server.c revision 1.63
1/* $OpenBSD: server.c,v 1.63 2015/04/23 16:59:28 florian Exp $ */ 2 3/* 4 * Copyright (c) 2006 - 2015 Reyk Floeter <reyk@openbsd.org> 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19#include <sys/param.h> /* nitems */ 20#include <sys/types.h> 21#include <sys/queue.h> 22#include <sys/time.h> 23#include <sys/stat.h> 24#include <sys/socket.h> 25#include <sys/uio.h> 26#include <sys/tree.h> 27 28#include <netinet/in.h> 29#include <netinet/tcp.h> 30#include <arpa/inet.h> 31 32#include <stdio.h> 33#include <stdlib.h> 34#include <stdarg.h> 35#include <limits.h> 36#include <errno.h> 37#include <fcntl.h> 38#include <string.h> 39#include <syslog.h> 40#include <unistd.h> 41#include <event.h> 42#include <imsg.h> 43#include <tls.h> 44 45#include "httpd.h" 46 47#define MINIMUM(a, b) (((a) < (b)) ? (a) : (b)) 48 49int server_dispatch_parent(int, struct privsep_proc *, 50 struct imsg *); 51int server_dispatch_logger(int, struct privsep_proc *, 52 struct imsg *); 53void server_shutdown(void); 54 55void server_init(struct privsep *, struct privsep_proc *p, void *); 56void server_launch(void); 57int server_socket(struct sockaddr_storage *, in_port_t, 58 struct server_config *, int, int); 59int server_socket_listen(struct sockaddr_storage *, in_port_t, 60 struct server_config *); 61 62int server_tls_init(struct server *); 63void server_tls_readcb(int, short, void *); 64void server_tls_writecb(int, short, void *); 65 66void server_accept(int, short, void *); 67void server_accept_tls(int, short, void *); 68void server_input(struct client *); 69void server_inflight_dec(struct client *, const char *); 70 71extern void bufferevent_read_pressure_cb(struct evbuffer *, size_t, 72 size_t, void *); 73 74volatile int server_clients; 75volatile int server_inflight = 0; 76u_int32_t server_cltid; 77 78static struct httpd *env = NULL; 79int proc_id; 80 81static struct privsep_proc procs[] = { 82 { "parent", PROC_PARENT, server_dispatch_parent }, 83 { "logger", PROC_LOGGER, server_dispatch_logger } 84}; 85 86pid_t 87server(struct privsep *ps, struct privsep_proc *p) 88{ 89 pid_t pid; 90 env = ps->ps_env; 91 pid = proc_run(ps, p, procs, nitems(procs), server_init, NULL); 92 server_http(env); 93 return (pid); 94} 95 96void 97server_shutdown(void) 98{ 99 config_purge(env, CONFIG_ALL); 100 usleep(200); /* XXX server needs to shutdown last */ 101} 102 103int 104server_privinit(struct server *srv) 105{ 106 struct server *s; 107 108 if (srv->srv_conf.flags & SRVFLAG_LOCATION) 109 return (0); 110 111 log_debug("%s: adding server %s", __func__, srv->srv_conf.name); 112 113 /* 114 * There's no need to open a new socket if a server with the 115 * same address already exists. 116 */ 117 TAILQ_FOREACH(s, env->sc_servers, srv_entry) { 118 if (s != srv && s->srv_s != -1 && 119 s->srv_conf.port == srv->srv_conf.port && 120 sockaddr_cmp((struct sockaddr *)&s->srv_conf.ss, 121 (struct sockaddr *)&srv->srv_conf.ss, 122 s->srv_conf.prefixlen) == 0) 123 return (0); 124 } 125 126 /* Open listening socket in the privileged process */ 127 if ((srv->srv_s = server_socket_listen(&srv->srv_conf.ss, 128 srv->srv_conf.port, &srv->srv_conf)) == -1) 129 return (-1); 130 131 return (0); 132} 133 134int 135server_tls_load_keypair(struct server *srv) 136{ 137 if ((srv->srv_conf.flags & SRVFLAG_TLS) == 0) 138 return (0); 139 140 if ((srv->srv_conf.tls_cert = tls_load_file( 141 srv->srv_conf.tls_cert_file, &srv->srv_conf.tls_cert_len, 142 NULL)) == NULL) 143 return (-1); 144 log_debug("%s: using certificate %s", __func__, 145 srv->srv_conf.tls_cert_file); 146 147 /* XXX allow to specify password for encrypted key */ 148 if ((srv->srv_conf.tls_key = tls_load_file( 149 srv->srv_conf.tls_key_file, &srv->srv_conf.tls_key_len, 150 NULL)) == NULL) 151 return (-1); 152 log_debug("%s: using private key %s", __func__, 153 srv->srv_conf.tls_key_file); 154 155 return (0); 156} 157 158int 159server_tls_init(struct server *srv) 160{ 161 if ((srv->srv_conf.flags & SRVFLAG_TLS) == 0) 162 return (0); 163 164 log_debug("%s: setting up TLS for %s", __func__, srv->srv_conf.name); 165 166 if (tls_init() != 0) { 167 log_warn("%s: failed to initialise tls", __func__); 168 return (-1); 169 } 170 if ((srv->srv_tls_config = tls_config_new()) == NULL) { 171 log_warn("%s: failed to get tls config", __func__); 172 return (-1); 173 } 174 if ((srv->srv_tls_ctx = tls_server()) == NULL) { 175 log_warn("%s: failed to get tls server", __func__); 176 return (-1); 177 } 178 179 tls_config_set_protocols(srv->srv_tls_config, 180 srv->srv_conf.tls_protocols); 181 182 if (tls_config_set_ciphers(srv->srv_tls_config, 183 srv->srv_conf.tls_ciphers) != 0) { 184 log_warn("%s: failed to set tls ciphers", __func__); 185 return (-1); 186 } 187 if (tls_config_set_dheparams(srv->srv_tls_config, 188 srv->srv_conf.tls_dhe_params) != 0) { 189 log_warn("%s: failed to set tls dhe params", __func__); 190 return (-1); 191 } 192 if (tls_config_set_ecdhecurve(srv->srv_tls_config, 193 srv->srv_conf.tls_ecdhe_curve) != 0) { 194 log_warn("%s: failed to set tls ecdhe curve", __func__); 195 return (-1); 196 } 197 198 if (tls_config_set_cert_mem(srv->srv_tls_config, 199 srv->srv_conf.tls_cert, srv->srv_conf.tls_cert_len) != 0) { 200 log_warn("%s: failed to set tls cert", __func__); 201 return (-1); 202 } 203 if (tls_config_set_key_mem(srv->srv_tls_config, 204 srv->srv_conf.tls_key, srv->srv_conf.tls_key_len) != 0) { 205 log_warn("%s: failed to set tls key", __func__); 206 return (-1); 207 } 208 209 if (tls_configure(srv->srv_tls_ctx, srv->srv_tls_config) != 0) { 210 log_warn("%s: failed to configure TLS - %s", __func__, 211 tls_error(srv->srv_tls_ctx)); 212 return (-1); 213 } 214 215 /* We're now done with the public/private key... */ 216 tls_config_clear_keys(srv->srv_tls_config); 217 explicit_bzero(srv->srv_conf.tls_cert, srv->srv_conf.tls_cert_len); 218 explicit_bzero(srv->srv_conf.tls_key, srv->srv_conf.tls_key_len); 219 free(srv->srv_conf.tls_cert); 220 free(srv->srv_conf.tls_key); 221 srv->srv_conf.tls_cert = NULL; 222 srv->srv_conf.tls_key = NULL; 223 srv->srv_conf.tls_cert_len = 0; 224 srv->srv_conf.tls_key_len = 0; 225 226 return (0); 227} 228 229void 230server_init(struct privsep *ps, struct privsep_proc *p, void *arg) 231{ 232 server_http(ps->ps_env); 233 234 if (config_init(ps->ps_env) == -1) 235 fatal("failed to initialize configuration"); 236 237 /* Set to current prefork id */ 238 proc_id = p->p_instance; 239 240 /* We use a custom shutdown callback */ 241 p->p_shutdown = server_shutdown; 242 243 /* Unlimited file descriptors (use system limits) */ 244 socket_rlimit(-1); 245 246#if 0 247 /* Schedule statistics timer */ 248 evtimer_set(&env->sc_statev, server_statistics, NULL); 249 memcpy(&tv, &env->sc_statinterval, sizeof(tv)); 250 evtimer_add(&env->sc_statev, &tv); 251#endif 252} 253 254void 255server_launch(void) 256{ 257 struct server *srv; 258 259 TAILQ_FOREACH(srv, env->sc_servers, srv_entry) { 260 server_tls_init(srv); 261 server_http_init(srv); 262 263 log_debug("%s: running server %s", __func__, 264 srv->srv_conf.name); 265 266 event_set(&srv->srv_ev, srv->srv_s, EV_READ, 267 server_accept, srv); 268 event_add(&srv->srv_ev, NULL); 269 evtimer_set(&srv->srv_evt, server_accept, srv); 270 } 271} 272 273void 274server_purge(struct server *srv) 275{ 276 struct client *clt; 277 struct server_config *srv_conf; 278 279 /* shutdown and remove server */ 280 if (event_initialized(&srv->srv_ev)) 281 event_del(&srv->srv_ev); 282 if (evtimer_initialized(&srv->srv_evt)) 283 evtimer_del(&srv->srv_evt); 284 285 if (srv->srv_s != -1) 286 close(srv->srv_s); 287 TAILQ_REMOVE(env->sc_servers, srv, srv_entry); 288 289 /* cleanup sessions */ 290 while ((clt = 291 SPLAY_ROOT(&srv->srv_clients)) != NULL) 292 server_close(clt, NULL); 293 294 /* cleanup hosts */ 295 while ((srv_conf = 296 TAILQ_FIRST(&srv->srv_hosts)) != NULL) { 297 TAILQ_REMOVE(&srv->srv_hosts, srv_conf, entry); 298 299 /* It might point to our own "default" entry */ 300 if (srv_conf != &srv->srv_conf) { 301 serverconfig_free(srv_conf); 302 free(srv_conf); 303 } 304 } 305 306 tls_config_free(srv->srv_tls_config); 307 tls_free(srv->srv_tls_ctx); 308 309 free(srv); 310} 311 312void 313serverconfig_free(struct server_config *srv_conf) 314{ 315 free(srv_conf->return_uri); 316 free(srv_conf->tls_cert_file); 317 free(srv_conf->tls_cert); 318 free(srv_conf->tls_key_file); 319 free(srv_conf->tls_key); 320} 321 322void 323serverconfig_reset(struct server_config *srv_conf) 324{ 325 srv_conf->tls_cert_file = srv_conf->tls_key_file = NULL; 326 srv_conf->tls_cert = srv_conf->tls_key = NULL; 327 srv_conf->return_uri = NULL; 328 srv_conf->auth = NULL; 329} 330 331struct server * 332server_byaddr(struct sockaddr *addr, in_port_t port) 333{ 334 struct server *srv; 335 336 TAILQ_FOREACH(srv, env->sc_servers, srv_entry) { 337 if (port == srv->srv_conf.port && 338 sockaddr_cmp((struct sockaddr *)&srv->srv_conf.ss, 339 addr, srv->srv_conf.prefixlen) == 0) 340 return (srv); 341 } 342 343 return (NULL); 344} 345 346struct server_config * 347serverconfig_byid(u_int32_t id) 348{ 349 struct server *srv; 350 struct server_config *srv_conf; 351 352 TAILQ_FOREACH(srv, env->sc_servers, srv_entry) { 353 if (srv->srv_conf.id == id) 354 return (&srv->srv_conf); 355 TAILQ_FOREACH(srv_conf, &srv->srv_hosts, entry) { 356 if (srv_conf->id == id) 357 return (srv_conf); 358 } 359 } 360 361 return (NULL); 362} 363 364int 365server_foreach(int (*srv_cb)(struct server *, 366 struct server_config *, void *), void *arg) 367{ 368 struct server *srv; 369 struct server_config *srv_conf; 370 371 TAILQ_FOREACH(srv, env->sc_servers, srv_entry) { 372 if ((srv_cb)(srv, &srv->srv_conf, arg) == -1) 373 return (-1); 374 TAILQ_FOREACH(srv_conf, &srv->srv_hosts, entry) { 375 if ((srv_cb)(srv, srv_conf, arg) == -1) 376 return (-1); 377 } 378 } 379 380 return (0); 381} 382 383int 384server_socket_af(struct sockaddr_storage *ss, in_port_t port) 385{ 386 switch (ss->ss_family) { 387 case AF_INET: 388 ((struct sockaddr_in *)ss)->sin_port = port; 389 ((struct sockaddr_in *)ss)->sin_len = 390 sizeof(struct sockaddr_in); 391 break; 392 case AF_INET6: 393 ((struct sockaddr_in6 *)ss)->sin6_port = port; 394 ((struct sockaddr_in6 *)ss)->sin6_len = 395 sizeof(struct sockaddr_in6); 396 break; 397 default: 398 return (-1); 399 } 400 401 return (0); 402} 403 404in_port_t 405server_socket_getport(struct sockaddr_storage *ss) 406{ 407 switch (ss->ss_family) { 408 case AF_INET: 409 return (((struct sockaddr_in *)ss)->sin_port); 410 case AF_INET6: 411 return (((struct sockaddr_in6 *)ss)->sin6_port); 412 default: 413 return (0); 414 } 415 416 /* NOTREACHED */ 417 return (0); 418} 419 420int 421server_socket(struct sockaddr_storage *ss, in_port_t port, 422 struct server_config *srv_conf, int fd, int reuseport) 423{ 424 struct linger lng; 425 int s = -1, val; 426 427 if (server_socket_af(ss, port) == -1) 428 goto bad; 429 430 s = fd == -1 ? socket(ss->ss_family, SOCK_STREAM, IPPROTO_TCP) : fd; 431 if (s == -1) 432 goto bad; 433 434 /* 435 * Socket options 436 */ 437 memset(&lng, 0, sizeof(lng)); 438 if (setsockopt(s, SOL_SOCKET, SO_LINGER, &lng, sizeof(lng)) == -1) 439 goto bad; 440 if (reuseport) { 441 val = 1; 442 if (setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &val, 443 sizeof(int)) == -1) 444 goto bad; 445 } 446 if (fcntl(s, F_SETFL, O_NONBLOCK) == -1) 447 goto bad; 448 if (srv_conf->tcpflags & TCPFLAG_BUFSIZ) { 449 val = srv_conf->tcpbufsiz; 450 if (setsockopt(s, SOL_SOCKET, SO_RCVBUF, 451 &val, sizeof(val)) == -1) 452 goto bad; 453 val = srv_conf->tcpbufsiz; 454 if (setsockopt(s, SOL_SOCKET, SO_SNDBUF, 455 &val, sizeof(val)) == -1) 456 goto bad; 457 } 458 459 /* 460 * IP options 461 */ 462 if (srv_conf->tcpflags & TCPFLAG_IPTTL) { 463 val = (int)srv_conf->tcpipttl; 464 if (setsockopt(s, IPPROTO_IP, IP_TTL, 465 &val, sizeof(val)) == -1) 466 goto bad; 467 } 468 if (srv_conf->tcpflags & TCPFLAG_IPMINTTL) { 469 val = (int)srv_conf->tcpipminttl; 470 if (setsockopt(s, IPPROTO_IP, IP_MINTTL, 471 &val, sizeof(val)) == -1) 472 goto bad; 473 } 474 475 /* 476 * TCP options 477 */ 478 if (srv_conf->tcpflags & (TCPFLAG_NODELAY|TCPFLAG_NNODELAY)) { 479 if (srv_conf->tcpflags & TCPFLAG_NNODELAY) 480 val = 0; 481 else 482 val = 1; 483 if (setsockopt(s, IPPROTO_TCP, TCP_NODELAY, 484 &val, sizeof(val)) == -1) 485 goto bad; 486 } 487 if (srv_conf->tcpflags & (TCPFLAG_SACK|TCPFLAG_NSACK)) { 488 if (srv_conf->tcpflags & TCPFLAG_NSACK) 489 val = 0; 490 else 491 val = 1; 492 if (setsockopt(s, IPPROTO_TCP, TCP_SACK_ENABLE, 493 &val, sizeof(val)) == -1) 494 goto bad; 495 } 496 497 return (s); 498 499 bad: 500 if (s != -1) 501 close(s); 502 return (-1); 503} 504 505int 506server_socket_listen(struct sockaddr_storage *ss, in_port_t port, 507 struct server_config *srv_conf) 508{ 509 int s; 510 511 if ((s = server_socket(ss, port, srv_conf, -1, 1)) == -1) 512 return (-1); 513 514 if (bind(s, (struct sockaddr *)ss, ss->ss_len) == -1) 515 goto bad; 516 if (listen(s, srv_conf->tcpbacklog) == -1) 517 goto bad; 518 519 return (s); 520 521 bad: 522 close(s); 523 return (-1); 524} 525 526int 527server_socket_connect(struct sockaddr_storage *ss, in_port_t port, 528 struct server_config *srv_conf) 529{ 530 int s; 531 532 if ((s = server_socket(ss, port, srv_conf, -1, 0)) == -1) 533 return (-1); 534 535 if (connect(s, (struct sockaddr *)ss, ss->ss_len) == -1) { 536 if (errno != EINPROGRESS) 537 goto bad; 538 } 539 540 return (s); 541 542 bad: 543 close(s); 544 return (-1); 545} 546 547void 548server_tls_readcb(int fd, short event, void *arg) 549{ 550 struct bufferevent *bufev = arg; 551 struct client *clt = bufev->cbarg; 552 char rbuf[IBUF_READ_SIZE]; 553 int what = EVBUFFER_READ; 554 int howmuch = IBUF_READ_SIZE; 555 int ret; 556 size_t len; 557 558 if (event == EV_TIMEOUT) { 559 what |= EVBUFFER_TIMEOUT; 560 goto err; 561 } 562 563 if (bufev->wm_read.high != 0) 564 howmuch = MINIMUM(sizeof(rbuf), bufev->wm_read.high); 565 566 ret = tls_read(clt->clt_tls_ctx, rbuf, howmuch, &len); 567 if (ret == TLS_READ_AGAIN || ret == TLS_WRITE_AGAIN) { 568 goto retry; 569 } else if (ret != 0) { 570 what |= EVBUFFER_ERROR; 571 goto err; 572 } 573 574 if (evbuffer_add(bufev->input, rbuf, len) == -1) { 575 what |= EVBUFFER_ERROR; 576 goto err; 577 } 578 579 server_bufferevent_add(&bufev->ev_read, bufev->timeout_read); 580 581 len = EVBUFFER_LENGTH(bufev->input); 582 if (bufev->wm_read.low != 0 && len < bufev->wm_read.low) 583 return; 584 if (bufev->wm_read.high != 0 && len > bufev->wm_read.high) { 585 struct evbuffer *buf = bufev->input; 586 event_del(&bufev->ev_read); 587 evbuffer_setcb(buf, bufferevent_read_pressure_cb, bufev); 588 return; 589 } 590 591 if (bufev->readcb != NULL) 592 (*bufev->readcb)(bufev, bufev->cbarg); 593 return; 594 595 retry: 596 server_bufferevent_add(&bufev->ev_read, bufev->timeout_read); 597 return; 598 599 err: 600 (*bufev->errorcb)(bufev, what, bufev->cbarg); 601} 602 603void 604server_tls_writecb(int fd, short event, void *arg) 605{ 606 struct bufferevent *bufev = arg; 607 struct client *clt = bufev->cbarg; 608 int ret; 609 short what = EVBUFFER_WRITE; 610 size_t len; 611 612 if (event == EV_TIMEOUT) { 613 what |= EVBUFFER_TIMEOUT; 614 goto err; 615 } 616 617 if (EVBUFFER_LENGTH(bufev->output)) { 618 if (clt->clt_buf == NULL) { 619 clt->clt_buflen = EVBUFFER_LENGTH(bufev->output); 620 if ((clt->clt_buf = malloc(clt->clt_buflen)) == NULL) { 621 what |= EVBUFFER_ERROR; 622 goto err; 623 } 624 bcopy(EVBUFFER_DATA(bufev->output), 625 clt->clt_buf, clt->clt_buflen); 626 } 627 ret = tls_write(clt->clt_tls_ctx, clt->clt_buf, 628 clt->clt_buflen, &len); 629 if (ret == TLS_READ_AGAIN || ret == TLS_WRITE_AGAIN) { 630 goto retry; 631 } else if (ret != 0) { 632 what |= EVBUFFER_ERROR; 633 goto err; 634 } 635 evbuffer_drain(bufev->output, len); 636 } 637 if (clt->clt_buf != NULL) { 638 free(clt->clt_buf); 639 clt->clt_buf = NULL; 640 clt->clt_buflen = 0; 641 } 642 643 if (EVBUFFER_LENGTH(bufev->output) != 0) 644 server_bufferevent_add(&bufev->ev_write, bufev->timeout_write); 645 646 if (bufev->writecb != NULL && 647 EVBUFFER_LENGTH(bufev->output) <= bufev->wm_write.low) 648 (*bufev->writecb)(bufev, bufev->cbarg); 649 return; 650 651 retry: 652 if (clt->clt_buflen != 0) 653 server_bufferevent_add(&bufev->ev_write, bufev->timeout_write); 654 return; 655 656 err: 657 if (clt->clt_buf != NULL) { 658 free(clt->clt_buf); 659 clt->clt_buf = NULL; 660 clt->clt_buflen = 0; 661 } 662 (*bufev->errorcb)(bufev, what, bufev->cbarg); 663} 664 665void 666server_input(struct client *clt) 667{ 668 struct server_config *srv_conf = clt->clt_srv_conf; 669 evbuffercb inrd = server_read; 670 evbuffercb inwr = server_write; 671 socklen_t slen; 672 673 if (server_httpdesc_init(clt) == -1) { 674 server_close(clt, "failed to allocate http descriptor"); 675 return; 676 } 677 678 clt->clt_toread = TOREAD_HTTP_HEADER; 679 inrd = server_read_http; 680 681 slen = sizeof(clt->clt_sndbufsiz); 682 if (getsockopt(clt->clt_s, SOL_SOCKET, SO_SNDBUF, 683 &clt->clt_sndbufsiz, &slen) == -1) { 684 server_close(clt, "failed to get send buffer size"); 685 return; 686 } 687 688 /* 689 * Client <-> Server 690 */ 691 clt->clt_bev = bufferevent_new(clt->clt_s, inrd, inwr, 692 server_error, clt); 693 if (clt->clt_bev == NULL) { 694 server_close(clt, "failed to allocate input buffer event"); 695 return; 696 } 697 698 if (srv_conf->flags & SRVFLAG_TLS) { 699 event_set(&clt->clt_bev->ev_read, clt->clt_s, EV_READ, 700 server_tls_readcb, clt->clt_bev); 701 event_set(&clt->clt_bev->ev_write, clt->clt_s, EV_WRITE, 702 server_tls_writecb, clt->clt_bev); 703 } 704 705 /* Adjust write watermark to the socket buffer output size */ 706 bufferevent_setwatermark(clt->clt_bev, EV_WRITE, 707 clt->clt_sndbufsiz, 0); 708 /* Read at most amount of data that fits in one fcgi record. */ 709 bufferevent_setwatermark(clt->clt_bev, EV_READ, 0, FCGI_CONTENT_SIZE); 710 711 bufferevent_settimeout(clt->clt_bev, 712 srv_conf->timeout.tv_sec, srv_conf->timeout.tv_sec); 713 bufferevent_enable(clt->clt_bev, EV_READ|EV_WRITE); 714} 715 716void 717server_write(struct bufferevent *bev, void *arg) 718{ 719 struct client *clt = arg; 720 struct evbuffer *dst = EVBUFFER_OUTPUT(bev); 721 722 if (EVBUFFER_LENGTH(dst) == 0 && 723 clt->clt_toread == TOREAD_HTTP_NONE) 724 goto done; 725 726 getmonotime(&clt->clt_tv_last); 727 728 if (clt->clt_done) 729 goto done; 730 731 bufferevent_enable(bev, EV_READ); 732 return; 733 done: 734 (*bev->errorcb)(bev, EVBUFFER_WRITE|EVBUFFER_EOF, bev->cbarg); 735 return; 736} 737 738void 739server_dump(struct client *clt, const void *buf, size_t len) 740{ 741 size_t outlen; 742 743 if (!len) 744 return; 745 746 /* 747 * This function will dump the specified message directly 748 * to the underlying client, without waiting for success 749 * of non-blocking events etc. This is useful to print an 750 * error message before gracefully closing the client. 751 */ 752 if (clt->clt_tls_ctx != NULL) 753 (void)tls_write(clt->clt_tls_ctx, buf, len, &outlen); 754 else 755 (void)write(clt->clt_s, buf, len); 756} 757 758void 759server_read(struct bufferevent *bev, void *arg) 760{ 761 struct client *clt = arg; 762 struct evbuffer *src = EVBUFFER_INPUT(bev); 763 764 getmonotime(&clt->clt_tv_last); 765 766 if (!EVBUFFER_LENGTH(src)) 767 return; 768 if (server_bufferevent_write_buffer(clt, src) == -1) 769 goto fail; 770 if (clt->clt_done) 771 goto done; 772 return; 773 done: 774 (*bev->errorcb)(bev, EVBUFFER_READ|EVBUFFER_EOF, bev->cbarg); 775 return; 776 fail: 777 server_close(clt, strerror(errno)); 778} 779 780void 781server_error(struct bufferevent *bev, short error, void *arg) 782{ 783 struct client *clt = arg; 784 struct evbuffer *dst; 785 786 if (error & EVBUFFER_TIMEOUT) { 787 server_close(clt, "buffer event timeout"); 788 return; 789 } 790 if (error & EVBUFFER_ERROR) { 791 if (errno == EFBIG) { 792 bufferevent_enable(bev, EV_READ); 793 return; 794 } 795 server_close(clt, "buffer event error"); 796 return; 797 } 798 if (error & (EVBUFFER_READ|EVBUFFER_WRITE|EVBUFFER_EOF)) { 799 bufferevent_disable(bev, EV_READ|EV_WRITE); 800 801 clt->clt_done = 1; 802 803 dst = EVBUFFER_OUTPUT(clt->clt_bev); 804 if (EVBUFFER_LENGTH(dst)) { 805 /* Finish writing all data first */ 806 bufferevent_enable(clt->clt_bev, EV_WRITE); 807 return; 808 } 809 810 server_close(clt, "done"); 811 return; 812 } 813 server_close(clt, "unknown event error"); 814 return; 815} 816 817void 818server_accept(int fd, short event, void *arg) 819{ 820 struct server *srv = arg; 821 struct client *clt = NULL; 822 socklen_t slen; 823 struct sockaddr_storage ss; 824 int s = -1; 825 826 event_add(&srv->srv_ev, NULL); 827 if ((event & EV_TIMEOUT)) 828 return; 829 830 slen = sizeof(ss); 831 if ((s = accept_reserve(fd, (struct sockaddr *)&ss, 832 &slen, FD_RESERVE, &server_inflight)) == -1) { 833 /* 834 * Pause accept if we are out of file descriptors, or 835 * libevent will haunt us here too. 836 */ 837 if (errno == ENFILE || errno == EMFILE) { 838 struct timeval evtpause = { 1, 0 }; 839 840 event_del(&srv->srv_ev); 841 evtimer_add(&srv->srv_evt, &evtpause); 842 log_debug("%s: deferring connections", __func__); 843 } 844 return; 845 } 846 if (server_clients >= SERVER_MAX_CLIENTS) 847 goto err; 848 849 if (fcntl(s, F_SETFL, O_NONBLOCK) == -1) 850 goto err; 851 852 if ((clt = calloc(1, sizeof(*clt))) == NULL) 853 goto err; 854 855 /* Pre-allocate log buffer */ 856 clt->clt_log = evbuffer_new(); 857 if (clt->clt_log == NULL) 858 goto err; 859 860 clt->clt_s = s; 861 clt->clt_fd = -1; 862 clt->clt_toread = TOREAD_UNLIMITED; 863 clt->clt_srv = srv; 864 clt->clt_srv_conf = &srv->srv_conf; 865 clt->clt_id = ++server_cltid; 866 clt->clt_srv_id = srv->srv_conf.id; 867 clt->clt_pid = getpid(); 868 clt->clt_inflight = 1; 869 870 /* get local address */ 871 slen = sizeof(clt->clt_srv_ss); 872 if (getsockname(s, (struct sockaddr *)&clt->clt_srv_ss, 873 &slen) == -1) { 874 server_close(clt, "listen address lookup failed"); 875 return; 876 } 877 878 /* get client address */ 879 memcpy(&clt->clt_ss, &ss, sizeof(clt->clt_ss)); 880 881 /* get ports */ 882 switch (ss.ss_family) { 883 case AF_INET: 884 clt->clt_port = ((struct sockaddr_in *)&ss)->sin_port; 885 break; 886 case AF_INET6: 887 clt->clt_port = ((struct sockaddr_in6 *)&ss)->sin6_port; 888 break; 889 } 890 891 getmonotime(&clt->clt_tv_start); 892 memcpy(&clt->clt_tv_last, &clt->clt_tv_start, sizeof(clt->clt_tv_last)); 893 894 server_clients++; 895 SPLAY_INSERT(client_tree, &srv->srv_clients, clt); 896 897 /* Increment the per-relay client counter */ 898 //srv->srv_stats[proc_id].last++; 899 900 /* Pre-allocate output buffer */ 901 clt->clt_output = evbuffer_new(); 902 if (clt->clt_output == NULL) { 903 server_close(clt, "failed to allocate output buffer"); 904 return; 905 } 906 907 if (srv->srv_conf.flags & SRVFLAG_TLS) { 908 event_again(&clt->clt_ev, clt->clt_s, EV_TIMEOUT|EV_READ, 909 server_accept_tls, &clt->clt_tv_start, 910 &srv->srv_conf.timeout, clt); 911 return; 912 } 913 914 server_input(clt); 915 return; 916 917 err: 918 if (s != -1) { 919 close(s); 920 free(clt); 921 /* 922 * the client struct was not completly set up, but still 923 * counted as an inflight client. account for this. 924 */ 925 server_inflight_dec(NULL, __func__); 926 } 927} 928 929void 930server_accept_tls(int fd, short event, void *arg) 931{ 932 struct client *clt = (struct client *)arg; 933 struct server *srv = (struct server *)clt->clt_srv; 934 int ret; 935 936 if (event == EV_TIMEOUT) { 937 server_close(clt, "TLS accept timeout"); 938 return; 939 } 940 941 if (srv->srv_tls_ctx == NULL) 942 fatalx("NULL tls context"); 943 944 ret = tls_accept_socket(srv->srv_tls_ctx, &clt->clt_tls_ctx, 945 clt->clt_s); 946 if (ret == TLS_READ_AGAIN) { 947 event_again(&clt->clt_ev, clt->clt_s, EV_TIMEOUT|EV_READ, 948 server_accept_tls, &clt->clt_tv_start, 949 &srv->srv_conf.timeout, clt); 950 } else if (ret == TLS_WRITE_AGAIN) { 951 event_again(&clt->clt_ev, clt->clt_s, EV_TIMEOUT|EV_WRITE, 952 server_accept_tls, &clt->clt_tv_start, 953 &srv->srv_conf.timeout, clt); 954 } else if (ret != 0) { 955 log_warnx("%s: TLS accept failed - %s", __func__, 956 tls_error(srv->srv_tls_ctx)); 957 return; 958 } 959 960 server_input(clt); 961 return; 962} 963 964void 965server_inflight_dec(struct client *clt, const char *why) 966{ 967 if (clt != NULL) { 968 /* the flight already left inflight mode. */ 969 if (clt->clt_inflight == 0) 970 return; 971 clt->clt_inflight = 0; 972 } 973 974 /* the file was never opened, thus this was an inflight client. */ 975 server_inflight--; 976 DPRINTF("%s: inflight decremented, now %d, %s", 977 __func__, server_inflight, why); 978} 979 980void 981server_sendlog(struct server_config *srv_conf, int cmd, const char *emsg, ...) 982{ 983 va_list ap; 984 char *msg; 985 int ret; 986 struct iovec iov[2]; 987 988 if (srv_conf->flags & SRVFLAG_SYSLOG) { 989 va_start(ap, emsg); 990 if (cmd == IMSG_LOG_ACCESS) 991 vlog(LOG_INFO, emsg, ap); 992 else 993 vlog(LOG_DEBUG, emsg, ap); 994 va_end(ap); 995 return; 996 } 997 998 va_start(ap, emsg); 999 ret = vasprintf(&msg, emsg, ap); 1000 va_end(ap); 1001 if (ret == -1) { 1002 log_warn("%s: vasprintf", __func__); 1003 return; 1004 } 1005 1006 iov[0].iov_base = &srv_conf->id; 1007 iov[0].iov_len = sizeof(srv_conf->id); 1008 iov[1].iov_base = msg; 1009 iov[1].iov_len = strlen(msg) + 1; 1010 1011 if (proc_composev_imsg(env->sc_ps, PROC_LOGGER, -1, cmd, -1, iov, 1012 2) != 0) { 1013 log_warn("%s: failed to compose imsg", __func__); 1014 return; 1015 } 1016} 1017 1018void 1019server_log(struct client *clt, const char *msg) 1020{ 1021 char ibuf[HOST_NAME_MAX+1], obuf[HOST_NAME_MAX+1]; 1022 struct server_config *srv_conf = clt->clt_srv_conf; 1023 char *ptr = NULL; 1024 int debug_cmd = -1; 1025 extern int verbose; 1026 1027 switch (srv_conf->logformat) { 1028 case LOG_FORMAT_CONNECTION: 1029 debug_cmd = IMSG_LOG_ACCESS; 1030 break; 1031 default: 1032 if (verbose > 1) 1033 debug_cmd = IMSG_LOG_ERROR; 1034 if (EVBUFFER_LENGTH(clt->clt_log)) { 1035 while ((ptr = 1036 evbuffer_readline(clt->clt_log)) != NULL) { 1037 server_sendlog(srv_conf, 1038 IMSG_LOG_ACCESS, "%s", ptr); 1039 free(ptr); 1040 } 1041 } 1042 break; 1043 } 1044 1045 if (debug_cmd != -1 && msg != NULL) { 1046 memset(ibuf, 0, sizeof(ibuf)); 1047 memset(obuf, 0, sizeof(obuf)); 1048 (void)print_host(&clt->clt_ss, ibuf, sizeof(ibuf)); 1049 (void)server_http_host(&clt->clt_srv_ss, obuf, sizeof(obuf)); 1050 if (EVBUFFER_LENGTH(clt->clt_log) && 1051 evbuffer_add_printf(clt->clt_log, "\n") != -1) 1052 ptr = evbuffer_readline(clt->clt_log); 1053 server_sendlog(srv_conf, debug_cmd, "server %s, " 1054 "client %d (%d active), %s:%u -> %s, " 1055 "%s%s%s", srv_conf->name, clt->clt_id, server_clients, 1056 ibuf, ntohs(clt->clt_port), obuf, msg, 1057 ptr == NULL ? "" : ",", ptr == NULL ? "" : ptr); 1058 if (ptr != NULL) 1059 free(ptr); 1060 } 1061} 1062 1063void 1064server_close(struct client *clt, const char *msg) 1065{ 1066 struct server *srv = clt->clt_srv; 1067 1068 SPLAY_REMOVE(client_tree, &srv->srv_clients, clt); 1069 1070 /* free the HTTP descriptors incl. headers */ 1071 server_close_http(clt); 1072 1073 event_del(&clt->clt_ev); 1074 if (clt->clt_bev != NULL) 1075 bufferevent_disable(clt->clt_bev, EV_READ|EV_WRITE); 1076 if (clt->clt_srvbev != NULL) 1077 bufferevent_disable(clt->clt_srvbev, EV_READ|EV_WRITE); 1078 1079 server_log(clt, msg); 1080 1081 if (clt->clt_bev != NULL) 1082 bufferevent_free(clt->clt_bev); 1083 if (clt->clt_output != NULL) 1084 evbuffer_free(clt->clt_output); 1085 if (clt->clt_srvevb != NULL) 1086 evbuffer_free(clt->clt_srvevb); 1087 1088 if (clt->clt_srvbev != NULL) 1089 bufferevent_free(clt->clt_srvbev); 1090 if (clt->clt_fd != -1) 1091 close(clt->clt_fd); 1092 if (clt->clt_s != -1) 1093 close(clt->clt_s); 1094 1095 if (clt->clt_tls_ctx != NULL) 1096 tls_close(clt->clt_tls_ctx); 1097 tls_free(clt->clt_tls_ctx); 1098 1099 server_inflight_dec(clt, __func__); 1100 1101 if (clt->clt_log != NULL) 1102 evbuffer_free(clt->clt_log); 1103 1104 free(clt); 1105 server_clients--; 1106} 1107 1108int 1109server_dispatch_parent(int fd, struct privsep_proc *p, struct imsg *imsg) 1110{ 1111 switch (imsg->hdr.type) { 1112 case IMSG_CFG_MEDIA: 1113 config_getmedia(env, imsg); 1114 break; 1115 case IMSG_CFG_AUTH: 1116 config_getauth(env, imsg); 1117 break; 1118 case IMSG_CFG_SERVER: 1119 config_getserver(env, imsg); 1120 break; 1121 case IMSG_CFG_DONE: 1122 config_getcfg(env, imsg); 1123 break; 1124 case IMSG_CTL_START: 1125 server_launch(); 1126 break; 1127 case IMSG_CTL_RESET: 1128 config_getreset(env, imsg); 1129 break; 1130 default: 1131 return (-1); 1132 } 1133 1134 return (0); 1135} 1136 1137int 1138server_dispatch_logger(int fd, struct privsep_proc *p, struct imsg *imsg) 1139{ 1140 switch (imsg->hdr.type) { 1141 default: 1142 return (-1); 1143 } 1144 1145 return (0); 1146} 1147 1148int 1149server_bufferevent_add(struct event *ev, int timeout) 1150{ 1151 struct timeval tv, *ptv = NULL; 1152 1153 if (timeout) { 1154 timerclear(&tv); 1155 tv.tv_sec = timeout; 1156 ptv = &tv; 1157 } 1158 1159 return (event_add(ev, ptv)); 1160} 1161 1162int 1163server_bufferevent_printf(struct client *clt, const char *fmt, ...) 1164{ 1165 int ret; 1166 va_list ap; 1167 char *str; 1168 1169 va_start(ap, fmt); 1170 ret = vasprintf(&str, fmt, ap); 1171 va_end(ap); 1172 1173 if (ret == -1) 1174 return (ret); 1175 1176 ret = server_bufferevent_print(clt, str); 1177 free(str); 1178 1179 return (ret); 1180} 1181 1182int 1183server_bufferevent_print(struct client *clt, const char *str) 1184{ 1185 if (clt->clt_bev == NULL) 1186 return (evbuffer_add(clt->clt_output, str, strlen(str))); 1187 return (bufferevent_write(clt->clt_bev, str, strlen(str))); 1188} 1189 1190int 1191server_bufferevent_write_buffer(struct client *clt, struct evbuffer *buf) 1192{ 1193 if (clt->clt_bev == NULL) 1194 return (evbuffer_add_buffer(clt->clt_output, buf)); 1195 return (bufferevent_write_buffer(clt->clt_bev, buf)); 1196} 1197 1198int 1199server_bufferevent_write_chunk(struct client *clt, 1200 struct evbuffer *buf, size_t size) 1201{ 1202 int ret; 1203 ret = server_bufferevent_write(clt, buf->buffer, size); 1204 if (ret != -1) 1205 evbuffer_drain(buf, size); 1206 return (ret); 1207} 1208 1209int 1210server_bufferevent_write(struct client *clt, void *data, size_t size) 1211{ 1212 if (clt->clt_bev == NULL) 1213 return (evbuffer_add(clt->clt_output, data, size)); 1214 return (bufferevent_write(clt->clt_bev, data, size)); 1215} 1216 1217int 1218server_client_cmp(struct client *a, struct client *b) 1219{ 1220 return ((int)a->clt_id - b->clt_id); 1221} 1222 1223SPLAY_GENERATE(client_tree, client, clt_nodes, server_client_cmp); 1224