Clever Geek Handbook

Php sockets, Apache and CentOS 6.3 give permission to fail

What I am trying to do is run a simple PHP script that checks if the game server is online and gets some information from it. I am running exactly the same script in a local box with WAMP Server where I just uncommented php_openssl.dll and php_sockets.dll and - voila - it worked as expected.

But then our production environment appeared! I usually work with Debian, but our host decided to install CentOS on our dedicated server because NIC was failing in Debian and nothing has happened since then.

I overcame several problems and stayed with this problem: How can I fix PHP sockets? I read that I needed php-common, so I installed it with

# yum install php-common

Then I checked phpinfo()

and I got this

'./configure'  '--with-openssl' '--enable-sockets' ...

So it looks good if you ask me how openssl and sockets are installed and should work, however it is not. I found this script here on Stack Overflow:

<?php
//just in case
if (!extension_loaded('sockets')) {
die('The sockets extension is not loaded.');
}
echo '<p><strong>Establishing connection...</strong></p>';
$socket = socket_create(AF_INET,SOCK_STREAM,0);
if (!socket_connect($socket, "stackoverflow.com", 80))
{
die('Socket error : '.socket_strerror(socket_last_error()));
}

echo '<p><strong>Connection successful!</strong></p>';

$request = join("\n",array(
"GET / HTTP/1.1",
"Connection: close",
"Host: stackoverflow.com",
"User-Agent: Mozilla/5.0 (Windows NT 6.1)",
"Accept: text/html,*/*;q=0.8",
""));
socket_write($socket,$request,strlen($request));

$response = socket_read($socket,2048);


echo "<p><strong>This is the received data : </strong></p>";
echo '<pre>'.htmlentities($response).'</pre>';

socket_close($socket);

What this means completely surprises me:

Establishing connection...

Connection successful!

This is the received data :

HTTP/1.0 408 Request Time-out
Cache-Control: no-cache
Connection: close
Content-Type: text/html

<html><body><h1>408 Request Time-out</h1>
Your browser didn't send a complete request in time.
</body></html>

But still my script doesn't work? :( I disabled iptables with

# service iptables stop

to make sure it's not a firewall issue. What happens is this: when I open the page instead of the game server name, I get this:

Warning: socket_connect (): unable to connect [13]: permission denied in /var/www/test.php on line 9 <<

This is the code I am using, it is open source from xPaw, so I do not take responsibility for this:

<?php
function queryserver( $IP, $Port = 25565, $Timeout = 2 )
{
$Socket = Socket_Create( AF_INET, SOCK_STREAM, SOL_TCP );
Socket_Set_Option( $Socket, SOL_SOCKET, SO_SNDTIMEO, array( 'sec' => (int)$Timeout, 'usec' => 0 ) );
Socket_Set_Option( $Socket, SOL_SOCKET, SO_RCVTIMEO, array( 'sec' => (int)$Timeout, 'usec' => 0 ) );
if( $Socket === FALSE || Socket_Connect( $Socket, $IP, (int)$Port ) === FALSE )
{
return FALSE;
}
Socket_Send( $Socket, "\xFE\x01", 2, 0 );
$Len = @Socket_Recv( $Socket, $Data, 256, 0 );
Socket_Close( $Socket );
if( $Len < 4 || $Data[ 0 ] !== "\xFF" )
{
return FALSE;
}
$Data = SubStr( $Data, 3 );
$Data = iconv( 'UTF-16BE', 'UTF-8', $Data );

if( $Data[ 1 ] === "\xA7" && $Data[ 2 ] === "\x31" )
{
$Data = Explode( "\x00", $Data );
return Array(
'HostName'   => $Data[ 3 ],
'Players'    => IntVal( $Data[ 4 ] ),
'MaxPlayers' => IntVal( $Data[ 5 ] ),
'Protocol'   => IntVal( $Data[ 1 ] ),
'Version'    => $Data[ 2 ]
);
}
$Data = Explode( "\xA7", $Data );
return Array(
'HostName'   => SubStr( $Data[ 0 ], 0, -1 ),
'Players'    => isset( $Data[ 1 ] ) ? IntVal( $Data[ 1 ] ) : 0,
'MaxPlayers' => isset( $Data[ 2 ] ) ? IntVal( $Data[ 2 ] ) : 0,
'Protocol'   => 0,
'Version'    => '1.3'
);
}

$test = queryserver('SERVERADDRESSHERE'); // (i tried multiple, which are all working @wamp)
$echo = $test['HostName'] . "<<< <br />";
echo $echo;
+3


source to share


3 answers


Try this command in your linuxbox (as root).



setsebool -P httpd_can_network_connect 1
+17


source


I was having similar problems, so I thought I would write an answer too for the next person who comes across this. A way to get around this without disabling / limiting SELinux is to change the policy associated with your httpd.

Hope this saves 2 days for the next person reading this. lol



chcon -R -t httpd_sys_content_t /var/www
chcon -R -t httpd_sys_content_rw_t /var/www/html
0


source


(Posted on behalf of the OP).

I found the answer. SELinux seems to be blocking socket connections. Disabled SE Linux with '# setenforce Permissive' and now it works. Just in case someone is experiencing the same weirdness.

0


source






More articles:


All Articles