passenger 5.0.9 → 5.0.10

data/ext/common/agents/HelperAgent/RequestHandler/ForwardResponse.cpp

@@ -1002,6 +1002,7 @@ keepAliveAppConnection(Client *client, Request *req) {
 void
 storeAppResponseInTurboCache(Client *client, Request *req) {
 	if (turboCaching.isEnabled() && !req->cacheKey.empty()) {
+		TRACE_POINT();
 		AppResponse *resp = &req->appResponse;
 		unsigned int headerSize = 0;
 		unsigned int i;
@@ -1013,6 +1014,7 @@ storeAppResponseInTurboCache(Client *client, Request *req) {
 			turboCaching.responseCache.store(req, ev_now(getLoop()),
 				headerSize, resp->bodyCacheBuffer.size));
 		if (entry.valid()) {
+			UPDATE_TRACE_POINT();
 			SKC_DEBUG(client, "Storing app response in turbocache");
 			SKC_TRACE(client, 2, "Turbocache entries:\n" << turboCaching.responseCache.inspect());
 

data/ext/common/agents/HelperAgent/RequestHandler/Hooks.cpp

@@ -31,7 +31,7 @@ virtual unsigned int getClientName(const Client *client, char *buf, size_t size)
 	char *pos = buf;
 	const char *end = buf + size - 1;
 	// WARNING: If you change the format, be sure to change
-	// AdminServer::extractThreadNumberFromClientName() too.
+	// ApiServer::extractThreadNumberFromClientName() too.
 	pos += uintToString(threadNumber, pos, end - pos);
 	pos = appendData(pos, end, "-", 1);
 	pos += uintToString(client->number, pos, end - pos);

data/ext/common/agents/HelperAgent/RequestHandler/SendRequest.cpp

@@ -290,7 +290,7 @@ determineHeaderSizeForSessionProtocol(Request *req,
 	}
 
 	dataSize += sizeof("PASSENGER_CONNECT_PASSWORD");
-	dataSize += req->session->getGroupSecret().size() + 1;
+	dataSize += ApplicationPool2::ApiKey::SIZE + 1;
 
 	if (req->https) {
 		dataSize += sizeof("HTTPS");
@@ -404,7 +404,7 @@ constructHeaderForSessionProtocol(Request *req, char * restrict buffer, unsigned
 	}
 
 	pos = appendData(pos, end, P_STATIC_STRING_WITH_NULL("PASSENGER_CONNECT_PASSWORD"));
-	pos = appendData(pos, end, req->session->getGroupSecret());
+	pos = appendData(pos, end, req->session->getApiKey().toStaticString());
 	pos = appendData(pos, end, "", 1);
 
 	if (req->https) {

data/ext/common/agents/LoggingAgent/ApiServer.h

@@ -0,0 +1,279 @@
+/*
+ *  Phusion Passenger - https://www.phusionpassenger.com/
+ *  Copyright (c) 2013-2015 Phusion
+ *
+ *  "Phusion Passenger" is a trademark of Hongli Lai & Ninh Bui.
+ *
+ *  Permission is hereby granted, free of charge, to any person obtaining a copy
+ *  of this software and associated documentation files (the "Software"), to deal
+ *  in the Software without restriction, including without limitation the rights
+ *  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ *  copies of the Software, and to permit persons to whom the Software is
+ *  furnished to do so, subject to the following conditions:
+ *
+ *  The above copyright notice and this permission notice shall be included in
+ *  all copies or substantial portions of the Software.
+ *
+ *  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ *  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ *  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ *  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ *  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ *  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ *  THE SOFTWARE.
+ */
+#ifndef _PASSENGER_LOGGING_AGENT_API_SERVER_H_
+#define _PASSENGER_LOGGING_AGENT_API_SERVER_H_
+
+#include <sstream>
+#include <string>
+
+#include <agents/LoggingAgent/LoggingServer.h>
+#include <agents/ApiServerUtils.h>
+#include <ApplicationPool2/ApiKey.h>
+#include <ServerKit/HttpServer.h>
+#include <DataStructures/LString.h>
+#include <Exceptions.h>
+#include <StaticString.h>
+#include <Utils/StrIntUtils.h>
+#include <Utils/modp_b64.h>
+#include <Utils/json.h>
+#include <Utils/BufferedIO.h>
+#include <Utils/MessageIO.h>
+
+namespace Passenger {
+namespace LoggingAgent {
+
+using namespace std;
+
+
+class Request: public ServerKit::BaseHttpRequest {
+public:
+	string body;
+	Json::Value jsonBody;
+
+	DEFINE_SERVER_KIT_BASE_HTTP_REQUEST_FOOTER(Request);
+};
+
+class ApiServer: public ServerKit::HttpServer<ApiServer, ServerKit::HttpClient<Request> > {
+private:
+	typedef ServerKit::HttpServer<ApiServer, ServerKit::HttpClient<Request> > ParentClass;
+	typedef ServerKit::HttpClient<Request> Client;
+	typedef ServerKit::HeaderTable HeaderTable;
+
+	void route(Client *client, Request *req, const StaticString &path) {
+		if (path == P_STATIC_STRING("/ping.json")) {
+			apiServerProcessPing(this, client, req);
+		} else if (path == P_STATIC_STRING("/version.json")) {
+			apiServerProcessVersion(this, client, req);
+		} else if (path == P_STATIC_STRING("/shutdown.json")) {
+			apiServerProcessShutdown(this, client, req);
+		} else if (path == P_STATIC_STRING("/backtraces.txt")) {
+			apiServerProcessBacktraces(this, client, req);
+		} else if (path == P_STATIC_STRING("/config.json")) {
+			processConfig(client, req);
+		} else if (path == P_STATIC_STRING("/reinherit_logs.json")) {
+			apiServerProcessReinheritLogs(this, client, req,
+				instanceDir, fdPassingPassword);
+		} else if (path == P_STATIC_STRING("/reopen_logs.json")) {
+			apiServerProcessReopenLogs(this, client, req);
+		} else if (path == P_STATIC_STRING("/status.txt")) {
+			processStatusTxt(client, req);
+		} else {
+			apiServerRespondWith404(this, client, req);
+		}
+	}
+
+	void processConfig(Client *client, Request *req) {
+		if (req->method == HTTP_GET) {
+			if (!authorizeStateInspectionOperation(this, client, req)) {
+				apiServerRespondWith401(this, client, req);
+			}
+
+			HeaderTable headers;
+			Json::Value doc;
+			string logFile = getLogFile();
+			string fileDescriptorLogFile = getFileDescriptorLogFile();
+
+			headers.insert(req->pool, "Content-Type", "application/json");
+			doc["log_level"] = getLogLevel();
+			if (!logFile.empty()) {
+				doc["log_file"] = logFile;
+			}
+			if (!fileDescriptorLogFile.empty()) {
+				doc["file_descriptor_log_file"] = fileDescriptorLogFile;
+			}
+
+			writeSimpleResponse(client, 200, &headers, doc.toStyledString());
+			if (!req->ended()) {
+				endRequest(&client, &req);
+			}
+		} else if (req->method == HTTP_PUT) {
+			if (!authorizeAdminOperation(this, client, req)) {
+				apiServerRespondWith401(this, client, req);
+			} else if (!req->hasBody()) {
+				endAsBadRequest(&client, &req, "Body required");
+			}
+			// Continue in processConfigBody()
+		} else {
+			apiServerRespondWith405(this, client, req);
+		}
+	}
+
+	void processConfigBody(Client *client, Request *req) {
+		HeaderTable headers;
+		Json::Value &json = req->jsonBody;
+
+		headers.insert(req->pool, "Content-Type", "application/json");
+
+		if (json.isMember("log_level")) {
+			setLogLevel(json["log_level"].asInt());
+		}
+		if (json.isMember("log_file")) {
+			string logFile = json["log_file"].asString();
+			try {
+				logFile = absolutizePath(logFile);
+			} catch (const SystemException &e) {
+				unsigned int bufsize = 1024;
+				char *message = (char *) psg_pnalloc(req->pool, bufsize);
+				snprintf(message, bufsize, "{ \"status\": \"error\", "
+					"\"message\": \"Cannot absolutize log file filename: %s\" }",
+					e.what());
+				writeSimpleResponse(client, 500, &headers, message);
+				if (!req->ended()) {
+					endRequest(&client, &req);
+				}
+				return;
+			}
+
+			int e;
+			if (!setLogFile(logFile, &e)) {
+				unsigned int bufsize = 1024;
+				char *message = (char *) psg_pnalloc(req->pool, bufsize);
+				snprintf(message, bufsize, "{ \"status\": \"error\", "
+					"\"message\": \"Cannot open log file: %s (errno=%d)\" }",
+					strerror(e), e);
+				writeSimpleResponse(client, 500, &headers, message);
+				if (!req->ended()) {
+					endRequest(&client, &req);
+				}
+				return;
+			}
+			P_NOTICE("Log file opened.");
+		}
+
+		writeSimpleResponse(client, 200, &headers, "{ \"status\": \"ok\" }\n");
+		if (!req->ended()) {
+			endRequest(&client, &req);
+		}
+	}
+
+	void processStatusTxt(Client *client, Request *req) {
+		if (req->method != HTTP_GET) {
+			apiServerRespondWith405(this, client, req);
+		} else if (authorizeStateInspectionOperation(this, client, req)) {
+			HeaderTable headers;
+			headers.insert(req->pool, "Content-Type", "text/plain");
+
+			stringstream stream;
+			loggingServer->dump(stream);
+			writeSimpleResponse(client, 200, &headers, stream.str());
+			if (!req->ended()) {
+				endRequest(&client, &req);
+			}
+		} else {
+			apiServerRespondWith401(this, client, req);
+		}
+	}
+
+protected:
+	virtual void onRequestBegin(Client *client, Request *req) {
+		const StaticString path(req->path.start->data, req->path.size);
+
+		P_INFO("API request: " << http_method_str(req->method) <<
+			" " << StaticString(req->path.start->data, req->path.size));
+
+		try {
+			route(client, req, path);
+		} catch (const oxt::tracable_exception &e) {
+			SKC_ERROR(client, "Exception: " << e.what() << "\n" << e.backtrace());
+			if (!req->ended()) {
+				req->wantKeepAlive = false;
+				endRequest(&client, &req);
+			}
+		}
+	}
+
+	virtual ServerKit::Channel::Result onRequestBody(Client *client, Request *req,
+		const MemoryKit::mbuf &buffer, int errcode)
+	{
+		if (buffer.size() > 0) {
+			// Data
+			req->body.append(buffer.start, buffer.size());
+		} else if (errcode == 0) {
+			// EOF
+			Json::Reader reader;
+			if (reader.parse(req->body, req->jsonBody)) {
+				try {
+					processConfigBody(client, req);
+				} catch (const oxt::tracable_exception &e) {
+					SKC_ERROR(client, "Exception: " << e.what() << "\n" << e.backtrace());
+					if (!req->ended()) {
+						req->wantKeepAlive = false;
+						endRequest(&client, &req);
+					}
+				}
+			} else {
+				apiServerRespondWith422(this, client, req, reader.getFormattedErrorMessages());
+			}
+		} else {
+			// Error
+			disconnect(&client);
+		}
+		return ServerKit::Channel::Result(buffer.size(), false);
+	}
+
+	virtual void deinitializeRequest(Client *client, Request *req) {
+		req->body.clear();
+		if (!req->jsonBody.isNull()) {
+			req->jsonBody = Json::Value();
+		}
+		ParentClass::deinitializeRequest(client, req);
+	}
+
+public:
+	LoggingServer *loggingServer;
+	ApiAccountDatabase *apiAccountDatabase;
+	string instanceDir;
+	string fdPassingPassword;
+	EventFd *exitEvent;
+
+	ApiServer(ServerKit::Context *context)
+		: ParentClass(context),
+		  loggingServer(NULL),
+		  apiAccountDatabase(NULL),
+		  exitEvent(NULL)
+		{ }
+
+	virtual StaticString getServerName() const {
+		return P_STATIC_STRING("LoggerApiServer");
+	}
+
+	virtual unsigned int getClientName(const Client *client, char *buf, size_t size) const {
+		return ParentClass::getClientName(client, buf, size);
+	}
+
+	bool authorizeByUid(uid_t uid) const {
+		return uid == 0 || uid == geteuid();
+	}
+
+	bool authorizeByApiKey(const ApplicationPool2::ApiKey &apiKey) const {
+		return apiKey.isSuper();
+	}
+};
+
+
+} // namespace LoggingAgent
+} // namespace Passenger
+
+#endif /* _PASSENGER_LOGGING_AGENT_API_SERVER_H_ */

data/ext/common/agents/LoggingAgent/Main.cpp

@@ -22,6 +22,9 @@
  *  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  *  THE SOFTWARE.
  */
+// Include ev++.h early to avoid macro clash on EV_ERROR.
+#include <ev++.h>
+
 #include <oxt/system_calls.hpp>
 #include <oxt/backtrace.hpp>
 #include <oxt/thread.hpp>
@@ -35,13 +38,15 @@
 #include <cstring>
 #include <cerrno>
 #include <algorithm>
+#include <stdexcept>
 #include <stdlib.h>
 #include <signal.h>
 
 #include <agents/Base.h>
+#include <agents/ApiServerUtils.h>
 #include <agents/LoggingAgent/OptionParser.h>
 #include <agents/LoggingAgent/LoggingServer.h>
-#include <agents/LoggingAgent/AdminServer.h>
+#include <agents/LoggingAgent/ApiServer.h>
 
 #include <AccountsDatabase.h>
 #include <Account.h>
@@ -68,8 +73,8 @@ namespace LoggingAgent {
 	struct WorkingObjects {
 		string password;
 		FileDescriptor serverSocketFd;
-		vector<int> adminSockets;
-		vector<LoggingAgent::AdminServer::Authorization> adminAuthorizations;
+		vector<int> apiSockets;
+		ApiAccountDatabase apiAccountDatabase;
 
 		ResourceLocator *resourceLocator;
 		BackgroundEventLoop *bgloop;
@@ -77,7 +82,7 @@ namespace LoggingAgent {
 		AccountsDatabasePtr accountsDatabase;
 		LoggingServer *loggingServer;
 
-		LoggingAgent::AdminServer *adminServer;
+		LoggingAgent::ApiServer *apiServer;
 		EventFd exitEvent;
 		EventFd allClientsDisconnectedEvent;
 
@@ -109,7 +114,7 @@ static WorkingObjects *workingObjects;
 
 static void printInfo(EV_P_ struct ev_signal *watcher, int revents);
 static void onTerminationSignal(EV_P_ struct ev_signal *watcher, int revents);
-static void adminServerShutdownFinished(LoggingAgent::AdminServer *server);
+static void apiServerShutdownFinished(LoggingAgent::ApiServer *server);
 static void waitForExitEvent();
 
 void
@@ -149,30 +154,6 @@ makeFileWorldReadableAndWritable(const string &path) {
 	} while (ret == -1 && errno == EINTR);
 }
 
-static void
-parseAndAddAdminAuthorization(const string &description) {
-	TRACE_POINT();
-	WorkingObjects *wo = workingObjects;
-	LoggingAgent::AdminServer::Authorization auth;
-	vector<string> args;
-
-	split(description, ':', args);
-
-	if (args.size() == 2) {
-		auth.level = LoggingAgent::AdminServer::FULL;
-		auth.username = args[0];
-		auth.password = strip(readAll(args[1]));
-	} else if (args.size() == 3) {
-		auth.level = LoggingAgent::AdminServer::parseLevel(args[0]);
-		auth.username = args[1];
-		auth.password = strip(readAll(args[2]));
-	} else {
-		P_BUG("Too many elements in authorization description");
-	}
-
-	wo->adminAuthorizations.push_back(auth);
-}
-
 static void
 initializePrivilegedWorkingObjects() {
 	TRACE_POINT();
@@ -190,7 +171,11 @@ initializePrivilegedWorkingObjects() {
 
 	UPDATE_TRACE_POINT();
 	foreach (description, authorizations) {
-		parseAndAddAdminAuthorization(description);
+		try {
+			wo->apiAccountDatabase.add(description);
+		} catch (const ArgumentException &e) {
+			throw std::runtime_error(e.what());
+		}
 	}
 
 	// Initialize ResourceLocator here in case passenger_root's parent
@@ -204,7 +189,7 @@ startListening() {
 	const VariantMap &options = *agentsOptions;
 	WorkingObjects *wo = workingObjects;
 	string address;
-	vector<string> adminAddresses;
+	vector<string> apiAddresses;
 
 	address = options.get("logging_agent_address");
 	wo->serverSocketFd.assign(createServer(address, 0, true,
@@ -216,13 +201,13 @@ startListening() {
 	}
 
 	UPDATE_TRACE_POINT();
-	adminAddresses = options.getStrSet("logging_agent_admin_addresses",
+	apiAddresses = options.getStrSet("logging_agent_api_addresses",
 		false);
-	foreach (address, adminAddresses) {
-		wo->adminSockets.push_back(createServer(address, 0, true,
+	foreach (address, apiAddresses) {
+		wo->apiSockets.push_back(createServer(address, 0, true,
 			__FILE__, __LINE__));
-		P_LOG_FILE_DESCRIPTOR_PURPOSE(wo->adminSockets.back(),
-			"Server address: " << wo->adminSockets.back());
+		P_LOG_FILE_DESCRIPTOR_PURPOSE(wo->apiSockets.back(),
+			"Server address: " << wo->apiSockets.back());
 		if (getSocketAddressType(address) == SAT_UNIX) {
 			makeFileWorldReadableAndWritable(parseUnixSocketAddress(address));
 		}
@@ -299,13 +284,15 @@ initializeUnprivilegedWorkingObjects() {
 		wo->serverSocketFd, wo->accountsDatabase, options);
 
 	UPDATE_TRACE_POINT();
-	wo->adminServer = new LoggingAgent::AdminServer(wo->serverKitContext);
-	wo->adminServer->loggingServer = wo->loggingServer;
-	wo->adminServer->exitEvent = &wo->exitEvent;
-	wo->adminServer->shutdownFinishCallback = adminServerShutdownFinished;
-	wo->adminServer->authorizations = wo->adminAuthorizations;
-	foreach (fd, wo->adminSockets) {
-		wo->adminServer->listen(fd);
+	wo->apiServer = new LoggingAgent::ApiServer(wo->serverKitContext);
+	wo->apiServer->loggingServer = wo->loggingServer;
+	wo->apiServer->apiAccountDatabase = &wo->apiAccountDatabase;
+	wo->apiServer->instanceDir = options.get("instance_dir", false);
+	wo->apiServer->fdPassingPassword = options.get("watchdog_fd_passing_password", false);
+	wo->apiServer->exitEvent = &wo->exitEvent;
+	wo->apiServer->shutdownFinishCallback = apiServerShutdownFinished;
+	foreach (fd, wo->apiSockets) {
+		wo->apiServer->listen(fd);
 	}
 
 	UPDATE_TRACE_POINT();
@@ -362,12 +349,12 @@ mainLoop() {
 }
 
 static void
-shutdownAdminServer() {
-	workingObjects->adminServer->shutdown();
+shutdownApiServer() {
+	workingObjects->apiServer->shutdown();
 }
 
 static void
-adminServerShutdownFinished(LoggingAgent::AdminServer *server) {
+apiServerShutdownFinished(LoggingAgent::ApiServer *server) {
 	workingObjects->allClientsDisconnectedEvent.notify();
 }
 
@@ -410,7 +397,7 @@ waitForExitEvent() {
 		/* We received an exit command. */
 		P_NOTICE("Received command to shutdown gracefully. "
 			"Waiting until all clients have disconnected...");
-		wo->bgloop->safe->runLater(shutdownAdminServer);
+		wo->bgloop->safe->runLater(shutdownApiServer);
 
 		UPDATE_TRACE_POINT();
 		FD_ZERO(&fds);
@@ -433,7 +420,7 @@ cleanup() {
 
 	P_DEBUG("Shutting down " AGENT_EXE " logger...");
 	wo->bgloop->stop();
-	delete wo->adminServer;
+	delete wo->apiServer;
 	P_NOTICE(AGENT_EXE " logger shutdown finished");
 }
 
@@ -458,6 +445,9 @@ runLoggingAgent() {
 	} catch (const tracable_exception &e) {
 		P_ERROR("ERROR: " << e.what() << "\n" << e.backtrace());
 		return 1;
+	} catch (const std::runtime_error &e) {
+		P_CRITICAL("ERROR: " << e.what());
+		return 1;
 	}
 
 	return 0;
@@ -500,11 +490,11 @@ preinitialize(VariantMap &options) {
 static void
 setAgentsOptionsDefaults() {
 	VariantMap &options = *agentsOptions;
-	set<string> defaultAdminListenAddress;
-	defaultAdminListenAddress.insert(DEFAULT_LOGGING_AGENT_ADMIN_LISTEN_ADDRESS);
+	set<string> defaultApiListenAddress;
+	defaultApiListenAddress.insert(DEFAULT_LOGGING_AGENT_API_LISTEN_ADDRESS);
 
 	options.setDefault("logging_agent_address", DEFAULT_LOGGING_AGENT_LISTEN_ADDRESS);
-	options.setDefaultStrSet("logging_agent_admin_addresses", defaultAdminListenAddress);
+	options.setDefaultStrSet("logging_agent_api_addresses", defaultApiListenAddress);
 }
 
 static void