# HG changeset patch # User Igor Sysoev # Date 1074631208 0 # Node ID cd71b95716b42c08f138abb58450cb5066ee144b # Parent 4eaafcd57be775a20e729634a0f6fbf1c8457ce1 nginx-0.0.1-2004-01-20-23:40:08 import diff --git a/src/core/nginx.c b/src/core/nginx.c --- a/src/core/nginx.c +++ b/src/core/nginx.c @@ -6,9 +6,10 @@ typedef struct { - ngx_str_t user; int daemon; int master; + uid_t user; + gid_t group; ngx_str_t pid; ngx_str_t newpid; } ngx_core_conf_t; @@ -27,6 +28,7 @@ static void ngx_worker_process_cycle(ngx static ngx_int_t ngx_add_inherited_sockets(ngx_cycle_t *cycle, char **envp); static ngx_pid_t ngx_exec_new_binary(ngx_cycle_t *cycle, char *const *argv); static ngx_int_t ngx_core_module_init(ngx_cycle_t *cycle); +static char *ngx_set_user(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); static ngx_str_t core_name = ngx_string("core"); @@ -34,10 +36,10 @@ static ngx_str_t core_name = ngx_string static ngx_command_t ngx_core_commands[] = { { ngx_string("user"), - NGX_MAIN_CONF|NGX_CONF_TAKE1, - ngx_conf_set_core_str_slot, + NGX_MAIN_CONF|NGX_CONF_TAKE12, + ngx_set_user, 0, - offsetof(ngx_core_conf_t, user), + 0, NULL }, { ngx_string("daemon"), @@ -68,26 +70,21 @@ ngx_module_t ngx_core_module = { }; -ngx_int_t ngx_max_module; - +ngx_int_t ngx_max_module; +ngx_uint_t ngx_connection_counter; -/* STUB */ -uid_t user; - -u_int ngx_connection_counter; +ngx_int_t ngx_process; +ngx_pid_t ngx_new_binary; -ngx_int_t ngx_process; -ngx_pid_t ngx_new_binary; - -ngx_int_t ngx_inherited; -ngx_int_t ngx_signal; -ngx_int_t ngx_reap; -ngx_int_t ngx_terminate; -ngx_int_t ngx_quit; -ngx_int_t ngx_noaccept; -ngx_int_t ngx_reconfigure; -ngx_int_t ngx_reopen; -ngx_int_t ngx_change_binary; +ngx_int_t ngx_inherited; +ngx_int_t ngx_signal; +ngx_int_t ngx_reap; +ngx_int_t ngx_terminate; +ngx_int_t ngx_quit; +ngx_int_t ngx_noaccept; +ngx_int_t ngx_reconfigure; +ngx_int_t ngx_reopen; +ngx_int_t ngx_change_binary; int main(int argc, char *const *argv, char **envp) @@ -102,7 +99,6 @@ int main(int argc, char *const *argv, ch #if !(WIN32) size_t len; char pid[/* STUB */ 10]; - struct passwd *pwd; #endif #if __FreeBSD__ @@ -169,19 +165,6 @@ int main(int argc, char *const *argv, ch #else - /* STUB */ - if (ccf->user.len) { - pwd = getpwnam(ccf->user.data); - if (pwd == NULL) { - ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno, - "getpwnam(%s) failed", ccf->user); - return 1; - } - - user = pwd->pw_uid; - } - /* */ - if (ccf->daemon != 0) { if (ngx_daemon(cycle->log) == NGX_ERROR) { return 1; @@ -573,16 +556,28 @@ static void ngx_worker_process_cycle(ngx sigset_t set; ngx_int_t i; ngx_listening_t *ls; + ngx_core_conf_t *ccf; ngx_process = NGX_PROCESS_WORKER; ngx_last_process = 0; - if (user) { - if (setuid(user) == -1) { - ngx_log_error(NGX_LOG_ALERT, cycle->log, ngx_errno, - "setuid() failed"); + ccf = (ngx_core_conf_t *) ngx_get_conf(cycle->conf_ctx, ngx_core_module); + + if (ccf->group != (gid_t) NGX_CONF_UNSET) { + if (setuid(ccf->group) == -1) { + ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno, + "setgid(%d) failed", ccf->group); /* fatal */ - exit(1); + exit(2); + } + } + + if (ccf->user != (uid_t) NGX_CONF_UNSET && geteuid() == 0) { + if (setuid(ccf->user) == -1) { + ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno, + "setuid(%d) failed", ccf->user); + /* fatal */ + exit(2); } } @@ -755,10 +750,53 @@ static ngx_int_t ngx_core_module_init(ng * * ccf->pid = NULL; */ - ccf->daemon = -1; - ccf->master = -1; + ccf->daemon = NGX_CONF_UNSET; + ccf->master = NGX_CONF_UNSET; + ccf->user = (uid_t) NGX_CONF_UNSET; + ccf->group = (gid_t) NGX_CONF_UNSET; ((void **)(cycle->conf_ctx))[ngx_core_module.index] = ccf; return NGX_OK; } + + +static char *ngx_set_user(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) +{ + struct passwd *pwd; + struct group *grp; + ngx_str_t *value; + ngx_core_conf_t *ccf; + + ccf = *(void **)conf; + + if (ccf->user != (uid_t) NGX_CONF_UNSET) { + return "is duplicate"; + } + + value = (ngx_str_t *) cf->args->elts; + + pwd = getpwnam(value[1].data); + if (pwd == NULL) { + ngx_conf_log_error(NGX_LOG_EMERG, cf, ngx_errno, + "getpwnam(%s) failed", value[1].data); + return NGX_CONF_ERROR; + } + + ccf->user = pwd->pw_uid; + + if (cf->args->nelts == 2) { + return NGX_CONF_OK; + } + + grp = getgrnam(value[2].data); + if (grp == NULL) { + ngx_conf_log_error(NGX_LOG_EMERG, cf, ngx_errno, + "getgrnam(%s) failed", value[1].data); + return NGX_CONF_ERROR; + } + + ccf->group = grp->gr_gid; + + return NGX_CONF_OK; +} diff --git a/src/core/ngx_log.c b/src/core/ngx_log.c --- a/src/core/ngx_log.c +++ b/src/core/ngx_log.c @@ -275,7 +275,6 @@ ngx_log_t *ngx_log_create_errlog(ngx_cyc static char *ngx_set_error_log(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) { - ngx_int_t i, n, d; ngx_str_t *value; value = cf->args->elts; @@ -287,19 +286,30 @@ static char *ngx_set_error_log(ngx_conf_ cf->cycle->log->file->name = value[1]; } + return ngx_set_error_log_levels(cf, cf->cycle->log); +} + + +char *ngx_set_error_log_levels(ngx_conf_t *cf, ngx_log_t *log) +{ + ngx_int_t i, n, d; + ngx_str_t *value; + + value = cf->args->elts; + for (i = 2; i < cf->args->nelts; i++) { for (n = 1; n < NGX_LOG_DEBUG; n++) { if (ngx_strcmp(value[i].data, err_levels[n]) == 0) { - if (cf->cycle->log->log_level != 0) { + if (log->log_level != 0) { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid log level \"%s\"", value[i].data); return NGX_CONF_ERROR; } - cf->cycle->log->log_level = n; + log->log_level = n; continue; } } @@ -307,21 +317,21 @@ static char *ngx_set_error_log(ngx_conf_ d = NGX_LOG_DEBUG_FIRST; for (n = 0; n < /* STUB */ 4; n++) { if (ngx_strcmp(value[i].data, debug_levels[n]) == 0) { - if (cf->cycle->log->log_level & ~NGX_LOG_DEBUG_ALL) { + if (log->log_level & ~NGX_LOG_DEBUG_ALL) { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid log level \"%s\"", value[i].data); return NGX_CONF_ERROR; } - cf->cycle->log->log_level |= d; + log->log_level |= d; } d <<= 1; } - if (cf->cycle->log->log_level == 0) { + if (log->log_level == 0) { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid log level \"%s\"", value[i].data); return NGX_CONF_ERROR; diff --git a/src/core/ngx_log.h b/src/core/ngx_log.h --- a/src/core/ngx_log.h +++ b/src/core/ngx_log.h @@ -305,6 +305,8 @@ void ngx_assert_core(ngx_log_t *log, con ngx_log_t *ngx_log_init_errlog(); ngx_log_t *ngx_log_create_errlog(ngx_cycle_t *cycle, ngx_array_t *args); +char *ngx_set_error_log_levels(ngx_conf_t *cf, ngx_log_t *log); + extern ngx_module_t ngx_errlog_module; diff --git a/src/http/ngx_http_core_module.c b/src/http/ngx_http_core_module.c --- a/src/http/ngx_http_core_module.c +++ b/src/http/ngx_http_core_module.c @@ -205,7 +205,7 @@ static ngx_command_t ngx_http_core_comm NULL }, { ngx_string("error_log"), - NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_1MORE, ngx_set_error_log, NGX_HTTP_LOC_CONF_OFFSET, 0, @@ -1395,17 +1395,11 @@ static char *ngx_set_error_log(ngx_conf_ { ngx_http_core_loc_conf_t *lcf = conf; -#if 0 - ngx_str_t *value; - - value = cf->args->elts; -#endif + if (!(lcf->err_log = ngx_log_create_errlog(cf->cycle, cf->args))) { + return NGX_CONF_ERROR; + } - ngx_test_null(lcf->err_log, - ngx_log_create_errlog(cf->cycle, cf->args), - NGX_CONF_ERROR); - - return NGX_CONF_OK; + return ngx_set_error_log_levels(cf, lcf->err_log); } diff --git a/src/os/unix/ngx_freebsd_config.h b/src/os/unix/ngx_freebsd_config.h --- a/src/os/unix/ngx_freebsd_config.h +++ b/src/os/unix/ngx_freebsd_config.h @@ -25,6 +25,7 @@ #include #include #include +#include #include diff --git a/src/os/unix/ngx_process.c b/src/os/unix/ngx_process.c --- a/src/os/unix/ngx_process.c +++ b/src/os/unix/ngx_process.c @@ -235,5 +235,13 @@ void ngx_process_get_status() "%s " PID_T_FMT " exited with code %d", process, pid, WEXITSTATUS(status)); } + + if (WEXITSTATUS(status) == 2 && ngx_processes[i].respawn) { + ngx_log_error(NGX_LOG_ALERT, ngx_cycle->log, 0, + "%s " PID_T_FMT + " exited with fatal code %d and could not respawn", + process, pid, WEXITSTATUS(status)); + ngx_processes[i].respawn = 0; + } } }