diff options
| author | Igor Sysoev <igor@sysoev.ru> | 2004-01-20 20:40:08 +0000 |
|---|---|---|
| committer | Igor Sysoev <igor@sysoev.ru> | 2004-01-20 20:40:08 +0000 |
| commit | 03420a621ae7f0b7ca37d37b33ff9ae8277dda49 (patch) | |
| tree | 79907192a7774ea974f0ffc734e3e7caaa6a4b99 | |
| parent | a1c8a92566ab0bbb8c58c06038474670aca52407 (diff) | |
| download | nginx-03420a621ae7f0b7ca37d37b33ff9ae8277dda49.tar.gz nginx-03420a621ae7f0b7ca37d37b33ff9ae8277dda49.zip | |
nginx-0.0.1-2004-01-20-23:40:08 import
| -rw-r--r-- | src/core/nginx.c | 124 | ||||
| -rw-r--r-- | src/core/ngx_log.c | 22 | ||||
| -rw-r--r-- | src/core/ngx_log.h | 2 | ||||
| -rw-r--r-- | src/http/ngx_http_core_module.c | 16 | ||||
| -rw-r--r-- | src/os/unix/ngx_freebsd_config.h | 1 | ||||
| -rw-r--r-- | src/os/unix/ngx_process.c | 8 |
6 files changed, 113 insertions, 60 deletions
diff --git a/src/core/nginx.c b/src/core/nginx.c index 851a0a2e6..ba02b8062 100644 --- a/src/core/nginx.c +++ b/src/core/nginx.c @@ -6,9 +6,10 @@ typedef struct { - ngx_str_t user; int daemon; int master; + uid_t user; + gid_t group; ngx_str_t pid; ngx_str_t newpid; } ngx_core_conf_t; @@ -27,6 +28,7 @@ static void ngx_worker_process_cycle(ngx_cycle_t *cycle, void *data); static ngx_int_t ngx_add_inherited_sockets(ngx_cycle_t *cycle, char **envp); static ngx_pid_t ngx_exec_new_binary(ngx_cycle_t *cycle, char *const *argv); static ngx_int_t ngx_core_module_init(ngx_cycle_t *cycle); +static char *ngx_set_user(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); static ngx_str_t core_name = ngx_string("core"); @@ -34,10 +36,10 @@ static ngx_str_t core_name = ngx_string("core"); static ngx_command_t ngx_core_commands[] = { { ngx_string("user"), - NGX_MAIN_CONF|NGX_CONF_TAKE1, - ngx_conf_set_core_str_slot, + NGX_MAIN_CONF|NGX_CONF_TAKE12, + ngx_set_user, + 0, 0, - offsetof(ngx_core_conf_t, user), NULL }, { ngx_string("daemon"), @@ -68,26 +70,21 @@ ngx_module_t ngx_core_module = { }; -ngx_int_t ngx_max_module; - - -/* STUB */ -uid_t user; - -u_int ngx_connection_counter; +ngx_int_t ngx_max_module; +ngx_uint_t ngx_connection_counter; -ngx_int_t ngx_process; -ngx_pid_t ngx_new_binary; +ngx_int_t ngx_process; +ngx_pid_t ngx_new_binary; -ngx_int_t ngx_inherited; -ngx_int_t ngx_signal; -ngx_int_t ngx_reap; -ngx_int_t ngx_terminate; -ngx_int_t ngx_quit; -ngx_int_t ngx_noaccept; -ngx_int_t ngx_reconfigure; -ngx_int_t ngx_reopen; -ngx_int_t ngx_change_binary; +ngx_int_t ngx_inherited; +ngx_int_t ngx_signal; +ngx_int_t ngx_reap; +ngx_int_t ngx_terminate; +ngx_int_t ngx_quit; +ngx_int_t ngx_noaccept; +ngx_int_t ngx_reconfigure; +ngx_int_t ngx_reopen; +ngx_int_t ngx_change_binary; int main(int argc, char *const *argv, char **envp) @@ -102,7 +99,6 @@ int main(int argc, char *const *argv, char **envp) #if !(WIN32) size_t len; char pid[/* STUB */ 10]; - struct passwd *pwd; #endif #if __FreeBSD__ @@ -169,19 +165,6 @@ int main(int argc, char *const *argv, char **envp) #else - /* STUB */ - if (ccf->user.len) { - pwd = getpwnam(ccf->user.data); - if (pwd == NULL) { - ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno, - "getpwnam(%s) failed", ccf->user); - return 1; - } - - user = pwd->pw_uid; - } - /* */ - if (ccf->daemon != 0) { if (ngx_daemon(cycle->log) == NGX_ERROR) { return 1; @@ -573,16 +556,28 @@ static void ngx_worker_process_cycle(ngx_cycle_t *cycle, void *data) sigset_t set; ngx_int_t i; ngx_listening_t *ls; + ngx_core_conf_t *ccf; ngx_process = NGX_PROCESS_WORKER; ngx_last_process = 0; - if (user) { - if (setuid(user) == -1) { - ngx_log_error(NGX_LOG_ALERT, cycle->log, ngx_errno, - "setuid() failed"); + ccf = (ngx_core_conf_t *) ngx_get_conf(cycle->conf_ctx, ngx_core_module); + + if (ccf->group != (gid_t) NGX_CONF_UNSET) { + if (setuid(ccf->group) == -1) { + ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno, + "setgid(%d) failed", ccf->group); + /* fatal */ + exit(2); + } + } + + if (ccf->user != (uid_t) NGX_CONF_UNSET && geteuid() == 0) { + if (setuid(ccf->user) == -1) { + ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno, + "setuid(%d) failed", ccf->user); /* fatal */ - exit(1); + exit(2); } } @@ -755,10 +750,53 @@ static ngx_int_t ngx_core_module_init(ngx_cycle_t *cycle) * * ccf->pid = NULL; */ - ccf->daemon = -1; - ccf->master = -1; + ccf->daemon = NGX_CONF_UNSET; + ccf->master = NGX_CONF_UNSET; + ccf->user = (uid_t) NGX_CONF_UNSET; + ccf->group = (gid_t) NGX_CONF_UNSET; ((void **)(cycle->conf_ctx))[ngx_core_module.index] = ccf; return NGX_OK; } + + +static char *ngx_set_user(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) +{ + struct passwd *pwd; + struct group *grp; + ngx_str_t *value; + ngx_core_conf_t *ccf; + + ccf = *(void **)conf; + + if (ccf->user != (uid_t) NGX_CONF_UNSET) { + return "is duplicate"; + } + + value = (ngx_str_t *) cf->args->elts; + + pwd = getpwnam(value[1].data); + if (pwd == NULL) { + ngx_conf_log_error(NGX_LOG_EMERG, cf, ngx_errno, + "getpwnam(%s) failed", value[1].data); + return NGX_CONF_ERROR; + } + + ccf->user = pwd->pw_uid; + + if (cf->args->nelts == 2) { + return NGX_CONF_OK; + } + + grp = getgrnam(value[2].data); + if (grp == NULL) { + ngx_conf_log_error(NGX_LOG_EMERG, cf, ngx_errno, + "getgrnam(%s) failed", value[1].data); + return NGX_CONF_ERROR; + } + + ccf->group = grp->gr_gid; + + return NGX_CONF_OK; +} diff --git a/src/core/ngx_log.c b/src/core/ngx_log.c index 5e3df2278..fa2aeee86 100644 --- a/src/core/ngx_log.c +++ b/src/core/ngx_log.c @@ -275,7 +275,6 @@ ngx_log_t *ngx_log_create_errlog(ngx_cycle_t *cycle, ngx_array_t *args) static char *ngx_set_error_log(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) { - ngx_int_t i, n, d; ngx_str_t *value; value = cf->args->elts; @@ -287,19 +286,30 @@ static char *ngx_set_error_log(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) cf->cycle->log->file->name = value[1]; } + return ngx_set_error_log_levels(cf, cf->cycle->log); +} + + +char *ngx_set_error_log_levels(ngx_conf_t *cf, ngx_log_t *log) +{ + ngx_int_t i, n, d; + ngx_str_t *value; + + value = cf->args->elts; + for (i = 2; i < cf->args->nelts; i++) { for (n = 1; n < NGX_LOG_DEBUG; n++) { if (ngx_strcmp(value[i].data, err_levels[n]) == 0) { - if (cf->cycle->log->log_level != 0) { + if (log->log_level != 0) { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid log level \"%s\"", value[i].data); return NGX_CONF_ERROR; } - cf->cycle->log->log_level = n; + log->log_level = n; continue; } } @@ -307,21 +317,21 @@ static char *ngx_set_error_log(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) d = NGX_LOG_DEBUG_FIRST; for (n = 0; n < /* STUB */ 4; n++) { if (ngx_strcmp(value[i].data, debug_levels[n]) == 0) { - if (cf->cycle->log->log_level & ~NGX_LOG_DEBUG_ALL) { + if (log->log_level & ~NGX_LOG_DEBUG_ALL) { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid log level \"%s\"", value[i].data); return NGX_CONF_ERROR; } - cf->cycle->log->log_level |= d; + log->log_level |= d; } d <<= 1; } - if (cf->cycle->log->log_level == 0) { + if (log->log_level == 0) { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid log level \"%s\"", value[i].data); return NGX_CONF_ERROR; diff --git a/src/core/ngx_log.h b/src/core/ngx_log.h index ab96a463d..15498e14f 100644 --- a/src/core/ngx_log.h +++ b/src/core/ngx_log.h @@ -305,6 +305,8 @@ void ngx_assert_core(ngx_log_t *log, const char *fmt, ...); ngx_log_t *ngx_log_init_errlog(); ngx_log_t *ngx_log_create_errlog(ngx_cycle_t *cycle, ngx_array_t *args); +char *ngx_set_error_log_levels(ngx_conf_t *cf, ngx_log_t *log); + extern ngx_module_t ngx_errlog_module; diff --git a/src/http/ngx_http_core_module.c b/src/http/ngx_http_core_module.c index 46c90f8da..53be3848f 100644 --- a/src/http/ngx_http_core_module.c +++ b/src/http/ngx_http_core_module.c @@ -205,7 +205,7 @@ static ngx_command_t ngx_http_core_commands[] = { NULL }, { ngx_string("error_log"), - NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_1MORE, ngx_set_error_log, NGX_HTTP_LOC_CONF_OFFSET, 0, @@ -1395,17 +1395,11 @@ static char *ngx_set_error_log(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) { ngx_http_core_loc_conf_t *lcf = conf; -#if 0 - ngx_str_t *value; - - value = cf->args->elts; -#endif - - ngx_test_null(lcf->err_log, - ngx_log_create_errlog(cf->cycle, cf->args), - NGX_CONF_ERROR); + if (!(lcf->err_log = ngx_log_create_errlog(cf->cycle, cf->args))) { + return NGX_CONF_ERROR; + } - return NGX_CONF_OK; + return ngx_set_error_log_levels(cf, lcf->err_log); } diff --git a/src/os/unix/ngx_freebsd_config.h b/src/os/unix/ngx_freebsd_config.h index ce5c3b692..9fc14b3a9 100644 --- a/src/os/unix/ngx_freebsd_config.h +++ b/src/os/unix/ngx_freebsd_config.h @@ -25,6 +25,7 @@ #include <arpa/inet.h> #include <netdb.h> #include <pwd.h> +#include <grp.h> #include <osreldate.h> diff --git a/src/os/unix/ngx_process.c b/src/os/unix/ngx_process.c index 2f0d5c31f..bad9a324c 100644 --- a/src/os/unix/ngx_process.c +++ b/src/os/unix/ngx_process.c @@ -235,5 +235,13 @@ void ngx_process_get_status() "%s " PID_T_FMT " exited with code %d", process, pid, WEXITSTATUS(status)); } + + if (WEXITSTATUS(status) == 2 && ngx_processes[i].respawn) { + ngx_log_error(NGX_LOG_ALERT, ngx_cycle->log, 0, + "%s " PID_T_FMT + " exited with fatal code %d and could not respawn", + process, pid, WEXITSTATUS(status)); + ngx_processes[i].respawn = 0; + } } } |