server.c revision 1.51
1/* $OpenBSD: server.c,v 1.51 2015/01/13 09:21:15 reyk Exp $ */ 2 3/* 4 * Copyright (c) 2006 - 2015 Reyk Floeter <reyk@openbsd.org> 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19#include <sys/types.h> 20#include <sys/queue.h> 21#include <sys/time.h> 22#include <sys/stat.h> 23#include <sys/socket.h> 24#include <sys/un.h> 25#include <sys/uio.h> 26#include <sys/tree.h> 27 28#include <net/if.h> 29#include <netinet/in.h> 30#include <netinet/ip.h> 31#include <netinet/tcp.h> 32 33#include <errno.h> 34#include <fcntl.h> 35#include <stdlib.h> 36#include <string.h> 37#include <syslog.h> 38#include <unistd.h> 39#include <stdio.h> 40#include <err.h> 41#include <pwd.h> 42#include <event.h> 43#include <fnmatch.h> 44#include <tls.h> 45 46#include "httpd.h" 47 48int server_dispatch_parent(int, struct privsep_proc *, 49 struct imsg *); 50int server_dispatch_logger(int, struct privsep_proc *, 51 struct imsg *); 52void server_shutdown(void); 53 54void server_init(struct privsep *, struct privsep_proc *p, void *); 55void server_launch(void); 56int server_socket(struct sockaddr_storage *, in_port_t, 57 struct server_config *, int, int); 58int server_socket_listen(struct sockaddr_storage *, in_port_t, 59 struct server_config *); 60 61int server_tls_init(struct server *); 62void server_tls_readcb(int, short, void *); 63void server_tls_writecb(int, short, void *); 64 65void server_accept(int, short, void *); 66void server_accept_tls(int, short, void *); 67void server_input(struct client *); 68 69extern void bufferevent_read_pressure_cb(struct evbuffer *, size_t, 70 size_t, void *); 71 72volatile int server_clients; 73volatile int server_inflight = 0; 74u_int32_t server_cltid; 75 76static struct httpd *env = NULL; 77int proc_id; 78 79static struct privsep_proc procs[] = { 80 { "parent", PROC_PARENT, server_dispatch_parent }, 81 { "logger", PROC_LOGGER, server_dispatch_logger } 82}; 83 84pid_t 85server(struct privsep *ps, struct privsep_proc *p) 86{ 87 pid_t pid; 88 env = ps->ps_env; 89 pid = proc_run(ps, p, procs, nitems(procs), server_init, NULL); 90 server_http(env); 91 return (pid); 92} 93 94void 95server_shutdown(void) 96{ 97 config_purge(env, CONFIG_ALL); 98 usleep(200); /* XXX server needs to shutdown last */ 99} 100 101int 102server_privinit(struct server *srv) 103{ 104 struct server *s; 105 106 if (srv->srv_conf.flags & SRVFLAG_LOCATION) 107 return (0); 108 109 log_debug("%s: adding server %s", __func__, srv->srv_conf.name); 110 111 /* 112 * There's no need to open a new socket if a server with the 113 * same address already exists. 114 */ 115 TAILQ_FOREACH(s, env->sc_servers, srv_entry) { 116 if (s != srv && s->srv_s != -1 && 117 s->srv_conf.port == srv->srv_conf.port && 118 sockaddr_cmp((struct sockaddr *)&s->srv_conf.ss, 119 (struct sockaddr *)&srv->srv_conf.ss, 120 s->srv_conf.prefixlen) == 0) 121 return (0); 122 } 123 124 /* Open listening socket in the privileged process */ 125 if ((srv->srv_s = server_socket_listen(&srv->srv_conf.ss, 126 srv->srv_conf.port, &srv->srv_conf)) == -1) 127 return (-1); 128 129 return (0); 130} 131 132static char * 133server_load_file(const char *filename, off_t *len) 134{ 135 struct stat st; 136 off_t size; 137 char *buf = NULL; 138 int fd; 139 140 if ((fd = open(filename, O_RDONLY)) == -1) 141 return (NULL); 142 if (fstat(fd, &st) != 0) 143 goto fail; 144 size = st.st_size; 145 if ((buf = calloc(1, size + 1)) == NULL) 146 goto fail; 147 if (read(fd, buf, size) != size) 148 goto fail; 149 150 close(fd); 151 152 *len = size; 153 return (buf); 154 155 fail: 156 free(buf); 157 close(fd); 158 159 return (NULL); 160} 161 162int 163server_tls_load_keypair(struct server *srv) 164{ 165 if ((srv->srv_conf.flags & SRVFLAG_TLS) == 0) 166 return (0); 167 168 if ((srv->srv_conf.tls_cert = server_load_file( 169 srv->srv_conf.tls_cert_file, &srv->srv_conf.tls_cert_len)) == NULL) 170 return (-1); 171 log_debug("%s: using certificate %s", __func__, 172 srv->srv_conf.tls_cert_file); 173 174 if ((srv->srv_conf.tls_key = server_load_file( 175 srv->srv_conf.tls_key_file, &srv->srv_conf.tls_key_len)) == NULL) 176 return (-1); 177 log_debug("%s: using private key %s", __func__, 178 srv->srv_conf.tls_key_file); 179 180 return (0); 181} 182 183int 184server_tls_init(struct server *srv) 185{ 186 if ((srv->srv_conf.flags & SRVFLAG_TLS) == 0) 187 return (0); 188 189 log_debug("%s: setting up TLS for %s", __func__, srv->srv_conf.name); 190 191 if (tls_init() != 0) { 192 log_warn("%s: failed to initialise tls", __func__); 193 return (-1); 194 } 195 if ((srv->srv_tls_config = tls_config_new()) == NULL) { 196 log_warn("%s: failed to get tls config", __func__); 197 return (-1); 198 } 199 if ((srv->srv_tls_ctx = tls_server()) == NULL) { 200 log_warn("%s: failed to get tls server", __func__); 201 return (-1); 202 } 203 204 if (tls_config_set_ciphers(srv->srv_tls_config, 205 srv->srv_conf.tls_ciphers) != 0) { 206 log_warn("%s: failed to set tls ciphers", __func__); 207 return (-1); 208 } 209 if (tls_config_set_cert_mem(srv->srv_tls_config, 210 srv->srv_conf.tls_cert, srv->srv_conf.tls_cert_len) != 0) { 211 log_warn("%s: failed to set tls cert", __func__); 212 return (-1); 213 } 214 if (tls_config_set_key_mem(srv->srv_tls_config, 215 srv->srv_conf.tls_key, srv->srv_conf.tls_key_len) != 0) { 216 log_warn("%s: failed to set tls key", __func__); 217 return (-1); 218 } 219 220 if (tls_configure(srv->srv_tls_ctx, srv->srv_tls_config) != 0) { 221 log_warn("%s: failed to configure TLS - %s", __func__, 222 tls_error(srv->srv_tls_ctx)); 223 return (-1); 224 } 225 226 /* We're now done with the public/private key... */ 227 tls_config_clear_keys(srv->srv_tls_config); 228 explicit_bzero(srv->srv_conf.tls_cert, srv->srv_conf.tls_cert_len); 229 explicit_bzero(srv->srv_conf.tls_key, srv->srv_conf.tls_key_len); 230 free(srv->srv_conf.tls_cert); 231 free(srv->srv_conf.tls_key); 232 srv->srv_conf.tls_cert = NULL; 233 srv->srv_conf.tls_key = NULL; 234 srv->srv_conf.tls_cert_len = 0; 235 srv->srv_conf.tls_key_len = 0; 236 237 return (0); 238} 239 240void 241server_init(struct privsep *ps, struct privsep_proc *p, void *arg) 242{ 243 server_http(ps->ps_env); 244 245 if (config_init(ps->ps_env) == -1) 246 fatal("failed to initialize configuration"); 247 248 /* Set to current prefork id */ 249 proc_id = p->p_instance; 250 251 /* We use a custom shutdown callback */ 252 p->p_shutdown = server_shutdown; 253 254 /* Unlimited file descriptors (use system limits) */ 255 socket_rlimit(-1); 256 257#if 0 258 /* Schedule statistics timer */ 259 evtimer_set(&env->sc_statev, server_statistics, NULL); 260 memcpy(&tv, &env->sc_statinterval, sizeof(tv)); 261 evtimer_add(&env->sc_statev, &tv); 262#endif 263} 264 265void 266server_launch(void) 267{ 268 struct server *srv; 269 270 TAILQ_FOREACH(srv, env->sc_servers, srv_entry) { 271 server_tls_init(srv); 272 server_http_init(srv); 273 274 log_debug("%s: running server %s", __func__, 275 srv->srv_conf.name); 276 277 event_set(&srv->srv_ev, srv->srv_s, EV_READ, 278 server_accept, srv); 279 event_add(&srv->srv_ev, NULL); 280 evtimer_set(&srv->srv_evt, server_accept, srv); 281 } 282} 283 284void 285server_purge(struct server *srv) 286{ 287 struct client *clt; 288 struct server_config *srv_conf; 289 290 /* shutdown and remove server */ 291 if (event_initialized(&srv->srv_ev)) 292 event_del(&srv->srv_ev); 293 if (evtimer_initialized(&srv->srv_evt)) 294 evtimer_del(&srv->srv_evt); 295 296 if (srv->srv_s != -1) 297 close(srv->srv_s); 298 TAILQ_REMOVE(env->sc_servers, srv, srv_entry); 299 300 /* cleanup sessions */ 301 while ((clt = 302 SPLAY_ROOT(&srv->srv_clients)) != NULL) 303 server_close(clt, NULL); 304 305 /* cleanup hosts */ 306 while ((srv_conf = 307 TAILQ_FIRST(&srv->srv_hosts)) != NULL) { 308 TAILQ_REMOVE(&srv->srv_hosts, srv_conf, entry); 309 310 /* It might point to our own "default" entry */ 311 if (srv_conf != &srv->srv_conf) { 312 serverconfig_free(srv_conf); 313 free(srv_conf); 314 } 315 } 316 317 tls_config_free(srv->srv_tls_config); 318 tls_free(srv->srv_tls_ctx); 319 320 free(srv); 321} 322 323void 324serverconfig_free(struct server_config *srv_conf) 325{ 326 free(srv_conf->tls_cert_file); 327 free(srv_conf->tls_cert); 328 free(srv_conf->tls_key_file); 329 free(srv_conf->tls_key); 330} 331 332void 333serverconfig_reset(struct server_config *srv_conf) 334{ 335 srv_conf->tls_cert_file = srv_conf->tls_cert = 336 srv_conf->tls_key_file = srv_conf->tls_key = NULL; 337} 338 339struct server * 340server_byaddr(struct sockaddr *addr, in_port_t port) 341{ 342 struct server *srv; 343 344 TAILQ_FOREACH(srv, env->sc_servers, srv_entry) { 345 if (port == srv->srv_conf.port && 346 sockaddr_cmp((struct sockaddr *)&srv->srv_conf.ss, 347 addr, srv->srv_conf.prefixlen) == 0) 348 return (srv); 349 } 350 351 return (NULL); 352} 353 354struct server_config * 355serverconfig_byid(u_int32_t id) 356{ 357 struct server *srv; 358 struct server_config *srv_conf; 359 360 TAILQ_FOREACH(srv, env->sc_servers, srv_entry) { 361 if (srv->srv_conf.id == id) 362 return (&srv->srv_conf); 363 TAILQ_FOREACH(srv_conf, &srv->srv_hosts, entry) { 364 if (srv_conf->id == id) 365 return (srv_conf); 366 } 367 } 368 369 return (NULL); 370} 371 372int 373server_foreach(int (*srv_cb)(struct server *, 374 struct server_config *, void *), void *arg) 375{ 376 struct server *srv; 377 struct server_config *srv_conf; 378 379 TAILQ_FOREACH(srv, env->sc_servers, srv_entry) { 380 if ((srv_cb)(srv, &srv->srv_conf, arg) == -1) 381 return (-1); 382 TAILQ_FOREACH(srv_conf, &srv->srv_hosts, entry) { 383 if ((srv_cb)(srv, srv_conf, arg) == -1) 384 return (-1); 385 } 386 } 387 388 return (0); 389} 390 391int 392server_socket_af(struct sockaddr_storage *ss, in_port_t port) 393{ 394 switch (ss->ss_family) { 395 case AF_INET: 396 ((struct sockaddr_in *)ss)->sin_port = port; 397 ((struct sockaddr_in *)ss)->sin_len = 398 sizeof(struct sockaddr_in); 399 break; 400 case AF_INET6: 401 ((struct sockaddr_in6 *)ss)->sin6_port = port; 402 ((struct sockaddr_in6 *)ss)->sin6_len = 403 sizeof(struct sockaddr_in6); 404 break; 405 default: 406 return (-1); 407 } 408 409 return (0); 410} 411 412in_port_t 413server_socket_getport(struct sockaddr_storage *ss) 414{ 415 switch (ss->ss_family) { 416 case AF_INET: 417 return (((struct sockaddr_in *)ss)->sin_port); 418 case AF_INET6: 419 return (((struct sockaddr_in6 *)ss)->sin6_port); 420 default: 421 return (0); 422 } 423 424 /* NOTREACHED */ 425 return (0); 426} 427 428int 429server_socket(struct sockaddr_storage *ss, in_port_t port, 430 struct server_config *srv_conf, int fd, int reuseport) 431{ 432 struct linger lng; 433 int s = -1, val; 434 435 if (server_socket_af(ss, port) == -1) 436 goto bad; 437 438 s = fd == -1 ? socket(ss->ss_family, SOCK_STREAM, IPPROTO_TCP) : fd; 439 if (s == -1) 440 goto bad; 441 442 /* 443 * Socket options 444 */ 445 memset(&lng, 0, sizeof(lng)); 446 if (setsockopt(s, SOL_SOCKET, SO_LINGER, &lng, sizeof(lng)) == -1) 447 goto bad; 448 if (reuseport) { 449 val = 1; 450 if (setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &val, 451 sizeof(int)) == -1) 452 goto bad; 453 } 454 if (fcntl(s, F_SETFL, O_NONBLOCK) == -1) 455 goto bad; 456 if (srv_conf->tcpflags & TCPFLAG_BUFSIZ) { 457 val = srv_conf->tcpbufsiz; 458 if (setsockopt(s, SOL_SOCKET, SO_RCVBUF, 459 &val, sizeof(val)) == -1) 460 goto bad; 461 val = srv_conf->tcpbufsiz; 462 if (setsockopt(s, SOL_SOCKET, SO_SNDBUF, 463 &val, sizeof(val)) == -1) 464 goto bad; 465 } 466 467 /* 468 * IP options 469 */ 470 if (srv_conf->tcpflags & TCPFLAG_IPTTL) { 471 val = (int)srv_conf->tcpipttl; 472 if (setsockopt(s, IPPROTO_IP, IP_TTL, 473 &val, sizeof(val)) == -1) 474 goto bad; 475 } 476 if (srv_conf->tcpflags & TCPFLAG_IPMINTTL) { 477 val = (int)srv_conf->tcpipminttl; 478 if (setsockopt(s, IPPROTO_IP, IP_MINTTL, 479 &val, sizeof(val)) == -1) 480 goto bad; 481 } 482 483 /* 484 * TCP options 485 */ 486 if (srv_conf->tcpflags & (TCPFLAG_NODELAY|TCPFLAG_NNODELAY)) { 487 if (srv_conf->tcpflags & TCPFLAG_NNODELAY) 488 val = 0; 489 else 490 val = 1; 491 if (setsockopt(s, IPPROTO_TCP, TCP_NODELAY, 492 &val, sizeof(val)) == -1) 493 goto bad; 494 } 495 if (srv_conf->tcpflags & (TCPFLAG_SACK|TCPFLAG_NSACK)) { 496 if (srv_conf->tcpflags & TCPFLAG_NSACK) 497 val = 0; 498 else 499 val = 1; 500 if (setsockopt(s, IPPROTO_TCP, TCP_SACK_ENABLE, 501 &val, sizeof(val)) == -1) 502 goto bad; 503 } 504 505 return (s); 506 507 bad: 508 if (s != -1) 509 close(s); 510 return (-1); 511} 512 513int 514server_socket_listen(struct sockaddr_storage *ss, in_port_t port, 515 struct server_config *srv_conf) 516{ 517 int s; 518 519 if ((s = server_socket(ss, port, srv_conf, -1, 1)) == -1) 520 return (-1); 521 522 if (bind(s, (struct sockaddr *)ss, ss->ss_len) == -1) 523 goto bad; 524 if (listen(s, srv_conf->tcpbacklog) == -1) 525 goto bad; 526 527 return (s); 528 529 bad: 530 close(s); 531 return (-1); 532} 533 534int 535server_socket_connect(struct sockaddr_storage *ss, in_port_t port, 536 struct server_config *srv_conf) 537{ 538 int s; 539 540 if ((s = server_socket(ss, port, srv_conf, -1, 0)) == -1) 541 return (-1); 542 543 if (connect(s, (struct sockaddr *)ss, ss->ss_len) == -1) { 544 if (errno != EINPROGRESS) 545 goto bad; 546 } 547 548 return (s); 549 550 bad: 551 close(s); 552 return (-1); 553} 554 555void 556server_tls_readcb(int fd, short event, void *arg) 557{ 558 struct bufferevent *bufev = arg; 559 struct client *clt = bufev->cbarg; 560 char rbuf[IBUF_READ_SIZE]; 561 int what = EVBUFFER_READ; 562 int howmuch = IBUF_READ_SIZE; 563 int ret; 564 size_t len; 565 566 if (event == EV_TIMEOUT) { 567 what |= EVBUFFER_TIMEOUT; 568 goto err; 569 } 570 571 if (bufev->wm_read.high != 0) 572 howmuch = MIN(sizeof(rbuf), bufev->wm_read.high); 573 574 ret = tls_read(clt->clt_tls_ctx, rbuf, howmuch, &len); 575 if (ret == TLS_READ_AGAIN || ret == TLS_WRITE_AGAIN) { 576 goto retry; 577 } else if (ret != 0) { 578 what |= EVBUFFER_ERROR; 579 goto err; 580 } 581 582 if (evbuffer_add(bufev->input, rbuf, len) == -1) { 583 what |= EVBUFFER_ERROR; 584 goto err; 585 } 586 587 server_bufferevent_add(&bufev->ev_read, bufev->timeout_read); 588 589 len = EVBUFFER_LENGTH(bufev->input); 590 if (bufev->wm_read.low != 0 && len < bufev->wm_read.low) 591 return; 592 if (bufev->wm_read.high != 0 && len > bufev->wm_read.high) { 593 struct evbuffer *buf = bufev->input; 594 event_del(&bufev->ev_read); 595 evbuffer_setcb(buf, bufferevent_read_pressure_cb, bufev); 596 return; 597 } 598 599 if (bufev->readcb != NULL) 600 (*bufev->readcb)(bufev, bufev->cbarg); 601 return; 602 603 retry: 604 server_bufferevent_add(&bufev->ev_read, bufev->timeout_read); 605 return; 606 607 err: 608 (*bufev->errorcb)(bufev, what, bufev->cbarg); 609} 610 611void 612server_tls_writecb(int fd, short event, void *arg) 613{ 614 struct bufferevent *bufev = arg; 615 struct client *clt = bufev->cbarg; 616 int ret; 617 short what = EVBUFFER_WRITE; 618 size_t len; 619 620 if (event == EV_TIMEOUT) { 621 what |= EVBUFFER_TIMEOUT; 622 goto err; 623 } 624 625 if (EVBUFFER_LENGTH(bufev->output)) { 626 if (clt->clt_buf == NULL) { 627 clt->clt_buflen = EVBUFFER_LENGTH(bufev->output); 628 if ((clt->clt_buf = malloc(clt->clt_buflen)) == NULL) { 629 what |= EVBUFFER_ERROR; 630 goto err; 631 } 632 bcopy(EVBUFFER_DATA(bufev->output), 633 clt->clt_buf, clt->clt_buflen); 634 } 635 ret = tls_write(clt->clt_tls_ctx, clt->clt_buf, 636 clt->clt_buflen, &len); 637 if (ret == TLS_READ_AGAIN || ret == TLS_WRITE_AGAIN) { 638 goto retry; 639 } else if (ret != 0) { 640 what |= EVBUFFER_ERROR; 641 goto err; 642 } 643 evbuffer_drain(bufev->output, len); 644 } 645 if (clt->clt_buf != NULL) { 646 free(clt->clt_buf); 647 clt->clt_buf = NULL; 648 clt->clt_buflen = 0; 649 } 650 651 if (EVBUFFER_LENGTH(bufev->output) != 0) 652 server_bufferevent_add(&bufev->ev_write, bufev->timeout_write); 653 654 if (bufev->writecb != NULL && 655 EVBUFFER_LENGTH(bufev->output) <= bufev->wm_write.low) 656 (*bufev->writecb)(bufev, bufev->cbarg); 657 return; 658 659 retry: 660 if (clt->clt_buflen != 0) 661 server_bufferevent_add(&bufev->ev_write, bufev->timeout_write); 662 return; 663 664 err: 665 if (clt->clt_buf != NULL) { 666 free(clt->clt_buf); 667 clt->clt_buf = NULL; 668 clt->clt_buflen = 0; 669 } 670 (*bufev->errorcb)(bufev, what, bufev->cbarg); 671} 672 673void 674server_input(struct client *clt) 675{ 676 struct server_config *srv_conf = clt->clt_srv_conf; 677 evbuffercb inrd = server_read; 678 evbuffercb inwr = server_write; 679 socklen_t slen; 680 681 if (server_httpdesc_init(clt) == -1) { 682 server_close(clt, "failed to allocate http descriptor"); 683 return; 684 } 685 686 clt->clt_toread = TOREAD_HTTP_HEADER; 687 inrd = server_read_http; 688 689 slen = sizeof(clt->clt_sndbufsiz); 690 if (getsockopt(clt->clt_s, SOL_SOCKET, SO_SNDBUF, 691 &clt->clt_sndbufsiz, &slen) == -1) { 692 server_close(clt, "failed to get send buffer size"); 693 return; 694 } 695 696 /* 697 * Client <-> Server 698 */ 699 clt->clt_bev = bufferevent_new(clt->clt_s, inrd, inwr, 700 server_error, clt); 701 if (clt->clt_bev == NULL) { 702 server_close(clt, "failed to allocate input buffer event"); 703 return; 704 } 705 706 if (srv_conf->flags & SRVFLAG_TLS) { 707 event_set(&clt->clt_bev->ev_read, clt->clt_s, EV_READ, 708 server_tls_readcb, clt->clt_bev); 709 event_set(&clt->clt_bev->ev_write, clt->clt_s, EV_WRITE, 710 server_tls_writecb, clt->clt_bev); 711 } 712 713 /* Adjust write watermark to the socket buffer output size */ 714 bufferevent_setwatermark(clt->clt_bev, EV_WRITE, 715 clt->clt_sndbufsiz, 0); 716 /* Read at most amount of data that fits in one fcgi record. */ 717 bufferevent_setwatermark(clt->clt_bev, EV_READ, 0, FCGI_CONTENT_SIZE); 718 719 bufferevent_settimeout(clt->clt_bev, 720 srv_conf->timeout.tv_sec, srv_conf->timeout.tv_sec); 721 bufferevent_enable(clt->clt_bev, EV_READ|EV_WRITE); 722} 723 724void 725server_write(struct bufferevent *bev, void *arg) 726{ 727 struct client *clt = arg; 728 struct evbuffer *dst = EVBUFFER_OUTPUT(bev); 729 730 if (EVBUFFER_LENGTH(dst) == 0 && 731 clt->clt_toread == TOREAD_HTTP_NONE) 732 goto done; 733 734 getmonotime(&clt->clt_tv_last); 735 736 if (clt->clt_done) 737 goto done; 738 739 bufferevent_enable(bev, EV_READ); 740 return; 741 done: 742 (*bev->errorcb)(bev, EVBUFFER_WRITE|EVBUFFER_EOF, bev->cbarg); 743 return; 744} 745 746void 747server_dump(struct client *clt, const void *buf, size_t len) 748{ 749 size_t outlen; 750 751 if (!len) 752 return; 753 754 /* 755 * This function will dump the specified message directly 756 * to the underlying client, without waiting for success 757 * of non-blocking events etc. This is useful to print an 758 * error message before gracefully closing the client. 759 */ 760 if (clt->clt_tls_ctx != NULL) 761 (void)tls_write(clt->clt_tls_ctx, buf, len, &outlen); 762 else 763 (void)write(clt->clt_s, buf, len); 764} 765 766void 767server_read(struct bufferevent *bev, void *arg) 768{ 769 struct client *clt = arg; 770 struct evbuffer *src = EVBUFFER_INPUT(bev); 771 772 getmonotime(&clt->clt_tv_last); 773 774 if (!EVBUFFER_LENGTH(src)) 775 return; 776 if (server_bufferevent_write_buffer(clt, src) == -1) 777 goto fail; 778 if (clt->clt_done) 779 goto done; 780 return; 781 done: 782 (*bev->errorcb)(bev, EVBUFFER_READ|EVBUFFER_EOF, bev->cbarg); 783 return; 784 fail: 785 server_close(clt, strerror(errno)); 786} 787 788void 789server_error(struct bufferevent *bev, short error, void *arg) 790{ 791 struct client *clt = arg; 792 struct evbuffer *dst; 793 794 if (error & EVBUFFER_TIMEOUT) { 795 server_close(clt, "buffer event timeout"); 796 return; 797 } 798 if (error & EVBUFFER_ERROR) { 799 if (errno == EFBIG) { 800 bufferevent_enable(bev, EV_READ); 801 return; 802 } 803 server_close(clt, "buffer event error"); 804 return; 805 } 806 if (error & (EVBUFFER_READ|EVBUFFER_WRITE|EVBUFFER_EOF)) { 807 bufferevent_disable(bev, EV_READ|EV_WRITE); 808 809 clt->clt_done = 1; 810 811 dst = EVBUFFER_OUTPUT(clt->clt_bev); 812 if (EVBUFFER_LENGTH(dst)) { 813 /* Finish writing all data first */ 814 bufferevent_enable(clt->clt_bev, EV_WRITE); 815 return; 816 } 817 818 server_close(clt, "done"); 819 return; 820 } 821 server_close(clt, "unknown event error"); 822 return; 823} 824 825void 826server_accept(int fd, short event, void *arg) 827{ 828 struct server *srv = arg; 829 struct client *clt = NULL; 830 socklen_t slen; 831 struct sockaddr_storage ss; 832 int s = -1; 833 834 event_add(&srv->srv_ev, NULL); 835 if ((event & EV_TIMEOUT)) 836 return; 837 838 slen = sizeof(ss); 839 if ((s = accept_reserve(fd, (struct sockaddr *)&ss, 840 &slen, FD_RESERVE, &server_inflight)) == -1) { 841 /* 842 * Pause accept if we are out of file descriptors, or 843 * libevent will haunt us here too. 844 */ 845 if (errno == ENFILE || errno == EMFILE) { 846 struct timeval evtpause = { 1, 0 }; 847 848 event_del(&srv->srv_ev); 849 evtimer_add(&srv->srv_evt, &evtpause); 850 log_debug("%s: deferring connections", __func__); 851 } 852 return; 853 } 854 if (server_clients >= SERVER_MAX_CLIENTS) 855 goto err; 856 857 if (fcntl(s, F_SETFL, O_NONBLOCK) == -1) 858 goto err; 859 860 if ((clt = calloc(1, sizeof(*clt))) == NULL) 861 goto err; 862 863 clt->clt_s = s; 864 clt->clt_fd = -1; 865 clt->clt_toread = TOREAD_UNLIMITED; 866 clt->clt_srv = srv; 867 clt->clt_srv_conf = &srv->srv_conf; 868 clt->clt_id = ++server_cltid; 869 clt->clt_srv_id = srv->srv_conf.id; 870 clt->clt_pid = getpid(); 871 clt->clt_inflight = 1; 872 873 /* get local address */ 874 slen = sizeof(clt->clt_srv_ss); 875 if (getsockname(s, (struct sockaddr *)&clt->clt_srv_ss, 876 &slen) == -1) { 877 server_close(clt, "listen address lookup failed"); 878 return; 879 } 880 881 /* get client address */ 882 memcpy(&clt->clt_ss, &ss, sizeof(clt->clt_ss)); 883 884 /* get ports */ 885 switch (ss.ss_family) { 886 case AF_INET: 887 clt->clt_port = ((struct sockaddr_in *)&ss)->sin_port; 888 break; 889 case AF_INET6: 890 clt->clt_port = ((struct sockaddr_in6 *)&ss)->sin6_port; 891 break; 892 } 893 894 getmonotime(&clt->clt_tv_start); 895 memcpy(&clt->clt_tv_last, &clt->clt_tv_start, sizeof(clt->clt_tv_last)); 896 897 server_clients++; 898 SPLAY_INSERT(client_tree, &srv->srv_clients, clt); 899 900 /* Increment the per-relay client counter */ 901 //srv->srv_stats[proc_id].last++; 902 903 /* Pre-allocate output buffer */ 904 clt->clt_output = evbuffer_new(); 905 if (clt->clt_output == NULL) { 906 server_close(clt, "failed to allocate output buffer"); 907 return; 908 } 909 910 /* Pre-allocate log buffer */ 911 clt->clt_log = evbuffer_new(); 912 if (clt->clt_log == NULL) { 913 server_close(clt, "failed to allocate log buffer"); 914 return; 915 } 916 917 if (srv->srv_conf.flags & SRVFLAG_TLS) { 918 event_again(&clt->clt_ev, clt->clt_s, EV_TIMEOUT|EV_READ, 919 server_accept_tls, &clt->clt_tv_start, 920 &srv->srv_conf.timeout, clt); 921 return; 922 } 923 924 server_input(clt); 925 return; 926 927 err: 928 if (s != -1) { 929 close(s); 930 if (clt != NULL) 931 free(clt); 932 /* 933 * the client struct was not completly set up, but still 934 * counted as an inflight client. account for this. 935 */ 936 server_inflight_dec(clt, __func__); 937 } 938} 939 940void 941server_accept_tls(int fd, short event, void *arg) 942{ 943 struct client *clt = (struct client *)arg; 944 struct server *srv = (struct server *)clt->clt_srv; 945 int ret; 946 947 if (event == EV_TIMEOUT) { 948 server_close(clt, "TLS accept timeout"); 949 return; 950 } 951 952 if (srv->srv_tls_ctx == NULL) 953 fatalx("NULL tls context"); 954 955 ret = tls_accept_socket(srv->srv_tls_ctx, &clt->clt_tls_ctx, 956 clt->clt_s); 957 if (ret == TLS_READ_AGAIN) { 958 event_again(&clt->clt_ev, clt->clt_s, EV_TIMEOUT|EV_READ, 959 server_accept_tls, &clt->clt_tv_start, 960 &srv->srv_conf.timeout, clt); 961 } else if (ret == TLS_WRITE_AGAIN) { 962 event_again(&clt->clt_ev, clt->clt_s, EV_TIMEOUT|EV_WRITE, 963 server_accept_tls, &clt->clt_tv_start, 964 &srv->srv_conf.timeout, clt); 965 } else if (ret != 0) { 966 log_warnx("%s: TLS accept failed - %s", __func__, 967 tls_error(srv->srv_tls_ctx)); 968 return; 969 } 970 971 server_input(clt); 972 return; 973} 974 975void 976server_inflight_dec(struct client *clt, const char *why) 977{ 978 if (clt != NULL) { 979 /* the flight already left inflight mode. */ 980 if (clt->clt_inflight == 0) 981 return; 982 clt->clt_inflight = 0; 983 } 984 985 /* the file was never opened, thus this was an inflight client. */ 986 server_inflight--; 987 DPRINTF("%s: inflight decremented, now %d, %s", 988 __func__, server_inflight, why); 989} 990 991void 992server_sendlog(struct server_config *srv_conf, int cmd, const char *emsg, ...) 993{ 994 va_list ap; 995 char *msg; 996 int ret; 997 struct iovec iov[2]; 998 999 if (srv_conf->flags & SRVFLAG_SYSLOG) { 1000 va_start(ap, emsg); 1001 if (cmd == IMSG_LOG_ACCESS) 1002 vlog(LOG_INFO, emsg, ap); 1003 else 1004 vlog(LOG_DEBUG, emsg, ap); 1005 va_end(ap); 1006 return; 1007 } 1008 1009 va_start(ap, emsg); 1010 ret = vasprintf(&msg, emsg, ap); 1011 va_end(ap); 1012 if (ret == -1) { 1013 log_warn("%s: vasprintf", __func__); 1014 return; 1015 } 1016 1017 iov[0].iov_base = &srv_conf->id; 1018 iov[0].iov_len = sizeof(srv_conf->id); 1019 iov[1].iov_base = msg; 1020 iov[1].iov_len = strlen(msg) + 1; 1021 1022 proc_composev_imsg(env->sc_ps, PROC_LOGGER, -1, cmd, -1, iov, 2); 1023} 1024 1025void 1026server_log(struct client *clt, const char *msg) 1027{ 1028 char ibuf[MAXHOSTNAMELEN], obuf[MAXHOSTNAMELEN]; 1029 struct server_config *srv_conf = clt->clt_srv_conf; 1030 char *ptr = NULL; 1031 int debug_cmd = -1; 1032 extern int verbose; 1033 1034 switch (srv_conf->logformat) { 1035 case LOG_FORMAT_CONNECTION: 1036 debug_cmd = IMSG_LOG_ACCESS; 1037 break; 1038 default: 1039 if (verbose > 1) 1040 debug_cmd = IMSG_LOG_ERROR; 1041 if (EVBUFFER_LENGTH(clt->clt_log)) { 1042 while ((ptr = 1043 evbuffer_readline(clt->clt_log)) != NULL) { 1044 server_sendlog(srv_conf, 1045 IMSG_LOG_ACCESS, "%s", ptr); 1046 free(ptr); 1047 } 1048 } 1049 break; 1050 } 1051 1052 if (debug_cmd != -1 && msg != NULL) { 1053 memset(ibuf, 0, sizeof(ibuf)); 1054 memset(obuf, 0, sizeof(obuf)); 1055 (void)print_host(&clt->clt_ss, ibuf, sizeof(ibuf)); 1056 (void)server_http_host(&clt->clt_srv_ss, obuf, sizeof(obuf)); 1057 if (EVBUFFER_LENGTH(clt->clt_log) && 1058 evbuffer_add_printf(clt->clt_log, "\n") != -1) 1059 ptr = evbuffer_readline(clt->clt_log); 1060 server_sendlog(srv_conf, debug_cmd, "server %s, " 1061 "client %d (%d active), %s:%u -> %s, " 1062 "%s%s%s", srv_conf->name, clt->clt_id, server_clients, 1063 ibuf, ntohs(clt->clt_port), obuf, msg, 1064 ptr == NULL ? "" : ",", ptr == NULL ? "" : ptr); 1065 if (ptr != NULL) 1066 free(ptr); 1067 } 1068} 1069 1070void 1071server_close(struct client *clt, const char *msg) 1072{ 1073 struct server *srv = clt->clt_srv; 1074 1075 SPLAY_REMOVE(client_tree, &srv->srv_clients, clt); 1076 1077 /* free the HTTP descriptors incl. headers */ 1078 server_close_http(clt); 1079 1080 event_del(&clt->clt_ev); 1081 if (clt->clt_bev != NULL) 1082 bufferevent_disable(clt->clt_bev, EV_READ|EV_WRITE); 1083 if (clt->clt_srvbev != NULL) 1084 bufferevent_disable(clt->clt_srvbev, EV_READ|EV_WRITE); 1085 1086 server_log(clt, msg); 1087 1088 if (clt->clt_bev != NULL) 1089 bufferevent_free(clt->clt_bev); 1090 if (clt->clt_output != NULL) 1091 evbuffer_free(clt->clt_output); 1092 if (clt->clt_srvevb != NULL) 1093 evbuffer_free(clt->clt_srvevb); 1094 1095 if (clt->clt_srvbev != NULL) 1096 bufferevent_free(clt->clt_srvbev); 1097 if (clt->clt_fd != -1) 1098 close(clt->clt_fd); 1099 if (clt->clt_s != -1) 1100 close(clt->clt_s); 1101 1102 if (clt->clt_tls_ctx != NULL) 1103 tls_close(clt->clt_tls_ctx); 1104 tls_free(clt->clt_tls_ctx); 1105 1106 server_inflight_dec(clt, __func__); 1107 1108 if (clt->clt_log != NULL) 1109 evbuffer_free(clt->clt_log); 1110 1111 free(clt); 1112 server_clients--; 1113} 1114 1115int 1116server_dispatch_parent(int fd, struct privsep_proc *p, struct imsg *imsg) 1117{ 1118 switch (imsg->hdr.type) { 1119 case IMSG_CFG_MEDIA: 1120 config_getmedia(env, imsg); 1121 break; 1122 case IMSG_CFG_SERVER: 1123 config_getserver(env, imsg); 1124 break; 1125 case IMSG_CFG_DONE: 1126 config_getcfg(env, imsg); 1127 break; 1128 case IMSG_CTL_START: 1129 server_launch(); 1130 break; 1131 case IMSG_CTL_RESET: 1132 config_getreset(env, imsg); 1133 break; 1134 default: 1135 return (-1); 1136 } 1137 1138 return (0); 1139} 1140 1141int 1142server_dispatch_logger(int fd, struct privsep_proc *p, struct imsg *imsg) 1143{ 1144 switch (imsg->hdr.type) { 1145 default: 1146 return (-1); 1147 } 1148 1149 return (0); 1150} 1151 1152int 1153server_bufferevent_add(struct event *ev, int timeout) 1154{ 1155 struct timeval tv, *ptv = NULL; 1156 1157 if (timeout) { 1158 timerclear(&tv); 1159 tv.tv_sec = timeout; 1160 ptv = &tv; 1161 } 1162 1163 return (event_add(ev, ptv)); 1164} 1165 1166int 1167server_bufferevent_printf(struct client *clt, const char *fmt, ...) 1168{ 1169 int ret; 1170 va_list ap; 1171 char *str; 1172 1173 va_start(ap, fmt); 1174 ret = vasprintf(&str, fmt, ap); 1175 va_end(ap); 1176 1177 if (ret == -1) 1178 return (ret); 1179 1180 ret = server_bufferevent_print(clt, str); 1181 free(str); 1182 1183 return (ret); 1184} 1185 1186int 1187server_bufferevent_print(struct client *clt, const char *str) 1188{ 1189 if (clt->clt_bev == NULL) 1190 return (evbuffer_add(clt->clt_output, str, strlen(str))); 1191 return (bufferevent_write(clt->clt_bev, str, strlen(str))); 1192} 1193 1194int 1195server_bufferevent_write_buffer(struct client *clt, struct evbuffer *buf) 1196{ 1197 if (clt->clt_bev == NULL) 1198 return (evbuffer_add_buffer(clt->clt_output, buf)); 1199 return (bufferevent_write_buffer(clt->clt_bev, buf)); 1200} 1201 1202int 1203server_bufferevent_write_chunk(struct client *clt, 1204 struct evbuffer *buf, size_t size) 1205{ 1206 int ret; 1207 ret = server_bufferevent_write(clt, buf->buffer, size); 1208 if (ret != -1) 1209 evbuffer_drain(buf, size); 1210 return (ret); 1211} 1212 1213int 1214server_bufferevent_write(struct client *clt, void *data, size_t size) 1215{ 1216 if (clt->clt_bev == NULL) 1217 return (evbuffer_add(clt->clt_output, data, size)); 1218 return (bufferevent_write(clt->clt_bev, data, size)); 1219} 1220 1221int 1222server_client_cmp(struct client *a, struct client *b) 1223{ 1224 return ((int)a->clt_id - b->clt_id); 1225} 1226 1227SPLAY_GENERATE(client_tree, client, clt_nodes, server_client_cmp); 1228