<string> addresses = agentsOptions->getStrSet("server_addresses");
-		vector<string> adminAddresses = agentsOptions->getStrSet("server_admin_addresses", false);
+		vector<string> apiAddresses = agentsOptions->getStrSet("server_api_addresses", false);
 		string address;
 
 		P_NOTICE(AGENT_EXE " server online, PID " << getpid() <<
@@ -730,9 +724,9 @@ reportInitializationInfo() {
 			P_NOTICE(" * " << address);
 		}
 
-		if (!adminAddresses.empty()) {
-			P_NOTICE("Admin server listening on " << adminAddresses.size() << " socket(s):");
-			foreach (address, adminAddresses) {
+		if (!apiAddresses.empty()) {
+			P_NOTICE("API server listening on " << apiAddresses.size() << " socket(s):");
+			foreach (address, apiAddresses) {
 				if (startsWith(address, "tcp://")) {
 					address.erase(0, sizeof("tcp://") - 1);
 					address.insert(0, "http://");
@@ -776,8 +770,8 @@ mainLoop() {
 			}
 		#endif
 	}
-	if (wo->adminWorkingObjects.adminServer != NULL) {
-		wo->adminWorkingObjects.bgloop->start("Admin event loop", 0);
+	if (wo->apiWorkingObjects.apiServer != NULL) {
+		wo->apiWorkingObjects.bgloop->start("API event loop", 0);
 	}
 	if (wo->threadWorkingObjects.size() > 1) {
 		wo->loadBalancer.start();
@@ -797,12 +791,12 @@ abortLongRunningConnections(const ApplicationPool2::ProcessPtr &process) {
 	// We are inside the ApplicationPool lock. Be very careful here.
 	WorkingObjects *wo = workingObjects;
 	P_NOTICE("Disconnecting long-running connections for process " <<
-		process->pid << ", application " << process->getGroup()->name);
+		process->getPid() << ", application " << process->getGroup()->getName());
 	for (unsigned int i = 0; i < wo->threadWorkingObjects.size(); i++) {
 		wo->threadWorkingObjects[i].bgloop->safe->runLater(
 			boost::bind(abortLongRunningConnectionsOnRequestHandler,
 				wo->threadWorkingObjects[i].requestHandler,
-				string(process->gupid, process->gupidSize)));
+				process->getGupid().toString()));
 	}
 }
 
@@ -812,8 +806,8 @@ shutdownRequestHandler(ThreadWorkingObjects *two) {
 }
 
 static void
-shutdownAdminServer() {
-	workingObjects->adminWorkingObjects.adminServer->shutdown();
+shutdownApiServer() {
+	workingObjects->apiWorkingObjects.apiServer->shutdown();
 }
 
 static void
@@ -831,7 +825,7 @@ requestHandlerShutdownFinished(RequestHandler *server) {
 }
 
 static void
-adminServerShutdownFinished(ServerAgent::AdminServer *server) {
+apiServerShutdownFinished(ServerAgent::ApiServer *server) {
 	serverShutdownFinished();
 }
 
@@ -889,8 +883,8 @@ waitForExitEvent() {
 		if (wo->threadWorkingObjects.size() > 1) {
 			wo->loadBalancer.shutdown();
 		}
-		if (wo->adminWorkingObjects.adminServer != NULL) {
-			wo->adminWorkingObjects.bgloop->safe->runLater(shutdownAdminServer);
+		if (wo->apiWorkingObjects.apiServer != NULL) {
+			wo->apiWorkingObjects.bgloop->safe->runLater(shutdownApiServer);
 		}
 
 		UPDATE_TRACE_POINT();
@@ -920,8 +914,8 @@ cleanup() {
 		ThreadWorkingObjects *two = &wo->threadWorkingObjects[i];
 		two->bgloop->stop();
 	}
-	if (wo->adminWorkingObjects.adminServer != NULL) {
-		wo->adminWorkingObjects.bgloop->stop();
+	if (wo->apiWorkingObjects.apiServer != NULL) {
+		wo->apiWorkingObjects.bgloop->stop();
 	}
 	wo->appPool.reset();
 	for (unsigned i = 0; i < wo->threadWorkingObjects.size(); i++) {
@@ -938,8 +932,8 @@ cleanup() {
 		if (wo->serverFds[i] != -1) {
 			close(wo->serverFds[i]);
 		}
-		if (wo->adminServerFds[i] != -1) {
-			close(wo->adminServerFds[i]);
+		if (wo->apiServerFds[i] != -1) {
+			close(wo->apiServerFds[i]);
 		}
 	}
 	deletePidFile();
@@ -984,6 +978,10 @@ runServer() {
 		P_CRITICAL("ERROR: " << e.what() << "\n" << e.backtrace());
 		deletePidFile();
 		return 1;
+	} catch (const std::runtime_error &e) {
+		P_CRITICAL("ERROR: " << e.what());
+		deletePidFile();
+		return 1;
 	}
 
 	return 0;

data/ext/common/agents/HelperAgent/OptionParser.h

@@ -61,8 +61,7 @@ serverUsage() {
 		SERVER_KIT_MAX_SERVER_ENDPOINTS);
 	printf("                            listen on multiple addresses. Default:\n");
 	printf("                            " DEFAULT_HTTP_SERVER_LISTEN_ADDRESS "\n");
-	printf("      --admin-listen ADDRESS\n");
-	printf("                            Listen on the given address for admin commands.\n");
+	printf("      --api-listen ADDRESS  Listen on the given address for API commands.\n");
 	printf("                            The same syntax and limitations as with --listen\n");
 	printf("                            are applicable\n");
 	printf("\n");
@@ -75,8 +74,8 @@ serverUsage() {
 	printf("                            Password-protect access to the HTTP server\n");
 	printf("                            (multi-app mode only)\n");
 	printf("      --authorize [LEVEL]:USERNAME:PASSWORDFILE\n");
-	printf("                            Enables authentication on the admin server, through\n");
-	printf("                            the given admin account. LEVEL indicates the\n");
+	printf("                            Enables authentication on the API server, through\n");
+	printf("                            the given API account. LEVEL indicates the\n");
 	printf("                            privilege level (see below). PASSWORDFILE must\n");
 	printf("                            point to a file containing the password\n");
 	printf("      --no-user-switching   Disables user switching support\n");
@@ -169,7 +168,7 @@ serverUsage() {
 	printf("      --cpu-affine          Enable per-thread CPU affinity (Linux only)\n");
 	printf("  -h, --help                Show this help\n");
 	printf("\n");
-	printf("Admin account privilege levels (ordered from most to least privileges):\n");
+	printf("API account privilege levels (ordered from most to least privileges):\n");
 	printf("  readonly    Read-only access\n");
 	printf("  full        Full access (default)\n");
 }
@@ -198,20 +197,20 @@ parseServerOption(int argc, const char *argv[], int &i, VariantMap &options) {
 				"for Unix domain sockets.\n");
 			exit(1);
 		}
-	} else if (p.isValueFlag(argc, i, argv[i], '\0', "--admin-listen")) {
+	} else if (p.isValueFlag(argc, i, argv[i], '\0', "--api-listen")) {
 		if (getSocketAddressType(argv[i + 1]) != SAT_UNKNOWN) {
-			vector<string> addresses = options.getStrSet("server_admin_addresses",
+			vector<string> addresses = options.getStrSet("server_api_addresses",
 				false);
 			if (addresses.size() == SERVER_KIT_MAX_SERVER_ENDPOINTS) {
-				fprintf(stderr, "ERROR: you may specify up to %u --admin-listen addresses.\n",
+				fprintf(stderr, "ERROR: you may specify up to %u --api-listen addresses.\n",
 					SERVER_KIT_MAX_SERVER_ENDPOINTS);
 				exit(1);
 			}
 			addresses.push_back(argv[i + 1]);
-			options.setStrSet("server_admin_addresses", addresses);
+			options.setStrSet("server_api_addresses", addresses);
 			i += 2;
 		} else {
-			fprintf(stderr, "ERROR: invalid address format for --admin-listen. The address "
+			fprintf(stderr, "ERROR: invalid address format for --api-listen. The address "
 				"must be formatted as tcp://IP:PORT for TCP sockets, or unix:PATH "
 				"for Unix domain sockets.\n");
 			exit(1);

data/ext/common/agents/HelperAgent/RequestHandler/BufferBody.cpp

@@ -71,6 +71,9 @@ whenBufferingBody_onRequestBody(Client *client, Request *req,
 			psg_lstr_init(&header->key);
 			psg_lstr_append(&header->key, req->pool, "content-length",
 				sizeof("content-length") - 1);
+			psg_lstr_init(&header->origKey);
+			psg_lstr_append(&header->origKey, req->pool, "Content-Length",
+				sizeof("Content-Length") - 1);
 			psg_lstr_init(&header->val);
 			psg_lstr_append(&header->val, req->pool, contentLength, size);