server.c revision 1.74
1/* $OpenBSD: server.c,v 1.74 2015/08/03 11:45:17 florian Exp $ */ 2 3/* 4 * Copyright (c) 2006 - 2015 Reyk Floeter <reyk@openbsd.org> 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19#include <sys/param.h> /* nitems */ 20#include <sys/types.h> 21#include <sys/queue.h> 22#include <sys/time.h> 23#include <sys/stat.h> 24#include <sys/socket.h> 25#include <sys/uio.h> 26#include <sys/tree.h> 27 28#include <netinet/in.h> 29#include <netinet/tcp.h> 30#include <arpa/inet.h> 31 32#include <stdio.h> 33#include <stdlib.h> 34#include <stdarg.h> 35#include <limits.h> 36#include <errno.h> 37#include <fcntl.h> 38#include <string.h> 39#include <syslog.h> 40#include <unistd.h> 41#include <event.h> 42#include <imsg.h> 43#include <tls.h> 44#include <vis.h> 45 46#include "httpd.h" 47 48#define MINIMUM(a, b) (((a) < (b)) ? (a) : (b)) 49 50int server_dispatch_parent(int, struct privsep_proc *, 51 struct imsg *); 52int server_dispatch_logger(int, struct privsep_proc *, 53 struct imsg *); 54void server_shutdown(void); 55 56void server_init(struct privsep *, struct privsep_proc *p, void *); 57void server_launch(void); 58int server_socket(struct sockaddr_storage *, in_port_t, 59 struct server_config *, int, int); 60int server_socket_listen(struct sockaddr_storage *, in_port_t, 61 struct server_config *); 62 63int server_tls_init(struct server *); 64void server_tls_readcb(int, short, void *); 65void server_tls_writecb(int, short, void *); 66 67void server_accept(int, short, void *); 68void server_accept_tls(int, short, void *); 69void server_input(struct client *); 70void server_inflight_dec(struct client *, const char *); 71 72extern void bufferevent_read_pressure_cb(struct evbuffer *, size_t, 73 size_t, void *); 74 75volatile int server_clients; 76volatile int server_inflight = 0; 77u_int32_t server_cltid; 78 79static struct httpd *env = NULL; 80int proc_id; 81 82static struct privsep_proc procs[] = { 83 { "parent", PROC_PARENT, server_dispatch_parent }, 84 { "logger", PROC_LOGGER, server_dispatch_logger } 85}; 86 87pid_t 88server(struct privsep *ps, struct privsep_proc *p) 89{ 90 pid_t pid; 91 env = ps->ps_env; 92 pid = proc_run(ps, p, procs, nitems(procs), server_init, NULL); 93 server_http(env); 94 return (pid); 95} 96 97void 98server_shutdown(void) 99{ 100 config_purge(env, CONFIG_ALL); 101 usleep(200); /* XXX server needs to shutdown last */ 102} 103 104int 105server_privinit(struct server *srv) 106{ 107 struct server *s; 108 109 if (srv->srv_conf.flags & SRVFLAG_LOCATION) 110 return (0); 111 112 log_debug("%s: adding server %s", __func__, srv->srv_conf.name); 113 114 /* 115 * There's no need to open a new socket if a server with the 116 * same address already exists. 117 */ 118 TAILQ_FOREACH(s, env->sc_servers, srv_entry) { 119 if (s != srv && s->srv_s != -1 && 120 s->srv_conf.port == srv->srv_conf.port && 121 sockaddr_cmp((struct sockaddr *)&s->srv_conf.ss, 122 (struct sockaddr *)&srv->srv_conf.ss, 123 s->srv_conf.prefixlen) == 0) 124 return (0); 125 } 126 127 /* Open listening socket in the privileged process */ 128 if ((srv->srv_s = server_socket_listen(&srv->srv_conf.ss, 129 srv->srv_conf.port, &srv->srv_conf)) == -1) 130 return (-1); 131 132 return (0); 133} 134 135int 136server_tls_load_keypair(struct server *srv) 137{ 138 if ((srv->srv_conf.flags & SRVFLAG_TLS) == 0) 139 return (0); 140 141 if ((srv->srv_conf.tls_cert = tls_load_file( 142 srv->srv_conf.tls_cert_file, &srv->srv_conf.tls_cert_len, 143 NULL)) == NULL) 144 return (-1); 145 log_debug("%s: using certificate %s", __func__, 146 srv->srv_conf.tls_cert_file); 147 148 /* XXX allow to specify password for encrypted key */ 149 if ((srv->srv_conf.tls_key = tls_load_file( 150 srv->srv_conf.tls_key_file, &srv->srv_conf.tls_key_len, 151 NULL)) == NULL) 152 return (-1); 153 log_debug("%s: using private key %s", __func__, 154 srv->srv_conf.tls_key_file); 155 156 return (0); 157} 158 159int 160server_tls_init(struct server *srv) 161{ 162 if ((srv->srv_conf.flags & SRVFLAG_TLS) == 0) 163 return (0); 164 165 log_debug("%s: setting up TLS for %s", __func__, srv->srv_conf.name); 166 167 if (tls_init() != 0) { 168 log_warn("%s: failed to initialise tls", __func__); 169 return (-1); 170 } 171 if ((srv->srv_tls_config = tls_config_new()) == NULL) { 172 log_warn("%s: failed to get tls config", __func__); 173 return (-1); 174 } 175 if ((srv->srv_tls_ctx = tls_server()) == NULL) { 176 log_warn("%s: failed to get tls server", __func__); 177 return (-1); 178 } 179 180 tls_config_set_protocols(srv->srv_tls_config, 181 srv->srv_conf.tls_protocols); 182 183 if (tls_config_set_ciphers(srv->srv_tls_config, 184 srv->srv_conf.tls_ciphers) != 0) { 185 log_warn("%s: failed to set tls ciphers", __func__); 186 return (-1); 187 } 188 if (tls_config_set_dheparams(srv->srv_tls_config, 189 srv->srv_conf.tls_dhe_params) != 0) { 190 log_warn("%s: failed to set tls dhe params", __func__); 191 return (-1); 192 } 193 if (tls_config_set_ecdhecurve(srv->srv_tls_config, 194 srv->srv_conf.tls_ecdhe_curve) != 0) { 195 log_warn("%s: failed to set tls ecdhe curve", __func__); 196 return (-1); 197 } 198 199 if (tls_config_set_cert_mem(srv->srv_tls_config, 200 srv->srv_conf.tls_cert, srv->srv_conf.tls_cert_len) != 0) { 201 log_warn("%s: failed to set tls cert", __func__); 202 return (-1); 203 } 204 if (tls_config_set_key_mem(srv->srv_tls_config, 205 srv->srv_conf.tls_key, srv->srv_conf.tls_key_len) != 0) { 206 log_warn("%s: failed to set tls key", __func__); 207 return (-1); 208 } 209 210 if (tls_configure(srv->srv_tls_ctx, srv->srv_tls_config) != 0) { 211 log_warn("%s: failed to configure TLS - %s", __func__, 212 tls_error(srv->srv_tls_ctx)); 213 return (-1); 214 } 215 216 /* We're now done with the public/private key... */ 217 tls_config_clear_keys(srv->srv_tls_config); 218 explicit_bzero(srv->srv_conf.tls_cert, srv->srv_conf.tls_cert_len); 219 explicit_bzero(srv->srv_conf.tls_key, srv->srv_conf.tls_key_len); 220 free(srv->srv_conf.tls_cert); 221 free(srv->srv_conf.tls_key); 222 srv->srv_conf.tls_cert = NULL; 223 srv->srv_conf.tls_key = NULL; 224 srv->srv_conf.tls_cert_len = 0; 225 srv->srv_conf.tls_key_len = 0; 226 227 return (0); 228} 229 230void 231server_init(struct privsep *ps, struct privsep_proc *p, void *arg) 232{ 233 server_http(ps->ps_env); 234 235 if (config_init(ps->ps_env) == -1) 236 fatal("failed to initialize configuration"); 237 238 /* Set to current prefork id */ 239 proc_id = p->p_instance; 240 241 /* We use a custom shutdown callback */ 242 p->p_shutdown = server_shutdown; 243 244 /* Unlimited file descriptors (use system limits) */ 245 socket_rlimit(-1); 246 247#if 0 248 /* Schedule statistics timer */ 249 evtimer_set(&env->sc_statev, server_statistics, NULL); 250 memcpy(&tv, &env->sc_statinterval, sizeof(tv)); 251 evtimer_add(&env->sc_statev, &tv); 252#endif 253} 254 255void 256server_launch(void) 257{ 258 struct server *srv; 259 260 TAILQ_FOREACH(srv, env->sc_servers, srv_entry) { 261 server_tls_init(srv); 262 server_http_init(srv); 263 264 log_debug("%s: running server %s", __func__, 265 srv->srv_conf.name); 266 267 event_set(&srv->srv_ev, srv->srv_s, EV_READ, 268 server_accept, srv); 269 event_add(&srv->srv_ev, NULL); 270 evtimer_set(&srv->srv_evt, server_accept, srv); 271 } 272} 273 274void 275server_purge(struct server *srv) 276{ 277 struct client *clt; 278 struct server_config *srv_conf; 279 280 /* shutdown and remove server */ 281 if (event_initialized(&srv->srv_ev)) 282 event_del(&srv->srv_ev); 283 if (evtimer_initialized(&srv->srv_evt)) 284 evtimer_del(&srv->srv_evt); 285 286 if (srv->srv_s != -1) 287 close(srv->srv_s); 288 TAILQ_REMOVE(env->sc_servers, srv, srv_entry); 289 290 /* cleanup sessions */ 291 while ((clt = 292 SPLAY_ROOT(&srv->srv_clients)) != NULL) 293 server_close(clt, NULL); 294 295 /* cleanup hosts */ 296 while ((srv_conf = 297 TAILQ_FIRST(&srv->srv_hosts)) != NULL) { 298 TAILQ_REMOVE(&srv->srv_hosts, srv_conf, entry); 299 300 /* It might point to our own "default" entry */ 301 if (srv_conf != &srv->srv_conf) { 302 serverconfig_free(srv_conf); 303 free(srv_conf); 304 } 305 } 306 307 tls_config_free(srv->srv_tls_config); 308 tls_free(srv->srv_tls_ctx); 309 310 free(srv); 311} 312 313void 314serverconfig_free(struct server_config *srv_conf) 315{ 316 free(srv_conf->auth); 317 free(srv_conf->return_uri); 318 free(srv_conf->tls_cert_file); 319 free(srv_conf->tls_key_file); 320 321 if (srv_conf->tls_cert != NULL) { 322 explicit_bzero(srv_conf->tls_cert, srv_conf->tls_cert_len); 323 free(srv_conf->tls_cert); 324 } 325 326 if (srv_conf->tls_key != NULL) { 327 explicit_bzero(srv_conf->tls_key, srv_conf->tls_key_len); 328 free(srv_conf->tls_key); 329 } 330} 331 332void 333serverconfig_reset(struct server_config *srv_conf) 334{ 335 srv_conf->auth = NULL; 336 srv_conf->return_uri = NULL; 337 srv_conf->tls_cert = NULL; 338 srv_conf->tls_cert_file = NULL; 339 srv_conf->tls_key = NULL; 340 srv_conf->tls_key_file = NULL; 341} 342 343struct server * 344server_byaddr(struct sockaddr *addr, in_port_t port) 345{ 346 struct server *srv; 347 348 TAILQ_FOREACH(srv, env->sc_servers, srv_entry) { 349 if (port == srv->srv_conf.port && 350 sockaddr_cmp((struct sockaddr *)&srv->srv_conf.ss, 351 addr, srv->srv_conf.prefixlen) == 0) 352 return (srv); 353 } 354 355 return (NULL); 356} 357 358struct server_config * 359serverconfig_byid(u_int32_t id) 360{ 361 struct server *srv; 362 struct server_config *srv_conf; 363 364 TAILQ_FOREACH(srv, env->sc_servers, srv_entry) { 365 if (srv->srv_conf.id == id) 366 return (&srv->srv_conf); 367 TAILQ_FOREACH(srv_conf, &srv->srv_hosts, entry) { 368 if (srv_conf->id == id) 369 return (srv_conf); 370 } 371 } 372 373 return (NULL); 374} 375 376int 377server_foreach(int (*srv_cb)(struct server *, 378 struct server_config *, void *), void *arg) 379{ 380 struct server *srv; 381 struct server_config *srv_conf; 382 383 TAILQ_FOREACH(srv, env->sc_servers, srv_entry) { 384 if ((srv_cb)(srv, &srv->srv_conf, arg) == -1) 385 return (-1); 386 TAILQ_FOREACH(srv_conf, &srv->srv_hosts, entry) { 387 if ((srv_cb)(srv, srv_conf, arg) == -1) 388 return (-1); 389 } 390 } 391 392 return (0); 393} 394 395int 396server_socket_af(struct sockaddr_storage *ss, in_port_t port) 397{ 398 switch (ss->ss_family) { 399 case AF_INET: 400 ((struct sockaddr_in *)ss)->sin_port = port; 401 ((struct sockaddr_in *)ss)->sin_len = 402 sizeof(struct sockaddr_in); 403 break; 404 case AF_INET6: 405 ((struct sockaddr_in6 *)ss)->sin6_port = port; 406 ((struct sockaddr_in6 *)ss)->sin6_len = 407 sizeof(struct sockaddr_in6); 408 break; 409 default: 410 return (-1); 411 } 412 413 return (0); 414} 415 416in_port_t 417server_socket_getport(struct sockaddr_storage *ss) 418{ 419 switch (ss->ss_family) { 420 case AF_INET: 421 return (((struct sockaddr_in *)ss)->sin_port); 422 case AF_INET6: 423 return (((struct sockaddr_in6 *)ss)->sin6_port); 424 default: 425 return (0); 426 } 427 428 /* NOTREACHED */ 429 return (0); 430} 431 432int 433server_socket(struct sockaddr_storage *ss, in_port_t port, 434 struct server_config *srv_conf, int fd, int reuseport) 435{ 436 struct linger lng; 437 int s = -1, val; 438 439 if (server_socket_af(ss, port) == -1) 440 goto bad; 441 442 s = fd == -1 ? socket(ss->ss_family, SOCK_STREAM, IPPROTO_TCP) : fd; 443 if (s == -1) 444 goto bad; 445 446 /* 447 * Socket options 448 */ 449 memset(&lng, 0, sizeof(lng)); 450 if (setsockopt(s, SOL_SOCKET, SO_LINGER, &lng, sizeof(lng)) == -1) 451 goto bad; 452 if (reuseport) { 453 val = 1; 454 if (setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &val, 455 sizeof(int)) == -1) 456 goto bad; 457 } 458 if (fcntl(s, F_SETFL, O_NONBLOCK) == -1) 459 goto bad; 460 if (srv_conf->tcpflags & TCPFLAG_BUFSIZ) { 461 val = srv_conf->tcpbufsiz; 462 if (setsockopt(s, SOL_SOCKET, SO_RCVBUF, 463 &val, sizeof(val)) == -1) 464 goto bad; 465 val = srv_conf->tcpbufsiz; 466 if (setsockopt(s, SOL_SOCKET, SO_SNDBUF, 467 &val, sizeof(val)) == -1) 468 goto bad; 469 } 470 471 /* 472 * IP options 473 */ 474 if (srv_conf->tcpflags & TCPFLAG_IPTTL) { 475 val = (int)srv_conf->tcpipttl; 476 if (setsockopt(s, IPPROTO_IP, IP_TTL, 477 &val, sizeof(val)) == -1) 478 goto bad; 479 } 480 if (srv_conf->tcpflags & TCPFLAG_IPMINTTL) { 481 val = (int)srv_conf->tcpipminttl; 482 if (setsockopt(s, IPPROTO_IP, IP_MINTTL, 483 &val, sizeof(val)) == -1) 484 goto bad; 485 } 486 487 /* 488 * TCP options 489 */ 490 if (srv_conf->tcpflags & (TCPFLAG_NODELAY|TCPFLAG_NNODELAY)) { 491 if (srv_conf->tcpflags & TCPFLAG_NNODELAY) 492 val = 0; 493 else 494 val = 1; 495 if (setsockopt(s, IPPROTO_TCP, TCP_NODELAY, 496 &val, sizeof(val)) == -1) 497 goto bad; 498 } 499 if (srv_conf->tcpflags & (TCPFLAG_SACK|TCPFLAG_NSACK)) { 500 if (srv_conf->tcpflags & TCPFLAG_NSACK) 501 val = 0; 502 else 503 val = 1; 504 if (setsockopt(s, IPPROTO_TCP, TCP_SACK_ENABLE, 505 &val, sizeof(val)) == -1) 506 goto bad; 507 } 508 509 return (s); 510 511 bad: 512 if (s != -1) 513 close(s); 514 return (-1); 515} 516 517int 518server_socket_listen(struct sockaddr_storage *ss, in_port_t port, 519 struct server_config *srv_conf) 520{ 521 int s; 522 523 if ((s = server_socket(ss, port, srv_conf, -1, 1)) == -1) 524 return (-1); 525 526 if (bind(s, (struct sockaddr *)ss, ss->ss_len) == -1) 527 goto bad; 528 if (listen(s, srv_conf->tcpbacklog) == -1) 529 goto bad; 530 531 return (s); 532 533 bad: 534 close(s); 535 return (-1); 536} 537 538int 539server_socket_connect(struct sockaddr_storage *ss, in_port_t port, 540 struct server_config *srv_conf) 541{ 542 int s; 543 544 if ((s = server_socket(ss, port, srv_conf, -1, 0)) == -1) 545 return (-1); 546 547 if (connect(s, (struct sockaddr *)ss, ss->ss_len) == -1) { 548 if (errno != EINPROGRESS) 549 goto bad; 550 } 551 552 return (s); 553 554 bad: 555 close(s); 556 return (-1); 557} 558 559void 560server_tls_readcb(int fd, short event, void *arg) 561{ 562 struct bufferevent *bufev = arg; 563 struct client *clt = bufev->cbarg; 564 char rbuf[IBUF_READ_SIZE]; 565 int what = EVBUFFER_READ; 566 int howmuch = IBUF_READ_SIZE; 567 int ret; 568 size_t len; 569 570 if (event == EV_TIMEOUT) { 571 what |= EVBUFFER_TIMEOUT; 572 goto err; 573 } 574 575 if (bufev->wm_read.high != 0) 576 howmuch = MINIMUM(sizeof(rbuf), bufev->wm_read.high); 577 578 ret = tls_read(clt->clt_tls_ctx, rbuf, howmuch, &len); 579 if (ret == TLS_READ_AGAIN || ret == TLS_WRITE_AGAIN) { 580 goto retry; 581 } else if (ret != 0) { 582 what |= EVBUFFER_ERROR; 583 goto err; 584 } 585 586 if (len == 0) { 587 what |= EVBUFFER_EOF; 588 goto err; 589 } 590 591 if (evbuffer_add(bufev->input, rbuf, len) == -1) { 592 what |= EVBUFFER_ERROR; 593 goto err; 594 } 595 596 server_bufferevent_add(&bufev->ev_read, bufev->timeout_read); 597 598 len = EVBUFFER_LENGTH(bufev->input); 599 if (bufev->wm_read.low != 0 && len < bufev->wm_read.low) 600 return; 601 if (bufev->wm_read.high != 0 && len > bufev->wm_read.high) { 602 struct evbuffer *buf = bufev->input; 603 event_del(&bufev->ev_read); 604 evbuffer_setcb(buf, bufferevent_read_pressure_cb, bufev); 605 return; 606 } 607 608 if (bufev->readcb != NULL) 609 (*bufev->readcb)(bufev, bufev->cbarg); 610 return; 611 612 retry: 613 server_bufferevent_add(&bufev->ev_read, bufev->timeout_read); 614 return; 615 616 err: 617 (*bufev->errorcb)(bufev, what, bufev->cbarg); 618} 619 620void 621server_tls_writecb(int fd, short event, void *arg) 622{ 623 struct bufferevent *bufev = arg; 624 struct client *clt = bufev->cbarg; 625 int ret; 626 short what = EVBUFFER_WRITE; 627 size_t len; 628 629 if (event == EV_TIMEOUT) { 630 what |= EVBUFFER_TIMEOUT; 631 goto err; 632 } 633 634 if (EVBUFFER_LENGTH(bufev->output)) { 635 ret = tls_write(clt->clt_tls_ctx, 636 EVBUFFER_DATA(bufev->output), 637 EVBUFFER_LENGTH(bufev->output), &len); 638 if (ret == TLS_READ_AGAIN || ret == TLS_WRITE_AGAIN) { 639 goto retry; 640 } else if (ret != 0) { 641 what |= EVBUFFER_ERROR; 642 goto err; 643 } 644 evbuffer_drain(bufev->output, len); 645 } 646 647 if (EVBUFFER_LENGTH(bufev->output) != 0) 648 server_bufferevent_add(&bufev->ev_write, bufev->timeout_write); 649 650 if (bufev->writecb != NULL && 651 EVBUFFER_LENGTH(bufev->output) <= bufev->wm_write.low) 652 (*bufev->writecb)(bufev, bufev->cbarg); 653 return; 654 655 retry: 656 server_bufferevent_add(&bufev->ev_write, bufev->timeout_write); 657 return; 658 659 err: 660 (*bufev->errorcb)(bufev, what, bufev->cbarg); 661} 662 663void 664server_input(struct client *clt) 665{ 666 struct server_config *srv_conf = clt->clt_srv_conf; 667 evbuffercb inrd = server_read; 668 evbuffercb inwr = server_write; 669 socklen_t slen; 670 671 if (server_httpdesc_init(clt) == -1) { 672 server_close(clt, "failed to allocate http descriptor"); 673 return; 674 } 675 676 clt->clt_toread = TOREAD_HTTP_HEADER; 677 inrd = server_read_http; 678 679 slen = sizeof(clt->clt_sndbufsiz); 680 if (getsockopt(clt->clt_s, SOL_SOCKET, SO_SNDBUF, 681 &clt->clt_sndbufsiz, &slen) == -1) { 682 server_close(clt, "failed to get send buffer size"); 683 return; 684 } 685 686 /* 687 * Client <-> Server 688 */ 689 clt->clt_bev = bufferevent_new(clt->clt_s, inrd, inwr, 690 server_error, clt); 691 if (clt->clt_bev == NULL) { 692 server_close(clt, "failed to allocate input buffer event"); 693 return; 694 } 695 696 if (srv_conf->flags & SRVFLAG_TLS) { 697 event_set(&clt->clt_bev->ev_read, clt->clt_s, EV_READ, 698 server_tls_readcb, clt->clt_bev); 699 event_set(&clt->clt_bev->ev_write, clt->clt_s, EV_WRITE, 700 server_tls_writecb, clt->clt_bev); 701 } 702 703 /* Adjust write watermark to the socket buffer output size */ 704 bufferevent_setwatermark(clt->clt_bev, EV_WRITE, 705 SERVER_MIN_PREFETCHED * clt->clt_sndbufsiz, 0); 706 /* Read at most amount of data that fits in one fcgi record. */ 707 bufferevent_setwatermark(clt->clt_bev, EV_READ, 0, FCGI_CONTENT_SIZE); 708 709 bufferevent_settimeout(clt->clt_bev, 710 srv_conf->timeout.tv_sec, srv_conf->timeout.tv_sec); 711 bufferevent_enable(clt->clt_bev, EV_READ|EV_WRITE); 712} 713 714void 715server_write(struct bufferevent *bev, void *arg) 716{ 717 struct client *clt = arg; 718 struct evbuffer *dst = EVBUFFER_OUTPUT(bev); 719 720 if (EVBUFFER_LENGTH(dst) == 0 && 721 clt->clt_toread == TOREAD_HTTP_NONE) 722 goto done; 723 724 getmonotime(&clt->clt_tv_last); 725 726 if (clt->clt_done) 727 goto done; 728 729 bufferevent_enable(bev, EV_READ); 730 731 if (clt->clt_srvbev && clt->clt_srvbev_throttled) { 732 bufferevent_enable(clt->clt_srvbev, EV_READ); 733 clt->clt_srvbev_throttled = 0; 734 } 735 736 return; 737 done: 738 (*bev->errorcb)(bev, EVBUFFER_WRITE|EVBUFFER_EOF, bev->cbarg); 739 return; 740} 741 742void 743server_dump(struct client *clt, const void *buf, size_t len) 744{ 745 size_t outlen; 746 747 if (!len) 748 return; 749 750 /* 751 * This function will dump the specified message directly 752 * to the underlying client, without waiting for success 753 * of non-blocking events etc. This is useful to print an 754 * error message before gracefully closing the client. 755 */ 756 if (clt->clt_tls_ctx != NULL) 757 (void)tls_write(clt->clt_tls_ctx, buf, len, &outlen); 758 else 759 (void)write(clt->clt_s, buf, len); 760} 761 762void 763server_read(struct bufferevent *bev, void *arg) 764{ 765 struct client *clt = arg; 766 struct evbuffer *src = EVBUFFER_INPUT(bev); 767 768 getmonotime(&clt->clt_tv_last); 769 770 if (!EVBUFFER_LENGTH(src)) 771 return; 772 if (server_bufferevent_write_buffer(clt, src) == -1) 773 goto fail; 774 if (clt->clt_done) 775 goto done; 776 777 if (EVBUFFER_LENGTH(EVBUFFER_OUTPUT(clt->clt_bev)) > (size_t) 778 SERVER_MAX_PREFETCH * clt->clt_sndbufsiz) { 779 bufferevent_disable(clt->clt_srvbev, EV_READ); 780 clt->clt_srvbev_throttled = 1; 781 } 782 783 return; 784 done: 785 (*bev->errorcb)(bev, EVBUFFER_READ|EVBUFFER_EOF, bev->cbarg); 786 return; 787 fail: 788 server_close(clt, strerror(errno)); 789} 790 791void 792server_error(struct bufferevent *bev, short error, void *arg) 793{ 794 struct client *clt = arg; 795 struct evbuffer *dst; 796 797 if (error & EVBUFFER_TIMEOUT) { 798 server_close(clt, "buffer event timeout"); 799 return; 800 } 801 if (error & EVBUFFER_ERROR) { 802 if (errno == EFBIG) { 803 bufferevent_enable(bev, EV_READ); 804 return; 805 } 806 server_close(clt, "buffer event error"); 807 return; 808 } 809 if (error & (EVBUFFER_READ|EVBUFFER_WRITE|EVBUFFER_EOF)) { 810 bufferevent_disable(bev, EV_READ|EV_WRITE); 811 812 clt->clt_done = 1; 813 814 dst = EVBUFFER_OUTPUT(clt->clt_bev); 815 if (EVBUFFER_LENGTH(dst)) { 816 /* Finish writing all data first */ 817 bufferevent_enable(clt->clt_bev, EV_WRITE); 818 return; 819 } 820 821 server_close(clt, "done"); 822 return; 823 } 824 server_close(clt, "unknown event error"); 825 return; 826} 827 828void 829server_accept(int fd, short event, void *arg) 830{ 831 struct server *srv = arg; 832 struct client *clt = NULL; 833 socklen_t slen; 834 struct sockaddr_storage ss; 835 int s = -1; 836 837 event_add(&srv->srv_ev, NULL); 838 if ((event & EV_TIMEOUT)) 839 return; 840 841 slen = sizeof(ss); 842 if ((s = accept_reserve(fd, (struct sockaddr *)&ss, 843 &slen, FD_RESERVE, &server_inflight)) == -1) { 844 /* 845 * Pause accept if we are out of file descriptors, or 846 * libevent will haunt us here too. 847 */ 848 if (errno == ENFILE || errno == EMFILE) { 849 struct timeval evtpause = { 1, 0 }; 850 851 event_del(&srv->srv_ev); 852 evtimer_add(&srv->srv_evt, &evtpause); 853 log_debug("%s: deferring connections", __func__); 854 } 855 return; 856 } 857 if (server_clients >= SERVER_MAX_CLIENTS) 858 goto err; 859 860 if (fcntl(s, F_SETFL, O_NONBLOCK) == -1) 861 goto err; 862 863 if ((clt = calloc(1, sizeof(*clt))) == NULL) 864 goto err; 865 866 /* Pre-allocate log buffer */ 867 clt->clt_log = evbuffer_new(); 868 if (clt->clt_log == NULL) 869 goto err; 870 871 clt->clt_s = s; 872 clt->clt_fd = -1; 873 clt->clt_toread = TOREAD_UNLIMITED; 874 clt->clt_srv = srv; 875 clt->clt_srv_conf = &srv->srv_conf; 876 clt->clt_id = ++server_cltid; 877 clt->clt_srv_id = srv->srv_conf.id; 878 clt->clt_pid = getpid(); 879 clt->clt_inflight = 1; 880 881 /* get local address */ 882 slen = sizeof(clt->clt_srv_ss); 883 if (getsockname(s, (struct sockaddr *)&clt->clt_srv_ss, 884 &slen) == -1) { 885 server_close(clt, "listen address lookup failed"); 886 return; 887 } 888 889 /* get client address */ 890 memcpy(&clt->clt_ss, &ss, sizeof(clt->clt_ss)); 891 892 /* get ports */ 893 switch (ss.ss_family) { 894 case AF_INET: 895 clt->clt_port = ((struct sockaddr_in *)&ss)->sin_port; 896 break; 897 case AF_INET6: 898 clt->clt_port = ((struct sockaddr_in6 *)&ss)->sin6_port; 899 break; 900 } 901 902 getmonotime(&clt->clt_tv_start); 903 memcpy(&clt->clt_tv_last, &clt->clt_tv_start, sizeof(clt->clt_tv_last)); 904 905 server_clients++; 906 SPLAY_INSERT(client_tree, &srv->srv_clients, clt); 907 908 /* Increment the per-relay client counter */ 909 //srv->srv_stats[proc_id].last++; 910 911 /* Pre-allocate output buffer */ 912 clt->clt_output = evbuffer_new(); 913 if (clt->clt_output == NULL) { 914 server_close(clt, "failed to allocate output buffer"); 915 return; 916 } 917 918 if (srv->srv_conf.flags & SRVFLAG_TLS) { 919 event_again(&clt->clt_ev, clt->clt_s, EV_TIMEOUT|EV_READ, 920 server_accept_tls, &clt->clt_tv_start, 921 &srv->srv_conf.timeout, clt); 922 return; 923 } 924 925 server_input(clt); 926 return; 927 928 err: 929 if (s != -1) { 930 close(s); 931 free(clt); 932 /* 933 * the client struct was not completely set up, but still 934 * counted as an inflight client. account for this. 935 */ 936 server_inflight_dec(NULL, __func__); 937 } 938} 939 940void 941server_accept_tls(int fd, short event, void *arg) 942{ 943 struct client *clt = (struct client *)arg; 944 struct server *srv = (struct server *)clt->clt_srv; 945 int ret; 946 947 if (event == EV_TIMEOUT) { 948 server_close(clt, "TLS accept timeout"); 949 return; 950 } 951 952 if (srv->srv_tls_ctx == NULL) 953 fatalx("NULL tls context"); 954 955 ret = tls_accept_socket(srv->srv_tls_ctx, &clt->clt_tls_ctx, 956 clt->clt_s); 957 if (ret == TLS_READ_AGAIN) { 958 event_again(&clt->clt_ev, clt->clt_s, EV_TIMEOUT|EV_READ, 959 server_accept_tls, &clt->clt_tv_start, 960 &srv->srv_conf.timeout, clt); 961 } else if (ret == TLS_WRITE_AGAIN) { 962 event_again(&clt->clt_ev, clt->clt_s, EV_TIMEOUT|EV_WRITE, 963 server_accept_tls, &clt->clt_tv_start, 964 &srv->srv_conf.timeout, clt); 965 } else if (ret != 0) { 966 log_warnx("%s: TLS accept failed - %s", __func__, 967 tls_error(srv->srv_tls_ctx)); 968 server_close(clt, "TLS accept failed"); 969 return; 970 } 971 972 server_input(clt); 973 return; 974} 975 976void 977server_inflight_dec(struct client *clt, const char *why) 978{ 979 if (clt != NULL) { 980 /* the flight already left inflight mode. */ 981 if (clt->clt_inflight == 0) 982 return; 983 clt->clt_inflight = 0; 984 } 985 986 /* the file was never opened, thus this was an inflight client. */ 987 server_inflight--; 988 DPRINTF("%s: inflight decremented, now %d, %s", 989 __func__, server_inflight, why); 990} 991 992void 993server_sendlog(struct server_config *srv_conf, int cmd, const char *emsg, ...) 994{ 995 va_list ap; 996 char *msg; 997 int ret; 998 struct iovec iov[2]; 999 1000 if (srv_conf->flags & SRVFLAG_SYSLOG) { 1001 va_start(ap, emsg); 1002 if (cmd == IMSG_LOG_ACCESS) 1003 vlog(LOG_INFO, emsg, ap); 1004 else 1005 vlog(LOG_DEBUG, emsg, ap); 1006 va_end(ap); 1007 return; 1008 } 1009 1010 va_start(ap, emsg); 1011 ret = vasprintf(&msg, emsg, ap); 1012 va_end(ap); 1013 if (ret == -1) { 1014 log_warn("%s: vasprintf", __func__); 1015 return; 1016 } 1017 1018 iov[0].iov_base = &srv_conf->id; 1019 iov[0].iov_len = sizeof(srv_conf->id); 1020 iov[1].iov_base = msg; 1021 iov[1].iov_len = strlen(msg) + 1; 1022 1023 if (proc_composev_imsg(env->sc_ps, PROC_LOGGER, -1, cmd, -1, iov, 1024 2) != 0) { 1025 log_warn("%s: failed to compose imsg", __func__); 1026 return; 1027 } 1028} 1029 1030void 1031server_log(struct client *clt, const char *msg) 1032{ 1033 char ibuf[HOST_NAME_MAX+1], obuf[HOST_NAME_MAX+1]; 1034 struct server_config *srv_conf = clt->clt_srv_conf; 1035 char *ptr = NULL, *vmsg = NULL; 1036 int debug_cmd = -1; 1037 extern int verbose; 1038 1039 switch (srv_conf->logformat) { 1040 case LOG_FORMAT_CONNECTION: 1041 debug_cmd = IMSG_LOG_ACCESS; 1042 break; 1043 default: 1044 if (verbose > 1) 1045 debug_cmd = IMSG_LOG_ERROR; 1046 if (EVBUFFER_LENGTH(clt->clt_log)) { 1047 while ((ptr = 1048 evbuffer_readline(clt->clt_log)) != NULL) { 1049 server_sendlog(srv_conf, 1050 IMSG_LOG_ACCESS, "%s", ptr); 1051 free(ptr); 1052 } 1053 } 1054 break; 1055 } 1056 1057 if (debug_cmd != -1 && msg != NULL) { 1058 memset(ibuf, 0, sizeof(ibuf)); 1059 memset(obuf, 0, sizeof(obuf)); 1060 (void)print_host(&clt->clt_ss, ibuf, sizeof(ibuf)); 1061 (void)server_http_host(&clt->clt_srv_ss, obuf, sizeof(obuf)); 1062 if (EVBUFFER_LENGTH(clt->clt_log) && 1063 evbuffer_add_printf(clt->clt_log, "\n") != -1) 1064 ptr = evbuffer_readline(clt->clt_log); 1065 (void)stravis(&vmsg, msg, HTTPD_LOGVIS); 1066 server_sendlog(srv_conf, debug_cmd, "server %s, " 1067 "client %d (%d active), %s:%u -> %s, " 1068 "%s%s%s", srv_conf->name, clt->clt_id, server_clients, 1069 ibuf, ntohs(clt->clt_port), obuf, vmsg == NULL ? "" : vmsg, 1070 ptr == NULL ? "" : ",", ptr == NULL ? "" : ptr); 1071 free(vmsg); 1072 free(ptr); 1073 } 1074} 1075 1076void 1077server_close(struct client *clt, const char *msg) 1078{ 1079 struct server *srv = clt->clt_srv; 1080 1081 SPLAY_REMOVE(client_tree, &srv->srv_clients, clt); 1082 1083 /* free the HTTP descriptors incl. headers */ 1084 server_close_http(clt); 1085 1086 event_del(&clt->clt_ev); 1087 if (clt->clt_bev != NULL) 1088 bufferevent_disable(clt->clt_bev, EV_READ|EV_WRITE); 1089 if (clt->clt_srvbev != NULL) 1090 bufferevent_disable(clt->clt_srvbev, EV_READ|EV_WRITE); 1091 1092 server_log(clt, msg); 1093 1094 if (clt->clt_bev != NULL) 1095 bufferevent_free(clt->clt_bev); 1096 if (clt->clt_output != NULL) 1097 evbuffer_free(clt->clt_output); 1098 if (clt->clt_srvevb != NULL) 1099 evbuffer_free(clt->clt_srvevb); 1100 1101 if (clt->clt_srvbev != NULL) 1102 bufferevent_free(clt->clt_srvbev); 1103 if (clt->clt_fd != -1) 1104 close(clt->clt_fd); 1105 if (clt->clt_s != -1) 1106 close(clt->clt_s); 1107 1108 if (clt->clt_tls_ctx != NULL) 1109 tls_close(clt->clt_tls_ctx); 1110 tls_free(clt->clt_tls_ctx); 1111 1112 server_inflight_dec(clt, __func__); 1113 1114 if (clt->clt_log != NULL) 1115 evbuffer_free(clt->clt_log); 1116 1117 free(clt); 1118 server_clients--; 1119} 1120 1121int 1122server_dispatch_parent(int fd, struct privsep_proc *p, struct imsg *imsg) 1123{ 1124 switch (imsg->hdr.type) { 1125 case IMSG_CFG_MEDIA: 1126 config_getmedia(env, imsg); 1127 break; 1128 case IMSG_CFG_AUTH: 1129 config_getauth(env, imsg); 1130 break; 1131 case IMSG_CFG_SERVER: 1132 config_getserver(env, imsg); 1133 break; 1134 case IMSG_CFG_TLS: 1135 config_gettls(env, imsg); 1136 break; 1137 case IMSG_CFG_DONE: 1138 config_getcfg(env, imsg); 1139 break; 1140 case IMSG_CTL_START: 1141 server_launch(); 1142 break; 1143 case IMSG_CTL_RESET: 1144 config_getreset(env, imsg); 1145 break; 1146 default: 1147 return (-1); 1148 } 1149 1150 return (0); 1151} 1152 1153int 1154server_dispatch_logger(int fd, struct privsep_proc *p, struct imsg *imsg) 1155{ 1156 switch (imsg->hdr.type) { 1157 default: 1158 return (-1); 1159 } 1160 1161 return (0); 1162} 1163 1164int 1165server_bufferevent_add(struct event *ev, int timeout) 1166{ 1167 struct timeval tv, *ptv = NULL; 1168 1169 if (timeout) { 1170 timerclear(&tv); 1171 tv.tv_sec = timeout; 1172 ptv = &tv; 1173 } 1174 1175 return (event_add(ev, ptv)); 1176} 1177 1178int 1179server_bufferevent_printf(struct client *clt, const char *fmt, ...) 1180{ 1181 int ret; 1182 va_list ap; 1183 char *str; 1184 1185 va_start(ap, fmt); 1186 ret = vasprintf(&str, fmt, ap); 1187 va_end(ap); 1188 1189 if (ret == -1) 1190 return (ret); 1191 1192 ret = server_bufferevent_print(clt, str); 1193 free(str); 1194 1195 return (ret); 1196} 1197 1198int 1199server_bufferevent_print(struct client *clt, const char *str) 1200{ 1201 if (clt->clt_bev == NULL) 1202 return (evbuffer_add(clt->clt_output, str, strlen(str))); 1203 return (bufferevent_write(clt->clt_bev, str, strlen(str))); 1204} 1205 1206int 1207server_bufferevent_write_buffer(struct client *clt, struct evbuffer *buf) 1208{ 1209 if (clt->clt_bev == NULL) 1210 return (evbuffer_add_buffer(clt->clt_output, buf)); 1211 return (bufferevent_write_buffer(clt->clt_bev, buf)); 1212} 1213 1214int 1215server_bufferevent_write_chunk(struct client *clt, 1216 struct evbuffer *buf, size_t size) 1217{ 1218 int ret; 1219 ret = server_bufferevent_write(clt, buf->buffer, size); 1220 if (ret != -1) 1221 evbuffer_drain(buf, size); 1222 return (ret); 1223} 1224 1225int 1226server_bufferevent_write(struct client *clt, void *data, size_t size) 1227{ 1228 if (clt->clt_bev == NULL) 1229 return (evbuffer_add(clt->clt_output, data, size)); 1230 return (bufferevent_write(clt->clt_bev, data, size)); 1231} 1232 1233int 1234server_client_cmp(struct client *a, struct client *b) 1235{ 1236 return ((int)a->clt_id - b->clt_id); 1237} 1238 1239SPLAY_GENERATE(client_tree, client, clt_nodes, server_client_cmp); 1240