static int start_child_process(apr_pool_t *p, server_rec *server, struct global_config_data *d) {
apr_proc_t* proc;
apr_status_t status;
/* ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, server, "Spawning child pid=%lu", (unsigned long) getpid()); */
proc = apr_palloc(p, sizeof(apr_proc_t));
ap_assert(proc);
switch (status = apr_proc_fork(proc, p)) {
case APR_INCHILD:
child_process(p, server, d);
exit(1);
/* never reached */
break;
case APR_INPARENT:
apr_pool_note_subprocess(p, proc, APR_KILL_ONLY_ONCE);
/* ap_log_error(APLOG_MARK, APLOG_NOTICE, status, server, "Child process %lu", (unsigned long) proc->pid); */
break;
default:
ap_log_error(APLOG_MARK, APLOG_ERR, status, server, "apr_proc_fork() failed");
return HTTP_INTERNAL_SERVER_ERROR;
}
return OK;
}
/* Create a child process running PROGNAME with a pipe connected to
* the childs stdin. The write-end of the pipe will be placed in
* *FPIN on successful return. If dummy_stderr is non-zero, the
* stderr for the child will be the same as the stdout of the parent.
* Otherwise the child will inherit the stderr from the parent. */
static int log_child(apr_pool_t *p, const char *progname,
apr_file_t **fpin, int dummy_stderr)
{
/* Child process code for 'ErrorLog "|..."';
* may want a common framework for this, since I expect it will
* be common for other foo-loggers to want this sort of thing...
*/
apr_status_t rc;
apr_procattr_t *procattr;
apr_proc_t *procnew;
apr_file_t *errfile;
if (((rc = apr_procattr_create(&procattr, p)) == APR_SUCCESS)
&& ((rc = apr_procattr_cmdtype_set(procattr,
APR_SHELLCMD_ENV)) == APR_SUCCESS)
&& ((rc = apr_procattr_io_set(procattr,
APR_FULL_BLOCK,
APR_NO_PIPE,
APR_NO_PIPE)) == APR_SUCCESS)
&& ((rc = apr_procattr_error_check_set(procattr, 1)) == APR_SUCCESS)
&& ((rc = apr_procattr_child_errfn_set(procattr, log_child_errfn)) == APR_SUCCESS)
&& (!dummy_stderr
|| ((rc = apr_file_open_stdout(&errfile, p)) == APR_SUCCESS
&& (rc = apr_procattr_child_err_set(procattr,
errfile,
errfile)) == APR_SUCCESS))) {
char **args;
const char *pname;
apr_tokenize_to_argv(progname, &args, p);
pname = apr_pstrdup(p, args[0]);
procnew = (apr_proc_t *)apr_pcalloc(p, sizeof(*procnew));
rc = apr_proc_create(procnew, pname, (const char * const *)args,
NULL, procattr, p);
if (rc == APR_SUCCESS) {
apr_pool_note_subprocess(p, procnew, APR_KILL_AFTER_TIMEOUT);
(*fpin) = procnew->in;
/* read handle to pipe not kept open, so no need to call
* close_handle_in_child()
*/
}
/* apr_procattr_child_err_set dups errfile twice: close the
* remaining "parent-side" copy (apr_proc_create closes the
* other). */
if (dummy_stderr) {
apr_file_close(procnew->err);
}
}
return rc;
}
static apr_status_t run_cgi_child(apr_file_t **script_out,
apr_file_t **script_in,
apr_file_t **script_err,
const char *command,
const char * const argv[],
request_rec *r,
apr_pool_t *p,
cgi_exec_info_t *e_info)
{
const char * const *env;
apr_procattr_t *procattr;
apr_proc_t *procnew;
apr_status_t rc = APR_SUCCESS;
#if defined(RLIMIT_CPU) || defined(RLIMIT_NPROC) || \
defined(RLIMIT_DATA) || defined(RLIMIT_VMEM) || defined (RLIMIT_AS)
core_dir_config *conf = ap_get_module_config(r->per_dir_config,
&core_module);
#endif
#ifdef DEBUG_CGI
#ifdef OS2
/* Under OS/2 need to use device con. */
FILE *dbg = fopen("con", "w");
#else
FILE *dbg = fopen("/dev/tty", "w");
#endif
int i;
#endif
RAISE_SIGSTOP(CGI_CHILD);
#ifdef DEBUG_CGI
fprintf(dbg, "Attempting to exec %s as CGI child (argv0 = %s)\n",
r->filename, argv[0]);
#endif
env = (const char * const *)ap_create_environment(p, r->subprocess_env);
#ifdef DEBUG_CGI
fprintf(dbg, "Environment: \n");
for (i = 0; env[i]; ++i)
fprintf(dbg, "'%s'\n", env[i]);
#endif
/* Transmute ourselves into the script.
* NB only ISINDEX scripts get decoded arguments.
*/
if (((rc = apr_procattr_create(&procattr, p)) != APR_SUCCESS) ||
((rc = apr_procattr_io_set(procattr,
e_info->in_pipe,
e_info->out_pipe,
e_info->err_pipe)) != APR_SUCCESS) ||
((rc = apr_procattr_dir_set(procattr,
ap_make_dirstr_parent(r->pool,
r->filename))) != APR_SUCCESS) ||
#ifdef RLIMIT_CPU
((rc = apr_procattr_limit_set(procattr, APR_LIMIT_CPU,
conf->limit_cpu)) != APR_SUCCESS) ||
#endif
#if defined(RLIMIT_DATA) || defined(RLIMIT_VMEM) || defined(RLIMIT_AS)
((rc = apr_procattr_limit_set(procattr, APR_LIMIT_MEM,
conf->limit_mem)) != APR_SUCCESS) ||
#endif
#ifdef RLIMIT_NPROC
((rc = apr_procattr_limit_set(procattr, APR_LIMIT_NPROC,
conf->limit_nproc)) != APR_SUCCESS) ||
#endif
((rc = apr_procattr_cmdtype_set(procattr,
e_info->cmd_type)) != APR_SUCCESS) ||
((rc = apr_procattr_detach_set(procattr,
e_info->detached)) != APR_SUCCESS) ||
((rc = apr_procattr_addrspace_set(procattr,
e_info->addrspace)) != APR_SUCCESS) ||
((rc = apr_procattr_child_errfn_set(procattr, cgi_child_errfn)) != APR_SUCCESS)) {
/* Something bad happened, tell the world. */
ap_log_rerror(APLOG_MARK, APLOG_ERR, rc, r,
"couldn't set child process attributes: %s", r->filename);
}
else {
procnew = apr_pcalloc(p, sizeof(*procnew));
rc = ap_os_create_privileged_process(r, procnew, command, argv, env,
procattr, p);
if (rc != APR_SUCCESS) {
/* Bad things happened. Everyone should have cleaned up. */
ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_TOCLIENT, rc, r,
"couldn't create child process: %d: %s", rc,
apr_filepath_name_get(r->filename));
}
else {
apr_pool_note_subprocess(p, procnew, APR_KILL_AFTER_TIMEOUT);
*script_in = procnew->out;
if (!*script_in)
return APR_EBADF;
apr_file_pipe_timeout_set(*script_in, r->server->timeout);
if (e_info->prog_type == RUN_AS_CGI) {
*script_out = procnew->in;
if (!*script_out)
return APR_EBADF;
apr_file_pipe_timeout_set(*script_out, r->server->timeout);
*script_err = procnew->err;
if (!*script_err)
return APR_EBADF;
apr_file_pipe_timeout_set(*script_err, r->server->timeout);
}
}
}
#ifdef DEBUG_CGI
fclose(dbg);
#endif
return (rc);
}
/* init_ext_filter_process: get the external filter process going
* This is per-filter-instance (i.e., per-request) initialization.
*/
static apr_status_t init_ext_filter_process(ap_filter_t *f)
{
ef_ctx_t *ctx = f->ctx;
apr_status_t rc;
ef_dir_t *dc = ctx->dc;
const char * const *env;
ctx->proc = apr_pcalloc(ctx->p, sizeof(*ctx->proc));
rc = apr_procattr_create(&ctx->procattr, ctx->p);
ap_assert(rc == APR_SUCCESS);
rc = apr_procattr_io_set(ctx->procattr,
APR_CHILD_BLOCK,
APR_CHILD_BLOCK,
APR_CHILD_BLOCK);
ap_assert(rc == APR_SUCCESS);
rc = set_resource_limits(f->r, ctx->procattr);
ap_assert(rc == APR_SUCCESS);
if (dc->log_stderr > 0) {
rc = apr_procattr_child_err_set(ctx->procattr,
f->r->server->error_log, /* stderr in child */
NULL);
ap_assert(rc == APR_SUCCESS);
}
rc = apr_procattr_child_errfn_set(ctx->procattr, child_errfn);
ap_assert(rc == APR_SUCCESS);
apr_pool_userdata_set(f->r, ERRFN_USERDATA_KEY, apr_pool_cleanup_null, ctx->p);
rc = apr_procattr_error_check_set(ctx->procattr, 1);
if (rc != APR_SUCCESS) {
return rc;
}
/* add standard CGI variables as well as DOCUMENT_URI, DOCUMENT_PATH_INFO,
* and QUERY_STRING_UNESCAPED
*/
ap_add_cgi_vars(f->r);
ap_add_common_vars(f->r);
apr_table_setn(f->r->subprocess_env, "DOCUMENT_URI", f->r->uri);
apr_table_setn(f->r->subprocess_env, "DOCUMENT_PATH_INFO", f->r->path_info);
if (f->r->args) {
/* QUERY_STRING is added by ap_add_cgi_vars */
char *arg_copy = apr_pstrdup(f->r->pool, f->r->args);
ap_unescape_url(arg_copy);
apr_table_setn(f->r->subprocess_env, "QUERY_STRING_UNESCAPED",
ap_escape_shell_cmd(f->r->pool, arg_copy));
}
env = (const char * const *) ap_create_environment(ctx->p,
f->r->subprocess_env);
rc = apr_proc_create(ctx->proc,
ctx->filter->command,
(const char * const *)ctx->filter->args,
env, /* environment */
ctx->procattr,
ctx->p);
if (rc != APR_SUCCESS) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, rc, f->r,
"couldn't create child process to run `%s'",
ctx->filter->command);
return rc;
}
apr_pool_note_subprocess(ctx->p, ctx->proc, APR_KILL_AFTER_TIMEOUT);
/* We don't want the handle to the child's stdin inherited by any
* other processes created by httpd. Otherwise, when we close our
* handle, the child won't see EOF because another handle will still
* be open.
*/
apr_pool_cleanup_register(ctx->p, ctx->proc->in,
apr_pool_cleanup_null, /* other mechanism */
ef_close_file);
#if APR_FILES_AS_SOCKETS
{
apr_pollfd_t pfd = { 0 };
rc = apr_pollset_create(&ctx->pollset, 2, ctx->p, 0);
ap_assert(rc == APR_SUCCESS);
pfd.p = ctx->p;
pfd.desc_type = APR_POLL_FILE;
pfd.reqevents = APR_POLLOUT;
pfd.desc.f = ctx->proc->in;
rc = apr_pollset_add(ctx->pollset, &pfd);
ap_assert(rc == APR_SUCCESS);
pfd.reqevents = APR_POLLIN;
pfd.desc.f = ctx->proc->out;
rc = apr_pollset_add(ctx->pollset, &pfd);
ap_assert(rc == APR_SUCCESS);
}
#endif
return APR_SUCCESS;
}
/**
* Execute system command. First line of the output will be returned in
* the "output" parameter.
*/
int apache2_exec(modsec_rec *msr, const char *command, const char **argv, char **output) {
apr_procattr_t *procattr = NULL;
apr_proc_t *procnew = NULL;
apr_status_t rc = APR_SUCCESS;
const char *const *env = NULL;
apr_file_t *script_out = NULL;
request_rec *r = msr->r;
if (argv == NULL) {
argv = apr_pcalloc(r->pool, 3 * sizeof(char *));
argv[0] = command;
argv[1] = NULL;
}
ap_add_cgi_vars(r);
ap_add_common_vars(r);
/* PHP hack, getting around its silly security checks. */
apr_table_add(r->subprocess_env, "PATH_TRANSLATED", command);
apr_table_add(r->subprocess_env, "REDIRECT_STATUS", "302");
env = (const char * const *)ap_create_environment(r->pool, r->subprocess_env);
if (env == NULL) {
msr_log(msr, 1, "Exec: Unable to create environment.");
return -1;
}
procnew = apr_pcalloc(r->pool, sizeof(*procnew));
if (procnew == NULL) {
msr_log(msr, 1, "Exec: Unable to allocate %lu bytes.", (unsigned long)sizeof(*procnew));
return -1;
}
apr_procattr_create(&procattr, r->pool);
if (procattr == NULL) {
msr_log(msr, 1, "Exec: Unable to create procattr.");
return -1;
}
apr_procattr_io_set(procattr, APR_NO_PIPE, APR_FULL_BLOCK, APR_NO_PIPE);
apr_procattr_cmdtype_set(procattr, APR_SHELLCMD);
if (msr->txcfg->debuglog_level >= 9) {
msr_log(msr, 9, "Exec: %s", log_escape_nq(r->pool, command));
}
rc = apr_proc_create(procnew, command, argv, env, procattr, r->pool);
if (rc != APR_SUCCESS) {
msr_log(msr, 1, "Exec: Execution failed: %s (%s)", log_escape_nq(r->pool, command),
get_apr_error(r->pool, rc));
return -1;
}
apr_pool_note_subprocess(r->pool, procnew, APR_KILL_AFTER_TIMEOUT);
script_out = procnew->out;
if (!script_out) {
msr_log(msr, 1, "Exec: Failed to get script output pipe.");
return -1;
}
apr_file_pipe_timeout_set(script_out, r->server->timeout);
/* Now read from the pipe. */
{
char buf[260] = "";
char *p = buf;
apr_size_t nbytes = 255;
apr_status_t rc2;
rc2 = apr_file_read(script_out, buf, &nbytes);
if (rc2 == APR_SUCCESS) {
buf[nbytes] = 0;
/* if there is more than one line ignore them */
while(*p != 0) {
if (*p == 0x0a) *p = 0;
p++;
}
if (msr->txcfg->debuglog_level >= 4) {
msr_log(msr, 4, "Exec: First line from script output: \"%s\"",
log_escape(r->pool, buf));
}
if (output != NULL) *output = apr_pstrdup(r->pool, buf);
/* Soak up the remaining data. */
nbytes = 255;
while(apr_file_read(script_out, buf, &nbytes) == APR_SUCCESS) nbytes = 255;
} else {
msr_log(msr, 1, "Exec: Execution failed while reading output: %s (%s)",
log_escape_nq(r->pool, command),
get_apr_error(r->pool, rc2));
return -1;
}
}
apr_proc_wait(procnew, NULL, NULL, APR_WAIT);
return 1;
}
static apr_status_t
create_process_manager(server_rec * main_server, apr_pool_t * configpool)
{
apr_status_t rv;
g_process_manager =
(apr_proc_t *) apr_pcalloc(configpool, sizeof(*g_process_manager));
rv = apr_proc_fork(g_process_manager, configpool);
if (rv == APR_INCHILD) {
/* I am the child */
g_pm_pid = getpid();
ap_log_error(APLOG_MARK, APLOG_INFO, 0, main_server,
"mod_fcgid: Process manager %" APR_PID_T_FMT " started", getpid());
if ((rv = init_signal(main_server)) != APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_EMERG, rv, main_server,
"mod_fcgid: can't install signal handler, exiting now");
exit(DAEMON_STARTUP_ERROR);
}
/* If running as root, switch to configured user.
*
* When running children via suexec, only the effective uid is
* switched, so that the PM can return to euid 0 to kill child
* processes.
*
* When running children as the configured user, the real uid
* is switched.
*/
if (ap_unixd_config.suexec_enabled) {
if (getuid() != 0) {
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, main_server,
"mod_fcgid: current user is not root while suexec is enabled, exiting now");
exit(DAEMON_STARTUP_ERROR);
}
suexec_setup_child();
} else
ap_unixd_setup_child();
apr_file_pipe_timeout_set(g_pm_read_pipe,
apr_time_from_sec(g_wakeup_timeout));
apr_file_close(g_ap_write_pipe);
apr_file_close(g_ap_read_pipe);
/* Initialize spawn controler */
spawn_control_init(main_server, configpool);
pm_main(main_server, configpool);
ap_log_error(APLOG_MARK, APLOG_INFO, 0, main_server,
"mod_fcgid: Process manager %" APR_PID_T_FMT " stopped", getpid());
exit(0);
} else if (rv != APR_INPARENT) {
ap_log_error(APLOG_MARK, APLOG_EMERG, rv, main_server,
"mod_fcgid: Create process manager error");
exit(1);
}
/* I am the parent
I will send the stop signal in procmgr_stop_procmgr() */
apr_pool_note_subprocess(configpool, g_process_manager,
APR_KILL_ONLY_ONCE);
apr_proc_other_child_register(g_process_manager, fcgid_maint,
g_process_manager, NULL, configpool);
return APR_SUCCESS;
}
static svn_error_t *
open_tunnel(svn_stream_t **request, svn_stream_t **response,
svn_ra_close_tunnel_func_t *close_func, void **close_baton,
void *tunnel_baton,
const char *tunnel_name, const char *user,
const char *hostname, int port,
svn_cancel_func_t cancel_func, void *cancel_baton,
apr_pool_t *pool)
{
svn_node_kind_t kind;
apr_proc_t *proc;
apr_procattr_t *attr;
apr_status_t status;
const char *args[] = { "svnserve", "-t", "-r", ".", NULL };
const char *svnserve;
tunnel_baton_t *b = tunnel_baton;
close_baton_t *cb;
SVN_TEST_ASSERT(b->magic == TUNNEL_MAGIC);
SVN_ERR(svn_dirent_get_absolute(&svnserve, "../../svnserve/svnserve", pool));
#ifdef WIN32
svnserve = apr_pstrcat(pool, svnserve, ".exe", SVN_VA_NULL);
#endif
SVN_ERR(svn_io_check_path(svnserve, &kind, pool));
if (kind != svn_node_file)
return svn_error_createf(SVN_ERR_TEST_FAILED, NULL,
"Could not find svnserve at %s",
svn_dirent_local_style(svnserve, pool));
status = apr_procattr_create(&attr, pool);
if (status == APR_SUCCESS)
status = apr_procattr_io_set(attr, 1, 1, 0);
if (status == APR_SUCCESS)
status = apr_procattr_cmdtype_set(attr, APR_PROGRAM);
proc = apr_palloc(pool, sizeof(*proc));
if (status == APR_SUCCESS)
status = apr_proc_create(proc,
svn_dirent_local_style(svnserve, pool),
args, NULL, attr, pool);
if (status != APR_SUCCESS)
return svn_error_wrap_apr(status, "Could not run svnserve");
apr_pool_note_subprocess(pool, proc, APR_KILL_NEVER);
/* APR pipe objects inherit by default. But we don't want the
* tunnel agent's pipes held open by future child processes
* (such as other ra_svn sessions), so turn that off. */
apr_file_inherit_unset(proc->in);
apr_file_inherit_unset(proc->out);
cb = apr_pcalloc(pool, sizeof(*cb));
cb->magic = CLOSE_MAGIC;
cb->tb = b;
cb->proc = proc;
*request = svn_stream_from_aprfile2(proc->in, FALSE, pool);
*response = svn_stream_from_aprfile2(proc->out, FALSE, pool);
*close_func = close_tunnel;
*close_baton = cb;
++b->open_count;
return SVN_NO_ERROR;
}
/* Run an external authentication program using the given method for passing
* in the data. The login name is always passed in. Dataname is "GROUP" or
* "PASS" and data is the group list or password being checked. To launch
* a detached daemon, run this with extmethod=NULL.
*
* If the authenticator was run, we return the numeric code from the
* authenticator, normally 0 if the login was valid, some small positive
* number if not. If we were not able to run the authenticator, we log
* an error message and return a numeric error code:
*
* -1 Could not execute authenticator, usually a path or permission problem
* -2 The external authenticator crashed or was killed.
* -3 Could not create process attribute structure
* -4 apr_proc_wait() did not return a status code. Should never happen.
* -5 apr_proc_wait() returned before child finished. Should never happen.
*/
static int exec_external(const char *extpath, const char *extmethod,
const request_rec *r, const char *dataname, const char *data)
{
conn_rec *c= r->connection;
apr_pool_t *p= r->pool;
int isdaemon, usecheck= 0, usepipeout= 0, usepipein= 0;
apr_procattr_t *procattr;
apr_proc_t proc;
apr_status_t rc= APR_SUCCESS;
char *child_env[12];
char *child_arg[MAX_ARG+2];
const char *t;
int i, status= -4;
apr_exit_why_e why= APR_PROC_EXIT;
apr_sigfunc_t *sigchld;
/* Set various flags based on the execution method */
isdaemon= (extmethod == NULL);
if (!isdaemon)
{
usecheck= extmethod && !strcasecmp(extmethod, "checkpassword");
usepipeout= usecheck || (extmethod && !strcasecmp(extmethod, "pipes"));
usepipein= usepipeout || (extmethod && !strcasecmp(extmethod, "pipe"));
}
/* Create the environment for the child. Daemons don't get these, they
* just inherit apache's environment variables.
*/
if (!isdaemon)
{
const char *cookie, *host, *remote_host;
authnz_external_dir_config_rec *dir= (authnz_external_dir_config_rec *)
ap_get_module_config(r->per_dir_config, &authnz_external_module);
i= 0;
if (!usepipein)
{
/* Put user name and password/group into environment */
child_env[i++]= apr_pstrcat(p, ENV_USER"=", r->user, NULL);
child_env[i++]= apr_pstrcat(p, dataname, "=", data, NULL);
}
child_env[i++]= apr_pstrcat(p, "PATH=", getenv("PATH"), NULL);
child_env[i++]= apr_pstrcat(p, "AUTHTYPE=", dataname, NULL);
remote_host= ap_get_remote_host(c, r->per_dir_config, REMOTE_HOST,NULL);
if (remote_host != NULL)
child_env[i++]= apr_pstrcat(p, ENV_HOST"=", remote_host,NULL);
if (r->useragent_ip)
child_env[i++]= apr_pstrcat(p, ENV_IP"=", r->useragent_ip, NULL);
if (r->uri)
child_env[i++]= apr_pstrcat(p, ENV_URI"=", r->uri, NULL);
if ((host= apr_table_get(r->headers_in, "Host")) != NULL)
child_env[i++]= apr_pstrcat(p, ENV_HTTP_HOST"=", host, NULL);
if (dir->context)
child_env[i++]= apr_pstrcat(r->pool, ENV_CONTEXT"=",
dir->context, NULL);
#ifdef ENV_COOKIE
if ((cookie= apr_table_get(r->headers_in, "Cookie")) != NULL)
child_env[i++]= apr_pstrcat(p, ENV_COOKIE"=", cookie, NULL);
#endif
/* NOTE: If you add environment variables,
* remember to increase the size of the child_env[] array */
/* End of environment */
child_env[i]= NULL;
}
/* Construct argument array */
for (t= extpath, i=0; *t != '\0' && (i <= MAX_ARG + 1);
child_arg[i++]= ap_getword_white(p, &t)) {}
child_arg[i]= NULL;
/* Create the process attribute structure describing the script we
* want to run using the Thread/Process functions from the Apache
* portable runtime library. */
if (((rc= apr_procattr_create(&procattr, p)) != APR_SUCCESS) ||
/* should we create pipes to stdin, stdout and stderr? */
((rc= apr_procattr_io_set(procattr,
(usepipein && !usecheck) ? APR_FULL_BLOCK : APR_NO_PIPE,
usepipeout ? APR_FULL_BLOCK : APR_NO_PIPE,
(usepipein && usecheck) ? APR_FULL_BLOCK : APR_NO_PIPE))
!= APR_SUCCESS ) ||
/* will give full path of program and make a new environment */
((rc= apr_procattr_cmdtype_set(procattr,
isdaemon ? APR_PROGRAM_ENV : APR_PROGRAM)) != APR_SUCCESS) ||
/* detach the child only if it is a daemon */
((rc= apr_procattr_detach_set(procattr, isdaemon)) != APR_SUCCESS) ||
/* function to call if child has error after fork, before exec */
((rc= apr_procattr_child_errfn_set(procattr, extchilderr)
!= APR_SUCCESS)))
{
/* Failed. Probably never happens. */
ap_log_rerror(APLOG_MARK, APLOG_ERR, rc, r,
"could not set child process attributes");
return -3;
}
/* Sometimes other modules wil mess up sigchild. Need to fix it for
* the wait call to work correctly. */
sigchld= apr_signal(SIGCHLD,SIG_DFL);
/* Start the child process */
rc= apr_proc_create(&proc, child_arg[0],
(const char * const *)child_arg,
(const char * const *)child_env, procattr, p);
if (rc != APR_SUCCESS)
{
ap_log_rerror(APLOG_MARK, APLOG_ERR, rc, r,
"Could not run external authenticator: %d: %s", rc,
child_arg[0]);
return -1;
}
if (isdaemon) return 0;
apr_pool_note_subprocess(p, &proc, APR_KILL_AFTER_TIMEOUT);
if (usepipein)
{
/* Select appropriate pipe to write to */
apr_file_t *pipe= (usecheck ? proc.err : proc.in);
/* Send the user */
apr_file_write_full(pipe, r->user, strlen(r->user), NULL);
apr_file_putc(usecheck ? '\0' : '\n', pipe);
/* Send the password */
apr_file_write_full(pipe, data, strlen(data), NULL);
apr_file_putc(usecheck ? '\0' : '\n', pipe);
/* Send the uri/path */
apr_file_write_full(pipe, r->uri, strlen(r->uri), NULL);
apr_file_putc(usecheck ? '\0' : '\n', pipe);
/* Send dummy timestamp for checkpassword */
if (usecheck) apr_file_write_full(pipe, "0", 2, NULL);
/* Close the file */
apr_file_close(pipe);
}
/* Wait for the child process to terminate, and get status */
rc= apr_proc_wait(&proc,&status,&why,APR_WAIT);
/* Restore sigchild to whatever it was before we reset it */
apr_signal(SIGCHLD,sigchld);
if (!APR_STATUS_IS_CHILD_DONE(rc))
{
ap_log_rerror(APLOG_MARK, APLOG_ERR, rc, r,
"Could not get status from child process");
return -5;
}
if (!APR_PROC_CHECK_EXIT(why))
{
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"External authenticator died on signal %d",status);
return -2;
}
return status;
}
