void uwsgi_emperor_blacklist_add(char *id) {
// check if the item is already in the blacklist
struct uwsgi_emperor_blacklist_item *uebi = uwsgi_emperor_blacklist_check(id);
if (uebi) {
gettimeofday(&uebi->last_attempt, NULL);
if (uebi->throttle_level < (uwsgi.emperor_max_throttle * 1000)) {
uebi->throttle_level += (uwsgi.emperor_throttle * 1000);
}
else {
uwsgi_log("[emperor] maximum throttle level for vassal %s reached !!!\n", id);
uebi->throttle_level = uebi->throttle_level / 2;
}
uebi->attempt++;
if (uebi->attempt == 2) {
uwsgi_log("[emperor] unloyal bad behaving vassal found: %s throttling it...\n", id);
}
return;
}
uebi = emperor_blacklist;
if (!uebi) {
uebi = uwsgi_calloc(sizeof(struct uwsgi_emperor_blacklist_item));
uebi->prev = NULL;
emperor_blacklist = uebi;
}
else {
while (uebi) {
if (!uebi->next) {
uebi->next = uwsgi_calloc(sizeof(struct uwsgi_emperor_blacklist_item));
uebi->next->prev = uebi;
uebi = uebi->next;
break;
}
uebi = uebi->next;
}
}
strcpy(uebi->id, id);
gettimeofday(&uebi->first_attempt, NULL);
memcpy(&uebi->last_attempt, &uebi->first_attempt, sizeof(struct timeval));
uebi->throttle_level = uwsgi.emperor_throttle;
uebi->next = NULL;
}
void uwsgi_emperor_blacklist_remove(char *id) {
struct uwsgi_emperor_blacklist_item *uebi = uwsgi_emperor_blacklist_check(id);
if (!uebi)
return;
// ok let's remove the item
//is it the first item ?
if (uebi == emperor_blacklist) {
emperor_blacklist = uebi->next;
}
struct uwsgi_emperor_blacklist_item *next = uebi->next;
struct uwsgi_emperor_blacklist_item *prev = uebi->prev;
if (next)
next->prev = prev;
if (prev)
prev->next = next;
free(uebi);
}
void emperor_add(struct uwsgi_emperor_scanner *ues, char *name, time_t born, char *config, uint32_t config_size, uid_t uid, gid_t gid) {
struct uwsgi_instance *c_ui = ui;
struct uwsgi_instance *n_ui = NULL;
pid_t pid;
char **vassal_argv;
char *uef;
char **uenvs;
int counter;
char *colon = NULL;
int i;
struct timeval tv;
#ifdef UWSGI_DEBUG
uwsgi_log("\n\nVASSAL %s %d %.*s %d %d\n", name, born, config_size, config, uid, gid);
#endif
if (strlen(name) > (0xff - 1)) {
uwsgi_log("[emperor] invalid vassal name\n", name);
return;
}
gettimeofday(&tv, NULL);
int now = tv.tv_sec;
uint64_t micros = (tv.tv_sec * 1000 * 1000) + tv.tv_usec;
// blacklist check
struct uwsgi_emperor_blacklist_item *uebi = uwsgi_emperor_blacklist_check(name);
if (uebi) {
uint64_t i_micros = (uebi->last_attempt.tv_sec * 1000 * 1000) + uebi->last_attempt.tv_usec + uebi->throttle_level;
if (i_micros > micros) {
return;
}
}
if (now - emperor_throttle < 1) {
emperor_throttle_level = emperor_throttle_level * 2;
}
else {
if (emperor_throttle_level > uwsgi.emperor_throttle) {
emperor_throttle_level = emperor_throttle_level / 2;
}
if (emperor_throttle_level < uwsgi.emperor_throttle) {
emperor_throttle_level = uwsgi.emperor_throttle;
}
}
emperor_throttle = now;
#ifdef UWSGI_DEBUG
uwsgi_log("emperor throttle = %d\n", emperor_throttle_level);
#endif
usleep(emperor_throttle_level);
if (uwsgi.emperor_tyrant) {
if (uid == 0 || gid == 0) {
uwsgi_log("[emperor-tyrant] invalid permissions for vassal %s\n", name);
return;
}
}
while (c_ui->ui_next) {
c_ui = c_ui->ui_next;
}
n_ui = uwsgi_malloc(sizeof(struct uwsgi_instance));
memset(n_ui, 0, sizeof(struct uwsgi_instance));
if (config) {
n_ui->use_config = 1;
n_ui->config = config;
n_ui->config_len = config_size;
}
c_ui->ui_next = n_ui;
#ifdef UWSGI_DEBUG
uwsgi_log("c_ui->ui_next = %p\n", c_ui->ui_next);
#endif
n_ui->ui_prev = c_ui;
if (strchr(name, ':')) {
n_ui->zerg = 1;
uwsgi.emperor_broodlord_count++;
}
n_ui->scanner = ues;
memcpy(n_ui->name, name, strlen(name));
n_ui->born = born;
n_ui->uid = uid;
n_ui->gid = gid;
n_ui->last_mod = born;
// start without loyalty
n_ui->last_loyal = 0;
n_ui->loyal = 0;
n_ui->first_run = uwsgi_now();
n_ui->last_run = n_ui->first_run;
if (socketpair(AF_UNIX, SOCK_STREAM, 0, n_ui->pipe)) {
uwsgi_error("socketpair()");
goto clear;
}
event_queue_add_fd_read(uwsgi.emperor_queue, n_ui->pipe[0]);
if (n_ui->use_config) {
if (socketpair(AF_UNIX, SOCK_STREAM, 0, n_ui->pipe_config)) {
uwsgi_error("socketpair()");
goto clear;
}
}
// TODO pre-start hook
// a new uWSGI instance will start
pid = fork();
if (pid < 0) {
uwsgi_error("fork()")
}
else if (pid > 0) {
n_ui->pid = pid;
// close the right side of the pipe
close(n_ui->pipe[1]);
if (n_ui->use_config) {
close(n_ui->pipe_config[1]);
}
if (n_ui->use_config) {
if (write(n_ui->pipe_config[0], n_ui->config, n_ui->config_len) <= 0) {
uwsgi_error("write()");
}
close(n_ui->pipe_config[0]);
}
return;
}
else {
if (uwsgi.emperor_tyrant) {
uwsgi_log("[emperor-tyrant] dropping privileges to %d %d for instance %s\n", (int) uid, (int) gid, name);
if (setgid(gid)) {
uwsgi_error("setgid()");
exit(1);
}
if (setgroups(0, NULL)) {
uwsgi_error("setgroups()");
exit(1);
}
if (setuid(uid)) {
uwsgi_error("setuid()");
exit(1);
}
}
unsetenv("UWSGI_RELOADS");
unsetenv("NOTIFY_SOCKET");
uef = uwsgi_num2str(n_ui->pipe[1]);
if (setenv("UWSGI_EMPEROR_FD", uef, 1)) {
uwsgi_error("setenv()");
exit(1);
}
free(uef);
if (n_ui->use_config) {
uef = uwsgi_num2str(n_ui->pipe_config[1]);
if (setenv("UWSGI_EMPEROR_FD_CONFIG", uef, 1)) {
uwsgi_error("setenv()");
exit(1);
}
free(uef);
}
uenvs = environ;
while (*uenvs) {
if (!strncmp(*uenvs, "UWSGI_VASSAL_", 13)) {
char *ne = uwsgi_concat2("UWSGI_", *uenvs + 13);
char *oe = uwsgi_concat2n(*uenvs, strchr(*uenvs, '=') - *uenvs, "", 0);
if (unsetenv(oe)) {
uwsgi_error("unsetenv()");
break;
}
free(oe);
#ifdef UWSGI_DEBUG
uwsgi_log("putenv %s\n", ne);
#endif
if (putenv(ne)) {
uwsgi_error("putenv()");
}
// do not free ne as putenv will add it to the environ
uenvs = environ;
continue;
}
uenvs++;
}
// close the left side of the pipe
close(n_ui->pipe[0]);
if (n_ui->use_config) {
close(n_ui->pipe_config[0]);
}
counter = 4;
struct uwsgi_string_list *uct = uwsgi.vassals_templates;
while (uct) {
counter += 2;
uct = uct->next;
}
vassal_argv = uwsgi_malloc(sizeof(char *) * counter);
// set args
vassal_argv[0] = uwsgi.binary_path;
if (uwsgi.emperor_broodlord) {
colon = strchr(name, ':');
if (colon) {
colon[0] = 0;
}
}
// initialize to a default value
vassal_argv[1] = "--inherit";
if (!strcmp(name + (strlen(name) - 4), ".xml"))
vassal_argv[1] = "--xml";
if (!strcmp(name + (strlen(name) - 4), ".ini"))
vassal_argv[1] = "--ini";
if (!strcmp(name + (strlen(name) - 4), ".yml"))
vassal_argv[1] = "--yaml";
if (!strcmp(name + (strlen(name) - 5), ".yaml"))
vassal_argv[1] = "--yaml";
if (!strcmp(name + (strlen(name) - 3), ".js"))
vassal_argv[1] = "--json";
if (!strcmp(name + (strlen(name) - 5), ".json"))
vassal_argv[1] = "--json";
if (colon) {
colon[0] = ':';
}
vassal_argv[2] = name;
if (uwsgi.emperor_magic_exec) {
if (!access(name, R_OK | X_OK)) {
vassal_argv[2] = uwsgi_concat2("exec://", name);
}
}
if (n_ui->use_config) {
vassal_argv[2] = uwsgi_concat2("emperor://", name);
}
counter = 3;
uct = uwsgi.vassals_templates;
while (uct) {
vassal_argv[counter] = "--inherit";
vassal_argv[counter + 1] = uct->value;
counter += 2;
uct = uct->next;
}
vassal_argv[counter] = NULL;
// disable stdin
int stdin_fd = open("/dev/null", O_RDONLY);
if (stdin_fd < 0) {
uwsgi_error_open("/dev/null");
exit(1);
}
if (stdin_fd != 0) {
if (dup2(stdin_fd, 0)) {
uwsgi_error("dup2()");
exit(1);
}
close(stdin_fd);
}
// close all of the unneded fd
for (i = 3; i < (int) uwsgi.max_fd; i++) {
if (n_ui->use_config) {
if (i == n_ui->pipe_config[1])
continue;
}
if (i != n_ui->pipe[1]) {
close(i);
}
}
if (uwsgi.vassals_start_hook) {
uwsgi_log("[emperor] running vassal start-hook: %s %s\n", uwsgi.vassals_start_hook, n_ui->name);
if (uwsgi.emperor_absolute_dir) {
if (setenv("UWSGI_VASSALS_DIR", uwsgi.emperor_absolute_dir, 1)) {
uwsgi_error("setenv()");
}
}
int start_hook_ret = uwsgi_run_command_and_wait(uwsgi.vassals_start_hook, n_ui->name);
uwsgi_log("[emperor] %s start-hook returned %d\n", n_ui->name, start_hook_ret);
}
// start !!!
if (execvp(vassal_argv[0], vassal_argv)) {
uwsgi_error("execvp()");
}
uwsgi_log("[emperor] is the uwsgi binary in your system PATH ?\n");
// never here
exit(UWSGI_EXILE_CODE);
}
clear:
free(n_ui);
c_ui->ui_next = NULL;
}
void emperor_add(struct uwsgi_emperor_scanner *ues, char *name, time_t born, char *config, uint32_t config_size, uid_t uid, gid_t gid, char *socket_name) {
struct uwsgi_instance *c_ui = ui;
struct uwsgi_instance *n_ui = NULL;
struct timeval tv;
#ifdef UWSGI_DEBUG
uwsgi_log("\n\nVASSAL %s %d %.*s %d %d\n", name, born, config_size, config, uid, gid);
#endif
if (strlen(name) > (0xff - 1)) {
uwsgi_log("[emperor] invalid vassal name: %s\n", name);
return;
}
gettimeofday(&tv, NULL);
int now = tv.tv_sec;
uint64_t micros = (tv.tv_sec * 1000 * 1000) + tv.tv_usec;
// blacklist check
struct uwsgi_emperor_blacklist_item *uebi = uwsgi_emperor_blacklist_check(name);
if (uebi) {
uint64_t i_micros = (uebi->last_attempt.tv_sec * 1000 * 1000) + uebi->last_attempt.tv_usec + uebi->throttle_level;
if (i_micros > micros) {
return;
}
}
if (now - emperor_throttle < 1) {
emperor_throttle_level = emperor_throttle_level * 2;
}
else {
if (emperor_throttle_level > uwsgi.emperor_throttle) {
emperor_throttle_level = emperor_throttle_level / 2;
}
if (emperor_throttle_level < uwsgi.emperor_throttle) {
emperor_throttle_level = uwsgi.emperor_throttle;
}
}
emperor_throttle = now;
#ifdef UWSGI_DEBUG
uwsgi_log("emperor throttle = %d\n", emperor_throttle_level);
#endif
usleep(emperor_throttle_level);
if (uwsgi.emperor_tyrant) {
if (uid == 0 || gid == 0) {
uwsgi_log("[emperor-tyrant] invalid permissions for vassal %s\n", name);
return;
}
}
while (c_ui->ui_next) {
c_ui = c_ui->ui_next;
}
n_ui = uwsgi_calloc(sizeof(struct uwsgi_instance));
if (config) {
n_ui->use_config = 1;
n_ui->config = config;
n_ui->config_len = config_size;
}
c_ui->ui_next = n_ui;
#ifdef UWSGI_DEBUG
uwsgi_log("c_ui->ui_next = %p\n", c_ui->ui_next);
#endif
n_ui->ui_prev = c_ui;
if (strchr(name, ':')) {
n_ui->zerg = 1;
uwsgi.emperor_broodlord_count++;
}
n_ui->scanner = ues;
memcpy(n_ui->name, name, strlen(name));
n_ui->born = born;
n_ui->uid = uid;
n_ui->gid = gid;
n_ui->last_mod = born;
// start without loyalty
n_ui->last_loyal = 0;
n_ui->loyal = 0;
n_ui->first_run = uwsgi_now();
n_ui->last_run = n_ui->first_run;
n_ui->on_demand_fd = -1;
if (socket_name) {
n_ui->socket_name = uwsgi_str(socket_name);
}
n_ui->pid = -1;
// ok here we check if we need to bind to the specified socket or continue with the activation
if (socket_name) {
char *tcp_port = strchr(socket_name, ':');
if (tcp_port) {
// disable deferred accept for this socket
int current_defer_accept = uwsgi.no_defer_accept;
uwsgi.no_defer_accept = 1;
n_ui->on_demand_fd = bind_to_tcp(socket_name, uwsgi.listen_queue, tcp_port);
uwsgi.no_defer_accept = current_defer_accept;
}
else {
n_ui->on_demand_fd = bind_to_unix(socket_name, uwsgi.listen_queue, uwsgi.chmod_socket, uwsgi.abstract_socket);
}
if (n_ui->on_demand_fd < 0) {
uwsgi_error("emperor_add()/bind()");
free(n_ui);
c_ui->ui_next = NULL;
return;
}
event_queue_add_fd_read(uwsgi.emperor_queue, n_ui->on_demand_fd);
uwsgi_log("[uwsgi-emperor] %s -> \"on demand\" instance detected, waiting for connections on socket \"%s\" ...\n", name, socket_name);
return;
}
if (uwsgi_emperor_vassal_start(n_ui)) {
// clear the vassal
free(n_ui);
c_ui->ui_next = NULL;
}
}
