server.c revision 1.34
1/* $OpenBSD: server.c,v 1.34 2014/08/06 11:24:12 reyk Exp $ */ 2 3/* 4 * Copyright (c) 2006 - 2014 Reyk Floeter <reyk@openbsd.org> 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19#include <sys/types.h> 20#include <sys/queue.h> 21#include <sys/time.h> 22#include <sys/stat.h> 23#include <sys/socket.h> 24#include <sys/un.h> 25#include <sys/uio.h> 26#include <sys/tree.h> 27#include <sys/hash.h> 28 29#include <net/if.h> 30#include <netinet/in_systm.h> 31#include <netinet/in.h> 32#include <netinet/ip.h> 33#include <netinet/tcp.h> 34#include <arpa/inet.h> 35 36#include <errno.h> 37#include <fcntl.h> 38#include <stdlib.h> 39#include <string.h> 40#include <syslog.h> 41#include <unistd.h> 42#include <stdio.h> 43#include <err.h> 44#include <pwd.h> 45#include <event.h> 46#include <fnmatch.h> 47#include <ressl.h> 48 49#include "httpd.h" 50 51int server_dispatch_parent(int, struct privsep_proc *, 52 struct imsg *); 53int server_dispatch_logger(int, struct privsep_proc *, 54 struct imsg *); 55void server_shutdown(void); 56 57void server_init(struct privsep *, struct privsep_proc *p, void *); 58void server_launch(void); 59int server_socket(struct sockaddr_storage *, in_port_t, 60 struct server_config *, int, int); 61int server_socket_listen(struct sockaddr_storage *, in_port_t, 62 struct server_config *); 63 64int server_ssl_init(struct server *); 65void server_ssl_readcb(int, short, void *); 66void server_ssl_writecb(int, short, void *); 67 68void server_accept(int, short, void *); 69void server_accept_ssl(int, short, void *); 70void server_input(struct client *); 71 72extern void bufferevent_read_pressure_cb(struct evbuffer *, size_t, 73 size_t, void *); 74 75volatile int server_clients; 76volatile int server_inflight = 0; 77u_int32_t server_cltid; 78 79static struct httpd *env = NULL; 80int proc_id; 81 82static struct privsep_proc procs[] = { 83 { "parent", PROC_PARENT, server_dispatch_parent }, 84 { "logger", PROC_LOGGER, server_dispatch_logger } 85}; 86 87pid_t 88server(struct privsep *ps, struct privsep_proc *p) 89{ 90 pid_t pid; 91 env = ps->ps_env; 92 pid = proc_run(ps, p, procs, nitems(procs), server_init, NULL); 93 server_http(env); 94 return (pid); 95} 96 97void 98server_shutdown(void) 99{ 100 config_purge(env, CONFIG_ALL); 101 usleep(200); /* XXX server needs to shutdown last */ 102} 103 104int 105server_privinit(struct server *srv) 106{ 107 if (srv->srv_conf.flags & SRVFLAG_LOCATION) 108 return (0); 109 110 log_debug("%s: adding server %s", __func__, srv->srv_conf.name); 111 112 if ((srv->srv_s = server_socket_listen(&srv->srv_conf.ss, 113 srv->srv_conf.port, &srv->srv_conf)) == -1) 114 return (-1); 115 116 return (0); 117} 118 119static char * 120server_load_file(const char *filename, off_t *len) 121{ 122 struct stat st; 123 off_t size; 124 char *buf = NULL; 125 int fd; 126 127 if ((fd = open(filename, O_RDONLY)) == -1) 128 return (NULL); 129 if (fstat(fd, &st) != 0) 130 goto fail; 131 size = st.st_size; 132 if ((buf = calloc(1, size + 1)) == NULL) 133 goto fail; 134 if (read(fd, buf, size) != size) 135 goto fail; 136 137 close(fd); 138 139 *len = size; 140 return (buf); 141 142 fail: 143 free(buf); 144 close(fd); 145 146 return (NULL); 147} 148 149int 150server_ssl_load_keypair(struct server *srv) 151{ 152 if ((srv->srv_conf.flags & SRVFLAG_SSL) == 0) 153 return (0); 154 155 if ((srv->srv_conf.ssl_cert = server_load_file( 156 srv->srv_conf.ssl_cert_file, &srv->srv_conf.ssl_cert_len)) == NULL) 157 return (-1); 158 log_debug("%s: using certificate %s", __func__, 159 srv->srv_conf.ssl_cert_file); 160 161 if ((srv->srv_conf.ssl_key = server_load_file( 162 srv->srv_conf.ssl_key_file, &srv->srv_conf.ssl_key_len)) == NULL) 163 return (-1); 164 log_debug("%s: using private key %s", __func__, 165 srv->srv_conf.ssl_key_file); 166 167 return (0); 168} 169 170int 171server_ssl_init(struct server *srv) 172{ 173 if ((srv->srv_conf.flags & SRVFLAG_SSL) == 0) 174 return (0); 175 176 log_debug("%s: setting up SSL for %s", __func__, srv->srv_conf.name); 177 178 if (ressl_init() != 0) { 179 log_warn("%s: failed to initialise ressl", __func__); 180 return (-1); 181 } 182 if ((srv->srv_ressl_config = ressl_config_new()) == NULL) { 183 log_warn("%s: failed to get ressl config", __func__); 184 return (-1); 185 } 186 if ((srv->srv_ressl_ctx = ressl_server()) == NULL) { 187 log_warn("%s: failed to get ressl server", __func__); 188 return (-1); 189 } 190 191 ressl_config_set_cert_mem(srv->srv_ressl_config, 192 srv->srv_conf.ssl_cert, srv->srv_conf.ssl_cert_len); 193 ressl_config_set_key_mem(srv->srv_ressl_config, 194 srv->srv_conf.ssl_key, srv->srv_conf.ssl_key_len); 195 196 if (ressl_configure(srv->srv_ressl_ctx, srv->srv_ressl_config) != 0) { 197 log_warn("%s: failed to configure SSL - %s", __func__, 198 ressl_error(srv->srv_ressl_ctx)); 199 return (-1); 200 } 201 202 /* We're now done with the key... */ 203 explicit_bzero(srv->srv_conf.ssl_key, srv->srv_conf.ssl_key_len); 204 free(srv->srv_conf.ssl_key); 205 srv->srv_conf.ssl_key = NULL; 206 srv->srv_conf.ssl_key_len = 0; 207 208 return (0); 209} 210 211void 212server_init(struct privsep *ps, struct privsep_proc *p, void *arg) 213{ 214 server_http(ps->ps_env); 215 216 if (config_init(ps->ps_env) == -1) 217 fatal("failed to initialize configuration"); 218 219 /* Set to current prefork id */ 220 proc_id = p->p_instance; 221 222 /* We use a custom shutdown callback */ 223 p->p_shutdown = server_shutdown; 224 225 /* Unlimited file descriptors (use system limits) */ 226 socket_rlimit(-1); 227 228#if 0 229 /* Schedule statistics timer */ 230 evtimer_set(&env->sc_statev, server_statistics, NULL); 231 memcpy(&tv, &env->sc_statinterval, sizeof(tv)); 232 evtimer_add(&env->sc_statev, &tv); 233#endif 234} 235 236void 237server_launch(void) 238{ 239 struct server *srv; 240 241 TAILQ_FOREACH(srv, env->sc_servers, srv_entry) { 242 server_ssl_init(srv); 243 server_http_init(srv); 244 245 log_debug("%s: running server %s", __func__, 246 srv->srv_conf.name); 247 248 event_set(&srv->srv_ev, srv->srv_s, EV_READ, 249 server_accept, srv); 250 event_add(&srv->srv_ev, NULL); 251 evtimer_set(&srv->srv_evt, server_accept, srv); 252 } 253} 254 255void 256server_purge(struct server *srv) 257{ 258 struct client *clt; 259 struct server_config *srv_conf; 260 261 /* shutdown and remove server */ 262 if (event_initialized(&srv->srv_ev)) 263 event_del(&srv->srv_ev); 264 if (evtimer_initialized(&srv->srv_evt)) 265 evtimer_del(&srv->srv_evt); 266 267 close(srv->srv_s); 268 TAILQ_REMOVE(env->sc_servers, srv, srv_entry); 269 270 /* cleanup sessions */ 271 while ((clt = 272 SPLAY_ROOT(&srv->srv_clients)) != NULL) 273 server_close(clt, NULL); 274 275 /* cleanup hosts */ 276 while ((srv_conf = 277 TAILQ_FIRST(&srv->srv_hosts)) != NULL) { 278 TAILQ_REMOVE(&srv->srv_hosts, srv_conf, entry); 279 280 /* It might point to our own "default" entry */ 281 if (srv_conf != &srv->srv_conf) { 282 free(srv_conf->ssl_cert); 283 free(srv_conf->ssl_key); 284 free(srv_conf); 285 } 286 } 287 288 ressl_config_free(srv->srv_ressl_config); 289 ressl_free(srv->srv_ressl_ctx); 290 291 free(srv); 292} 293 294struct server * 295server_byaddr(struct sockaddr *addr, in_port_t port) 296{ 297 struct server *srv; 298 299 TAILQ_FOREACH(srv, env->sc_servers, srv_entry) { 300 if (port == srv->srv_conf.port && 301 sockaddr_cmp((struct sockaddr *)&srv->srv_conf.ss, 302 addr, srv->srv_conf.prefixlen) == 0) 303 return (srv); 304 } 305 306 return (NULL); 307} 308 309struct server_config * 310serverconfig_byid(u_int32_t id) 311{ 312 struct server *srv; 313 struct server_config *srv_conf; 314 315 TAILQ_FOREACH(srv, env->sc_servers, srv_entry) { 316 if (srv->srv_conf.id == id) 317 return (&srv->srv_conf); 318 TAILQ_FOREACH(srv_conf, &srv->srv_hosts, entry) { 319 if (srv_conf->id == id) 320 return (srv_conf); 321 } 322 } 323 324 return (NULL); 325} 326 327int 328server_foreach(int (*srv_cb)(struct server *, 329 struct server_config *, void *), void *arg) 330{ 331 struct server *srv; 332 struct server_config *srv_conf; 333 334 TAILQ_FOREACH(srv, env->sc_servers, srv_entry) { 335 if ((srv_cb)(srv, &srv->srv_conf, arg) == -1) 336 return (-1); 337 TAILQ_FOREACH(srv_conf, &srv->srv_hosts, entry) { 338 if ((srv_cb)(srv, srv_conf, arg) == -1) 339 return (-1); 340 } 341 } 342 343 return (0); 344} 345 346int 347server_socket_af(struct sockaddr_storage *ss, in_port_t port) 348{ 349 switch (ss->ss_family) { 350 case AF_INET: 351 ((struct sockaddr_in *)ss)->sin_port = port; 352 ((struct sockaddr_in *)ss)->sin_len = 353 sizeof(struct sockaddr_in); 354 break; 355 case AF_INET6: 356 ((struct sockaddr_in6 *)ss)->sin6_port = port; 357 ((struct sockaddr_in6 *)ss)->sin6_len = 358 sizeof(struct sockaddr_in6); 359 break; 360 default: 361 return (-1); 362 } 363 364 return (0); 365} 366 367in_port_t 368server_socket_getport(struct sockaddr_storage *ss) 369{ 370 switch (ss->ss_family) { 371 case AF_INET: 372 return (((struct sockaddr_in *)ss)->sin_port); 373 case AF_INET6: 374 return (((struct sockaddr_in6 *)ss)->sin6_port); 375 default: 376 return (0); 377 } 378 379 /* NOTREACHED */ 380 return (0); 381} 382 383int 384server_socket(struct sockaddr_storage *ss, in_port_t port, 385 struct server_config *srv_conf, int fd, int reuseport) 386{ 387 struct linger lng; 388 int s = -1, val; 389 390 if (server_socket_af(ss, port) == -1) 391 goto bad; 392 393 s = fd == -1 ? socket(ss->ss_family, SOCK_STREAM, IPPROTO_TCP) : fd; 394 if (s == -1) 395 goto bad; 396 397 /* 398 * Socket options 399 */ 400 memset(&lng, 0, sizeof(lng)); 401 if (setsockopt(s, SOL_SOCKET, SO_LINGER, &lng, sizeof(lng)) == -1) 402 goto bad; 403 if (reuseport) { 404 val = 1; 405 if (setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &val, 406 sizeof(int)) == -1) 407 goto bad; 408 } 409 if (fcntl(s, F_SETFL, O_NONBLOCK) == -1) 410 goto bad; 411 if (srv_conf->tcpflags & TCPFLAG_BUFSIZ) { 412 val = srv_conf->tcpbufsiz; 413 if (setsockopt(s, SOL_SOCKET, SO_RCVBUF, 414 &val, sizeof(val)) == -1) 415 goto bad; 416 val = srv_conf->tcpbufsiz; 417 if (setsockopt(s, SOL_SOCKET, SO_SNDBUF, 418 &val, sizeof(val)) == -1) 419 goto bad; 420 } 421 422 /* 423 * IP options 424 */ 425 if (srv_conf->tcpflags & TCPFLAG_IPTTL) { 426 val = (int)srv_conf->tcpipttl; 427 if (setsockopt(s, IPPROTO_IP, IP_TTL, 428 &val, sizeof(val)) == -1) 429 goto bad; 430 } 431 if (srv_conf->tcpflags & TCPFLAG_IPMINTTL) { 432 val = (int)srv_conf->tcpipminttl; 433 if (setsockopt(s, IPPROTO_IP, IP_MINTTL, 434 &val, sizeof(val)) == -1) 435 goto bad; 436 } 437 438 /* 439 * TCP options 440 */ 441 if (srv_conf->tcpflags & (TCPFLAG_NODELAY|TCPFLAG_NNODELAY)) { 442 if (srv_conf->tcpflags & TCPFLAG_NNODELAY) 443 val = 0; 444 else 445 val = 1; 446 if (setsockopt(s, IPPROTO_TCP, TCP_NODELAY, 447 &val, sizeof(val)) == -1) 448 goto bad; 449 } 450 if (srv_conf->tcpflags & (TCPFLAG_SACK|TCPFLAG_NSACK)) { 451 if (srv_conf->tcpflags & TCPFLAG_NSACK) 452 val = 0; 453 else 454 val = 1; 455 if (setsockopt(s, IPPROTO_TCP, TCP_SACK_ENABLE, 456 &val, sizeof(val)) == -1) 457 goto bad; 458 } 459 460 return (s); 461 462 bad: 463 if (s != -1) 464 close(s); 465 return (-1); 466} 467 468int 469server_socket_listen(struct sockaddr_storage *ss, in_port_t port, 470 struct server_config *srv_conf) 471{ 472 int s; 473 474 if ((s = server_socket(ss, port, srv_conf, -1, 1)) == -1) 475 return (-1); 476 477 if (bind(s, (struct sockaddr *)ss, ss->ss_len) == -1) 478 goto bad; 479 if (listen(s, srv_conf->tcpbacklog) == -1) 480 goto bad; 481 482 return (s); 483 484 bad: 485 close(s); 486 return (-1); 487} 488 489int 490server_socket_connect(struct sockaddr_storage *ss, in_port_t port, 491 struct server_config *srv_conf) 492{ 493 int s; 494 495 if ((s = server_socket(ss, port, srv_conf, -1, 0)) == -1) 496 return (-1); 497 498 if (connect(s, (struct sockaddr *)ss, ss->ss_len) == -1) { 499 if (errno != EINPROGRESS) 500 goto bad; 501 } 502 503 return (s); 504 505 bad: 506 close(s); 507 return (-1); 508} 509 510void 511server_ssl_readcb(int fd, short event, void *arg) 512{ 513 struct bufferevent *bufev = arg; 514 struct client *clt = bufev->cbarg; 515 char rbuf[IBUF_READ_SIZE]; 516 int what = EVBUFFER_READ; 517 int howmuch = IBUF_READ_SIZE; 518 int ret; 519 size_t len; 520 521 if (event == EV_TIMEOUT) { 522 what |= EVBUFFER_TIMEOUT; 523 goto err; 524 } 525 526 if (bufev->wm_read.high != 0) 527 howmuch = MIN(sizeof(rbuf), bufev->wm_read.high); 528 529 ret = ressl_read(clt->clt_ressl_ctx, rbuf, howmuch, &len); 530 if (ret == RESSL_READ_AGAIN || ret == RESSL_WRITE_AGAIN) { 531 goto retry; 532 } else if (ret != 0) { 533 what |= EVBUFFER_ERROR; 534 goto err; 535 } 536 537 if (evbuffer_add(bufev->input, rbuf, len) == -1) { 538 what |= EVBUFFER_ERROR; 539 goto err; 540 } 541 542 server_bufferevent_add(&bufev->ev_read, bufev->timeout_read); 543 544 len = EVBUFFER_LENGTH(bufev->input); 545 if (bufev->wm_read.low != 0 && len < bufev->wm_read.low) 546 return; 547 if (bufev->wm_read.high != 0 && len > bufev->wm_read.high) { 548 struct evbuffer *buf = bufev->input; 549 event_del(&bufev->ev_read); 550 evbuffer_setcb(buf, bufferevent_read_pressure_cb, bufev); 551 return; 552 } 553 554 if (bufev->readcb != NULL) 555 (*bufev->readcb)(bufev, bufev->cbarg); 556 return; 557 558retry: 559 server_bufferevent_add(&bufev->ev_read, bufev->timeout_read); 560 return; 561 562err: 563 (*bufev->errorcb)(bufev, what, bufev->cbarg); 564} 565 566void 567server_ssl_writecb(int fd, short event, void *arg) 568{ 569 struct bufferevent *bufev = arg; 570 struct client *clt = bufev->cbarg; 571 int ret; 572 short what = EVBUFFER_WRITE; 573 size_t len; 574 575 if (event == EV_TIMEOUT) { 576 what |= EVBUFFER_TIMEOUT; 577 goto err; 578 } 579 580 if (EVBUFFER_LENGTH(bufev->output)) { 581 if (clt->clt_buf == NULL) { 582 clt->clt_buflen = EVBUFFER_LENGTH(bufev->output); 583 if ((clt->clt_buf = malloc(clt->clt_buflen)) == NULL) { 584 what |= EVBUFFER_ERROR; 585 goto err; 586 } 587 bcopy(EVBUFFER_DATA(bufev->output), 588 clt->clt_buf, clt->clt_buflen); 589 } 590 ret = ressl_write(clt->clt_ressl_ctx, clt->clt_buf, 591 clt->clt_buflen, &len); 592 if (ret == RESSL_READ_AGAIN || ret == RESSL_WRITE_AGAIN) { 593 goto retry; 594 } else if (ret != 0) { 595 what |= EVBUFFER_ERROR; 596 goto err; 597 } 598 evbuffer_drain(bufev->output, len); 599 } 600 if (clt->clt_buf != NULL) { 601 free(clt->clt_buf); 602 clt->clt_buf = NULL; 603 clt->clt_buflen = 0; 604 } 605 606 if (EVBUFFER_LENGTH(bufev->output) != 0) 607 server_bufferevent_add(&bufev->ev_write, bufev->timeout_write); 608 609 if (bufev->writecb != NULL && 610 EVBUFFER_LENGTH(bufev->output) <= bufev->wm_write.low) 611 (*bufev->writecb)(bufev, bufev->cbarg); 612 return; 613 614retry: 615 if (clt->clt_buflen != 0) 616 server_bufferevent_add(&bufev->ev_write, bufev->timeout_write); 617 return; 618 619err: 620 if (clt->clt_buf != NULL) { 621 free(clt->clt_buf); 622 clt->clt_buf = NULL; 623 clt->clt_buflen = 0; 624 } 625 (*bufev->errorcb)(bufev, what, bufev->cbarg); 626} 627 628void 629server_input(struct client *clt) 630{ 631 struct server_config *srv_conf = clt->clt_srv_conf; 632 evbuffercb inrd = server_read; 633 evbuffercb inwr = server_write; 634 socklen_t slen; 635 636 if (server_httpdesc_init(clt) == -1) { 637 server_close(clt, "failed to allocate http descriptor"); 638 return; 639 } 640 641 clt->clt_toread = TOREAD_HTTP_HEADER; 642 inrd = server_read_http; 643 644 slen = sizeof(clt->clt_sndbufsiz); 645 if (getsockopt(clt->clt_s, SOL_SOCKET, SO_SNDBUF, 646 &clt->clt_sndbufsiz, &slen) == -1) { 647 server_close(clt, "failed to get send buffer size"); 648 return; 649 } 650 651 /* 652 * Client <-> Server 653 */ 654 clt->clt_bev = bufferevent_new(clt->clt_s, inrd, inwr, 655 server_error, clt); 656 if (clt->clt_bev == NULL) { 657 server_close(clt, "failed to allocate input buffer event"); 658 return; 659 } 660 661 if (srv_conf->flags & SRVFLAG_SSL) { 662 event_set(&clt->clt_bev->ev_read, clt->clt_s, EV_READ, 663 server_ssl_readcb, clt->clt_bev); 664 event_set(&clt->clt_bev->ev_write, clt->clt_s, EV_WRITE, 665 server_ssl_writecb, clt->clt_bev); 666 } 667 668 /* Adjust write watermark to the socket buffer output size */ 669 bufferevent_setwatermark(clt->clt_bev, EV_WRITE, 670 clt->clt_sndbufsiz, 0); 671 672 bufferevent_settimeout(clt->clt_bev, 673 srv_conf->timeout.tv_sec, srv_conf->timeout.tv_sec); 674 bufferevent_enable(clt->clt_bev, EV_READ|EV_WRITE); 675} 676 677void 678server_write(struct bufferevent *bev, void *arg) 679{ 680 struct client *clt = arg; 681 struct evbuffer *dst = EVBUFFER_OUTPUT(bev); 682 683 if (EVBUFFER_LENGTH(dst) == 0 && 684 clt->clt_toread == TOREAD_HTTP_NONE) 685 goto done; 686 687 getmonotime(&clt->clt_tv_last); 688 689 if (clt->clt_done) 690 goto done; 691 692 bufferevent_enable(bev, EV_READ); 693 return; 694 done: 695 (*bev->errorcb)(bev, EVBUFFER_WRITE|EVBUFFER_EOF, bev->cbarg); 696 return; 697} 698 699void 700server_dump(struct client *clt, const void *buf, size_t len) 701{ 702 size_t outlen; 703 704 if (!len) 705 return; 706 707 /* 708 * This function will dump the specified message directly 709 * to the underlying client, without waiting for success 710 * of non-blocking events etc. This is useful to print an 711 * error message before gracefully closing the client. 712 */ 713 if (clt->clt_ressl_ctx != NULL) 714 (void)ressl_write(clt->clt_ressl_ctx, buf, len, &outlen); 715 else 716 (void)write(clt->clt_s, buf, len); 717} 718 719void 720server_read(struct bufferevent *bev, void *arg) 721{ 722 struct client *clt = arg; 723 struct evbuffer *src = EVBUFFER_INPUT(bev); 724 725 getmonotime(&clt->clt_tv_last); 726 727 if (!EVBUFFER_LENGTH(src)) 728 return; 729 if (server_bufferevent_write_buffer(clt, src) == -1) 730 goto fail; 731 if (clt->clt_done) 732 goto done; 733 return; 734 done: 735 (*bev->errorcb)(bev, EVBUFFER_READ|EVBUFFER_EOF, bev->cbarg); 736 return; 737 fail: 738 server_close(clt, strerror(errno)); 739} 740 741void 742server_error(struct bufferevent *bev, short error, void *arg) 743{ 744 struct client *clt = arg; 745 746 if (error & EVBUFFER_TIMEOUT) { 747 server_close(clt, "buffer event timeout"); 748 return; 749 } 750 if (error & EVBUFFER_ERROR && errno == EFBIG) { 751 bufferevent_enable(bev, EV_READ); 752 return; 753 } 754 if (error & (EVBUFFER_READ|EVBUFFER_WRITE|EVBUFFER_EOF)) { 755 bufferevent_disable(bev, EV_READ|EV_WRITE); 756 757 clt->clt_done = 1; 758 server_close(clt, "done"); 759 return; 760 } 761 server_close(clt, "buffer event error"); 762 return; 763} 764 765void 766server_accept(int fd, short event, void *arg) 767{ 768 struct server *srv = arg; 769 struct client *clt = NULL; 770 socklen_t slen; 771 struct sockaddr_storage ss; 772 int s = -1; 773 774 event_add(&srv->srv_ev, NULL); 775 if ((event & EV_TIMEOUT)) 776 return; 777 778 slen = sizeof(ss); 779 if ((s = accept_reserve(fd, (struct sockaddr *)&ss, 780 &slen, FD_RESERVE, &server_inflight)) == -1) { 781 /* 782 * Pause accept if we are out of file descriptors, or 783 * libevent will haunt us here too. 784 */ 785 if (errno == ENFILE || errno == EMFILE) { 786 struct timeval evtpause = { 1, 0 }; 787 788 event_del(&srv->srv_ev); 789 evtimer_add(&srv->srv_evt, &evtpause); 790 log_debug("%s: deferring connections", __func__); 791 } 792 return; 793 } 794 if (server_clients >= SERVER_MAX_CLIENTS) 795 goto err; 796 797 if (fcntl(s, F_SETFL, O_NONBLOCK) == -1) 798 goto err; 799 800 if ((clt = calloc(1, sizeof(*clt))) == NULL) 801 goto err; 802 803 clt->clt_s = s; 804 clt->clt_fd = -1; 805 clt->clt_toread = TOREAD_UNLIMITED; 806 clt->clt_srv = srv; 807 clt->clt_srv_conf = &srv->srv_conf; 808 clt->clt_id = ++server_cltid; 809 clt->clt_srv_id = srv->srv_conf.id; 810 clt->clt_pid = getpid(); 811 clt->clt_inflight = 1; 812 813 /* get local address */ 814 slen = sizeof(clt->clt_srv_ss); 815 if (getsockname(s, (struct sockaddr *)&clt->clt_srv_ss, 816 &slen) == -1) { 817 server_close(clt, "listen address lookup failed"); 818 return; 819 } 820 821 /* get client address */ 822 memcpy(&clt->clt_ss, &ss, sizeof(clt->clt_ss)); 823 824 /* get ports */ 825 switch (ss.ss_family) { 826 case AF_INET: 827 clt->clt_port = ((struct sockaddr_in *)&ss)->sin_port; 828 break; 829 case AF_INET6: 830 clt->clt_port = ((struct sockaddr_in6 *)&ss)->sin6_port; 831 break; 832 } 833 834 getmonotime(&clt->clt_tv_start); 835 memcpy(&clt->clt_tv_last, &clt->clt_tv_start, sizeof(clt->clt_tv_last)); 836 837 server_clients++; 838 SPLAY_INSERT(client_tree, &srv->srv_clients, clt); 839 840 /* Increment the per-relay client counter */ 841 //srv->srv_stats[proc_id].last++; 842 843 /* Pre-allocate output buffer */ 844 clt->clt_output = evbuffer_new(); 845 if (clt->clt_output == NULL) { 846 server_close(clt, "failed to allocate output buffer"); 847 return; 848 } 849 850 /* Pre-allocate log buffer */ 851 clt->clt_log = evbuffer_new(); 852 if (clt->clt_log == NULL) { 853 server_close(clt, "failed to allocate log buffer"); 854 return; 855 } 856 857 if (srv->srv_conf.flags & SRVFLAG_SSL) { 858 event_again(&clt->clt_ev, clt->clt_s, EV_TIMEOUT|EV_READ, 859 server_accept_ssl, &clt->clt_tv_start, 860 &srv->srv_conf.timeout, clt); 861 return; 862 } 863 864 server_input(clt); 865 return; 866 867 err: 868 if (s != -1) { 869 close(s); 870 if (clt != NULL) 871 free(clt); 872 /* 873 * the client struct was not completly set up, but still 874 * counted as an inflight client. account for this. 875 */ 876 server_inflight_dec(clt, __func__); 877 } 878} 879 880void 881server_accept_ssl(int fd, short event, void *arg) 882{ 883 struct client *clt = (struct client *)arg; 884 struct server *srv = (struct server *)clt->clt_srv; 885 int ret; 886 887 if (event == EV_TIMEOUT) { 888 server_close(clt, "SSL accept timeout"); 889 return; 890 } 891 892 if (srv->srv_ressl_ctx == NULL) 893 fatalx("NULL ressl context"); 894 895 ret = ressl_accept_socket(srv->srv_ressl_ctx, &clt->clt_ressl_ctx, 896 clt->clt_s); 897 if (ret == RESSL_READ_AGAIN) { 898 event_again(&clt->clt_ev, clt->clt_s, EV_TIMEOUT|EV_READ, 899 server_accept_ssl, &clt->clt_tv_start, 900 &srv->srv_conf.timeout, clt); 901 } else if (ret == RESSL_WRITE_AGAIN) { 902 event_again(&clt->clt_ev, clt->clt_s, EV_TIMEOUT|EV_WRITE, 903 server_accept_ssl, &clt->clt_tv_start, 904 &srv->srv_conf.timeout, clt); 905 } else if (ret != 0) { 906 log_warnx("%s: SSL accept failed - %s", __func__, 907 ressl_error(srv->srv_ressl_ctx)); 908 return; 909 } 910 911 server_input(clt); 912 return; 913} 914 915void 916server_inflight_dec(struct client *clt, const char *why) 917{ 918 if (clt != NULL) { 919 /* the flight already left inflight mode. */ 920 if (clt->clt_inflight == 0) 921 return; 922 clt->clt_inflight = 0; 923 } 924 925 /* the file was never opened, thus this was an inflight client. */ 926 server_inflight--; 927 DPRINTF("%s: inflight decremented, now %d, %s", 928 __func__, server_inflight, why); 929} 930 931void 932server_sendlog(struct server_config *srv_conf, int cmd, const char *emsg, ...) 933{ 934 va_list ap; 935 char *msg; 936 int ret; 937 struct iovec iov[2]; 938 939 if (srv_conf->flags & SRVFLAG_SYSLOG) { 940 va_start(ap, emsg); 941 if (cmd == IMSG_LOG_ACCESS) 942 vlog(LOG_INFO, emsg, ap); 943 else 944 vlog(LOG_DEBUG, emsg, ap); 945 va_end(ap); 946 return; 947 } 948 949 va_start(ap, emsg); 950 ret = vasprintf(&msg, emsg, ap); 951 va_end(ap); 952 if (ret == -1) { 953 log_warn("%s: vasprintf", __func__); 954 return; 955 } 956 957 iov[0].iov_base = &srv_conf->id; 958 iov[0].iov_len = sizeof(srv_conf->id); 959 iov[1].iov_base = msg; 960 iov[1].iov_len = strlen(msg) + 1; 961 962 proc_composev_imsg(env->sc_ps, PROC_LOGGER, -1, cmd, -1, iov, 2); 963} 964 965void 966server_log(struct client *clt, const char *msg) 967{ 968 char ibuf[MAXHOSTNAMELEN], obuf[MAXHOSTNAMELEN]; 969 struct server_config *srv_conf = clt->clt_srv_conf; 970 char *ptr = NULL; 971 int debug_cmd = -1; 972 extern int verbose; 973 974 switch (srv_conf->logformat) { 975 case LOG_FORMAT_CONNECTION: 976 debug_cmd = IMSG_LOG_ACCESS; 977 break; 978 default: 979 if (verbose > 1) 980 debug_cmd = IMSG_LOG_ERROR; 981 if (EVBUFFER_LENGTH(clt->clt_log)) { 982 while ((ptr = 983 evbuffer_readline(clt->clt_log)) != NULL) { 984 server_sendlog(srv_conf, 985 IMSG_LOG_ACCESS, "%s", ptr); 986 free(ptr); 987 } 988 } 989 break; 990 } 991 992 if (debug_cmd != -1 && msg != NULL) { 993 memset(&ibuf, 0, sizeof(ibuf)); 994 memset(&obuf, 0, sizeof(obuf)); 995 (void)print_host(&clt->clt_ss, ibuf, sizeof(ibuf)); 996 (void)server_http_host(&clt->clt_srv_ss, obuf, sizeof(obuf)); 997 if (EVBUFFER_LENGTH(clt->clt_log) && 998 evbuffer_add_printf(clt->clt_log, "\n") != -1) 999 ptr = evbuffer_readline(clt->clt_log); 1000 server_sendlog(srv_conf, debug_cmd, "server %s, " 1001 "client %d (%d active), %s:%u -> %s, " 1002 "%s%s%s", srv_conf->name, clt->clt_id, server_clients, 1003 ibuf, ntohs(clt->clt_port), obuf, msg, 1004 ptr == NULL ? "" : ",", ptr == NULL ? "" : ptr); 1005 if (ptr != NULL) 1006 free(ptr); 1007 } 1008} 1009 1010void 1011server_close(struct client *clt, const char *msg) 1012{ 1013 struct server *srv = clt->clt_srv; 1014 1015 SPLAY_REMOVE(client_tree, &srv->srv_clients, clt); 1016 1017 /* free the HTTP descriptors incl. headers */ 1018 server_close_http(clt); 1019 1020 event_del(&clt->clt_ev); 1021 if (clt->clt_bev != NULL) 1022 bufferevent_disable(clt->clt_bev, EV_READ|EV_WRITE); 1023 if (clt->clt_srvbev != NULL) 1024 bufferevent_disable(clt->clt_srvbev, EV_READ|EV_WRITE); 1025 1026 server_log(clt, msg); 1027 1028 if (clt->clt_bev != NULL) 1029 bufferevent_free(clt->clt_bev); 1030 if (clt->clt_output != NULL) 1031 evbuffer_free(clt->clt_output); 1032 if (clt->clt_srvevb != NULL) 1033 evbuffer_free(clt->clt_srvevb); 1034 1035 if (clt->clt_srvbev != NULL) 1036 bufferevent_free(clt->clt_srvbev); 1037 if (clt->clt_fd != -1) 1038 close(clt->clt_fd); 1039 if (clt->clt_s != -1) 1040 close(clt->clt_s); 1041 1042 if (clt->clt_ressl_ctx != NULL) 1043 ressl_close(clt->clt_ressl_ctx); 1044 ressl_free(clt->clt_ressl_ctx); 1045 1046 server_inflight_dec(clt, __func__); 1047 1048 if (clt->clt_log != NULL) 1049 evbuffer_free(clt->clt_log); 1050 1051 free(clt); 1052 server_clients--; 1053} 1054 1055int 1056server_dispatch_parent(int fd, struct privsep_proc *p, struct imsg *imsg) 1057{ 1058 switch (imsg->hdr.type) { 1059 case IMSG_CFG_MEDIA: 1060 config_getmedia(env, imsg); 1061 break; 1062 case IMSG_CFG_SERVER: 1063 config_getserver(env, imsg); 1064 break; 1065 case IMSG_CFG_DONE: 1066 config_getcfg(env, imsg); 1067 break; 1068 case IMSG_CTL_START: 1069 server_launch(); 1070 break; 1071 case IMSG_CTL_RESET: 1072 config_getreset(env, imsg); 1073 break; 1074 default: 1075 return (-1); 1076 } 1077 1078 return (0); 1079} 1080 1081int 1082server_dispatch_logger(int fd, struct privsep_proc *p, struct imsg *imsg) 1083{ 1084 switch (imsg->hdr.type) { 1085 default: 1086 return (-1); 1087 } 1088 1089 return (0); 1090} 1091 1092int 1093server_bufferevent_add(struct event *ev, int timeout) 1094{ 1095 struct timeval tv, *ptv = NULL; 1096 1097 if (timeout) { 1098 timerclear(&tv); 1099 tv.tv_sec = timeout; 1100 ptv = &tv; 1101 } 1102 1103 return (event_add(ev, ptv)); 1104} 1105 1106int 1107server_bufferevent_print(struct client *clt, const char *str) 1108{ 1109 if (clt->clt_bev == NULL) 1110 return (evbuffer_add(clt->clt_output, str, strlen(str))); 1111 return (bufferevent_write(clt->clt_bev, str, strlen(str))); 1112} 1113 1114int 1115server_bufferevent_write_buffer(struct client *clt, struct evbuffer *buf) 1116{ 1117 if (clt->clt_bev == NULL) 1118 return (evbuffer_add_buffer(clt->clt_output, buf)); 1119 return (bufferevent_write_buffer(clt->clt_bev, buf)); 1120} 1121 1122int 1123server_bufferevent_write_chunk(struct client *clt, 1124 struct evbuffer *buf, size_t size) 1125{ 1126 int ret; 1127 ret = server_bufferevent_write(clt, buf->buffer, size); 1128 if (ret != -1) 1129 evbuffer_drain(buf, size); 1130 return (ret); 1131} 1132 1133int 1134server_bufferevent_write(struct client *clt, void *data, size_t size) 1135{ 1136 if (clt->clt_bev == NULL) 1137 return (evbuffer_add(clt->clt_output, data, size)); 1138 return (bufferevent_write(clt->clt_bev, data, size)); 1139} 1140 1141int 1142server_client_cmp(struct client *a, struct client *b) 1143{ 1144 return ((int)a->clt_id - b->clt_id); 1145} 1146 1147SPLAY_GENERATE(client_tree, client, clt_nodes, server_client_cmp); 1148