1 /* $OpenBSD: server.c,v 1.95 2016/08/30 14:31:53 rzalamena Exp $ */ 2 3 /* 4 * Copyright (c) 2006 - 2015 Reyk Floeter <reyk@openbsd.org> 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19 #include <sys/types.h> 20 #include <sys/queue.h> 21 #include <sys/time.h> 22 #include <sys/stat.h> 23 #include <sys/socket.h> 24 #include <sys/uio.h> 25 #include <sys/tree.h> 26 27 #include <netinet/in.h> 28 #include <netinet/tcp.h> 29 #include <arpa/inet.h> 30 31 #include <stdio.h> 32 #include <stdlib.h> 33 #include <stdarg.h> 34 #include <limits.h> 35 #include <errno.h> 36 #include <fcntl.h> 37 #include <string.h> 38 #include <syslog.h> 39 #include <unistd.h> 40 #include <event.h> 41 #include <imsg.h> 42 #include <tls.h> 43 #include <vis.h> 44 45 #include "httpd.h" 46 47 #define MINIMUM(a, b) (((a) < (b)) ? (a) : (b)) 48 49 int server_dispatch_parent(int, struct privsep_proc *, 50 struct imsg *); 51 int server_dispatch_logger(int, struct privsep_proc *, 52 struct imsg *); 53 void server_shutdown(void); 54 55 void server_init(struct privsep *, struct privsep_proc *p, void *); 56 void server_launch(void); 57 int server_socket(struct sockaddr_storage *, in_port_t, 58 struct server_config *, int, int); 59 int server_socket_listen(struct sockaddr_storage *, in_port_t, 60 struct server_config *); 61 62 int server_tls_init(struct server *); 63 void server_tls_readcb(int, short, void *); 64 void server_tls_writecb(int, short, void *); 65 void server_tls_handshake(int, short, void *); 66 67 void server_accept(int, short, void *); 68 void server_input(struct client *); 69 void server_inflight_dec(struct client *, const char *); 70 71 extern void bufferevent_read_pressure_cb(struct evbuffer *, size_t, 72 size_t, void *); 73 74 volatile int server_clients; 75 volatile int server_inflight = 0; 76 uint32_t server_cltid; 77 78 static struct privsep_proc procs[] = { 79 { "parent", PROC_PARENT, server_dispatch_parent }, 80 { "logger", PROC_LOGGER, server_dispatch_logger } 81 }; 82 83 void 84 server(struct privsep *ps, struct privsep_proc *p) 85 { 86 proc_run(ps, p, procs, nitems(procs), server_init, NULL); 87 server_http(); 88 } 89 90 void 91 server_shutdown(void) 92 { 93 config_purge(httpd_env, CONFIG_ALL); 94 usleep(200); /* XXX server needs to shutdown last */ 95 } 96 97 int 98 server_privinit(struct server *srv) 99 { 100 struct server *s; 101 102 if (srv->srv_conf.flags & SRVFLAG_LOCATION) 103 return (0); 104 105 log_debug("%s: adding server %s", __func__, srv->srv_conf.name); 106 107 /* 108 * There's no need to open a new socket if a server with the 109 * same address already exists. 110 */ 111 TAILQ_FOREACH(s, httpd_env->sc_servers, srv_entry) { 112 if (s != srv && s->srv_s != -1 && 113 s->srv_conf.port == srv->srv_conf.port && 114 sockaddr_cmp((struct sockaddr *)&s->srv_conf.ss, 115 (struct sockaddr *)&srv->srv_conf.ss, 116 s->srv_conf.prefixlen) == 0) 117 return (0); 118 } 119 120 /* Open listening socket in the privileged process */ 121 if ((srv->srv_s = server_socket_listen(&srv->srv_conf.ss, 122 srv->srv_conf.port, &srv->srv_conf)) == -1) 123 return (-1); 124 125 return (0); 126 } 127 128 int 129 server_tls_cmp(struct server *s1, struct server *s2, int match_keypair) 130 { 131 struct server_config *sc1, *sc2; 132 133 sc1 = &s1->srv_conf; 134 sc2 = &s2->srv_conf; 135 136 if (sc1->tls_protocols != sc2->tls_protocols) 137 return (-1); 138 if (strcmp(sc1->tls_ciphers, sc2->tls_ciphers) != 0) 139 return (-1); 140 if (strcmp(sc1->tls_dhe_params, sc2->tls_dhe_params) != 0) 141 return (-1); 142 if (strcmp(sc1->tls_ecdhe_curve, sc2->tls_ecdhe_curve) != 0) 143 return (-1); 144 145 if (match_keypair) { 146 if (strcmp(sc1->tls_cert_file, sc2->tls_cert_file) != 0) 147 return (-1); 148 if (strcmp(sc1->tls_key_file, sc2->tls_key_file) != 0) 149 return (-1); 150 } 151 152 return (0); 153 } 154 155 int 156 server_tls_load_keypair(struct server *srv) 157 { 158 if ((srv->srv_conf.flags & SRVFLAG_TLS) == 0) 159 return (0); 160 161 if ((srv->srv_conf.tls_cert = tls_load_file( 162 srv->srv_conf.tls_cert_file, &srv->srv_conf.tls_cert_len, 163 NULL)) == NULL) 164 return (-1); 165 log_debug("%s: using certificate %s", __func__, 166 srv->srv_conf.tls_cert_file); 167 168 /* XXX allow to specify password for encrypted key */ 169 if ((srv->srv_conf.tls_key = tls_load_file( 170 srv->srv_conf.tls_key_file, &srv->srv_conf.tls_key_len, 171 NULL)) == NULL) 172 return (-1); 173 log_debug("%s: using private key %s", __func__, 174 srv->srv_conf.tls_key_file); 175 176 return (0); 177 } 178 179 int 180 server_tls_init(struct server *srv) 181 { 182 struct server_config *srv_conf; 183 184 if ((srv->srv_conf.flags & SRVFLAG_TLS) == 0) 185 return (0); 186 187 log_debug("%s: setting up tls for %s", __func__, srv->srv_conf.name); 188 189 if (tls_init() != 0) { 190 log_warnx("%s: failed to initialise tls", __func__); 191 return (-1); 192 } 193 if ((srv->srv_tls_config = tls_config_new()) == NULL) { 194 log_warnx("%s: failed to get tls config", __func__); 195 return (-1); 196 } 197 if ((srv->srv_tls_ctx = tls_server()) == NULL) { 198 log_warnx("%s: failed to get tls server", __func__); 199 return (-1); 200 } 201 202 tls_config_set_protocols(srv->srv_tls_config, 203 srv->srv_conf.tls_protocols); 204 205 if (tls_config_set_ciphers(srv->srv_tls_config, 206 srv->srv_conf.tls_ciphers) != 0) { 207 log_warnx("%s: failed to set tls ciphers: %s", 208 __func__, tls_config_error(srv->srv_tls_config)); 209 return (-1); 210 } 211 if (tls_config_set_dheparams(srv->srv_tls_config, 212 srv->srv_conf.tls_dhe_params) != 0) { 213 log_warnx("%s: failed to set tls dhe params: %s", 214 __func__, tls_config_error(srv->srv_tls_config)); 215 return (-1); 216 } 217 if (tls_config_set_ecdhecurve(srv->srv_tls_config, 218 srv->srv_conf.tls_ecdhe_curve) != 0) { 219 log_warnx("%s: failed to set tls ecdhe curve: %s", 220 __func__, tls_config_error(srv->srv_tls_config)); 221 return (-1); 222 } 223 224 if (tls_config_set_keypair_mem(srv->srv_tls_config, 225 srv->srv_conf.tls_cert, srv->srv_conf.tls_cert_len, 226 srv->srv_conf.tls_key, srv->srv_conf.tls_key_len) != 0) { 227 log_warnx("%s: failed to set tls certificate/key: %s", 228 __func__, tls_config_error(srv->srv_tls_config)); 229 return (-1); 230 } 231 232 TAILQ_FOREACH(srv_conf, &srv->srv_hosts, entry) { 233 if (srv_conf->tls_cert == NULL || srv_conf->tls_key == NULL) 234 continue; 235 log_debug("%s: adding keypair for server %s", __func__, 236 srv->srv_conf.name); 237 if (tls_config_add_keypair_mem(srv->srv_tls_config, 238 srv_conf->tls_cert, srv_conf->tls_cert_len, 239 srv_conf->tls_key, srv_conf->tls_key_len) != 0) { 240 log_warnx("%s: failed to add tls keypair", __func__); 241 return (-1); 242 } 243 } 244 245 if (tls_configure(srv->srv_tls_ctx, srv->srv_tls_config) != 0) { 246 log_warnx("%s: failed to configure tls - %s", __func__, 247 tls_error(srv->srv_tls_ctx)); 248 return (-1); 249 } 250 251 /* We're now done with the public/private key... */ 252 tls_config_clear_keys(srv->srv_tls_config); 253 explicit_bzero(srv->srv_conf.tls_cert, srv->srv_conf.tls_cert_len); 254 explicit_bzero(srv->srv_conf.tls_key, srv->srv_conf.tls_key_len); 255 free(srv->srv_conf.tls_cert); 256 free(srv->srv_conf.tls_key); 257 srv->srv_conf.tls_cert = NULL; 258 srv->srv_conf.tls_key = NULL; 259 srv->srv_conf.tls_cert_len = 0; 260 srv->srv_conf.tls_key_len = 0; 261 262 return (0); 263 } 264 265 void 266 server_init(struct privsep *ps, struct privsep_proc *p, void *arg) 267 { 268 server_http(); 269 270 if (config_init(ps->ps_env) == -1) 271 fatal("failed to initialize configuration"); 272 273 /* We use a custom shutdown callback */ 274 p->p_shutdown = server_shutdown; 275 276 /* Unlimited file descriptors (use system limits) */ 277 socket_rlimit(-1); 278 279 if (pledge("stdio rpath inet unix recvfd", NULL) == -1) 280 fatal("pledge"); 281 282 #if 0 283 /* Schedule statistics timer */ 284 evtimer_set(&ps->ps_env->sc_statev, server_statistics, NULL); 285 memcpy(&tv, &ps->ps_env->sc_statinterval, sizeof(tv)); 286 evtimer_add(&ps->ps_env->sc_statev, &tv); 287 #endif 288 } 289 290 void 291 server_launch(void) 292 { 293 struct server *srv; 294 295 TAILQ_FOREACH(srv, httpd_env->sc_servers, srv_entry) { 296 log_debug("%s: configuring server %s", __func__, 297 srv->srv_conf.name); 298 299 server_tls_init(srv); 300 server_http_init(srv); 301 302 log_debug("%s: running server %s", __func__, 303 srv->srv_conf.name); 304 305 event_set(&srv->srv_ev, srv->srv_s, EV_READ, 306 server_accept, srv); 307 event_add(&srv->srv_ev, NULL); 308 evtimer_set(&srv->srv_evt, server_accept, srv); 309 } 310 } 311 312 void 313 server_purge(struct server *srv) 314 { 315 struct client *clt; 316 struct server_config *srv_conf; 317 318 /* shutdown and remove server */ 319 if (event_initialized(&srv->srv_ev)) 320 event_del(&srv->srv_ev); 321 if (evtimer_initialized(&srv->srv_evt)) 322 evtimer_del(&srv->srv_evt); 323 324 if (srv->srv_s != -1) 325 close(srv->srv_s); 326 TAILQ_REMOVE(httpd_env->sc_servers, srv, srv_entry); 327 328 /* cleanup sessions */ 329 while ((clt = 330 SPLAY_ROOT(&srv->srv_clients)) != NULL) 331 server_close(clt, NULL); 332 333 /* cleanup hosts */ 334 while ((srv_conf = 335 TAILQ_FIRST(&srv->srv_hosts)) != NULL) { 336 TAILQ_REMOVE(&srv->srv_hosts, srv_conf, entry); 337 338 /* It might point to our own "default" entry */ 339 if (srv_conf != &srv->srv_conf) { 340 serverconfig_free(srv_conf); 341 free(srv_conf); 342 } 343 } 344 345 tls_config_free(srv->srv_tls_config); 346 tls_free(srv->srv_tls_ctx); 347 348 free(srv); 349 } 350 351 void 352 serverconfig_free(struct server_config *srv_conf) 353 { 354 free(srv_conf->return_uri); 355 free(srv_conf->tls_cert_file); 356 free(srv_conf->tls_key_file); 357 358 if (srv_conf->tls_cert != NULL) { 359 explicit_bzero(srv_conf->tls_cert, srv_conf->tls_cert_len); 360 free(srv_conf->tls_cert); 361 } 362 363 if (srv_conf->tls_key != NULL) { 364 explicit_bzero(srv_conf->tls_key, srv_conf->tls_key_len); 365 free(srv_conf->tls_key); 366 } 367 } 368 369 void 370 serverconfig_reset(struct server_config *srv_conf) 371 { 372 srv_conf->auth = NULL; 373 srv_conf->return_uri = NULL; 374 srv_conf->tls_cert = NULL; 375 srv_conf->tls_cert_file = NULL; 376 srv_conf->tls_key = NULL; 377 srv_conf->tls_key_file = NULL; 378 } 379 380 struct server * 381 server_byaddr(struct sockaddr *addr, in_port_t port) 382 { 383 struct server *srv; 384 385 TAILQ_FOREACH(srv, httpd_env->sc_servers, srv_entry) { 386 if (port == srv->srv_conf.port && 387 sockaddr_cmp((struct sockaddr *)&srv->srv_conf.ss, 388 addr, srv->srv_conf.prefixlen) == 0) 389 return (srv); 390 } 391 392 return (NULL); 393 } 394 395 struct server_config * 396 serverconfig_byid(uint32_t id) 397 { 398 struct server *srv; 399 struct server_config *srv_conf; 400 401 TAILQ_FOREACH(srv, httpd_env->sc_servers, srv_entry) { 402 if (srv->srv_conf.id == id) 403 return (&srv->srv_conf); 404 TAILQ_FOREACH(srv_conf, &srv->srv_hosts, entry) { 405 if (srv_conf->id == id) 406 return (srv_conf); 407 } 408 } 409 410 return (NULL); 411 } 412 413 int 414 server_foreach(int (*srv_cb)(struct server *, 415 struct server_config *, void *), void *arg) 416 { 417 struct server *srv; 418 struct server_config *srv_conf; 419 420 TAILQ_FOREACH(srv, httpd_env->sc_servers, srv_entry) { 421 if ((srv_cb)(srv, &srv->srv_conf, arg) == -1) 422 return (-1); 423 TAILQ_FOREACH(srv_conf, &srv->srv_hosts, entry) { 424 if ((srv_cb)(srv, srv_conf, arg) == -1) 425 return (-1); 426 } 427 } 428 429 return (0); 430 } 431 432 struct server * 433 server_match(struct server *s2, int match_name) 434 { 435 struct server *s1; 436 437 /* Attempt to find matching server. */ 438 TAILQ_FOREACH(s1, httpd_env->sc_servers, srv_entry) { 439 if ((s1->srv_conf.flags & SRVFLAG_LOCATION) != 0) 440 continue; 441 if (match_name) { 442 if (strcmp(s1->srv_conf.name, s2->srv_conf.name) != 0) 443 continue; 444 } 445 if (s1->srv_conf.port != s2->srv_conf.port) 446 continue; 447 if (sockaddr_cmp( 448 (struct sockaddr *)&s1->srv_conf.ss, 449 (struct sockaddr *)&s2->srv_conf.ss, 450 s1->srv_conf.prefixlen) != 0) 451 continue; 452 453 return (s1); 454 } 455 456 return (NULL); 457 } 458 459 int 460 server_socket_af(struct sockaddr_storage *ss, in_port_t port) 461 { 462 switch (ss->ss_family) { 463 case AF_INET: 464 ((struct sockaddr_in *)ss)->sin_port = port; 465 ((struct sockaddr_in *)ss)->sin_len = 466 sizeof(struct sockaddr_in); 467 break; 468 case AF_INET6: 469 ((struct sockaddr_in6 *)ss)->sin6_port = port; 470 ((struct sockaddr_in6 *)ss)->sin6_len = 471 sizeof(struct sockaddr_in6); 472 break; 473 default: 474 return (-1); 475 } 476 477 return (0); 478 } 479 480 in_port_t 481 server_socket_getport(struct sockaddr_storage *ss) 482 { 483 switch (ss->ss_family) { 484 case AF_INET: 485 return (((struct sockaddr_in *)ss)->sin_port); 486 case AF_INET6: 487 return (((struct sockaddr_in6 *)ss)->sin6_port); 488 default: 489 return (0); 490 } 491 492 /* NOTREACHED */ 493 return (0); 494 } 495 496 int 497 server_socket(struct sockaddr_storage *ss, in_port_t port, 498 struct server_config *srv_conf, int fd, int reuseport) 499 { 500 struct linger lng; 501 int s = -1, val; 502 503 if (server_socket_af(ss, port) == -1) 504 goto bad; 505 506 s = fd == -1 ? socket(ss->ss_family, SOCK_STREAM | SOCK_NONBLOCK, 507 IPPROTO_TCP) : fd; 508 if (s == -1) 509 goto bad; 510 511 /* 512 * Socket options 513 */ 514 memset(&lng, 0, sizeof(lng)); 515 if (setsockopt(s, SOL_SOCKET, SO_LINGER, &lng, sizeof(lng)) == -1) 516 goto bad; 517 if (reuseport) { 518 val = 1; 519 if (setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &val, 520 sizeof(int)) == -1) 521 goto bad; 522 } 523 if (srv_conf->tcpflags & TCPFLAG_BUFSIZ) { 524 val = srv_conf->tcpbufsiz; 525 if (setsockopt(s, SOL_SOCKET, SO_RCVBUF, 526 &val, sizeof(val)) == -1) 527 goto bad; 528 val = srv_conf->tcpbufsiz; 529 if (setsockopt(s, SOL_SOCKET, SO_SNDBUF, 530 &val, sizeof(val)) == -1) 531 goto bad; 532 } 533 534 /* 535 * IP options 536 */ 537 if (srv_conf->tcpflags & TCPFLAG_IPTTL) { 538 val = (int)srv_conf->tcpipttl; 539 if (setsockopt(s, IPPROTO_IP, IP_TTL, 540 &val, sizeof(val)) == -1) 541 goto bad; 542 } 543 if (srv_conf->tcpflags & TCPFLAG_IPMINTTL) { 544 val = (int)srv_conf->tcpipminttl; 545 if (setsockopt(s, IPPROTO_IP, IP_MINTTL, 546 &val, sizeof(val)) == -1) 547 goto bad; 548 } 549 550 /* 551 * TCP options 552 */ 553 if (srv_conf->tcpflags & (TCPFLAG_NODELAY|TCPFLAG_NNODELAY)) { 554 if (srv_conf->tcpflags & TCPFLAG_NNODELAY) 555 val = 0; 556 else 557 val = 1; 558 if (setsockopt(s, IPPROTO_TCP, TCP_NODELAY, 559 &val, sizeof(val)) == -1) 560 goto bad; 561 } 562 if (srv_conf->tcpflags & (TCPFLAG_SACK|TCPFLAG_NSACK)) { 563 if (srv_conf->tcpflags & TCPFLAG_NSACK) 564 val = 0; 565 else 566 val = 1; 567 if (setsockopt(s, IPPROTO_TCP, TCP_SACK_ENABLE, 568 &val, sizeof(val)) == -1) 569 goto bad; 570 } 571 572 return (s); 573 574 bad: 575 if (s != -1) 576 close(s); 577 return (-1); 578 } 579 580 int 581 server_socket_listen(struct sockaddr_storage *ss, in_port_t port, 582 struct server_config *srv_conf) 583 { 584 int s; 585 586 if ((s = server_socket(ss, port, srv_conf, -1, 1)) == -1) 587 return (-1); 588 589 if (bind(s, (struct sockaddr *)ss, ss->ss_len) == -1) 590 goto bad; 591 if (listen(s, srv_conf->tcpbacklog) == -1) 592 goto bad; 593 594 return (s); 595 596 bad: 597 close(s); 598 return (-1); 599 } 600 601 int 602 server_socket_connect(struct sockaddr_storage *ss, in_port_t port, 603 struct server_config *srv_conf) 604 { 605 int s; 606 607 if ((s = server_socket(ss, port, srv_conf, -1, 0)) == -1) 608 return (-1); 609 610 if (connect(s, (struct sockaddr *)ss, ss->ss_len) == -1) { 611 if (errno != EINPROGRESS) 612 goto bad; 613 } 614 615 return (s); 616 617 bad: 618 close(s); 619 return (-1); 620 } 621 622 void 623 server_tls_readcb(int fd, short event, void *arg) 624 { 625 struct bufferevent *bufev = arg; 626 struct client *clt = bufev->cbarg; 627 char rbuf[IBUF_READ_SIZE]; 628 int what = EVBUFFER_READ; 629 int howmuch = IBUF_READ_SIZE; 630 ssize_t ret; 631 size_t len; 632 633 if (event == EV_TIMEOUT) { 634 what |= EVBUFFER_TIMEOUT; 635 goto err; 636 } 637 638 if (bufev->wm_read.high != 0) 639 howmuch = MINIMUM(sizeof(rbuf), bufev->wm_read.high); 640 641 ret = tls_read(clt->clt_tls_ctx, rbuf, howmuch); 642 if (ret == TLS_WANT_POLLIN || ret == TLS_WANT_POLLOUT) { 643 goto retry; 644 } else if (ret < 0) { 645 what |= EVBUFFER_ERROR; 646 goto err; 647 } 648 len = ret; 649 650 if (len == 0) { 651 what |= EVBUFFER_EOF; 652 goto err; 653 } 654 655 if (evbuffer_add(bufev->input, rbuf, len) == -1) { 656 what |= EVBUFFER_ERROR; 657 goto err; 658 } 659 660 server_bufferevent_add(&bufev->ev_read, bufev->timeout_read); 661 662 len = EVBUFFER_LENGTH(bufev->input); 663 if (bufev->wm_read.low != 0 && len < bufev->wm_read.low) 664 return; 665 if (bufev->wm_read.high != 0 && len > bufev->wm_read.high) { 666 struct evbuffer *buf = bufev->input; 667 event_del(&bufev->ev_read); 668 evbuffer_setcb(buf, bufferevent_read_pressure_cb, bufev); 669 return; 670 } 671 672 if (bufev->readcb != NULL) 673 (*bufev->readcb)(bufev, bufev->cbarg); 674 return; 675 676 retry: 677 server_bufferevent_add(&bufev->ev_read, bufev->timeout_read); 678 return; 679 680 err: 681 (*bufev->errorcb)(bufev, what, bufev->cbarg); 682 } 683 684 void 685 server_tls_writecb(int fd, short event, void *arg) 686 { 687 struct bufferevent *bufev = arg; 688 struct client *clt = bufev->cbarg; 689 ssize_t ret; 690 short what = EVBUFFER_WRITE; 691 size_t len; 692 693 if (event == EV_TIMEOUT) { 694 what |= EVBUFFER_TIMEOUT; 695 goto err; 696 } 697 698 if (EVBUFFER_LENGTH(bufev->output)) { 699 ret = tls_write(clt->clt_tls_ctx, 700 EVBUFFER_DATA(bufev->output), 701 EVBUFFER_LENGTH(bufev->output)); 702 if (ret == TLS_WANT_POLLIN || ret == TLS_WANT_POLLOUT) { 703 goto retry; 704 } else if (ret < 0) { 705 what |= EVBUFFER_ERROR; 706 goto err; 707 } 708 len = ret; 709 evbuffer_drain(bufev->output, len); 710 } 711 712 if (EVBUFFER_LENGTH(bufev->output) != 0) 713 server_bufferevent_add(&bufev->ev_write, bufev->timeout_write); 714 715 if (bufev->writecb != NULL && 716 EVBUFFER_LENGTH(bufev->output) <= bufev->wm_write.low) 717 (*bufev->writecb)(bufev, bufev->cbarg); 718 return; 719 720 retry: 721 server_bufferevent_add(&bufev->ev_write, bufev->timeout_write); 722 return; 723 724 err: 725 (*bufev->errorcb)(bufev, what, bufev->cbarg); 726 } 727 728 void 729 server_input(struct client *clt) 730 { 731 struct server_config *srv_conf = clt->clt_srv_conf; 732 evbuffercb inrd = server_read; 733 evbuffercb inwr = server_write; 734 socklen_t slen; 735 736 if (server_httpdesc_init(clt) == -1) { 737 server_close(clt, "failed to allocate http descriptor"); 738 return; 739 } 740 741 clt->clt_toread = TOREAD_HTTP_HEADER; 742 inrd = server_read_http; 743 744 slen = sizeof(clt->clt_sndbufsiz); 745 if (getsockopt(clt->clt_s, SOL_SOCKET, SO_SNDBUF, 746 &clt->clt_sndbufsiz, &slen) == -1) { 747 server_close(clt, "failed to get send buffer size"); 748 return; 749 } 750 751 /* 752 * Client <-> Server 753 */ 754 clt->clt_bev = bufferevent_new(clt->clt_s, inrd, inwr, 755 server_error, clt); 756 if (clt->clt_bev == NULL) { 757 server_close(clt, "failed to allocate input buffer event"); 758 return; 759 } 760 761 if (srv_conf->flags & SRVFLAG_TLS) { 762 event_set(&clt->clt_bev->ev_read, clt->clt_s, EV_READ, 763 server_tls_readcb, clt->clt_bev); 764 event_set(&clt->clt_bev->ev_write, clt->clt_s, EV_WRITE, 765 server_tls_writecb, clt->clt_bev); 766 } 767 768 /* Adjust write watermark to the socket buffer output size */ 769 bufferevent_setwatermark(clt->clt_bev, EV_WRITE, 770 SERVER_MIN_PREFETCHED * clt->clt_sndbufsiz, 0); 771 /* Read at most amount of data that fits in one fcgi record. */ 772 bufferevent_setwatermark(clt->clt_bev, EV_READ, 0, FCGI_CONTENT_SIZE); 773 774 bufferevent_settimeout(clt->clt_bev, 775 srv_conf->timeout.tv_sec, srv_conf->timeout.tv_sec); 776 bufferevent_enable(clt->clt_bev, EV_READ|EV_WRITE); 777 } 778 779 void 780 server_write(struct bufferevent *bev, void *arg) 781 { 782 struct client *clt = arg; 783 struct evbuffer *dst = EVBUFFER_OUTPUT(bev); 784 785 if (EVBUFFER_LENGTH(dst) == 0 && 786 clt->clt_toread == TOREAD_HTTP_NONE) 787 goto done; 788 789 getmonotime(&clt->clt_tv_last); 790 791 if (clt->clt_done) 792 goto done; 793 794 bufferevent_enable(bev, EV_READ); 795 796 if (clt->clt_srvbev && clt->clt_srvbev_throttled) { 797 bufferevent_enable(clt->clt_srvbev, EV_READ); 798 clt->clt_srvbev_throttled = 0; 799 } 800 801 return; 802 done: 803 (*bev->errorcb)(bev, EVBUFFER_WRITE|EVBUFFER_EOF, bev->cbarg); 804 return; 805 } 806 807 void 808 server_dump(struct client *clt, const void *buf, size_t len) 809 { 810 if (!len) 811 return; 812 813 /* 814 * This function will dump the specified message directly 815 * to the underlying client, without waiting for success 816 * of non-blocking events etc. This is useful to print an 817 * error message before gracefully closing the client. 818 */ 819 if (clt->clt_tls_ctx != NULL) 820 (void)tls_write(clt->clt_tls_ctx, buf, len); 821 else 822 (void)write(clt->clt_s, buf, len); 823 } 824 825 void 826 server_read(struct bufferevent *bev, void *arg) 827 { 828 struct client *clt = arg; 829 struct evbuffer *src = EVBUFFER_INPUT(bev); 830 831 getmonotime(&clt->clt_tv_last); 832 833 if (!EVBUFFER_LENGTH(src)) 834 return; 835 if (server_bufferevent_write_buffer(clt, src) == -1) 836 goto fail; 837 if (clt->clt_done) 838 goto done; 839 840 if (EVBUFFER_LENGTH(EVBUFFER_OUTPUT(clt->clt_bev)) > (size_t) 841 SERVER_MAX_PREFETCH * clt->clt_sndbufsiz) { 842 bufferevent_disable(clt->clt_srvbev, EV_READ); 843 clt->clt_srvbev_throttled = 1; 844 } 845 846 return; 847 done: 848 (*bev->errorcb)(bev, EVBUFFER_READ|EVBUFFER_EOF, bev->cbarg); 849 return; 850 fail: 851 server_close(clt, strerror(errno)); 852 } 853 854 void 855 server_error(struct bufferevent *bev, short error, void *arg) 856 { 857 struct client *clt = arg; 858 struct evbuffer *dst; 859 860 if (error & EVBUFFER_TIMEOUT) { 861 server_close(clt, "buffer event timeout"); 862 return; 863 } 864 if (error & EVBUFFER_ERROR) { 865 if (errno == EFBIG) { 866 bufferevent_enable(bev, EV_READ); 867 return; 868 } 869 server_close(clt, "buffer event error"); 870 return; 871 } 872 if (error & (EVBUFFER_READ|EVBUFFER_WRITE|EVBUFFER_EOF)) { 873 bufferevent_disable(bev, EV_READ|EV_WRITE); 874 875 clt->clt_done = 1; 876 877 dst = EVBUFFER_OUTPUT(clt->clt_bev); 878 if (EVBUFFER_LENGTH(dst)) { 879 /* Finish writing all data first */ 880 bufferevent_enable(clt->clt_bev, EV_WRITE); 881 return; 882 } 883 884 server_close(clt, "done"); 885 return; 886 } 887 server_close(clt, "unknown event error"); 888 return; 889 } 890 891 void 892 server_accept(int fd, short event, void *arg) 893 { 894 struct server *srv = arg; 895 struct client *clt = NULL; 896 socklen_t slen; 897 struct sockaddr_storage ss; 898 int s = -1; 899 900 event_add(&srv->srv_ev, NULL); 901 if ((event & EV_TIMEOUT)) 902 return; 903 904 slen = sizeof(ss); 905 if ((s = accept_reserve(fd, (struct sockaddr *)&ss, 906 &slen, FD_RESERVE, &server_inflight)) == -1) { 907 /* 908 * Pause accept if we are out of file descriptors, or 909 * libevent will haunt us here too. 910 */ 911 if (errno == ENFILE || errno == EMFILE) { 912 struct timeval evtpause = { 1, 0 }; 913 914 event_del(&srv->srv_ev); 915 evtimer_add(&srv->srv_evt, &evtpause); 916 log_debug("%s: deferring connections", __func__); 917 } 918 return; 919 } 920 if (server_clients >= SERVER_MAX_CLIENTS) 921 goto err; 922 923 if ((clt = calloc(1, sizeof(*clt))) == NULL) 924 goto err; 925 926 /* Pre-allocate log buffer */ 927 clt->clt_log = evbuffer_new(); 928 if (clt->clt_log == NULL) 929 goto err; 930 931 clt->clt_s = s; 932 clt->clt_fd = -1; 933 clt->clt_toread = TOREAD_UNLIMITED; 934 clt->clt_srv = srv; 935 clt->clt_srv_conf = &srv->srv_conf; 936 clt->clt_id = ++server_cltid; 937 clt->clt_srv_id = srv->srv_conf.id; 938 clt->clt_pid = getpid(); 939 clt->clt_inflight = 1; 940 941 /* get local address */ 942 slen = sizeof(clt->clt_srv_ss); 943 if (getsockname(s, (struct sockaddr *)&clt->clt_srv_ss, 944 &slen) == -1) { 945 server_close(clt, "listen address lookup failed"); 946 return; 947 } 948 949 /* get client address */ 950 memcpy(&clt->clt_ss, &ss, sizeof(clt->clt_ss)); 951 952 /* get ports */ 953 switch (ss.ss_family) { 954 case AF_INET: 955 clt->clt_port = ((struct sockaddr_in *)&ss)->sin_port; 956 break; 957 case AF_INET6: 958 clt->clt_port = ((struct sockaddr_in6 *)&ss)->sin6_port; 959 break; 960 } 961 962 getmonotime(&clt->clt_tv_start); 963 memcpy(&clt->clt_tv_last, &clt->clt_tv_start, sizeof(clt->clt_tv_last)); 964 965 server_clients++; 966 SPLAY_INSERT(client_tree, &srv->srv_clients, clt); 967 968 /* Pre-allocate output buffer */ 969 clt->clt_output = evbuffer_new(); 970 if (clt->clt_output == NULL) { 971 server_close(clt, "failed to allocate output buffer"); 972 return; 973 } 974 975 if (srv->srv_conf.flags & SRVFLAG_TLS) { 976 if (tls_accept_socket(srv->srv_tls_ctx, &clt->clt_tls_ctx, 977 clt->clt_s) != 0) { 978 server_close(clt, "failed to setup tls context"); 979 return; 980 } 981 event_again(&clt->clt_ev, clt->clt_s, EV_TIMEOUT|EV_READ, 982 server_tls_handshake, &clt->clt_tv_start, 983 &srv->srv_conf.timeout, clt); 984 return; 985 } 986 987 server_input(clt); 988 return; 989 990 err: 991 if (s != -1) { 992 close(s); 993 free(clt); 994 /* 995 * the client struct was not completely set up, but still 996 * counted as an inflight client. account for this. 997 */ 998 server_inflight_dec(NULL, __func__); 999 } 1000 } 1001 1002 void 1003 server_tls_handshake(int fd, short event, void *arg) 1004 { 1005 struct client *clt = (struct client *)arg; 1006 struct server *srv = (struct server *)clt->clt_srv; 1007 int ret; 1008 1009 if (event == EV_TIMEOUT) { 1010 server_close(clt, "tls handshake timeout"); 1011 return; 1012 } 1013 1014 if (srv->srv_tls_ctx == NULL || clt->clt_tls_ctx == NULL) 1015 fatalx("NULL tls context"); 1016 1017 ret = tls_handshake(clt->clt_tls_ctx); 1018 if (ret == 0) { 1019 server_input(clt); 1020 } else if (ret == TLS_WANT_POLLIN) { 1021 event_again(&clt->clt_ev, clt->clt_s, EV_TIMEOUT|EV_READ, 1022 server_tls_handshake, &clt->clt_tv_start, 1023 &srv->srv_conf.timeout, clt); 1024 } else if (ret == TLS_WANT_POLLOUT) { 1025 event_again(&clt->clt_ev, clt->clt_s, EV_TIMEOUT|EV_WRITE, 1026 server_tls_handshake, &clt->clt_tv_start, 1027 &srv->srv_conf.timeout, clt); 1028 } else { 1029 log_debug("%s: tls handshake failed - %s", __func__, 1030 tls_error(clt->clt_tls_ctx)); 1031 server_close(clt, "tls handshake failed"); 1032 } 1033 } 1034 1035 void 1036 server_inflight_dec(struct client *clt, const char *why) 1037 { 1038 if (clt != NULL) { 1039 /* the flight already left inflight mode. */ 1040 if (clt->clt_inflight == 0) 1041 return; 1042 clt->clt_inflight = 0; 1043 } 1044 1045 /* the file was never opened, thus this was an inflight client. */ 1046 server_inflight--; 1047 DPRINTF("%s: inflight decremented, now %d, %s", 1048 __func__, server_inflight, why); 1049 } 1050 1051 void 1052 server_sendlog(struct server_config *srv_conf, int cmd, const char *emsg, ...) 1053 { 1054 va_list ap; 1055 char *msg; 1056 int ret; 1057 struct iovec iov[2]; 1058 1059 if (srv_conf->flags & SRVFLAG_SYSLOG) { 1060 va_start(ap, emsg); 1061 if (cmd == IMSG_LOG_ACCESS) 1062 vlog(LOG_INFO, emsg, ap); 1063 else 1064 vlog(LOG_DEBUG, emsg, ap); 1065 va_end(ap); 1066 return; 1067 } 1068 1069 va_start(ap, emsg); 1070 ret = vasprintf(&msg, emsg, ap); 1071 va_end(ap); 1072 if (ret == -1) { 1073 log_warn("%s: vasprintf", __func__); 1074 return; 1075 } 1076 1077 iov[0].iov_base = &srv_conf->id; 1078 iov[0].iov_len = sizeof(srv_conf->id); 1079 iov[1].iov_base = msg; 1080 iov[1].iov_len = strlen(msg) + 1; 1081 1082 if (proc_composev(httpd_env->sc_ps, PROC_LOGGER, cmd, iov, 2) != 0) { 1083 log_warn("%s: failed to compose imsg", __func__); 1084 return; 1085 } 1086 } 1087 1088 void 1089 server_log(struct client *clt, const char *msg) 1090 { 1091 char ibuf[HOST_NAME_MAX+1], obuf[HOST_NAME_MAX+1]; 1092 struct server_config *srv_conf = clt->clt_srv_conf; 1093 char *ptr = NULL, *vmsg = NULL; 1094 int debug_cmd = -1; 1095 extern int verbose; 1096 1097 switch (srv_conf->logformat) { 1098 case LOG_FORMAT_CONNECTION: 1099 debug_cmd = IMSG_LOG_ACCESS; 1100 break; 1101 default: 1102 if (verbose > 1) 1103 debug_cmd = IMSG_LOG_ERROR; 1104 if (EVBUFFER_LENGTH(clt->clt_log)) { 1105 while ((ptr = 1106 evbuffer_readline(clt->clt_log)) != NULL) { 1107 server_sendlog(srv_conf, 1108 IMSG_LOG_ACCESS, "%s", ptr); 1109 free(ptr); 1110 } 1111 } 1112 break; 1113 } 1114 1115 if (debug_cmd != -1 && msg != NULL) { 1116 memset(ibuf, 0, sizeof(ibuf)); 1117 memset(obuf, 0, sizeof(obuf)); 1118 (void)print_host(&clt->clt_ss, ibuf, sizeof(ibuf)); 1119 (void)server_http_host(&clt->clt_srv_ss, obuf, sizeof(obuf)); 1120 if (EVBUFFER_LENGTH(clt->clt_log) && 1121 evbuffer_add_printf(clt->clt_log, "\n") != -1) 1122 ptr = evbuffer_readline(clt->clt_log); 1123 (void)stravis(&vmsg, msg, HTTPD_LOGVIS); 1124 server_sendlog(srv_conf, debug_cmd, "server %s, " 1125 "client %d (%d active), %s:%u -> %s, " 1126 "%s%s%s", srv_conf->name, clt->clt_id, server_clients, 1127 ibuf, ntohs(clt->clt_port), obuf, vmsg == NULL ? "" : vmsg, 1128 ptr == NULL ? "" : ",", ptr == NULL ? "" : ptr); 1129 free(vmsg); 1130 free(ptr); 1131 } 1132 } 1133 1134 void 1135 server_close(struct client *clt, const char *msg) 1136 { 1137 struct server *srv = clt->clt_srv; 1138 1139 SPLAY_REMOVE(client_tree, &srv->srv_clients, clt); 1140 1141 /* free the HTTP descriptors incl. headers */ 1142 server_close_http(clt); 1143 1144 event_del(&clt->clt_ev); 1145 if (clt->clt_bev != NULL) 1146 bufferevent_disable(clt->clt_bev, EV_READ|EV_WRITE); 1147 if (clt->clt_srvbev != NULL) 1148 bufferevent_disable(clt->clt_srvbev, EV_READ|EV_WRITE); 1149 1150 server_log(clt, msg); 1151 1152 if (clt->clt_bev != NULL) 1153 bufferevent_free(clt->clt_bev); 1154 if (clt->clt_output != NULL) 1155 evbuffer_free(clt->clt_output); 1156 if (clt->clt_srvevb != NULL) 1157 evbuffer_free(clt->clt_srvevb); 1158 1159 if (clt->clt_srvbev != NULL) 1160 bufferevent_free(clt->clt_srvbev); 1161 if (clt->clt_fd != -1) 1162 close(clt->clt_fd); 1163 if (clt->clt_s != -1) 1164 close(clt->clt_s); 1165 1166 if (clt->clt_tls_ctx != NULL) 1167 tls_close(clt->clt_tls_ctx); 1168 tls_free(clt->clt_tls_ctx); 1169 1170 server_inflight_dec(clt, __func__); 1171 1172 if (clt->clt_log != NULL) 1173 evbuffer_free(clt->clt_log); 1174 1175 free(clt); 1176 server_clients--; 1177 } 1178 1179 int 1180 server_dispatch_parent(int fd, struct privsep_proc *p, struct imsg *imsg) 1181 { 1182 switch (imsg->hdr.type) { 1183 case IMSG_CFG_MEDIA: 1184 config_getmedia(httpd_env, imsg); 1185 break; 1186 case IMSG_CFG_AUTH: 1187 config_getauth(httpd_env, imsg); 1188 break; 1189 case IMSG_CFG_SERVER: 1190 config_getserver(httpd_env, imsg); 1191 break; 1192 case IMSG_CFG_TLS: 1193 config_gettls(httpd_env, imsg); 1194 break; 1195 case IMSG_CFG_DONE: 1196 config_getcfg(httpd_env, imsg); 1197 break; 1198 case IMSG_CTL_START: 1199 server_launch(); 1200 break; 1201 case IMSG_CTL_RESET: 1202 config_getreset(httpd_env, imsg); 1203 break; 1204 default: 1205 return (-1); 1206 } 1207 1208 return (0); 1209 } 1210 1211 int 1212 server_dispatch_logger(int fd, struct privsep_proc *p, struct imsg *imsg) 1213 { 1214 switch (imsg->hdr.type) { 1215 default: 1216 return (-1); 1217 } 1218 1219 return (0); 1220 } 1221 1222 int 1223 server_bufferevent_add(struct event *ev, int timeout) 1224 { 1225 struct timeval tv, *ptv = NULL; 1226 1227 if (timeout) { 1228 timerclear(&tv); 1229 tv.tv_sec = timeout; 1230 ptv = &tv; 1231 } 1232 1233 return (event_add(ev, ptv)); 1234 } 1235 1236 int 1237 server_bufferevent_printf(struct client *clt, const char *fmt, ...) 1238 { 1239 int ret; 1240 va_list ap; 1241 char *str; 1242 1243 va_start(ap, fmt); 1244 ret = vasprintf(&str, fmt, ap); 1245 va_end(ap); 1246 1247 if (ret == -1) 1248 return (ret); 1249 1250 ret = server_bufferevent_print(clt, str); 1251 free(str); 1252 1253 return (ret); 1254 } 1255 1256 int 1257 server_bufferevent_print(struct client *clt, const char *str) 1258 { 1259 if (clt->clt_bev == NULL) 1260 return (evbuffer_add(clt->clt_output, str, strlen(str))); 1261 return (bufferevent_write(clt->clt_bev, str, strlen(str))); 1262 } 1263 1264 int 1265 server_bufferevent_write_buffer(struct client *clt, struct evbuffer *buf) 1266 { 1267 if (clt->clt_bev == NULL) 1268 return (evbuffer_add_buffer(clt->clt_output, buf)); 1269 return (bufferevent_write_buffer(clt->clt_bev, buf)); 1270 } 1271 1272 int 1273 server_bufferevent_write_chunk(struct client *clt, 1274 struct evbuffer *buf, size_t size) 1275 { 1276 int ret; 1277 ret = server_bufferevent_write(clt, buf->buffer, size); 1278 if (ret != -1) 1279 evbuffer_drain(buf, size); 1280 return (ret); 1281 } 1282 1283 int 1284 server_bufferevent_write(struct client *clt, void *data, size_t size) 1285 { 1286 if (clt->clt_bev == NULL) 1287 return (evbuffer_add(clt->clt_output, data, size)); 1288 return (bufferevent_write(clt->clt_bev, data, size)); 1289 } 1290 1291 int 1292 server_client_cmp(struct client *a, struct client *b) 1293 { 1294 return ((int)a->clt_id - b->clt_id); 1295 } 1296 1297 SPLAY_GENERATE(client_tree, client, clt_nodes, server_client_cmp); 1298