1 /* $OpenBSD: server.c,v 1.121 2020/10/11 03:21:44 tb Exp $ */ 2 3 /* 4 * Copyright (c) 2006 - 2015 Reyk Floeter <reyk@openbsd.org> 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19 #include <sys/types.h> 20 #include <sys/queue.h> 21 #include <sys/time.h> 22 #include <sys/stat.h> 23 #include <sys/socket.h> 24 #include <sys/uio.h> 25 #include <sys/tree.h> 26 27 #include <netinet/in.h> 28 #include <netinet/tcp.h> 29 #include <arpa/inet.h> 30 31 #include <stdio.h> 32 #include <stdlib.h> 33 #include <stdarg.h> 34 #include <limits.h> 35 #include <errno.h> 36 #include <fcntl.h> 37 #include <string.h> 38 #include <syslog.h> 39 #include <unistd.h> 40 #include <event.h> 41 #include <imsg.h> 42 #include <tls.h> 43 #include <vis.h> 44 45 #include "httpd.h" 46 47 #define MINIMUM(a, b) (((a) < (b)) ? (a) : (b)) 48 49 int server_dispatch_parent(int, struct privsep_proc *, 50 struct imsg *); 51 int server_dispatch_logger(int, struct privsep_proc *, 52 struct imsg *); 53 void server_shutdown(void); 54 55 void server_init(struct privsep *, struct privsep_proc *p, void *); 56 void server_launch(void); 57 int server_socket(struct sockaddr_storage *, in_port_t, 58 struct server_config *, int, int); 59 int server_socket_listen(struct sockaddr_storage *, in_port_t, 60 struct server_config *); 61 struct server *server_byid(uint32_t); 62 63 int server_tls_init(struct server *); 64 void server_tls_readcb(int, short, void *); 65 void server_tls_writecb(int, short, void *); 66 void server_tls_handshake(int, short, void *); 67 68 void server_accept(int, short, void *); 69 void server_input(struct client *); 70 void server_inflight_dec(struct client *, const char *); 71 72 extern void bufferevent_read_pressure_cb(struct evbuffer *, size_t, 73 size_t, void *); 74 75 volatile int server_clients; 76 volatile int server_inflight = 0; 77 uint32_t server_cltid; 78 79 static struct privsep_proc procs[] = { 80 { "parent", PROC_PARENT, server_dispatch_parent }, 81 { "logger", PROC_LOGGER, server_dispatch_logger } 82 }; 83 84 void 85 server(struct privsep *ps, struct privsep_proc *p) 86 { 87 proc_run(ps, p, procs, nitems(procs), server_init, NULL); 88 server_http(); 89 } 90 91 void 92 server_shutdown(void) 93 { 94 config_purge(httpd_env, CONFIG_ALL); 95 usleep(200); /* XXX server needs to shutdown last */ 96 } 97 98 int 99 server_privinit(struct server *srv) 100 { 101 struct server *s; 102 103 if (srv->srv_conf.flags & SRVFLAG_LOCATION) 104 return (0); 105 106 log_debug("%s: adding server %s", __func__, srv->srv_conf.name); 107 108 /* 109 * There's no need to open a new socket if a server with the 110 * same address already exists. 111 */ 112 TAILQ_FOREACH(s, httpd_env->sc_servers, srv_entry) { 113 if (s != srv && s->srv_s != -1 && 114 s->srv_conf.port == srv->srv_conf.port && 115 sockaddr_cmp((struct sockaddr *)&s->srv_conf.ss, 116 (struct sockaddr *)&srv->srv_conf.ss, 117 s->srv_conf.prefixlen) == 0) 118 return (0); 119 } 120 121 /* Open listening socket in the privileged process */ 122 if ((srv->srv_s = server_socket_listen(&srv->srv_conf.ss, 123 srv->srv_conf.port, &srv->srv_conf)) == -1) 124 return (-1); 125 126 return (0); 127 } 128 129 int 130 server_tls_cmp(struct server *s1, struct server *s2, int match_keypair) 131 { 132 struct server_config *sc1, *sc2; 133 134 sc1 = &s1->srv_conf; 135 sc2 = &s2->srv_conf; 136 137 if (sc1->tls_flags != sc2->tls_flags) 138 return (-1); 139 if (sc1->tls_protocols != sc2->tls_protocols) 140 return (-1); 141 if (sc1->tls_ticket_lifetime != sc2->tls_ticket_lifetime) 142 return (-1); 143 if (strcmp(sc1->tls_ciphers, sc2->tls_ciphers) != 0) 144 return (-1); 145 if (strcmp(sc1->tls_dhe_params, sc2->tls_dhe_params) != 0) 146 return (-1); 147 if (strcmp(sc1->tls_ecdhe_curves, sc2->tls_ecdhe_curves) != 0) 148 return (-1); 149 150 if (match_keypair) { 151 if (strcmp(sc1->tls_cert_file, sc2->tls_cert_file) != 0) 152 return (-1); 153 if (strcmp(sc1->tls_key_file, sc2->tls_key_file) != 0) 154 return (-1); 155 } 156 157 return (0); 158 } 159 160 int 161 server_tls_load_keypair(struct server *srv) 162 { 163 if ((srv->srv_conf.flags & SRVFLAG_TLS) == 0) 164 return (0); 165 166 if ((srv->srv_conf.tls_cert = tls_load_file(srv->srv_conf.tls_cert_file, 167 &srv->srv_conf.tls_cert_len, NULL)) == NULL) 168 return (-1); 169 log_debug("%s: using certificate %s", __func__, 170 srv->srv_conf.tls_cert_file); 171 172 /* XXX allow to specify password for encrypted key */ 173 if ((srv->srv_conf.tls_key = tls_load_file(srv->srv_conf.tls_key_file, 174 &srv->srv_conf.tls_key_len, NULL)) == NULL) 175 return (-1); 176 log_debug("%s: using private key %s", __func__, 177 srv->srv_conf.tls_key_file); 178 179 return (0); 180 } 181 182 int 183 server_tls_load_ocsp(struct server *srv) 184 { 185 if ((srv->srv_conf.flags & SRVFLAG_TLS) == 0) 186 return (0); 187 188 if (srv->srv_conf.tls_ocsp_staple_file == NULL) 189 return (0); 190 191 if ((srv->srv_conf.tls_ocsp_staple = tls_load_file( 192 srv->srv_conf.tls_ocsp_staple_file, 193 &srv->srv_conf.tls_ocsp_staple_len, NULL)) == NULL) { 194 log_warnx("%s: Failed to load ocsp staple from %s", __func__, 195 srv->srv_conf.tls_ocsp_staple_file); 196 return (-1); 197 } 198 199 if (srv->srv_conf.tls_ocsp_staple_len == 0) { 200 log_warnx("%s: ignoring 0 length ocsp staple from %s", __func__, 201 srv->srv_conf.tls_ocsp_staple_file); 202 return (0); 203 } 204 205 log_debug("%s: using ocsp staple from %s", __func__, 206 srv->srv_conf.tls_ocsp_staple_file); 207 208 return (0); 209 } 210 211 int 212 server_tls_load_ca(struct server *srv) 213 { 214 if ((srv->srv_conf.tls_flags & TLSFLAG_CA) == 0 || 215 srv->srv_conf.tls_ca_file == NULL) 216 return (0); 217 218 if ((srv->srv_conf.tls_ca = tls_load_file( 219 srv->srv_conf.tls_ca_file, 220 &srv->srv_conf.tls_ca_len, NULL)) == NULL) 221 return (-1); 222 log_debug("%s: using ca cert(s) from %s", __func__, 223 srv->srv_conf.tls_ca_file); 224 225 return (0); 226 } 227 228 int 229 server_tls_load_crl(struct server *srv) 230 { 231 if ((srv->srv_conf.tls_flags & TLSFLAG_CA) == 0 || 232 srv->srv_conf.tls_crl_file == NULL) 233 return (0); 234 235 if ((srv->srv_conf.tls_crl = tls_load_file( 236 srv->srv_conf.tls_crl_file, 237 &srv->srv_conf.tls_crl_len, NULL)) == NULL) 238 return (-1); 239 log_debug("%s: using crl(s) from %s", __func__, 240 srv->srv_conf.tls_crl_file); 241 242 return (0); 243 } 244 245 int 246 server_tls_init(struct server *srv) 247 { 248 struct server_config *srv_conf; 249 250 if ((srv->srv_conf.flags & SRVFLAG_TLS) == 0) 251 return (0); 252 253 log_debug("%s: setting up tls for %s", __func__, srv->srv_conf.name); 254 255 if (tls_init() != 0) { 256 log_warnx("%s: failed to initialise tls", __func__); 257 return (-1); 258 } 259 if ((srv->srv_tls_config = tls_config_new()) == NULL) { 260 log_warnx("%s: failed to get tls config", __func__); 261 return (-1); 262 } 263 if ((srv->srv_tls_ctx = tls_server()) == NULL) { 264 log_warnx("%s: failed to get tls server", __func__); 265 return (-1); 266 } 267 268 if (tls_config_set_protocols(srv->srv_tls_config, 269 srv->srv_conf.tls_protocols) != 0) { 270 log_warnx("%s: failed to set tls protocols: %s", 271 __func__, tls_config_error(srv->srv_tls_config)); 272 return (-1); 273 } 274 if (tls_config_set_ciphers(srv->srv_tls_config, 275 srv->srv_conf.tls_ciphers) != 0) { 276 log_warnx("%s: failed to set tls ciphers: %s", 277 __func__, tls_config_error(srv->srv_tls_config)); 278 return (-1); 279 } 280 if (tls_config_set_dheparams(srv->srv_tls_config, 281 srv->srv_conf.tls_dhe_params) != 0) { 282 log_warnx("%s: failed to set tls dhe params: %s", 283 __func__, tls_config_error(srv->srv_tls_config)); 284 return (-1); 285 } 286 if (tls_config_set_ecdhecurves(srv->srv_tls_config, 287 srv->srv_conf.tls_ecdhe_curves) != 0) { 288 log_warnx("%s: failed to set tls ecdhe curves: %s", 289 __func__, tls_config_error(srv->srv_tls_config)); 290 return (-1); 291 } 292 293 if (tls_config_set_keypair_ocsp_mem(srv->srv_tls_config, 294 srv->srv_conf.tls_cert, srv->srv_conf.tls_cert_len, 295 srv->srv_conf.tls_key, srv->srv_conf.tls_key_len, 296 srv->srv_conf.tls_ocsp_staple, 297 srv->srv_conf.tls_ocsp_staple_len) != 0) { 298 log_warnx("%s: failed to set tls certificate/key: %s", 299 __func__, tls_config_error(srv->srv_tls_config)); 300 return (-1); 301 } 302 303 if (srv->srv_conf.tls_ca != NULL) { 304 if (tls_config_set_ca_mem(srv->srv_tls_config, 305 srv->srv_conf.tls_ca, srv->srv_conf.tls_ca_len) != 0) { 306 log_warnx("%s: failed to add ca cert(s)", __func__); 307 return (-1); 308 } 309 if (tls_config_set_crl_mem(srv->srv_tls_config, 310 srv->srv_conf.tls_crl, srv->srv_conf.tls_crl_len) != 0) { 311 log_warnx("%s: failed to add crl(s)", __func__); 312 return (-1); 313 } 314 if (srv->srv_conf.tls_flags & TLSFLAG_OPTIONAL) 315 tls_config_verify_client_optional(srv->srv_tls_config); 316 else 317 tls_config_verify_client(srv->srv_tls_config); 318 } 319 320 TAILQ_FOREACH(srv_conf, &srv->srv_hosts, entry) { 321 if (srv_conf->tls_cert == NULL || srv_conf->tls_key == NULL) 322 continue; 323 log_debug("%s: adding keypair for server %s", __func__, 324 srv->srv_conf.name); 325 if (tls_config_add_keypair_ocsp_mem(srv->srv_tls_config, 326 srv_conf->tls_cert, srv_conf->tls_cert_len, 327 srv_conf->tls_key, srv_conf->tls_key_len, 328 srv_conf->tls_ocsp_staple, 329 srv_conf->tls_ocsp_staple_len) != 0) { 330 log_warnx("%s: failed to add tls keypair", __func__); 331 return (-1); 332 } 333 } 334 335 /* set common session ID among all processes */ 336 if (tls_config_set_session_id(srv->srv_tls_config, 337 httpd_env->sc_tls_sid, sizeof(httpd_env->sc_tls_sid)) == -1) { 338 log_warnx("%s: could not set the TLS session ID: %s", 339 __func__, tls_config_error(srv->srv_tls_config)); 340 return (-1); 341 } 342 343 /* ticket support */ 344 if (srv->srv_conf.tls_ticket_lifetime) { 345 if (tls_config_set_session_lifetime(srv->srv_tls_config, 346 srv->srv_conf.tls_ticket_lifetime) == -1) { 347 log_warnx("%s: could not set the TLS session lifetime: " 348 "%s", __func__, 349 tls_config_error(srv->srv_tls_config)); 350 return (-1); 351 } 352 tls_config_add_ticket_key(srv->srv_tls_config, 353 srv->srv_conf.tls_ticket_key.tt_keyrev, 354 srv->srv_conf.tls_ticket_key.tt_key, 355 sizeof(srv->srv_conf.tls_ticket_key.tt_key)); 356 explicit_bzero(&srv->srv_conf.tls_ticket_key, 357 sizeof(srv->srv_conf.tls_ticket_key)); 358 } 359 360 if (tls_configure(srv->srv_tls_ctx, srv->srv_tls_config) != 0) { 361 log_warnx("%s: failed to configure tls - %s", __func__, 362 tls_error(srv->srv_tls_ctx)); 363 return (-1); 364 } 365 366 /* We're now done with the public/private key & ca/crl... */ 367 tls_config_clear_keys(srv->srv_tls_config); 368 freezero(srv->srv_conf.tls_cert, srv->srv_conf.tls_cert_len); 369 freezero(srv->srv_conf.tls_key, srv->srv_conf.tls_key_len); 370 free(srv->srv_conf.tls_ca); 371 free(srv->srv_conf.tls_crl); 372 srv->srv_conf.tls_ca = NULL; 373 srv->srv_conf.tls_cert = NULL; 374 srv->srv_conf.tls_crl = NULL; 375 srv->srv_conf.tls_key = NULL; 376 srv->srv_conf.tls_ca_len = 0; 377 srv->srv_conf.tls_cert_len = 0; 378 srv->srv_conf.tls_crl_len = 0; 379 srv->srv_conf.tls_key_len = 0; 380 381 return (0); 382 } 383 384 void 385 server_generate_ticket_key(struct server_config *srv_conf) 386 { 387 struct server_tls_ticket *key = &srv_conf->tls_ticket_key; 388 389 key->tt_id = srv_conf->id; 390 key->tt_keyrev = arc4random(); 391 arc4random_buf(key->tt_key, sizeof(key->tt_key)); 392 } 393 394 void 395 server_init(struct privsep *ps, struct privsep_proc *p, void *arg) 396 { 397 server_http(); 398 399 if (config_init(ps->ps_env) == -1) 400 fatal("failed to initialize configuration"); 401 402 /* We use a custom shutdown callback */ 403 p->p_shutdown = server_shutdown; 404 405 /* Unlimited file descriptors (use system limits) */ 406 socket_rlimit(-1); 407 408 if (pledge("stdio rpath inet unix recvfd", NULL) == -1) 409 fatal("pledge"); 410 411 #if 0 412 /* Schedule statistics timer */ 413 evtimer_set(&ps->ps_env->sc_statev, server_statistics, NULL); 414 memcpy(&tv, &ps->ps_env->sc_statinterval, sizeof(tv)); 415 evtimer_add(&ps->ps_env->sc_statev, &tv); 416 #endif 417 } 418 419 void 420 server_launch(void) 421 { 422 struct server *srv; 423 424 TAILQ_FOREACH(srv, httpd_env->sc_servers, srv_entry) { 425 log_debug("%s: configuring server %s", __func__, 426 srv->srv_conf.name); 427 428 server_tls_init(srv); 429 server_http_init(srv); 430 431 log_debug("%s: running server %s", __func__, 432 srv->srv_conf.name); 433 434 event_set(&srv->srv_ev, srv->srv_s, EV_READ, 435 server_accept, srv); 436 event_add(&srv->srv_ev, NULL); 437 evtimer_set(&srv->srv_evt, server_accept, srv); 438 } 439 } 440 441 void 442 server_purge(struct server *srv) 443 { 444 struct client *clt; 445 struct server_config *srv_conf; 446 447 /* shutdown and remove server */ 448 if (event_initialized(&srv->srv_ev)) 449 event_del(&srv->srv_ev); 450 if (evtimer_initialized(&srv->srv_evt)) 451 evtimer_del(&srv->srv_evt); 452 453 if (srv->srv_s != -1) 454 close(srv->srv_s); 455 TAILQ_REMOVE(httpd_env->sc_servers, srv, srv_entry); 456 457 /* cleanup sessions */ 458 while ((clt = 459 SPLAY_ROOT(&srv->srv_clients)) != NULL) 460 server_close(clt, NULL); 461 462 /* cleanup hosts */ 463 while ((srv_conf = 464 TAILQ_FIRST(&srv->srv_hosts)) != NULL) { 465 TAILQ_REMOVE(&srv->srv_hosts, srv_conf, entry); 466 467 /* It might point to our own "default" entry */ 468 if (srv_conf != &srv->srv_conf) { 469 serverconfig_free(srv_conf); 470 free(srv_conf); 471 } 472 } 473 474 tls_config_free(srv->srv_tls_config); 475 tls_free(srv->srv_tls_ctx); 476 477 free(srv); 478 } 479 480 void 481 serverconfig_free(struct server_config *srv_conf) 482 { 483 struct fastcgi_param *param, *tparam; 484 485 free(srv_conf->return_uri); 486 free(srv_conf->tls_ca_file); 487 free(srv_conf->tls_ca); 488 free(srv_conf->tls_cert_file); 489 free(srv_conf->tls_crl_file); 490 free(srv_conf->tls_crl); 491 free(srv_conf->tls_key_file); 492 free(srv_conf->tls_ocsp_staple_file); 493 free(srv_conf->tls_ocsp_staple); 494 freezero(srv_conf->tls_cert, srv_conf->tls_cert_len); 495 freezero(srv_conf->tls_key, srv_conf->tls_key_len); 496 497 TAILQ_FOREACH_SAFE(param, &srv_conf->fcgiparams, entry, tparam) 498 free(param); 499 } 500 501 void 502 serverconfig_reset(struct server_config *srv_conf) 503 { 504 srv_conf->auth = NULL; 505 srv_conf->return_uri = NULL; 506 srv_conf->tls_ca = NULL; 507 srv_conf->tls_ca_file = NULL; 508 srv_conf->tls_cert = NULL; 509 srv_conf->tls_cert_file = NULL; 510 srv_conf->tls_crl = NULL; 511 srv_conf->tls_crl_file = NULL; 512 srv_conf->tls_key = NULL; 513 srv_conf->tls_key_file = NULL; 514 srv_conf->tls_ocsp_staple = NULL; 515 srv_conf->tls_ocsp_staple_file = NULL; 516 TAILQ_INIT(&srv_conf->fcgiparams); 517 } 518 519 struct server * 520 server_byaddr(struct sockaddr *addr, in_port_t port) 521 { 522 struct server *srv; 523 524 TAILQ_FOREACH(srv, httpd_env->sc_servers, srv_entry) { 525 if (port == srv->srv_conf.port && 526 sockaddr_cmp((struct sockaddr *)&srv->srv_conf.ss, 527 addr, srv->srv_conf.prefixlen) == 0) 528 return (srv); 529 } 530 531 return (NULL); 532 } 533 534 struct server_config * 535 serverconfig_byid(uint32_t id) 536 { 537 struct server *srv; 538 struct server_config *srv_conf; 539 540 TAILQ_FOREACH(srv, httpd_env->sc_servers, srv_entry) { 541 if (srv->srv_conf.id == id) 542 return (&srv->srv_conf); 543 TAILQ_FOREACH(srv_conf, &srv->srv_hosts, entry) { 544 if (srv_conf->id == id) 545 return (srv_conf); 546 } 547 } 548 549 return (NULL); 550 } 551 552 struct server * 553 server_byid(uint32_t id) 554 { 555 struct server *srv; 556 557 TAILQ_FOREACH(srv, httpd_env->sc_servers, srv_entry) { 558 if (srv->srv_conf.id == id) 559 return (srv); 560 } 561 return (NULL); 562 } 563 564 int 565 server_foreach(int (*srv_cb)(struct server *, 566 struct server_config *, void *), void *arg) 567 { 568 struct server *srv; 569 struct server_config *srv_conf; 570 571 TAILQ_FOREACH(srv, httpd_env->sc_servers, srv_entry) { 572 if ((srv_cb)(srv, &srv->srv_conf, arg) == -1) 573 return (-1); 574 TAILQ_FOREACH(srv_conf, &srv->srv_hosts, entry) { 575 if ((srv_cb)(srv, srv_conf, arg) == -1) 576 return (-1); 577 } 578 } 579 580 return (0); 581 } 582 583 struct server * 584 server_match(struct server *s2, int match_name) 585 { 586 struct server *s1; 587 588 /* Attempt to find matching server. */ 589 TAILQ_FOREACH(s1, httpd_env->sc_servers, srv_entry) { 590 if ((s1->srv_conf.flags & SRVFLAG_LOCATION) != 0) 591 continue; 592 if (match_name) { 593 if (strcmp(s1->srv_conf.name, s2->srv_conf.name) != 0) 594 continue; 595 } 596 if (s1->srv_conf.port != s2->srv_conf.port) 597 continue; 598 if (sockaddr_cmp( 599 (struct sockaddr *)&s1->srv_conf.ss, 600 (struct sockaddr *)&s2->srv_conf.ss, 601 s1->srv_conf.prefixlen) != 0) 602 continue; 603 604 return (s1); 605 } 606 607 return (NULL); 608 } 609 610 int 611 server_socket_af(struct sockaddr_storage *ss, in_port_t port) 612 { 613 switch (ss->ss_family) { 614 case AF_INET: 615 ((struct sockaddr_in *)ss)->sin_port = port; 616 ((struct sockaddr_in *)ss)->sin_len = 617 sizeof(struct sockaddr_in); 618 break; 619 case AF_INET6: 620 ((struct sockaddr_in6 *)ss)->sin6_port = port; 621 ((struct sockaddr_in6 *)ss)->sin6_len = 622 sizeof(struct sockaddr_in6); 623 break; 624 default: 625 return (-1); 626 } 627 628 return (0); 629 } 630 631 in_port_t 632 server_socket_getport(struct sockaddr_storage *ss) 633 { 634 switch (ss->ss_family) { 635 case AF_INET: 636 return (((struct sockaddr_in *)ss)->sin_port); 637 case AF_INET6: 638 return (((struct sockaddr_in6 *)ss)->sin6_port); 639 default: 640 return (0); 641 } 642 643 /* NOTREACHED */ 644 return (0); 645 } 646 647 int 648 server_socket(struct sockaddr_storage *ss, in_port_t port, 649 struct server_config *srv_conf, int fd, int reuseport) 650 { 651 struct linger lng; 652 int s = -1, val; 653 654 if (server_socket_af(ss, port) == -1) 655 goto bad; 656 657 s = fd == -1 ? socket(ss->ss_family, SOCK_STREAM | SOCK_NONBLOCK, 658 IPPROTO_TCP) : fd; 659 if (s == -1) 660 goto bad; 661 662 /* 663 * Socket options 664 */ 665 memset(&lng, 0, sizeof(lng)); 666 if (setsockopt(s, SOL_SOCKET, SO_LINGER, &lng, sizeof(lng)) == -1) 667 goto bad; 668 if (reuseport) { 669 val = 1; 670 if (setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &val, 671 sizeof(int)) == -1) 672 goto bad; 673 } 674 if (srv_conf->tcpflags & TCPFLAG_BUFSIZ) { 675 val = srv_conf->tcpbufsiz; 676 if (setsockopt(s, SOL_SOCKET, SO_RCVBUF, 677 &val, sizeof(val)) == -1) 678 goto bad; 679 val = srv_conf->tcpbufsiz; 680 if (setsockopt(s, SOL_SOCKET, SO_SNDBUF, 681 &val, sizeof(val)) == -1) 682 goto bad; 683 } 684 685 /* 686 * IP options 687 */ 688 if (srv_conf->tcpflags & TCPFLAG_IPTTL) { 689 val = (int)srv_conf->tcpipttl; 690 switch (ss->ss_family) { 691 case AF_INET: 692 if (setsockopt(s, IPPROTO_IP, IP_TTL, 693 &val, sizeof(val)) == -1) 694 goto bad; 695 break; 696 case AF_INET6: 697 if (setsockopt(s, IPPROTO_IPV6, IPV6_UNICAST_HOPS, 698 &val, sizeof(val)) == -1) 699 goto bad; 700 break; 701 } 702 } 703 if (srv_conf->tcpflags & TCPFLAG_IPMINTTL) { 704 val = (int)srv_conf->tcpipminttl; 705 switch (ss->ss_family) { 706 case AF_INET: 707 if (setsockopt(s, IPPROTO_IP, IP_MINTTL, 708 &val, sizeof(val)) == -1) 709 goto bad; 710 break; 711 case AF_INET6: 712 if (setsockopt(s, IPPROTO_IPV6, IPV6_MINHOPCOUNT, 713 &val, sizeof(val)) == -1) 714 goto bad; 715 break; 716 } 717 } 718 719 /* 720 * TCP options 721 */ 722 if (srv_conf->tcpflags & (TCPFLAG_NODELAY|TCPFLAG_NNODELAY)) { 723 if (srv_conf->tcpflags & TCPFLAG_NNODELAY) 724 val = 0; 725 else 726 val = 1; 727 if (setsockopt(s, IPPROTO_TCP, TCP_NODELAY, 728 &val, sizeof(val)) == -1) 729 goto bad; 730 } 731 if (srv_conf->tcpflags & (TCPFLAG_SACK|TCPFLAG_NSACK)) { 732 if (srv_conf->tcpflags & TCPFLAG_NSACK) 733 val = 0; 734 else 735 val = 1; 736 if (setsockopt(s, IPPROTO_TCP, TCP_SACK_ENABLE, 737 &val, sizeof(val)) == -1) 738 goto bad; 739 } 740 741 return (s); 742 743 bad: 744 if (s != -1) 745 close(s); 746 return (-1); 747 } 748 749 int 750 server_socket_listen(struct sockaddr_storage *ss, in_port_t port, 751 struct server_config *srv_conf) 752 { 753 int s; 754 755 if ((s = server_socket(ss, port, srv_conf, -1, 1)) == -1) 756 return (-1); 757 758 if (bind(s, (struct sockaddr *)ss, ss->ss_len) == -1) 759 goto bad; 760 if (listen(s, srv_conf->tcpbacklog) == -1) 761 goto bad; 762 763 return (s); 764 765 bad: 766 close(s); 767 return (-1); 768 } 769 770 int 771 server_socket_connect(struct sockaddr_storage *ss, in_port_t port, 772 struct server_config *srv_conf) 773 { 774 int s; 775 776 if ((s = server_socket(ss, port, srv_conf, -1, 0)) == -1) 777 return (-1); 778 779 if (connect(s, (struct sockaddr *)ss, ss->ss_len) == -1) { 780 if (errno != EINPROGRESS) 781 goto bad; 782 } 783 784 return (s); 785 786 bad: 787 close(s); 788 return (-1); 789 } 790 791 void 792 server_tls_readcb(int fd, short event, void *arg) 793 { 794 struct bufferevent *bufev = arg; 795 struct client *clt = bufev->cbarg; 796 char rbuf[IBUF_READ_SIZE]; 797 int what = EVBUFFER_READ; 798 int howmuch = IBUF_READ_SIZE; 799 ssize_t ret; 800 size_t len; 801 802 if (event == EV_TIMEOUT) { 803 what |= EVBUFFER_TIMEOUT; 804 goto err; 805 } 806 807 if (bufev->wm_read.high != 0) 808 howmuch = MINIMUM(sizeof(rbuf), bufev->wm_read.high); 809 810 ret = tls_read(clt->clt_tls_ctx, rbuf, howmuch); 811 if (ret == TLS_WANT_POLLIN || ret == TLS_WANT_POLLOUT) { 812 goto retry; 813 } else if (ret == -1) { 814 what |= EVBUFFER_ERROR; 815 goto err; 816 } 817 len = ret; 818 819 if (len == 0) { 820 what |= EVBUFFER_EOF; 821 goto err; 822 } 823 824 if (evbuffer_add(bufev->input, rbuf, len) == -1) { 825 what |= EVBUFFER_ERROR; 826 goto err; 827 } 828 829 server_bufferevent_add(&bufev->ev_read, bufev->timeout_read); 830 831 len = EVBUFFER_LENGTH(bufev->input); 832 if (bufev->wm_read.low != 0 && len < bufev->wm_read.low) 833 return; 834 if (bufev->wm_read.high != 0 && len > bufev->wm_read.high) { 835 struct evbuffer *buf = bufev->input; 836 event_del(&bufev->ev_read); 837 evbuffer_setcb(buf, bufferevent_read_pressure_cb, bufev); 838 return; 839 } 840 841 if (bufev->readcb != NULL) 842 (*bufev->readcb)(bufev, bufev->cbarg); 843 return; 844 845 retry: 846 server_bufferevent_add(&bufev->ev_read, bufev->timeout_read); 847 return; 848 849 err: 850 (*bufev->errorcb)(bufev, what, bufev->cbarg); 851 } 852 853 void 854 server_tls_writecb(int fd, short event, void *arg) 855 { 856 struct bufferevent *bufev = arg; 857 struct client *clt = bufev->cbarg; 858 ssize_t ret; 859 short what = EVBUFFER_WRITE; 860 size_t len; 861 862 if (event == EV_TIMEOUT) { 863 what |= EVBUFFER_TIMEOUT; 864 goto err; 865 } 866 867 if (EVBUFFER_LENGTH(bufev->output)) { 868 ret = tls_write(clt->clt_tls_ctx, 869 EVBUFFER_DATA(bufev->output), 870 EVBUFFER_LENGTH(bufev->output)); 871 if (ret == TLS_WANT_POLLIN || ret == TLS_WANT_POLLOUT) { 872 goto retry; 873 } else if (ret == -1) { 874 what |= EVBUFFER_ERROR; 875 goto err; 876 } 877 len = ret; 878 evbuffer_drain(bufev->output, len); 879 } 880 881 if (EVBUFFER_LENGTH(bufev->output) != 0) 882 server_bufferevent_add(&bufev->ev_write, bufev->timeout_write); 883 884 if (bufev->writecb != NULL && 885 EVBUFFER_LENGTH(bufev->output) <= bufev->wm_write.low) 886 (*bufev->writecb)(bufev, bufev->cbarg); 887 return; 888 889 retry: 890 server_bufferevent_add(&bufev->ev_write, bufev->timeout_write); 891 return; 892 893 err: 894 (*bufev->errorcb)(bufev, what, bufev->cbarg); 895 } 896 897 void 898 server_input(struct client *clt) 899 { 900 struct server_config *srv_conf = clt->clt_srv_conf; 901 evbuffercb inrd = server_read; 902 evbuffercb inwr = server_write; 903 socklen_t slen; 904 905 if (server_httpdesc_init(clt) == -1) { 906 server_close(clt, "failed to allocate http descriptor"); 907 return; 908 } 909 910 clt->clt_toread = TOREAD_HTTP_HEADER; 911 inrd = server_read_http; 912 913 slen = sizeof(clt->clt_sndbufsiz); 914 if (getsockopt(clt->clt_s, SOL_SOCKET, SO_SNDBUF, 915 &clt->clt_sndbufsiz, &slen) == -1) { 916 server_close(clt, "failed to get send buffer size"); 917 return; 918 } 919 920 /* 921 * Client <-> Server 922 */ 923 clt->clt_bev = bufferevent_new(clt->clt_s, inrd, inwr, 924 server_error, clt); 925 if (clt->clt_bev == NULL) { 926 server_close(clt, "failed to allocate input buffer event"); 927 return; 928 } 929 930 if (srv_conf->flags & SRVFLAG_TLS) { 931 event_set(&clt->clt_bev->ev_read, clt->clt_s, EV_READ, 932 server_tls_readcb, clt->clt_bev); 933 event_set(&clt->clt_bev->ev_write, clt->clt_s, EV_WRITE, 934 server_tls_writecb, clt->clt_bev); 935 } 936 937 /* Adjust write watermark to the socket buffer output size */ 938 bufferevent_setwatermark(clt->clt_bev, EV_WRITE, 939 SERVER_MIN_PREFETCHED * clt->clt_sndbufsiz, 0); 940 /* Read at most amount of data that fits in one fcgi record. */ 941 bufferevent_setwatermark(clt->clt_bev, EV_READ, 0, FCGI_CONTENT_SIZE); 942 943 bufferevent_settimeout(clt->clt_bev, 944 srv_conf->requesttimeout.tv_sec, srv_conf->requesttimeout.tv_sec); 945 bufferevent_enable(clt->clt_bev, EV_READ|EV_WRITE); 946 } 947 948 void 949 server_write(struct bufferevent *bev, void *arg) 950 { 951 struct client *clt = arg; 952 struct evbuffer *dst = EVBUFFER_OUTPUT(bev); 953 954 if (EVBUFFER_LENGTH(dst) == 0 && 955 clt->clt_toread == TOREAD_HTTP_NONE) 956 goto done; 957 958 getmonotime(&clt->clt_tv_last); 959 960 if (clt->clt_done) 961 goto done; 962 963 if (clt->clt_srvbev && clt->clt_srvbev_throttled) { 964 bufferevent_enable(clt->clt_srvbev, EV_READ); 965 clt->clt_srvbev_throttled = 0; 966 } 967 968 return; 969 done: 970 (*bev->errorcb)(bev, EVBUFFER_WRITE, bev->cbarg); 971 return; 972 } 973 974 void 975 server_dump(struct client *clt, const void *buf, size_t len) 976 { 977 if (!len) 978 return; 979 980 /* 981 * This function will dump the specified message directly 982 * to the underlying client, without waiting for success 983 * of non-blocking events etc. This is useful to print an 984 * error message before gracefully closing the client. 985 */ 986 if (clt->clt_tls_ctx != NULL) 987 (void)tls_write(clt->clt_tls_ctx, buf, len); 988 else 989 (void)write(clt->clt_s, buf, len); 990 } 991 992 void 993 server_read(struct bufferevent *bev, void *arg) 994 { 995 struct client *clt = arg; 996 struct evbuffer *src = EVBUFFER_INPUT(bev); 997 998 getmonotime(&clt->clt_tv_last); 999 1000 if (!EVBUFFER_LENGTH(src)) 1001 return; 1002 if (server_bufferevent_write_buffer(clt, src) == -1) 1003 goto fail; 1004 if (clt->clt_done) 1005 goto done; 1006 1007 if (EVBUFFER_LENGTH(EVBUFFER_OUTPUT(clt->clt_bev)) > (size_t) 1008 SERVER_MAX_PREFETCH * clt->clt_sndbufsiz) { 1009 bufferevent_disable(clt->clt_srvbev, EV_READ); 1010 clt->clt_srvbev_throttled = 1; 1011 } 1012 1013 return; 1014 done: 1015 (*bev->errorcb)(bev, EVBUFFER_READ, bev->cbarg); 1016 return; 1017 fail: 1018 server_close(clt, strerror(errno)); 1019 } 1020 1021 void 1022 server_error(struct bufferevent *bev, short error, void *arg) 1023 { 1024 struct client *clt = arg; 1025 struct evbuffer *dst; 1026 1027 if (error & EVBUFFER_TIMEOUT) { 1028 if (!clt->clt_headersdone && clt->clt_line > 0) 1029 server_abort_http(clt, 408, "timeout"); 1030 else 1031 server_close(clt, "timeout"); 1032 return; 1033 } 1034 if (error & EVBUFFER_ERROR) { 1035 if (errno == EFBIG) { 1036 bufferevent_enable(bev, EV_READ); 1037 return; 1038 } 1039 server_close(clt, "buffer event error"); 1040 return; 1041 } 1042 if (error & EVBUFFER_EOF) { 1043 server_close(clt, "closed"); 1044 return; 1045 } 1046 if (error & (EVBUFFER_READ|EVBUFFER_WRITE)) { 1047 bufferevent_disable(bev, EV_READ|EV_WRITE); 1048 1049 clt->clt_done = 1; 1050 1051 dst = EVBUFFER_OUTPUT(clt->clt_bev); 1052 if (EVBUFFER_LENGTH(dst)) { 1053 /* Finish writing all data first */ 1054 bufferevent_enable(clt->clt_bev, EV_WRITE); 1055 return; 1056 } 1057 1058 server_close(clt, "done"); 1059 return; 1060 } 1061 server_close(clt, "unknown event error"); 1062 return; 1063 } 1064 1065 void 1066 server_accept(int fd, short event, void *arg) 1067 { 1068 struct server *srv = arg; 1069 struct client *clt = NULL; 1070 socklen_t slen; 1071 struct sockaddr_storage ss; 1072 int s = -1; 1073 1074 event_add(&srv->srv_ev, NULL); 1075 if ((event & EV_TIMEOUT)) 1076 return; 1077 1078 slen = sizeof(ss); 1079 if ((s = accept_reserve(fd, (struct sockaddr *)&ss, 1080 &slen, FD_RESERVE, &server_inflight)) == -1) { 1081 /* 1082 * Pause accept if we are out of file descriptors, or 1083 * libevent will haunt us here too. 1084 */ 1085 if (errno == ENFILE || errno == EMFILE) { 1086 struct timeval evtpause = { 1, 0 }; 1087 1088 event_del(&srv->srv_ev); 1089 evtimer_add(&srv->srv_evt, &evtpause); 1090 log_debug("%s: deferring connections", __func__); 1091 } 1092 return; 1093 } 1094 if (server_clients >= SERVER_MAX_CLIENTS) 1095 goto err; 1096 1097 if ((clt = calloc(1, sizeof(*clt))) == NULL) 1098 goto err; 1099 1100 /* Pre-allocate log buffer */ 1101 clt->clt_log = evbuffer_new(); 1102 if (clt->clt_log == NULL) 1103 goto err; 1104 1105 clt->clt_s = s; 1106 clt->clt_fd = -1; 1107 clt->clt_toread = TOREAD_UNLIMITED; 1108 clt->clt_srv = srv; 1109 clt->clt_srv_conf = &srv->srv_conf; 1110 clt->clt_id = ++server_cltid; 1111 clt->clt_srv_id = srv->srv_conf.id; 1112 clt->clt_pid = getpid(); 1113 clt->clt_inflight = 1; 1114 1115 /* get local address */ 1116 slen = sizeof(clt->clt_srv_ss); 1117 if (getsockname(s, (struct sockaddr *)&clt->clt_srv_ss, 1118 &slen) == -1) { 1119 server_close(clt, "listen address lookup failed"); 1120 return; 1121 } 1122 1123 /* get client address */ 1124 memcpy(&clt->clt_ss, &ss, sizeof(clt->clt_ss)); 1125 1126 /* get ports */ 1127 switch (ss.ss_family) { 1128 case AF_INET: 1129 clt->clt_port = ((struct sockaddr_in *)&ss)->sin_port; 1130 break; 1131 case AF_INET6: 1132 clt->clt_port = ((struct sockaddr_in6 *)&ss)->sin6_port; 1133 break; 1134 } 1135 1136 getmonotime(&clt->clt_tv_start); 1137 memcpy(&clt->clt_tv_last, &clt->clt_tv_start, sizeof(clt->clt_tv_last)); 1138 1139 server_clients++; 1140 SPLAY_INSERT(client_tree, &srv->srv_clients, clt); 1141 1142 /* Pre-allocate output buffer */ 1143 clt->clt_output = evbuffer_new(); 1144 if (clt->clt_output == NULL) { 1145 server_close(clt, "failed to allocate output buffer"); 1146 return; 1147 } 1148 1149 if (srv->srv_conf.flags & SRVFLAG_TLS) { 1150 if (tls_accept_socket(srv->srv_tls_ctx, &clt->clt_tls_ctx, 1151 clt->clt_s) != 0) { 1152 server_close(clt, "failed to accept tls socket"); 1153 return; 1154 } 1155 event_again(&clt->clt_ev, clt->clt_s, EV_TIMEOUT|EV_READ, 1156 server_tls_handshake, &clt->clt_tv_start, 1157 &srv->srv_conf.timeout, clt); 1158 return; 1159 } 1160 1161 server_input(clt); 1162 return; 1163 1164 err: 1165 if (s != -1) { 1166 close(s); 1167 free(clt); 1168 /* 1169 * the client struct was not completely set up, but still 1170 * counted as an inflight client. account for this. 1171 */ 1172 server_inflight_dec(NULL, __func__); 1173 } 1174 } 1175 1176 void 1177 server_tls_handshake(int fd, short event, void *arg) 1178 { 1179 struct client *clt = (struct client *)arg; 1180 struct server *srv = (struct server *)clt->clt_srv; 1181 int ret; 1182 1183 if (event == EV_TIMEOUT) { 1184 server_close(clt, "tls handshake timeout"); 1185 return; 1186 } 1187 1188 if (srv->srv_tls_ctx == NULL || clt->clt_tls_ctx == NULL) 1189 fatalx("NULL tls context"); 1190 1191 ret = tls_handshake(clt->clt_tls_ctx); 1192 if (ret == 0) { 1193 server_input(clt); 1194 } else if (ret == TLS_WANT_POLLIN) { 1195 event_again(&clt->clt_ev, clt->clt_s, EV_TIMEOUT|EV_READ, 1196 server_tls_handshake, &clt->clt_tv_start, 1197 &srv->srv_conf.timeout, clt); 1198 } else if (ret == TLS_WANT_POLLOUT) { 1199 event_again(&clt->clt_ev, clt->clt_s, EV_TIMEOUT|EV_WRITE, 1200 server_tls_handshake, &clt->clt_tv_start, 1201 &srv->srv_conf.timeout, clt); 1202 } else { 1203 log_debug("%s: tls handshake failed - %s", __func__, 1204 tls_error(clt->clt_tls_ctx)); 1205 server_close(clt, "tls handshake failed"); 1206 } 1207 } 1208 1209 void 1210 server_inflight_dec(struct client *clt, const char *why) 1211 { 1212 if (clt != NULL) { 1213 /* the flight already left inflight mode. */ 1214 if (clt->clt_inflight == 0) 1215 return; 1216 clt->clt_inflight = 0; 1217 } 1218 1219 /* the file was never opened, thus this was an inflight client. */ 1220 server_inflight--; 1221 DPRINTF("%s: inflight decremented, now %d, %s", 1222 __func__, server_inflight, why); 1223 } 1224 1225 void 1226 server_sendlog(struct server_config *srv_conf, int cmd, const char *emsg, ...) 1227 { 1228 va_list ap; 1229 char *msg; 1230 int ret; 1231 struct iovec iov[2]; 1232 1233 if (srv_conf->flags & SRVFLAG_SYSLOG) { 1234 va_start(ap, emsg); 1235 if (cmd == IMSG_LOG_ACCESS) 1236 vlog(LOG_INFO, emsg, ap); 1237 else 1238 vlog(LOG_DEBUG, emsg, ap); 1239 va_end(ap); 1240 return; 1241 } 1242 1243 va_start(ap, emsg); 1244 ret = vasprintf(&msg, emsg, ap); 1245 va_end(ap); 1246 if (ret == -1) { 1247 log_warn("%s: vasprintf", __func__); 1248 return; 1249 } 1250 1251 iov[0].iov_base = &srv_conf->id; 1252 iov[0].iov_len = sizeof(srv_conf->id); 1253 iov[1].iov_base = msg; 1254 iov[1].iov_len = strlen(msg) + 1; 1255 1256 if (proc_composev(httpd_env->sc_ps, PROC_LOGGER, cmd, iov, 2) != 0) { 1257 log_warn("%s: failed to compose imsg", __func__); 1258 return; 1259 } 1260 } 1261 1262 void 1263 server_log(struct client *clt, const char *msg) 1264 { 1265 char ibuf[HOST_NAME_MAX+1], obuf[HOST_NAME_MAX+1]; 1266 struct server_config *srv_conf = clt->clt_srv_conf; 1267 char *ptr = NULL, *vmsg = NULL; 1268 int debug_cmd = -1; 1269 1270 switch (srv_conf->logformat) { 1271 case LOG_FORMAT_CONNECTION: 1272 debug_cmd = IMSG_LOG_ACCESS; 1273 break; 1274 default: 1275 if (log_getverbose() > 1) 1276 debug_cmd = IMSG_LOG_ERROR; 1277 if (EVBUFFER_LENGTH(clt->clt_log)) { 1278 while ((ptr = 1279 evbuffer_readline(clt->clt_log)) != NULL) { 1280 server_sendlog(srv_conf, 1281 IMSG_LOG_ACCESS, "%s", ptr); 1282 free(ptr); 1283 } 1284 } 1285 break; 1286 } 1287 1288 if (debug_cmd != -1 && msg != NULL) { 1289 memset(ibuf, 0, sizeof(ibuf)); 1290 memset(obuf, 0, sizeof(obuf)); 1291 (void)print_host(&clt->clt_ss, ibuf, sizeof(ibuf)); 1292 (void)server_http_host(&clt->clt_srv_ss, obuf, sizeof(obuf)); 1293 if (EVBUFFER_LENGTH(clt->clt_log) && 1294 evbuffer_add_printf(clt->clt_log, "\n") != -1) 1295 ptr = evbuffer_readline(clt->clt_log); 1296 (void)stravis(&vmsg, msg, HTTPD_LOGVIS); 1297 server_sendlog(srv_conf, debug_cmd, "server %s, " 1298 "client %d (%d active), %s:%u -> %s, " 1299 "%s%s%s", srv_conf->name, clt->clt_id, server_clients, 1300 ibuf, ntohs(clt->clt_port), obuf, vmsg == NULL ? "" : vmsg, 1301 ptr == NULL ? "" : ",", ptr == NULL ? "" : ptr); 1302 free(vmsg); 1303 free(ptr); 1304 } 1305 } 1306 1307 void 1308 server_close(struct client *clt, const char *msg) 1309 { 1310 struct server *srv = clt->clt_srv; 1311 1312 SPLAY_REMOVE(client_tree, &srv->srv_clients, clt); 1313 1314 /* free the HTTP descriptors incl. headers */ 1315 server_close_http(clt); 1316 1317 event_del(&clt->clt_ev); 1318 if (clt->clt_bev != NULL) 1319 bufferevent_disable(clt->clt_bev, EV_READ|EV_WRITE); 1320 if (clt->clt_srvbev != NULL) 1321 bufferevent_disable(clt->clt_srvbev, EV_READ|EV_WRITE); 1322 1323 server_log(clt, msg); 1324 1325 if (clt->clt_bev != NULL) 1326 bufferevent_free(clt->clt_bev); 1327 if (clt->clt_output != NULL) 1328 evbuffer_free(clt->clt_output); 1329 if (clt->clt_srvevb != NULL) 1330 evbuffer_free(clt->clt_srvevb); 1331 1332 if (clt->clt_srvbev != NULL) 1333 bufferevent_free(clt->clt_srvbev); 1334 if (clt->clt_fd != -1) 1335 close(clt->clt_fd); 1336 if (clt->clt_s != -1) 1337 close(clt->clt_s); 1338 1339 if (clt->clt_tls_ctx != NULL) 1340 tls_close(clt->clt_tls_ctx); 1341 tls_free(clt->clt_tls_ctx); 1342 1343 server_inflight_dec(clt, __func__); 1344 1345 if (clt->clt_log != NULL) 1346 evbuffer_free(clt->clt_log); 1347 1348 free(clt); 1349 server_clients--; 1350 } 1351 1352 int 1353 server_dispatch_parent(int fd, struct privsep_proc *p, struct imsg *imsg) 1354 { 1355 struct server *srv; 1356 struct server_tls_ticket key; 1357 1358 switch (imsg->hdr.type) { 1359 case IMSG_CFG_MEDIA: 1360 config_getmedia(httpd_env, imsg); 1361 break; 1362 case IMSG_CFG_AUTH: 1363 config_getauth(httpd_env, imsg); 1364 break; 1365 case IMSG_CFG_SERVER: 1366 config_getserver(httpd_env, imsg); 1367 break; 1368 case IMSG_CFG_TLS: 1369 config_getserver_tls(httpd_env, imsg); 1370 break; 1371 case IMSG_CFG_FCGI: 1372 config_getserver_fcgiparams(httpd_env, imsg); 1373 break; 1374 case IMSG_CFG_DONE: 1375 config_getcfg(httpd_env, imsg); 1376 break; 1377 case IMSG_CTL_START: 1378 server_launch(); 1379 break; 1380 case IMSG_CTL_RESET: 1381 config_getreset(httpd_env, imsg); 1382 break; 1383 case IMSG_TLSTICKET_REKEY: 1384 IMSG_SIZE_CHECK(imsg, (&key)); 1385 memcpy(&key, imsg->data, sizeof(key)); 1386 /* apply to the right server */ 1387 srv = server_byid(key.tt_id); 1388 if (srv) { 1389 tls_config_add_ticket_key(srv->srv_tls_config, 1390 key.tt_keyrev, key.tt_key, sizeof(key.tt_key)); 1391 } 1392 break; 1393 default: 1394 return (-1); 1395 } 1396 1397 return (0); 1398 } 1399 1400 int 1401 server_dispatch_logger(int fd, struct privsep_proc *p, struct imsg *imsg) 1402 { 1403 switch (imsg->hdr.type) { 1404 default: 1405 return (-1); 1406 } 1407 1408 return (0); 1409 } 1410 1411 int 1412 server_bufferevent_add(struct event *ev, int timeout) 1413 { 1414 struct timeval tv, *ptv = NULL; 1415 1416 if (timeout) { 1417 timerclear(&tv); 1418 tv.tv_sec = timeout; 1419 ptv = &tv; 1420 } 1421 1422 return (event_add(ev, ptv)); 1423 } 1424 1425 int 1426 server_bufferevent_printf(struct client *clt, const char *fmt, ...) 1427 { 1428 int ret; 1429 va_list ap; 1430 char *str; 1431 1432 va_start(ap, fmt); 1433 ret = vasprintf(&str, fmt, ap); 1434 va_end(ap); 1435 1436 if (ret == -1) 1437 return (ret); 1438 1439 ret = server_bufferevent_print(clt, str); 1440 free(str); 1441 1442 return (ret); 1443 } 1444 1445 int 1446 server_bufferevent_print(struct client *clt, const char *str) 1447 { 1448 if (clt->clt_bev == NULL) 1449 return (evbuffer_add(clt->clt_output, str, strlen(str))); 1450 return (bufferevent_write(clt->clt_bev, str, strlen(str))); 1451 } 1452 1453 int 1454 server_bufferevent_write_buffer(struct client *clt, struct evbuffer *buf) 1455 { 1456 if (clt->clt_bev == NULL) 1457 return (evbuffer_add_buffer(clt->clt_output, buf)); 1458 return (bufferevent_write_buffer(clt->clt_bev, buf)); 1459 } 1460 1461 int 1462 server_bufferevent_write_chunk(struct client *clt, 1463 struct evbuffer *buf, size_t size) 1464 { 1465 int ret; 1466 ret = server_bufferevent_write(clt, buf->buffer, size); 1467 if (ret != -1) 1468 evbuffer_drain(buf, size); 1469 return (ret); 1470 } 1471 1472 int 1473 server_bufferevent_write(struct client *clt, void *data, size_t size) 1474 { 1475 if (clt->clt_bev == NULL) 1476 return (evbuffer_add(clt->clt_output, data, size)); 1477 return (bufferevent_write(clt->clt_bev, data, size)); 1478 } 1479 1480 int 1481 server_client_cmp(struct client *a, struct client *b) 1482 { 1483 return ((int)a->clt_id - b->clt_id); 1484 } 1485 1486 SPLAY_GENERATE(client_tree, client, clt_nodes, server_client_cmp); 1487