2017-01-17 17:00:00 +00:00
|
|
|
|
|
|
|
|
# Copyright (C) Igor Sysoev
|
|
|
|
|
# Copyright (C) NGINX, Inc.
|
|
|
|
|
|
|
|
|
|
|
2018-07-16 10:17:49 +00:00
|
|
|
# Linux 3.17 with glibc 2.25, FreeBSD 12, Solaris 11.3.
|
2017-01-17 17:00:00 +00:00
|
|
|
|
|
|
|
|
nxt_feature="getrandom()"
|
|
|
|
|
nxt_feature_name=NXT_HAVE_GETRANDOM
|
2018-05-24 17:35:47 +00:00
|
|
|
nxt_feature_run=yes
|
2017-01-17 17:00:00 +00:00
|
|
|
nxt_feature_incs=
|
|
|
|
|
nxt_feature_libs=
|
2018-05-24 17:35:47 +00:00
|
|
|
nxt_feature_test="#include <unistd.h>
|
|
|
|
|
#include <sys/random.h>
|
2017-01-17 17:00:00 +00:00
|
|
|
|
|
|
|
|
int main() {
|
|
|
|
|
char buf[4];
|
|
|
|
|
|
2018-05-24 17:35:47 +00:00
|
|
|
if (getrandom(buf, 4, 0) < 0) {
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
2017-01-17 17:00:00 +00:00
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}"
|
|
|
|
|
. auto/feature
|
|
|
|
|
|
|
|
|
|
|
2018-05-24 17:35:47 +00:00
|
|
|
if [ $nxt_found = no ]; then
|
|
|
|
|
|
|
|
|
|
# Linux 3.17 SYS_getrandom.
|
|
|
|
|
|
|
|
|
|
nxt_feature="SYS_getrandom in Linux"
|
|
|
|
|
nxt_feature_name=NXT_HAVE_LINUX_SYS_GETRANDOM
|
|
|
|
|
nxt_feature_test="#include <unistd.h>
|
|
|
|
|
#include <sys/syscall.h>
|
|
|
|
|
#include <linux/random.h>
|
|
|
|
|
|
|
|
|
|
int main() {
|
|
|
|
|
char buf[4];
|
|
|
|
|
|
|
|
|
|
if (syscall(SYS_getrandom, buf, 4, 0) < 0) {
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
2018-07-16 10:30:11 +00:00
|
|
|
return 0;
|
|
|
|
|
}"
|
|
|
|
|
. auto/feature
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if [ $nxt_found = no ]; then
|
|
|
|
|
|
|
|
|
|
# OpenBSD 5.6 lacks <sys/random.h>.
|
|
|
|
|
|
|
|
|
|
nxt_feature="getentropy()"
|
|
|
|
|
nxt_feature_name=NXT_HAVE_GETENTROPY
|
|
|
|
|
nxt_feature_test="#include <unistd.h>
|
|
|
|
|
|
|
|
|
|
int main() {
|
|
|
|
|
char buf[4];
|
|
|
|
|
|
|
|
|
|
if (getentropy(buf, 4) == -1) {
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}"
|
|
|
|
|
. auto/feature
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if [ $nxt_found = no ]; then
|
|
|
|
|
|
|
|
|
|
# macOS 10.12.
|
|
|
|
|
|
|
|
|
|
nxt_feature="getentropy() in sys/random.h"
|
|
|
|
|
nxt_feature_name=NXT_HAVE_GETENTROPY_SYS_RANDOM
|
|
|
|
|
nxt_feature_test="#include <unistd.h>
|
|
|
|
|
#include <sys/random.h>
|
|
|
|
|
|
|
|
|
|
int main() {
|
|
|
|
|
char buf[4];
|
|
|
|
|
|
|
|
|
|
if (getentropy(buf, 4) == -1) {
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
2018-05-24 17:35:47 +00:00
|
|
|
return 0;
|
|
|
|
|
}"
|
|
|
|
|
. auto/feature
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
|
2017-01-17 17:00:00 +00:00
|
|
|
nxt_feature="ucontext"
|
|
|
|
|
nxt_feature_name=NXT_HAVE_UCONTEXT
|
|
|
|
|
nxt_feature_run=
|
|
|
|
|
nxt_feature_incs=
|
|
|
|
|
nxt_feature_libs=
|
|
|
|
|
nxt_feature_test="#include <stdlib.h>
|
|
|
|
|
#include <ucontext.h>
|
|
|
|
|
|
|
|
|
|
int main() {
|
|
|
|
|
ucontext_t uc;
|
|
|
|
|
|
|
|
|
|
if (getcontext(&uc) == 0) {
|
|
|
|
|
makecontext(&uc, NULL, 0);
|
|
|
|
|
setcontext(&uc);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}"
|
|
|
|
|
. auto/feature
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if [ $nxt_found = no ]; then
|
|
|
|
|
|
|
|
|
|
# MacOSX 10.6 (Snow Leopard) has deprecated ucontext
|
|
|
|
|
# and requires _XOPEN_SOURCE to be defined.
|
|
|
|
|
|
|
|
|
|
nxt_feature="_XOPEN_SOURCE ucontext"
|
|
|
|
|
nxt_feature_name=NXT_HAVE_UCONTEXT
|
|
|
|
|
nxt_feature_run=
|
|
|
|
|
nxt_feature_incs=
|
|
|
|
|
nxt_feature_libs=
|
|
|
|
|
nxt_feature_test="#define _XOPEN_SOURCE
|
|
|
|
|
#include <stdlib.h>
|
|
|
|
|
#include <ucontext.h>
|
|
|
|
|
|
|
|
|
|
int main() {
|
|
|
|
|
ucontext_t uc;
|
|
|
|
|
|
|
|
|
|
if (getcontext(&uc) == 0) {
|
|
|
|
|
makecontext(&uc, NULL, 0);
|
|
|
|
|
setcontext(&uc);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}"
|
|
|
|
|
. auto/feature
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# FreeBSD dlopen() is in libc.
|
|
|
|
|
# MacOSX libdl.dylib is a symlink to libSystem.dylib.
|
2017-08-17 18:47:19 +00:00
|
|
|
# GCC5 AddressSanitizer intercepts dlopen() and dlclose() but not dlsym()
|
|
|
|
|
# so all dynamic linker functions should be tested.
|
2017-01-17 17:00:00 +00:00
|
|
|
|
|
|
|
|
NXT_LIBDL=
|
|
|
|
|
|
|
|
|
|
nxt_feature="dlopen()"
|
|
|
|
|
nxt_feature_name=NXT_HAVE_DLOPEN
|
|
|
|
|
nxt_feature_run=
|
|
|
|
|
nxt_feature_incs=
|
|
|
|
|
nxt_feature_libs=
|
|
|
|
|
nxt_feature_test="#include <stdlib.h>
|
|
|
|
|
#include <dlfcn.h>
|
|
|
|
|
|
|
|
|
|
int main() {
|
2017-08-17 18:47:19 +00:00
|
|
|
void *h = dlopen(NULL, RTLD_NOW | RTLD_GLOBAL);
|
|
|
|
|
dlsym(h, \"\");
|
|
|
|
|
dlclose(h);
|
2017-01-17 17:00:00 +00:00
|
|
|
return 0;
|
|
|
|
|
}"
|
|
|
|
|
. auto/feature
|
|
|
|
|
|
|
|
|
|
if [ $nxt_found = no ]; then
|
|
|
|
|
|
|
|
|
|
# Linux and Solaris prior to 10 require libdl.
|
|
|
|
|
# Solaris 10 libdl.so.1 is a filter to /usr/lib/ld.so.1.
|
|
|
|
|
|
|
|
|
|
nxt_feature="dlopen() in libdl"
|
|
|
|
|
nxt_feature_libs="-ldl"
|
|
|
|
|
. auto/feature
|
|
|
|
|
|
|
|
|
|
if [ $nxt_found = yes ]; then
|
|
|
|
|
NXT_LIBDL="-ldl"
|
|
|
|
|
fi
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
nxt_feature="posix_spawn()"
|
|
|
|
|
nxt_feature_name=NXT_HAVE_POSIX_SPAWN
|
|
|
|
|
nxt_feature_run=
|
|
|
|
|
nxt_feature_incs=
|
|
|
|
|
nxt_feature_libs=
|
|
|
|
|
nxt_feature_test="#include <spawn.h>
|
|
|
|
|
#include <unistd.h>
|
|
|
|
|
|
2019-11-22 11:06:02 +00:00
|
|
|
int main(int argc, char *argv[]) {
|
|
|
|
|
(void) posix_spawn(NULL, \"\", NULL, NULL, argv, NULL);
|
2017-01-17 17:00:00 +00:00
|
|
|
return 0;
|
|
|
|
|
}"
|
|
|
|
|
. auto/feature
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# NetBSD 1.0, OpenBSD 1.0, FreeBSD 2.2 setproctitle().
|
|
|
|
|
|
|
|
|
|
nxt_feature="setproctitle()"
|
|
|
|
|
nxt_feature_name=NXT_HAVE_SETPROCTITLE
|
|
|
|
|
nxt_feature_run=
|
|
|
|
|
nxt_feature_incs=
|
|
|
|
|
nxt_feature_libs=
|
|
|
|
|
nxt_feature_test="#include <stdlib.h>
|
|
|
|
|
#include <unistd.h>
|
|
|
|
|
|
|
|
|
|
int main() {
|
|
|
|
|
setproctitle(\"%s\", \"title\");
|
|
|
|
|
return 0;
|
|
|
|
|
}"
|
|
|
|
|
. auto/feature
|
Changed the group listing to run unprivileged when possible.
Now the nxt_user_groups_get() function uses getgrouplist(3) when available
(except MacOS, see below). For some platforms, getgrouplist() supports
a method of probing how much groups the user has but the behavior is not
consistent. The method used here consists of optimistically trying to get up
to min(256, NGROUPS_MAX) groups; only if ngroups returned exceeds the original
value, we do a second call. This method can block main's process if LDAP/NDIS+
is in use.
MacOS has getgrouplist(3) but it's buggy. It doesn't update ngroups if the
value passed is smaller than the number of groups the user has. Some
projects (like Go stdlib) call getgrouplist() in a loop, increasing ngroups
until it exceeds the number of groups user belongs to or fail when a limit
is reached. For performance reasons, this is to be avoided and MacOS is
handled in the fallback implementation.
The fallback implementation is the old Unit approach. It saves main's
user groups (getgroups(2)) and then calls initgroups(3) to load application's
groups in main, then does a second getgroups(2) to store the gids and restore
main's groups in the end. Because of initgroups(3)' call to setgroups(2),
this method requires root capabilities. In the case of OSX, which has
small NGROUPS_MAX by default (16), it's not possible to restore main's groups
if it's large; if so, this method fallbacks again: user_cred gids aren't
stored, and the worker process calls initgroups() itself and may block for
some time if LDAP/NDIS+ is in use.
2019-11-26 16:15:23 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
# Linux, FreeBSD, Solaris getgrouplist()
|
|
|
|
|
nxt_feature="getgrouplist()"
|
|
|
|
|
nxt_feature_name=NXT_HAVE_GETGROUPLIST
|
|
|
|
|
nxt_feature_run=
|
|
|
|
|
nxt_feature_incs=
|
|
|
|
|
nxt_feature_libs=
|
|
|
|
|
nxt_feature_test="#include <unistd.h>
|
|
|
|
|
#include <grp.h>
|
|
|
|
|
|
|
|
|
|
int main() {
|
|
|
|
|
getgrouplist(\"root\", 0, NULL, NULL);
|
|
|
|
|
return 0;
|
|
|
|
|
}"
|
|
|
|
|
. auto/feature
|