1 /* $OpenBSD: server.c,v 1.115 2018/10/01 19:24:09 benno Exp $ */ 2 3 /* 4 * Copyright (c) 2006 - 2015 Reyk Floeter <reyk@openbsd.org> 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19 #include <sys/types.h> 20 #include <sys/queue.h> 21 #include <sys/time.h> 22 #include <sys/stat.h> 23 #include <sys/socket.h> 24 #include <sys/uio.h> 25 #include <sys/tree.h> 26 27 #include <netinet/in.h> 28 #include <netinet/tcp.h> 29 #include <arpa/inet.h> 30 31 #include <stdio.h> 32 #include <stdlib.h> 33 #include <stdarg.h> 34 #include <limits.h> 35 #include <errno.h> 36 #include <fcntl.h> 37 #include <string.h> 38 #include <syslog.h> 39 #include <unistd.h> 40 #include <event.h> 41 #include <imsg.h> 42 #include <tls.h> 43 #include <vis.h> 44 45 #include "httpd.h" 46 47 #define MINIMUM(a, b) (((a) < (b)) ? (a) : (b)) 48 49 int server_dispatch_parent(int, struct privsep_proc *, 50 struct imsg *); 51 int server_dispatch_logger(int, struct privsep_proc *, 52 struct imsg *); 53 void server_shutdown(void); 54 55 void server_init(struct privsep *, struct privsep_proc *p, void *); 56 void server_launch(void); 57 int server_socket(struct sockaddr_storage *, in_port_t, 58 struct server_config *, int, int); 59 int server_socket_listen(struct sockaddr_storage *, in_port_t, 60 struct server_config *); 61 struct server *server_byid(uint32_t); 62 63 int server_tls_init(struct server *); 64 void server_tls_readcb(int, short, void *); 65 void server_tls_writecb(int, short, void *); 66 void server_tls_handshake(int, short, void *); 67 68 void server_accept(int, short, void *); 69 void server_input(struct client *); 70 void server_inflight_dec(struct client *, const char *); 71 72 extern void bufferevent_read_pressure_cb(struct evbuffer *, size_t, 73 size_t, void *); 74 75 volatile int server_clients; 76 volatile int server_inflight = 0; 77 uint32_t server_cltid; 78 79 static struct privsep_proc procs[] = { 80 { "parent", PROC_PARENT, server_dispatch_parent }, 81 { "logger", PROC_LOGGER, server_dispatch_logger } 82 }; 83 84 void 85 server(struct privsep *ps, struct privsep_proc *p) 86 { 87 proc_run(ps, p, procs, nitems(procs), server_init, NULL); 88 server_http(); 89 } 90 91 void 92 server_shutdown(void) 93 { 94 config_purge(httpd_env, CONFIG_ALL); 95 usleep(200); /* XXX server needs to shutdown last */ 96 } 97 98 int 99 server_privinit(struct server *srv) 100 { 101 struct server *s; 102 103 if (srv->srv_conf.flags & SRVFLAG_LOCATION) 104 return (0); 105 106 log_debug("%s: adding server %s", __func__, srv->srv_conf.name); 107 108 /* 109 * There's no need to open a new socket if a server with the 110 * same address already exists. 111 */ 112 TAILQ_FOREACH(s, httpd_env->sc_servers, srv_entry) { 113 if (s != srv && s->srv_s != -1 && 114 s->srv_conf.port == srv->srv_conf.port && 115 sockaddr_cmp((struct sockaddr *)&s->srv_conf.ss, 116 (struct sockaddr *)&srv->srv_conf.ss, 117 s->srv_conf.prefixlen) == 0) 118 return (0); 119 } 120 121 /* Open listening socket in the privileged process */ 122 if ((srv->srv_s = server_socket_listen(&srv->srv_conf.ss, 123 srv->srv_conf.port, &srv->srv_conf)) == -1) 124 return (-1); 125 126 return (0); 127 } 128 129 int 130 server_tls_cmp(struct server *s1, struct server *s2, int match_keypair) 131 { 132 struct server_config *sc1, *sc2; 133 134 sc1 = &s1->srv_conf; 135 sc2 = &s2->srv_conf; 136 137 if (sc1->tls_flags != sc2->tls_flags) 138 return (-1); 139 if (sc1->tls_protocols != sc2->tls_protocols) 140 return (-1); 141 if (sc1->tls_ticket_lifetime != sc2->tls_ticket_lifetime) 142 return (-1); 143 if (strcmp(sc1->tls_ciphers, sc2->tls_ciphers) != 0) 144 return (-1); 145 if (strcmp(sc1->tls_dhe_params, sc2->tls_dhe_params) != 0) 146 return (-1); 147 if (strcmp(sc1->tls_ecdhe_curves, sc2->tls_ecdhe_curves) != 0) 148 return (-1); 149 150 if (match_keypair) { 151 if (strcmp(sc1->tls_cert_file, sc2->tls_cert_file) != 0) 152 return (-1); 153 if (strcmp(sc1->tls_key_file, sc2->tls_key_file) != 0) 154 return (-1); 155 } 156 157 return (0); 158 } 159 160 int 161 server_tls_load_keypair(struct server *srv) 162 { 163 if ((srv->srv_conf.flags & SRVFLAG_TLS) == 0) 164 return (0); 165 166 if ((srv->srv_conf.tls_cert = tls_load_file(srv->srv_conf.tls_cert_file, 167 &srv->srv_conf.tls_cert_len, NULL)) == NULL) 168 return (-1); 169 log_debug("%s: using certificate %s", __func__, 170 srv->srv_conf.tls_cert_file); 171 172 /* XXX allow to specify password for encrypted key */ 173 if ((srv->srv_conf.tls_key = tls_load_file(srv->srv_conf.tls_key_file, 174 &srv->srv_conf.tls_key_len, NULL)) == NULL) 175 return (-1); 176 log_debug("%s: using private key %s", __func__, 177 srv->srv_conf.tls_key_file); 178 179 return (0); 180 } 181 182 int 183 server_tls_load_ocsp(struct server *srv) 184 { 185 if ((srv->srv_conf.flags & SRVFLAG_TLS) == 0) 186 return (0); 187 188 if (srv->srv_conf.tls_ocsp_staple_file == NULL) 189 return (0); 190 191 if ((srv->srv_conf.tls_ocsp_staple = tls_load_file( 192 srv->srv_conf.tls_ocsp_staple_file, 193 &srv->srv_conf.tls_ocsp_staple_len, NULL)) == NULL) { 194 log_warnx("%s: Failed to load ocsp staple from %s", __func__, 195 srv->srv_conf.tls_ocsp_staple_file); 196 return (-1); 197 } 198 199 if (srv->srv_conf.tls_ocsp_staple_len == 0) { 200 log_warnx("%s: ignoring 0 length ocsp staple from %s", __func__, 201 srv->srv_conf.tls_ocsp_staple_file); 202 return (0); 203 } 204 205 log_debug("%s: using ocsp staple from %s", __func__, 206 srv->srv_conf.tls_ocsp_staple_file); 207 208 return (0); 209 } 210 211 int 212 server_tls_load_ca(struct server *srv) 213 { 214 if ((srv->srv_conf.tls_flags & TLSFLAG_CA) == 0 || 215 srv->srv_conf.tls_ca_file == NULL) 216 return (0); 217 218 if ((srv->srv_conf.tls_ca = tls_load_file( 219 srv->srv_conf.tls_ca_file, 220 &srv->srv_conf.tls_ca_len, NULL)) == NULL) 221 return (-1); 222 log_debug("%s: using ca cert(s) from %s", __func__, 223 srv->srv_conf.tls_ca_file); 224 225 return (0); 226 } 227 228 int 229 server_tls_load_crl(struct server *srv) 230 { 231 if ((srv->srv_conf.tls_flags & TLSFLAG_CA) == 0 || 232 srv->srv_conf.tls_crl_file == NULL) 233 return (0); 234 235 if ((srv->srv_conf.tls_crl = tls_load_file( 236 srv->srv_conf.tls_crl_file, 237 &srv->srv_conf.tls_crl_len, NULL)) == NULL) 238 return (-1); 239 log_debug("%s: using crl(s) from %s", __func__, 240 srv->srv_conf.tls_crl_file); 241 242 return (0); 243 } 244 245 int 246 server_tls_init(struct server *srv) 247 { 248 struct server_config *srv_conf; 249 250 if ((srv->srv_conf.flags & SRVFLAG_TLS) == 0) 251 return (0); 252 253 log_debug("%s: setting up tls for %s", __func__, srv->srv_conf.name); 254 255 if (tls_init() != 0) { 256 log_warnx("%s: failed to initialise tls", __func__); 257 return (-1); 258 } 259 if ((srv->srv_tls_config = tls_config_new()) == NULL) { 260 log_warnx("%s: failed to get tls config", __func__); 261 return (-1); 262 } 263 if ((srv->srv_tls_ctx = tls_server()) == NULL) { 264 log_warnx("%s: failed to get tls server", __func__); 265 return (-1); 266 } 267 268 if (tls_config_set_protocols(srv->srv_tls_config, 269 srv->srv_conf.tls_protocols) != 0) { 270 log_warnx("%s: failed to set tls protocols: %s", 271 __func__, tls_config_error(srv->srv_tls_config)); 272 return (-1); 273 } 274 if (tls_config_set_ciphers(srv->srv_tls_config, 275 srv->srv_conf.tls_ciphers) != 0) { 276 log_warnx("%s: failed to set tls ciphers: %s", 277 __func__, tls_config_error(srv->srv_tls_config)); 278 return (-1); 279 } 280 if (tls_config_set_dheparams(srv->srv_tls_config, 281 srv->srv_conf.tls_dhe_params) != 0) { 282 log_warnx("%s: failed to set tls dhe params: %s", 283 __func__, tls_config_error(srv->srv_tls_config)); 284 return (-1); 285 } 286 if (tls_config_set_ecdhecurves(srv->srv_tls_config, 287 srv->srv_conf.tls_ecdhe_curves) != 0) { 288 log_warnx("%s: failed to set tls ecdhe curves: %s", 289 __func__, tls_config_error(srv->srv_tls_config)); 290 return (-1); 291 } 292 293 if (tls_config_set_keypair_ocsp_mem(srv->srv_tls_config, 294 srv->srv_conf.tls_cert, srv->srv_conf.tls_cert_len, 295 srv->srv_conf.tls_key, srv->srv_conf.tls_key_len, 296 srv->srv_conf.tls_ocsp_staple, 297 srv->srv_conf.tls_ocsp_staple_len) != 0) { 298 log_warnx("%s: failed to set tls certificate/key: %s", 299 __func__, tls_config_error(srv->srv_tls_config)); 300 return (-1); 301 } 302 303 if (srv->srv_conf.tls_ca != NULL) { 304 if (tls_config_set_ca_mem(srv->srv_tls_config, 305 srv->srv_conf.tls_ca, srv->srv_conf.tls_ca_len) != 0) { 306 log_warnx("%s: failed to add ca cert(s)", __func__); 307 return (-1); 308 } 309 if (tls_config_set_crl_mem(srv->srv_tls_config, 310 srv->srv_conf.tls_crl, srv->srv_conf.tls_crl_len) != 0) { 311 log_warnx("%s: failed to add crl(s)", __func__); 312 return (-1); 313 } 314 if (srv->srv_conf.tls_flags & TLSFLAG_OPTIONAL) 315 tls_config_verify_client_optional(srv->srv_tls_config); 316 else 317 tls_config_verify_client(srv->srv_tls_config); 318 } 319 320 TAILQ_FOREACH(srv_conf, &srv->srv_hosts, entry) { 321 if (srv_conf->tls_cert == NULL || srv_conf->tls_key == NULL) 322 continue; 323 log_debug("%s: adding keypair for server %s", __func__, 324 srv->srv_conf.name); 325 if (tls_config_add_keypair_ocsp_mem(srv->srv_tls_config, 326 srv_conf->tls_cert, srv_conf->tls_cert_len, 327 srv_conf->tls_key, srv_conf->tls_key_len, 328 srv_conf->tls_ocsp_staple, 329 srv_conf->tls_ocsp_staple_len) != 0) { 330 log_warnx("%s: failed to add tls keypair", __func__); 331 return (-1); 332 } 333 } 334 335 /* set common session ID among all processes */ 336 if (tls_config_set_session_id(srv->srv_tls_config, 337 httpd_env->sc_tls_sid, sizeof(httpd_env->sc_tls_sid)) == -1) { 338 log_warnx("%s: could not set the TLS session ID: %s", 339 __func__, tls_config_error(srv->srv_tls_config)); 340 return (-1); 341 } 342 343 /* ticket support */ 344 if (srv->srv_conf.tls_ticket_lifetime) { 345 if (tls_config_set_session_lifetime(srv->srv_tls_config, 346 srv->srv_conf.tls_ticket_lifetime) == -1) { 347 log_warnx("%s: could not set the TLS session lifetime: " 348 "%s", __func__, 349 tls_config_error(srv->srv_tls_config)); 350 return (-1); 351 } 352 tls_config_add_ticket_key(srv->srv_tls_config, 353 srv->srv_conf.tls_ticket_key.tt_keyrev, 354 srv->srv_conf.tls_ticket_key.tt_key, 355 sizeof(srv->srv_conf.tls_ticket_key.tt_key)); 356 explicit_bzero(&srv->srv_conf.tls_ticket_key, 357 sizeof(srv->srv_conf.tls_ticket_key)); 358 } 359 360 if (tls_configure(srv->srv_tls_ctx, srv->srv_tls_config) != 0) { 361 log_warnx("%s: failed to configure tls - %s", __func__, 362 tls_error(srv->srv_tls_ctx)); 363 return (-1); 364 } 365 366 /* We're now done with the public/private key & ca/crl... */ 367 tls_config_clear_keys(srv->srv_tls_config); 368 freezero(srv->srv_conf.tls_cert, srv->srv_conf.tls_cert_len); 369 freezero(srv->srv_conf.tls_key, srv->srv_conf.tls_key_len); 370 free(srv->srv_conf.tls_ca); 371 free(srv->srv_conf.tls_crl); 372 srv->srv_conf.tls_ca = NULL; 373 srv->srv_conf.tls_cert = NULL; 374 srv->srv_conf.tls_crl = NULL; 375 srv->srv_conf.tls_key = NULL; 376 srv->srv_conf.tls_ca_len = 0; 377 srv->srv_conf.tls_cert_len = 0; 378 srv->srv_conf.tls_crl_len = 0; 379 srv->srv_conf.tls_key_len = 0; 380 381 return (0); 382 } 383 384 void 385 server_generate_ticket_key(struct server_config *srv_conf) 386 { 387 struct server_tls_ticket *key = &srv_conf->tls_ticket_key; 388 389 key->tt_id = srv_conf->id; 390 key->tt_keyrev = arc4random(); 391 arc4random_buf(key->tt_key, sizeof(key->tt_key)); 392 } 393 394 void 395 server_init(struct privsep *ps, struct privsep_proc *p, void *arg) 396 { 397 server_http(); 398 399 if (config_init(ps->ps_env) == -1) 400 fatal("failed to initialize configuration"); 401 402 /* We use a custom shutdown callback */ 403 p->p_shutdown = server_shutdown; 404 405 /* Unlimited file descriptors (use system limits) */ 406 socket_rlimit(-1); 407 408 if (pledge("stdio rpath inet unix recvfd", NULL) == -1) 409 fatal("pledge"); 410 411 #if 0 412 /* Schedule statistics timer */ 413 evtimer_set(&ps->ps_env->sc_statev, server_statistics, NULL); 414 memcpy(&tv, &ps->ps_env->sc_statinterval, sizeof(tv)); 415 evtimer_add(&ps->ps_env->sc_statev, &tv); 416 #endif 417 } 418 419 void 420 server_launch(void) 421 { 422 struct server *srv; 423 424 TAILQ_FOREACH(srv, httpd_env->sc_servers, srv_entry) { 425 log_debug("%s: configuring server %s", __func__, 426 srv->srv_conf.name); 427 428 server_tls_init(srv); 429 server_http_init(srv); 430 431 log_debug("%s: running server %s", __func__, 432 srv->srv_conf.name); 433 434 event_set(&srv->srv_ev, srv->srv_s, EV_READ, 435 server_accept, srv); 436 event_add(&srv->srv_ev, NULL); 437 evtimer_set(&srv->srv_evt, server_accept, srv); 438 } 439 } 440 441 void 442 server_purge(struct server *srv) 443 { 444 struct client *clt; 445 struct server_config *srv_conf; 446 447 /* shutdown and remove server */ 448 if (event_initialized(&srv->srv_ev)) 449 event_del(&srv->srv_ev); 450 if (evtimer_initialized(&srv->srv_evt)) 451 evtimer_del(&srv->srv_evt); 452 453 if (srv->srv_s != -1) 454 close(srv->srv_s); 455 TAILQ_REMOVE(httpd_env->sc_servers, srv, srv_entry); 456 457 /* cleanup sessions */ 458 while ((clt = 459 SPLAY_ROOT(&srv->srv_clients)) != NULL) 460 server_close(clt, NULL); 461 462 /* cleanup hosts */ 463 while ((srv_conf = 464 TAILQ_FIRST(&srv->srv_hosts)) != NULL) { 465 TAILQ_REMOVE(&srv->srv_hosts, srv_conf, entry); 466 467 /* It might point to our own "default" entry */ 468 if (srv_conf != &srv->srv_conf) { 469 serverconfig_free(srv_conf); 470 free(srv_conf); 471 } 472 } 473 474 tls_config_free(srv->srv_tls_config); 475 tls_free(srv->srv_tls_ctx); 476 477 free(srv); 478 } 479 480 void 481 serverconfig_free(struct server_config *srv_conf) 482 { 483 free(srv_conf->return_uri); 484 free(srv_conf->tls_ca_file); 485 free(srv_conf->tls_ca); 486 free(srv_conf->tls_cert_file); 487 free(srv_conf->tls_crl_file); 488 free(srv_conf->tls_crl); 489 free(srv_conf->tls_key_file); 490 free(srv_conf->tls_ocsp_staple_file); 491 free(srv_conf->tls_ocsp_staple); 492 freezero(srv_conf->tls_cert, srv_conf->tls_cert_len); 493 freezero(srv_conf->tls_key, srv_conf->tls_key_len); 494 } 495 496 void 497 serverconfig_reset(struct server_config *srv_conf) 498 { 499 srv_conf->auth = NULL; 500 srv_conf->return_uri = NULL; 501 srv_conf->tls_ca = NULL; 502 srv_conf->tls_ca_file = NULL; 503 srv_conf->tls_cert = NULL; 504 srv_conf->tls_cert_file = NULL; 505 srv_conf->tls_crl = NULL; 506 srv_conf->tls_crl_file = NULL; 507 srv_conf->tls_key = NULL; 508 srv_conf->tls_key_file = NULL; 509 srv_conf->tls_ocsp_staple = NULL; 510 srv_conf->tls_ocsp_staple_file = NULL; 511 } 512 513 struct server * 514 server_byaddr(struct sockaddr *addr, in_port_t port) 515 { 516 struct server *srv; 517 518 TAILQ_FOREACH(srv, httpd_env->sc_servers, srv_entry) { 519 if (port == srv->srv_conf.port && 520 sockaddr_cmp((struct sockaddr *)&srv->srv_conf.ss, 521 addr, srv->srv_conf.prefixlen) == 0) 522 return (srv); 523 } 524 525 return (NULL); 526 } 527 528 struct server_config * 529 serverconfig_byid(uint32_t id) 530 { 531 struct server *srv; 532 struct server_config *srv_conf; 533 534 TAILQ_FOREACH(srv, httpd_env->sc_servers, srv_entry) { 535 if (srv->srv_conf.id == id) 536 return (&srv->srv_conf); 537 TAILQ_FOREACH(srv_conf, &srv->srv_hosts, entry) { 538 if (srv_conf->id == id) 539 return (srv_conf); 540 } 541 } 542 543 return (NULL); 544 } 545 546 struct server * 547 server_byid(uint32_t id) 548 { 549 struct server *srv; 550 551 TAILQ_FOREACH(srv, httpd_env->sc_servers, srv_entry) { 552 if (srv->srv_conf.id == id) 553 return (srv); 554 } 555 return (NULL); 556 } 557 558 int 559 server_foreach(int (*srv_cb)(struct server *, 560 struct server_config *, void *), void *arg) 561 { 562 struct server *srv; 563 struct server_config *srv_conf; 564 565 TAILQ_FOREACH(srv, httpd_env->sc_servers, srv_entry) { 566 if ((srv_cb)(srv, &srv->srv_conf, arg) == -1) 567 return (-1); 568 TAILQ_FOREACH(srv_conf, &srv->srv_hosts, entry) { 569 if ((srv_cb)(srv, srv_conf, arg) == -1) 570 return (-1); 571 } 572 } 573 574 return (0); 575 } 576 577 struct server * 578 server_match(struct server *s2, int match_name) 579 { 580 struct server *s1; 581 582 /* Attempt to find matching server. */ 583 TAILQ_FOREACH(s1, httpd_env->sc_servers, srv_entry) { 584 if ((s1->srv_conf.flags & SRVFLAG_LOCATION) != 0) 585 continue; 586 if (match_name) { 587 if (strcmp(s1->srv_conf.name, s2->srv_conf.name) != 0) 588 continue; 589 } 590 if (s1->srv_conf.port != s2->srv_conf.port) 591 continue; 592 if (sockaddr_cmp( 593 (struct sockaddr *)&s1->srv_conf.ss, 594 (struct sockaddr *)&s2->srv_conf.ss, 595 s1->srv_conf.prefixlen) != 0) 596 continue; 597 598 return (s1); 599 } 600 601 return (NULL); 602 } 603 604 int 605 server_socket_af(struct sockaddr_storage *ss, in_port_t port) 606 { 607 switch (ss->ss_family) { 608 case AF_INET: 609 ((struct sockaddr_in *)ss)->sin_port = port; 610 ((struct sockaddr_in *)ss)->sin_len = 611 sizeof(struct sockaddr_in); 612 break; 613 case AF_INET6: 614 ((struct sockaddr_in6 *)ss)->sin6_port = port; 615 ((struct sockaddr_in6 *)ss)->sin6_len = 616 sizeof(struct sockaddr_in6); 617 break; 618 default: 619 return (-1); 620 } 621 622 return (0); 623 } 624 625 in_port_t 626 server_socket_getport(struct sockaddr_storage *ss) 627 { 628 switch (ss->ss_family) { 629 case AF_INET: 630 return (((struct sockaddr_in *)ss)->sin_port); 631 case AF_INET6: 632 return (((struct sockaddr_in6 *)ss)->sin6_port); 633 default: 634 return (0); 635 } 636 637 /* NOTREACHED */ 638 return (0); 639 } 640 641 int 642 server_socket(struct sockaddr_storage *ss, in_port_t port, 643 struct server_config *srv_conf, int fd, int reuseport) 644 { 645 struct linger lng; 646 int s = -1, val; 647 648 if (server_socket_af(ss, port) == -1) 649 goto bad; 650 651 s = fd == -1 ? socket(ss->ss_family, SOCK_STREAM | SOCK_NONBLOCK, 652 IPPROTO_TCP) : fd; 653 if (s == -1) 654 goto bad; 655 656 /* 657 * Socket options 658 */ 659 memset(&lng, 0, sizeof(lng)); 660 if (setsockopt(s, SOL_SOCKET, SO_LINGER, &lng, sizeof(lng)) == -1) 661 goto bad; 662 if (reuseport) { 663 val = 1; 664 if (setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &val, 665 sizeof(int)) == -1) 666 goto bad; 667 } 668 if (srv_conf->tcpflags & TCPFLAG_BUFSIZ) { 669 val = srv_conf->tcpbufsiz; 670 if (setsockopt(s, SOL_SOCKET, SO_RCVBUF, 671 &val, sizeof(val)) == -1) 672 goto bad; 673 val = srv_conf->tcpbufsiz; 674 if (setsockopt(s, SOL_SOCKET, SO_SNDBUF, 675 &val, sizeof(val)) == -1) 676 goto bad; 677 } 678 679 /* 680 * IP options 681 */ 682 if (srv_conf->tcpflags & TCPFLAG_IPTTL) { 683 val = (int)srv_conf->tcpipttl; 684 switch (ss->ss_family) { 685 case AF_INET: 686 if (setsockopt(s, IPPROTO_IP, IP_TTL, 687 &val, sizeof(val)) == -1) 688 goto bad; 689 break; 690 case AF_INET6: 691 if (setsockopt(s, IPPROTO_IPV6, IPV6_UNICAST_HOPS, 692 &val, sizeof(val)) == -1) 693 goto bad; 694 break; 695 } 696 } 697 if (srv_conf->tcpflags & TCPFLAG_IPMINTTL) { 698 val = (int)srv_conf->tcpipminttl; 699 switch (ss->ss_family) { 700 case AF_INET: 701 if (setsockopt(s, IPPROTO_IP, IP_MINTTL, 702 &val, sizeof(val)) == -1) 703 goto bad; 704 break; 705 case AF_INET6: 706 if (setsockopt(s, IPPROTO_IPV6, IPV6_MINHOPCOUNT, 707 &val, sizeof(val)) == -1) 708 goto bad; 709 break; 710 } 711 } 712 713 /* 714 * TCP options 715 */ 716 if (srv_conf->tcpflags & (TCPFLAG_NODELAY|TCPFLAG_NNODELAY)) { 717 if (srv_conf->tcpflags & TCPFLAG_NNODELAY) 718 val = 0; 719 else 720 val = 1; 721 if (setsockopt(s, IPPROTO_TCP, TCP_NODELAY, 722 &val, sizeof(val)) == -1) 723 goto bad; 724 } 725 if (srv_conf->tcpflags & (TCPFLAG_SACK|TCPFLAG_NSACK)) { 726 if (srv_conf->tcpflags & TCPFLAG_NSACK) 727 val = 0; 728 else 729 val = 1; 730 if (setsockopt(s, IPPROTO_TCP, TCP_SACK_ENABLE, 731 &val, sizeof(val)) == -1) 732 goto bad; 733 } 734 735 return (s); 736 737 bad: 738 if (s != -1) 739 close(s); 740 return (-1); 741 } 742 743 int 744 server_socket_listen(struct sockaddr_storage *ss, in_port_t port, 745 struct server_config *srv_conf) 746 { 747 int s; 748 749 if ((s = server_socket(ss, port, srv_conf, -1, 1)) == -1) 750 return (-1); 751 752 if (bind(s, (struct sockaddr *)ss, ss->ss_len) == -1) 753 goto bad; 754 if (listen(s, srv_conf->tcpbacklog) == -1) 755 goto bad; 756 757 return (s); 758 759 bad: 760 close(s); 761 return (-1); 762 } 763 764 int 765 server_socket_connect(struct sockaddr_storage *ss, in_port_t port, 766 struct server_config *srv_conf) 767 { 768 int s; 769 770 if ((s = server_socket(ss, port, srv_conf, -1, 0)) == -1) 771 return (-1); 772 773 if (connect(s, (struct sockaddr *)ss, ss->ss_len) == -1) { 774 if (errno != EINPROGRESS) 775 goto bad; 776 } 777 778 return (s); 779 780 bad: 781 close(s); 782 return (-1); 783 } 784 785 void 786 server_tls_readcb(int fd, short event, void *arg) 787 { 788 struct bufferevent *bufev = arg; 789 struct client *clt = bufev->cbarg; 790 char rbuf[IBUF_READ_SIZE]; 791 int what = EVBUFFER_READ; 792 int howmuch = IBUF_READ_SIZE; 793 ssize_t ret; 794 size_t len; 795 796 if (event == EV_TIMEOUT) { 797 what |= EVBUFFER_TIMEOUT; 798 goto err; 799 } 800 801 if (bufev->wm_read.high != 0) 802 howmuch = MINIMUM(sizeof(rbuf), bufev->wm_read.high); 803 804 ret = tls_read(clt->clt_tls_ctx, rbuf, howmuch); 805 if (ret == TLS_WANT_POLLIN || ret == TLS_WANT_POLLOUT) { 806 goto retry; 807 } else if (ret < 0) { 808 what |= EVBUFFER_ERROR; 809 goto err; 810 } 811 len = ret; 812 813 if (len == 0) { 814 what |= EVBUFFER_EOF; 815 goto err; 816 } 817 818 if (evbuffer_add(bufev->input, rbuf, len) == -1) { 819 what |= EVBUFFER_ERROR; 820 goto err; 821 } 822 823 server_bufferevent_add(&bufev->ev_read, bufev->timeout_read); 824 825 len = EVBUFFER_LENGTH(bufev->input); 826 if (bufev->wm_read.low != 0 && len < bufev->wm_read.low) 827 return; 828 if (bufev->wm_read.high != 0 && len > bufev->wm_read.high) { 829 struct evbuffer *buf = bufev->input; 830 event_del(&bufev->ev_read); 831 evbuffer_setcb(buf, bufferevent_read_pressure_cb, bufev); 832 return; 833 } 834 835 if (bufev->readcb != NULL) 836 (*bufev->readcb)(bufev, bufev->cbarg); 837 return; 838 839 retry: 840 server_bufferevent_add(&bufev->ev_read, bufev->timeout_read); 841 return; 842 843 err: 844 (*bufev->errorcb)(bufev, what, bufev->cbarg); 845 } 846 847 void 848 server_tls_writecb(int fd, short event, void *arg) 849 { 850 struct bufferevent *bufev = arg; 851 struct client *clt = bufev->cbarg; 852 ssize_t ret; 853 short what = EVBUFFER_WRITE; 854 size_t len; 855 856 if (event == EV_TIMEOUT) { 857 what |= EVBUFFER_TIMEOUT; 858 goto err; 859 } 860 861 if (EVBUFFER_LENGTH(bufev->output)) { 862 ret = tls_write(clt->clt_tls_ctx, 863 EVBUFFER_DATA(bufev->output), 864 EVBUFFER_LENGTH(bufev->output)); 865 if (ret == TLS_WANT_POLLIN || ret == TLS_WANT_POLLOUT) { 866 goto retry; 867 } else if (ret < 0) { 868 what |= EVBUFFER_ERROR; 869 goto err; 870 } 871 len = ret; 872 evbuffer_drain(bufev->output, len); 873 } 874 875 if (EVBUFFER_LENGTH(bufev->output) != 0) 876 server_bufferevent_add(&bufev->ev_write, bufev->timeout_write); 877 878 if (bufev->writecb != NULL && 879 EVBUFFER_LENGTH(bufev->output) <= bufev->wm_write.low) 880 (*bufev->writecb)(bufev, bufev->cbarg); 881 return; 882 883 retry: 884 server_bufferevent_add(&bufev->ev_write, bufev->timeout_write); 885 return; 886 887 err: 888 (*bufev->errorcb)(bufev, what, bufev->cbarg); 889 } 890 891 void 892 server_input(struct client *clt) 893 { 894 struct server_config *srv_conf = clt->clt_srv_conf; 895 evbuffercb inrd = server_read; 896 evbuffercb inwr = server_write; 897 socklen_t slen; 898 899 if (server_httpdesc_init(clt) == -1) { 900 server_close(clt, "failed to allocate http descriptor"); 901 return; 902 } 903 904 inrd = server_read_http; 905 906 slen = sizeof(clt->clt_sndbufsiz); 907 if (getsockopt(clt->clt_s, SOL_SOCKET, SO_SNDBUF, 908 &clt->clt_sndbufsiz, &slen) == -1) { 909 server_close(clt, "failed to get send buffer size"); 910 return; 911 } 912 913 /* 914 * Client <-> Server 915 */ 916 clt->clt_bev = bufferevent_new(clt->clt_s, inrd, inwr, 917 server_error, clt); 918 if (clt->clt_bev == NULL) { 919 server_close(clt, "failed to allocate input buffer event"); 920 return; 921 } 922 923 if (srv_conf->flags & SRVFLAG_TLS) { 924 event_set(&clt->clt_bev->ev_read, clt->clt_s, EV_READ, 925 server_tls_readcb, clt->clt_bev); 926 event_set(&clt->clt_bev->ev_write, clt->clt_s, EV_WRITE, 927 server_tls_writecb, clt->clt_bev); 928 } 929 930 /* Adjust write watermark to the socket buffer output size */ 931 bufferevent_setwatermark(clt->clt_bev, EV_WRITE, 932 SERVER_MIN_PREFETCHED * clt->clt_sndbufsiz, 0); 933 /* Read at most amount of data that fits in one fcgi record. */ 934 bufferevent_setwatermark(clt->clt_bev, EV_READ, 0, FCGI_CONTENT_SIZE); 935 936 bufferevent_settimeout(clt->clt_bev, 937 srv_conf->requesttimeout.tv_sec, srv_conf->requesttimeout.tv_sec); 938 bufferevent_enable(clt->clt_bev, EV_READ|EV_WRITE); 939 } 940 941 void 942 server_write(struct bufferevent *bev, void *arg) 943 { 944 struct client *clt = arg; 945 struct evbuffer *dst = EVBUFFER_OUTPUT(bev); 946 947 if (EVBUFFER_LENGTH(dst) == 0 && 948 clt->clt_toread == TOREAD_HTTP_NONE) 949 goto done; 950 951 getmonotime(&clt->clt_tv_last); 952 953 if (clt->clt_done) 954 goto done; 955 956 if (clt->clt_srvbev && clt->clt_srvbev_throttled) { 957 bufferevent_enable(clt->clt_srvbev, EV_READ); 958 clt->clt_srvbev_throttled = 0; 959 } 960 961 return; 962 done: 963 (*bev->errorcb)(bev, EVBUFFER_WRITE, bev->cbarg); 964 return; 965 } 966 967 void 968 server_dump(struct client *clt, const void *buf, size_t len) 969 { 970 if (!len) 971 return; 972 973 /* 974 * This function will dump the specified message directly 975 * to the underlying client, without waiting for success 976 * of non-blocking events etc. This is useful to print an 977 * error message before gracefully closing the client. 978 */ 979 if (clt->clt_tls_ctx != NULL) 980 (void)tls_write(clt->clt_tls_ctx, buf, len); 981 else 982 (void)write(clt->clt_s, buf, len); 983 } 984 985 void 986 server_read(struct bufferevent *bev, void *arg) 987 { 988 struct client *clt = arg; 989 struct evbuffer *src = EVBUFFER_INPUT(bev); 990 991 getmonotime(&clt->clt_tv_last); 992 993 if (!EVBUFFER_LENGTH(src)) 994 return; 995 if (server_bufferevent_write_buffer(clt, src) == -1) 996 goto fail; 997 if (clt->clt_done) 998 goto done; 999 1000 if (EVBUFFER_LENGTH(EVBUFFER_OUTPUT(clt->clt_bev)) > (size_t) 1001 SERVER_MAX_PREFETCH * clt->clt_sndbufsiz) { 1002 bufferevent_disable(clt->clt_srvbev, EV_READ); 1003 clt->clt_srvbev_throttled = 1; 1004 } 1005 1006 return; 1007 done: 1008 (*bev->errorcb)(bev, EVBUFFER_READ, bev->cbarg); 1009 return; 1010 fail: 1011 server_close(clt, strerror(errno)); 1012 } 1013 1014 void 1015 server_error(struct bufferevent *bev, short error, void *arg) 1016 { 1017 struct client *clt = arg; 1018 struct evbuffer *dst; 1019 1020 if (error & EVBUFFER_TIMEOUT) { 1021 if (clt->clt_toread != TOREAD_HTTP_INIT) 1022 server_abort_http(clt, 408, "timeout"); 1023 else 1024 server_abort_http(clt, 0, "timeout"); 1025 return; 1026 } 1027 if (error & EVBUFFER_ERROR) { 1028 if (errno == EFBIG) { 1029 bufferevent_enable(bev, EV_READ); 1030 return; 1031 } 1032 server_close(clt, "buffer event error"); 1033 return; 1034 } 1035 if (error & EVBUFFER_EOF) { 1036 server_close(clt, "closed"); 1037 return; 1038 } 1039 if (error & (EVBUFFER_READ|EVBUFFER_WRITE)) { 1040 bufferevent_disable(bev, EV_READ|EV_WRITE); 1041 1042 clt->clt_done = 1; 1043 1044 dst = EVBUFFER_OUTPUT(clt->clt_bev); 1045 if (EVBUFFER_LENGTH(dst)) { 1046 /* Finish writing all data first */ 1047 bufferevent_enable(clt->clt_bev, EV_WRITE); 1048 return; 1049 } 1050 1051 server_close(clt, "done"); 1052 return; 1053 } 1054 server_close(clt, "unknown event error"); 1055 return; 1056 } 1057 1058 void 1059 server_accept(int fd, short event, void *arg) 1060 { 1061 struct server *srv = arg; 1062 struct client *clt = NULL; 1063 socklen_t slen; 1064 struct sockaddr_storage ss; 1065 int s = -1; 1066 1067 event_add(&srv->srv_ev, NULL); 1068 if ((event & EV_TIMEOUT)) 1069 return; 1070 1071 slen = sizeof(ss); 1072 if ((s = accept_reserve(fd, (struct sockaddr *)&ss, 1073 &slen, FD_RESERVE, &server_inflight)) == -1) { 1074 /* 1075 * Pause accept if we are out of file descriptors, or 1076 * libevent will haunt us here too. 1077 */ 1078 if (errno == ENFILE || errno == EMFILE) { 1079 struct timeval evtpause = { 1, 0 }; 1080 1081 event_del(&srv->srv_ev); 1082 evtimer_add(&srv->srv_evt, &evtpause); 1083 log_debug("%s: deferring connections", __func__); 1084 } 1085 return; 1086 } 1087 if (server_clients >= SERVER_MAX_CLIENTS) 1088 goto err; 1089 1090 if ((clt = calloc(1, sizeof(*clt))) == NULL) 1091 goto err; 1092 1093 /* Pre-allocate log buffer */ 1094 clt->clt_log = evbuffer_new(); 1095 if (clt->clt_log == NULL) 1096 goto err; 1097 1098 clt->clt_s = s; 1099 clt->clt_fd = -1; 1100 clt->clt_toread = TOREAD_UNLIMITED; 1101 clt->clt_srv = srv; 1102 clt->clt_srv_conf = &srv->srv_conf; 1103 clt->clt_id = ++server_cltid; 1104 clt->clt_srv_id = srv->srv_conf.id; 1105 clt->clt_pid = getpid(); 1106 clt->clt_inflight = 1; 1107 1108 /* get local address */ 1109 slen = sizeof(clt->clt_srv_ss); 1110 if (getsockname(s, (struct sockaddr *)&clt->clt_srv_ss, 1111 &slen) == -1) { 1112 server_close(clt, "listen address lookup failed"); 1113 return; 1114 } 1115 1116 /* get client address */ 1117 memcpy(&clt->clt_ss, &ss, sizeof(clt->clt_ss)); 1118 1119 /* get ports */ 1120 switch (ss.ss_family) { 1121 case AF_INET: 1122 clt->clt_port = ((struct sockaddr_in *)&ss)->sin_port; 1123 break; 1124 case AF_INET6: 1125 clt->clt_port = ((struct sockaddr_in6 *)&ss)->sin6_port; 1126 break; 1127 } 1128 1129 getmonotime(&clt->clt_tv_start); 1130 memcpy(&clt->clt_tv_last, &clt->clt_tv_start, sizeof(clt->clt_tv_last)); 1131 1132 server_clients++; 1133 SPLAY_INSERT(client_tree, &srv->srv_clients, clt); 1134 1135 /* Pre-allocate output buffer */ 1136 clt->clt_output = evbuffer_new(); 1137 if (clt->clt_output == NULL) { 1138 server_close(clt, "failed to allocate output buffer"); 1139 return; 1140 } 1141 1142 if (srv->srv_conf.flags & SRVFLAG_TLS) { 1143 if (tls_accept_socket(srv->srv_tls_ctx, &clt->clt_tls_ctx, 1144 clt->clt_s) != 0) { 1145 server_close(clt, "failed to setup tls context"); 1146 return; 1147 } 1148 event_again(&clt->clt_ev, clt->clt_s, EV_TIMEOUT|EV_READ, 1149 server_tls_handshake, &clt->clt_tv_start, 1150 &srv->srv_conf.timeout, clt); 1151 return; 1152 } 1153 1154 server_input(clt); 1155 return; 1156 1157 err: 1158 if (s != -1) { 1159 close(s); 1160 free(clt); 1161 /* 1162 * the client struct was not completely set up, but still 1163 * counted as an inflight client. account for this. 1164 */ 1165 server_inflight_dec(NULL, __func__); 1166 } 1167 } 1168 1169 void 1170 server_tls_handshake(int fd, short event, void *arg) 1171 { 1172 struct client *clt = (struct client *)arg; 1173 struct server *srv = (struct server *)clt->clt_srv; 1174 int ret; 1175 1176 if (event == EV_TIMEOUT) { 1177 server_close(clt, "tls handshake timeout"); 1178 return; 1179 } 1180 1181 if (srv->srv_tls_ctx == NULL || clt->clt_tls_ctx == NULL) 1182 fatalx("NULL tls context"); 1183 1184 ret = tls_handshake(clt->clt_tls_ctx); 1185 if (ret == 0) { 1186 server_input(clt); 1187 } else if (ret == TLS_WANT_POLLIN) { 1188 event_again(&clt->clt_ev, clt->clt_s, EV_TIMEOUT|EV_READ, 1189 server_tls_handshake, &clt->clt_tv_start, 1190 &srv->srv_conf.timeout, clt); 1191 } else if (ret == TLS_WANT_POLLOUT) { 1192 event_again(&clt->clt_ev, clt->clt_s, EV_TIMEOUT|EV_WRITE, 1193 server_tls_handshake, &clt->clt_tv_start, 1194 &srv->srv_conf.timeout, clt); 1195 } else { 1196 log_debug("%s: tls handshake failed - %s", __func__, 1197 tls_error(clt->clt_tls_ctx)); 1198 server_close(clt, "tls handshake failed"); 1199 } 1200 } 1201 1202 void 1203 server_inflight_dec(struct client *clt, const char *why) 1204 { 1205 if (clt != NULL) { 1206 /* the flight already left inflight mode. */ 1207 if (clt->clt_inflight == 0) 1208 return; 1209 clt->clt_inflight = 0; 1210 } 1211 1212 /* the file was never opened, thus this was an inflight client. */ 1213 server_inflight--; 1214 DPRINTF("%s: inflight decremented, now %d, %s", 1215 __func__, server_inflight, why); 1216 } 1217 1218 void 1219 server_sendlog(struct server_config *srv_conf, int cmd, const char *emsg, ...) 1220 { 1221 va_list ap; 1222 char *msg; 1223 int ret; 1224 struct iovec iov[2]; 1225 1226 if (srv_conf->flags & SRVFLAG_SYSLOG) { 1227 va_start(ap, emsg); 1228 if (cmd == IMSG_LOG_ACCESS) 1229 vlog(LOG_INFO, emsg, ap); 1230 else 1231 vlog(LOG_DEBUG, emsg, ap); 1232 va_end(ap); 1233 return; 1234 } 1235 1236 va_start(ap, emsg); 1237 ret = vasprintf(&msg, emsg, ap); 1238 va_end(ap); 1239 if (ret == -1) { 1240 log_warn("%s: vasprintf", __func__); 1241 return; 1242 } 1243 1244 iov[0].iov_base = &srv_conf->id; 1245 iov[0].iov_len = sizeof(srv_conf->id); 1246 iov[1].iov_base = msg; 1247 iov[1].iov_len = strlen(msg) + 1; 1248 1249 if (proc_composev(httpd_env->sc_ps, PROC_LOGGER, cmd, iov, 2) != 0) { 1250 log_warn("%s: failed to compose imsg", __func__); 1251 return; 1252 } 1253 } 1254 1255 void 1256 server_log(struct client *clt, const char *msg) 1257 { 1258 char ibuf[HOST_NAME_MAX+1], obuf[HOST_NAME_MAX+1]; 1259 struct server_config *srv_conf = clt->clt_srv_conf; 1260 char *ptr = NULL, *vmsg = NULL; 1261 int debug_cmd = -1; 1262 1263 switch (srv_conf->logformat) { 1264 case LOG_FORMAT_CONNECTION: 1265 debug_cmd = IMSG_LOG_ACCESS; 1266 break; 1267 default: 1268 if (log_getverbose() > 1) 1269 debug_cmd = IMSG_LOG_ERROR; 1270 if (EVBUFFER_LENGTH(clt->clt_log)) { 1271 while ((ptr = 1272 evbuffer_readline(clt->clt_log)) != NULL) { 1273 server_sendlog(srv_conf, 1274 IMSG_LOG_ACCESS, "%s", ptr); 1275 free(ptr); 1276 } 1277 } 1278 break; 1279 } 1280 1281 if (debug_cmd != -1 && msg != NULL) { 1282 memset(ibuf, 0, sizeof(ibuf)); 1283 memset(obuf, 0, sizeof(obuf)); 1284 (void)print_host(&clt->clt_ss, ibuf, sizeof(ibuf)); 1285 (void)server_http_host(&clt->clt_srv_ss, obuf, sizeof(obuf)); 1286 if (EVBUFFER_LENGTH(clt->clt_log) && 1287 evbuffer_add_printf(clt->clt_log, "\n") != -1) 1288 ptr = evbuffer_readline(clt->clt_log); 1289 (void)stravis(&vmsg, msg, HTTPD_LOGVIS); 1290 server_sendlog(srv_conf, debug_cmd, "server %s, " 1291 "client %d (%d active), %s:%u -> %s, " 1292 "%s%s%s", srv_conf->name, clt->clt_id, server_clients, 1293 ibuf, ntohs(clt->clt_port), obuf, vmsg == NULL ? "" : vmsg, 1294 ptr == NULL ? "" : ",", ptr == NULL ? "" : ptr); 1295 free(vmsg); 1296 free(ptr); 1297 } 1298 } 1299 1300 void 1301 server_close(struct client *clt, const char *msg) 1302 { 1303 struct server *srv = clt->clt_srv; 1304 1305 SPLAY_REMOVE(client_tree, &srv->srv_clients, clt); 1306 1307 /* free the HTTP descriptors incl. headers */ 1308 server_close_http(clt); 1309 1310 event_del(&clt->clt_ev); 1311 if (clt->clt_bev != NULL) 1312 bufferevent_disable(clt->clt_bev, EV_READ|EV_WRITE); 1313 if (clt->clt_srvbev != NULL) 1314 bufferevent_disable(clt->clt_srvbev, EV_READ|EV_WRITE); 1315 1316 server_log(clt, msg); 1317 1318 if (clt->clt_bev != NULL) 1319 bufferevent_free(clt->clt_bev); 1320 if (clt->clt_output != NULL) 1321 evbuffer_free(clt->clt_output); 1322 if (clt->clt_srvevb != NULL) 1323 evbuffer_free(clt->clt_srvevb); 1324 1325 if (clt->clt_srvbev != NULL) 1326 bufferevent_free(clt->clt_srvbev); 1327 if (clt->clt_fd != -1) 1328 close(clt->clt_fd); 1329 if (clt->clt_s != -1) 1330 close(clt->clt_s); 1331 1332 if (clt->clt_tls_ctx != NULL) 1333 tls_close(clt->clt_tls_ctx); 1334 tls_free(clt->clt_tls_ctx); 1335 1336 server_inflight_dec(clt, __func__); 1337 1338 if (clt->clt_log != NULL) 1339 evbuffer_free(clt->clt_log); 1340 1341 free(clt); 1342 server_clients--; 1343 } 1344 1345 int 1346 server_dispatch_parent(int fd, struct privsep_proc *p, struct imsg *imsg) 1347 { 1348 struct server *srv; 1349 struct server_tls_ticket key; 1350 1351 switch (imsg->hdr.type) { 1352 case IMSG_CFG_MEDIA: 1353 config_getmedia(httpd_env, imsg); 1354 break; 1355 case IMSG_CFG_AUTH: 1356 config_getauth(httpd_env, imsg); 1357 break; 1358 case IMSG_CFG_SERVER: 1359 config_getserver(httpd_env, imsg); 1360 break; 1361 case IMSG_CFG_TLS: 1362 config_getserver_tls(httpd_env, imsg); 1363 break; 1364 case IMSG_CFG_DONE: 1365 config_getcfg(httpd_env, imsg); 1366 break; 1367 case IMSG_CTL_START: 1368 server_launch(); 1369 break; 1370 case IMSG_CTL_RESET: 1371 config_getreset(httpd_env, imsg); 1372 break; 1373 case IMSG_TLSTICKET_REKEY: 1374 IMSG_SIZE_CHECK(imsg, (&key)); 1375 memcpy(&key, imsg->data, sizeof(key)); 1376 /* apply to the right server */ 1377 srv = server_byid(key.tt_id); 1378 if (srv) { 1379 tls_config_add_ticket_key(srv->srv_tls_config, 1380 key.tt_keyrev, key.tt_key, sizeof(key.tt_key)); 1381 } 1382 break; 1383 default: 1384 return (-1); 1385 } 1386 1387 return (0); 1388 } 1389 1390 int 1391 server_dispatch_logger(int fd, struct privsep_proc *p, struct imsg *imsg) 1392 { 1393 switch (imsg->hdr.type) { 1394 default: 1395 return (-1); 1396 } 1397 1398 return (0); 1399 } 1400 1401 int 1402 server_bufferevent_add(struct event *ev, int timeout) 1403 { 1404 struct timeval tv, *ptv = NULL; 1405 1406 if (timeout) { 1407 timerclear(&tv); 1408 tv.tv_sec = timeout; 1409 ptv = &tv; 1410 } 1411 1412 return (event_add(ev, ptv)); 1413 } 1414 1415 int 1416 server_bufferevent_printf(struct client *clt, const char *fmt, ...) 1417 { 1418 int ret; 1419 va_list ap; 1420 char *str; 1421 1422 va_start(ap, fmt); 1423 ret = vasprintf(&str, fmt, ap); 1424 va_end(ap); 1425 1426 if (ret == -1) 1427 return (ret); 1428 1429 ret = server_bufferevent_print(clt, str); 1430 free(str); 1431 1432 return (ret); 1433 } 1434 1435 int 1436 server_bufferevent_print(struct client *clt, const char *str) 1437 { 1438 if (clt->clt_bev == NULL) 1439 return (evbuffer_add(clt->clt_output, str, strlen(str))); 1440 return (bufferevent_write(clt->clt_bev, str, strlen(str))); 1441 } 1442 1443 int 1444 server_bufferevent_write_buffer(struct client *clt, struct evbuffer *buf) 1445 { 1446 if (clt->clt_bev == NULL) 1447 return (evbuffer_add_buffer(clt->clt_output, buf)); 1448 return (bufferevent_write_buffer(clt->clt_bev, buf)); 1449 } 1450 1451 int 1452 server_bufferevent_write_chunk(struct client *clt, 1453 struct evbuffer *buf, size_t size) 1454 { 1455 int ret; 1456 ret = server_bufferevent_write(clt, buf->buffer, size); 1457 if (ret != -1) 1458 evbuffer_drain(buf, size); 1459 return (ret); 1460 } 1461 1462 int 1463 server_bufferevent_write(struct client *clt, void *data, size_t size) 1464 { 1465 if (clt->clt_bev == NULL) 1466 return (evbuffer_add(clt->clt_output, data, size)); 1467 return (bufferevent_write(clt->clt_bev, data, size)); 1468 } 1469 1470 int 1471 server_client_cmp(struct client *a, struct client *b) 1472 { 1473 return ((int)a->clt_id - b->clt_id); 1474 } 1475 1476 SPLAY_GENERATE(client_tree, client, clt_nodes, server_client_cmp); 1477