PDA

View Full Version : Debian Etch, Ispconfig (current), PHP5 socket_create problem..


LeoXavior
17th May 2007, 17:29
I've been trying to get socket_create to use type SOCK_RAW to work, my environment has it's users chrooted but it seems CLI needs to be run as root from what i've read in user responces here:
http://us.php.net/manual/en/function.socket-create.php

Which is causing these problems:

Warning: socket_create() [function.socket-create]: Unable to create socket [1]: Operation not permitted in /var/www/web1/web/ping.php on line 46

Warning: socket_set_option() expects parameter 1 to be resource, boolean given in /var/www/web1/web/ping.php on line 49


Server Details:
ISPConfig version: 2.2.12
Apache/2.2.3 (Debian) PHP/5.2.0-8+etch3 mod_ssl/2.2.3 OpenSSL/0.9.8c

socket create example:

/* create the socket, the last '1' denotes ICMP */
$socket = socket_create(AF_INET, SOCK_RAW, 1);

Notice im attempting to use SOCK_RAW here, I beleive this is what is causing the problem.

Any idea's on correcting this?

I'm playing with one example of using the function: posix_seteuid to change to different user accounts to test things, trying www-data etc.

*Update: changing the uid via posix_setuid, doesn't seem to help.

LeoXavior
17th May 2007, 17:32
This is the type of code im trying to execute a ping type function:

function ping($host) {
$package = "\x08\x00\x19\x2f\x00\x00\x00\x00\x70\x69\x6e\x67";

/* create the socket, the last '1' denotes ICMP */
$socket = socket_create(AF_INET, SOCK_RAW, 1);

/* set socket receive timeout to 1 second */
socket_set_option($socket, SOL_SOCKET, SO_RCVTIMEO, array("sec" => 1, "usec" => 0));

/* connect to socket */
socket_connect($socket, $host, null);

/* record start time */
list($start_usec, $start_sec) = explode(" ", microtime());
$start_time = ((float) $start_usec + (float) $start_sec);

socket_send($socket, $package, strlen($package), 0);

if(@socket_read($socket, 255)) {
list($end_usec, $end_sec) = explode(" ", microtime());
$end_time = ((float) $end_usec + (float) $end_sec);

$total_time = $end_time - $start_time;

return $total_time;
} else {
return false;
}

socket_close($socket);
}
echo ping('www.google.com');

till
18th May 2007, 10:29
Do you have safemode enabled in your php.ini or are the socket functions disallowed in your php.ini?

There is a restriction in linux that prevents users except from root to create sockets below a specific limit, but as far as I know, this limit is only for server sockets and not client sockets.

LeoXavior
19th May 2007, 15:00
Do you have safemode enabled in your php.ini or are the socket functions disallowed in your php.ini?

There is a restriction in linux that prevents users except from root to create sockets below a specific limit, but as far as I know, this limit is only for server sockets and not client sockets.


Safe mode is off.
Basically unchanged php.ini settings from default, I just edited email info, file post limits, and turned magic quotes off completely.
Thru ISPConfig everything is enabled but php safemode.

On the php.net site/manual it appears that the socket functions like what im refering to it suggests that you may need root priv's to use SOCK_RAW with socket_create (http://us.php.net/manual/en/function.socket-create.php).
I'm at a loss of how to safely bypass this to be able to use any code similar to what I posted above.

falko
20th May 2007, 17:52
Take a look at the first comment on http://de.php.net/manual/en/function.socket-create.php ( http://de.php.net/manual/en/function.socket-create.php#74922 ). It shows how to create sockets without being root.

LeoXavior
21st May 2007, 09:57
Take a look at the first comment on http://de.php.net/manual/en/function.socket-create.php ( http://de.php.net/manual/en/function.socket-create.php#74922 ). It shows how to create sockets without being root.

Can you verify that http://de.php.net/manual/en/function.socket-create.php#74922 can work in a current ISPConfig setup..
I tried that code that is what the mention is in the update footnote in my original post above..
Still was failing with the same warning messages I tried these users:
daemon (the default from the code)
www-data
root

I also tried a user account I created thru ispconfig that had admin rights checked off.

All failed.

If someone could test some of the php code(the supplied above or from the links to the manaul) on a box they have running, and verify that they can get it working for sure in a ispconfig environment that would be a big help.

till
21st May 2007, 10:31
There is nothing special in the way ISPConfig setups php. If you do not check the php safemode checkbox, php is configured with the values from your php.ini.

The example in the php manual is a shell script and not a script to run in a webserver. the example is also a server socket, I guess what you want to have is a cliebt socket to ping something and not to act as ping server.

LeoXavior
23rd May 2007, 00:00
Yes, basically I want to be able to ping a set of servers every 10-30 minutes and store the ping time to keep track of uptimes as well as ping times to select fastest online server.

I've played around with using fsockopen and other methods but I was interested in doing a proper icmp ping instead of tcp or udp.
Which is why I was interested in getting the socket examples working as fsockopen won't work in this fasion.

I could exec the ping executable and grep the results I suppose, but I was hoping to not have to use anything outside of php.

falko
23rd May 2007, 14:18
I could exec the ping executable and grep the results I suppose
That's what I wanted to suggest right now... ;)