server.c revision 1.59
1/* $OpenBSD: server.c,v 1.59 2015/02/12 04:40:23 jsing Exp $ */ 2 3/* 4 * Copyright (c) 2006 - 2015 Reyk Floeter <reyk@openbsd.org> 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19#include <sys/param.h> /* nitems */ 20#include <sys/types.h> 21#include <sys/queue.h> 22#include <sys/time.h> 23#include <sys/stat.h> 24#include <sys/socket.h> 25#include <sys/uio.h> 26#include <sys/tree.h> 27 28#include <netinet/in.h> 29#include <netinet/tcp.h> 30#include <arpa/inet.h> 31 32#include <stdio.h> 33#include <stdlib.h> 34#include <stdarg.h> 35#include <limits.h> 36#include <errno.h> 37#include <fcntl.h> 38#include <string.h> 39#include <syslog.h> 40#include <unistd.h> 41#include <event.h> 42#include <imsg.h> 43#include <tls.h> 44 45#include "httpd.h" 46 47#define MINIMUM(a, b) (((a) < (b)) ? (a) : (b)) 48 49int server_dispatch_parent(int, struct privsep_proc *, 50 struct imsg *); 51int server_dispatch_logger(int, struct privsep_proc *, 52 struct imsg *); 53void server_shutdown(void); 54 55void server_init(struct privsep *, struct privsep_proc *p, void *); 56void server_launch(void); 57int server_socket(struct sockaddr_storage *, in_port_t, 58 struct server_config *, int, int); 59int server_socket_listen(struct sockaddr_storage *, in_port_t, 60 struct server_config *); 61 62int server_tls_init(struct server *); 63void server_tls_readcb(int, short, void *); 64void server_tls_writecb(int, short, void *); 65 66void server_accept(int, short, void *); 67void server_accept_tls(int, short, void *); 68void server_input(struct client *); 69 70extern void bufferevent_read_pressure_cb(struct evbuffer *, size_t, 71 size_t, void *); 72 73volatile int server_clients; 74volatile int server_inflight = 0; 75u_int32_t server_cltid; 76 77static struct httpd *env = NULL; 78int proc_id; 79 80static struct privsep_proc procs[] = { 81 { "parent", PROC_PARENT, server_dispatch_parent }, 82 { "logger", PROC_LOGGER, server_dispatch_logger } 83}; 84 85pid_t 86server(struct privsep *ps, struct privsep_proc *p) 87{ 88 pid_t pid; 89 env = ps->ps_env; 90 pid = proc_run(ps, p, procs, nitems(procs), server_init, NULL); 91 server_http(env); 92 return (pid); 93} 94 95void 96server_shutdown(void) 97{ 98 config_purge(env, CONFIG_ALL); 99 usleep(200); /* XXX server needs to shutdown last */ 100} 101 102int 103server_privinit(struct server *srv) 104{ 105 struct server *s; 106 107 if (srv->srv_conf.flags & SRVFLAG_LOCATION) 108 return (0); 109 110 log_debug("%s: adding server %s", __func__, srv->srv_conf.name); 111 112 /* 113 * There's no need to open a new socket if a server with the 114 * same address already exists. 115 */ 116 TAILQ_FOREACH(s, env->sc_servers, srv_entry) { 117 if (s != srv && s->srv_s != -1 && 118 s->srv_conf.port == srv->srv_conf.port && 119 sockaddr_cmp((struct sockaddr *)&s->srv_conf.ss, 120 (struct sockaddr *)&srv->srv_conf.ss, 121 s->srv_conf.prefixlen) == 0) 122 return (0); 123 } 124 125 /* Open listening socket in the privileged process */ 126 if ((srv->srv_s = server_socket_listen(&srv->srv_conf.ss, 127 srv->srv_conf.port, &srv->srv_conf)) == -1) 128 return (-1); 129 130 return (0); 131} 132 133int 134server_tls_load_keypair(struct server *srv) 135{ 136 if ((srv->srv_conf.flags & SRVFLAG_TLS) == 0) 137 return (0); 138 139 if ((srv->srv_conf.tls_cert = tls_load_file( 140 srv->srv_conf.tls_cert_file, &srv->srv_conf.tls_cert_len, 141 NULL)) == NULL) 142 return (-1); 143 log_debug("%s: using certificate %s", __func__, 144 srv->srv_conf.tls_cert_file); 145 146 /* XXX allow to specify password for encrypted key */ 147 if ((srv->srv_conf.tls_key = tls_load_file( 148 srv->srv_conf.tls_key_file, &srv->srv_conf.tls_key_len, 149 NULL)) == NULL) 150 return (-1); 151 log_debug("%s: using private key %s", __func__, 152 srv->srv_conf.tls_key_file); 153 154 return (0); 155} 156 157int 158server_tls_init(struct server *srv) 159{ 160 if ((srv->srv_conf.flags & SRVFLAG_TLS) == 0) 161 return (0); 162 163 log_debug("%s: setting up TLS for %s", __func__, srv->srv_conf.name); 164 165 if (tls_init() != 0) { 166 log_warn("%s: failed to initialise tls", __func__); 167 return (-1); 168 } 169 if ((srv->srv_tls_config = tls_config_new()) == NULL) { 170 log_warn("%s: failed to get tls config", __func__); 171 return (-1); 172 } 173 if ((srv->srv_tls_ctx = tls_server()) == NULL) { 174 log_warn("%s: failed to get tls server", __func__); 175 return (-1); 176 } 177 178 tls_config_set_protocols(srv->srv_tls_config, 179 srv->srv_conf.tls_protocols); 180 181 if (tls_config_set_ciphers(srv->srv_tls_config, 182 srv->srv_conf.tls_ciphers) != 0) { 183 log_warn("%s: failed to set tls ciphers", __func__); 184 return (-1); 185 } 186 if (tls_config_set_dheparams(srv->srv_tls_config, 187 srv->srv_conf.tls_dhe_params) != 0) { 188 log_warn("%s: failed to set tls dhe params", __func__); 189 return (-1); 190 } 191 if (tls_config_set_ecdhecurve(srv->srv_tls_config, 192 srv->srv_conf.tls_ecdhe_curve) != 0) { 193 log_warn("%s: failed to set tls ecdhe curve", __func__); 194 return (-1); 195 } 196 197 if (tls_config_set_cert_mem(srv->srv_tls_config, 198 srv->srv_conf.tls_cert, srv->srv_conf.tls_cert_len) != 0) { 199 log_warn("%s: failed to set tls cert", __func__); 200 return (-1); 201 } 202 if (tls_config_set_key_mem(srv->srv_tls_config, 203 srv->srv_conf.tls_key, srv->srv_conf.tls_key_len) != 0) { 204 log_warn("%s: failed to set tls key", __func__); 205 return (-1); 206 } 207 208 if (tls_configure(srv->srv_tls_ctx, srv->srv_tls_config) != 0) { 209 log_warn("%s: failed to configure TLS - %s", __func__, 210 tls_error(srv->srv_tls_ctx)); 211 return (-1); 212 } 213 214 /* We're now done with the public/private key... */ 215 tls_config_clear_keys(srv->srv_tls_config); 216 explicit_bzero(srv->srv_conf.tls_cert, srv->srv_conf.tls_cert_len); 217 explicit_bzero(srv->srv_conf.tls_key, srv->srv_conf.tls_key_len); 218 free(srv->srv_conf.tls_cert); 219 free(srv->srv_conf.tls_key); 220 srv->srv_conf.tls_cert = NULL; 221 srv->srv_conf.tls_key = NULL; 222 srv->srv_conf.tls_cert_len = 0; 223 srv->srv_conf.tls_key_len = 0; 224 225 return (0); 226} 227 228void 229server_init(struct privsep *ps, struct privsep_proc *p, void *arg) 230{ 231 server_http(ps->ps_env); 232 233 if (config_init(ps->ps_env) == -1) 234 fatal("failed to initialize configuration"); 235 236 /* Set to current prefork id */ 237 proc_id = p->p_instance; 238 239 /* We use a custom shutdown callback */ 240 p->p_shutdown = server_shutdown; 241 242 /* Unlimited file descriptors (use system limits) */ 243 socket_rlimit(-1); 244 245#if 0 246 /* Schedule statistics timer */ 247 evtimer_set(&env->sc_statev, server_statistics, NULL); 248 memcpy(&tv, &env->sc_statinterval, sizeof(tv)); 249 evtimer_add(&env->sc_statev, &tv); 250#endif 251} 252 253void 254server_launch(void) 255{ 256 struct server *srv; 257 258 TAILQ_FOREACH(srv, env->sc_servers, srv_entry) { 259 server_tls_init(srv); 260 server_http_init(srv); 261 262 log_debug("%s: running server %s", __func__, 263 srv->srv_conf.name); 264 265 event_set(&srv->srv_ev, srv->srv_s, EV_READ, 266 server_accept, srv); 267 event_add(&srv->srv_ev, NULL); 268 evtimer_set(&srv->srv_evt, server_accept, srv); 269 } 270} 271 272void 273server_purge(struct server *srv) 274{ 275 struct client *clt; 276 struct server_config *srv_conf; 277 278 /* shutdown and remove server */ 279 if (event_initialized(&srv->srv_ev)) 280 event_del(&srv->srv_ev); 281 if (evtimer_initialized(&srv->srv_evt)) 282 evtimer_del(&srv->srv_evt); 283 284 if (srv->srv_s != -1) 285 close(srv->srv_s); 286 TAILQ_REMOVE(env->sc_servers, srv, srv_entry); 287 288 /* cleanup sessions */ 289 while ((clt = 290 SPLAY_ROOT(&srv->srv_clients)) != NULL) 291 server_close(clt, NULL); 292 293 /* cleanup hosts */ 294 while ((srv_conf = 295 TAILQ_FIRST(&srv->srv_hosts)) != NULL) { 296 TAILQ_REMOVE(&srv->srv_hosts, srv_conf, entry); 297 298 /* It might point to our own "default" entry */ 299 if (srv_conf != &srv->srv_conf) { 300 serverconfig_free(srv_conf); 301 free(srv_conf); 302 } 303 } 304 305 tls_config_free(srv->srv_tls_config); 306 tls_free(srv->srv_tls_ctx); 307 308 free(srv); 309} 310 311void 312serverconfig_free(struct server_config *srv_conf) 313{ 314 free(srv_conf->return_uri); 315 free(srv_conf->tls_cert_file); 316 free(srv_conf->tls_cert); 317 free(srv_conf->tls_key_file); 318 free(srv_conf->tls_key); 319} 320 321void 322serverconfig_reset(struct server_config *srv_conf) 323{ 324 srv_conf->tls_cert_file = srv_conf->tls_key_file = NULL; 325 srv_conf->tls_cert = srv_conf->tls_key = NULL; 326 srv_conf->auth = NULL; 327} 328 329struct server * 330server_byaddr(struct sockaddr *addr, in_port_t port) 331{ 332 struct server *srv; 333 334 TAILQ_FOREACH(srv, env->sc_servers, srv_entry) { 335 if (port == srv->srv_conf.port && 336 sockaddr_cmp((struct sockaddr *)&srv->srv_conf.ss, 337 addr, srv->srv_conf.prefixlen) == 0) 338 return (srv); 339 } 340 341 return (NULL); 342} 343 344struct server_config * 345serverconfig_byid(u_int32_t id) 346{ 347 struct server *srv; 348 struct server_config *srv_conf; 349 350 TAILQ_FOREACH(srv, env->sc_servers, srv_entry) { 351 if (srv->srv_conf.id == id) 352 return (&srv->srv_conf); 353 TAILQ_FOREACH(srv_conf, &srv->srv_hosts, entry) { 354 if (srv_conf->id == id) 355 return (srv_conf); 356 } 357 } 358 359 return (NULL); 360} 361 362int 363server_foreach(int (*srv_cb)(struct server *, 364 struct server_config *, void *), void *arg) 365{ 366 struct server *srv; 367 struct server_config *srv_conf; 368 369 TAILQ_FOREACH(srv, env->sc_servers, srv_entry) { 370 if ((srv_cb)(srv, &srv->srv_conf, arg) == -1) 371 return (-1); 372 TAILQ_FOREACH(srv_conf, &srv->srv_hosts, entry) { 373 if ((srv_cb)(srv, srv_conf, arg) == -1) 374 return (-1); 375 } 376 } 377 378 return (0); 379} 380 381int 382server_socket_af(struct sockaddr_storage *ss, in_port_t port) 383{ 384 switch (ss->ss_family) { 385 case AF_INET: 386 ((struct sockaddr_in *)ss)->sin_port = port; 387 ((struct sockaddr_in *)ss)->sin_len = 388 sizeof(struct sockaddr_in); 389 break; 390 case AF_INET6: 391 ((struct sockaddr_in6 *)ss)->sin6_port = port; 392 ((struct sockaddr_in6 *)ss)->sin6_len = 393 sizeof(struct sockaddr_in6); 394 break; 395 default: 396 return (-1); 397 } 398 399 return (0); 400} 401 402in_port_t 403server_socket_getport(struct sockaddr_storage *ss) 404{ 405 switch (ss->ss_family) { 406 case AF_INET: 407 return (((struct sockaddr_in *)ss)->sin_port); 408 case AF_INET6: 409 return (((struct sockaddr_in6 *)ss)->sin6_port); 410 default: 411 return (0); 412 } 413 414 /* NOTREACHED */ 415 return (0); 416} 417 418int 419server_socket(struct sockaddr_storage *ss, in_port_t port, 420 struct server_config *srv_conf, int fd, int reuseport) 421{ 422 struct linger lng; 423 int s = -1, val; 424 425 if (server_socket_af(ss, port) == -1) 426 goto bad; 427 428 s = fd == -1 ? socket(ss->ss_family, SOCK_STREAM, IPPROTO_TCP) : fd; 429 if (s == -1) 430 goto bad; 431 432 /* 433 * Socket options 434 */ 435 memset(&lng, 0, sizeof(lng)); 436 if (setsockopt(s, SOL_SOCKET, SO_LINGER, &lng, sizeof(lng)) == -1) 437 goto bad; 438 if (reuseport) { 439 val = 1; 440 if (setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &val, 441 sizeof(int)) == -1) 442 goto bad; 443 } 444 if (fcntl(s, F_SETFL, O_NONBLOCK) == -1) 445 goto bad; 446 if (srv_conf->tcpflags & TCPFLAG_BUFSIZ) { 447 val = srv_conf->tcpbufsiz; 448 if (setsockopt(s, SOL_SOCKET, SO_RCVBUF, 449 &val, sizeof(val)) == -1) 450 goto bad; 451 val = srv_conf->tcpbufsiz; 452 if (setsockopt(s, SOL_SOCKET, SO_SNDBUF, 453 &val, sizeof(val)) == -1) 454 goto bad; 455 } 456 457 /* 458 * IP options 459 */ 460 if (srv_conf->tcpflags & TCPFLAG_IPTTL) { 461 val = (int)srv_conf->tcpipttl; 462 if (setsockopt(s, IPPROTO_IP, IP_TTL, 463 &val, sizeof(val)) == -1) 464 goto bad; 465 } 466 if (srv_conf->tcpflags & TCPFLAG_IPMINTTL) { 467 val = (int)srv_conf->tcpipminttl; 468 if (setsockopt(s, IPPROTO_IP, IP_MINTTL, 469 &val, sizeof(val)) == -1) 470 goto bad; 471 } 472 473 /* 474 * TCP options 475 */ 476 if (srv_conf->tcpflags & (TCPFLAG_NODELAY|TCPFLAG_NNODELAY)) { 477 if (srv_conf->tcpflags & TCPFLAG_NNODELAY) 478 val = 0; 479 else 480 val = 1; 481 if (setsockopt(s, IPPROTO_TCP, TCP_NODELAY, 482 &val, sizeof(val)) == -1) 483 goto bad; 484 } 485 if (srv_conf->tcpflags & (TCPFLAG_SACK|TCPFLAG_NSACK)) { 486 if (srv_conf->tcpflags & TCPFLAG_NSACK) 487 val = 0; 488 else 489 val = 1; 490 if (setsockopt(s, IPPROTO_TCP, TCP_SACK_ENABLE, 491 &val, sizeof(val)) == -1) 492 goto bad; 493 } 494 495 return (s); 496 497 bad: 498 if (s != -1) 499 close(s); 500 return (-1); 501} 502 503int 504server_socket_listen(struct sockaddr_storage *ss, in_port_t port, 505 struct server_config *srv_conf) 506{ 507 int s; 508 509 if ((s = server_socket(ss, port, srv_conf, -1, 1)) == -1) 510 return (-1); 511 512 if (bind(s, (struct sockaddr *)ss, ss->ss_len) == -1) 513 goto bad; 514 if (listen(s, srv_conf->tcpbacklog) == -1) 515 goto bad; 516 517 return (s); 518 519 bad: 520 close(s); 521 return (-1); 522} 523 524int 525server_socket_connect(struct sockaddr_storage *ss, in_port_t port, 526 struct server_config *srv_conf) 527{ 528 int s; 529 530 if ((s = server_socket(ss, port, srv_conf, -1, 0)) == -1) 531 return (-1); 532 533 if (connect(s, (struct sockaddr *)ss, ss->ss_len) == -1) { 534 if (errno != EINPROGRESS) 535 goto bad; 536 } 537 538 return (s); 539 540 bad: 541 close(s); 542 return (-1); 543} 544 545void 546server_tls_readcb(int fd, short event, void *arg) 547{ 548 struct bufferevent *bufev = arg; 549 struct client *clt = bufev->cbarg; 550 char rbuf[IBUF_READ_SIZE]; 551 int what = EVBUFFER_READ; 552 int howmuch = IBUF_READ_SIZE; 553 int ret; 554 size_t len; 555 556 if (event == EV_TIMEOUT) { 557 what |= EVBUFFER_TIMEOUT; 558 goto err; 559 } 560 561 if (bufev->wm_read.high != 0) 562 howmuch = MINIMUM(sizeof(rbuf), bufev->wm_read.high); 563 564 ret = tls_read(clt->clt_tls_ctx, rbuf, howmuch, &len); 565 if (ret == TLS_READ_AGAIN || ret == TLS_WRITE_AGAIN) { 566 goto retry; 567 } else if (ret != 0) { 568 what |= EVBUFFER_ERROR; 569 goto err; 570 } 571 572 if (evbuffer_add(bufev->input, rbuf, len) == -1) { 573 what |= EVBUFFER_ERROR; 574 goto err; 575 } 576 577 server_bufferevent_add(&bufev->ev_read, bufev->timeout_read); 578 579 len = EVBUFFER_LENGTH(bufev->input); 580 if (bufev->wm_read.low != 0 && len < bufev->wm_read.low) 581 return; 582 if (bufev->wm_read.high != 0 && len > bufev->wm_read.high) { 583 struct evbuffer *buf = bufev->input; 584 event_del(&bufev->ev_read); 585 evbuffer_setcb(buf, bufferevent_read_pressure_cb, bufev); 586 return; 587 } 588 589 if (bufev->readcb != NULL) 590 (*bufev->readcb)(bufev, bufev->cbarg); 591 return; 592 593 retry: 594 server_bufferevent_add(&bufev->ev_read, bufev->timeout_read); 595 return; 596 597 err: 598 (*bufev->errorcb)(bufev, what, bufev->cbarg); 599} 600 601void 602server_tls_writecb(int fd, short event, void *arg) 603{ 604 struct bufferevent *bufev = arg; 605 struct client *clt = bufev->cbarg; 606 int ret; 607 short what = EVBUFFER_WRITE; 608 size_t len; 609 610 if (event == EV_TIMEOUT) { 611 what |= EVBUFFER_TIMEOUT; 612 goto err; 613 } 614 615 if (EVBUFFER_LENGTH(bufev->output)) { 616 if (clt->clt_buf == NULL) { 617 clt->clt_buflen = EVBUFFER_LENGTH(bufev->output); 618 if ((clt->clt_buf = malloc(clt->clt_buflen)) == NULL) { 619 what |= EVBUFFER_ERROR; 620 goto err; 621 } 622 bcopy(EVBUFFER_DATA(bufev->output), 623 clt->clt_buf, clt->clt_buflen); 624 } 625 ret = tls_write(clt->clt_tls_ctx, clt->clt_buf, 626 clt->clt_buflen, &len); 627 if (ret == TLS_READ_AGAIN || ret == TLS_WRITE_AGAIN) { 628 goto retry; 629 } else if (ret != 0) { 630 what |= EVBUFFER_ERROR; 631 goto err; 632 } 633 evbuffer_drain(bufev->output, len); 634 } 635 if (clt->clt_buf != NULL) { 636 free(clt->clt_buf); 637 clt->clt_buf = NULL; 638 clt->clt_buflen = 0; 639 } 640 641 if (EVBUFFER_LENGTH(bufev->output) != 0) 642 server_bufferevent_add(&bufev->ev_write, bufev->timeout_write); 643 644 if (bufev->writecb != NULL && 645 EVBUFFER_LENGTH(bufev->output) <= bufev->wm_write.low) 646 (*bufev->writecb)(bufev, bufev->cbarg); 647 return; 648 649 retry: 650 if (clt->clt_buflen != 0) 651 server_bufferevent_add(&bufev->ev_write, bufev->timeout_write); 652 return; 653 654 err: 655 if (clt->clt_buf != NULL) { 656 free(clt->clt_buf); 657 clt->clt_buf = NULL; 658 clt->clt_buflen = 0; 659 } 660 (*bufev->errorcb)(bufev, what, bufev->cbarg); 661} 662 663void 664server_input(struct client *clt) 665{ 666 struct server_config *srv_conf = clt->clt_srv_conf; 667 evbuffercb inrd = server_read; 668 evbuffercb inwr = server_write; 669 socklen_t slen; 670 671 if (server_httpdesc_init(clt) == -1) { 672 server_close(clt, "failed to allocate http descriptor"); 673 return; 674 } 675 676 clt->clt_toread = TOREAD_HTTP_HEADER; 677 inrd = server_read_http; 678 679 slen = sizeof(clt->clt_sndbufsiz); 680 if (getsockopt(clt->clt_s, SOL_SOCKET, SO_SNDBUF, 681 &clt->clt_sndbufsiz, &slen) == -1) { 682 server_close(clt, "failed to get send buffer size"); 683 return; 684 } 685 686 /* 687 * Client <-> Server 688 */ 689 clt->clt_bev = bufferevent_new(clt->clt_s, inrd, inwr, 690 server_error, clt); 691 if (clt->clt_bev == NULL) { 692 server_close(clt, "failed to allocate input buffer event"); 693 return; 694 } 695 696 if (srv_conf->flags & SRVFLAG_TLS) { 697 event_set(&clt->clt_bev->ev_read, clt->clt_s, EV_READ, 698 server_tls_readcb, clt->clt_bev); 699 event_set(&clt->clt_bev->ev_write, clt->clt_s, EV_WRITE, 700 server_tls_writecb, clt->clt_bev); 701 } 702 703 /* Adjust write watermark to the socket buffer output size */ 704 bufferevent_setwatermark(clt->clt_bev, EV_WRITE, 705 clt->clt_sndbufsiz, 0); 706 /* Read at most amount of data that fits in one fcgi record. */ 707 bufferevent_setwatermark(clt->clt_bev, EV_READ, 0, FCGI_CONTENT_SIZE); 708 709 bufferevent_settimeout(clt->clt_bev, 710 srv_conf->timeout.tv_sec, srv_conf->timeout.tv_sec); 711 bufferevent_enable(clt->clt_bev, EV_READ|EV_WRITE); 712} 713 714void 715server_write(struct bufferevent *bev, void *arg) 716{ 717 struct client *clt = arg; 718 struct evbuffer *dst = EVBUFFER_OUTPUT(bev); 719 720 if (EVBUFFER_LENGTH(dst) == 0 && 721 clt->clt_toread == TOREAD_HTTP_NONE) 722 goto done; 723 724 getmonotime(&clt->clt_tv_last); 725 726 if (clt->clt_done) 727 goto done; 728 729 bufferevent_enable(bev, EV_READ); 730 return; 731 done: 732 (*bev->errorcb)(bev, EVBUFFER_WRITE|EVBUFFER_EOF, bev->cbarg); 733 return; 734} 735 736void 737server_dump(struct client *clt, const void *buf, size_t len) 738{ 739 size_t outlen; 740 741 if (!len) 742 return; 743 744 /* 745 * This function will dump the specified message directly 746 * to the underlying client, without waiting for success 747 * of non-blocking events etc. This is useful to print an 748 * error message before gracefully closing the client. 749 */ 750 if (clt->clt_tls_ctx != NULL) 751 (void)tls_write(clt->clt_tls_ctx, buf, len, &outlen); 752 else 753 (void)write(clt->clt_s, buf, len); 754} 755 756void 757server_read(struct bufferevent *bev, void *arg) 758{ 759 struct client *clt = arg; 760 struct evbuffer *src = EVBUFFER_INPUT(bev); 761 762 getmonotime(&clt->clt_tv_last); 763 764 if (!EVBUFFER_LENGTH(src)) 765 return; 766 if (server_bufferevent_write_buffer(clt, src) == -1) 767 goto fail; 768 if (clt->clt_done) 769 goto done; 770 return; 771 done: 772 (*bev->errorcb)(bev, EVBUFFER_READ|EVBUFFER_EOF, bev->cbarg); 773 return; 774 fail: 775 server_close(clt, strerror(errno)); 776} 777 778void 779server_error(struct bufferevent *bev, short error, void *arg) 780{ 781 struct client *clt = arg; 782 struct evbuffer *dst; 783 784 if (error & EVBUFFER_TIMEOUT) { 785 server_close(clt, "buffer event timeout"); 786 return; 787 } 788 if (error & EVBUFFER_ERROR) { 789 if (errno == EFBIG) { 790 bufferevent_enable(bev, EV_READ); 791 return; 792 } 793 server_close(clt, "buffer event error"); 794 return; 795 } 796 if (error & (EVBUFFER_READ|EVBUFFER_WRITE|EVBUFFER_EOF)) { 797 bufferevent_disable(bev, EV_READ|EV_WRITE); 798 799 clt->clt_done = 1; 800 801 dst = EVBUFFER_OUTPUT(clt->clt_bev); 802 if (EVBUFFER_LENGTH(dst)) { 803 /* Finish writing all data first */ 804 bufferevent_enable(clt->clt_bev, EV_WRITE); 805 return; 806 } 807 808 server_close(clt, "done"); 809 return; 810 } 811 server_close(clt, "unknown event error"); 812 return; 813} 814 815void 816server_accept(int fd, short event, void *arg) 817{ 818 struct server *srv = arg; 819 struct client *clt = NULL; 820 socklen_t slen; 821 struct sockaddr_storage ss; 822 int s = -1; 823 824 event_add(&srv->srv_ev, NULL); 825 if ((event & EV_TIMEOUT)) 826 return; 827 828 slen = sizeof(ss); 829 if ((s = accept_reserve(fd, (struct sockaddr *)&ss, 830 &slen, FD_RESERVE, &server_inflight)) == -1) { 831 /* 832 * Pause accept if we are out of file descriptors, or 833 * libevent will haunt us here too. 834 */ 835 if (errno == ENFILE || errno == EMFILE) { 836 struct timeval evtpause = { 1, 0 }; 837 838 event_del(&srv->srv_ev); 839 evtimer_add(&srv->srv_evt, &evtpause); 840 log_debug("%s: deferring connections", __func__); 841 } 842 return; 843 } 844 if (server_clients >= SERVER_MAX_CLIENTS) 845 goto err; 846 847 if (fcntl(s, F_SETFL, O_NONBLOCK) == -1) 848 goto err; 849 850 if ((clt = calloc(1, sizeof(*clt))) == NULL) 851 goto err; 852 853 clt->clt_s = s; 854 clt->clt_fd = -1; 855 clt->clt_toread = TOREAD_UNLIMITED; 856 clt->clt_srv = srv; 857 clt->clt_srv_conf = &srv->srv_conf; 858 clt->clt_id = ++server_cltid; 859 clt->clt_srv_id = srv->srv_conf.id; 860 clt->clt_pid = getpid(); 861 clt->clt_inflight = 1; 862 863 /* get local address */ 864 slen = sizeof(clt->clt_srv_ss); 865 if (getsockname(s, (struct sockaddr *)&clt->clt_srv_ss, 866 &slen) == -1) { 867 server_close(clt, "listen address lookup failed"); 868 return; 869 } 870 871 /* get client address */ 872 memcpy(&clt->clt_ss, &ss, sizeof(clt->clt_ss)); 873 874 /* get ports */ 875 switch (ss.ss_family) { 876 case AF_INET: 877 clt->clt_port = ((struct sockaddr_in *)&ss)->sin_port; 878 break; 879 case AF_INET6: 880 clt->clt_port = ((struct sockaddr_in6 *)&ss)->sin6_port; 881 break; 882 } 883 884 getmonotime(&clt->clt_tv_start); 885 memcpy(&clt->clt_tv_last, &clt->clt_tv_start, sizeof(clt->clt_tv_last)); 886 887 server_clients++; 888 SPLAY_INSERT(client_tree, &srv->srv_clients, clt); 889 890 /* Increment the per-relay client counter */ 891 //srv->srv_stats[proc_id].last++; 892 893 /* Pre-allocate output buffer */ 894 clt->clt_output = evbuffer_new(); 895 if (clt->clt_output == NULL) { 896 server_close(clt, "failed to allocate output buffer"); 897 return; 898 } 899 900 /* Pre-allocate log buffer */ 901 clt->clt_log = evbuffer_new(); 902 if (clt->clt_log == NULL) { 903 server_close(clt, "failed to allocate log buffer"); 904 return; 905 } 906 907 if (srv->srv_conf.flags & SRVFLAG_TLS) { 908 event_again(&clt->clt_ev, clt->clt_s, EV_TIMEOUT|EV_READ, 909 server_accept_tls, &clt->clt_tv_start, 910 &srv->srv_conf.timeout, clt); 911 return; 912 } 913 914 server_input(clt); 915 return; 916 917 err: 918 if (s != -1) { 919 close(s); 920 if (clt != NULL) 921 free(clt); 922 /* 923 * the client struct was not completly set up, but still 924 * counted as an inflight client. account for this. 925 */ 926 server_inflight_dec(clt, __func__); 927 } 928} 929 930void 931server_accept_tls(int fd, short event, void *arg) 932{ 933 struct client *clt = (struct client *)arg; 934 struct server *srv = (struct server *)clt->clt_srv; 935 int ret; 936 937 if (event == EV_TIMEOUT) { 938 server_close(clt, "TLS accept timeout"); 939 return; 940 } 941 942 if (srv->srv_tls_ctx == NULL) 943 fatalx("NULL tls context"); 944 945 ret = tls_accept_socket(srv->srv_tls_ctx, &clt->clt_tls_ctx, 946 clt->clt_s); 947 if (ret == TLS_READ_AGAIN) { 948 event_again(&clt->clt_ev, clt->clt_s, EV_TIMEOUT|EV_READ, 949 server_accept_tls, &clt->clt_tv_start, 950 &srv->srv_conf.timeout, clt); 951 } else if (ret == TLS_WRITE_AGAIN) { 952 event_again(&clt->clt_ev, clt->clt_s, EV_TIMEOUT|EV_WRITE, 953 server_accept_tls, &clt->clt_tv_start, 954 &srv->srv_conf.timeout, clt); 955 } else if (ret != 0) { 956 log_warnx("%s: TLS accept failed - %s", __func__, 957 tls_error(srv->srv_tls_ctx)); 958 return; 959 } 960 961 server_input(clt); 962 return; 963} 964 965void 966server_inflight_dec(struct client *clt, const char *why) 967{ 968 if (clt != NULL) { 969 /* the flight already left inflight mode. */ 970 if (clt->clt_inflight == 0) 971 return; 972 clt->clt_inflight = 0; 973 } 974 975 /* the file was never opened, thus this was an inflight client. */ 976 server_inflight--; 977 DPRINTF("%s: inflight decremented, now %d, %s", 978 __func__, server_inflight, why); 979} 980 981void 982server_sendlog(struct server_config *srv_conf, int cmd, const char *emsg, ...) 983{ 984 va_list ap; 985 char *msg; 986 int ret; 987 struct iovec iov[2]; 988 989 if (srv_conf->flags & SRVFLAG_SYSLOG) { 990 va_start(ap, emsg); 991 if (cmd == IMSG_LOG_ACCESS) 992 vlog(LOG_INFO, emsg, ap); 993 else 994 vlog(LOG_DEBUG, emsg, ap); 995 va_end(ap); 996 return; 997 } 998 999 va_start(ap, emsg); 1000 ret = vasprintf(&msg, emsg, ap); 1001 va_end(ap); 1002 if (ret == -1) { 1003 log_warn("%s: vasprintf", __func__); 1004 return; 1005 } 1006 1007 iov[0].iov_base = &srv_conf->id; 1008 iov[0].iov_len = sizeof(srv_conf->id); 1009 iov[1].iov_base = msg; 1010 iov[1].iov_len = strlen(msg) + 1; 1011 1012 proc_composev_imsg(env->sc_ps, PROC_LOGGER, -1, cmd, -1, iov, 2); 1013} 1014 1015void 1016server_log(struct client *clt, const char *msg) 1017{ 1018 char ibuf[HOST_NAME_MAX+1], obuf[HOST_NAME_MAX+1]; 1019 struct server_config *srv_conf = clt->clt_srv_conf; 1020 char *ptr = NULL; 1021 int debug_cmd = -1; 1022 extern int verbose; 1023 1024 switch (srv_conf->logformat) { 1025 case LOG_FORMAT_CONNECTION: 1026 debug_cmd = IMSG_LOG_ACCESS; 1027 break; 1028 default: 1029 if (verbose > 1) 1030 debug_cmd = IMSG_LOG_ERROR; 1031 if (EVBUFFER_LENGTH(clt->clt_log)) { 1032 while ((ptr = 1033 evbuffer_readline(clt->clt_log)) != NULL) { 1034 server_sendlog(srv_conf, 1035 IMSG_LOG_ACCESS, "%s", ptr); 1036 free(ptr); 1037 } 1038 } 1039 break; 1040 } 1041 1042 if (debug_cmd != -1 && msg != NULL) { 1043 memset(ibuf, 0, sizeof(ibuf)); 1044 memset(obuf, 0, sizeof(obuf)); 1045 (void)print_host(&clt->clt_ss, ibuf, sizeof(ibuf)); 1046 (void)server_http_host(&clt->clt_srv_ss, obuf, sizeof(obuf)); 1047 if (EVBUFFER_LENGTH(clt->clt_log) && 1048 evbuffer_add_printf(clt->clt_log, "\n") != -1) 1049 ptr = evbuffer_readline(clt->clt_log); 1050 server_sendlog(srv_conf, debug_cmd, "server %s, " 1051 "client %d (%d active), %s:%u -> %s, " 1052 "%s%s%s", srv_conf->name, clt->clt_id, server_clients, 1053 ibuf, ntohs(clt->clt_port), obuf, msg, 1054 ptr == NULL ? "" : ",", ptr == NULL ? "" : ptr); 1055 if (ptr != NULL) 1056 free(ptr); 1057 } 1058} 1059 1060void 1061server_close(struct client *clt, const char *msg) 1062{ 1063 struct server *srv = clt->clt_srv; 1064 1065 SPLAY_REMOVE(client_tree, &srv->srv_clients, clt); 1066 1067 /* free the HTTP descriptors incl. headers */ 1068 server_close_http(clt); 1069 1070 event_del(&clt->clt_ev); 1071 if (clt->clt_bev != NULL) 1072 bufferevent_disable(clt->clt_bev, EV_READ|EV_WRITE); 1073 if (clt->clt_srvbev != NULL) 1074 bufferevent_disable(clt->clt_srvbev, EV_READ|EV_WRITE); 1075 1076 server_log(clt, msg); 1077 1078 if (clt->clt_bev != NULL) 1079 bufferevent_free(clt->clt_bev); 1080 if (clt->clt_output != NULL) 1081 evbuffer_free(clt->clt_output); 1082 if (clt->clt_srvevb != NULL) 1083 evbuffer_free(clt->clt_srvevb); 1084 1085 if (clt->clt_srvbev != NULL) 1086 bufferevent_free(clt->clt_srvbev); 1087 if (clt->clt_fd != -1) 1088 close(clt->clt_fd); 1089 if (clt->clt_s != -1) 1090 close(clt->clt_s); 1091 1092 if (clt->clt_tls_ctx != NULL) 1093 tls_close(clt->clt_tls_ctx); 1094 tls_free(clt->clt_tls_ctx); 1095 1096 server_inflight_dec(clt, __func__); 1097 1098 if (clt->clt_log != NULL) 1099 evbuffer_free(clt->clt_log); 1100 1101 free(clt); 1102 server_clients--; 1103} 1104 1105int 1106server_dispatch_parent(int fd, struct privsep_proc *p, struct imsg *imsg) 1107{ 1108 switch (imsg->hdr.type) { 1109 case IMSG_CFG_MEDIA: 1110 config_getmedia(env, imsg); 1111 break; 1112 case IMSG_CFG_AUTH: 1113 config_getauth(env, imsg); 1114 break; 1115 case IMSG_CFG_SERVER: 1116 config_getserver(env, imsg); 1117 break; 1118 case IMSG_CFG_DONE: 1119 config_getcfg(env, imsg); 1120 break; 1121 case IMSG_CTL_START: 1122 server_launch(); 1123 break; 1124 case IMSG_CTL_RESET: 1125 config_getreset(env, imsg); 1126 break; 1127 default: 1128 return (-1); 1129 } 1130 1131 return (0); 1132} 1133 1134int 1135server_dispatch_logger(int fd, struct privsep_proc *p, struct imsg *imsg) 1136{ 1137 switch (imsg->hdr.type) { 1138 default: 1139 return (-1); 1140 } 1141 1142 return (0); 1143} 1144 1145int 1146server_bufferevent_add(struct event *ev, int timeout) 1147{ 1148 struct timeval tv, *ptv = NULL; 1149 1150 if (timeout) { 1151 timerclear(&tv); 1152 tv.tv_sec = timeout; 1153 ptv = &tv; 1154 } 1155 1156 return (event_add(ev, ptv)); 1157} 1158 1159int 1160server_bufferevent_printf(struct client *clt, const char *fmt, ...) 1161{ 1162 int ret; 1163 va_list ap; 1164 char *str; 1165 1166 va_start(ap, fmt); 1167 ret = vasprintf(&str, fmt, ap); 1168 va_end(ap); 1169 1170 if (ret == -1) 1171 return (ret); 1172 1173 ret = server_bufferevent_print(clt, str); 1174 free(str); 1175 1176 return (ret); 1177} 1178 1179int 1180server_bufferevent_print(struct client *clt, const char *str) 1181{ 1182 if (clt->clt_bev == NULL) 1183 return (evbuffer_add(clt->clt_output, str, strlen(str))); 1184 return (bufferevent_write(clt->clt_bev, str, strlen(str))); 1185} 1186 1187int 1188server_bufferevent_write_buffer(struct client *clt, struct evbuffer *buf) 1189{ 1190 if (clt->clt_bev == NULL) 1191 return (evbuffer_add_buffer(clt->clt_output, buf)); 1192 return (bufferevent_write_buffer(clt->clt_bev, buf)); 1193} 1194 1195int 1196server_bufferevent_write_chunk(struct client *clt, 1197 struct evbuffer *buf, size_t size) 1198{ 1199 int ret; 1200 ret = server_bufferevent_write(clt, buf->buffer, size); 1201 if (ret != -1) 1202 evbuffer_drain(buf, size); 1203 return (ret); 1204} 1205 1206int 1207server_bufferevent_write(struct client *clt, void *data, size_t size) 1208{ 1209 if (clt->clt_bev == NULL) 1210 return (evbuffer_add(clt->clt_output, data, size)); 1211 return (bufferevent_write(clt->clt_bev, data, size)); 1212} 1213 1214int 1215server_client_cmp(struct client *a, struct client *b) 1216{ 1217 return ((int)a->clt_id - b->clt_id); 1218} 1219 1220SPLAY_GENERATE(client_tree, client, clt_nodes, server_client_cmp); 1221