1 /* $OpenBSD: server.c,v 1.125 2021/04/10 10:10:07 claudio Exp $ */ 2 3 /* 4 * Copyright (c) 2006 - 2015 Reyk Floeter <reyk@openbsd.org> 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19 #include <sys/types.h> 20 #include <sys/queue.h> 21 #include <sys/time.h> 22 #include <sys/stat.h> 23 #include <sys/socket.h> 24 #include <sys/uio.h> 25 #include <sys/tree.h> 26 27 #include <netinet/in.h> 28 #include <netinet/tcp.h> 29 #include <arpa/inet.h> 30 31 #include <stdio.h> 32 #include <stdlib.h> 33 #include <stdarg.h> 34 #include <limits.h> 35 #include <errno.h> 36 #include <fcntl.h> 37 #include <string.h> 38 #include <syslog.h> 39 #include <unistd.h> 40 #include <event.h> 41 #include <imsg.h> 42 #include <tls.h> 43 #include <vis.h> 44 45 #include "httpd.h" 46 47 #define MINIMUM(a, b) (((a) < (b)) ? (a) : (b)) 48 49 int server_dispatch_parent(int, struct privsep_proc *, 50 struct imsg *); 51 int server_dispatch_logger(int, struct privsep_proc *, 52 struct imsg *); 53 void server_shutdown(void); 54 55 void server_init(struct privsep *, struct privsep_proc *p, void *); 56 void server_launch(void); 57 int server_socket(struct sockaddr_storage *, in_port_t, 58 struct server_config *, int, int); 59 int server_socket_listen(struct sockaddr_storage *, in_port_t, 60 struct server_config *); 61 struct server *server_byid(uint32_t); 62 63 int server_tls_init(struct server *); 64 void server_tls_readcb(int, short, void *); 65 void server_tls_writecb(int, short, void *); 66 void server_tls_handshake(int, short, void *); 67 68 void server_accept(int, short, void *); 69 void server_input(struct client *); 70 void server_inflight_dec(struct client *, const char *); 71 72 extern void bufferevent_read_pressure_cb(struct evbuffer *, size_t, 73 size_t, void *); 74 75 volatile int server_clients; 76 volatile int server_inflight = 0; 77 uint32_t server_cltid; 78 79 static struct privsep_proc procs[] = { 80 { "parent", PROC_PARENT, server_dispatch_parent }, 81 { "logger", PROC_LOGGER, server_dispatch_logger } 82 }; 83 84 void 85 server(struct privsep *ps, struct privsep_proc *p) 86 { 87 proc_run(ps, p, procs, nitems(procs), server_init, NULL); 88 server_http(); 89 } 90 91 void 92 server_shutdown(void) 93 { 94 config_purge(httpd_env, CONFIG_ALL); 95 usleep(200); /* XXX server needs to shutdown last */ 96 } 97 98 int 99 server_privinit(struct server *srv) 100 { 101 struct server *s; 102 103 if (srv->srv_conf.flags & SRVFLAG_LOCATION) 104 return (0); 105 106 log_debug("%s: adding server %s", __func__, srv->srv_conf.name); 107 108 /* 109 * There's no need to open a new socket if a server with the 110 * same address already exists. 111 */ 112 TAILQ_FOREACH(s, httpd_env->sc_servers, srv_entry) { 113 if (s != srv && s->srv_s != -1 && 114 s->srv_conf.port == srv->srv_conf.port && 115 sockaddr_cmp((struct sockaddr *)&s->srv_conf.ss, 116 (struct sockaddr *)&srv->srv_conf.ss, 117 s->srv_conf.prefixlen) == 0) 118 return (0); 119 } 120 121 /* Open listening socket in the privileged process */ 122 if ((srv->srv_s = server_socket_listen(&srv->srv_conf.ss, 123 srv->srv_conf.port, &srv->srv_conf)) == -1) 124 return (-1); 125 126 return (0); 127 } 128 129 int 130 server_tls_cmp(struct server *s1, struct server *s2) 131 { 132 struct server_config *sc1, *sc2; 133 134 sc1 = &s1->srv_conf; 135 sc2 = &s2->srv_conf; 136 137 if (sc1->tls_flags != sc2->tls_flags) 138 return (-1); 139 if (sc1->tls_protocols != sc2->tls_protocols) 140 return (-1); 141 if (sc1->tls_ticket_lifetime != sc2->tls_ticket_lifetime) 142 return (-1); 143 if (strcmp(sc1->tls_ciphers, sc2->tls_ciphers) != 0) 144 return (-1); 145 if (strcmp(sc1->tls_dhe_params, sc2->tls_dhe_params) != 0) 146 return (-1); 147 if (strcmp(sc1->tls_ecdhe_curves, sc2->tls_ecdhe_curves) != 0) 148 return (-1); 149 150 return (0); 151 } 152 153 int 154 server_tls_load_keypair(struct server *srv) 155 { 156 if ((srv->srv_conf.flags & SRVFLAG_TLS) == 0) 157 return (0); 158 159 if ((srv->srv_conf.tls_cert = tls_load_file(srv->srv_conf.tls_cert_file, 160 &srv->srv_conf.tls_cert_len, NULL)) == NULL) 161 return (-1); 162 log_debug("%s: using certificate %s", __func__, 163 srv->srv_conf.tls_cert_file); 164 165 /* XXX allow to specify password for encrypted key */ 166 if ((srv->srv_conf.tls_key = tls_load_file(srv->srv_conf.tls_key_file, 167 &srv->srv_conf.tls_key_len, NULL)) == NULL) 168 return (-1); 169 log_debug("%s: using private key %s", __func__, 170 srv->srv_conf.tls_key_file); 171 172 return (0); 173 } 174 175 int 176 server_tls_load_ocsp(struct server *srv) 177 { 178 if ((srv->srv_conf.flags & SRVFLAG_TLS) == 0) 179 return (0); 180 181 if (srv->srv_conf.tls_ocsp_staple_file == NULL) 182 return (0); 183 184 if ((srv->srv_conf.tls_ocsp_staple = tls_load_file( 185 srv->srv_conf.tls_ocsp_staple_file, 186 &srv->srv_conf.tls_ocsp_staple_len, NULL)) == NULL) { 187 log_warnx("%s: Failed to load ocsp staple from %s", __func__, 188 srv->srv_conf.tls_ocsp_staple_file); 189 return (-1); 190 } 191 192 if (srv->srv_conf.tls_ocsp_staple_len == 0) { 193 log_warnx("%s: ignoring 0 length ocsp staple from %s", __func__, 194 srv->srv_conf.tls_ocsp_staple_file); 195 return (0); 196 } 197 198 log_debug("%s: using ocsp staple from %s", __func__, 199 srv->srv_conf.tls_ocsp_staple_file); 200 201 return (0); 202 } 203 204 int 205 server_tls_load_ca(struct server *srv) 206 { 207 if ((srv->srv_conf.tls_flags & TLSFLAG_CA) == 0 || 208 srv->srv_conf.tls_ca_file == NULL) 209 return (0); 210 211 if ((srv->srv_conf.tls_ca = tls_load_file( 212 srv->srv_conf.tls_ca_file, 213 &srv->srv_conf.tls_ca_len, NULL)) == NULL) 214 return (-1); 215 log_debug("%s: using ca cert(s) from %s", __func__, 216 srv->srv_conf.tls_ca_file); 217 218 return (0); 219 } 220 221 int 222 server_tls_load_crl(struct server *srv) 223 { 224 if ((srv->srv_conf.tls_flags & TLSFLAG_CA) == 0 || 225 srv->srv_conf.tls_crl_file == NULL) 226 return (0); 227 228 if ((srv->srv_conf.tls_crl = tls_load_file( 229 srv->srv_conf.tls_crl_file, 230 &srv->srv_conf.tls_crl_len, NULL)) == NULL) 231 return (-1); 232 log_debug("%s: using crl(s) from %s", __func__, 233 srv->srv_conf.tls_crl_file); 234 235 return (0); 236 } 237 238 int 239 server_tls_init(struct server *srv) 240 { 241 struct server_config *srv_conf; 242 243 if ((srv->srv_conf.flags & SRVFLAG_TLS) == 0) 244 return (0); 245 246 log_debug("%s: setting up tls for %s", __func__, srv->srv_conf.name); 247 248 if (tls_init() != 0) { 249 log_warnx("%s: failed to initialise tls", __func__); 250 return (-1); 251 } 252 if ((srv->srv_tls_config = tls_config_new()) == NULL) { 253 log_warnx("%s: failed to get tls config", __func__); 254 return (-1); 255 } 256 if ((srv->srv_tls_ctx = tls_server()) == NULL) { 257 log_warnx("%s: failed to get tls server", __func__); 258 return (-1); 259 } 260 261 if (tls_config_set_protocols(srv->srv_tls_config, 262 srv->srv_conf.tls_protocols) != 0) { 263 log_warnx("%s: failed to set tls protocols: %s", 264 __func__, tls_config_error(srv->srv_tls_config)); 265 return (-1); 266 } 267 if (tls_config_set_ciphers(srv->srv_tls_config, 268 srv->srv_conf.tls_ciphers) != 0) { 269 log_warnx("%s: failed to set tls ciphers: %s", 270 __func__, tls_config_error(srv->srv_tls_config)); 271 return (-1); 272 } 273 if (tls_config_set_dheparams(srv->srv_tls_config, 274 srv->srv_conf.tls_dhe_params) != 0) { 275 log_warnx("%s: failed to set tls dhe params: %s", 276 __func__, tls_config_error(srv->srv_tls_config)); 277 return (-1); 278 } 279 if (tls_config_set_ecdhecurves(srv->srv_tls_config, 280 srv->srv_conf.tls_ecdhe_curves) != 0) { 281 log_warnx("%s: failed to set tls ecdhe curves: %s", 282 __func__, tls_config_error(srv->srv_tls_config)); 283 return (-1); 284 } 285 286 if (tls_config_set_keypair_ocsp_mem(srv->srv_tls_config, 287 srv->srv_conf.tls_cert, srv->srv_conf.tls_cert_len, 288 srv->srv_conf.tls_key, srv->srv_conf.tls_key_len, 289 srv->srv_conf.tls_ocsp_staple, 290 srv->srv_conf.tls_ocsp_staple_len) != 0) { 291 log_warnx("%s: failed to set tls certificate/key: %s", 292 __func__, tls_config_error(srv->srv_tls_config)); 293 return (-1); 294 } 295 296 if (srv->srv_conf.tls_ca != NULL) { 297 if (tls_config_set_ca_mem(srv->srv_tls_config, 298 srv->srv_conf.tls_ca, srv->srv_conf.tls_ca_len) != 0) { 299 log_warnx("%s: failed to add ca cert(s)", __func__); 300 return (-1); 301 } 302 if (tls_config_set_crl_mem(srv->srv_tls_config, 303 srv->srv_conf.tls_crl, srv->srv_conf.tls_crl_len) != 0) { 304 log_warnx("%s: failed to add crl(s)", __func__); 305 return (-1); 306 } 307 if (srv->srv_conf.tls_flags & TLSFLAG_OPTIONAL) 308 tls_config_verify_client_optional(srv->srv_tls_config); 309 else 310 tls_config_verify_client(srv->srv_tls_config); 311 } 312 313 TAILQ_FOREACH(srv_conf, &srv->srv_hosts, entry) { 314 if (srv_conf->tls_cert == NULL || srv_conf->tls_key == NULL) 315 continue; 316 log_debug("%s: adding keypair for server %s", __func__, 317 srv->srv_conf.name); 318 if (tls_config_add_keypair_ocsp_mem(srv->srv_tls_config, 319 srv_conf->tls_cert, srv_conf->tls_cert_len, 320 srv_conf->tls_key, srv_conf->tls_key_len, 321 srv_conf->tls_ocsp_staple, 322 srv_conf->tls_ocsp_staple_len) != 0) { 323 log_warnx("%s: failed to add tls keypair", __func__); 324 return (-1); 325 } 326 } 327 328 /* set common session ID among all processes */ 329 if (tls_config_set_session_id(srv->srv_tls_config, 330 httpd_env->sc_tls_sid, sizeof(httpd_env->sc_tls_sid)) == -1) { 331 log_warnx("%s: could not set the TLS session ID: %s", 332 __func__, tls_config_error(srv->srv_tls_config)); 333 return (-1); 334 } 335 336 /* ticket support */ 337 if (srv->srv_conf.tls_ticket_lifetime) { 338 if (tls_config_set_session_lifetime(srv->srv_tls_config, 339 srv->srv_conf.tls_ticket_lifetime) == -1) { 340 log_warnx("%s: could not set the TLS session lifetime: " 341 "%s", __func__, 342 tls_config_error(srv->srv_tls_config)); 343 return (-1); 344 } 345 tls_config_add_ticket_key(srv->srv_tls_config, 346 srv->srv_conf.tls_ticket_key.tt_keyrev, 347 srv->srv_conf.tls_ticket_key.tt_key, 348 sizeof(srv->srv_conf.tls_ticket_key.tt_key)); 349 explicit_bzero(&srv->srv_conf.tls_ticket_key, 350 sizeof(srv->srv_conf.tls_ticket_key)); 351 } 352 353 if (tls_configure(srv->srv_tls_ctx, srv->srv_tls_config) != 0) { 354 log_warnx("%s: failed to configure tls - %s", __func__, 355 tls_error(srv->srv_tls_ctx)); 356 return (-1); 357 } 358 359 /* We're now done with the public/private key & ca/crl... */ 360 tls_config_clear_keys(srv->srv_tls_config); 361 freezero(srv->srv_conf.tls_cert, srv->srv_conf.tls_cert_len); 362 freezero(srv->srv_conf.tls_key, srv->srv_conf.tls_key_len); 363 free(srv->srv_conf.tls_ca); 364 free(srv->srv_conf.tls_crl); 365 srv->srv_conf.tls_ca = NULL; 366 srv->srv_conf.tls_cert = NULL; 367 srv->srv_conf.tls_crl = NULL; 368 srv->srv_conf.tls_key = NULL; 369 srv->srv_conf.tls_ca_len = 0; 370 srv->srv_conf.tls_cert_len = 0; 371 srv->srv_conf.tls_crl_len = 0; 372 srv->srv_conf.tls_key_len = 0; 373 374 return (0); 375 } 376 377 void 378 server_generate_ticket_key(struct server_config *srv_conf) 379 { 380 struct server_tls_ticket *key = &srv_conf->tls_ticket_key; 381 382 key->tt_id = srv_conf->id; 383 key->tt_keyrev = arc4random(); 384 arc4random_buf(key->tt_key, sizeof(key->tt_key)); 385 } 386 387 void 388 server_init(struct privsep *ps, struct privsep_proc *p, void *arg) 389 { 390 server_http(); 391 392 if (config_init(ps->ps_env) == -1) 393 fatal("failed to initialize configuration"); 394 395 /* We use a custom shutdown callback */ 396 p->p_shutdown = server_shutdown; 397 398 /* Unlimited file descriptors (use system limits) */ 399 socket_rlimit(-1); 400 401 if (pledge("stdio rpath inet unix recvfd", NULL) == -1) 402 fatal("pledge"); 403 404 #if 0 405 /* Schedule statistics timer */ 406 evtimer_set(&ps->ps_env->sc_statev, server_statistics, NULL); 407 memcpy(&tv, &ps->ps_env->sc_statinterval, sizeof(tv)); 408 evtimer_add(&ps->ps_env->sc_statev, &tv); 409 #endif 410 } 411 412 void 413 server_launch(void) 414 { 415 struct server *srv; 416 417 TAILQ_FOREACH(srv, httpd_env->sc_servers, srv_entry) { 418 log_debug("%s: configuring server %s", __func__, 419 srv->srv_conf.name); 420 421 server_tls_init(srv); 422 server_http_init(srv); 423 424 log_debug("%s: running server %s", __func__, 425 srv->srv_conf.name); 426 427 event_set(&srv->srv_ev, srv->srv_s, EV_READ, 428 server_accept, srv); 429 event_add(&srv->srv_ev, NULL); 430 evtimer_set(&srv->srv_evt, server_accept, srv); 431 } 432 } 433 434 void 435 server_purge(struct server *srv) 436 { 437 struct client *clt; 438 struct server_config *srv_conf; 439 440 /* shutdown and remove server */ 441 if (event_initialized(&srv->srv_ev)) 442 event_del(&srv->srv_ev); 443 if (evtimer_initialized(&srv->srv_evt)) 444 evtimer_del(&srv->srv_evt); 445 446 if (srv->srv_s != -1) 447 close(srv->srv_s); 448 TAILQ_REMOVE(httpd_env->sc_servers, srv, srv_entry); 449 450 /* cleanup sessions */ 451 while ((clt = 452 SPLAY_ROOT(&srv->srv_clients)) != NULL) 453 server_close(clt, NULL); 454 455 /* cleanup hosts */ 456 while ((srv_conf = 457 TAILQ_FIRST(&srv->srv_hosts)) != NULL) { 458 TAILQ_REMOVE(&srv->srv_hosts, srv_conf, entry); 459 460 /* It might point to our own "default" entry */ 461 if (srv_conf != &srv->srv_conf) { 462 serverconfig_free(srv_conf); 463 free(srv_conf); 464 } 465 } 466 467 tls_config_free(srv->srv_tls_config); 468 tls_free(srv->srv_tls_ctx); 469 470 free(srv); 471 } 472 473 void 474 serverconfig_free(struct server_config *srv_conf) 475 { 476 struct fastcgi_param *param, *tparam; 477 478 free(srv_conf->return_uri); 479 free(srv_conf->tls_ca_file); 480 free(srv_conf->tls_ca); 481 free(srv_conf->tls_cert_file); 482 free(srv_conf->tls_crl_file); 483 free(srv_conf->tls_crl); 484 free(srv_conf->tls_key_file); 485 free(srv_conf->tls_ocsp_staple_file); 486 free(srv_conf->tls_ocsp_staple); 487 freezero(srv_conf->tls_cert, srv_conf->tls_cert_len); 488 freezero(srv_conf->tls_key, srv_conf->tls_key_len); 489 490 TAILQ_FOREACH_SAFE(param, &srv_conf->fcgiparams, entry, tparam) 491 free(param); 492 } 493 494 void 495 serverconfig_reset(struct server_config *srv_conf) 496 { 497 srv_conf->auth = NULL; 498 srv_conf->return_uri = NULL; 499 srv_conf->tls_ca = NULL; 500 srv_conf->tls_ca_file = NULL; 501 srv_conf->tls_cert = NULL; 502 srv_conf->tls_cert_file = NULL; 503 srv_conf->tls_crl = NULL; 504 srv_conf->tls_crl_file = NULL; 505 srv_conf->tls_key = NULL; 506 srv_conf->tls_key_file = NULL; 507 srv_conf->tls_ocsp_staple = NULL; 508 srv_conf->tls_ocsp_staple_file = NULL; 509 TAILQ_INIT(&srv_conf->fcgiparams); 510 } 511 512 struct server * 513 server_byaddr(struct sockaddr *addr, in_port_t port) 514 { 515 struct server *srv; 516 517 TAILQ_FOREACH(srv, httpd_env->sc_servers, srv_entry) { 518 if (port == srv->srv_conf.port && 519 sockaddr_cmp((struct sockaddr *)&srv->srv_conf.ss, 520 addr, srv->srv_conf.prefixlen) == 0) 521 return (srv); 522 } 523 524 return (NULL); 525 } 526 527 struct server_config * 528 serverconfig_byid(uint32_t id) 529 { 530 struct server *srv; 531 struct server_config *srv_conf; 532 533 TAILQ_FOREACH(srv, httpd_env->sc_servers, srv_entry) { 534 if (srv->srv_conf.id == id) 535 return (&srv->srv_conf); 536 TAILQ_FOREACH(srv_conf, &srv->srv_hosts, entry) { 537 if (srv_conf->id == id) 538 return (srv_conf); 539 } 540 } 541 542 return (NULL); 543 } 544 545 struct server * 546 server_byid(uint32_t id) 547 { 548 struct server *srv; 549 550 TAILQ_FOREACH(srv, httpd_env->sc_servers, srv_entry) { 551 if (srv->srv_conf.id == id) 552 return (srv); 553 } 554 return (NULL); 555 } 556 557 int 558 server_foreach(int (*srv_cb)(struct server *, 559 struct server_config *, void *), void *arg) 560 { 561 struct server *srv; 562 struct server_config *srv_conf; 563 564 TAILQ_FOREACH(srv, httpd_env->sc_servers, srv_entry) { 565 if ((srv_cb)(srv, &srv->srv_conf, arg) == -1) 566 return (-1); 567 TAILQ_FOREACH(srv_conf, &srv->srv_hosts, entry) { 568 if ((srv_cb)(srv, srv_conf, arg) == -1) 569 return (-1); 570 } 571 } 572 573 return (0); 574 } 575 576 struct server * 577 server_match(struct server *s2, int match_name) 578 { 579 struct server *s1; 580 581 /* Attempt to find matching server. */ 582 TAILQ_FOREACH(s1, httpd_env->sc_servers, srv_entry) { 583 if ((s1->srv_conf.flags & SRVFLAG_LOCATION) != 0) 584 continue; 585 if (match_name) { 586 if (strcmp(s1->srv_conf.name, s2->srv_conf.name) != 0) 587 continue; 588 } 589 if (s1->srv_conf.port != s2->srv_conf.port) 590 continue; 591 if (sockaddr_cmp( 592 (struct sockaddr *)&s1->srv_conf.ss, 593 (struct sockaddr *)&s2->srv_conf.ss, 594 s1->srv_conf.prefixlen) != 0) 595 continue; 596 597 return (s1); 598 } 599 600 return (NULL); 601 } 602 603 int 604 server_socket_af(struct sockaddr_storage *ss, in_port_t port) 605 { 606 switch (ss->ss_family) { 607 case AF_INET: 608 ((struct sockaddr_in *)ss)->sin_port = port; 609 ((struct sockaddr_in *)ss)->sin_len = 610 sizeof(struct sockaddr_in); 611 break; 612 case AF_INET6: 613 ((struct sockaddr_in6 *)ss)->sin6_port = port; 614 ((struct sockaddr_in6 *)ss)->sin6_len = 615 sizeof(struct sockaddr_in6); 616 break; 617 default: 618 return (-1); 619 } 620 621 return (0); 622 } 623 624 in_port_t 625 server_socket_getport(struct sockaddr_storage *ss) 626 { 627 switch (ss->ss_family) { 628 case AF_INET: 629 return (((struct sockaddr_in *)ss)->sin_port); 630 case AF_INET6: 631 return (((struct sockaddr_in6 *)ss)->sin6_port); 632 default: 633 return (0); 634 } 635 636 /* NOTREACHED */ 637 return (0); 638 } 639 640 int 641 server_socket(struct sockaddr_storage *ss, in_port_t port, 642 struct server_config *srv_conf, int fd, int reuseport) 643 { 644 struct linger lng; 645 int s = -1, val; 646 647 if (server_socket_af(ss, port) == -1) 648 goto bad; 649 650 s = fd == -1 ? socket(ss->ss_family, SOCK_STREAM | SOCK_NONBLOCK, 651 IPPROTO_TCP) : fd; 652 if (s == -1) 653 goto bad; 654 655 /* 656 * Socket options 657 */ 658 memset(&lng, 0, sizeof(lng)); 659 if (setsockopt(s, SOL_SOCKET, SO_LINGER, &lng, sizeof(lng)) == -1) 660 goto bad; 661 if (reuseport) { 662 val = 1; 663 if (setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &val, 664 sizeof(int)) == -1) 665 goto bad; 666 } 667 if (srv_conf->tcpflags & TCPFLAG_BUFSIZ) { 668 val = srv_conf->tcpbufsiz; 669 if (setsockopt(s, SOL_SOCKET, SO_RCVBUF, 670 &val, sizeof(val)) == -1) 671 goto bad; 672 val = srv_conf->tcpbufsiz; 673 if (setsockopt(s, SOL_SOCKET, SO_SNDBUF, 674 &val, sizeof(val)) == -1) 675 goto bad; 676 } 677 678 /* 679 * IP options 680 */ 681 if (srv_conf->tcpflags & TCPFLAG_IPTTL) { 682 val = (int)srv_conf->tcpipttl; 683 switch (ss->ss_family) { 684 case AF_INET: 685 if (setsockopt(s, IPPROTO_IP, IP_TTL, 686 &val, sizeof(val)) == -1) 687 goto bad; 688 break; 689 case AF_INET6: 690 if (setsockopt(s, IPPROTO_IPV6, IPV6_UNICAST_HOPS, 691 &val, sizeof(val)) == -1) 692 goto bad; 693 break; 694 } 695 } 696 if (srv_conf->tcpflags & TCPFLAG_IPMINTTL) { 697 val = (int)srv_conf->tcpipminttl; 698 switch (ss->ss_family) { 699 case AF_INET: 700 if (setsockopt(s, IPPROTO_IP, IP_MINTTL, 701 &val, sizeof(val)) == -1) 702 goto bad; 703 break; 704 case AF_INET6: 705 if (setsockopt(s, IPPROTO_IPV6, IPV6_MINHOPCOUNT, 706 &val, sizeof(val)) == -1) 707 goto bad; 708 break; 709 } 710 } 711 712 /* 713 * TCP options 714 */ 715 if (srv_conf->tcpflags & (TCPFLAG_NODELAY|TCPFLAG_NNODELAY)) { 716 if (srv_conf->tcpflags & TCPFLAG_NNODELAY) 717 val = 0; 718 else 719 val = 1; 720 if (setsockopt(s, IPPROTO_TCP, TCP_NODELAY, 721 &val, sizeof(val)) == -1) 722 goto bad; 723 } 724 if (srv_conf->tcpflags & (TCPFLAG_SACK|TCPFLAG_NSACK)) { 725 if (srv_conf->tcpflags & TCPFLAG_NSACK) 726 val = 0; 727 else 728 val = 1; 729 if (setsockopt(s, IPPROTO_TCP, TCP_SACK_ENABLE, 730 &val, sizeof(val)) == -1) 731 goto bad; 732 } 733 734 return (s); 735 736 bad: 737 if (s != -1) 738 close(s); 739 return (-1); 740 } 741 742 int 743 server_socket_listen(struct sockaddr_storage *ss, in_port_t port, 744 struct server_config *srv_conf) 745 { 746 int s; 747 748 if ((s = server_socket(ss, port, srv_conf, -1, 1)) == -1) 749 return (-1); 750 751 if (bind(s, (struct sockaddr *)ss, ss->ss_len) == -1) 752 goto bad; 753 if (listen(s, srv_conf->tcpbacklog) == -1) 754 goto bad; 755 756 return (s); 757 758 bad: 759 close(s); 760 return (-1); 761 } 762 763 int 764 server_socket_connect(struct sockaddr_storage *ss, in_port_t port, 765 struct server_config *srv_conf) 766 { 767 int s; 768 769 if ((s = server_socket(ss, port, srv_conf, -1, 0)) == -1) 770 return (-1); 771 772 if (connect(s, (struct sockaddr *)ss, ss->ss_len) == -1) { 773 if (errno != EINPROGRESS) 774 goto bad; 775 } 776 777 return (s); 778 779 bad: 780 close(s); 781 return (-1); 782 } 783 784 void 785 server_tls_readcb(int fd, short event, void *arg) 786 { 787 struct bufferevent *bufev = arg; 788 struct client *clt = bufev->cbarg; 789 char rbuf[IBUF_READ_SIZE]; 790 int what = EVBUFFER_READ; 791 int howmuch = IBUF_READ_SIZE; 792 ssize_t ret; 793 size_t len; 794 795 if (event == EV_TIMEOUT) { 796 what |= EVBUFFER_TIMEOUT; 797 goto err; 798 } 799 800 if (bufev->wm_read.high != 0) 801 howmuch = MINIMUM(sizeof(rbuf), bufev->wm_read.high); 802 803 ret = tls_read(clt->clt_tls_ctx, rbuf, howmuch); 804 if (ret == TLS_WANT_POLLIN || ret == TLS_WANT_POLLOUT) { 805 goto retry; 806 } else if (ret == -1) { 807 what |= EVBUFFER_ERROR; 808 goto err; 809 } 810 len = ret; 811 812 if (len == 0) { 813 what |= EVBUFFER_EOF; 814 goto err; 815 } 816 817 if (evbuffer_add(bufev->input, rbuf, len) == -1) { 818 what |= EVBUFFER_ERROR; 819 goto err; 820 } 821 822 server_bufferevent_add(&bufev->ev_read, bufev->timeout_read); 823 824 len = EVBUFFER_LENGTH(bufev->input); 825 if (bufev->wm_read.low != 0 && len < bufev->wm_read.low) 826 return; 827 if (bufev->wm_read.high != 0 && len > bufev->wm_read.high) { 828 struct evbuffer *buf = bufev->input; 829 event_del(&bufev->ev_read); 830 evbuffer_setcb(buf, bufferevent_read_pressure_cb, bufev); 831 return; 832 } 833 834 if (bufev->readcb != NULL) 835 (*bufev->readcb)(bufev, bufev->cbarg); 836 return; 837 838 retry: 839 server_bufferevent_add(&bufev->ev_read, bufev->timeout_read); 840 return; 841 842 err: 843 (*bufev->errorcb)(bufev, what, bufev->cbarg); 844 } 845 846 void 847 server_tls_writecb(int fd, short event, void *arg) 848 { 849 struct bufferevent *bufev = arg; 850 struct client *clt = bufev->cbarg; 851 ssize_t ret; 852 short what = EVBUFFER_WRITE; 853 size_t len; 854 855 if (event == EV_TIMEOUT) { 856 what |= EVBUFFER_TIMEOUT; 857 goto err; 858 } 859 860 if (EVBUFFER_LENGTH(bufev->output)) { 861 ret = tls_write(clt->clt_tls_ctx, 862 EVBUFFER_DATA(bufev->output), 863 EVBUFFER_LENGTH(bufev->output)); 864 if (ret == TLS_WANT_POLLIN || ret == TLS_WANT_POLLOUT) { 865 goto retry; 866 } else if (ret == -1) { 867 what |= EVBUFFER_ERROR; 868 goto err; 869 } 870 len = ret; 871 evbuffer_drain(bufev->output, len); 872 } 873 874 if (EVBUFFER_LENGTH(bufev->output) != 0) 875 server_bufferevent_add(&bufev->ev_write, bufev->timeout_write); 876 877 if (bufev->writecb != NULL && 878 EVBUFFER_LENGTH(bufev->output) <= bufev->wm_write.low) 879 (*bufev->writecb)(bufev, bufev->cbarg); 880 return; 881 882 retry: 883 server_bufferevent_add(&bufev->ev_write, bufev->timeout_write); 884 return; 885 886 err: 887 (*bufev->errorcb)(bufev, what, bufev->cbarg); 888 } 889 890 void 891 server_input(struct client *clt) 892 { 893 struct server_config *srv_conf = clt->clt_srv_conf; 894 evbuffercb inrd = server_read; 895 evbuffercb inwr = server_write; 896 socklen_t slen; 897 898 if (server_httpdesc_init(clt) == -1) { 899 server_close(clt, "failed to allocate http descriptor"); 900 return; 901 } 902 903 clt->clt_toread = TOREAD_HTTP_HEADER; 904 inrd = server_read_http; 905 906 slen = sizeof(clt->clt_sndbufsiz); 907 if (getsockopt(clt->clt_s, SOL_SOCKET, SO_SNDBUF, 908 &clt->clt_sndbufsiz, &slen) == -1) { 909 server_close(clt, "failed to get send buffer size"); 910 return; 911 } 912 913 /* 914 * Client <-> Server 915 */ 916 clt->clt_bev = bufferevent_new(clt->clt_s, inrd, inwr, 917 server_error, clt); 918 if (clt->clt_bev == NULL) { 919 server_close(clt, "failed to allocate input buffer event"); 920 return; 921 } 922 923 if (srv_conf->flags & SRVFLAG_TLS) { 924 event_set(&clt->clt_bev->ev_read, clt->clt_s, EV_READ, 925 server_tls_readcb, clt->clt_bev); 926 event_set(&clt->clt_bev->ev_write, clt->clt_s, EV_WRITE, 927 server_tls_writecb, clt->clt_bev); 928 } 929 930 /* Adjust write watermark to the socket buffer output size */ 931 bufferevent_setwatermark(clt->clt_bev, EV_WRITE, 932 SERVER_MIN_PREFETCHED * clt->clt_sndbufsiz, 0); 933 /* Read at most amount of data that fits in one fcgi record. */ 934 bufferevent_setwatermark(clt->clt_bev, EV_READ, 0, FCGI_CONTENT_SIZE); 935 936 bufferevent_settimeout(clt->clt_bev, 937 srv_conf->requesttimeout.tv_sec, srv_conf->requesttimeout.tv_sec); 938 bufferevent_enable(clt->clt_bev, EV_READ|EV_WRITE); 939 } 940 941 void 942 server_write(struct bufferevent *bev, void *arg) 943 { 944 struct client *clt = arg; 945 struct evbuffer *dst = EVBUFFER_OUTPUT(bev); 946 947 if (EVBUFFER_LENGTH(dst) == 0 && 948 clt->clt_toread == TOREAD_HTTP_NONE) 949 goto done; 950 951 getmonotime(&clt->clt_tv_last); 952 953 if (clt->clt_done) 954 goto done; 955 956 if (clt->clt_srvbev && clt->clt_srvbev_throttled) { 957 bufferevent_enable(clt->clt_srvbev, EV_READ); 958 clt->clt_srvbev_throttled = 0; 959 } 960 961 return; 962 done: 963 (*bev->errorcb)(bev, EVBUFFER_WRITE, bev->cbarg); 964 return; 965 } 966 967 void 968 server_dump(struct client *clt, const void *buf, size_t len) 969 { 970 if (!len) 971 return; 972 973 /* 974 * This function will dump the specified message directly 975 * to the underlying client, without waiting for success 976 * of non-blocking events etc. This is useful to print an 977 * error message before gracefully closing the client. 978 */ 979 if (clt->clt_tls_ctx != NULL) 980 (void)tls_write(clt->clt_tls_ctx, buf, len); 981 else 982 (void)write(clt->clt_s, buf, len); 983 } 984 985 void 986 server_read(struct bufferevent *bev, void *arg) 987 { 988 struct client *clt = arg; 989 struct evbuffer *src = EVBUFFER_INPUT(bev); 990 991 getmonotime(&clt->clt_tv_last); 992 993 if (!EVBUFFER_LENGTH(src)) 994 return; 995 if (server_bufferevent_write_buffer(clt, src) == -1) 996 goto fail; 997 if (clt->clt_done) 998 goto done; 999 1000 if (EVBUFFER_LENGTH(EVBUFFER_OUTPUT(clt->clt_bev)) > (size_t) 1001 SERVER_MAX_PREFETCH * clt->clt_sndbufsiz) { 1002 bufferevent_disable(clt->clt_srvbev, EV_READ); 1003 clt->clt_srvbev_throttled = 1; 1004 } 1005 1006 return; 1007 done: 1008 (*bev->errorcb)(bev, EVBUFFER_READ, bev->cbarg); 1009 return; 1010 fail: 1011 server_close(clt, strerror(errno)); 1012 } 1013 1014 void 1015 server_error(struct bufferevent *bev, short error, void *arg) 1016 { 1017 struct client *clt = arg; 1018 struct evbuffer *dst; 1019 1020 if (error & EVBUFFER_TIMEOUT) { 1021 if (!clt->clt_headersdone && clt->clt_line > 0) 1022 server_abort_http(clt, 408, "timeout"); 1023 else 1024 server_close(clt, "timeout"); 1025 return; 1026 } 1027 if (error & EVBUFFER_ERROR) { 1028 if (errno == EFBIG) { 1029 bufferevent_enable(bev, EV_READ); 1030 return; 1031 } 1032 server_close(clt, "buffer event error"); 1033 return; 1034 } 1035 if (error & EVBUFFER_EOF) { 1036 server_close(clt, "closed"); 1037 return; 1038 } 1039 if (error & (EVBUFFER_READ|EVBUFFER_WRITE)) { 1040 bufferevent_disable(bev, EV_READ|EV_WRITE); 1041 1042 clt->clt_done = 1; 1043 1044 dst = EVBUFFER_OUTPUT(clt->clt_bev); 1045 if (EVBUFFER_LENGTH(dst)) { 1046 /* Finish writing all data first */ 1047 bufferevent_enable(clt->clt_bev, EV_WRITE); 1048 return; 1049 } 1050 1051 server_close(clt, "done"); 1052 return; 1053 } 1054 server_close(clt, "unknown event error"); 1055 return; 1056 } 1057 1058 void 1059 server_accept(int fd, short event, void *arg) 1060 { 1061 struct server *srv = arg; 1062 struct client *clt = NULL; 1063 socklen_t slen; 1064 struct sockaddr_storage ss; 1065 int s = -1; 1066 1067 event_add(&srv->srv_ev, NULL); 1068 if ((event & EV_TIMEOUT)) 1069 return; 1070 1071 slen = sizeof(ss); 1072 if ((s = accept_reserve(fd, (struct sockaddr *)&ss, 1073 &slen, FD_RESERVE, &server_inflight)) == -1) { 1074 /* 1075 * Pause accept if we are out of file descriptors, or 1076 * libevent will haunt us here too. 1077 */ 1078 if (errno == ENFILE || errno == EMFILE) { 1079 struct timeval evtpause = { 1, 0 }; 1080 1081 event_del(&srv->srv_ev); 1082 evtimer_add(&srv->srv_evt, &evtpause); 1083 log_debug("%s: deferring connections", __func__); 1084 } 1085 return; 1086 } 1087 if (server_clients >= SERVER_MAX_CLIENTS) 1088 goto err; 1089 1090 if ((clt = calloc(1, sizeof(*clt))) == NULL) 1091 goto err; 1092 1093 /* Pre-allocate log buffer */ 1094 clt->clt_log = evbuffer_new(); 1095 if (clt->clt_log == NULL) 1096 goto err; 1097 1098 clt->clt_s = s; 1099 clt->clt_fd = -1; 1100 clt->clt_toread = TOREAD_UNLIMITED; 1101 clt->clt_srv = srv; 1102 clt->clt_srv_conf = &srv->srv_conf; 1103 clt->clt_id = ++server_cltid; 1104 clt->clt_srv_id = srv->srv_conf.id; 1105 clt->clt_pid = getpid(); 1106 clt->clt_inflight = 1; 1107 1108 /* get local address */ 1109 slen = sizeof(clt->clt_srv_ss); 1110 if (getsockname(s, (struct sockaddr *)&clt->clt_srv_ss, 1111 &slen) == -1) { 1112 server_close(clt, "listen address lookup failed"); 1113 return; 1114 } 1115 1116 /* get client address */ 1117 memcpy(&clt->clt_ss, &ss, sizeof(clt->clt_ss)); 1118 1119 /* get ports */ 1120 switch (ss.ss_family) { 1121 case AF_INET: 1122 clt->clt_port = ((struct sockaddr_in *)&ss)->sin_port; 1123 break; 1124 case AF_INET6: 1125 clt->clt_port = ((struct sockaddr_in6 *)&ss)->sin6_port; 1126 break; 1127 } 1128 1129 getmonotime(&clt->clt_tv_start); 1130 memcpy(&clt->clt_tv_last, &clt->clt_tv_start, sizeof(clt->clt_tv_last)); 1131 1132 server_clients++; 1133 SPLAY_INSERT(client_tree, &srv->srv_clients, clt); 1134 1135 /* Pre-allocate output buffer */ 1136 clt->clt_output = evbuffer_new(); 1137 if (clt->clt_output == NULL) { 1138 server_close(clt, "failed to allocate output buffer"); 1139 return; 1140 } 1141 1142 if (srv->srv_conf.flags & SRVFLAG_TLS) { 1143 if (tls_accept_socket(srv->srv_tls_ctx, &clt->clt_tls_ctx, 1144 clt->clt_s) != 0) { 1145 server_close(clt, "failed to accept tls socket"); 1146 return; 1147 } 1148 event_again(&clt->clt_ev, clt->clt_s, EV_TIMEOUT|EV_READ, 1149 server_tls_handshake, &clt->clt_tv_start, 1150 &srv->srv_conf.timeout, clt); 1151 return; 1152 } 1153 1154 server_input(clt); 1155 return; 1156 1157 err: 1158 if (s != -1) { 1159 close(s); 1160 free(clt); 1161 /* 1162 * the client struct was not completely set up, but still 1163 * counted as an inflight client. account for this. 1164 */ 1165 server_inflight_dec(NULL, __func__); 1166 } 1167 } 1168 1169 void 1170 server_tls_handshake(int fd, short event, void *arg) 1171 { 1172 struct client *clt = (struct client *)arg; 1173 struct server *srv = (struct server *)clt->clt_srv; 1174 int ret; 1175 1176 if (event == EV_TIMEOUT) { 1177 server_close(clt, "tls handshake timeout"); 1178 return; 1179 } 1180 1181 if (srv->srv_tls_ctx == NULL || clt->clt_tls_ctx == NULL) 1182 fatalx("NULL tls context"); 1183 1184 ret = tls_handshake(clt->clt_tls_ctx); 1185 if (ret == 0) { 1186 server_input(clt); 1187 } else if (ret == TLS_WANT_POLLIN) { 1188 event_again(&clt->clt_ev, clt->clt_s, EV_TIMEOUT|EV_READ, 1189 server_tls_handshake, &clt->clt_tv_start, 1190 &srv->srv_conf.timeout, clt); 1191 } else if (ret == TLS_WANT_POLLOUT) { 1192 event_again(&clt->clt_ev, clt->clt_s, EV_TIMEOUT|EV_WRITE, 1193 server_tls_handshake, &clt->clt_tv_start, 1194 &srv->srv_conf.timeout, clt); 1195 } else { 1196 log_debug("%s: tls handshake failed - %s", __func__, 1197 tls_error(clt->clt_tls_ctx)); 1198 server_close(clt, "tls handshake failed"); 1199 } 1200 } 1201 1202 void 1203 server_inflight_dec(struct client *clt, const char *why) 1204 { 1205 if (clt != NULL) { 1206 /* the flight already left inflight mode. */ 1207 if (clt->clt_inflight == 0) 1208 return; 1209 clt->clt_inflight = 0; 1210 } 1211 1212 /* the file was never opened, thus this was an inflight client. */ 1213 server_inflight--; 1214 DPRINTF("%s: inflight decremented, now %d, %s", 1215 __func__, server_inflight, why); 1216 } 1217 1218 void 1219 server_sendlog(struct server_config *srv_conf, int cmd, const char *emsg, ...) 1220 { 1221 va_list ap; 1222 char *msg; 1223 int ret; 1224 struct iovec iov[2]; 1225 1226 if (srv_conf->flags & SRVFLAG_SYSLOG) { 1227 va_start(ap, emsg); 1228 if (cmd == IMSG_LOG_ACCESS) 1229 vlog(LOG_INFO, emsg, ap); 1230 else 1231 vlog(LOG_DEBUG, emsg, ap); 1232 va_end(ap); 1233 return; 1234 } 1235 1236 va_start(ap, emsg); 1237 ret = vasprintf(&msg, emsg, ap); 1238 va_end(ap); 1239 if (ret == -1) { 1240 log_warn("%s: vasprintf", __func__); 1241 return; 1242 } 1243 1244 iov[0].iov_base = &srv_conf->id; 1245 iov[0].iov_len = sizeof(srv_conf->id); 1246 iov[1].iov_base = msg; 1247 iov[1].iov_len = ret + 1; 1248 1249 if (proc_composev(httpd_env->sc_ps, PROC_LOGGER, cmd, iov, 2) != 0) { 1250 log_warn("%s: failed to compose imsg", __func__); 1251 free(msg); 1252 return; 1253 } 1254 free(msg); 1255 } 1256 1257 void 1258 server_log(struct client *clt, const char *msg) 1259 { 1260 char ibuf[HOST_NAME_MAX+1], obuf[HOST_NAME_MAX+1]; 1261 struct server_config *srv_conf = clt->clt_srv_conf; 1262 char *ptr = NULL, *vmsg = NULL; 1263 int debug_cmd = -1; 1264 1265 switch (srv_conf->logformat) { 1266 case LOG_FORMAT_CONNECTION: 1267 debug_cmd = IMSG_LOG_ACCESS; 1268 break; 1269 default: 1270 if (log_getverbose() > 1) 1271 debug_cmd = IMSG_LOG_ERROR; 1272 if (EVBUFFER_LENGTH(clt->clt_log)) { 1273 while ((ptr = 1274 evbuffer_readline(clt->clt_log)) != NULL) { 1275 server_sendlog(srv_conf, 1276 IMSG_LOG_ACCESS, "%s", ptr); 1277 free(ptr); 1278 } 1279 } 1280 break; 1281 } 1282 1283 if (debug_cmd != -1 && msg != NULL) { 1284 memset(ibuf, 0, sizeof(ibuf)); 1285 memset(obuf, 0, sizeof(obuf)); 1286 (void)print_host(&clt->clt_ss, ibuf, sizeof(ibuf)); 1287 (void)server_http_host(&clt->clt_srv_ss, obuf, sizeof(obuf)); 1288 if (EVBUFFER_LENGTH(clt->clt_log) && 1289 evbuffer_add_printf(clt->clt_log, "\n") != -1) 1290 ptr = evbuffer_readline(clt->clt_log); 1291 (void)stravis(&vmsg, msg, HTTPD_LOGVIS); 1292 server_sendlog(srv_conf, debug_cmd, "server %s, " 1293 "client %d (%d active), %s:%u -> %s, " 1294 "%s%s%s", srv_conf->name, clt->clt_id, server_clients, 1295 ibuf, ntohs(clt->clt_port), obuf, vmsg == NULL ? "" : vmsg, 1296 ptr == NULL ? "" : ",", ptr == NULL ? "" : ptr); 1297 free(vmsg); 1298 free(ptr); 1299 } 1300 } 1301 1302 void 1303 server_close(struct client *clt, const char *msg) 1304 { 1305 struct server *srv = clt->clt_srv; 1306 1307 SPLAY_REMOVE(client_tree, &srv->srv_clients, clt); 1308 1309 /* free the HTTP descriptors incl. headers */ 1310 server_close_http(clt); 1311 1312 /* tls_close must be called before the underlying socket is closed. */ 1313 if (clt->clt_tls_ctx != NULL) 1314 tls_close(clt->clt_tls_ctx); /* XXX - error handling */ 1315 tls_free(clt->clt_tls_ctx); 1316 1317 event_del(&clt->clt_ev); 1318 if (clt->clt_bev != NULL) 1319 bufferevent_disable(clt->clt_bev, EV_READ|EV_WRITE); 1320 if (clt->clt_srvbev != NULL) 1321 bufferevent_disable(clt->clt_srvbev, EV_READ|EV_WRITE); 1322 1323 server_log(clt, msg); 1324 1325 if (clt->clt_bev != NULL) 1326 bufferevent_free(clt->clt_bev); 1327 if (clt->clt_output != NULL) 1328 evbuffer_free(clt->clt_output); 1329 if (clt->clt_srvevb != NULL) 1330 evbuffer_free(clt->clt_srvevb); 1331 1332 if (clt->clt_srvbev != NULL) 1333 bufferevent_free(clt->clt_srvbev); 1334 1335 if (clt->clt_fd != -1) 1336 close(clt->clt_fd); 1337 if (clt->clt_s != -1) 1338 close(clt->clt_s); 1339 1340 server_inflight_dec(clt, __func__); 1341 1342 if (clt->clt_log != NULL) 1343 evbuffer_free(clt->clt_log); 1344 1345 free(clt); 1346 server_clients--; 1347 } 1348 1349 int 1350 server_dispatch_parent(int fd, struct privsep_proc *p, struct imsg *imsg) 1351 { 1352 struct server *srv; 1353 struct server_tls_ticket key; 1354 1355 switch (imsg->hdr.type) { 1356 case IMSG_CFG_MEDIA: 1357 config_getmedia(httpd_env, imsg); 1358 break; 1359 case IMSG_CFG_AUTH: 1360 config_getauth(httpd_env, imsg); 1361 break; 1362 case IMSG_CFG_SERVER: 1363 config_getserver(httpd_env, imsg); 1364 break; 1365 case IMSG_CFG_TLS: 1366 config_getserver_tls(httpd_env, imsg); 1367 break; 1368 case IMSG_CFG_FCGI: 1369 config_getserver_fcgiparams(httpd_env, imsg); 1370 break; 1371 case IMSG_CFG_DONE: 1372 config_getcfg(httpd_env, imsg); 1373 break; 1374 case IMSG_CTL_START: 1375 server_launch(); 1376 break; 1377 case IMSG_CTL_RESET: 1378 config_getreset(httpd_env, imsg); 1379 break; 1380 case IMSG_TLSTICKET_REKEY: 1381 IMSG_SIZE_CHECK(imsg, (&key)); 1382 memcpy(&key, imsg->data, sizeof(key)); 1383 /* apply to the right server */ 1384 srv = server_byid(key.tt_id); 1385 if (srv) { 1386 tls_config_add_ticket_key(srv->srv_tls_config, 1387 key.tt_keyrev, key.tt_key, sizeof(key.tt_key)); 1388 } 1389 break; 1390 default: 1391 return (-1); 1392 } 1393 1394 return (0); 1395 } 1396 1397 int 1398 server_dispatch_logger(int fd, struct privsep_proc *p, struct imsg *imsg) 1399 { 1400 switch (imsg->hdr.type) { 1401 default: 1402 return (-1); 1403 } 1404 1405 return (0); 1406 } 1407 1408 int 1409 server_bufferevent_add(struct event *ev, int timeout) 1410 { 1411 struct timeval tv, *ptv = NULL; 1412 1413 if (timeout) { 1414 timerclear(&tv); 1415 tv.tv_sec = timeout; 1416 ptv = &tv; 1417 } 1418 1419 return (event_add(ev, ptv)); 1420 } 1421 1422 int 1423 server_bufferevent_printf(struct client *clt, const char *fmt, ...) 1424 { 1425 int ret; 1426 va_list ap; 1427 char *str; 1428 1429 va_start(ap, fmt); 1430 ret = vasprintf(&str, fmt, ap); 1431 va_end(ap); 1432 1433 if (ret == -1) 1434 return (ret); 1435 1436 ret = server_bufferevent_print(clt, str); 1437 free(str); 1438 1439 return (ret); 1440 } 1441 1442 int 1443 server_bufferevent_print(struct client *clt, const char *str) 1444 { 1445 if (clt->clt_bev == NULL) 1446 return (evbuffer_add(clt->clt_output, str, strlen(str))); 1447 return (bufferevent_write(clt->clt_bev, str, strlen(str))); 1448 } 1449 1450 int 1451 server_bufferevent_write_buffer(struct client *clt, struct evbuffer *buf) 1452 { 1453 if (clt->clt_bev == NULL) 1454 return (evbuffer_add_buffer(clt->clt_output, buf)); 1455 return (bufferevent_write_buffer(clt->clt_bev, buf)); 1456 } 1457 1458 int 1459 server_bufferevent_write_chunk(struct client *clt, 1460 struct evbuffer *buf, size_t size) 1461 { 1462 int ret; 1463 ret = server_bufferevent_write(clt, buf->buffer, size); 1464 if (ret != -1) 1465 evbuffer_drain(buf, size); 1466 return (ret); 1467 } 1468 1469 int 1470 server_bufferevent_write(struct client *clt, void *data, size_t size) 1471 { 1472 if (clt->clt_bev == NULL) 1473 return (evbuffer_add(clt->clt_output, data, size)); 1474 return (bufferevent_write(clt->clt_bev, data, size)); 1475 } 1476 1477 int 1478 server_client_cmp(struct client *a, struct client *b) 1479 { 1480 return ((int)a->clt_id - b->clt_id); 1481 } 1482 1483 SPLAY_GENERATE(client_tree, client, clt_nodes, server_client_cmp); 1484