server.c revision 1.117
1/* $OpenBSD: server.c,v 1.117 2019/01/08 18:35:27 florian Exp $ */ 2 3/* 4 * Copyright (c) 2006 - 2015 Reyk Floeter <reyk@openbsd.org> 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19#include <sys/types.h> 20#include <sys/queue.h> 21#include <sys/time.h> 22#include <sys/stat.h> 23#include <sys/socket.h> 24#include <sys/uio.h> 25#include <sys/tree.h> 26 27#include <netinet/in.h> 28#include <netinet/tcp.h> 29#include <arpa/inet.h> 30 31#include <stdio.h> 32#include <stdlib.h> 33#include <stdarg.h> 34#include <limits.h> 35#include <errno.h> 36#include <fcntl.h> 37#include <string.h> 38#include <syslog.h> 39#include <unistd.h> 40#include <event.h> 41#include <imsg.h> 42#include <tls.h> 43#include <vis.h> 44 45#include "httpd.h" 46 47#define MINIMUM(a, b) (((a) < (b)) ? (a) : (b)) 48 49int server_dispatch_parent(int, struct privsep_proc *, 50 struct imsg *); 51int server_dispatch_logger(int, struct privsep_proc *, 52 struct imsg *); 53void server_shutdown(void); 54 55void server_init(struct privsep *, struct privsep_proc *p, void *); 56void server_launch(void); 57int server_socket(struct sockaddr_storage *, in_port_t, 58 struct server_config *, int, int); 59int server_socket_listen(struct sockaddr_storage *, in_port_t, 60 struct server_config *); 61struct server *server_byid(uint32_t); 62 63int server_tls_init(struct server *); 64void server_tls_readcb(int, short, void *); 65void server_tls_writecb(int, short, void *); 66void server_tls_handshake(int, short, void *); 67 68void server_accept(int, short, void *); 69void server_input(struct client *); 70void server_inflight_dec(struct client *, const char *); 71 72extern void bufferevent_read_pressure_cb(struct evbuffer *, size_t, 73 size_t, void *); 74 75volatile int server_clients; 76volatile int server_inflight = 0; 77uint32_t server_cltid; 78 79static struct privsep_proc procs[] = { 80 { "parent", PROC_PARENT, server_dispatch_parent }, 81 { "logger", PROC_LOGGER, server_dispatch_logger } 82}; 83 84void 85server(struct privsep *ps, struct privsep_proc *p) 86{ 87 proc_run(ps, p, procs, nitems(procs), server_init, NULL); 88 server_http(); 89} 90 91void 92server_shutdown(void) 93{ 94 config_purge(httpd_env, CONFIG_ALL); 95 usleep(200); /* XXX server needs to shutdown last */ 96} 97 98int 99server_privinit(struct server *srv) 100{ 101 struct server *s; 102 103 if (srv->srv_conf.flags & SRVFLAG_LOCATION) 104 return (0); 105 106 log_debug("%s: adding server %s", __func__, srv->srv_conf.name); 107 108 /* 109 * There's no need to open a new socket if a server with the 110 * same address already exists. 111 */ 112 TAILQ_FOREACH(s, httpd_env->sc_servers, srv_entry) { 113 if (s != srv && s->srv_s != -1 && 114 s->srv_conf.port == srv->srv_conf.port && 115 sockaddr_cmp((struct sockaddr *)&s->srv_conf.ss, 116 (struct sockaddr *)&srv->srv_conf.ss, 117 s->srv_conf.prefixlen) == 0) 118 return (0); 119 } 120 121 /* Open listening socket in the privileged process */ 122 if ((srv->srv_conf.flags & SRVFLAG_TLS) && srv->srv_conf.tls_cert == 123 NULL) { 124 /* soft fail if cert is not there yet */ 125 srv->srv_s = -1; 126 return (0); 127 } 128 129 if ((srv->srv_s = server_socket_listen(&srv->srv_conf.ss, 130 srv->srv_conf.port, &srv->srv_conf)) == -1) 131 return (-1); 132 133 return (0); 134} 135 136int 137server_tls_cmp(struct server *s1, struct server *s2, int match_keypair) 138{ 139 struct server_config *sc1, *sc2; 140 141 sc1 = &s1->srv_conf; 142 sc2 = &s2->srv_conf; 143 144 if (sc1->tls_flags != sc2->tls_flags) 145 return (-1); 146 if (sc1->tls_protocols != sc2->tls_protocols) 147 return (-1); 148 if (sc1->tls_ticket_lifetime != sc2->tls_ticket_lifetime) 149 return (-1); 150 if (strcmp(sc1->tls_ciphers, sc2->tls_ciphers) != 0) 151 return (-1); 152 if (strcmp(sc1->tls_dhe_params, sc2->tls_dhe_params) != 0) 153 return (-1); 154 if (strcmp(sc1->tls_ecdhe_curves, sc2->tls_ecdhe_curves) != 0) 155 return (-1); 156 157 if (match_keypair) { 158 if (strcmp(sc1->tls_cert_file, sc2->tls_cert_file) != 0) 159 return (-1); 160 if (strcmp(sc1->tls_key_file, sc2->tls_key_file) != 0) 161 return (-1); 162 } 163 164 return (0); 165} 166 167int 168server_tls_load_keypair(struct server *srv) 169{ 170 if ((srv->srv_conf.flags & SRVFLAG_TLS) == 0) 171 return (0); 172 173 if ((srv->srv_conf.tls_cert = tls_load_file(srv->srv_conf.tls_cert_file, 174 &srv->srv_conf.tls_cert_len, NULL)) == NULL) 175 return (-1); 176 log_debug("%s: using certificate %s", __func__, 177 srv->srv_conf.tls_cert_file); 178 179 /* XXX allow to specify password for encrypted key */ 180 if ((srv->srv_conf.tls_key = tls_load_file(srv->srv_conf.tls_key_file, 181 &srv->srv_conf.tls_key_len, NULL)) == NULL) 182 return (-1); 183 log_debug("%s: using private key %s", __func__, 184 srv->srv_conf.tls_key_file); 185 186 return (0); 187} 188 189int 190server_tls_load_ocsp(struct server *srv) 191{ 192 if ((srv->srv_conf.flags & SRVFLAG_TLS) == 0) 193 return (0); 194 195 if (srv->srv_conf.tls_ocsp_staple_file == NULL) 196 return (0); 197 198 if ((srv->srv_conf.tls_ocsp_staple = tls_load_file( 199 srv->srv_conf.tls_ocsp_staple_file, 200 &srv->srv_conf.tls_ocsp_staple_len, NULL)) == NULL) { 201 log_warnx("%s: Failed to load ocsp staple from %s", __func__, 202 srv->srv_conf.tls_ocsp_staple_file); 203 return (-1); 204 } 205 206 if (srv->srv_conf.tls_ocsp_staple_len == 0) { 207 log_warnx("%s: ignoring 0 length ocsp staple from %s", __func__, 208 srv->srv_conf.tls_ocsp_staple_file); 209 return (0); 210 } 211 212 log_debug("%s: using ocsp staple from %s", __func__, 213 srv->srv_conf.tls_ocsp_staple_file); 214 215 return (0); 216} 217 218int 219server_tls_load_ca(struct server *srv) 220{ 221 if ((srv->srv_conf.tls_flags & TLSFLAG_CA) == 0 || 222 srv->srv_conf.tls_ca_file == NULL) 223 return (0); 224 225 if ((srv->srv_conf.tls_ca = tls_load_file( 226 srv->srv_conf.tls_ca_file, 227 &srv->srv_conf.tls_ca_len, NULL)) == NULL) 228 return (-1); 229 log_debug("%s: using ca cert(s) from %s", __func__, 230 srv->srv_conf.tls_ca_file); 231 232 return (0); 233} 234 235int 236server_tls_load_crl(struct server *srv) 237{ 238 if ((srv->srv_conf.tls_flags & TLSFLAG_CA) == 0 || 239 srv->srv_conf.tls_crl_file == NULL) 240 return (0); 241 242 if ((srv->srv_conf.tls_crl = tls_load_file( 243 srv->srv_conf.tls_crl_file, 244 &srv->srv_conf.tls_crl_len, NULL)) == NULL) 245 return (-1); 246 log_debug("%s: using crl(s) from %s", __func__, 247 srv->srv_conf.tls_crl_file); 248 249 return (0); 250} 251 252int 253server_tls_init(struct server *srv) 254{ 255 struct server_config *srv_conf; 256 257 if ((srv->srv_conf.flags & SRVFLAG_TLS) == 0) 258 return (0); 259 260 if (srv->srv_conf.tls_cert == NULL) 261 /* soft fail if cert is not there yet */ 262 return (0); 263 264 log_debug("%s: setting up tls for %s", __func__, srv->srv_conf.name); 265 266 if (tls_init() != 0) { 267 log_warnx("%s: failed to initialise tls", __func__); 268 return (-1); 269 } 270 if ((srv->srv_tls_config = tls_config_new()) == NULL) { 271 log_warnx("%s: failed to get tls config", __func__); 272 return (-1); 273 } 274 if ((srv->srv_tls_ctx = tls_server()) == NULL) { 275 log_warnx("%s: failed to get tls server", __func__); 276 return (-1); 277 } 278 279 if (tls_config_set_protocols(srv->srv_tls_config, 280 srv->srv_conf.tls_protocols) != 0) { 281 log_warnx("%s: failed to set tls protocols: %s", 282 __func__, tls_config_error(srv->srv_tls_config)); 283 return (-1); 284 } 285 if (tls_config_set_ciphers(srv->srv_tls_config, 286 srv->srv_conf.tls_ciphers) != 0) { 287 log_warnx("%s: failed to set tls ciphers: %s", 288 __func__, tls_config_error(srv->srv_tls_config)); 289 return (-1); 290 } 291 if (tls_config_set_dheparams(srv->srv_tls_config, 292 srv->srv_conf.tls_dhe_params) != 0) { 293 log_warnx("%s: failed to set tls dhe params: %s", 294 __func__, tls_config_error(srv->srv_tls_config)); 295 return (-1); 296 } 297 if (tls_config_set_ecdhecurves(srv->srv_tls_config, 298 srv->srv_conf.tls_ecdhe_curves) != 0) { 299 log_warnx("%s: failed to set tls ecdhe curves: %s", 300 __func__, tls_config_error(srv->srv_tls_config)); 301 return (-1); 302 } 303 304 if (tls_config_set_keypair_ocsp_mem(srv->srv_tls_config, 305 srv->srv_conf.tls_cert, srv->srv_conf.tls_cert_len, 306 srv->srv_conf.tls_key, srv->srv_conf.tls_key_len, 307 srv->srv_conf.tls_ocsp_staple, 308 srv->srv_conf.tls_ocsp_staple_len) != 0) { 309 log_warnx("%s: failed to set tls certificate/key: %s", 310 __func__, tls_config_error(srv->srv_tls_config)); 311 return (-1); 312 } 313 314 if (srv->srv_conf.tls_ca != NULL) { 315 if (tls_config_set_ca_mem(srv->srv_tls_config, 316 srv->srv_conf.tls_ca, srv->srv_conf.tls_ca_len) != 0) { 317 log_warnx("%s: failed to add ca cert(s)", __func__); 318 return (-1); 319 } 320 if (tls_config_set_crl_mem(srv->srv_tls_config, 321 srv->srv_conf.tls_crl, srv->srv_conf.tls_crl_len) != 0) { 322 log_warnx("%s: failed to add crl(s)", __func__); 323 return (-1); 324 } 325 if (srv->srv_conf.tls_flags & TLSFLAG_OPTIONAL) 326 tls_config_verify_client_optional(srv->srv_tls_config); 327 else 328 tls_config_verify_client(srv->srv_tls_config); 329 } 330 331 TAILQ_FOREACH(srv_conf, &srv->srv_hosts, entry) { 332 if (srv_conf->tls_cert == NULL || srv_conf->tls_key == NULL) 333 continue; 334 log_debug("%s: adding keypair for server %s", __func__, 335 srv->srv_conf.name); 336 if (tls_config_add_keypair_ocsp_mem(srv->srv_tls_config, 337 srv_conf->tls_cert, srv_conf->tls_cert_len, 338 srv_conf->tls_key, srv_conf->tls_key_len, 339 srv_conf->tls_ocsp_staple, 340 srv_conf->tls_ocsp_staple_len) != 0) { 341 log_warnx("%s: failed to add tls keypair", __func__); 342 return (-1); 343 } 344 } 345 346 /* set common session ID among all processes */ 347 if (tls_config_set_session_id(srv->srv_tls_config, 348 httpd_env->sc_tls_sid, sizeof(httpd_env->sc_tls_sid)) == -1) { 349 log_warnx("%s: could not set the TLS session ID: %s", 350 __func__, tls_config_error(srv->srv_tls_config)); 351 return (-1); 352 } 353 354 /* ticket support */ 355 if (srv->srv_conf.tls_ticket_lifetime) { 356 if (tls_config_set_session_lifetime(srv->srv_tls_config, 357 srv->srv_conf.tls_ticket_lifetime) == -1) { 358 log_warnx("%s: could not set the TLS session lifetime: " 359 "%s", __func__, 360 tls_config_error(srv->srv_tls_config)); 361 return (-1); 362 } 363 tls_config_add_ticket_key(srv->srv_tls_config, 364 srv->srv_conf.tls_ticket_key.tt_keyrev, 365 srv->srv_conf.tls_ticket_key.tt_key, 366 sizeof(srv->srv_conf.tls_ticket_key.tt_key)); 367 explicit_bzero(&srv->srv_conf.tls_ticket_key, 368 sizeof(srv->srv_conf.tls_ticket_key)); 369 } 370 371 if (tls_configure(srv->srv_tls_ctx, srv->srv_tls_config) != 0) { 372 log_warnx("%s: failed to configure tls - %s", __func__, 373 tls_error(srv->srv_tls_ctx)); 374 return (-1); 375 } 376 377 /* We're now done with the public/private key & ca/crl... */ 378 tls_config_clear_keys(srv->srv_tls_config); 379 freezero(srv->srv_conf.tls_cert, srv->srv_conf.tls_cert_len); 380 freezero(srv->srv_conf.tls_key, srv->srv_conf.tls_key_len); 381 free(srv->srv_conf.tls_ca); 382 free(srv->srv_conf.tls_crl); 383 srv->srv_conf.tls_ca = NULL; 384 srv->srv_conf.tls_cert = NULL; 385 srv->srv_conf.tls_crl = NULL; 386 srv->srv_conf.tls_key = NULL; 387 srv->srv_conf.tls_ca_len = 0; 388 srv->srv_conf.tls_cert_len = 0; 389 srv->srv_conf.tls_crl_len = 0; 390 srv->srv_conf.tls_key_len = 0; 391 392 return (0); 393} 394 395void 396server_generate_ticket_key(struct server_config *srv_conf) 397{ 398 struct server_tls_ticket *key = &srv_conf->tls_ticket_key; 399 400 key->tt_id = srv_conf->id; 401 key->tt_keyrev = arc4random(); 402 arc4random_buf(key->tt_key, sizeof(key->tt_key)); 403} 404 405void 406server_init(struct privsep *ps, struct privsep_proc *p, void *arg) 407{ 408 server_http(); 409 410 if (config_init(ps->ps_env) == -1) 411 fatal("failed to initialize configuration"); 412 413 /* We use a custom shutdown callback */ 414 p->p_shutdown = server_shutdown; 415 416 /* Unlimited file descriptors (use system limits) */ 417 socket_rlimit(-1); 418 419 if (pledge("stdio rpath inet unix recvfd", NULL) == -1) 420 fatal("pledge"); 421 422#if 0 423 /* Schedule statistics timer */ 424 evtimer_set(&ps->ps_env->sc_statev, server_statistics, NULL); 425 memcpy(&tv, &ps->ps_env->sc_statinterval, sizeof(tv)); 426 evtimer_add(&ps->ps_env->sc_statev, &tv); 427#endif 428} 429 430void 431server_launch(void) 432{ 433 struct server *srv; 434 435 TAILQ_FOREACH(srv, httpd_env->sc_servers, srv_entry) { 436 log_debug("%s: configuring server %s", __func__, 437 srv->srv_conf.name); 438 439 server_tls_init(srv); 440 server_http_init(srv); 441 442 log_debug("%s: running server %s", __func__, 443 srv->srv_conf.name); 444 445 event_set(&srv->srv_ev, srv->srv_s, EV_READ, 446 server_accept, srv); 447 event_add(&srv->srv_ev, NULL); 448 evtimer_set(&srv->srv_evt, server_accept, srv); 449 } 450} 451 452void 453server_purge(struct server *srv) 454{ 455 struct client *clt; 456 struct server_config *srv_conf; 457 458 /* shutdown and remove server */ 459 if (event_initialized(&srv->srv_ev)) 460 event_del(&srv->srv_ev); 461 if (evtimer_initialized(&srv->srv_evt)) 462 evtimer_del(&srv->srv_evt); 463 464 if (srv->srv_s != -1) 465 close(srv->srv_s); 466 TAILQ_REMOVE(httpd_env->sc_servers, srv, srv_entry); 467 468 /* cleanup sessions */ 469 while ((clt = 470 SPLAY_ROOT(&srv->srv_clients)) != NULL) 471 server_close(clt, NULL); 472 473 /* cleanup hosts */ 474 while ((srv_conf = 475 TAILQ_FIRST(&srv->srv_hosts)) != NULL) { 476 TAILQ_REMOVE(&srv->srv_hosts, srv_conf, entry); 477 478 /* It might point to our own "default" entry */ 479 if (srv_conf != &srv->srv_conf) { 480 serverconfig_free(srv_conf); 481 free(srv_conf); 482 } 483 } 484 485 tls_config_free(srv->srv_tls_config); 486 tls_free(srv->srv_tls_ctx); 487 488 free(srv); 489} 490 491void 492serverconfig_free(struct server_config *srv_conf) 493{ 494 free(srv_conf->return_uri); 495 free(srv_conf->tls_ca_file); 496 free(srv_conf->tls_ca); 497 free(srv_conf->tls_cert_file); 498 free(srv_conf->tls_crl_file); 499 free(srv_conf->tls_crl); 500 free(srv_conf->tls_key_file); 501 free(srv_conf->tls_ocsp_staple_file); 502 free(srv_conf->tls_ocsp_staple); 503 freezero(srv_conf->tls_cert, srv_conf->tls_cert_len); 504 freezero(srv_conf->tls_key, srv_conf->tls_key_len); 505} 506 507void 508serverconfig_reset(struct server_config *srv_conf) 509{ 510 srv_conf->auth = NULL; 511 srv_conf->return_uri = NULL; 512 srv_conf->tls_ca = NULL; 513 srv_conf->tls_ca_file = NULL; 514 srv_conf->tls_cert = NULL; 515 srv_conf->tls_cert_file = NULL; 516 srv_conf->tls_crl = NULL; 517 srv_conf->tls_crl_file = NULL; 518 srv_conf->tls_key = NULL; 519 srv_conf->tls_key_file = NULL; 520 srv_conf->tls_ocsp_staple = NULL; 521 srv_conf->tls_ocsp_staple_file = NULL; 522} 523 524struct server * 525server_byaddr(struct sockaddr *addr, in_port_t port) 526{ 527 struct server *srv; 528 529 TAILQ_FOREACH(srv, httpd_env->sc_servers, srv_entry) { 530 if (port == srv->srv_conf.port && 531 sockaddr_cmp((struct sockaddr *)&srv->srv_conf.ss, 532 addr, srv->srv_conf.prefixlen) == 0) 533 return (srv); 534 } 535 536 return (NULL); 537} 538 539struct server_config * 540serverconfig_byid(uint32_t id) 541{ 542 struct server *srv; 543 struct server_config *srv_conf; 544 545 TAILQ_FOREACH(srv, httpd_env->sc_servers, srv_entry) { 546 if (srv->srv_conf.id == id) 547 return (&srv->srv_conf); 548 TAILQ_FOREACH(srv_conf, &srv->srv_hosts, entry) { 549 if (srv_conf->id == id) 550 return (srv_conf); 551 } 552 } 553 554 return (NULL); 555} 556 557struct server * 558server_byid(uint32_t id) 559{ 560 struct server *srv; 561 562 TAILQ_FOREACH(srv, httpd_env->sc_servers, srv_entry) { 563 if (srv->srv_conf.id == id) 564 return (srv); 565 } 566 return (NULL); 567} 568 569int 570server_foreach(int (*srv_cb)(struct server *, 571 struct server_config *, void *), void *arg) 572{ 573 struct server *srv; 574 struct server_config *srv_conf; 575 576 TAILQ_FOREACH(srv, httpd_env->sc_servers, srv_entry) { 577 if ((srv_cb)(srv, &srv->srv_conf, arg) == -1) 578 return (-1); 579 TAILQ_FOREACH(srv_conf, &srv->srv_hosts, entry) { 580 if ((srv_cb)(srv, srv_conf, arg) == -1) 581 return (-1); 582 } 583 } 584 585 return (0); 586} 587 588struct server * 589server_match(struct server *s2, int match_name) 590{ 591 struct server *s1; 592 593 /* Attempt to find matching server. */ 594 TAILQ_FOREACH(s1, httpd_env->sc_servers, srv_entry) { 595 if ((s1->srv_conf.flags & SRVFLAG_LOCATION) != 0) 596 continue; 597 if (match_name) { 598 if (strcmp(s1->srv_conf.name, s2->srv_conf.name) != 0) 599 continue; 600 } 601 if (s1->srv_conf.port != s2->srv_conf.port) 602 continue; 603 if (sockaddr_cmp( 604 (struct sockaddr *)&s1->srv_conf.ss, 605 (struct sockaddr *)&s2->srv_conf.ss, 606 s1->srv_conf.prefixlen) != 0) 607 continue; 608 609 return (s1); 610 } 611 612 return (NULL); 613} 614 615int 616server_socket_af(struct sockaddr_storage *ss, in_port_t port) 617{ 618 switch (ss->ss_family) { 619 case AF_INET: 620 ((struct sockaddr_in *)ss)->sin_port = port; 621 ((struct sockaddr_in *)ss)->sin_len = 622 sizeof(struct sockaddr_in); 623 break; 624 case AF_INET6: 625 ((struct sockaddr_in6 *)ss)->sin6_port = port; 626 ((struct sockaddr_in6 *)ss)->sin6_len = 627 sizeof(struct sockaddr_in6); 628 break; 629 default: 630 return (-1); 631 } 632 633 return (0); 634} 635 636in_port_t 637server_socket_getport(struct sockaddr_storage *ss) 638{ 639 switch (ss->ss_family) { 640 case AF_INET: 641 return (((struct sockaddr_in *)ss)->sin_port); 642 case AF_INET6: 643 return (((struct sockaddr_in6 *)ss)->sin6_port); 644 default: 645 return (0); 646 } 647 648 /* NOTREACHED */ 649 return (0); 650} 651 652int 653server_socket(struct sockaddr_storage *ss, in_port_t port, 654 struct server_config *srv_conf, int fd, int reuseport) 655{ 656 struct linger lng; 657 int s = -1, val; 658 659 if (server_socket_af(ss, port) == -1) 660 goto bad; 661 662 s = fd == -1 ? socket(ss->ss_family, SOCK_STREAM | SOCK_NONBLOCK, 663 IPPROTO_TCP) : fd; 664 if (s == -1) 665 goto bad; 666 667 /* 668 * Socket options 669 */ 670 memset(&lng, 0, sizeof(lng)); 671 if (setsockopt(s, SOL_SOCKET, SO_LINGER, &lng, sizeof(lng)) == -1) 672 goto bad; 673 if (reuseport) { 674 val = 1; 675 if (setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &val, 676 sizeof(int)) == -1) 677 goto bad; 678 } 679 if (srv_conf->tcpflags & TCPFLAG_BUFSIZ) { 680 val = srv_conf->tcpbufsiz; 681 if (setsockopt(s, SOL_SOCKET, SO_RCVBUF, 682 &val, sizeof(val)) == -1) 683 goto bad; 684 val = srv_conf->tcpbufsiz; 685 if (setsockopt(s, SOL_SOCKET, SO_SNDBUF, 686 &val, sizeof(val)) == -1) 687 goto bad; 688 } 689 690 /* 691 * IP options 692 */ 693 if (srv_conf->tcpflags & TCPFLAG_IPTTL) { 694 val = (int)srv_conf->tcpipttl; 695 switch (ss->ss_family) { 696 case AF_INET: 697 if (setsockopt(s, IPPROTO_IP, IP_TTL, 698 &val, sizeof(val)) == -1) 699 goto bad; 700 break; 701 case AF_INET6: 702 if (setsockopt(s, IPPROTO_IPV6, IPV6_UNICAST_HOPS, 703 &val, sizeof(val)) == -1) 704 goto bad; 705 break; 706 } 707 } 708 if (srv_conf->tcpflags & TCPFLAG_IPMINTTL) { 709 val = (int)srv_conf->tcpipminttl; 710 switch (ss->ss_family) { 711 case AF_INET: 712 if (setsockopt(s, IPPROTO_IP, IP_MINTTL, 713 &val, sizeof(val)) == -1) 714 goto bad; 715 break; 716 case AF_INET6: 717 if (setsockopt(s, IPPROTO_IPV6, IPV6_MINHOPCOUNT, 718 &val, sizeof(val)) == -1) 719 goto bad; 720 break; 721 } 722 } 723 724 /* 725 * TCP options 726 */ 727 if (srv_conf->tcpflags & (TCPFLAG_NODELAY|TCPFLAG_NNODELAY)) { 728 if (srv_conf->tcpflags & TCPFLAG_NNODELAY) 729 val = 0; 730 else 731 val = 1; 732 if (setsockopt(s, IPPROTO_TCP, TCP_NODELAY, 733 &val, sizeof(val)) == -1) 734 goto bad; 735 } 736 if (srv_conf->tcpflags & (TCPFLAG_SACK|TCPFLAG_NSACK)) { 737 if (srv_conf->tcpflags & TCPFLAG_NSACK) 738 val = 0; 739 else 740 val = 1; 741 if (setsockopt(s, IPPROTO_TCP, TCP_SACK_ENABLE, 742 &val, sizeof(val)) == -1) 743 goto bad; 744 } 745 746 return (s); 747 748 bad: 749 if (s != -1) 750 close(s); 751 return (-1); 752} 753 754int 755server_socket_listen(struct sockaddr_storage *ss, in_port_t port, 756 struct server_config *srv_conf) 757{ 758 int s; 759 760 if ((s = server_socket(ss, port, srv_conf, -1, 1)) == -1) 761 return (-1); 762 763 if (bind(s, (struct sockaddr *)ss, ss->ss_len) == -1) 764 goto bad; 765 if (listen(s, srv_conf->tcpbacklog) == -1) 766 goto bad; 767 768 return (s); 769 770 bad: 771 close(s); 772 return (-1); 773} 774 775int 776server_socket_connect(struct sockaddr_storage *ss, in_port_t port, 777 struct server_config *srv_conf) 778{ 779 int s; 780 781 if ((s = server_socket(ss, port, srv_conf, -1, 0)) == -1) 782 return (-1); 783 784 if (connect(s, (struct sockaddr *)ss, ss->ss_len) == -1) { 785 if (errno != EINPROGRESS) 786 goto bad; 787 } 788 789 return (s); 790 791 bad: 792 close(s); 793 return (-1); 794} 795 796void 797server_tls_readcb(int fd, short event, void *arg) 798{ 799 struct bufferevent *bufev = arg; 800 struct client *clt = bufev->cbarg; 801 char rbuf[IBUF_READ_SIZE]; 802 int what = EVBUFFER_READ; 803 int howmuch = IBUF_READ_SIZE; 804 ssize_t ret; 805 size_t len; 806 807 if (event == EV_TIMEOUT) { 808 what |= EVBUFFER_TIMEOUT; 809 goto err; 810 } 811 812 if (bufev->wm_read.high != 0) 813 howmuch = MINIMUM(sizeof(rbuf), bufev->wm_read.high); 814 815 ret = tls_read(clt->clt_tls_ctx, rbuf, howmuch); 816 if (ret == TLS_WANT_POLLIN || ret == TLS_WANT_POLLOUT) { 817 goto retry; 818 } else if (ret < 0) { 819 what |= EVBUFFER_ERROR; 820 goto err; 821 } 822 len = ret; 823 824 if (len == 0) { 825 what |= EVBUFFER_EOF; 826 goto err; 827 } 828 829 if (evbuffer_add(bufev->input, rbuf, len) == -1) { 830 what |= EVBUFFER_ERROR; 831 goto err; 832 } 833 834 server_bufferevent_add(&bufev->ev_read, bufev->timeout_read); 835 836 len = EVBUFFER_LENGTH(bufev->input); 837 if (bufev->wm_read.low != 0 && len < bufev->wm_read.low) 838 return; 839 if (bufev->wm_read.high != 0 && len > bufev->wm_read.high) { 840 struct evbuffer *buf = bufev->input; 841 event_del(&bufev->ev_read); 842 evbuffer_setcb(buf, bufferevent_read_pressure_cb, bufev); 843 return; 844 } 845 846 if (bufev->readcb != NULL) 847 (*bufev->readcb)(bufev, bufev->cbarg); 848 return; 849 850 retry: 851 server_bufferevent_add(&bufev->ev_read, bufev->timeout_read); 852 return; 853 854 err: 855 (*bufev->errorcb)(bufev, what, bufev->cbarg); 856} 857 858void 859server_tls_writecb(int fd, short event, void *arg) 860{ 861 struct bufferevent *bufev = arg; 862 struct client *clt = bufev->cbarg; 863 ssize_t ret; 864 short what = EVBUFFER_WRITE; 865 size_t len; 866 867 if (event == EV_TIMEOUT) { 868 what |= EVBUFFER_TIMEOUT; 869 goto err; 870 } 871 872 if (EVBUFFER_LENGTH(bufev->output)) { 873 ret = tls_write(clt->clt_tls_ctx, 874 EVBUFFER_DATA(bufev->output), 875 EVBUFFER_LENGTH(bufev->output)); 876 if (ret == TLS_WANT_POLLIN || ret == TLS_WANT_POLLOUT) { 877 goto retry; 878 } else if (ret < 0) { 879 what |= EVBUFFER_ERROR; 880 goto err; 881 } 882 len = ret; 883 evbuffer_drain(bufev->output, len); 884 } 885 886 if (EVBUFFER_LENGTH(bufev->output) != 0) 887 server_bufferevent_add(&bufev->ev_write, bufev->timeout_write); 888 889 if (bufev->writecb != NULL && 890 EVBUFFER_LENGTH(bufev->output) <= bufev->wm_write.low) 891 (*bufev->writecb)(bufev, bufev->cbarg); 892 return; 893 894 retry: 895 server_bufferevent_add(&bufev->ev_write, bufev->timeout_write); 896 return; 897 898 err: 899 (*bufev->errorcb)(bufev, what, bufev->cbarg); 900} 901 902void 903server_input(struct client *clt) 904{ 905 struct server_config *srv_conf = clt->clt_srv_conf; 906 evbuffercb inrd = server_read; 907 evbuffercb inwr = server_write; 908 socklen_t slen; 909 910 if (server_httpdesc_init(clt) == -1) { 911 server_close(clt, "failed to allocate http descriptor"); 912 return; 913 } 914 915 clt->clt_toread = TOREAD_HTTP_HEADER; 916 inrd = server_read_http; 917 918 slen = sizeof(clt->clt_sndbufsiz); 919 if (getsockopt(clt->clt_s, SOL_SOCKET, SO_SNDBUF, 920 &clt->clt_sndbufsiz, &slen) == -1) { 921 server_close(clt, "failed to get send buffer size"); 922 return; 923 } 924 925 /* 926 * Client <-> Server 927 */ 928 clt->clt_bev = bufferevent_new(clt->clt_s, inrd, inwr, 929 server_error, clt); 930 if (clt->clt_bev == NULL) { 931 server_close(clt, "failed to allocate input buffer event"); 932 return; 933 } 934 935 if (srv_conf->flags & SRVFLAG_TLS) { 936 event_set(&clt->clt_bev->ev_read, clt->clt_s, EV_READ, 937 server_tls_readcb, clt->clt_bev); 938 event_set(&clt->clt_bev->ev_write, clt->clt_s, EV_WRITE, 939 server_tls_writecb, clt->clt_bev); 940 } 941 942 /* Adjust write watermark to the socket buffer output size */ 943 bufferevent_setwatermark(clt->clt_bev, EV_WRITE, 944 SERVER_MIN_PREFETCHED * clt->clt_sndbufsiz, 0); 945 /* Read at most amount of data that fits in one fcgi record. */ 946 bufferevent_setwatermark(clt->clt_bev, EV_READ, 0, FCGI_CONTENT_SIZE); 947 948 bufferevent_settimeout(clt->clt_bev, 949 srv_conf->requesttimeout.tv_sec, srv_conf->requesttimeout.tv_sec); 950 bufferevent_enable(clt->clt_bev, EV_READ|EV_WRITE); 951} 952 953void 954server_write(struct bufferevent *bev, void *arg) 955{ 956 struct client *clt = arg; 957 struct evbuffer *dst = EVBUFFER_OUTPUT(bev); 958 959 if (EVBUFFER_LENGTH(dst) == 0 && 960 clt->clt_toread == TOREAD_HTTP_NONE) 961 goto done; 962 963 getmonotime(&clt->clt_tv_last); 964 965 if (clt->clt_done) 966 goto done; 967 968 if (clt->clt_srvbev && clt->clt_srvbev_throttled) { 969 bufferevent_enable(clt->clt_srvbev, EV_READ); 970 clt->clt_srvbev_throttled = 0; 971 } 972 973 return; 974 done: 975 (*bev->errorcb)(bev, EVBUFFER_WRITE, bev->cbarg); 976 return; 977} 978 979void 980server_dump(struct client *clt, const void *buf, size_t len) 981{ 982 if (!len) 983 return; 984 985 /* 986 * This function will dump the specified message directly 987 * to the underlying client, without waiting for success 988 * of non-blocking events etc. This is useful to print an 989 * error message before gracefully closing the client. 990 */ 991 if (clt->clt_tls_ctx != NULL) 992 (void)tls_write(clt->clt_tls_ctx, buf, len); 993 else 994 (void)write(clt->clt_s, buf, len); 995} 996 997void 998server_read(struct bufferevent *bev, void *arg) 999{ 1000 struct client *clt = arg; 1001 struct evbuffer *src = EVBUFFER_INPUT(bev); 1002 1003 getmonotime(&clt->clt_tv_last); 1004 1005 if (!EVBUFFER_LENGTH(src)) 1006 return; 1007 if (server_bufferevent_write_buffer(clt, src) == -1) 1008 goto fail; 1009 if (clt->clt_done) 1010 goto done; 1011 1012 if (EVBUFFER_LENGTH(EVBUFFER_OUTPUT(clt->clt_bev)) > (size_t) 1013 SERVER_MAX_PREFETCH * clt->clt_sndbufsiz) { 1014 bufferevent_disable(clt->clt_srvbev, EV_READ); 1015 clt->clt_srvbev_throttled = 1; 1016 } 1017 1018 return; 1019 done: 1020 (*bev->errorcb)(bev, EVBUFFER_READ, bev->cbarg); 1021 return; 1022 fail: 1023 server_close(clt, strerror(errno)); 1024} 1025 1026void 1027server_error(struct bufferevent *bev, short error, void *arg) 1028{ 1029 struct client *clt = arg; 1030 struct evbuffer *dst; 1031 1032 if (error & EVBUFFER_TIMEOUT) { 1033 server_abort_http(clt, 408, "timeout"); 1034 return; 1035 } 1036 if (error & EVBUFFER_ERROR) { 1037 if (errno == EFBIG) { 1038 bufferevent_enable(bev, EV_READ); 1039 return; 1040 } 1041 server_close(clt, "buffer event error"); 1042 return; 1043 } 1044 if (error & EVBUFFER_EOF) { 1045 server_close(clt, "closed"); 1046 return; 1047 } 1048 if (error & (EVBUFFER_READ|EVBUFFER_WRITE)) { 1049 bufferevent_disable(bev, EV_READ|EV_WRITE); 1050 1051 clt->clt_done = 1; 1052 1053 dst = EVBUFFER_OUTPUT(clt->clt_bev); 1054 if (EVBUFFER_LENGTH(dst)) { 1055 /* Finish writing all data first */ 1056 bufferevent_enable(clt->clt_bev, EV_WRITE); 1057 return; 1058 } 1059 1060 server_close(clt, "done"); 1061 return; 1062 } 1063 server_close(clt, "unknown event error"); 1064 return; 1065} 1066 1067void 1068server_accept(int fd, short event, void *arg) 1069{ 1070 struct server *srv = arg; 1071 struct client *clt = NULL; 1072 socklen_t slen; 1073 struct sockaddr_storage ss; 1074 int s = -1; 1075 1076 event_add(&srv->srv_ev, NULL); 1077 if ((event & EV_TIMEOUT)) 1078 return; 1079 1080 slen = sizeof(ss); 1081 if ((s = accept_reserve(fd, (struct sockaddr *)&ss, 1082 &slen, FD_RESERVE, &server_inflight)) == -1) { 1083 /* 1084 * Pause accept if we are out of file descriptors, or 1085 * libevent will haunt us here too. 1086 */ 1087 if (errno == ENFILE || errno == EMFILE) { 1088 struct timeval evtpause = { 1, 0 }; 1089 1090 event_del(&srv->srv_ev); 1091 evtimer_add(&srv->srv_evt, &evtpause); 1092 log_debug("%s: deferring connections", __func__); 1093 } 1094 return; 1095 } 1096 if (server_clients >= SERVER_MAX_CLIENTS) 1097 goto err; 1098 1099 if ((clt = calloc(1, sizeof(*clt))) == NULL) 1100 goto err; 1101 1102 /* Pre-allocate log buffer */ 1103 clt->clt_log = evbuffer_new(); 1104 if (clt->clt_log == NULL) 1105 goto err; 1106 1107 clt->clt_s = s; 1108 clt->clt_fd = -1; 1109 clt->clt_toread = TOREAD_UNLIMITED; 1110 clt->clt_srv = srv; 1111 clt->clt_srv_conf = &srv->srv_conf; 1112 clt->clt_id = ++server_cltid; 1113 clt->clt_srv_id = srv->srv_conf.id; 1114 clt->clt_pid = getpid(); 1115 clt->clt_inflight = 1; 1116 1117 /* get local address */ 1118 slen = sizeof(clt->clt_srv_ss); 1119 if (getsockname(s, (struct sockaddr *)&clt->clt_srv_ss, 1120 &slen) == -1) { 1121 server_close(clt, "listen address lookup failed"); 1122 return; 1123 } 1124 1125 /* get client address */ 1126 memcpy(&clt->clt_ss, &ss, sizeof(clt->clt_ss)); 1127 1128 /* get ports */ 1129 switch (ss.ss_family) { 1130 case AF_INET: 1131 clt->clt_port = ((struct sockaddr_in *)&ss)->sin_port; 1132 break; 1133 case AF_INET6: 1134 clt->clt_port = ((struct sockaddr_in6 *)&ss)->sin6_port; 1135 break; 1136 } 1137 1138 getmonotime(&clt->clt_tv_start); 1139 memcpy(&clt->clt_tv_last, &clt->clt_tv_start, sizeof(clt->clt_tv_last)); 1140 1141 server_clients++; 1142 SPLAY_INSERT(client_tree, &srv->srv_clients, clt); 1143 1144 /* Pre-allocate output buffer */ 1145 clt->clt_output = evbuffer_new(); 1146 if (clt->clt_output == NULL) { 1147 server_close(clt, "failed to allocate output buffer"); 1148 return; 1149 } 1150 1151 if (srv->srv_conf.flags & SRVFLAG_TLS) { 1152 if (tls_accept_socket(srv->srv_tls_ctx, &clt->clt_tls_ctx, 1153 clt->clt_s) != 0) { 1154 server_close(clt, "failed to setup tls context"); 1155 return; 1156 } 1157 event_again(&clt->clt_ev, clt->clt_s, EV_TIMEOUT|EV_READ, 1158 server_tls_handshake, &clt->clt_tv_start, 1159 &srv->srv_conf.timeout, clt); 1160 return; 1161 } 1162 1163 server_input(clt); 1164 return; 1165 1166 err: 1167 if (s != -1) { 1168 close(s); 1169 free(clt); 1170 /* 1171 * the client struct was not completely set up, but still 1172 * counted as an inflight client. account for this. 1173 */ 1174 server_inflight_dec(NULL, __func__); 1175 } 1176} 1177 1178void 1179server_tls_handshake(int fd, short event, void *arg) 1180{ 1181 struct client *clt = (struct client *)arg; 1182 struct server *srv = (struct server *)clt->clt_srv; 1183 int ret; 1184 1185 if (event == EV_TIMEOUT) { 1186 server_close(clt, "tls handshake timeout"); 1187 return; 1188 } 1189 1190 if (srv->srv_tls_ctx == NULL || clt->clt_tls_ctx == NULL) 1191 fatalx("NULL tls context"); 1192 1193 ret = tls_handshake(clt->clt_tls_ctx); 1194 if (ret == 0) { 1195 server_input(clt); 1196 } else if (ret == TLS_WANT_POLLIN) { 1197 event_again(&clt->clt_ev, clt->clt_s, EV_TIMEOUT|EV_READ, 1198 server_tls_handshake, &clt->clt_tv_start, 1199 &srv->srv_conf.timeout, clt); 1200 } else if (ret == TLS_WANT_POLLOUT) { 1201 event_again(&clt->clt_ev, clt->clt_s, EV_TIMEOUT|EV_WRITE, 1202 server_tls_handshake, &clt->clt_tv_start, 1203 &srv->srv_conf.timeout, clt); 1204 } else { 1205 log_debug("%s: tls handshake failed - %s", __func__, 1206 tls_error(clt->clt_tls_ctx)); 1207 server_close(clt, "tls handshake failed"); 1208 } 1209} 1210 1211void 1212server_inflight_dec(struct client *clt, const char *why) 1213{ 1214 if (clt != NULL) { 1215 /* the flight already left inflight mode. */ 1216 if (clt->clt_inflight == 0) 1217 return; 1218 clt->clt_inflight = 0; 1219 } 1220 1221 /* the file was never opened, thus this was an inflight client. */ 1222 server_inflight--; 1223 DPRINTF("%s: inflight decremented, now %d, %s", 1224 __func__, server_inflight, why); 1225} 1226 1227void 1228server_sendlog(struct server_config *srv_conf, int cmd, const char *emsg, ...) 1229{ 1230 va_list ap; 1231 char *msg; 1232 int ret; 1233 struct iovec iov[2]; 1234 1235 if (srv_conf->flags & SRVFLAG_SYSLOG) { 1236 va_start(ap, emsg); 1237 if (cmd == IMSG_LOG_ACCESS) 1238 vlog(LOG_INFO, emsg, ap); 1239 else 1240 vlog(LOG_DEBUG, emsg, ap); 1241 va_end(ap); 1242 return; 1243 } 1244 1245 va_start(ap, emsg); 1246 ret = vasprintf(&msg, emsg, ap); 1247 va_end(ap); 1248 if (ret == -1) { 1249 log_warn("%s: vasprintf", __func__); 1250 return; 1251 } 1252 1253 iov[0].iov_base = &srv_conf->id; 1254 iov[0].iov_len = sizeof(srv_conf->id); 1255 iov[1].iov_base = msg; 1256 iov[1].iov_len = strlen(msg) + 1; 1257 1258 if (proc_composev(httpd_env->sc_ps, PROC_LOGGER, cmd, iov, 2) != 0) { 1259 log_warn("%s: failed to compose imsg", __func__); 1260 return; 1261 } 1262} 1263 1264void 1265server_log(struct client *clt, const char *msg) 1266{ 1267 char ibuf[HOST_NAME_MAX+1], obuf[HOST_NAME_MAX+1]; 1268 struct server_config *srv_conf = clt->clt_srv_conf; 1269 char *ptr = NULL, *vmsg = NULL; 1270 int debug_cmd = -1; 1271 1272 switch (srv_conf->logformat) { 1273 case LOG_FORMAT_CONNECTION: 1274 debug_cmd = IMSG_LOG_ACCESS; 1275 break; 1276 default: 1277 if (log_getverbose() > 1) 1278 debug_cmd = IMSG_LOG_ERROR; 1279 if (EVBUFFER_LENGTH(clt->clt_log)) { 1280 while ((ptr = 1281 evbuffer_readline(clt->clt_log)) != NULL) { 1282 server_sendlog(srv_conf, 1283 IMSG_LOG_ACCESS, "%s", ptr); 1284 free(ptr); 1285 } 1286 } 1287 break; 1288 } 1289 1290 if (debug_cmd != -1 && msg != NULL) { 1291 memset(ibuf, 0, sizeof(ibuf)); 1292 memset(obuf, 0, sizeof(obuf)); 1293 (void)print_host(&clt->clt_ss, ibuf, sizeof(ibuf)); 1294 (void)server_http_host(&clt->clt_srv_ss, obuf, sizeof(obuf)); 1295 if (EVBUFFER_LENGTH(clt->clt_log) && 1296 evbuffer_add_printf(clt->clt_log, "\n") != -1) 1297 ptr = evbuffer_readline(clt->clt_log); 1298 (void)stravis(&vmsg, msg, HTTPD_LOGVIS); 1299 server_sendlog(srv_conf, debug_cmd, "server %s, " 1300 "client %d (%d active), %s:%u -> %s, " 1301 "%s%s%s", srv_conf->name, clt->clt_id, server_clients, 1302 ibuf, ntohs(clt->clt_port), obuf, vmsg == NULL ? "" : vmsg, 1303 ptr == NULL ? "" : ",", ptr == NULL ? "" : ptr); 1304 free(vmsg); 1305 free(ptr); 1306 } 1307} 1308 1309void 1310server_close(struct client *clt, const char *msg) 1311{ 1312 struct server *srv = clt->clt_srv; 1313 1314 SPLAY_REMOVE(client_tree, &srv->srv_clients, clt); 1315 1316 /* free the HTTP descriptors incl. headers */ 1317 server_close_http(clt); 1318 1319 event_del(&clt->clt_ev); 1320 if (clt->clt_bev != NULL) 1321 bufferevent_disable(clt->clt_bev, EV_READ|EV_WRITE); 1322 if (clt->clt_srvbev != NULL) 1323 bufferevent_disable(clt->clt_srvbev, EV_READ|EV_WRITE); 1324 1325 server_log(clt, msg); 1326 1327 if (clt->clt_bev != NULL) 1328 bufferevent_free(clt->clt_bev); 1329 if (clt->clt_output != NULL) 1330 evbuffer_free(clt->clt_output); 1331 if (clt->clt_srvevb != NULL) 1332 evbuffer_free(clt->clt_srvevb); 1333 1334 if (clt->clt_srvbev != NULL) 1335 bufferevent_free(clt->clt_srvbev); 1336 if (clt->clt_fd != -1) 1337 close(clt->clt_fd); 1338 if (clt->clt_s != -1) 1339 close(clt->clt_s); 1340 1341 if (clt->clt_tls_ctx != NULL) 1342 tls_close(clt->clt_tls_ctx); 1343 tls_free(clt->clt_tls_ctx); 1344 1345 server_inflight_dec(clt, __func__); 1346 1347 if (clt->clt_log != NULL) 1348 evbuffer_free(clt->clt_log); 1349 1350 free(clt); 1351 server_clients--; 1352} 1353 1354int 1355server_dispatch_parent(int fd, struct privsep_proc *p, struct imsg *imsg) 1356{ 1357 struct server *srv; 1358 struct server_tls_ticket key; 1359 1360 switch (imsg->hdr.type) { 1361 case IMSG_CFG_MEDIA: 1362 config_getmedia(httpd_env, imsg); 1363 break; 1364 case IMSG_CFG_AUTH: 1365 config_getauth(httpd_env, imsg); 1366 break; 1367 case IMSG_CFG_SERVER: 1368 config_getserver(httpd_env, imsg); 1369 break; 1370 case IMSG_CFG_TLS: 1371 config_getserver_tls(httpd_env, imsg); 1372 break; 1373 case IMSG_CFG_DONE: 1374 config_getcfg(httpd_env, imsg); 1375 break; 1376 case IMSG_CTL_START: 1377 server_launch(); 1378 break; 1379 case IMSG_CTL_RESET: 1380 config_getreset(httpd_env, imsg); 1381 break; 1382 case IMSG_TLSTICKET_REKEY: 1383 IMSG_SIZE_CHECK(imsg, (&key)); 1384 memcpy(&key, imsg->data, sizeof(key)); 1385 /* apply to the right server */ 1386 srv = server_byid(key.tt_id); 1387 if (srv) { 1388 tls_config_add_ticket_key(srv->srv_tls_config, 1389 key.tt_keyrev, key.tt_key, sizeof(key.tt_key)); 1390 } 1391 break; 1392 default: 1393 return (-1); 1394 } 1395 1396 return (0); 1397} 1398 1399int 1400server_dispatch_logger(int fd, struct privsep_proc *p, struct imsg *imsg) 1401{ 1402 switch (imsg->hdr.type) { 1403 default: 1404 return (-1); 1405 } 1406 1407 return (0); 1408} 1409 1410int 1411server_bufferevent_add(struct event *ev, int timeout) 1412{ 1413 struct timeval tv, *ptv = NULL; 1414 1415 if (timeout) { 1416 timerclear(&tv); 1417 tv.tv_sec = timeout; 1418 ptv = &tv; 1419 } 1420 1421 return (event_add(ev, ptv)); 1422} 1423 1424int 1425server_bufferevent_printf(struct client *clt, const char *fmt, ...) 1426{ 1427 int ret; 1428 va_list ap; 1429 char *str; 1430 1431 va_start(ap, fmt); 1432 ret = vasprintf(&str, fmt, ap); 1433 va_end(ap); 1434 1435 if (ret == -1) 1436 return (ret); 1437 1438 ret = server_bufferevent_print(clt, str); 1439 free(str); 1440 1441 return (ret); 1442} 1443 1444int 1445server_bufferevent_print(struct client *clt, const char *str) 1446{ 1447 if (clt->clt_bev == NULL) 1448 return (evbuffer_add(clt->clt_output, str, strlen(str))); 1449 return (bufferevent_write(clt->clt_bev, str, strlen(str))); 1450} 1451 1452int 1453server_bufferevent_write_buffer(struct client *clt, struct evbuffer *buf) 1454{ 1455 if (clt->clt_bev == NULL) 1456 return (evbuffer_add_buffer(clt->clt_output, buf)); 1457 return (bufferevent_write_buffer(clt->clt_bev, buf)); 1458} 1459 1460int 1461server_bufferevent_write_chunk(struct client *clt, 1462 struct evbuffer *buf, size_t size) 1463{ 1464 int ret; 1465 ret = server_bufferevent_write(clt, buf->buffer, size); 1466 if (ret != -1) 1467 evbuffer_drain(buf, size); 1468 return (ret); 1469} 1470 1471int 1472server_bufferevent_write(struct client *clt, void *data, size_t size) 1473{ 1474 if (clt->clt_bev == NULL) 1475 return (evbuffer_add(clt->clt_output, data, size)); 1476 return (bufferevent_write(clt->clt_bev, data, size)); 1477} 1478 1479int 1480server_client_cmp(struct client *a, struct client *b) 1481{ 1482 return ((int)a->clt_id - b->clt_id); 1483} 1484 1485SPLAY_GENERATE(client_tree, client, clt_nodes, server_client_cmp); 1486