1 /* $OpenBSD: server.c,v 1.120 2019/10/14 11:07:08 florian Exp $ */ 2 3 /* 4 * Copyright (c) 2006 - 2015 Reyk Floeter <reyk@openbsd.org> 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19 #include <sys/types.h> 20 #include <sys/queue.h> 21 #include <sys/time.h> 22 #include <sys/stat.h> 23 #include <sys/socket.h> 24 #include <sys/uio.h> 25 #include <sys/tree.h> 26 27 #include <netinet/in.h> 28 #include <netinet/tcp.h> 29 #include <arpa/inet.h> 30 31 #include <stdio.h> 32 #include <stdlib.h> 33 #include <stdarg.h> 34 #include <limits.h> 35 #include <errno.h> 36 #include <fcntl.h> 37 #include <string.h> 38 #include <syslog.h> 39 #include <unistd.h> 40 #include <event.h> 41 #include <imsg.h> 42 #include <tls.h> 43 #include <vis.h> 44 45 #include "httpd.h" 46 47 #define MINIMUM(a, b) (((a) < (b)) ? (a) : (b)) 48 49 int server_dispatch_parent(int, struct privsep_proc *, 50 struct imsg *); 51 int server_dispatch_logger(int, struct privsep_proc *, 52 struct imsg *); 53 void server_shutdown(void); 54 55 void server_init(struct privsep *, struct privsep_proc *p, void *); 56 void server_launch(void); 57 int server_socket(struct sockaddr_storage *, in_port_t, 58 struct server_config *, int, int); 59 int server_socket_listen(struct sockaddr_storage *, in_port_t, 60 struct server_config *); 61 struct server *server_byid(uint32_t); 62 63 int server_tls_init(struct server *); 64 void server_tls_readcb(int, short, void *); 65 void server_tls_writecb(int, short, void *); 66 void server_tls_handshake(int, short, void *); 67 68 void server_accept(int, short, void *); 69 void server_input(struct client *); 70 void server_inflight_dec(struct client *, const char *); 71 72 extern void bufferevent_read_pressure_cb(struct evbuffer *, size_t, 73 size_t, void *); 74 75 volatile int server_clients; 76 volatile int server_inflight = 0; 77 uint32_t server_cltid; 78 79 static struct privsep_proc procs[] = { 80 { "parent", PROC_PARENT, server_dispatch_parent }, 81 { "logger", PROC_LOGGER, server_dispatch_logger } 82 }; 83 84 void 85 server(struct privsep *ps, struct privsep_proc *p) 86 { 87 proc_run(ps, p, procs, nitems(procs), server_init, NULL); 88 server_http(); 89 } 90 91 void 92 server_shutdown(void) 93 { 94 config_purge(httpd_env, CONFIG_ALL); 95 usleep(200); /* XXX server needs to shutdown last */ 96 } 97 98 int 99 server_privinit(struct server *srv) 100 { 101 struct server *s; 102 103 if (srv->srv_conf.flags & SRVFLAG_LOCATION) 104 return (0); 105 106 log_debug("%s: adding server %s", __func__, srv->srv_conf.name); 107 108 /* 109 * There's no need to open a new socket if a server with the 110 * same address already exists. 111 */ 112 TAILQ_FOREACH(s, httpd_env->sc_servers, srv_entry) { 113 if (s != srv && s->srv_s != -1 && 114 s->srv_conf.port == srv->srv_conf.port && 115 sockaddr_cmp((struct sockaddr *)&s->srv_conf.ss, 116 (struct sockaddr *)&srv->srv_conf.ss, 117 s->srv_conf.prefixlen) == 0) 118 return (0); 119 } 120 121 /* Open listening socket in the privileged process */ 122 if ((srv->srv_conf.flags & SRVFLAG_TLS) && srv->srv_conf.tls_cert == 123 NULL) { 124 /* soft fail if cert is not there yet */ 125 srv->srv_s = -1; 126 return (0); 127 } 128 129 if ((srv->srv_s = server_socket_listen(&srv->srv_conf.ss, 130 srv->srv_conf.port, &srv->srv_conf)) == -1) 131 return (-1); 132 133 return (0); 134 } 135 136 int 137 server_tls_cmp(struct server *s1, struct server *s2, int match_keypair) 138 { 139 struct server_config *sc1, *sc2; 140 141 sc1 = &s1->srv_conf; 142 sc2 = &s2->srv_conf; 143 144 if (sc1->tls_flags != sc2->tls_flags) 145 return (-1); 146 if (sc1->tls_protocols != sc2->tls_protocols) 147 return (-1); 148 if (sc1->tls_ticket_lifetime != sc2->tls_ticket_lifetime) 149 return (-1); 150 if (strcmp(sc1->tls_ciphers, sc2->tls_ciphers) != 0) 151 return (-1); 152 if (strcmp(sc1->tls_dhe_params, sc2->tls_dhe_params) != 0) 153 return (-1); 154 if (strcmp(sc1->tls_ecdhe_curves, sc2->tls_ecdhe_curves) != 0) 155 return (-1); 156 157 if (match_keypair) { 158 if (strcmp(sc1->tls_cert_file, sc2->tls_cert_file) != 0) 159 return (-1); 160 if (strcmp(sc1->tls_key_file, sc2->tls_key_file) != 0) 161 return (-1); 162 } 163 164 return (0); 165 } 166 167 int 168 server_tls_load_keypair(struct server *srv) 169 { 170 if ((srv->srv_conf.flags & SRVFLAG_TLS) == 0) 171 return (0); 172 173 if ((srv->srv_conf.tls_cert = tls_load_file(srv->srv_conf.tls_cert_file, 174 &srv->srv_conf.tls_cert_len, NULL)) == NULL) 175 return (-1); 176 log_debug("%s: using certificate %s", __func__, 177 srv->srv_conf.tls_cert_file); 178 179 /* XXX allow to specify password for encrypted key */ 180 if ((srv->srv_conf.tls_key = tls_load_file(srv->srv_conf.tls_key_file, 181 &srv->srv_conf.tls_key_len, NULL)) == NULL) 182 return (-1); 183 log_debug("%s: using private key %s", __func__, 184 srv->srv_conf.tls_key_file); 185 186 return (0); 187 } 188 189 int 190 server_tls_load_ocsp(struct server *srv) 191 { 192 if ((srv->srv_conf.flags & SRVFLAG_TLS) == 0) 193 return (0); 194 195 if (srv->srv_conf.tls_ocsp_staple_file == NULL) 196 return (0); 197 198 if ((srv->srv_conf.tls_ocsp_staple = tls_load_file( 199 srv->srv_conf.tls_ocsp_staple_file, 200 &srv->srv_conf.tls_ocsp_staple_len, NULL)) == NULL) { 201 log_warnx("%s: Failed to load ocsp staple from %s", __func__, 202 srv->srv_conf.tls_ocsp_staple_file); 203 return (-1); 204 } 205 206 if (srv->srv_conf.tls_ocsp_staple_len == 0) { 207 log_warnx("%s: ignoring 0 length ocsp staple from %s", __func__, 208 srv->srv_conf.tls_ocsp_staple_file); 209 return (0); 210 } 211 212 log_debug("%s: using ocsp staple from %s", __func__, 213 srv->srv_conf.tls_ocsp_staple_file); 214 215 return (0); 216 } 217 218 int 219 server_tls_load_ca(struct server *srv) 220 { 221 if ((srv->srv_conf.tls_flags & TLSFLAG_CA) == 0 || 222 srv->srv_conf.tls_ca_file == NULL) 223 return (0); 224 225 if ((srv->srv_conf.tls_ca = tls_load_file( 226 srv->srv_conf.tls_ca_file, 227 &srv->srv_conf.tls_ca_len, NULL)) == NULL) 228 return (-1); 229 log_debug("%s: using ca cert(s) from %s", __func__, 230 srv->srv_conf.tls_ca_file); 231 232 return (0); 233 } 234 235 int 236 server_tls_load_crl(struct server *srv) 237 { 238 if ((srv->srv_conf.tls_flags & TLSFLAG_CA) == 0 || 239 srv->srv_conf.tls_crl_file == NULL) 240 return (0); 241 242 if ((srv->srv_conf.tls_crl = tls_load_file( 243 srv->srv_conf.tls_crl_file, 244 &srv->srv_conf.tls_crl_len, NULL)) == NULL) 245 return (-1); 246 log_debug("%s: using crl(s) from %s", __func__, 247 srv->srv_conf.tls_crl_file); 248 249 return (0); 250 } 251 252 int 253 server_tls_init(struct server *srv) 254 { 255 struct server_config *srv_conf; 256 257 if ((srv->srv_conf.flags & SRVFLAG_TLS) == 0) 258 return (0); 259 260 if (srv->srv_conf.tls_cert == NULL) 261 /* soft fail if cert is not there yet */ 262 return (0); 263 264 log_debug("%s: setting up tls for %s", __func__, srv->srv_conf.name); 265 266 if (tls_init() != 0) { 267 log_warnx("%s: failed to initialise tls", __func__); 268 return (-1); 269 } 270 if ((srv->srv_tls_config = tls_config_new()) == NULL) { 271 log_warnx("%s: failed to get tls config", __func__); 272 return (-1); 273 } 274 if ((srv->srv_tls_ctx = tls_server()) == NULL) { 275 log_warnx("%s: failed to get tls server", __func__); 276 return (-1); 277 } 278 279 if (tls_config_set_protocols(srv->srv_tls_config, 280 srv->srv_conf.tls_protocols) != 0) { 281 log_warnx("%s: failed to set tls protocols: %s", 282 __func__, tls_config_error(srv->srv_tls_config)); 283 return (-1); 284 } 285 if (tls_config_set_ciphers(srv->srv_tls_config, 286 srv->srv_conf.tls_ciphers) != 0) { 287 log_warnx("%s: failed to set tls ciphers: %s", 288 __func__, tls_config_error(srv->srv_tls_config)); 289 return (-1); 290 } 291 if (tls_config_set_dheparams(srv->srv_tls_config, 292 srv->srv_conf.tls_dhe_params) != 0) { 293 log_warnx("%s: failed to set tls dhe params: %s", 294 __func__, tls_config_error(srv->srv_tls_config)); 295 return (-1); 296 } 297 if (tls_config_set_ecdhecurves(srv->srv_tls_config, 298 srv->srv_conf.tls_ecdhe_curves) != 0) { 299 log_warnx("%s: failed to set tls ecdhe curves: %s", 300 __func__, tls_config_error(srv->srv_tls_config)); 301 return (-1); 302 } 303 304 if (tls_config_set_keypair_ocsp_mem(srv->srv_tls_config, 305 srv->srv_conf.tls_cert, srv->srv_conf.tls_cert_len, 306 srv->srv_conf.tls_key, srv->srv_conf.tls_key_len, 307 srv->srv_conf.tls_ocsp_staple, 308 srv->srv_conf.tls_ocsp_staple_len) != 0) { 309 log_warnx("%s: failed to set tls certificate/key: %s", 310 __func__, tls_config_error(srv->srv_tls_config)); 311 return (-1); 312 } 313 314 if (srv->srv_conf.tls_ca != NULL) { 315 if (tls_config_set_ca_mem(srv->srv_tls_config, 316 srv->srv_conf.tls_ca, srv->srv_conf.tls_ca_len) != 0) { 317 log_warnx("%s: failed to add ca cert(s)", __func__); 318 return (-1); 319 } 320 if (tls_config_set_crl_mem(srv->srv_tls_config, 321 srv->srv_conf.tls_crl, srv->srv_conf.tls_crl_len) != 0) { 322 log_warnx("%s: failed to add crl(s)", __func__); 323 return (-1); 324 } 325 if (srv->srv_conf.tls_flags & TLSFLAG_OPTIONAL) 326 tls_config_verify_client_optional(srv->srv_tls_config); 327 else 328 tls_config_verify_client(srv->srv_tls_config); 329 } 330 331 TAILQ_FOREACH(srv_conf, &srv->srv_hosts, entry) { 332 if (srv_conf->tls_cert == NULL || srv_conf->tls_key == NULL) 333 continue; 334 log_debug("%s: adding keypair for server %s", __func__, 335 srv->srv_conf.name); 336 if (tls_config_add_keypair_ocsp_mem(srv->srv_tls_config, 337 srv_conf->tls_cert, srv_conf->tls_cert_len, 338 srv_conf->tls_key, srv_conf->tls_key_len, 339 srv_conf->tls_ocsp_staple, 340 srv_conf->tls_ocsp_staple_len) != 0) { 341 log_warnx("%s: failed to add tls keypair", __func__); 342 return (-1); 343 } 344 } 345 346 /* set common session ID among all processes */ 347 if (tls_config_set_session_id(srv->srv_tls_config, 348 httpd_env->sc_tls_sid, sizeof(httpd_env->sc_tls_sid)) == -1) { 349 log_warnx("%s: could not set the TLS session ID: %s", 350 __func__, tls_config_error(srv->srv_tls_config)); 351 return (-1); 352 } 353 354 /* ticket support */ 355 if (srv->srv_conf.tls_ticket_lifetime) { 356 if (tls_config_set_session_lifetime(srv->srv_tls_config, 357 srv->srv_conf.tls_ticket_lifetime) == -1) { 358 log_warnx("%s: could not set the TLS session lifetime: " 359 "%s", __func__, 360 tls_config_error(srv->srv_tls_config)); 361 return (-1); 362 } 363 tls_config_add_ticket_key(srv->srv_tls_config, 364 srv->srv_conf.tls_ticket_key.tt_keyrev, 365 srv->srv_conf.tls_ticket_key.tt_key, 366 sizeof(srv->srv_conf.tls_ticket_key.tt_key)); 367 explicit_bzero(&srv->srv_conf.tls_ticket_key, 368 sizeof(srv->srv_conf.tls_ticket_key)); 369 } 370 371 if (tls_configure(srv->srv_tls_ctx, srv->srv_tls_config) != 0) { 372 log_warnx("%s: failed to configure tls - %s", __func__, 373 tls_error(srv->srv_tls_ctx)); 374 return (-1); 375 } 376 377 /* We're now done with the public/private key & ca/crl... */ 378 tls_config_clear_keys(srv->srv_tls_config); 379 freezero(srv->srv_conf.tls_cert, srv->srv_conf.tls_cert_len); 380 freezero(srv->srv_conf.tls_key, srv->srv_conf.tls_key_len); 381 free(srv->srv_conf.tls_ca); 382 free(srv->srv_conf.tls_crl); 383 srv->srv_conf.tls_ca = NULL; 384 srv->srv_conf.tls_cert = NULL; 385 srv->srv_conf.tls_crl = NULL; 386 srv->srv_conf.tls_key = NULL; 387 srv->srv_conf.tls_ca_len = 0; 388 srv->srv_conf.tls_cert_len = 0; 389 srv->srv_conf.tls_crl_len = 0; 390 srv->srv_conf.tls_key_len = 0; 391 392 return (0); 393 } 394 395 void 396 server_generate_ticket_key(struct server_config *srv_conf) 397 { 398 struct server_tls_ticket *key = &srv_conf->tls_ticket_key; 399 400 key->tt_id = srv_conf->id; 401 key->tt_keyrev = arc4random(); 402 arc4random_buf(key->tt_key, sizeof(key->tt_key)); 403 } 404 405 void 406 server_init(struct privsep *ps, struct privsep_proc *p, void *arg) 407 { 408 server_http(); 409 410 if (config_init(ps->ps_env) == -1) 411 fatal("failed to initialize configuration"); 412 413 /* We use a custom shutdown callback */ 414 p->p_shutdown = server_shutdown; 415 416 /* Unlimited file descriptors (use system limits) */ 417 socket_rlimit(-1); 418 419 if (pledge("stdio rpath inet unix recvfd", NULL) == -1) 420 fatal("pledge"); 421 422 #if 0 423 /* Schedule statistics timer */ 424 evtimer_set(&ps->ps_env->sc_statev, server_statistics, NULL); 425 memcpy(&tv, &ps->ps_env->sc_statinterval, sizeof(tv)); 426 evtimer_add(&ps->ps_env->sc_statev, &tv); 427 #endif 428 } 429 430 void 431 server_launch(void) 432 { 433 struct server *srv; 434 435 TAILQ_FOREACH(srv, httpd_env->sc_servers, srv_entry) { 436 log_debug("%s: configuring server %s", __func__, 437 srv->srv_conf.name); 438 439 server_tls_init(srv); 440 server_http_init(srv); 441 442 log_debug("%s: running server %s", __func__, 443 srv->srv_conf.name); 444 445 event_set(&srv->srv_ev, srv->srv_s, EV_READ, 446 server_accept, srv); 447 event_add(&srv->srv_ev, NULL); 448 evtimer_set(&srv->srv_evt, server_accept, srv); 449 } 450 } 451 452 void 453 server_purge(struct server *srv) 454 { 455 struct client *clt; 456 struct server_config *srv_conf; 457 458 /* shutdown and remove server */ 459 if (event_initialized(&srv->srv_ev)) 460 event_del(&srv->srv_ev); 461 if (evtimer_initialized(&srv->srv_evt)) 462 evtimer_del(&srv->srv_evt); 463 464 if (srv->srv_s != -1) 465 close(srv->srv_s); 466 TAILQ_REMOVE(httpd_env->sc_servers, srv, srv_entry); 467 468 /* cleanup sessions */ 469 while ((clt = 470 SPLAY_ROOT(&srv->srv_clients)) != NULL) 471 server_close(clt, NULL); 472 473 /* cleanup hosts */ 474 while ((srv_conf = 475 TAILQ_FIRST(&srv->srv_hosts)) != NULL) { 476 TAILQ_REMOVE(&srv->srv_hosts, srv_conf, entry); 477 478 /* It might point to our own "default" entry */ 479 if (srv_conf != &srv->srv_conf) { 480 serverconfig_free(srv_conf); 481 free(srv_conf); 482 } 483 } 484 485 tls_config_free(srv->srv_tls_config); 486 tls_free(srv->srv_tls_ctx); 487 488 free(srv); 489 } 490 491 void 492 serverconfig_free(struct server_config *srv_conf) 493 { 494 struct fastcgi_param *param, *tparam; 495 496 free(srv_conf->return_uri); 497 free(srv_conf->tls_ca_file); 498 free(srv_conf->tls_ca); 499 free(srv_conf->tls_cert_file); 500 free(srv_conf->tls_crl_file); 501 free(srv_conf->tls_crl); 502 free(srv_conf->tls_key_file); 503 free(srv_conf->tls_ocsp_staple_file); 504 free(srv_conf->tls_ocsp_staple); 505 freezero(srv_conf->tls_cert, srv_conf->tls_cert_len); 506 freezero(srv_conf->tls_key, srv_conf->tls_key_len); 507 508 TAILQ_FOREACH_SAFE(param, &srv_conf->fcgiparams, entry, tparam) 509 free(param); 510 } 511 512 void 513 serverconfig_reset(struct server_config *srv_conf) 514 { 515 srv_conf->auth = NULL; 516 srv_conf->return_uri = NULL; 517 srv_conf->tls_ca = NULL; 518 srv_conf->tls_ca_file = NULL; 519 srv_conf->tls_cert = NULL; 520 srv_conf->tls_cert_file = NULL; 521 srv_conf->tls_crl = NULL; 522 srv_conf->tls_crl_file = NULL; 523 srv_conf->tls_key = NULL; 524 srv_conf->tls_key_file = NULL; 525 srv_conf->tls_ocsp_staple = NULL; 526 srv_conf->tls_ocsp_staple_file = NULL; 527 TAILQ_INIT(&srv_conf->fcgiparams); 528 } 529 530 struct server * 531 server_byaddr(struct sockaddr *addr, in_port_t port) 532 { 533 struct server *srv; 534 535 TAILQ_FOREACH(srv, httpd_env->sc_servers, srv_entry) { 536 if (port == srv->srv_conf.port && 537 sockaddr_cmp((struct sockaddr *)&srv->srv_conf.ss, 538 addr, srv->srv_conf.prefixlen) == 0) 539 return (srv); 540 } 541 542 return (NULL); 543 } 544 545 struct server_config * 546 serverconfig_byid(uint32_t id) 547 { 548 struct server *srv; 549 struct server_config *srv_conf; 550 551 TAILQ_FOREACH(srv, httpd_env->sc_servers, srv_entry) { 552 if (srv->srv_conf.id == id) 553 return (&srv->srv_conf); 554 TAILQ_FOREACH(srv_conf, &srv->srv_hosts, entry) { 555 if (srv_conf->id == id) 556 return (srv_conf); 557 } 558 } 559 560 return (NULL); 561 } 562 563 struct server * 564 server_byid(uint32_t id) 565 { 566 struct server *srv; 567 568 TAILQ_FOREACH(srv, httpd_env->sc_servers, srv_entry) { 569 if (srv->srv_conf.id == id) 570 return (srv); 571 } 572 return (NULL); 573 } 574 575 int 576 server_foreach(int (*srv_cb)(struct server *, 577 struct server_config *, void *), void *arg) 578 { 579 struct server *srv; 580 struct server_config *srv_conf; 581 582 TAILQ_FOREACH(srv, httpd_env->sc_servers, srv_entry) { 583 if ((srv_cb)(srv, &srv->srv_conf, arg) == -1) 584 return (-1); 585 TAILQ_FOREACH(srv_conf, &srv->srv_hosts, entry) { 586 if ((srv_cb)(srv, srv_conf, arg) == -1) 587 return (-1); 588 } 589 } 590 591 return (0); 592 } 593 594 struct server * 595 server_match(struct server *s2, int match_name) 596 { 597 struct server *s1; 598 599 /* Attempt to find matching server. */ 600 TAILQ_FOREACH(s1, httpd_env->sc_servers, srv_entry) { 601 if ((s1->srv_conf.flags & SRVFLAG_LOCATION) != 0) 602 continue; 603 if (match_name) { 604 if (strcmp(s1->srv_conf.name, s2->srv_conf.name) != 0) 605 continue; 606 } 607 if (s1->srv_conf.port != s2->srv_conf.port) 608 continue; 609 if (sockaddr_cmp( 610 (struct sockaddr *)&s1->srv_conf.ss, 611 (struct sockaddr *)&s2->srv_conf.ss, 612 s1->srv_conf.prefixlen) != 0) 613 continue; 614 615 return (s1); 616 } 617 618 return (NULL); 619 } 620 621 int 622 server_socket_af(struct sockaddr_storage *ss, in_port_t port) 623 { 624 switch (ss->ss_family) { 625 case AF_INET: 626 ((struct sockaddr_in *)ss)->sin_port = port; 627 ((struct sockaddr_in *)ss)->sin_len = 628 sizeof(struct sockaddr_in); 629 break; 630 case AF_INET6: 631 ((struct sockaddr_in6 *)ss)->sin6_port = port; 632 ((struct sockaddr_in6 *)ss)->sin6_len = 633 sizeof(struct sockaddr_in6); 634 break; 635 default: 636 return (-1); 637 } 638 639 return (0); 640 } 641 642 in_port_t 643 server_socket_getport(struct sockaddr_storage *ss) 644 { 645 switch (ss->ss_family) { 646 case AF_INET: 647 return (((struct sockaddr_in *)ss)->sin_port); 648 case AF_INET6: 649 return (((struct sockaddr_in6 *)ss)->sin6_port); 650 default: 651 return (0); 652 } 653 654 /* NOTREACHED */ 655 return (0); 656 } 657 658 int 659 server_socket(struct sockaddr_storage *ss, in_port_t port, 660 struct server_config *srv_conf, int fd, int reuseport) 661 { 662 struct linger lng; 663 int s = -1, val; 664 665 if (server_socket_af(ss, port) == -1) 666 goto bad; 667 668 s = fd == -1 ? socket(ss->ss_family, SOCK_STREAM | SOCK_NONBLOCK, 669 IPPROTO_TCP) : fd; 670 if (s == -1) 671 goto bad; 672 673 /* 674 * Socket options 675 */ 676 memset(&lng, 0, sizeof(lng)); 677 if (setsockopt(s, SOL_SOCKET, SO_LINGER, &lng, sizeof(lng)) == -1) 678 goto bad; 679 if (reuseport) { 680 val = 1; 681 if (setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &val, 682 sizeof(int)) == -1) 683 goto bad; 684 } 685 if (srv_conf->tcpflags & TCPFLAG_BUFSIZ) { 686 val = srv_conf->tcpbufsiz; 687 if (setsockopt(s, SOL_SOCKET, SO_RCVBUF, 688 &val, sizeof(val)) == -1) 689 goto bad; 690 val = srv_conf->tcpbufsiz; 691 if (setsockopt(s, SOL_SOCKET, SO_SNDBUF, 692 &val, sizeof(val)) == -1) 693 goto bad; 694 } 695 696 /* 697 * IP options 698 */ 699 if (srv_conf->tcpflags & TCPFLAG_IPTTL) { 700 val = (int)srv_conf->tcpipttl; 701 switch (ss->ss_family) { 702 case AF_INET: 703 if (setsockopt(s, IPPROTO_IP, IP_TTL, 704 &val, sizeof(val)) == -1) 705 goto bad; 706 break; 707 case AF_INET6: 708 if (setsockopt(s, IPPROTO_IPV6, IPV6_UNICAST_HOPS, 709 &val, sizeof(val)) == -1) 710 goto bad; 711 break; 712 } 713 } 714 if (srv_conf->tcpflags & TCPFLAG_IPMINTTL) { 715 val = (int)srv_conf->tcpipminttl; 716 switch (ss->ss_family) { 717 case AF_INET: 718 if (setsockopt(s, IPPROTO_IP, IP_MINTTL, 719 &val, sizeof(val)) == -1) 720 goto bad; 721 break; 722 case AF_INET6: 723 if (setsockopt(s, IPPROTO_IPV6, IPV6_MINHOPCOUNT, 724 &val, sizeof(val)) == -1) 725 goto bad; 726 break; 727 } 728 } 729 730 /* 731 * TCP options 732 */ 733 if (srv_conf->tcpflags & (TCPFLAG_NODELAY|TCPFLAG_NNODELAY)) { 734 if (srv_conf->tcpflags & TCPFLAG_NNODELAY) 735 val = 0; 736 else 737 val = 1; 738 if (setsockopt(s, IPPROTO_TCP, TCP_NODELAY, 739 &val, sizeof(val)) == -1) 740 goto bad; 741 } 742 if (srv_conf->tcpflags & (TCPFLAG_SACK|TCPFLAG_NSACK)) { 743 if (srv_conf->tcpflags & TCPFLAG_NSACK) 744 val = 0; 745 else 746 val = 1; 747 if (setsockopt(s, IPPROTO_TCP, TCP_SACK_ENABLE, 748 &val, sizeof(val)) == -1) 749 goto bad; 750 } 751 752 return (s); 753 754 bad: 755 if (s != -1) 756 close(s); 757 return (-1); 758 } 759 760 int 761 server_socket_listen(struct sockaddr_storage *ss, in_port_t port, 762 struct server_config *srv_conf) 763 { 764 int s; 765 766 if ((s = server_socket(ss, port, srv_conf, -1, 1)) == -1) 767 return (-1); 768 769 if (bind(s, (struct sockaddr *)ss, ss->ss_len) == -1) 770 goto bad; 771 if (listen(s, srv_conf->tcpbacklog) == -1) 772 goto bad; 773 774 return (s); 775 776 bad: 777 close(s); 778 return (-1); 779 } 780 781 int 782 server_socket_connect(struct sockaddr_storage *ss, in_port_t port, 783 struct server_config *srv_conf) 784 { 785 int s; 786 787 if ((s = server_socket(ss, port, srv_conf, -1, 0)) == -1) 788 return (-1); 789 790 if (connect(s, (struct sockaddr *)ss, ss->ss_len) == -1) { 791 if (errno != EINPROGRESS) 792 goto bad; 793 } 794 795 return (s); 796 797 bad: 798 close(s); 799 return (-1); 800 } 801 802 void 803 server_tls_readcb(int fd, short event, void *arg) 804 { 805 struct bufferevent *bufev = arg; 806 struct client *clt = bufev->cbarg; 807 char rbuf[IBUF_READ_SIZE]; 808 int what = EVBUFFER_READ; 809 int howmuch = IBUF_READ_SIZE; 810 ssize_t ret; 811 size_t len; 812 813 if (event == EV_TIMEOUT) { 814 what |= EVBUFFER_TIMEOUT; 815 goto err; 816 } 817 818 if (bufev->wm_read.high != 0) 819 howmuch = MINIMUM(sizeof(rbuf), bufev->wm_read.high); 820 821 ret = tls_read(clt->clt_tls_ctx, rbuf, howmuch); 822 if (ret == TLS_WANT_POLLIN || ret == TLS_WANT_POLLOUT) { 823 goto retry; 824 } else if (ret == -1) { 825 what |= EVBUFFER_ERROR; 826 goto err; 827 } 828 len = ret; 829 830 if (len == 0) { 831 what |= EVBUFFER_EOF; 832 goto err; 833 } 834 835 if (evbuffer_add(bufev->input, rbuf, len) == -1) { 836 what |= EVBUFFER_ERROR; 837 goto err; 838 } 839 840 server_bufferevent_add(&bufev->ev_read, bufev->timeout_read); 841 842 len = EVBUFFER_LENGTH(bufev->input); 843 if (bufev->wm_read.low != 0 && len < bufev->wm_read.low) 844 return; 845 if (bufev->wm_read.high != 0 && len > bufev->wm_read.high) { 846 struct evbuffer *buf = bufev->input; 847 event_del(&bufev->ev_read); 848 evbuffer_setcb(buf, bufferevent_read_pressure_cb, bufev); 849 return; 850 } 851 852 if (bufev->readcb != NULL) 853 (*bufev->readcb)(bufev, bufev->cbarg); 854 return; 855 856 retry: 857 server_bufferevent_add(&bufev->ev_read, bufev->timeout_read); 858 return; 859 860 err: 861 (*bufev->errorcb)(bufev, what, bufev->cbarg); 862 } 863 864 void 865 server_tls_writecb(int fd, short event, void *arg) 866 { 867 struct bufferevent *bufev = arg; 868 struct client *clt = bufev->cbarg; 869 ssize_t ret; 870 short what = EVBUFFER_WRITE; 871 size_t len; 872 873 if (event == EV_TIMEOUT) { 874 what |= EVBUFFER_TIMEOUT; 875 goto err; 876 } 877 878 if (EVBUFFER_LENGTH(bufev->output)) { 879 ret = tls_write(clt->clt_tls_ctx, 880 EVBUFFER_DATA(bufev->output), 881 EVBUFFER_LENGTH(bufev->output)); 882 if (ret == TLS_WANT_POLLIN || ret == TLS_WANT_POLLOUT) { 883 goto retry; 884 } else if (ret == -1) { 885 what |= EVBUFFER_ERROR; 886 goto err; 887 } 888 len = ret; 889 evbuffer_drain(bufev->output, len); 890 } 891 892 if (EVBUFFER_LENGTH(bufev->output) != 0) 893 server_bufferevent_add(&bufev->ev_write, bufev->timeout_write); 894 895 if (bufev->writecb != NULL && 896 EVBUFFER_LENGTH(bufev->output) <= bufev->wm_write.low) 897 (*bufev->writecb)(bufev, bufev->cbarg); 898 return; 899 900 retry: 901 server_bufferevent_add(&bufev->ev_write, bufev->timeout_write); 902 return; 903 904 err: 905 (*bufev->errorcb)(bufev, what, bufev->cbarg); 906 } 907 908 void 909 server_input(struct client *clt) 910 { 911 struct server_config *srv_conf = clt->clt_srv_conf; 912 evbuffercb inrd = server_read; 913 evbuffercb inwr = server_write; 914 socklen_t slen; 915 916 if (server_httpdesc_init(clt) == -1) { 917 server_close(clt, "failed to allocate http descriptor"); 918 return; 919 } 920 921 clt->clt_toread = TOREAD_HTTP_HEADER; 922 inrd = server_read_http; 923 924 slen = sizeof(clt->clt_sndbufsiz); 925 if (getsockopt(clt->clt_s, SOL_SOCKET, SO_SNDBUF, 926 &clt->clt_sndbufsiz, &slen) == -1) { 927 server_close(clt, "failed to get send buffer size"); 928 return; 929 } 930 931 /* 932 * Client <-> Server 933 */ 934 clt->clt_bev = bufferevent_new(clt->clt_s, inrd, inwr, 935 server_error, clt); 936 if (clt->clt_bev == NULL) { 937 server_close(clt, "failed to allocate input buffer event"); 938 return; 939 } 940 941 if (srv_conf->flags & SRVFLAG_TLS) { 942 event_set(&clt->clt_bev->ev_read, clt->clt_s, EV_READ, 943 server_tls_readcb, clt->clt_bev); 944 event_set(&clt->clt_bev->ev_write, clt->clt_s, EV_WRITE, 945 server_tls_writecb, clt->clt_bev); 946 } 947 948 /* Adjust write watermark to the socket buffer output size */ 949 bufferevent_setwatermark(clt->clt_bev, EV_WRITE, 950 SERVER_MIN_PREFETCHED * clt->clt_sndbufsiz, 0); 951 /* Read at most amount of data that fits in one fcgi record. */ 952 bufferevent_setwatermark(clt->clt_bev, EV_READ, 0, FCGI_CONTENT_SIZE); 953 954 bufferevent_settimeout(clt->clt_bev, 955 srv_conf->requesttimeout.tv_sec, srv_conf->requesttimeout.tv_sec); 956 bufferevent_enable(clt->clt_bev, EV_READ|EV_WRITE); 957 } 958 959 void 960 server_write(struct bufferevent *bev, void *arg) 961 { 962 struct client *clt = arg; 963 struct evbuffer *dst = EVBUFFER_OUTPUT(bev); 964 965 if (EVBUFFER_LENGTH(dst) == 0 && 966 clt->clt_toread == TOREAD_HTTP_NONE) 967 goto done; 968 969 getmonotime(&clt->clt_tv_last); 970 971 if (clt->clt_done) 972 goto done; 973 974 if (clt->clt_srvbev && clt->clt_srvbev_throttled) { 975 bufferevent_enable(clt->clt_srvbev, EV_READ); 976 clt->clt_srvbev_throttled = 0; 977 } 978 979 return; 980 done: 981 (*bev->errorcb)(bev, EVBUFFER_WRITE, bev->cbarg); 982 return; 983 } 984 985 void 986 server_dump(struct client *clt, const void *buf, size_t len) 987 { 988 if (!len) 989 return; 990 991 /* 992 * This function will dump the specified message directly 993 * to the underlying client, without waiting for success 994 * of non-blocking events etc. This is useful to print an 995 * error message before gracefully closing the client. 996 */ 997 if (clt->clt_tls_ctx != NULL) 998 (void)tls_write(clt->clt_tls_ctx, buf, len); 999 else 1000 (void)write(clt->clt_s, buf, len); 1001 } 1002 1003 void 1004 server_read(struct bufferevent *bev, void *arg) 1005 { 1006 struct client *clt = arg; 1007 struct evbuffer *src = EVBUFFER_INPUT(bev); 1008 1009 getmonotime(&clt->clt_tv_last); 1010 1011 if (!EVBUFFER_LENGTH(src)) 1012 return; 1013 if (server_bufferevent_write_buffer(clt, src) == -1) 1014 goto fail; 1015 if (clt->clt_done) 1016 goto done; 1017 1018 if (EVBUFFER_LENGTH(EVBUFFER_OUTPUT(clt->clt_bev)) > (size_t) 1019 SERVER_MAX_PREFETCH * clt->clt_sndbufsiz) { 1020 bufferevent_disable(clt->clt_srvbev, EV_READ); 1021 clt->clt_srvbev_throttled = 1; 1022 } 1023 1024 return; 1025 done: 1026 (*bev->errorcb)(bev, EVBUFFER_READ, bev->cbarg); 1027 return; 1028 fail: 1029 server_close(clt, strerror(errno)); 1030 } 1031 1032 void 1033 server_error(struct bufferevent *bev, short error, void *arg) 1034 { 1035 struct client *clt = arg; 1036 struct evbuffer *dst; 1037 1038 if (error & EVBUFFER_TIMEOUT) { 1039 if (!clt->clt_headersdone && clt->clt_line > 0) 1040 server_abort_http(clt, 408, "timeout"); 1041 else 1042 server_close(clt, "timeout"); 1043 return; 1044 } 1045 if (error & EVBUFFER_ERROR) { 1046 if (errno == EFBIG) { 1047 bufferevent_enable(bev, EV_READ); 1048 return; 1049 } 1050 server_close(clt, "buffer event error"); 1051 return; 1052 } 1053 if (error & EVBUFFER_EOF) { 1054 server_close(clt, "closed"); 1055 return; 1056 } 1057 if (error & (EVBUFFER_READ|EVBUFFER_WRITE)) { 1058 bufferevent_disable(bev, EV_READ|EV_WRITE); 1059 1060 clt->clt_done = 1; 1061 1062 dst = EVBUFFER_OUTPUT(clt->clt_bev); 1063 if (EVBUFFER_LENGTH(dst)) { 1064 /* Finish writing all data first */ 1065 bufferevent_enable(clt->clt_bev, EV_WRITE); 1066 return; 1067 } 1068 1069 server_close(clt, "done"); 1070 return; 1071 } 1072 server_close(clt, "unknown event error"); 1073 return; 1074 } 1075 1076 void 1077 server_accept(int fd, short event, void *arg) 1078 { 1079 struct server *srv = arg; 1080 struct client *clt = NULL; 1081 socklen_t slen; 1082 struct sockaddr_storage ss; 1083 int s = -1; 1084 1085 event_add(&srv->srv_ev, NULL); 1086 if ((event & EV_TIMEOUT)) 1087 return; 1088 1089 slen = sizeof(ss); 1090 if ((s = accept_reserve(fd, (struct sockaddr *)&ss, 1091 &slen, FD_RESERVE, &server_inflight)) == -1) { 1092 /* 1093 * Pause accept if we are out of file descriptors, or 1094 * libevent will haunt us here too. 1095 */ 1096 if (errno == ENFILE || errno == EMFILE) { 1097 struct timeval evtpause = { 1, 0 }; 1098 1099 event_del(&srv->srv_ev); 1100 evtimer_add(&srv->srv_evt, &evtpause); 1101 log_debug("%s: deferring connections", __func__); 1102 } 1103 return; 1104 } 1105 if (server_clients >= SERVER_MAX_CLIENTS) 1106 goto err; 1107 1108 if ((clt = calloc(1, sizeof(*clt))) == NULL) 1109 goto err; 1110 1111 /* Pre-allocate log buffer */ 1112 clt->clt_log = evbuffer_new(); 1113 if (clt->clt_log == NULL) 1114 goto err; 1115 1116 clt->clt_s = s; 1117 clt->clt_fd = -1; 1118 clt->clt_toread = TOREAD_UNLIMITED; 1119 clt->clt_srv = srv; 1120 clt->clt_srv_conf = &srv->srv_conf; 1121 clt->clt_id = ++server_cltid; 1122 clt->clt_srv_id = srv->srv_conf.id; 1123 clt->clt_pid = getpid(); 1124 clt->clt_inflight = 1; 1125 1126 /* get local address */ 1127 slen = sizeof(clt->clt_srv_ss); 1128 if (getsockname(s, (struct sockaddr *)&clt->clt_srv_ss, 1129 &slen) == -1) { 1130 server_close(clt, "listen address lookup failed"); 1131 return; 1132 } 1133 1134 /* get client address */ 1135 memcpy(&clt->clt_ss, &ss, sizeof(clt->clt_ss)); 1136 1137 /* get ports */ 1138 switch (ss.ss_family) { 1139 case AF_INET: 1140 clt->clt_port = ((struct sockaddr_in *)&ss)->sin_port; 1141 break; 1142 case AF_INET6: 1143 clt->clt_port = ((struct sockaddr_in6 *)&ss)->sin6_port; 1144 break; 1145 } 1146 1147 getmonotime(&clt->clt_tv_start); 1148 memcpy(&clt->clt_tv_last, &clt->clt_tv_start, sizeof(clt->clt_tv_last)); 1149 1150 server_clients++; 1151 SPLAY_INSERT(client_tree, &srv->srv_clients, clt); 1152 1153 /* Pre-allocate output buffer */ 1154 clt->clt_output = evbuffer_new(); 1155 if (clt->clt_output == NULL) { 1156 server_close(clt, "failed to allocate output buffer"); 1157 return; 1158 } 1159 1160 if (srv->srv_conf.flags & SRVFLAG_TLS) { 1161 if (tls_accept_socket(srv->srv_tls_ctx, &clt->clt_tls_ctx, 1162 clt->clt_s) != 0) { 1163 server_close(clt, "failed to setup tls context"); 1164 return; 1165 } 1166 event_again(&clt->clt_ev, clt->clt_s, EV_TIMEOUT|EV_READ, 1167 server_tls_handshake, &clt->clt_tv_start, 1168 &srv->srv_conf.timeout, clt); 1169 return; 1170 } 1171 1172 server_input(clt); 1173 return; 1174 1175 err: 1176 if (s != -1) { 1177 close(s); 1178 free(clt); 1179 /* 1180 * the client struct was not completely set up, but still 1181 * counted as an inflight client. account for this. 1182 */ 1183 server_inflight_dec(NULL, __func__); 1184 } 1185 } 1186 1187 void 1188 server_tls_handshake(int fd, short event, void *arg) 1189 { 1190 struct client *clt = (struct client *)arg; 1191 struct server *srv = (struct server *)clt->clt_srv; 1192 int ret; 1193 1194 if (event == EV_TIMEOUT) { 1195 server_close(clt, "tls handshake timeout"); 1196 return; 1197 } 1198 1199 if (srv->srv_tls_ctx == NULL || clt->clt_tls_ctx == NULL) 1200 fatalx("NULL tls context"); 1201 1202 ret = tls_handshake(clt->clt_tls_ctx); 1203 if (ret == 0) { 1204 server_input(clt); 1205 } else if (ret == TLS_WANT_POLLIN) { 1206 event_again(&clt->clt_ev, clt->clt_s, EV_TIMEOUT|EV_READ, 1207 server_tls_handshake, &clt->clt_tv_start, 1208 &srv->srv_conf.timeout, clt); 1209 } else if (ret == TLS_WANT_POLLOUT) { 1210 event_again(&clt->clt_ev, clt->clt_s, EV_TIMEOUT|EV_WRITE, 1211 server_tls_handshake, &clt->clt_tv_start, 1212 &srv->srv_conf.timeout, clt); 1213 } else { 1214 log_debug("%s: tls handshake failed - %s", __func__, 1215 tls_error(clt->clt_tls_ctx)); 1216 server_close(clt, "tls handshake failed"); 1217 } 1218 } 1219 1220 void 1221 server_inflight_dec(struct client *clt, const char *why) 1222 { 1223 if (clt != NULL) { 1224 /* the flight already left inflight mode. */ 1225 if (clt->clt_inflight == 0) 1226 return; 1227 clt->clt_inflight = 0; 1228 } 1229 1230 /* the file was never opened, thus this was an inflight client. */ 1231 server_inflight--; 1232 DPRINTF("%s: inflight decremented, now %d, %s", 1233 __func__, server_inflight, why); 1234 } 1235 1236 void 1237 server_sendlog(struct server_config *srv_conf, int cmd, const char *emsg, ...) 1238 { 1239 va_list ap; 1240 char *msg; 1241 int ret; 1242 struct iovec iov[2]; 1243 1244 if (srv_conf->flags & SRVFLAG_SYSLOG) { 1245 va_start(ap, emsg); 1246 if (cmd == IMSG_LOG_ACCESS) 1247 vlog(LOG_INFO, emsg, ap); 1248 else 1249 vlog(LOG_DEBUG, emsg, ap); 1250 va_end(ap); 1251 return; 1252 } 1253 1254 va_start(ap, emsg); 1255 ret = vasprintf(&msg, emsg, ap); 1256 va_end(ap); 1257 if (ret == -1) { 1258 log_warn("%s: vasprintf", __func__); 1259 return; 1260 } 1261 1262 iov[0].iov_base = &srv_conf->id; 1263 iov[0].iov_len = sizeof(srv_conf->id); 1264 iov[1].iov_base = msg; 1265 iov[1].iov_len = strlen(msg) + 1; 1266 1267 if (proc_composev(httpd_env->sc_ps, PROC_LOGGER, cmd, iov, 2) != 0) { 1268 log_warn("%s: failed to compose imsg", __func__); 1269 return; 1270 } 1271 } 1272 1273 void 1274 server_log(struct client *clt, const char *msg) 1275 { 1276 char ibuf[HOST_NAME_MAX+1], obuf[HOST_NAME_MAX+1]; 1277 struct server_config *srv_conf = clt->clt_srv_conf; 1278 char *ptr = NULL, *vmsg = NULL; 1279 int debug_cmd = -1; 1280 1281 switch (srv_conf->logformat) { 1282 case LOG_FORMAT_CONNECTION: 1283 debug_cmd = IMSG_LOG_ACCESS; 1284 break; 1285 default: 1286 if (log_getverbose() > 1) 1287 debug_cmd = IMSG_LOG_ERROR; 1288 if (EVBUFFER_LENGTH(clt->clt_log)) { 1289 while ((ptr = 1290 evbuffer_readline(clt->clt_log)) != NULL) { 1291 server_sendlog(srv_conf, 1292 IMSG_LOG_ACCESS, "%s", ptr); 1293 free(ptr); 1294 } 1295 } 1296 break; 1297 } 1298 1299 if (debug_cmd != -1 && msg != NULL) { 1300 memset(ibuf, 0, sizeof(ibuf)); 1301 memset(obuf, 0, sizeof(obuf)); 1302 (void)print_host(&clt->clt_ss, ibuf, sizeof(ibuf)); 1303 (void)server_http_host(&clt->clt_srv_ss, obuf, sizeof(obuf)); 1304 if (EVBUFFER_LENGTH(clt->clt_log) && 1305 evbuffer_add_printf(clt->clt_log, "\n") != -1) 1306 ptr = evbuffer_readline(clt->clt_log); 1307 (void)stravis(&vmsg, msg, HTTPD_LOGVIS); 1308 server_sendlog(srv_conf, debug_cmd, "server %s, " 1309 "client %d (%d active), %s:%u -> %s, " 1310 "%s%s%s", srv_conf->name, clt->clt_id, server_clients, 1311 ibuf, ntohs(clt->clt_port), obuf, vmsg == NULL ? "" : vmsg, 1312 ptr == NULL ? "" : ",", ptr == NULL ? "" : ptr); 1313 free(vmsg); 1314 free(ptr); 1315 } 1316 } 1317 1318 void 1319 server_close(struct client *clt, const char *msg) 1320 { 1321 struct server *srv = clt->clt_srv; 1322 1323 SPLAY_REMOVE(client_tree, &srv->srv_clients, clt); 1324 1325 /* free the HTTP descriptors incl. headers */ 1326 server_close_http(clt); 1327 1328 event_del(&clt->clt_ev); 1329 if (clt->clt_bev != NULL) 1330 bufferevent_disable(clt->clt_bev, EV_READ|EV_WRITE); 1331 if (clt->clt_srvbev != NULL) 1332 bufferevent_disable(clt->clt_srvbev, EV_READ|EV_WRITE); 1333 1334 server_log(clt, msg); 1335 1336 if (clt->clt_bev != NULL) 1337 bufferevent_free(clt->clt_bev); 1338 if (clt->clt_output != NULL) 1339 evbuffer_free(clt->clt_output); 1340 if (clt->clt_srvevb != NULL) 1341 evbuffer_free(clt->clt_srvevb); 1342 1343 if (clt->clt_srvbev != NULL) 1344 bufferevent_free(clt->clt_srvbev); 1345 if (clt->clt_fd != -1) 1346 close(clt->clt_fd); 1347 if (clt->clt_s != -1) 1348 close(clt->clt_s); 1349 1350 if (clt->clt_tls_ctx != NULL) 1351 tls_close(clt->clt_tls_ctx); 1352 tls_free(clt->clt_tls_ctx); 1353 1354 server_inflight_dec(clt, __func__); 1355 1356 if (clt->clt_log != NULL) 1357 evbuffer_free(clt->clt_log); 1358 1359 free(clt); 1360 server_clients--; 1361 } 1362 1363 int 1364 server_dispatch_parent(int fd, struct privsep_proc *p, struct imsg *imsg) 1365 { 1366 struct server *srv; 1367 struct server_tls_ticket key; 1368 1369 switch (imsg->hdr.type) { 1370 case IMSG_CFG_MEDIA: 1371 config_getmedia(httpd_env, imsg); 1372 break; 1373 case IMSG_CFG_AUTH: 1374 config_getauth(httpd_env, imsg); 1375 break; 1376 case IMSG_CFG_SERVER: 1377 config_getserver(httpd_env, imsg); 1378 break; 1379 case IMSG_CFG_TLS: 1380 config_getserver_tls(httpd_env, imsg); 1381 break; 1382 case IMSG_CFG_FCGI: 1383 config_getserver_fcgiparams(httpd_env, imsg); 1384 break; 1385 case IMSG_CFG_DONE: 1386 config_getcfg(httpd_env, imsg); 1387 break; 1388 case IMSG_CTL_START: 1389 server_launch(); 1390 break; 1391 case IMSG_CTL_RESET: 1392 config_getreset(httpd_env, imsg); 1393 break; 1394 case IMSG_TLSTICKET_REKEY: 1395 IMSG_SIZE_CHECK(imsg, (&key)); 1396 memcpy(&key, imsg->data, sizeof(key)); 1397 /* apply to the right server */ 1398 srv = server_byid(key.tt_id); 1399 if (srv) { 1400 tls_config_add_ticket_key(srv->srv_tls_config, 1401 key.tt_keyrev, key.tt_key, sizeof(key.tt_key)); 1402 } 1403 break; 1404 default: 1405 return (-1); 1406 } 1407 1408 return (0); 1409 } 1410 1411 int 1412 server_dispatch_logger(int fd, struct privsep_proc *p, struct imsg *imsg) 1413 { 1414 switch (imsg->hdr.type) { 1415 default: 1416 return (-1); 1417 } 1418 1419 return (0); 1420 } 1421 1422 int 1423 server_bufferevent_add(struct event *ev, int timeout) 1424 { 1425 struct timeval tv, *ptv = NULL; 1426 1427 if (timeout) { 1428 timerclear(&tv); 1429 tv.tv_sec = timeout; 1430 ptv = &tv; 1431 } 1432 1433 return (event_add(ev, ptv)); 1434 } 1435 1436 int 1437 server_bufferevent_printf(struct client *clt, const char *fmt, ...) 1438 { 1439 int ret; 1440 va_list ap; 1441 char *str; 1442 1443 va_start(ap, fmt); 1444 ret = vasprintf(&str, fmt, ap); 1445 va_end(ap); 1446 1447 if (ret == -1) 1448 return (ret); 1449 1450 ret = server_bufferevent_print(clt, str); 1451 free(str); 1452 1453 return (ret); 1454 } 1455 1456 int 1457 server_bufferevent_print(struct client *clt, const char *str) 1458 { 1459 if (clt->clt_bev == NULL) 1460 return (evbuffer_add(clt->clt_output, str, strlen(str))); 1461 return (bufferevent_write(clt->clt_bev, str, strlen(str))); 1462 } 1463 1464 int 1465 server_bufferevent_write_buffer(struct client *clt, struct evbuffer *buf) 1466 { 1467 if (clt->clt_bev == NULL) 1468 return (evbuffer_add_buffer(clt->clt_output, buf)); 1469 return (bufferevent_write_buffer(clt->clt_bev, buf)); 1470 } 1471 1472 int 1473 server_bufferevent_write_chunk(struct client *clt, 1474 struct evbuffer *buf, size_t size) 1475 { 1476 int ret; 1477 ret = server_bufferevent_write(clt, buf->buffer, size); 1478 if (ret != -1) 1479 evbuffer_drain(buf, size); 1480 return (ret); 1481 } 1482 1483 int 1484 server_bufferevent_write(struct client *clt, void *data, size_t size) 1485 { 1486 if (clt->clt_bev == NULL) 1487 return (evbuffer_add(clt->clt_output, data, size)); 1488 return (bufferevent_write(clt->clt_bev, data, size)); 1489 } 1490 1491 int 1492 server_client_cmp(struct client *a, struct client *b) 1493 { 1494 return ((int)a->clt_id - b->clt_id); 1495 } 1496 1497 SPLAY_GENERATE(client_tree, client, clt_nodes, server_client_cmp); 1498