1 /* $OpenBSD: server.c,v 1.85 2016/04/28 17:18:06 jsing Exp $ */ 2 3 /* 4 * Copyright (c) 2006 - 2015 Reyk Floeter <reyk@openbsd.org> 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19 #include <sys/param.h> /* nitems */ 20 #include <sys/types.h> 21 #include <sys/queue.h> 22 #include <sys/time.h> 23 #include <sys/stat.h> 24 #include <sys/socket.h> 25 #include <sys/uio.h> 26 #include <sys/tree.h> 27 28 #include <netinet/in.h> 29 #include <netinet/tcp.h> 30 #include <arpa/inet.h> 31 32 #include <stdio.h> 33 #include <stdlib.h> 34 #include <stdarg.h> 35 #include <limits.h> 36 #include <errno.h> 37 #include <fcntl.h> 38 #include <string.h> 39 #include <syslog.h> 40 #include <unistd.h> 41 #include <event.h> 42 #include <imsg.h> 43 #include <tls.h> 44 #include <vis.h> 45 46 #include "httpd.h" 47 48 #define MINIMUM(a, b) (((a) < (b)) ? (a) : (b)) 49 50 int server_dispatch_parent(int, struct privsep_proc *, 51 struct imsg *); 52 int server_dispatch_logger(int, struct privsep_proc *, 53 struct imsg *); 54 void server_shutdown(void); 55 56 void server_init(struct privsep *, struct privsep_proc *p, void *); 57 void server_launch(void); 58 int server_socket(struct sockaddr_storage *, in_port_t, 59 struct server_config *, int, int); 60 int server_socket_listen(struct sockaddr_storage *, in_port_t, 61 struct server_config *); 62 63 int server_tls_init(struct server *); 64 void server_tls_readcb(int, short, void *); 65 void server_tls_writecb(int, short, void *); 66 67 void server_accept(int, short, void *); 68 void server_handshake_tls(int, short, void *); 69 void server_input(struct client *); 70 void server_inflight_dec(struct client *, const char *); 71 72 extern void bufferevent_read_pressure_cb(struct evbuffer *, size_t, 73 size_t, void *); 74 75 volatile int server_clients; 76 volatile int server_inflight = 0; 77 uint32_t server_cltid; 78 79 static struct httpd *env = NULL; 80 int proc_id; 81 82 static struct privsep_proc procs[] = { 83 { "parent", PROC_PARENT, server_dispatch_parent }, 84 { "logger", PROC_LOGGER, server_dispatch_logger } 85 }; 86 87 pid_t 88 server(struct privsep *ps, struct privsep_proc *p) 89 { 90 pid_t pid; 91 env = ps->ps_env; 92 pid = proc_run(ps, p, procs, nitems(procs), server_init, NULL); 93 server_http(env); 94 return (pid); 95 } 96 97 void 98 server_shutdown(void) 99 { 100 config_purge(env, CONFIG_ALL); 101 usleep(200); /* XXX server needs to shutdown last */ 102 } 103 104 int 105 server_privinit(struct server *srv) 106 { 107 struct server *s; 108 109 if (srv->srv_conf.flags & SRVFLAG_LOCATION) 110 return (0); 111 112 log_debug("%s: adding server %s", __func__, srv->srv_conf.name); 113 114 /* 115 * There's no need to open a new socket if a server with the 116 * same address already exists. 117 */ 118 TAILQ_FOREACH(s, env->sc_servers, srv_entry) { 119 if (s != srv && s->srv_s != -1 && 120 s->srv_conf.port == srv->srv_conf.port && 121 sockaddr_cmp((struct sockaddr *)&s->srv_conf.ss, 122 (struct sockaddr *)&srv->srv_conf.ss, 123 s->srv_conf.prefixlen) == 0) 124 return (0); 125 } 126 127 /* Open listening socket in the privileged process */ 128 if ((srv->srv_s = server_socket_listen(&srv->srv_conf.ss, 129 srv->srv_conf.port, &srv->srv_conf)) == -1) 130 return (-1); 131 132 return (0); 133 } 134 135 int 136 server_tls_load_keypair(struct server *srv) 137 { 138 if ((srv->srv_conf.flags & SRVFLAG_TLS) == 0) 139 return (0); 140 141 if ((srv->srv_conf.tls_cert = tls_load_file( 142 srv->srv_conf.tls_cert_file, &srv->srv_conf.tls_cert_len, 143 NULL)) == NULL) 144 return (-1); 145 log_debug("%s: using certificate %s", __func__, 146 srv->srv_conf.tls_cert_file); 147 148 /* XXX allow to specify password for encrypted key */ 149 if ((srv->srv_conf.tls_key = tls_load_file( 150 srv->srv_conf.tls_key_file, &srv->srv_conf.tls_key_len, 151 NULL)) == NULL) 152 return (-1); 153 log_debug("%s: using private key %s", __func__, 154 srv->srv_conf.tls_key_file); 155 156 return (0); 157 } 158 159 int 160 server_tls_init(struct server *srv) 161 { 162 if ((srv->srv_conf.flags & SRVFLAG_TLS) == 0) 163 return (0); 164 165 log_debug("%s: setting up TLS for %s", __func__, srv->srv_conf.name); 166 167 if (tls_init() != 0) { 168 log_warnx("%s: failed to initialise tls", __func__); 169 return (-1); 170 } 171 if ((srv->srv_tls_config = tls_config_new()) == NULL) { 172 log_warnx("%s: failed to get tls config", __func__); 173 return (-1); 174 } 175 if ((srv->srv_tls_ctx = tls_server()) == NULL) { 176 log_warnx("%s: failed to get tls server", __func__); 177 return (-1); 178 } 179 180 tls_config_set_protocols(srv->srv_tls_config, 181 srv->srv_conf.tls_protocols); 182 183 if (tls_config_set_ciphers(srv->srv_tls_config, 184 srv->srv_conf.tls_ciphers) != 0) { 185 log_warnx("%s: failed to set tls ciphers: %s", 186 __func__, tls_config_error(srv->srv_tls_config)); 187 return (-1); 188 } 189 if (tls_config_set_dheparams(srv->srv_tls_config, 190 srv->srv_conf.tls_dhe_params) != 0) { 191 log_warnx("%s: failed to set tls dhe params: %s", 192 __func__, tls_config_error(srv->srv_tls_config)); 193 return (-1); 194 } 195 if (tls_config_set_ecdhecurve(srv->srv_tls_config, 196 srv->srv_conf.tls_ecdhe_curve) != 0) { 197 log_warnx("%s: failed to set tls ecdhe curve: %s", 198 __func__, tls_config_error(srv->srv_tls_config)); 199 return (-1); 200 } 201 202 if (tls_config_set_keypair_mem(srv->srv_tls_config, 203 srv->srv_conf.tls_cert, srv->srv_conf.tls_cert_len, 204 srv->srv_conf.tls_key, srv->srv_conf.tls_key_len) != 0) { 205 log_warnx("%s: failed to set tls certificate/key: %s", 206 __func__, tls_config_error(srv->srv_tls_config)); 207 return (-1); 208 } 209 210 if (tls_configure(srv->srv_tls_ctx, srv->srv_tls_config) != 0) { 211 log_warnx("%s: failed to configure TLS - %s", __func__, 212 tls_error(srv->srv_tls_ctx)); 213 return (-1); 214 } 215 216 /* We're now done with the public/private key... */ 217 tls_config_clear_keys(srv->srv_tls_config); 218 explicit_bzero(srv->srv_conf.tls_cert, srv->srv_conf.tls_cert_len); 219 explicit_bzero(srv->srv_conf.tls_key, srv->srv_conf.tls_key_len); 220 free(srv->srv_conf.tls_cert); 221 free(srv->srv_conf.tls_key); 222 srv->srv_conf.tls_cert = NULL; 223 srv->srv_conf.tls_key = NULL; 224 srv->srv_conf.tls_cert_len = 0; 225 srv->srv_conf.tls_key_len = 0; 226 227 return (0); 228 } 229 230 void 231 server_init(struct privsep *ps, struct privsep_proc *p, void *arg) 232 { 233 server_http(ps->ps_env); 234 235 if (config_init(ps->ps_env) == -1) 236 fatal("failed to initialize configuration"); 237 238 /* Set to current prefork id */ 239 proc_id = p->p_instance; 240 241 /* We use a custom shutdown callback */ 242 p->p_shutdown = server_shutdown; 243 244 /* Unlimited file descriptors (use system limits) */ 245 socket_rlimit(-1); 246 247 if (pledge("stdio rpath inet unix recvfd", NULL) == -1) 248 fatal("pledge"); 249 250 #if 0 251 /* Schedule statistics timer */ 252 evtimer_set(&env->sc_statev, server_statistics, NULL); 253 memcpy(&tv, &env->sc_statinterval, sizeof(tv)); 254 evtimer_add(&env->sc_statev, &tv); 255 #endif 256 } 257 258 void 259 server_launch(void) 260 { 261 struct server *srv; 262 263 TAILQ_FOREACH(srv, env->sc_servers, srv_entry) { 264 server_tls_init(srv); 265 server_http_init(srv); 266 267 log_debug("%s: running server %s", __func__, 268 srv->srv_conf.name); 269 270 event_set(&srv->srv_ev, srv->srv_s, EV_READ, 271 server_accept, srv); 272 event_add(&srv->srv_ev, NULL); 273 evtimer_set(&srv->srv_evt, server_accept, srv); 274 } 275 } 276 277 void 278 server_purge(struct server *srv) 279 { 280 struct client *clt; 281 struct server_config *srv_conf; 282 283 /* shutdown and remove server */ 284 if (event_initialized(&srv->srv_ev)) 285 event_del(&srv->srv_ev); 286 if (evtimer_initialized(&srv->srv_evt)) 287 evtimer_del(&srv->srv_evt); 288 289 if (srv->srv_s != -1) 290 close(srv->srv_s); 291 TAILQ_REMOVE(env->sc_servers, srv, srv_entry); 292 293 /* cleanup sessions */ 294 while ((clt = 295 SPLAY_ROOT(&srv->srv_clients)) != NULL) 296 server_close(clt, NULL); 297 298 /* cleanup hosts */ 299 while ((srv_conf = 300 TAILQ_FIRST(&srv->srv_hosts)) != NULL) { 301 TAILQ_REMOVE(&srv->srv_hosts, srv_conf, entry); 302 303 /* It might point to our own "default" entry */ 304 if (srv_conf != &srv->srv_conf) { 305 serverconfig_free(srv_conf); 306 free(srv_conf); 307 } 308 } 309 310 tls_config_free(srv->srv_tls_config); 311 tls_free(srv->srv_tls_ctx); 312 313 free(srv); 314 } 315 316 void 317 serverconfig_free(struct server_config *srv_conf) 318 { 319 free(srv_conf->return_uri); 320 free(srv_conf->tls_cert_file); 321 free(srv_conf->tls_key_file); 322 323 if (srv_conf->tls_cert != NULL) { 324 explicit_bzero(srv_conf->tls_cert, srv_conf->tls_cert_len); 325 free(srv_conf->tls_cert); 326 } 327 328 if (srv_conf->tls_key != NULL) { 329 explicit_bzero(srv_conf->tls_key, srv_conf->tls_key_len); 330 free(srv_conf->tls_key); 331 } 332 } 333 334 void 335 serverconfig_reset(struct server_config *srv_conf) 336 { 337 srv_conf->auth = NULL; 338 srv_conf->return_uri = NULL; 339 srv_conf->tls_cert = NULL; 340 srv_conf->tls_cert_file = NULL; 341 srv_conf->tls_key = NULL; 342 srv_conf->tls_key_file = NULL; 343 } 344 345 struct server * 346 server_byaddr(struct sockaddr *addr, in_port_t port) 347 { 348 struct server *srv; 349 350 TAILQ_FOREACH(srv, env->sc_servers, srv_entry) { 351 if (port == srv->srv_conf.port && 352 sockaddr_cmp((struct sockaddr *)&srv->srv_conf.ss, 353 addr, srv->srv_conf.prefixlen) == 0) 354 return (srv); 355 } 356 357 return (NULL); 358 } 359 360 struct server_config * 361 serverconfig_byid(uint32_t id) 362 { 363 struct server *srv; 364 struct server_config *srv_conf; 365 366 TAILQ_FOREACH(srv, env->sc_servers, srv_entry) { 367 if (srv->srv_conf.id == id) 368 return (&srv->srv_conf); 369 TAILQ_FOREACH(srv_conf, &srv->srv_hosts, entry) { 370 if (srv_conf->id == id) 371 return (srv_conf); 372 } 373 } 374 375 return (NULL); 376 } 377 378 int 379 server_foreach(int (*srv_cb)(struct server *, 380 struct server_config *, void *), void *arg) 381 { 382 struct server *srv; 383 struct server_config *srv_conf; 384 385 TAILQ_FOREACH(srv, env->sc_servers, srv_entry) { 386 if ((srv_cb)(srv, &srv->srv_conf, arg) == -1) 387 return (-1); 388 TAILQ_FOREACH(srv_conf, &srv->srv_hosts, entry) { 389 if ((srv_cb)(srv, srv_conf, arg) == -1) 390 return (-1); 391 } 392 } 393 394 return (0); 395 } 396 397 int 398 server_socket_af(struct sockaddr_storage *ss, in_port_t port) 399 { 400 switch (ss->ss_family) { 401 case AF_INET: 402 ((struct sockaddr_in *)ss)->sin_port = port; 403 ((struct sockaddr_in *)ss)->sin_len = 404 sizeof(struct sockaddr_in); 405 break; 406 case AF_INET6: 407 ((struct sockaddr_in6 *)ss)->sin6_port = port; 408 ((struct sockaddr_in6 *)ss)->sin6_len = 409 sizeof(struct sockaddr_in6); 410 break; 411 default: 412 return (-1); 413 } 414 415 return (0); 416 } 417 418 in_port_t 419 server_socket_getport(struct sockaddr_storage *ss) 420 { 421 switch (ss->ss_family) { 422 case AF_INET: 423 return (((struct sockaddr_in *)ss)->sin_port); 424 case AF_INET6: 425 return (((struct sockaddr_in6 *)ss)->sin6_port); 426 default: 427 return (0); 428 } 429 430 /* NOTREACHED */ 431 return (0); 432 } 433 434 int 435 server_socket(struct sockaddr_storage *ss, in_port_t port, 436 struct server_config *srv_conf, int fd, int reuseport) 437 { 438 struct linger lng; 439 int s = -1, val; 440 441 if (server_socket_af(ss, port) == -1) 442 goto bad; 443 444 s = fd == -1 ? socket(ss->ss_family, SOCK_STREAM | SOCK_NONBLOCK, 445 IPPROTO_TCP) : fd; 446 if (s == -1) 447 goto bad; 448 449 /* 450 * Socket options 451 */ 452 memset(&lng, 0, sizeof(lng)); 453 if (setsockopt(s, SOL_SOCKET, SO_LINGER, &lng, sizeof(lng)) == -1) 454 goto bad; 455 if (reuseport) { 456 val = 1; 457 if (setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &val, 458 sizeof(int)) == -1) 459 goto bad; 460 } 461 if (srv_conf->tcpflags & TCPFLAG_BUFSIZ) { 462 val = srv_conf->tcpbufsiz; 463 if (setsockopt(s, SOL_SOCKET, SO_RCVBUF, 464 &val, sizeof(val)) == -1) 465 goto bad; 466 val = srv_conf->tcpbufsiz; 467 if (setsockopt(s, SOL_SOCKET, SO_SNDBUF, 468 &val, sizeof(val)) == -1) 469 goto bad; 470 } 471 472 /* 473 * IP options 474 */ 475 if (srv_conf->tcpflags & TCPFLAG_IPTTL) { 476 val = (int)srv_conf->tcpipttl; 477 if (setsockopt(s, IPPROTO_IP, IP_TTL, 478 &val, sizeof(val)) == -1) 479 goto bad; 480 } 481 if (srv_conf->tcpflags & TCPFLAG_IPMINTTL) { 482 val = (int)srv_conf->tcpipminttl; 483 if (setsockopt(s, IPPROTO_IP, IP_MINTTL, 484 &val, sizeof(val)) == -1) 485 goto bad; 486 } 487 488 /* 489 * TCP options 490 */ 491 if (srv_conf->tcpflags & (TCPFLAG_NODELAY|TCPFLAG_NNODELAY)) { 492 if (srv_conf->tcpflags & TCPFLAG_NNODELAY) 493 val = 0; 494 else 495 val = 1; 496 if (setsockopt(s, IPPROTO_TCP, TCP_NODELAY, 497 &val, sizeof(val)) == -1) 498 goto bad; 499 } 500 if (srv_conf->tcpflags & (TCPFLAG_SACK|TCPFLAG_NSACK)) { 501 if (srv_conf->tcpflags & TCPFLAG_NSACK) 502 val = 0; 503 else 504 val = 1; 505 if (setsockopt(s, IPPROTO_TCP, TCP_SACK_ENABLE, 506 &val, sizeof(val)) == -1) 507 goto bad; 508 } 509 510 return (s); 511 512 bad: 513 if (s != -1) 514 close(s); 515 return (-1); 516 } 517 518 int 519 server_socket_listen(struct sockaddr_storage *ss, in_port_t port, 520 struct server_config *srv_conf) 521 { 522 int s; 523 524 if ((s = server_socket(ss, port, srv_conf, -1, 1)) == -1) 525 return (-1); 526 527 if (bind(s, (struct sockaddr *)ss, ss->ss_len) == -1) 528 goto bad; 529 if (listen(s, srv_conf->tcpbacklog) == -1) 530 goto bad; 531 532 return (s); 533 534 bad: 535 close(s); 536 return (-1); 537 } 538 539 int 540 server_socket_connect(struct sockaddr_storage *ss, in_port_t port, 541 struct server_config *srv_conf) 542 { 543 int s; 544 545 if ((s = server_socket(ss, port, srv_conf, -1, 0)) == -1) 546 return (-1); 547 548 if (connect(s, (struct sockaddr *)ss, ss->ss_len) == -1) { 549 if (errno != EINPROGRESS) 550 goto bad; 551 } 552 553 return (s); 554 555 bad: 556 close(s); 557 return (-1); 558 } 559 560 void 561 server_tls_readcb(int fd, short event, void *arg) 562 { 563 struct bufferevent *bufev = arg; 564 struct client *clt = bufev->cbarg; 565 char rbuf[IBUF_READ_SIZE]; 566 int what = EVBUFFER_READ; 567 int howmuch = IBUF_READ_SIZE; 568 ssize_t ret; 569 size_t len; 570 571 if (event == EV_TIMEOUT) { 572 what |= EVBUFFER_TIMEOUT; 573 goto err; 574 } 575 576 if (bufev->wm_read.high != 0) 577 howmuch = MINIMUM(sizeof(rbuf), bufev->wm_read.high); 578 579 ret = tls_read(clt->clt_tls_ctx, rbuf, howmuch); 580 if (ret == TLS_WANT_POLLIN || ret == TLS_WANT_POLLOUT) { 581 goto retry; 582 } else if (ret < 0) { 583 what |= EVBUFFER_ERROR; 584 goto err; 585 } 586 len = ret; 587 588 if (len == 0) { 589 what |= EVBUFFER_EOF; 590 goto err; 591 } 592 593 if (evbuffer_add(bufev->input, rbuf, len) == -1) { 594 what |= EVBUFFER_ERROR; 595 goto err; 596 } 597 598 server_bufferevent_add(&bufev->ev_read, bufev->timeout_read); 599 600 len = EVBUFFER_LENGTH(bufev->input); 601 if (bufev->wm_read.low != 0 && len < bufev->wm_read.low) 602 return; 603 if (bufev->wm_read.high != 0 && len > bufev->wm_read.high) { 604 struct evbuffer *buf = bufev->input; 605 event_del(&bufev->ev_read); 606 evbuffer_setcb(buf, bufferevent_read_pressure_cb, bufev); 607 return; 608 } 609 610 if (bufev->readcb != NULL) 611 (*bufev->readcb)(bufev, bufev->cbarg); 612 return; 613 614 retry: 615 server_bufferevent_add(&bufev->ev_read, bufev->timeout_read); 616 return; 617 618 err: 619 (*bufev->errorcb)(bufev, what, bufev->cbarg); 620 } 621 622 void 623 server_tls_writecb(int fd, short event, void *arg) 624 { 625 struct bufferevent *bufev = arg; 626 struct client *clt = bufev->cbarg; 627 ssize_t ret; 628 short what = EVBUFFER_WRITE; 629 size_t len; 630 631 if (event == EV_TIMEOUT) { 632 what |= EVBUFFER_TIMEOUT; 633 goto err; 634 } 635 636 if (EVBUFFER_LENGTH(bufev->output)) { 637 ret = tls_write(clt->clt_tls_ctx, 638 EVBUFFER_DATA(bufev->output), 639 EVBUFFER_LENGTH(bufev->output)); 640 if (ret == TLS_WANT_POLLIN || ret == TLS_WANT_POLLOUT) { 641 goto retry; 642 } else if (ret < 0) { 643 what |= EVBUFFER_ERROR; 644 goto err; 645 } 646 len = ret; 647 evbuffer_drain(bufev->output, len); 648 } 649 650 if (EVBUFFER_LENGTH(bufev->output) != 0) 651 server_bufferevent_add(&bufev->ev_write, bufev->timeout_write); 652 653 if (bufev->writecb != NULL && 654 EVBUFFER_LENGTH(bufev->output) <= bufev->wm_write.low) 655 (*bufev->writecb)(bufev, bufev->cbarg); 656 return; 657 658 retry: 659 server_bufferevent_add(&bufev->ev_write, bufev->timeout_write); 660 return; 661 662 err: 663 (*bufev->errorcb)(bufev, what, bufev->cbarg); 664 } 665 666 void 667 server_input(struct client *clt) 668 { 669 struct server_config *srv_conf = clt->clt_srv_conf; 670 evbuffercb inrd = server_read; 671 evbuffercb inwr = server_write; 672 socklen_t slen; 673 674 if (server_httpdesc_init(clt) == -1) { 675 server_close(clt, "failed to allocate http descriptor"); 676 return; 677 } 678 679 clt->clt_toread = TOREAD_HTTP_HEADER; 680 inrd = server_read_http; 681 682 slen = sizeof(clt->clt_sndbufsiz); 683 if (getsockopt(clt->clt_s, SOL_SOCKET, SO_SNDBUF, 684 &clt->clt_sndbufsiz, &slen) == -1) { 685 server_close(clt, "failed to get send buffer size"); 686 return; 687 } 688 689 /* 690 * Client <-> Server 691 */ 692 clt->clt_bev = bufferevent_new(clt->clt_s, inrd, inwr, 693 server_error, clt); 694 if (clt->clt_bev == NULL) { 695 server_close(clt, "failed to allocate input buffer event"); 696 return; 697 } 698 699 if (srv_conf->flags & SRVFLAG_TLS) { 700 event_set(&clt->clt_bev->ev_read, clt->clt_s, EV_READ, 701 server_tls_readcb, clt->clt_bev); 702 event_set(&clt->clt_bev->ev_write, clt->clt_s, EV_WRITE, 703 server_tls_writecb, clt->clt_bev); 704 } 705 706 /* Adjust write watermark to the socket buffer output size */ 707 bufferevent_setwatermark(clt->clt_bev, EV_WRITE, 708 SERVER_MIN_PREFETCHED * clt->clt_sndbufsiz, 0); 709 /* Read at most amount of data that fits in one fcgi record. */ 710 bufferevent_setwatermark(clt->clt_bev, EV_READ, 0, FCGI_CONTENT_SIZE); 711 712 bufferevent_settimeout(clt->clt_bev, 713 srv_conf->timeout.tv_sec, srv_conf->timeout.tv_sec); 714 bufferevent_enable(clt->clt_bev, EV_READ|EV_WRITE); 715 } 716 717 void 718 server_write(struct bufferevent *bev, void *arg) 719 { 720 struct client *clt = arg; 721 struct evbuffer *dst = EVBUFFER_OUTPUT(bev); 722 723 if (EVBUFFER_LENGTH(dst) == 0 && 724 clt->clt_toread == TOREAD_HTTP_NONE) 725 goto done; 726 727 getmonotime(&clt->clt_tv_last); 728 729 if (clt->clt_done) 730 goto done; 731 732 bufferevent_enable(bev, EV_READ); 733 734 if (clt->clt_srvbev && clt->clt_srvbev_throttled) { 735 bufferevent_enable(clt->clt_srvbev, EV_READ); 736 clt->clt_srvbev_throttled = 0; 737 } 738 739 return; 740 done: 741 (*bev->errorcb)(bev, EVBUFFER_WRITE|EVBUFFER_EOF, bev->cbarg); 742 return; 743 } 744 745 void 746 server_dump(struct client *clt, const void *buf, size_t len) 747 { 748 if (!len) 749 return; 750 751 /* 752 * This function will dump the specified message directly 753 * to the underlying client, without waiting for success 754 * of non-blocking events etc. This is useful to print an 755 * error message before gracefully closing the client. 756 */ 757 if (clt->clt_tls_ctx != NULL) 758 (void)tls_write(clt->clt_tls_ctx, buf, len); 759 else 760 (void)write(clt->clt_s, buf, len); 761 } 762 763 void 764 server_read(struct bufferevent *bev, void *arg) 765 { 766 struct client *clt = arg; 767 struct evbuffer *src = EVBUFFER_INPUT(bev); 768 769 getmonotime(&clt->clt_tv_last); 770 771 if (!EVBUFFER_LENGTH(src)) 772 return; 773 if (server_bufferevent_write_buffer(clt, src) == -1) 774 goto fail; 775 if (clt->clt_done) 776 goto done; 777 778 if (EVBUFFER_LENGTH(EVBUFFER_OUTPUT(clt->clt_bev)) > (size_t) 779 SERVER_MAX_PREFETCH * clt->clt_sndbufsiz) { 780 bufferevent_disable(clt->clt_srvbev, EV_READ); 781 clt->clt_srvbev_throttled = 1; 782 } 783 784 return; 785 done: 786 (*bev->errorcb)(bev, EVBUFFER_READ|EVBUFFER_EOF, bev->cbarg); 787 return; 788 fail: 789 server_close(clt, strerror(errno)); 790 } 791 792 void 793 server_error(struct bufferevent *bev, short error, void *arg) 794 { 795 struct client *clt = arg; 796 struct evbuffer *dst; 797 798 if (error & EVBUFFER_TIMEOUT) { 799 server_close(clt, "buffer event timeout"); 800 return; 801 } 802 if (error & EVBUFFER_ERROR) { 803 if (errno == EFBIG) { 804 bufferevent_enable(bev, EV_READ); 805 return; 806 } 807 server_close(clt, "buffer event error"); 808 return; 809 } 810 if (error & (EVBUFFER_READ|EVBUFFER_WRITE|EVBUFFER_EOF)) { 811 bufferevent_disable(bev, EV_READ|EV_WRITE); 812 813 clt->clt_done = 1; 814 815 dst = EVBUFFER_OUTPUT(clt->clt_bev); 816 if (EVBUFFER_LENGTH(dst)) { 817 /* Finish writing all data first */ 818 bufferevent_enable(clt->clt_bev, EV_WRITE); 819 return; 820 } 821 822 server_close(clt, "done"); 823 return; 824 } 825 server_close(clt, "unknown event error"); 826 return; 827 } 828 829 void 830 server_accept(int fd, short event, void *arg) 831 { 832 struct server *srv = arg; 833 struct client *clt = NULL; 834 socklen_t slen; 835 struct sockaddr_storage ss; 836 int s = -1; 837 838 event_add(&srv->srv_ev, NULL); 839 if ((event & EV_TIMEOUT)) 840 return; 841 842 slen = sizeof(ss); 843 if ((s = accept_reserve(fd, (struct sockaddr *)&ss, 844 &slen, FD_RESERVE, &server_inflight)) == -1) { 845 /* 846 * Pause accept if we are out of file descriptors, or 847 * libevent will haunt us here too. 848 */ 849 if (errno == ENFILE || errno == EMFILE) { 850 struct timeval evtpause = { 1, 0 }; 851 852 event_del(&srv->srv_ev); 853 evtimer_add(&srv->srv_evt, &evtpause); 854 log_debug("%s: deferring connections", __func__); 855 } 856 return; 857 } 858 if (server_clients >= SERVER_MAX_CLIENTS) 859 goto err; 860 861 if ((clt = calloc(1, sizeof(*clt))) == NULL) 862 goto err; 863 864 /* Pre-allocate log buffer */ 865 clt->clt_log = evbuffer_new(); 866 if (clt->clt_log == NULL) 867 goto err; 868 869 clt->clt_s = s; 870 clt->clt_fd = -1; 871 clt->clt_toread = TOREAD_UNLIMITED; 872 clt->clt_srv = srv; 873 clt->clt_srv_conf = &srv->srv_conf; 874 clt->clt_id = ++server_cltid; 875 clt->clt_srv_id = srv->srv_conf.id; 876 clt->clt_pid = getpid(); 877 clt->clt_inflight = 1; 878 879 /* get local address */ 880 slen = sizeof(clt->clt_srv_ss); 881 if (getsockname(s, (struct sockaddr *)&clt->clt_srv_ss, 882 &slen) == -1) { 883 server_close(clt, "listen address lookup failed"); 884 return; 885 } 886 887 /* get client address */ 888 memcpy(&clt->clt_ss, &ss, sizeof(clt->clt_ss)); 889 890 /* get ports */ 891 switch (ss.ss_family) { 892 case AF_INET: 893 clt->clt_port = ((struct sockaddr_in *)&ss)->sin_port; 894 break; 895 case AF_INET6: 896 clt->clt_port = ((struct sockaddr_in6 *)&ss)->sin6_port; 897 break; 898 } 899 900 getmonotime(&clt->clt_tv_start); 901 memcpy(&clt->clt_tv_last, &clt->clt_tv_start, sizeof(clt->clt_tv_last)); 902 903 server_clients++; 904 SPLAY_INSERT(client_tree, &srv->srv_clients, clt); 905 906 /* Increment the per-relay client counter */ 907 //srv->srv_stats[proc_id].last++; 908 909 /* Pre-allocate output buffer */ 910 clt->clt_output = evbuffer_new(); 911 if (clt->clt_output == NULL) { 912 server_close(clt, "failed to allocate output buffer"); 913 return; 914 } 915 916 if (srv->srv_conf.flags & SRVFLAG_TLS) { 917 if (tls_accept_socket(srv->srv_tls_ctx, &clt->clt_tls_ctx, 918 clt->clt_s) != 0) { 919 server_close(clt, "failed to setup tls context"); 920 return; 921 } 922 event_again(&clt->clt_ev, clt->clt_s, EV_TIMEOUT|EV_READ, 923 server_handshake_tls, &clt->clt_tv_start, 924 &srv->srv_conf.timeout, clt); 925 return; 926 } 927 928 server_input(clt); 929 return; 930 931 err: 932 if (s != -1) { 933 close(s); 934 free(clt); 935 /* 936 * the client struct was not completely set up, but still 937 * counted as an inflight client. account for this. 938 */ 939 server_inflight_dec(NULL, __func__); 940 } 941 } 942 943 void 944 server_handshake_tls(int fd, short event, void *arg) 945 { 946 struct client *clt = (struct client *)arg; 947 struct server *srv = (struct server *)clt->clt_srv; 948 int ret; 949 950 if (event == EV_TIMEOUT) { 951 server_close(clt, "TLS handshake timeout"); 952 return; 953 } 954 955 if (srv->srv_tls_ctx == NULL || clt->clt_tls_ctx == NULL) 956 fatalx("NULL tls context"); 957 958 ret = tls_handshake(clt->clt_tls_ctx); 959 if (ret == 0) { 960 server_input(clt); 961 } else if (ret == TLS_WANT_POLLIN) { 962 event_again(&clt->clt_ev, clt->clt_s, EV_TIMEOUT|EV_READ, 963 server_handshake_tls, &clt->clt_tv_start, 964 &srv->srv_conf.timeout, clt); 965 } else if (ret == TLS_WANT_POLLOUT) { 966 event_again(&clt->clt_ev, clt->clt_s, EV_TIMEOUT|EV_WRITE, 967 server_handshake_tls, &clt->clt_tv_start, 968 &srv->srv_conf.timeout, clt); 969 } else { 970 log_warnx("%s: TLS handshake failed - %s", __func__, 971 tls_error(clt->clt_tls_ctx)); 972 server_close(clt, "TLS handshake failed"); 973 } 974 } 975 976 void 977 server_inflight_dec(struct client *clt, const char *why) 978 { 979 if (clt != NULL) { 980 /* the flight already left inflight mode. */ 981 if (clt->clt_inflight == 0) 982 return; 983 clt->clt_inflight = 0; 984 } 985 986 /* the file was never opened, thus this was an inflight client. */ 987 server_inflight--; 988 DPRINTF("%s: inflight decremented, now %d, %s", 989 __func__, server_inflight, why); 990 } 991 992 void 993 server_sendlog(struct server_config *srv_conf, int cmd, const char *emsg, ...) 994 { 995 va_list ap; 996 char *msg; 997 int ret; 998 struct iovec iov[2]; 999 1000 if (srv_conf->flags & SRVFLAG_SYSLOG) { 1001 va_start(ap, emsg); 1002 if (cmd == IMSG_LOG_ACCESS) 1003 vlog(LOG_INFO, emsg, ap); 1004 else 1005 vlog(LOG_DEBUG, emsg, ap); 1006 va_end(ap); 1007 return; 1008 } 1009 1010 va_start(ap, emsg); 1011 ret = vasprintf(&msg, emsg, ap); 1012 va_end(ap); 1013 if (ret == -1) { 1014 log_warn("%s: vasprintf", __func__); 1015 return; 1016 } 1017 1018 iov[0].iov_base = &srv_conf->id; 1019 iov[0].iov_len = sizeof(srv_conf->id); 1020 iov[1].iov_base = msg; 1021 iov[1].iov_len = strlen(msg) + 1; 1022 1023 if (proc_composev(env->sc_ps, PROC_LOGGER, cmd, iov, 2) != 0) { 1024 log_warn("%s: failed to compose imsg", __func__); 1025 return; 1026 } 1027 } 1028 1029 void 1030 server_log(struct client *clt, const char *msg) 1031 { 1032 char ibuf[HOST_NAME_MAX+1], obuf[HOST_NAME_MAX+1]; 1033 struct server_config *srv_conf = clt->clt_srv_conf; 1034 char *ptr = NULL, *vmsg = NULL; 1035 int debug_cmd = -1; 1036 extern int verbose; 1037 1038 switch (srv_conf->logformat) { 1039 case LOG_FORMAT_CONNECTION: 1040 debug_cmd = IMSG_LOG_ACCESS; 1041 break; 1042 default: 1043 if (verbose > 1) 1044 debug_cmd = IMSG_LOG_ERROR; 1045 if (EVBUFFER_LENGTH(clt->clt_log)) { 1046 while ((ptr = 1047 evbuffer_readline(clt->clt_log)) != NULL) { 1048 server_sendlog(srv_conf, 1049 IMSG_LOG_ACCESS, "%s", ptr); 1050 free(ptr); 1051 } 1052 } 1053 break; 1054 } 1055 1056 if (debug_cmd != -1 && msg != NULL) { 1057 memset(ibuf, 0, sizeof(ibuf)); 1058 memset(obuf, 0, sizeof(obuf)); 1059 (void)print_host(&clt->clt_ss, ibuf, sizeof(ibuf)); 1060 (void)server_http_host(&clt->clt_srv_ss, obuf, sizeof(obuf)); 1061 if (EVBUFFER_LENGTH(clt->clt_log) && 1062 evbuffer_add_printf(clt->clt_log, "\n") != -1) 1063 ptr = evbuffer_readline(clt->clt_log); 1064 (void)stravis(&vmsg, msg, HTTPD_LOGVIS); 1065 server_sendlog(srv_conf, debug_cmd, "server %s, " 1066 "client %d (%d active), %s:%u -> %s, " 1067 "%s%s%s", srv_conf->name, clt->clt_id, server_clients, 1068 ibuf, ntohs(clt->clt_port), obuf, vmsg == NULL ? "" : vmsg, 1069 ptr == NULL ? "" : ",", ptr == NULL ? "" : ptr); 1070 free(vmsg); 1071 free(ptr); 1072 } 1073 } 1074 1075 void 1076 server_close(struct client *clt, const char *msg) 1077 { 1078 struct server *srv = clt->clt_srv; 1079 1080 SPLAY_REMOVE(client_tree, &srv->srv_clients, clt); 1081 1082 /* free the HTTP descriptors incl. headers */ 1083 server_close_http(clt); 1084 1085 event_del(&clt->clt_ev); 1086 if (clt->clt_bev != NULL) 1087 bufferevent_disable(clt->clt_bev, EV_READ|EV_WRITE); 1088 if (clt->clt_srvbev != NULL) 1089 bufferevent_disable(clt->clt_srvbev, EV_READ|EV_WRITE); 1090 1091 server_log(clt, msg); 1092 1093 if (clt->clt_bev != NULL) 1094 bufferevent_free(clt->clt_bev); 1095 if (clt->clt_output != NULL) 1096 evbuffer_free(clt->clt_output); 1097 if (clt->clt_srvevb != NULL) 1098 evbuffer_free(clt->clt_srvevb); 1099 1100 if (clt->clt_srvbev != NULL) 1101 bufferevent_free(clt->clt_srvbev); 1102 if (clt->clt_fd != -1) 1103 close(clt->clt_fd); 1104 if (clt->clt_s != -1) 1105 close(clt->clt_s); 1106 1107 if (clt->clt_tls_ctx != NULL) 1108 tls_close(clt->clt_tls_ctx); 1109 tls_free(clt->clt_tls_ctx); 1110 1111 server_inflight_dec(clt, __func__); 1112 1113 if (clt->clt_log != NULL) 1114 evbuffer_free(clt->clt_log); 1115 1116 free(clt); 1117 server_clients--; 1118 } 1119 1120 int 1121 server_dispatch_parent(int fd, struct privsep_proc *p, struct imsg *imsg) 1122 { 1123 switch (imsg->hdr.type) { 1124 case IMSG_CFG_MEDIA: 1125 config_getmedia(env, imsg); 1126 break; 1127 case IMSG_CFG_AUTH: 1128 config_getauth(env, imsg); 1129 break; 1130 case IMSG_CFG_SERVER: 1131 config_getserver(env, imsg); 1132 break; 1133 case IMSG_CFG_TLS: 1134 config_gettls(env, imsg); 1135 break; 1136 case IMSG_CFG_DONE: 1137 config_getcfg(env, imsg); 1138 break; 1139 case IMSG_CTL_START: 1140 server_launch(); 1141 break; 1142 case IMSG_CTL_RESET: 1143 config_getreset(env, imsg); 1144 break; 1145 default: 1146 return (-1); 1147 } 1148 1149 return (0); 1150 } 1151 1152 int 1153 server_dispatch_logger(int fd, struct privsep_proc *p, struct imsg *imsg) 1154 { 1155 switch (imsg->hdr.type) { 1156 default: 1157 return (-1); 1158 } 1159 1160 return (0); 1161 } 1162 1163 int 1164 server_bufferevent_add(struct event *ev, int timeout) 1165 { 1166 struct timeval tv, *ptv = NULL; 1167 1168 if (timeout) { 1169 timerclear(&tv); 1170 tv.tv_sec = timeout; 1171 ptv = &tv; 1172 } 1173 1174 return (event_add(ev, ptv)); 1175 } 1176 1177 int 1178 server_bufferevent_printf(struct client *clt, const char *fmt, ...) 1179 { 1180 int ret; 1181 va_list ap; 1182 char *str; 1183 1184 va_start(ap, fmt); 1185 ret = vasprintf(&str, fmt, ap); 1186 va_end(ap); 1187 1188 if (ret == -1) 1189 return (ret); 1190 1191 ret = server_bufferevent_print(clt, str); 1192 free(str); 1193 1194 return (ret); 1195 } 1196 1197 int 1198 server_bufferevent_print(struct client *clt, const char *str) 1199 { 1200 if (clt->clt_bev == NULL) 1201 return (evbuffer_add(clt->clt_output, str, strlen(str))); 1202 return (bufferevent_write(clt->clt_bev, str, strlen(str))); 1203 } 1204 1205 int 1206 server_bufferevent_write_buffer(struct client *clt, struct evbuffer *buf) 1207 { 1208 if (clt->clt_bev == NULL) 1209 return (evbuffer_add_buffer(clt->clt_output, buf)); 1210 return (bufferevent_write_buffer(clt->clt_bev, buf)); 1211 } 1212 1213 int 1214 server_bufferevent_write_chunk(struct client *clt, 1215 struct evbuffer *buf, size_t size) 1216 { 1217 int ret; 1218 ret = server_bufferevent_write(clt, buf->buffer, size); 1219 if (ret != -1) 1220 evbuffer_drain(buf, size); 1221 return (ret); 1222 } 1223 1224 int 1225 server_bufferevent_write(struct client *clt, void *data, size_t size) 1226 { 1227 if (clt->clt_bev == NULL) 1228 return (evbuffer_add(clt->clt_output, data, size)); 1229 return (bufferevent_write(clt->clt_bev, data, size)); 1230 } 1231 1232 int 1233 server_client_cmp(struct client *a, struct client *b) 1234 { 1235 return ((int)a->clt_id - b->clt_id); 1236 } 1237 1238 SPLAY_GENERATE(client_tree, client, clt_nodes, server_client_cmp); 1239