1/*  Part of SWI-Prolog
    2
    3    Author:        Jan Wielemaker
    4    E-mail:        J.Wielemaker@vu.nl
    5    WWW:           http://www.swi-prolog.org
    6    Copyright (c)  2013-2023, University of Amsterdam
    7                              VU University Amsterdam
    8                              CWI, Amsterdam
    9                              SWI-Prolog Solutions b.v.
   10    All rights reserved.
   11
   12    Redistribution and use in source and binary forms, with or without
   13    modification, are permitted provided that the following conditions
   14    are met:
   15
   16    1. Redistributions of source code must retain the above copyright
   17       notice, this list of conditions and the following disclaimer.
   18
   19    2. Redistributions in binary form must reproduce the above copyright
   20       notice, this list of conditions and the following disclaimer in
   21       the documentation and/or other materials provided with the
   22       distribution.
   23
   24    THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
   25    "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
   26    LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
   27    FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
   28    COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
   29    INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
   30    BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
   31    LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
   32    CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   33    LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
   34    ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
   35    POSSIBILITY OF SUCH DAMAGE.
   36*/
   37
   38:- module(http_unix_daemon,
   39          [ http_daemon/0,
   40            http_daemon/1,                  % +Options
   41            http_opt_type/3,                % ?Flag, ?Option, ?Type
   42            http_opt_help/2,                % ?Option, ?Help
   43            http_opt_meta/2                 % ?Option, ?Meta
   44          ]).   45:- use_module(library(error)).   46:- use_module(library(apply)).   47:- use_module(library(lists)).   48:- use_module(library(debug)).   49:- use_module(library(broadcast)).   50:- use_module(library(socket)).   51:- use_module(library(option)).   52:- use_module(library(uid)).   53:- use_module(library(unix)).   54:- use_module(library(syslog)).   55:- use_module(library(http/thread_httpd)).   56:- use_module(library(http/http_dispatch)).   57:- use_module(library(http/http_host)).   58:- use_module(library(main)).   59:- use_module(library(readutil)).   60
   61:- if(( exists_source(library(http/http_ssl_plugin)),
   62        \+ current_prolog_flag(pldoc_to_tex,true))).   63:- use_module(library(ssl)).   64:- use_module(library(http/http_ssl_plugin)).   65:- endif.   66
   67:- multifile
   68    http_server_hook/1,                     % +Options
   69    http_certificate_hook/3,                % +CertFile, +KeyFile, -Password
   70    http:sni_options/2.                     % +HostName, +SSLOptions
   71
   72:- initialization(http_daemon, main).   73
   74/** <module> Run SWI-Prolog HTTP server as a Unix system daemon
   75
   76This module provides the logic that  is   needed  to integrate a process
   77into the Unix service (daemon) architecture. It deals with the following
   78aspects,  all  of  which  may  be   used/ignored  and  configured  using
   79commandline options:
   80
   81  - Select the port(s) to be used by the server
   82  - Run the startup of the process as root to perform privileged
   83    tasks and the server itself as unprivileged user, for example
   84    to open ports below 1000.
   85  - Fork and detach from the controlling terminal
   86  - Handle console and debug output using a file and/or the syslog
   87    daemon.
   88  - Manage a _|pid file|_
   89
   90The typical use scenario is to  write   a  file that loads the following
   91components:
   92
   93  1. The application code, including http handlers (see http_handler/3).
   94  2. This library
   95
   96In the code below, =|?- [load].|= loads   the remainder of the webserver
   97code.  This is often a sequence of use_module/1 directives.
   98
   99  ==
  100  :- use_module(library(http/http_unix_daemon)).
  101
  102  :- [load].
  103  ==
  104
  105The   program   entry   point   is     http_daemon/0,   declared   using
  106initialization/2. This may be overruled using   a  new declaration after
  107loading  this  library.  The  new  entry    point  will  typically  call
  108http_daemon/1 to start the server in a preconfigured way.
  109
  110  ==
  111  :- use_module(library(http/http_unix_daemon)).
  112  :- initialization(run, main).
  113
  114  run :-
  115      ...
  116      http_daemon(Options).
  117  ==
  118
  119Now,  the  server  may  be  started    using   the  command  below.  See
  120http_daemon/0 for supported options.
  121
  122  ==
  123  % [sudo] swipl mainfile.pl [option ...]
  124  ==
  125
  126Below are some examples. Our first example is completely silent, running
  127on port 80 as user =www=.
  128
  129  ==
  130  % swipl mainfile.pl --user=www --pidfile=/var/run/http.pid
  131  ==
  132
  133Our second example logs HTTP  interaction   with  the  syslog daemon for
  134debugging purposes. Note that the argument   to =|--debug|== is a Prolog
  135term and must often be escaped to   avoid  misinterpretation by the Unix
  136shell.   The debug option can be repeated to log multiple debug topics.
  137
  138  ==
  139  % swipl mainfile.pl --user=www --pidfile=/var/run/http.pid \
  140          --debug='http(request)' --syslog=http
  141  ==
  142
  143*Broadcasting* The library uses  broadcast/1   to  allow hooking certain
  144events:
  145
  146  - http(pre_server_start)
  147  Run _after_ _fork_, just before starting the HTTP server.  Can be used
  148  to load additional files or perform additional initialisation, such as
  149  starting additional threads.  Recall that it is not possible to start
  150  threads _before_ forking.
  151
  152  - http(post_server_start)
  153  Run _after_ starting the HTTP server.
  154
  155@tbd    Cleanup issues wrt. loading and initialization of xpce.
  156@see    The file <swi-home>/doc/packages/examples/http/linux-init-script
  157        provides a /etc/init.d script for controlling a server as a normal
  158        Unix service.
  159*/
  160
  161:- debug(daemon).  162
  163% Do not run xpce in a thread. This disables forking. The problem here
  164% is that loading library(pce) starts the event dispatching thread. This
  165% should be handled lazily.
  166
  167:- set_prolog_flag(xpce_threaded,   false).  168:- set_prolog_flag(message_ide,     false). % cause xpce to trap messages
  169:- set_prolog_flag(message_context, [thread,time('%F %T.%3f')]).  170:- dynamic interactive/0.  171
  172%!  http_daemon
  173%
  174%   Start the HTTP server  as  a   daemon  process.  This  predicate
  175%   processes the commandline arguments below. Commandline arguments
  176%   that specify servers are processed  in   the  order  they appear
  177%   using the following schema:
  178%
  179%     1. Arguments that act as default for all servers.
  180%     2. =|--http=Spec|= or =|--https=Spec|= is followed by
  181%        arguments for that server until the next =|--http=Spec|=
  182%        or =|--https=Spec|= or the end of the options.
  183%     3. If no =|--http=Spec|= or =|--https=Spec|= appears, one
  184%        HTTP server is created from the specified parameters.
  185%
  186%     Examples:
  187%
  188%       ==
  189%       --workers=10 --http --https
  190%       --http=8080 --https=8443
  191%       --http=localhost:8080 --workers=1 --https=8443 --workers=25
  192%       ==
  193%
  194%     $ --port=Port :
  195%     Start HTTP server at Port. It requires root permission and the
  196%     option =|--user=User|= to open ports below 1000.  The default
  197%     port is 80. If =|--https|= is used, the default port is 443.
  198%
  199%     $ --ip=IP :
  200%     Only listen to the given IP address.  Typically used as
  201%     =|--ip=localhost|= to restrict access to connections from
  202%     _localhost_ if the server itself is behind an (Apache)
  203%     proxy server running on the same host.
  204%
  205%     $ --debug=Topic :
  206%     Enable debugging Topic.  See debug/3.
  207%
  208%     $ --syslog=Ident :
  209%     Write debug messages to the syslog daemon using Ident
  210%
  211%     $ --user=User :
  212%     When started as root to open a port below 1000, this option
  213%     must be provided to switch to the target user for operating
  214%     the server. The following actions are performed as root, i.e.,
  215%     _before_ switching to User:
  216%
  217%       - open the socket(s)
  218%       - write the pidfile
  219%       - setup syslog interaction
  220%       - Read the certificate, key and password file (=|--pwfile=File|=)
  221%
  222%     $ --group=Group :
  223%     May be used in addition to =|--user|=.  If omitted, the login
  224%     group of the target user is used.
  225%
  226%     $ --pidfile=File :
  227%     Write the PID of the daemon process to File.
  228%
  229%     $ --output=File :
  230%     Send output of the process to File.  By default, all
  231%     Prolog console output is discarded.
  232%
  233%     $ --fork[=Bool] :
  234%     If given as =|--no-fork|= or =|--fork=false|=, the process
  235%     runs in the foreground.
  236%
  237%     $ --http[=(Bool|Port|BindTo:Port)] :
  238%     Create a plain HTTP server.  If the argument is missing or
  239%     =true=, create at the specified or default address.  Else
  240%     use the given port and interface.  Thus, =|--http|= creates
  241%     a server at port 80, =|--http=8080|= creates one at port
  242%     8080 and =|--http=localhost:8080|= creates one at port
  243%     8080 that is only accessible from `localhost`.
  244%
  245%     $ --https[=(Bool|Port|BindTo:Port)] :
  246%     As =|--http|=, but creates an HTTPS server.
  247%     Use =|--certfile|=, =|--keyfile|=, =|-pwfile|=,
  248%     =|--password|= and =|--cipherlist|= to configure SSL for
  249%     this server.
  250%
  251%     $ --certfile=File :
  252%     The server certificate for HTTPS.
  253%
  254%     $ --keyfile=File :
  255%     The server private key for HTTPS.
  256%
  257%     $ --pwfile=File :
  258%     File holding the password for accessing  the private key. This
  259%     is preferred over using =|--password=PW|=   as it allows using
  260%     file protection to avoid leaking the password.  The file is
  261%     read _before_ the server drops privileges when started with
  262%     the =|--user|= option.
  263%
  264%     $ --password=PW :
  265%     The password for accessing the private key. See also `--pwfile`.
  266%
  267%     $ --cipherlist=Ciphers :
  268%     One or more cipher strings separated by colons. See the OpenSSL
  269%     documentation for more information. Starting with SWI-Prolog
  270%     7.5.11, the default value is always a set of ciphers that was
  271%     considered secure enough to prevent all critical attacks at the
  272%     time of the SWI-Prolog release.
  273%
  274%     $ --interactive[=Bool] :
  275%     If =true= (default =false=) implies =|--no-fork|= and presents
  276%     the Prolog toplevel after starting the server.
  277%
  278%     $ --gtrace=[Bool] :
  279%     Use the debugger to trace http_daemon/1.
  280%
  281%     $ --sighup=Action :
  282%     Action to perform on =|kill -HUP <pid>|=.  Default is `reload`
  283%     (running make/0).  Alternative is `quit`, stopping the server.
  284%
  285%   Other options are converted  by   argv_options/3  and  passed to
  286%   http_server/1.  For example, this allows for:
  287%
  288%     $ --workers=Count :
  289%     Set the number of workers for the multi-threaded server.
  290%
  291%   http_daemon/0 is defined as below.  The   start  code for a specific
  292%   server can use this as a starting  point, for example for specifying
  293%   defaults  or  additional  options.  This    uses   _guided_  options
  294%   processing  from  argv_options/3  from   library(main).  The  option
  295%   definitions are available as   http_opt_type/3,  http_opt_help/2 and
  296%   http_opt_meta/2
  297%
  298%   ```
  299%   http_daemon :-
  300%       current_prolog_flag(argv, Argv),
  301%       argv_options(Argv, _RestArgv, Options),
  302%       http_daemon(Options).
  303%   ```
  304%
  305%   @see http_daemon/1
  306
  307http_daemon :-
  308    current_prolog_flag(argv, Argv),
  309    argv_options(Argv, _RestArgv, Options),
  310    http_daemon(Options).
  311
  312% Option declarations for argv_options/3 from library(main).
  313
  314opt_type(port,               port,               nonneg).
  315opt_type(p,                  port,               nonneg).
  316opt_type(ip,                 ip,                 atom).
  317opt_type(debug,              debug,              term).
  318opt_type(syslog,             syslog,             atom).
  319opt_type(user,               user,               atom).
  320opt_type(group,              group,              atom).
  321opt_type(pidfile,            pidfile,            file(write)).
  322opt_type(output,             output,             file(write)).
  323opt_type(fork,               fork,               boolean).
  324opt_type(http,               http,               nonneg|boolean).
  325opt_type(https,              https,              nonneg|boolean).
  326opt_type(certfile,           certfile,           file(read)).
  327opt_type(keyfile,            keyfile,            file(read)).
  328opt_type(pwfile,             pwfile,             file(read)).
  329opt_type(password,           password,           string).
  330opt_type(cipherlist,         cipherlist,         string).
  331opt_type(redirect,           redirect,           string).
  332opt_type(interactive,        interactive,        boolean).
  333opt_type(i,                  interactive,        boolean).
  334opt_type(gtrace,             gtrace,             boolean).
  335opt_type(sighup,             sighup,             oneof([reload,quit])).
  336opt_type(workers,            workers,            natural).
  337opt_type(timeout,            timeout,            number).
  338opt_type(keep_alive_timeout, keep_alive_timeout, number).
  339
  340opt_help(port,               "HTTP port to listen to").
  341opt_help(ip,                 "Only listen to this ip (--ip=localhost)").
  342opt_help(debug,              "Print debug message for topic").
  343opt_help(syslog,             "Send output to syslog daemon as ident").
  344opt_help(user,               "Run server under this user").
  345opt_help(group,              "Run server under this group").
  346opt_help(pidfile,            "Write PID to path").
  347opt_help(output,             "Send output to file (instead of syslog)").
  348opt_help(fork,               "Do (default) or do not fork").
  349opt_help(http,               "Create HTTP server").
  350opt_help(https,              "Create HTTPS server").
  351opt_help(certfile,           "The server certificate").
  352opt_help(keyfile,            "The server private key").
  353opt_help(pwfile,             "File holding password for the private key").
  354opt_help(password,           "Password for the private key").
  355opt_help(cipherlist,         "Cipher strings separated by colons").
  356opt_help(redirect,           "Redirect all requests to a URL or port").
  357opt_help(interactive,        "Enter Prolog toplevel after starting server").
  358opt_help(gtrace,             "Start (graphical) debugger").
  359opt_help(sighup,             "Action on SIGHUP: reload (default) or quit").
  360opt_help(workers,            "Number of HTTP worker threads").
  361opt_help(timeout,            "Time to wait for client to complete request").
  362opt_help(keep_alive_timeout, "Time to wait for a new request").
  363
  364opt_meta(port,               'PORT').
  365opt_meta(ip,                 'IP').
  366opt_meta(debug,              'TERM').
  367opt_meta(http,               'PORT').
  368opt_meta(https,              'PORT').
  369opt_meta(syslog,             'IDENT').
  370opt_meta(user,               'NAME').
  371opt_meta(group,              'NAME').
  372opt_meta(redirect,           'URL').
  373opt_meta(sighup,             'ACTION').
  374opt_meta(workers,            'COUNT').
  375opt_meta(timeout,            'SECONDS').
  376opt_meta(keep_alive_timeout, 'SECONDS').
  377
  378%!  http_opt_type(?Flag, ?Option, ?Type).
  379%!  http_opt_help(?Option, ?Help).
  380%!  http_opt_meta(?Option, ?Meta).
  381%
  382%   Allow reusing http option processing
  383
  384http_opt_type(Flag, Option, Type) :-
  385    opt_type(Flag, Option, Type).
  386
  387http_opt_help(Option, Help) :-
  388    opt_help(Option, Help),
  389    Option \= help(_).
  390
  391http_opt_meta(Option, Meta) :-
  392    opt_meta(Option, Meta).
  393
  394
  395%!  http_daemon(+Options)
  396%
  397%   Start the HTTP server as a  daemon process. This predicate processes
  398%   a Prolog option list. It  is   normally  called  from http_daemon/0,
  399%   which derives the option list from the command line arguments.
  400%
  401%   Error handling depends on whether  or   not  interactive(true) is in
  402%   effect. If so, the error is printed before entering the toplevel. In
  403%   non-interactive mode this predicate calls halt(1).
  404
  405http_daemon(Options) :-
  406    Error = error(_,_),
  407    catch(http_daemon_guarded(Options), Error, start_failed(Error)).
  408
  409start_failed(Error) :-
  410    interactive,
  411    !,
  412    print_message(warning, Error).
  413start_failed(Error) :-
  414    print_message(error, Error),
  415    halt(1).
  416
  417%!  http_daemon_guarded(+Options)
  418%
  419%   Helper that is started from http_daemon/1. See http_daemon/1 for
  420%   options that are processed.
  421
  422http_daemon_guarded(Options) :-
  423    setup_debug(Options),
  424    kill_x11(Options),
  425    option_servers(Options, Servers0),
  426    maplist(make_socket, Servers0, Servers),
  427    (   option(fork(true), Options, true),
  428        option(interactive(false), Options, false),
  429        can_switch_user(Options)
  430    ->  fork(Who),
  431        (   Who \== child
  432        ->  halt
  433        ;   disable_development_system,
  434            setup_syslog(Options),
  435            write_pid(Options),
  436            setup_output(Options),
  437            switch_user(Options),
  438            setup_signals(Options),
  439            start_servers(Servers),
  440            wait(Options)
  441        )
  442    ;   write_pid(Options),
  443        switch_user(Options),
  444        setup_signals(Options),
  445        start_servers(Servers),
  446        wait(Options)
  447    ).
  448
  449%!  option_servers(+Options, -Sockets:list)
  450%
  451%   Find all sockets that must be created according to Options. Each
  452%   socket is a term server(Scheme, Address, Opts), where Address is
  453%   either a plain port (integer) or Host:Port. The latter binds the
  454%   port  to  the  interface  belonging    to   Host.  For  example:
  455%   socket(http, localhost:8080, Opts) creates an   HTTP socket that
  456%   binds to the localhost  interface  on   port  80.  Opts  are the
  457%   options specific for the given server.
  458
  459option_servers(Options, Sockets) :-
  460    opt_sockets(Options, [], [], Sockets).
  461
  462opt_sockets([], Options, [], [Socket]) :-
  463    !,
  464    make_server(http(true), Options, Socket).
  465opt_sockets([], _, Sockets, Sockets).
  466opt_sockets([H|T], OptsH, Sockets0, Sockets) :-
  467    server_option(H),
  468    !,
  469    append(OptsH, [H], OptsH1),
  470    opt_sockets(T, OptsH1, Sockets0, Sockets).
  471opt_sockets([H|T0], Opts, Sockets0, Sockets) :-
  472    server_start_option(H),
  473    !,
  474    server_options(T0, T, Opts, SOpts),
  475    make_server(H, SOpts, Socket),
  476    append(Sockets0, [Socket], Sockets1),
  477    opt_sockets(T, Opts, Sockets1, Sockets).
  478opt_sockets([_|T], Opts, Sockets0, Sockets) :-
  479    opt_sockets(T, Opts, Sockets0, Sockets).
  480
  481server_options([], [], Options, Options).
  482server_options([H|T], Rest, Options0, Options) :-
  483    server_option(H),
  484    !,
  485    generalise_option(H, G),
  486    delete(Options0, G, Options1),
  487    append(Options1, [H], Options2),
  488    server_options(T, Rest, Options2, Options).
  489server_options([H|T], [H|T], Options, Options) :-
  490    server_start_option(H),
  491    !.
  492server_options([_|T0], Rest, Options0, Options) :-
  493    server_options(T0, Rest, Options0, Options).
  494
  495generalise_option(H, G) :-
  496    H =.. [Name,_],
  497    G =.. [Name,_].
  498
  499server_start_option(http(_)).
  500server_start_option(https(_)).
  501
  502server_option(port(_)).
  503server_option(ip(_)).
  504server_option(certfile(_)).
  505server_option(keyfile(_)).
  506server_option(pwfile(_)).
  507server_option(password(_)).
  508server_option(cipherlist(_)).
  509server_option(workers(_)).
  510server_option(redirect(_)).
  511server_option(timeout(_)).
  512server_option(keep_alive_timeout(_)).
  513
  514make_server(http(Address0), Options0, server(http, Address, Options)) :-
  515    make_address(Address0, 80, Address, Options0, Options).
  516make_server(https(Address0), Options0, server(https, Address, SSLOptions)) :-
  517    make_address(Address0, 443, Address, Options0, Options),
  518    merge_https_options(Options, SSLOptions).
  519
  520make_address(true, DefPort, Address, Options0, Options) :-
  521    !,
  522    option(port(Port), Options0, DefPort),
  523    (   option(ip(Bind), Options0)
  524    ->  Address = (Bind:Port)
  525    ;   Address = Port
  526    ),
  527    merge_options([port(Port)], Options0, Options).
  528make_address(Bind:Port, _, Bind:Port, Options0, Options) :-
  529    !,
  530    must_be(atom, Bind),
  531    must_be(integer, Port),
  532    merge_options([port(Port), ip(Bind)], Options0, Options).
  533make_address(Port, _, Address, Options0, Options) :-
  534    integer(Port),
  535    !,
  536    (   option(ip(Bind), Options0)
  537    ->  Address = (Bind:Port)
  538    ;   Address = Port,
  539        merge_options([port(Port)], Options0, Options)
  540    ).
  541make_address(Spec, _, Address, Options0, Options) :-
  542    atomic(Spec),
  543    split_string(Spec, ":", "", [BindString, PortString]),
  544    number_string(Port, PortString),
  545    !,
  546    atom_string(Bind, BindString),
  547    Address = (Bind:Port),
  548    merge_options([port(Port), ip(Bind)], Options0, Options).
  549make_address(Spec, _, _, _, _) :-
  550    domain_error(address, Spec).
  551
  552:- dynamic sni/3.  553
  554merge_https_options(Options, [SSL|Options]) :-
  555    (   option(certfile(CertFile), Options),
  556        option(keyfile(KeyFile), Options)
  557    ->  prepare_https_certificate(CertFile, KeyFile, Passwd0),
  558        read_file_to_string(CertFile, Certificate, []),
  559        read_file_to_string(KeyFile, Key, []),
  560        Pairs = [Certificate-Key]
  561    ;   Pairs = []
  562    ),
  563    ssl_secure_ciphers(SecureCiphers),
  564    option(cipherlist(CipherList), Options, SecureCiphers),
  565    (   string(Passwd0)
  566    ->  Passwd = Passwd0
  567    ;   options_password(Options, Passwd)
  568    ),
  569    findall(HostName-HostOptions, http:sni_options(HostName, HostOptions), SNIs),
  570    maplist(sni_contexts, SNIs),
  571    SSL = ssl([ certificate_key_pairs(Pairs),
  572                cipher_list(CipherList),
  573                password(Passwd),
  574                sni_hook(http_unix_daemon:sni)
  575              ]).
  576
  577sni_contexts(Host-Options) :-
  578    ssl_context(server, SSL, Options),
  579    assertz(sni(_, Host, SSL)).
  580
  581%!  http_certificate_hook(+CertFile, +KeyFile, -Password) is semidet.
  582%
  583%   Hook called before starting the server  if the --https option is
  584%   used.  This  hook  may  be  used    to  create  or  refresh  the
  585%   certificate. If the hook binds Password to a string, this string
  586%   will be used to  decrypt  the  server   private  key  as  if the
  587%   --password=Password option was given.
  588
  589prepare_https_certificate(CertFile, KeyFile, Password) :-
  590    http_certificate_hook(CertFile, KeyFile, Password),
  591    !.
  592prepare_https_certificate(_, _, _).
  593
  594
  595options_password(Options, Passwd) :-
  596    option(password(Passwd), Options),
  597    !.
  598options_password(Options, Passwd) :-
  599    option(pwfile(File), Options),
  600    !,
  601    read_file_to_string(File, String, []),
  602    split_string(String, "", "\r\n\t ", [Passwd]).
  603options_password(_, '').
  604
  605%!  start_servers(+Servers) is det.
  606%
  607%   Start the HTTP server.  It performs the following steps:
  608%
  609%     1. Call broadcast(http(pre_server_start))
  610%     2. For each server
  611%        a. Call broadcast(http(pre_server_start(Port)))
  612%        b. Call http_server(http_dispatch, Options)
  613%        c. Call broadcast(http(post_server_start(Port)))
  614%     3. Call broadcast(http(post_server_start))
  615%
  616%   This predicate can be  hooked   using  http_server_hook/1.  This
  617%   predicate is executed after
  618%
  619%     - Forking
  620%     - Setting I/O (e.g., to talk to the syslog daemon)
  621%     - Dropping root privileges (--user)
  622%     - Setting up signal handling
  623
  624start_servers(Servers) :-
  625    broadcast(http(pre_server_start)),
  626    maplist(start_server, Servers),
  627    broadcast(http(post_server_start)).
  628
  629start_server(server(_Scheme, Socket, Options)) :-
  630    option(redirect(To), Options),
  631    !,
  632    http_server(server_redirect(To), [tcp_socket(Socket)|Options]).
  633start_server(server(_Scheme, Socket, Options)) :-
  634    http_server_hook([tcp_socket(Socket)|Options]),
  635    !.
  636start_server(server(_Scheme, Socket, Options)) :-
  637    option(port(Port), Options),
  638    broadcast(http(pre_server_start(Port))),
  639    http_server(http_dispatch, [tcp_socket(Socket)|Options]),
  640    broadcast(http(post_server_start(Port))).
  641
  642make_socket(server(Scheme, Address, Options),
  643            server(Scheme, Socket, Options)) :-
  644    tcp_socket(Socket),
  645    catch(bind_socket(Socket, Address), Error,
  646          make_socket_error(Error, Address)),
  647    debug(daemon(socket),
  648          'Created socket ~p, listening on ~p', [Socket, Address]).
  649
  650bind_socket(Socket, Address) :-
  651    tcp_setopt(Socket, reuseaddr),
  652    tcp_bind(Socket, Address),
  653    tcp_listen(Socket, 5).
  654
  655make_socket_error(error(socket_error(_,_), _), Address) :-
  656    address_port(Address, Port),
  657    integer(Port),
  658    Port =< 1000,
  659    !,
  660    verify_root(open_port(Port)).
  661make_socket_error(Error, _) :-
  662    throw(Error).
  663
  664address_port(_:Port, Port) :- !.
  665address_port(Port, Port).
  666
  667%!  disable_development_system
  668%
  669%   Disable some development stuff.
  670
  671disable_development_system :-
  672    set_prolog_flag(editor, '/bin/false').
  673
  674%!  enable_development_system
  675%
  676%   Re-enable the development environment. Currently  re-enables xpce if
  677%   this was loaded, but not  initialised   and  causes  the interactive
  678%   toplevel to be re-enabled.
  679
  680enable_development_system :-
  681    assertz(interactive),
  682    set_prolog_flag(xpce_threaded, true),
  683    set_prolog_flag(message_ide, true),
  684    (   current_prolog_flag(xpce_version, _)
  685    ->  call(pce_dispatch([]))
  686    ;   true
  687    ),
  688    set_prolog_flag(toplevel_goal, prolog).
  689
  690%!  setup_syslog(+Options) is det.
  691%
  692%   Setup syslog interaction.
  693
  694setup_syslog(Options) :-
  695    option(syslog(Ident), Options),
  696    !,
  697    openlog(Ident, [pid], user).
  698setup_syslog(_).
  699
  700
  701%!  setup_output(+Options) is det.
  702%
  703%   Setup output from the daemon process. The default is to send all
  704%   output to a  null-stream  (see   open_null_stream/1).  With  the
  705%   option output(File), all output is written to File.
  706
  707setup_output(Options) :-
  708    option(output(File), Options),
  709    !,
  710    open(File, write, Out, [encoding(utf8)]),
  711    set_stream(Out, buffer(line)),
  712    detach_IO(Out).
  713setup_output(_) :-
  714    open_null_stream(Out),
  715    detach_IO(Out).
  716
  717
  718%!  write_pid(+Options) is det.
  719%
  720%   If the option pidfile(File) is  present,   write  the PID of the
  721%   daemon to this file.
  722
  723write_pid(Options) :-
  724    option(pidfile(File), Options),
  725    current_prolog_flag(pid, PID),
  726    !,
  727    setup_call_cleanup(
  728        open(File, write, Out),
  729        format(Out, '~d~n', [PID]),
  730        close(Out)),
  731    at_halt(catch(delete_file(File), _, true)).
  732write_pid(_).
  733
  734
  735%!  switch_user(+Options) is det.
  736%
  737%   Switch to the target user and group. If the server is started as
  738%   root, this option *must* be present.
  739
  740switch_user(Options) :-
  741    option(user(User), Options),
  742    !,
  743    verify_root(switch_user(User)),
  744    (   option(group(Group), Options)
  745    ->  set_user_and_group(User, Group)
  746    ;   set_user_and_group(User)
  747    ),
  748    prctl(set_dumpable(true)).      % re-enable core dumps on Linux
  749switch_user(_Options) :-
  750    verify_no_root.
  751
  752%!  can_switch_user(Options) is det.
  753%
  754%   Verify the user options before  forking,   so  we  can print the
  755%   message in time.
  756
  757can_switch_user(Options) :-
  758    option(user(User), Options),
  759    !,
  760    verify_root(switch_user(User)).
  761can_switch_user(_Options) :-
  762    verify_no_root.
  763
  764verify_root(_Task) :-
  765    geteuid(0),
  766    !.
  767verify_root(Task) :-
  768    print_message(error, http_daemon(no_root(Task))),
  769    halt(1).
  770
  771verify_no_root :-
  772    geteuid(0),
  773    !,
  774    throw(error(permission_error(open, server, http),
  775                context('Refusing to run HTTP server as root', _))).
  776verify_no_root.
  777
  778:- if(\+current_predicate(prctl/1)).  779prctl(_).
  780:- endif.  781
  782%!  server_redirect(+To, +Request)
  783%
  784%   Redirect all requests for this server to the specified server. To
  785%   is one of:
  786%
  787%     $ A port (integer) :
  788%     Redirect to the server running on that port in the same
  789%     Prolog process.
  790%     $ =true= :
  791%     Results from just passing =|--redirect|=.  Redirects to
  792%     an HTTPS server in the same Prolog process.
  793%     $ A URL :
  794%     Redirect to the the given URL + the request uri.  This can
  795%     be used if the server cannot find its public address.  For
  796%     example:
  797%
  798%       ```
  799%       --http --redirect=https://myhost.org --https
  800%       ```
  801
  802server_redirect(Port, Request) :-
  803    integer(Port),
  804    http_server_property(Port, scheme(Scheme)),
  805    http_public_host(Request, Host, _Port, []),
  806    memberchk(request_uri(Location), Request),
  807    (   default_port(Scheme, Port)
  808    ->  format(string(To), '~w://~w~w', [Scheme, Host, Location])
  809    ;   format(string(To), '~w://~w:~w~w', [Scheme, Host, Port, Location])
  810    ),
  811    throw(http_reply(moved_temporary(To))).
  812server_redirect(true, Request) :-
  813    !,
  814    http_server_property(P, scheme(https)),
  815    server_redirect(P, Request).
  816server_redirect(URI, Request) :-
  817    memberchk(request_uri(Location), Request),
  818    atom_concat(URI, Location, To),
  819    throw(http_reply(moved_temporary(To))).
  820
  821default_port(http, 80).
  822default_port(https, 443).
  823
  824
  825%!  setup_debug(+Options) is det.
  826%
  827%   Initialise debug/3 topics. The  =|--debug|=   option  may be used
  828%   multiple times.
  829
  830setup_debug(Options) :-
  831    setup_trace(Options),
  832    nodebug(_),
  833    debug(daemon),
  834    enable_debug(Options).
  835
  836enable_debug([]).
  837enable_debug([debug(Topic)|T]) :-
  838    !,
  839    atom_to_term(Topic, Term, _),
  840    debug(Term),
  841    enable_debug(T).
  842enable_debug([_|T]) :-
  843    enable_debug(T).
  844
  845setup_trace(Options) :-
  846    option(gtrace(true), Options),
  847    !,
  848    gtrace.
  849setup_trace(_).
  850
  851
  852%!  kill_x11(+Options) is det.
  853%
  854%   Get rid of X11 access if interactive is false.
  855
  856kill_x11(Options) :-
  857    getenv('DISPLAY', Display),
  858    Display \== '',
  859    option(interactive(false), Options, false),
  860    !,
  861    setenv('DISPLAY', ''),
  862    set_prolog_flag(gui, false).
  863kill_x11(_).
  864
  865
  866%!  setup_signals(+Options)
  867%
  868%   Prepare the server for signal handling.   By  default SIGINT and
  869%   SIGTERM terminate the server. SIGHUP causes   the  server to run
  870%   make/0.
  871
  872setup_signals(Options) :-
  873    option(interactive(true), Options, false),
  874    !.
  875setup_signals(Options) :-
  876    on_signal(int,  _, quit),
  877    on_signal(term, _, quit),
  878    option(sighup(Action), Options, reload),
  879    must_be(oneof([reload,quit]), Action),
  880    on_signal(usr1, _, logrotate),
  881    on_signal(hup,  _, Action).
  882
  883:- public
  884    quit/1,
  885    reload/1,
  886    logrotate/1.  887
  888quit(Signal) :-
  889    debug(daemon, 'Dying on signal ~w', [Signal]),
  890    thread_send_message(main, quit(Signal)).
  891
  892reload(Signal) :-
  893    debug(daemon, 'Reload on signal ~w', [Signal]),
  894    thread_send_message(main, reload).
  895
  896logrotate(Signal) :-
  897    debug(daemon, 'Closing log files on signal ~w', [Signal]),
  898    thread_send_message(main, logrotate).
  899
  900%!  wait(+Options)
  901%
  902%   This predicate runs in the  main   thread,  waiting for messages
  903%   send by signal handlers to control   the server. In addition, it
  904%   broadcasts  maintenance(Interval,  Deadline)    messages   every
  905%   Interval seconds. These messages may   be trapped using listen/2
  906%   for performing scheduled maintenance such as rotating log files,
  907%   cleaning stale data, etc.
  908
  909wait(Options) :-
  910    option(interactive(true), Options, false),
  911    !,
  912    enable_development_system.
  913wait(Options) :-
  914    thread_self(Me),
  915    option(maintenance_interval(Interval), Options, 300),
  916    Interval > 0,
  917    !,
  918    first_deadline(Interval, FirstDeadline),
  919    State = deadline(0),
  920    repeat,
  921        State = deadline(Count),
  922        Deadline is FirstDeadline+Count*Interval,
  923        (   thread_idle(thread_get_message(Me, Msg, [deadline(Deadline)]),
  924                        long)
  925        ->  catch(ignore(handle_message(Msg)), E,
  926                  print_message(error, E)),
  927            Msg = quit(Signal),
  928            catch(broadcast(http(shutdown)), E,
  929                  print_message(error, E)),
  930            halt(Signal)
  931        ;   Count1 is Count + 1,
  932            nb_setarg(1, State, Count1),
  933            catch(broadcast(maintenance(Interval, Deadline)), E,
  934                  print_message(error, E)),
  935            fail
  936        ).
  937wait(_) :-
  938    thread_self(Me),
  939    repeat,
  940        thread_idle(thread_get_message(Me, Msg), long),
  941        catch(ignore(handle_message(Msg)), E,
  942              print_message(error, E)),
  943        Msg == quit,
  944        !,
  945        halt(0).
  946
  947handle_message(reload) :-
  948    make,
  949    broadcast(logrotate).
  950handle_message(logrotate) :-
  951    broadcast(logrotate).
  952
  953first_deadline(Interval, Deadline) :-
  954    get_time(Now),
  955    Deadline is ((integer(Now) + Interval - 1)//Interval)*Interval.
  956
  957
  958                 /*******************************
  959                 *            HOOKS             *
  960                 *******************************/
  961
  962%!  http_server_hook(+Options) is semidet.
  963%
  964%   Hook that is called to start the  HTTP server. This hook must be
  965%   compatible to http_server(Handler,  Options).   The  default  is
  966%   provided by start_server/1.
  967
  968
  969%!  http:sni_options(-HostName, -SSLOptions) is multi.
  970%
  971%   Hook  to   provide  Server  Name  Indication   (SNI)  for  TLS
  972%   servers. When starting an HTTPS  server, all solutions of this
  973%   predicate are  collected and a suitable  sni_hook/1 is defined
  974%   for ssl_context/3  to use different contexts  depending on the
  975%   host  name  of the  client  request.   This hook  is  executed
  976%   _before_ privileges are dropped.
  977
  978
  979                 /*******************************
  980                 *           MESSAGES           *
  981                 *******************************/
  982
  983:- multifile
  984    prolog:message//1.  985
  986prolog:message(http_daemon(no_root(switch_user(User)))) -->
  987    [ 'Program must be started as root to use --user=~w.'-[User] ].
  988prolog:message(http_daemon(no_root(open_port(Port)))) -->
  989    [ 'Cannot open port ~w.  Only root can open ports below 1000.'-[Port] ]