void add_stuff(term *t, environment *env)
{
if(t->kind == DEF){
add_environment(env, t);
}
if(t->kind == IND){
term **constructors = t->cases;
t->cases = 0;
int n = t->n;
add_environment(env, t);
int i;
for (i = 0; i < n; ++i) {
term *cons = constructors[i];
evaluate_term(cons, env);
add_environment(env, cons);
}
term *elim = make_eliminator(t, constructors, n);
elim->annotation = type_infer(elim, 0, 0);
printf("Automatically adding %s: ", elim->name);
print_term(elim->annotation);
printf("\n");
add_environment(env, elim);
for (i = 0; i < n; ++i) {
free_term(constructors[i]);
}
free(constructors);
free_term(elim);
}
}
static void publish_socket(const char *name, int fd)
{
char key[64] = ANDROID_SOCKET_ENV_PREFIX;
char val[64];
strlcpy(key + sizeof(ANDROID_SOCKET_ENV_PREFIX) - 1,
name,
sizeof(key) - sizeof(ANDROID_SOCKET_ENV_PREFIX));
snprintf(val, sizeof(val), "%d", fd);
add_environment(key, val);
/* make sure we don't close-on-exec */
fcntl(fd, F_SETFD, 0);
}
int wait_for_service(char *filename) {
struct stat s;
int status;
pid_t pid;
if (stat(filename, &s) != 0) {
ERROR("cannot find '%s'", filename);
return -1;
}
NOTICE("executing '%s'\n", filename);
pid = fork();
if (pid == 0) {
char tmp[32];
int fd, sz;
get_property_workspace(&fd, &sz);
sprintf(tmp, "%d,%d", dup(fd), sz);
add_environment("ANDROID_PROPERTY_WORKSPACE", tmp);
/* redirect stdio to null */
zap_stdio();
setpgid(0, getpid());
/* execute */
execve(filename, NULL, (char **)ENV);
/* exit */
_exit(0);
}
if (pid < 0) {
ERROR("failed to fork and start '%s'\n", filename);
return -1;
}
if (-1 == waitpid(pid, &status, WCONTINUED | WUNTRACED)) {
ERROR("Wait for child error\n");
return -1;
}
if (WIFEXITED(status)) {
NOTICE("executed '%s' done\n", filename);
}
return 0;
}
int do_export(int nargs, char **args)
{
add_environment(args[1], args[2]);
return 0;
}
void service_start(struct service *svc, const char *dynamic_args)
{
struct stat s;
pid_t pid;
int needs_console;
int n;
#ifdef HAVE_SELINUX
char *scon = NULL;
int rc;
#endif
/* starting a service removes it from the disabled or reset
* state and immediately takes it out of the restarting
* state if it was in there
*/
svc->flags &= (~(SVC_DISABLED|SVC_RESTARTING|SVC_RESET));
svc->time_started = 0;
/* running processes require no additional work -- if
* they're in the process of exiting, we've ensured
* that they will immediately restart on exit, unless
* they are ONESHOT
*/
if (svc->flags & SVC_RUNNING) {
return;
}
needs_console = (svc->flags & SVC_CONSOLE) ? 1 : 0;
if (needs_console && (!have_console)) {
ERROR("service '%s' requires console\n", svc->name);
svc->flags |= SVC_DISABLED;
return;
}
if (stat(svc->args[0], &s) != 0) {
ERROR("cannot find '%s', disabling '%s'\n", svc->args[0], svc->name);
svc->flags |= SVC_DISABLED;
return;
}
if ((!(svc->flags & SVC_ONESHOT)) && dynamic_args) {
ERROR("service '%s' must be one-shot to use dynamic args, disabling\n",
svc->args[0]);
svc->flags |= SVC_DISABLED;
return;
}
#ifdef HAVE_SELINUX
if (is_selinux_enabled() > 0) {
char *mycon = NULL, *fcon = NULL;
INFO("computing context for service '%s'\n", svc->args[0]);
rc = getcon(&mycon);
if (rc < 0) {
ERROR("could not get context while starting '%s'\n", svc->name);
return;
}
rc = getfilecon(svc->args[0], &fcon);
if (rc < 0) {
ERROR("could not get context while starting '%s'\n", svc->name);
freecon(mycon);
return;
}
rc = security_compute_create(mycon, fcon, string_to_security_class("process"), &scon);
freecon(mycon);
freecon(fcon);
if (rc < 0) {
ERROR("could not get context while starting '%s'\n", svc->name);
return;
}
}
#endif
NOTICE("starting '%s'\n", svc->name);
pid = fork();
if (pid == 0) {
struct socketinfo *si;
struct svcenvinfo *ei;
char tmp[32];
int fd, sz;
umask(077);
#ifdef __arm__
/*
* b/7188322 - Temporarily revert to the compat memory layout
* to avoid breaking third party apps.
*
* THIS WILL GO AWAY IN A FUTURE ANDROID RELEASE.
*
* http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=7dbaa466
* changes the kernel mapping from bottom up to top-down.
* This breaks some programs which improperly embed
* an out of date copy of Android's linker.
*/
int current = personality(0xffffFFFF);
personality(current | ADDR_COMPAT_LAYOUT);
#endif
if (properties_inited()) {
get_property_workspace(&fd, &sz);
sprintf(tmp, "%d,%d", dup(fd), sz);
add_environment("ANDROID_PROPERTY_WORKSPACE", tmp);
}
for (ei = svc->envvars; ei; ei = ei->next)
add_environment(ei->name, ei->value);
#ifdef HAVE_SELINUX
setsockcreatecon(scon);
#endif
for (si = svc->sockets; si; si = si->next) {
int socket_type = (
!strcmp(si->type, "stream") ? SOCK_STREAM :
(!strcmp(si->type, "dgram") ? SOCK_DGRAM : SOCK_SEQPACKET));
int s = create_socket(si->name, socket_type,
si->perm, si->uid, si->gid);
if (s >= 0) {
publish_socket(si->name, s);
}
}
#ifdef HAVE_SELINUX
freecon(scon);
scon = NULL;
setsockcreatecon(NULL);
#endif
if (svc->ioprio_class != IoSchedClass_NONE) {
if (android_set_ioprio(getpid(), svc->ioprio_class, svc->ioprio_pri)) {
ERROR("Failed to set pid %d ioprio = %d,%d: %s\n",
getpid(), svc->ioprio_class, svc->ioprio_pri, strerror(errno));
}
}
if (needs_console) {
setsid();
open_console();
} else {
zap_stdio();
}
#if 0
for (n = 0; svc->args[n]; n++) {
INFO("args[%d] = '%s'\n", n, svc->args[n]);
}
for (n = 0; ENV[n]; n++) {
INFO("env[%d] = '%s'\n", n, ENV[n]);
}
#endif
setpgid(0, getpid());
/* as requested, set our gid, supplemental gids, and uid */
if (svc->gid) {
if (setgid(svc->gid) != 0) {
ERROR("setgid failed: %s\n", strerror(errno));
_exit(127);
}
}
if (svc->nr_supp_gids) {
if (setgroups(svc->nr_supp_gids, svc->supp_gids) != 0) {
ERROR("setgroups failed: %s\n", strerror(errno));
_exit(127);
}
}
if (svc->uid) {
if (setuid(svc->uid) != 0) {
ERROR("setuid failed: %s\n", strerror(errno));
_exit(127);
}
}
#ifdef HAVE_SELINUX
if (svc->seclabel) {
if (is_selinux_enabled() > 0 && setexeccon(svc->seclabel) < 0) {
ERROR("cannot setexeccon('%s'): %s\n", svc->seclabel, strerror(errno));
_exit(127);
}
}
#endif
if (!dynamic_args) {
if (execve(svc->args[0], (char**) svc->args, (char**) ENV) < 0) {
ERROR("cannot execve('%s'): %s\n", svc->args[0], strerror(errno));
}
} else {
char *arg_ptrs[INIT_PARSER_MAXARGS+1];
int arg_idx = svc->nargs;
char *tmp = strdup(dynamic_args);
char *next = tmp;
char *bword;
/* Copy the static arguments */
memcpy(arg_ptrs, svc->args, (svc->nargs * sizeof(char *)));
while((bword = strsep(&next, " "))) {
arg_ptrs[arg_idx++] = bword;
if (arg_idx == INIT_PARSER_MAXARGS)
break;
}
arg_ptrs[arg_idx] = '\0';
execve(svc->args[0], (char**) arg_ptrs, (char**) ENV);
}
_exit(127);
}
#ifdef HAVE_SELINUX
freecon(scon);
#endif
if (pid < 0) {
ERROR("failed to start '%s'\n", svc->name);
svc->pid = 0;
return;
}
svc->time_started = gettime();
svc->pid = pid;
svc->flags |= SVC_RUNNING;
if (properties_inited())
notify_service_state(svc->name, "running");
}
void service_start(struct service *svc, const char *dynamic_args)
{
// Starting a service removes it from the disabled or reset state and
// immediately takes it out of the restarting state if it was in there.
svc->flags &= (~(SVC_DISABLED|SVC_RESTARTING|SVC_RESET|SVC_RESTART|SVC_DISABLED_START));
svc->time_started = 0;
// Running processes require no additional work --- if they're in the
// process of exiting, we've ensured that they will immediately restart
// on exit, unless they are ONESHOT.
if (svc->flags & SVC_RUNNING) {
return;
}
bool needs_console = (svc->flags & SVC_CONSOLE);
if (needs_console && !have_console) {
ERROR("service '%s' requires console\n", svc->name);
svc->flags |= SVC_DISABLED;
return;
}
struct stat sb;
if (stat(svc->args[0], &sb) == -1) {
ERROR("cannot find '%s' (%s), disabling '%s'\n", svc->args[0], strerror(errno), svc->name);
svc->flags |= SVC_DISABLED;
return;
}
if ((!(svc->flags & SVC_ONESHOT)) && dynamic_args) {
ERROR("service '%s' must be one-shot to use dynamic args, disabling\n", svc->args[0]);
svc->flags |= SVC_DISABLED;
return;
}
char* scon = NULL;
if (svc->seclabel) {
scon = strdup(svc->seclabel);
if (!scon) {
ERROR("Out of memory while starting '%s'\n", svc->name);
return;
}
} else {
char *mycon = NULL, *fcon = NULL;
INFO("computing context for service '%s'\n", svc->args[0]);
int rc = getcon(&mycon);
if (rc < 0) {
ERROR("could not get context while starting '%s'\n", svc->name);
return;
}
rc = getfilecon(svc->args[0], &fcon);
if (rc < 0) {
ERROR("could not get context while starting '%s'\n", svc->name);
free(mycon);
return;
}
rc = security_compute_create(mycon, fcon, string_to_security_class("process"), &scon);
if (rc == 0 && !strcmp(scon, mycon)) {
ERROR("Service %s does not have a SELinux domain defined.\n", svc->name);
free(mycon);
free(fcon);
free(scon);
return;
}
free(mycon);
free(fcon);
if (rc < 0) {
ERROR("could not get context while starting '%s'\n", svc->name);
return;
}
}
NOTICE("Starting service '%s'...\n", svc->name);
pid_t pid = fork();
if (pid == 0) {
struct socketinfo *si;
struct svcenvinfo *ei;
char tmp[32];
int fd, sz;
umask(077);
if (properties_initialized()) {
get_property_workspace(&fd, &sz);
snprintf(tmp, sizeof(tmp), "%d,%d", dup(fd), sz);
add_environment("ANDROID_PROPERTY_WORKSPACE", tmp);
}
for (ei = svc->envvars; ei; ei = ei->next)
add_environment(ei->name, ei->value);
for (si = svc->sockets; si; si = si->next) {
int socket_type = (
!strcmp(si->type, "stream") ? SOCK_STREAM :
(!strcmp(si->type, "dgram") ? SOCK_DGRAM : SOCK_SEQPACKET));
int s = create_socket(si->name, socket_type,
si->perm, si->uid, si->gid, si->socketcon ?: scon);
if (s >= 0) {
publish_socket(si->name, s);
}
}
free(scon);
scon = NULL;
if (svc->writepid_files_) {
std::string pid_str = android::base::StringPrintf("%d", pid);
for (auto& file : *svc->writepid_files_) {
if (!android::base::WriteStringToFile(pid_str, file)) {
ERROR("couldn't write %s to %s: %s\n",
pid_str.c_str(), file.c_str(), strerror(errno));
}
}
}
if (svc->ioprio_class != IoSchedClass_NONE) {
if (android_set_ioprio(getpid(), svc->ioprio_class, svc->ioprio_pri)) {
ERROR("Failed to set pid %d ioprio = %d,%d: %s\n",
getpid(), svc->ioprio_class, svc->ioprio_pri, strerror(errno));
}
}
if (needs_console) {
setsid();
open_console();
} else {
zap_stdio();
}
if (false) {
for (size_t n = 0; svc->args[n]; n++) {
INFO("args[%zu] = '%s'\n", n, svc->args[n]);
}
for (size_t n = 0; ENV[n]; n++) {
INFO("env[%zu] = '%s'\n", n, ENV[n]);
}
}
setpgid(0, getpid());
// As requested, set our gid, supplemental gids, and uid.
if (svc->gid) {
if (setgid(svc->gid) != 0) {
ERROR("setgid failed: %s\n", strerror(errno));
_exit(127);
}
}
if (svc->nr_supp_gids) {
if (setgroups(svc->nr_supp_gids, svc->supp_gids) != 0) {
ERROR("setgroups failed: %s\n", strerror(errno));
_exit(127);
}
}
if (svc->uid) {
if (setuid(svc->uid) != 0) {
ERROR("setuid failed: %s\n", strerror(errno));
_exit(127);
}
}
if (svc->seclabel) {
if (setexeccon(svc->seclabel) < 0) {
ERROR("cannot setexeccon('%s'): %s\n", svc->seclabel, strerror(errno));
_exit(127);
}
}
if (!dynamic_args) {
if (execve(svc->args[0], (char**) svc->args, (char**) ENV) < 0) {
ERROR("cannot execve('%s'): %s\n", svc->args[0], strerror(errno));
}
} else {
char *arg_ptrs[INIT_PARSER_MAXARGS+1];
int arg_idx = svc->nargs;
char *tmp = strdup(dynamic_args);
char *next = tmp;
char *bword;
/* Copy the static arguments */
memcpy(arg_ptrs, svc->args, (svc->nargs * sizeof(char *)));
while((bword = strsep(&next, " "))) {
arg_ptrs[arg_idx++] = bword;
if (arg_idx == INIT_PARSER_MAXARGS)
break;
}
arg_ptrs[arg_idx] = NULL;
execve(svc->args[0], (char**) arg_ptrs, (char**) ENV);
}
_exit(127);
}
free(scon);
if (pid < 0) {
ERROR("failed to start '%s'\n", svc->name);
svc->pid = 0;
return;
}
svc->time_started = gettime();
svc->pid = pid;
svc->flags |= SVC_RUNNING;
if ((svc->flags & SVC_EXEC) != 0) {
INFO("SVC_EXEC pid %d (uid %d gid %d+%zu context %s) started; waiting...\n",
svc->pid, svc->uid, svc->gid, svc->nr_supp_gids,
svc->seclabel ? : "default");
waiting_for_exec = true;
}
int main(int argc, char** argv) {
if (!strcmp(basename(argv[0]), "ueventd")) {
return ueventd_main(argc, argv);
}
if (!strcmp(basename(argv[0]), "watchdogd")) {
return watchdogd_main(argc, argv);
}
// Clear the umask.
umask(0);
add_environment("PATH", _PATH_DEFPATH);
bool is_first_stage = (argc == 1) || (strcmp(argv[1], "--second-stage") != 0);
// Get the basic filesystem setup we need put together in the initramdisk
// on / and then we'll let the rc file figure out the rest.
if (is_first_stage) {
mount("tmpfs", "/dev", "tmpfs", MS_NOSUID, "mode=0755");
mkdir("/dev/pts", 0755);
mkdir("/dev/socket", 0755);
mount("devpts", "/dev/pts", "devpts", 0, NULL);
#define MAKE_STR(x) __STRING(x)
mount("proc", "/proc", "proc", 0, "hidepid=2,gid=" MAKE_STR(AID_READPROC));
mount("sysfs", "/sys", "sysfs", 0, NULL);
mount("selinuxfs", "/sys/fs/selinux", "selinuxfs", 0, NULL);
}
// We must have some place other than / to create the device nodes for
// kmsg and null, otherwise we won't be able to remount / read-only
// later on. Now that tmpfs is mounted on /dev, we can actually talk
// to the outside world.
open_devnull_stdio();
klog_init();
klog_set_level(KLOG_NOTICE_LEVEL);
NOTICE("init %s started!\n", is_first_stage ? "first stage" : "second stage");
if (!is_first_stage) {
// Indicate that booting is in progress to background fw loaders, etc.
close(open("/dev/.booting", O_WRONLY | O_CREAT | O_CLOEXEC, 0000));
property_init();
// If arguments are passed both on the command line and in DT,
// properties set in DT always have priority over the command-line ones.
process_kernel_dt();
process_kernel_cmdline();
// Propagate the kernel variables to internal variables
// used by init as well as the current required properties.
export_kernel_boot_props();
}
// Set up SELinux, including loading the SELinux policy if we're in the kernel domain.
selinux_initialize(is_first_stage);
// If we're in the kernel domain, re-exec init to transition to the init domain now
// that the SELinux policy has been loaded.
if (is_first_stage) {
if (restorecon("/init") == -1) {
ERROR("restorecon failed: %s\n", strerror(errno));
security_failure();
}
char* path = argv[0];
char* args[] = { path, const_cast<char*>("--second-stage"), nullptr };
if (execv(path, args) == -1) {
ERROR("execv(\"%s\") failed: %s\n", path, strerror(errno));
security_failure();
}
}
// These directories were necessarily created before initial policy load
// and therefore need their security context restored to the proper value.
// This must happen before /dev is populated by ueventd.
NOTICE("Running restorecon...\n");
restorecon("/dev");
restorecon("/dev/socket");
restorecon("/dev/__properties__");
restorecon("/property_contexts");
restorecon_recursive("/sys");
epoll_fd = epoll_create1(EPOLL_CLOEXEC);
if (epoll_fd == -1) {
ERROR("epoll_create1 failed: %s\n", strerror(errno));
exit(1);
}
signal_handler_init();
property_load_boot_defaults();
export_oem_lock_status();
start_property_service();
const BuiltinFunctionMap function_map;
Action::set_function_map(&function_map);
Parser& parser = Parser::GetInstance();
parser.AddSectionParser("service",std::make_unique<ServiceParser>());
parser.AddSectionParser("on", std::make_unique<ActionParser>());
parser.AddSectionParser("import", std::make_unique<ImportParser>());
parser.ParseConfig("/init.rc");
ActionManager& am = ActionManager::GetInstance();
am.QueueEventTrigger("early-init");
// Queue an action that waits for coldboot done so we know ueventd has set up all of /dev...
am.QueueBuiltinAction(wait_for_coldboot_done_action, "wait_for_coldboot_done");
// ... so that we can start queuing up actions that require stuff from /dev.
am.QueueBuiltinAction(mix_hwrng_into_linux_rng_action, "mix_hwrng_into_linux_rng");
am.QueueBuiltinAction(keychord_init_action, "keychord_init");
am.QueueBuiltinAction(console_init_action, "console_init");
// Trigger all the boot actions to get us started.
am.QueueEventTrigger("init");
// Repeat mix_hwrng_into_linux_rng in case /dev/hw_random or /dev/random
// wasn't ready immediately after wait_for_coldboot_done
am.QueueBuiltinAction(mix_hwrng_into_linux_rng_action, "mix_hwrng_into_linux_rng");
// Don't mount filesystems or start core system services in charger mode.
std::string bootmode = property_get("ro.bootmode");
if (bootmode == "charger") {
am.QueueEventTrigger("charger");
} else {
am.QueueEventTrigger("late-init");
}
// Run all property triggers based on current state of the properties.
am.QueueBuiltinAction(queue_property_triggers_action, "queue_property_triggers");
while (true) {
if (!waiting_for_exec) {
am.ExecuteOneCommand();
restart_processes();
}
int timeout = -1;
if (process_needs_restart) {
timeout = (process_needs_restart - gettime()) * 1000;
if (timeout < 0)
timeout = 0;
}
if (am.HasMoreCommands()) {
timeout = 0;
}
bootchart_sample(&timeout);
epoll_event ev;
int nr = TEMP_FAILURE_RETRY(epoll_wait(epoll_fd, &ev, 1, timeout));
if (nr == -1) {
ERROR("epoll_wait failed: %s\n", strerror(errno));
} else if (nr == 1) {
((void (*)()) ev.data.ptr)();
}
}
return 0;
}
void service_start(struct service *svc, const char *dynamic_args)
{
struct stat s;
pid_t pid;
int needs_console;
int n;
/* starting a service removes it from the disabled or reset
* state and immediately takes it out of the restarting
* state if it was in there
*/
svc->flags &= (~(SVC_DISABLED|SVC_RESTARTING|SVC_RESET|SVC_RESTART));
svc->time_started = 0;
/* running processes require no additional work -- if
* they're in the process of exiting, we've ensured
* that they will immediately restart on exit, unless
* they are ONESHOT
*/
if (svc->flags & SVC_RUNNING) {
return;
}
needs_console = (svc->flags & SVC_CONSOLE) ? 1 : 0;
if (needs_console && (!have_console)) {
ERROR("service '%s' requires console\n", svc->name);
svc->flags |= SVC_DISABLED;
return;
}
if (stat(svc->args[0], &s) != 0) {
ERROR("cannot find '%s', disabling '%s'\n", svc->args[0], svc->name);
svc->flags |= SVC_DISABLED;
return;
}
if ((!(svc->flags & SVC_ONESHOT)) && dynamic_args) {
ERROR("service '%s' must be one-shot to use dynamic args, disabling\n",
svc->args[0]);
svc->flags |= SVC_DISABLED;
return;
}
NOTICE("starting '%s'\n", svc->name);
pid = fork();
if (pid == 0) {
struct socketinfo *si;
struct svcenvinfo *ei;
char tmp[32];
int fd, sz;
if (properties_inited()) {
get_property_workspace(&fd, &sz);
sprintf(tmp, "%d,%d", dup(fd), sz);
add_environment("ANDROID_PROPERTY_WORKSPACE", tmp);
}
for (ei = svc->envvars; ei; ei = ei->next)
add_environment(ei->name, ei->value);
for (si = svc->sockets; si; si = si->next) {
int socket_type = (
!strcmp(si->type, "stream") ? SOCK_STREAM :
(!strcmp(si->type, "dgram") ? SOCK_DGRAM : SOCK_SEQPACKET));
int s = create_socket(si->name, socket_type,
si->perm, si->uid, si->gid);
if (s >= 0) {
publish_socket(si->name, s);
}
}
if (svc->ioprio_class != IoSchedClass_NONE) {
if (android_set_ioprio(getpid(), svc->ioprio_class, svc->ioprio_pri)) {
ERROR("Failed to set pid %d ioprio = %d,%d: %s\n",
getpid(), svc->ioprio_class, svc->ioprio_pri, strerror(errno));
}
}
if (needs_console) {
setsid();
open_console();
} else {
zap_stdio();
}
#if 0
for (n = 0; svc->args[n]; n++) {
INFO("args[%d] = '%s'\n", n, svc->args[n]);
}
for (n = 0; ENV[n]; n++) {
INFO("env[%d] = '%s'\n", n, ENV[n]);
}
#endif
setpgid(0, getpid());
/* as requested, set our gid, supplemental gids, and uid */
if (svc->gid) {
if (setgid(svc->gid) != 0) {
ERROR("setgid failed: %s\n", strerror(errno));
_exit(127);
}
}
if (svc->nr_supp_gids) {
if (setgroups(svc->nr_supp_gids, svc->supp_gids) != 0) {
ERROR("setgroups failed: %s\n", strerror(errno));
_exit(127);
}
}
if (svc->uid) {
if (setuid(svc->uid) != 0) {
ERROR("setuid failed: %s\n", strerror(errno));
_exit(127);
}
}
if (!dynamic_args) {
if (execve(svc->args[0], (char**) svc->args, (char**) ENV) < 0) {
ERROR("cannot execve('%s'): %s\n", svc->args[0], strerror(errno));
}
} else {
char *arg_ptrs[INIT_PARSER_MAXARGS+1];
int arg_idx = svc->nargs;
char *tmp = strdup(dynamic_args);
char *next = tmp;
char *bword;
/* Copy the static arguments */
memcpy(arg_ptrs, svc->args, (svc->nargs * sizeof(char *)));
while((bword = strsep(&next, " "))) {
arg_ptrs[arg_idx++] = bword;
if (arg_idx == INIT_PARSER_MAXARGS)
break;
}
arg_ptrs[arg_idx] = '\0';
execve(svc->args[0], (char**) arg_ptrs, (char**) ENV);
}
_exit(127);
}
if (pid < 0) {
ERROR("failed to start '%s'\n", svc->name);
svc->pid = 0;
return;
}
svc->time_started = gettime();
svc->pid = pid;
svc->flags |= SVC_RUNNING;
if (properties_inited())
notify_service_state(svc->name, "running");
}
static ret_t
fork_and_execute_cgi_win32 (cherokee_handler_cgi_t *cgi)
{
int re;
PROCESS_INFORMATION pi;
STARTUPINFO si;
char *cmd;
cherokee_buffer_t cmd_line = CHEROKEE_BUF_INIT;
cherokee_buffer_t exec_dir = CHEROKEE_BUF_INIT;
cherokee_connection_t *conn = HANDLER_CONN(cgi);
SECURITY_ATTRIBUTES saSecAtr;
HANDLE hProc;
HANDLE hChildStdinRd = INVALID_HANDLE_VALUE;
HANDLE hChildStdinWr = INVALID_HANDLE_VALUE;
HANDLE hChildStdoutRd = INVALID_HANDLE_VALUE;
HANDLE hChildStdoutWr = INVALID_HANDLE_VALUE;
/* Create the environment for the process
*/
add_environment (cgi, conn);
cherokee_buffer_add (&cgi->envp, "\0", 1);
/* Command line
*/
cmd = HDL_CGI_BASE(cgi)->executable.buf;
cherokee_buffer_add (&cmd_line, cmd, strlen(cmd));
// cherokee_buffer_add_va (&cmd_line, " \"%s\"", HDL_CGI_BASE(cgi)->param.buf);
/* Execution directory
*/
if (! cherokee_buffer_is_empty (&conn->effective_directory)) {
cherokee_buffer_add_buffer (&exec_dir, &conn->effective_directory);
} else {
char *file = strrchr (cmd, '/');
char *end = HDL_CGI_BASE(cgi)->executable.buf + HDL_CGI_BASE(cgi)->executable.len;
cherokee_buffer_add (&exec_dir, cmd,
HDL_CGI_BASE(cgi)->executable.len - (end - file));
}
/* Set the bInheritHandle flag so pipe handles are inherited.
*/
memset(&saSecAtr, 0, sizeof(SECURITY_ATTRIBUTES));
saSecAtr.nLength = sizeof(SECURITY_ATTRIBUTES);
saSecAtr.lpSecurityDescriptor = NULL;
saSecAtr.bInheritHandle = TRUE;
/* Create the pipes
*/
hProc = GetCurrentProcess();
re = CreatePipe (&hChildStdoutRd, &hChildStdoutWr, &saSecAtr, 0);
if (!re) return ret_error;
re = CreatePipe (&hChildStdinRd, &hChildStdinWr, &saSecAtr, 0);
if (!re) return ret_error;
/* Make them inheritable
*/
re = DuplicateHandle (hProc, hChildStdoutRd,
hProc, &hChildStdoutRd,
0, TRUE,
DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS);
if (!re) return ret_error;
re = DuplicateHandle (hProc, hChildStdinWr,
hProc, &hChildStdinWr,
0, TRUE,
DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS);
if (!re) return ret_error;
/* Starting information
*/
ZeroMemory (&si, sizeof(STARTUPINFO));
si.cb = sizeof(STARTUPINFO);
si.hStdOutput = hChildStdoutWr;
si.hStdError = hChildStdoutWr;
si.hStdInput = hChildStdinRd;
si.dwFlags |= STARTF_USESTDHANDLES;
TRACE (ENTRIES, "exec %s dir %s\n", cmd_line.buf, exec_dir.buf);
/* Launch the child process
*/
re = CreateProcess (cmd, /* ApplicationName */
cmd_line.buf, /* Command line */
NULL, /* Process handle not inheritable */
NULL, /* Thread handle not inheritable */
TRUE, /* Handle inheritance */
0, /* Creation flags */
cgi->envp.buf, /* Use parent's environment block */
exec_dir.buf, /* Use parent's starting directory */
&si, /* Pointer to STARTUPINFO structure */
&pi); /* Pointer to PROCESS_INFORMATION structure */
CloseHandle (hChildStdinRd);
CloseHandle (hChildStdoutWr);
if (!re) {
LOG_ERROR (CHEROKEE_ERROR_HANDLER_CGI_CREATEPROCESS, GetLastError());
CloseHandle (pi.hProcess);
CloseHandle (pi.hThread);
conn->error_code = http_internal_error;
return ret_error;
}
cherokee_buffer_mrproper (&cmd_line);
cherokee_buffer_mrproper (&exec_dir);
cgi->thread = pi.hThread;
cgi->process = pi.hProcess;
/* Wait for the CGI process to be ready
*/
WaitForInputIdle (pi.hProcess, INFINITE);
/* Extract the file descriptors
*/
cgi->pipeInput = _open_osfhandle((LONG)hChildStdoutRd, O_BINARY|_O_RDONLY);
if (! conn->post.len <= 0) {
CloseHandle (hChildStdinWr);
} else {
cgi->pipeOutput = _open_osfhandle((LONG)hChildStdinWr, O_BINARY|_O_WRONLY);
}
TRACE (ENTRIES, "In fd %d, Out fd %d\n", cgi->pipeInput, cgi->pipeOutput);
return ret_ok;
}
static NORETURN void
manage_child_cgi_process (cherokee_handler_cgi_t *cgi, int pipe_cgi[2], int pipe_server[2])
{
/* Child process
*/
int re;
char *script;
cherokee_connection_t *conn = HANDLER_CONN(cgi);
cherokee_handler_cgi_base_t *cgi_base = HDL_CGI_BASE(cgi);
char *absolute_path = cgi_base->executable.buf;
char *argv[2] = { NULL, NULL };
#ifdef TRACE_ENABLED
TRACE(ENTRIES, "About to execute: '%s'\n", absolute_path);
if (! cherokee_buffer_is_empty (&conn->effective_directory))
TRACE(ENTRIES, "Effective directory: '%s'\n", conn->effective_directory.buf);
else
TRACE(ENTRIES, "No Effective directory %s", "\n");
#endif
/* Close useless sides
*/
cherokee_fd_close (pipe_cgi[0]);
cherokee_fd_close (pipe_server[1]);
/* Change stdin and out
*/
re = dup2 (pipe_server[0], STDIN_FILENO);
cherokee_fd_close (pipe_server[0]);
if (unlikely (re != 0)) {
printf ("Status: 500" CRLF_CRLF);
printf ("X-Debug: file=%s line=%d" CRLF_CRLF, __FILE__, __LINE__);
exit(1);
}
re |= dup2 (pipe_cgi[1], STDOUT_FILENO);
cherokee_fd_close (pipe_cgi[1]);
/* Redirect the stderr
*/
if ((CONN_VSRV(conn)->error_writer != NULL) &&
(CONN_VSRV(conn)->error_writer->fd != -1))
{
dup2 (CONN_VSRV(conn)->error_writer->fd, STDERR_FILENO);
}
# if 0
/* Set unbuffered
*/
setvbuf (stdin, NULL, _IONBF, 0);
setvbuf (stdout, NULL, _IONBF, 0);
# endif
/* Enable blocking mode
*/
_fd_set_properties (STDIN_FILENO, 0, O_NONBLOCK);
_fd_set_properties (STDOUT_FILENO, 0, O_NONBLOCK);
_fd_set_properties (STDERR_FILENO, 0, O_NONBLOCK);
/* Sets the new environ.
*/
add_environment (cgi, conn);
/* Change the directory
*/
if (! cherokee_buffer_is_empty (&conn->effective_directory)) {
re = chdir (conn->effective_directory.buf);
} else {
char *file = strrchr (absolute_path, '/');
*file = '\0';
re = chdir (absolute_path);
*file = '/';
}
if (re < 0) {
printf ("Status: 500" CRLF_CRLF);
printf ("X-Debug: file=%s line=%d" CRLF_CRLF, __FILE__, __LINE__);
exit(1);
}
/* Build de argv array
*/
script = absolute_path;
argv[0] = absolute_path;
/* Change the execution user?
*/
if (HANDLER_CGI_PROPS(cgi_base)->change_user) {
struct stat info;
re = stat (script, &info);
if (re >= 0) {
re = setuid (info.st_uid);
if (re != 0) {
LOG_ERROR (CHEROKEE_ERROR_HANDLER_CGI_SETID, script, info.st_uid);
}
}
}
/* Reset the server-wide signal handlers
*/
#ifdef SIGPIPE
signal (SIGPIPE, SIG_DFL);
#endif
#ifdef SIGHUP
signal (SIGHUP, SIG_DFL);
#endif
#ifdef SIGSEGV
signal (SIGSEGV, SIG_DFL);
#endif
#ifdef SIGBUS
signal (SIGBUS, SIG_DFL);
#endif
#ifdef SIGTERM
signal (SIGTERM, SIG_DFL);
#endif
/* Lets go.. execute it!
*/
re = execve (absolute_path, argv, cgi->envp);
if (re < 0) {
int err = errno;
char buferr[ERROR_MAX_BUFSIZE];
switch (err) {
case ENOENT:
printf ("Status: 404" CRLF_CRLF);
break;
default:
printf ("Status: 500" CRLF_CRLF);
printf ("X-Debug: file=%s line=%d cmd=%s: %s" CRLF_CRLF,
__FILE__, __LINE__, absolute_path, strerror(err));
}
/* Don't use the logging system (concurrency issues)
*/
LOG_ERROR (CHEROKEE_ERROR_HANDLER_CGI_EXECUTE,
absolute_path, cherokee_strerror_r(err, buferr, sizeof(buferr)));
exit(1);
}
/* There is no way, it could reach this point.
*/
SHOULDNT_HAPPEN;
exit(2);
}
static int do_export(const std::vector<std::string>& args) {
return add_environment(args[1].c_str(), args[2].c_str());
}
static ret_t
fork_and_execute_cgi_via_spawner(cherokee_handler_cgi_t *cgi)
{
int re;
int pid = -1;
cherokee_connection_t *conn = HANDLER_CONN(cgi);
cherokee_handler_cgi_base_t *cgi_base = HDL_CGI_BASE(cgi);
ret_t ret;
uid_t uid;
gid_t gid;
cherokee_buffer_t empty = CHEROKEE_BUF_INIT;
cherokee_buffer_t username = CHEROKEE_BUF_INIT;
cherokee_services_fdmap_t fd_map;
cherokee_buffer_t *chdir = NULL;
cherokee_buffer_t chdir_backing = CHEROKEE_BUF_INIT;
struct passwd ent;
char ent_tmp[1024];
struct {
int cgi[2];
int server[2];
} pipes;
TRACE (ENTRIES, "Trying to create CGI via spawner\n");
if (! cherokee_buffer_is_empty (&conn->effective_directory)) {
chdir = &conn->effective_directory;
} else {
int ofs = cgi_base->executable.len - 1;
while (ofs >= 0 && cgi_base->executable.buf[ofs] != '/') {
ofs--;
}
TRACE (ENTRIES, "While building chdir, ofs=%d\n", ofs);
if (ofs < 0 || cherokee_buffer_add (&chdir_backing,
cgi_base->executable.buf,
ofs + 1) != ret_ok) {
conn->error_code = http_internal_error;
TRACE (ENTRIES, "Failed, cannot build chdir entry\n");
cherokee_buffer_mrproper(&chdir_backing);
return ret_error;
}
chdir = &chdir_backing;
}
/* Creates the pipes ...
*/
re = cherokee_pipe (pipes.cgi);
re |= cherokee_pipe (pipes.server);
if (re != 0) {
conn->error_code = http_internal_error;
cherokee_buffer_mrproper(&chdir_backing);
TRACE (ENTRIES, "Failed, cannot build pipes\n");
return ret_error;
}
if (HANDLER_CGI_PROPS(cgi_base)->change_user) {
struct stat nocache_info;
struct stat *info;
cherokee_iocache_entry_t *io_entry = NULL;
cherokee_server_t *srv = CONN_SRV(conn);
cherokee_handler_cgi_base_props_t *props = HANDLER_CGI_BASE_PROPS(cgi);
ret = cherokee_io_stat (srv->iocache, &cgi_base->executable, props->use_cache, &nocache_info, &io_entry, &info);
if (ret != ret_ok) {
info = &nocache_info;
nocache_info.st_uid = getuid();
nocache_info.st_gid = getgid();
}
uid = info->st_uid;
gid = info->st_gid;
cherokee_iocache_entry_unref(&io_entry);
} else {
/* Not changing, so launch as the same uid/gid as the worker */
uid = getuid();
gid = getgid();
}
/* Determine the username of the owner of the file */
ret = cherokee_getpwuid(uid, &ent, ent_tmp, sizeof (ent_tmp));
if (ret != ret_ok ||
cherokee_buffer_add(&username,
ent.pw_name,
strlen(ent.pw_name) != ret_ok)) {
cherokee_fd_close(pipes.cgi[0]);
cherokee_fd_close(pipes.cgi[1]);
cherokee_fd_close(pipes.server[0]);
cherokee_fd_close(pipes.server[1]);
conn->error_code = http_internal_error;
cherokee_buffer_mrproper(&chdir_backing);
cherokee_buffer_mrproper(&username);
TRACE (ENTRIES, "Failed, Unable to retrieve username for uid %d\n", uid);
return ret_error;
}
/* Update the environment ready to run */
add_environment (cgi, conn);
/* Set up the FD map */
fd_map.fd_in = pipes.server[0];
fd_map.fd_out = pipes.cgi[1];
if ((CONN_VSRV(conn)->error_writer != NULL) &&
(CONN_VSRV(conn)->error_writer->fd != -1)) {
fd_map.fd_err = CONN_VSRV(conn)->error_writer->fd;
} else {
fd_map.fd_err = fd_map.fd_out;
}
TRACE (ENTRIES, "Doing Spawn\n");
ret = cherokee_services_client_spawn (&cgi_base->executable,
&username,
uid,
gid,
&empty,
chdir,
false,
cgi->envp,
CONN_VSRV(conn)->error_writer,
&pid,
&fd_map);
cherokee_buffer_mrproper(&chdir_backing);
cherokee_buffer_mrproper(&username);
/* Close the client FDs */
cherokee_fd_close (pipes.server[0]);
cherokee_fd_close (pipes.cgi[1]);
/* Did we fail to try to spawn? */
if (ret != ret_ok) {
/* Close the server FDs too */
cherokee_fd_close (pipes.server[1]);
cherokee_fd_close (pipes.cgi[0]);
TRACE (ENTRIES, "Failed to spawn\n");
return ret;
}
/* Did we try, but fail, to spawn? */
if (pid == -1) {
/* Close the server FDs too */
cherokee_fd_close (pipes.server[1]);
cherokee_fd_close (pipes.cgi[0]);
TRACE (ENTRIES, "Spawned, but failed server side\n");
return ret_error;
}
/* Successfully launched */
cgi->pid = pid;
cgi->pipeInput = pipes.cgi[0];
cgi->pipeOutput = pipes.server[1];
/* Set to Input to NON-BLOCKING
*/
_fd_set_properties (cgi->pipeInput, O_NDELAY|O_NONBLOCK, 0);
TRACE (ENTRIES, "CGI running, PID=%d\n", pid);
return ret_ok;
}
static NORETURN void
manage_child_cgi_process (cherokee_handler_cgi_t *cgi, int pipe_cgi[2], int pipe_server[2])
{
/* Child process
*/
int re;
cherokee_connection_t *conn = HANDLER_CONN(cgi);
cherokee_handler_cgi_base_t *cgi_base = HDL_CGI_BASE(cgi);
char *absolute_path = cgi_base->executable.buf;
char *argv[2] = { NULL, NULL };
#ifdef TRACE_ENABLED
TRACE(ENTRIES, "About to execute: '%s'\n", absolute_path);
if (! cherokee_buffer_is_empty (&conn->effective_directory))
TRACE(ENTRIES, "Effective directory: '%s'\n", conn->effective_directory.buf);
else
TRACE(ENTRIES, "No Effective directory %s", "\n");
#endif
/* Close useless sides
*/
cherokee_fd_close (pipe_cgi[0]);
cherokee_fd_close (pipe_server[1]);
/* Change stdin and out
*/
cherokee_fd_close (STDIN_FILENO);
re = dup2 (pipe_server[0], STDIN_FILENO);
cherokee_fd_close (pipe_server[0]);
if (unlikely (re != 0)) {
printf ("Status: 500" CRLF_CRLF);
printf ("X-Debug: file=%s line=%d" CRLF_CRLF, __FILE__, __LINE__);
exit(1);
}
cherokee_fd_close (STDOUT_FILENO);
re |= dup2 (pipe_cgi[1], STDOUT_FILENO);
cherokee_fd_close (pipe_cgi[1]);
/* Redirect the stderr
*/
if ((CONN_VSRV(conn)->error_writer != NULL) &&
(CONN_VSRV(conn)->error_writer->fd != -1))
{
cherokee_fd_close (STDERR_FILENO);
dup2 (CONN_VSRV(conn)->error_writer->fd, STDERR_FILENO);
}
# if 0
/* Set unbuffered
*/
setvbuf (stdin, NULL, _IONBF, 0);
setvbuf (stdout, NULL, _IONBF, 0);
# endif
/* Enable blocking mode
*/
_fd_set_properties (STDIN_FILENO, 0, O_NONBLOCK);
_fd_set_properties (STDOUT_FILENO, 0, O_NONBLOCK);
_fd_set_properties (STDERR_FILENO, 0, O_NONBLOCK);
/* Sets the new environ.
*/
add_environment (cgi, conn);
/* Change the directory
*/
if (! cherokee_buffer_is_empty (&conn->effective_directory)) {
re = chdir (conn->effective_directory.buf);
} else {
char *file = strrchr (absolute_path, '/');
if (file != NULL) {
*file = '\0';
re = chdir (absolute_path);
*file = '/';
} else {
re = -1;
}
}
if (re < 0) {
printf ("Status: 500" CRLF_CRLF);
printf ("X-Debug: file=%s line=%d" CRLF_CRLF, __FILE__, __LINE__);
exit(1);
}
/* Build de argv array
*/
argv[0] = absolute_path;
/* Change the execution user?
*/
if (HANDLER_CGI_PROPS(cgi_base)->change_user) {
struct stat nocache_info;
struct stat *info;
cherokee_iocache_entry_t *io_entry = NULL;
cherokee_server_t *srv = CONN_SRV(conn);
cherokee_handler_cgi_base_props_t *props = HANDLER_CGI_BASE_PROPS(cgi);
ret_t ret = cherokee_io_stat (srv->iocache, &cgi_base->executable, props->use_cache, &nocache_info, &io_entry, &info);
if (ret != ret_ok) {
info = &nocache_info;
}
re = setuid (info->st_uid);
if (re != 0) {
LOG_ERROR (CHEROKEE_ERROR_HANDLER_CGI_SETID, absolute_path, info->st_uid);
}
cherokee_iocache_entry_unref(&io_entry);
}
/* Reset the server-wide signal handlers
*/
cherokee_reset_signals();
/* Lets go.. execute it!
*/
do {
re = execve (absolute_path, argv, cgi->envp);
} while ((re == -1) && (errno == EINTR));
if (re < 0) {
int err = errno;
char buferr[ERROR_MAX_BUFSIZE];
switch (err) {
case ENODEV:
case ENOTDIR:
case ENOENT:
printf ("Status: 404" CRLF_CRLF);
exit(0);
case EPERM:
case EACCES:
case ENOEXEC:
printf ("Status: 403" CRLF_CRLF);
exit(0);
default:
printf ("Status: 500" CRLF_CRLF);
printf ("X-Debug: file=%s line=%d cmd=%s errno=%d: %s" CRLF_CRLF,
__FILE__, __LINE__, absolute_path, err, strerror(err));
}
/* Don't use the logging system (concurrency issues)
*/
LOG_ERROR (CHEROKEE_ERROR_HANDLER_CGI_EXECUTE,
absolute_path, cherokee_strerror_r(err, buferr, sizeof(buferr)));
exit(1);
}
/* There is no way, it could reach this point.
*/
SHOULDNT_HAPPEN;
exit(2);
}
