server.c revision 1.92
1/* $OpenBSD: server.c,v 1.92 2016/08/22 15:02:18 jsing Exp $ */ 2 3/* 4 * Copyright (c) 2006 - 2015 Reyk Floeter <reyk@openbsd.org> 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19#include <sys/types.h> 20#include <sys/queue.h> 21#include <sys/time.h> 22#include <sys/stat.h> 23#include <sys/socket.h> 24#include <sys/uio.h> 25#include <sys/tree.h> 26 27#include <netinet/in.h> 28#include <netinet/tcp.h> 29#include <arpa/inet.h> 30 31#include <stdio.h> 32#include <stdlib.h> 33#include <stdarg.h> 34#include <limits.h> 35#include <errno.h> 36#include <fcntl.h> 37#include <string.h> 38#include <syslog.h> 39#include <unistd.h> 40#include <event.h> 41#include <imsg.h> 42#include <tls.h> 43#include <vis.h> 44 45#include "httpd.h" 46 47#define MINIMUM(a, b) (((a) < (b)) ? (a) : (b)) 48 49int server_dispatch_parent(int, struct privsep_proc *, 50 struct imsg *); 51int server_dispatch_logger(int, struct privsep_proc *, 52 struct imsg *); 53void server_shutdown(void); 54 55void server_init(struct privsep *, struct privsep_proc *p, void *); 56void server_launch(void); 57int server_socket(struct sockaddr_storage *, in_port_t, 58 struct server_config *, int, int); 59int server_socket_listen(struct sockaddr_storage *, in_port_t, 60 struct server_config *); 61 62int server_tls_init(struct server *); 63void server_tls_readcb(int, short, void *); 64void server_tls_writecb(int, short, void *); 65void server_tls_handshake(int, short, void *); 66 67void server_accept(int, short, void *); 68void server_input(struct client *); 69void server_inflight_dec(struct client *, const char *); 70 71extern void bufferevent_read_pressure_cb(struct evbuffer *, size_t, 72 size_t, void *); 73 74volatile int server_clients; 75volatile int server_inflight = 0; 76uint32_t server_cltid; 77 78static struct httpd *env = NULL; 79int proc_id; 80 81static struct privsep_proc procs[] = { 82 { "parent", PROC_PARENT, server_dispatch_parent }, 83 { "logger", PROC_LOGGER, server_dispatch_logger } 84}; 85 86pid_t 87server(struct privsep *ps, struct privsep_proc *p) 88{ 89 pid_t pid; 90 env = ps->ps_env; 91 pid = proc_run(ps, p, procs, nitems(procs), server_init, NULL); 92 server_http(env); 93 return (pid); 94} 95 96void 97server_shutdown(void) 98{ 99 config_purge(env, CONFIG_ALL); 100 usleep(200); /* XXX server needs to shutdown last */ 101} 102 103int 104server_privinit(struct server *srv) 105{ 106 struct server *s; 107 108 if (srv->srv_conf.flags & SRVFLAG_LOCATION) 109 return (0); 110 111 log_debug("%s: adding server %s", __func__, srv->srv_conf.name); 112 113 /* 114 * There's no need to open a new socket if a server with the 115 * same address already exists. 116 */ 117 TAILQ_FOREACH(s, env->sc_servers, srv_entry) { 118 if (s != srv && s->srv_s != -1 && 119 s->srv_conf.port == srv->srv_conf.port && 120 sockaddr_cmp((struct sockaddr *)&s->srv_conf.ss, 121 (struct sockaddr *)&srv->srv_conf.ss, 122 s->srv_conf.prefixlen) == 0) 123 return (0); 124 } 125 126 /* Open listening socket in the privileged process */ 127 if ((srv->srv_s = server_socket_listen(&srv->srv_conf.ss, 128 srv->srv_conf.port, &srv->srv_conf)) == -1) 129 return (-1); 130 131 return (0); 132} 133 134int 135server_tls_cmp(struct server *s1, struct server *s2, int match_keypair) 136{ 137 struct server_config *sc1, *sc2; 138 139 sc1 = &s1->srv_conf; 140 sc2 = &s2->srv_conf; 141 142 if (sc1->tls_protocols != sc2->tls_protocols) 143 return (-1); 144 if (strcmp(sc1->tls_ciphers, sc2->tls_ciphers) != 0) 145 return (-1); 146 if (strcmp(sc1->tls_dhe_params, sc2->tls_dhe_params) != 0) 147 return (-1); 148 if (strcmp(sc1->tls_ecdhe_curve, sc2->tls_ecdhe_curve) != 0) 149 return (-1); 150 151 if (match_keypair) { 152 if (strcmp(sc1->tls_cert_file, sc2->tls_cert_file) != 0) 153 return (-1); 154 if (strcmp(sc1->tls_key_file, sc2->tls_key_file) != 0) 155 return (-1); 156 } 157 158 return (0); 159} 160 161int 162server_tls_load_keypair(struct server *srv) 163{ 164 if ((srv->srv_conf.flags & SRVFLAG_TLS) == 0) 165 return (0); 166 167 if ((srv->srv_conf.tls_cert = tls_load_file( 168 srv->srv_conf.tls_cert_file, &srv->srv_conf.tls_cert_len, 169 NULL)) == NULL) 170 return (-1); 171 log_debug("%s: using certificate %s", __func__, 172 srv->srv_conf.tls_cert_file); 173 174 /* XXX allow to specify password for encrypted key */ 175 if ((srv->srv_conf.tls_key = tls_load_file( 176 srv->srv_conf.tls_key_file, &srv->srv_conf.tls_key_len, 177 NULL)) == NULL) 178 return (-1); 179 log_debug("%s: using private key %s", __func__, 180 srv->srv_conf.tls_key_file); 181 182 return (0); 183} 184 185int 186server_tls_init(struct server *srv) 187{ 188 struct server_config *srv_conf; 189 190 if ((srv->srv_conf.flags & SRVFLAG_TLS) == 0) 191 return (0); 192 193 log_debug("%s: setting up tls for %s", __func__, srv->srv_conf.name); 194 195 if (tls_init() != 0) { 196 log_warnx("%s: failed to initialise tls", __func__); 197 return (-1); 198 } 199 if ((srv->srv_tls_config = tls_config_new()) == NULL) { 200 log_warnx("%s: failed to get tls config", __func__); 201 return (-1); 202 } 203 if ((srv->srv_tls_ctx = tls_server()) == NULL) { 204 log_warnx("%s: failed to get tls server", __func__); 205 return (-1); 206 } 207 208 tls_config_set_protocols(srv->srv_tls_config, 209 srv->srv_conf.tls_protocols); 210 211 if (tls_config_set_ciphers(srv->srv_tls_config, 212 srv->srv_conf.tls_ciphers) != 0) { 213 log_warnx("%s: failed to set tls ciphers: %s", 214 __func__, tls_config_error(srv->srv_tls_config)); 215 return (-1); 216 } 217 if (tls_config_set_dheparams(srv->srv_tls_config, 218 srv->srv_conf.tls_dhe_params) != 0) { 219 log_warnx("%s: failed to set tls dhe params: %s", 220 __func__, tls_config_error(srv->srv_tls_config)); 221 return (-1); 222 } 223 if (tls_config_set_ecdhecurve(srv->srv_tls_config, 224 srv->srv_conf.tls_ecdhe_curve) != 0) { 225 log_warnx("%s: failed to set tls ecdhe curve: %s", 226 __func__, tls_config_error(srv->srv_tls_config)); 227 return (-1); 228 } 229 230 if (tls_config_set_keypair_mem(srv->srv_tls_config, 231 srv->srv_conf.tls_cert, srv->srv_conf.tls_cert_len, 232 srv->srv_conf.tls_key, srv->srv_conf.tls_key_len) != 0) { 233 log_warnx("%s: failed to set tls certificate/key: %s", 234 __func__, tls_config_error(srv->srv_tls_config)); 235 return (-1); 236 } 237 238 TAILQ_FOREACH(srv_conf, &srv->srv_hosts, entry) { 239 if (srv_conf->tls_cert == NULL || srv_conf->tls_key == NULL) 240 continue; 241 log_debug("%s: adding keypair for server %s", __func__, 242 srv->srv_conf.name); 243 if (tls_config_add_keypair_mem(srv->srv_tls_config, 244 srv_conf->tls_cert, srv_conf->tls_cert_len, 245 srv_conf->tls_key, srv_conf->tls_key_len) != 0) { 246 log_warnx("%s: failed to add tls keypair", __func__); 247 return (-1); 248 } 249 } 250 251 if (tls_configure(srv->srv_tls_ctx, srv->srv_tls_config) != 0) { 252 log_warnx("%s: failed to configure tls - %s", __func__, 253 tls_error(srv->srv_tls_ctx)); 254 return (-1); 255 } 256 257 /* We're now done with the public/private key... */ 258 tls_config_clear_keys(srv->srv_tls_config); 259 explicit_bzero(srv->srv_conf.tls_cert, srv->srv_conf.tls_cert_len); 260 explicit_bzero(srv->srv_conf.tls_key, srv->srv_conf.tls_key_len); 261 free(srv->srv_conf.tls_cert); 262 free(srv->srv_conf.tls_key); 263 srv->srv_conf.tls_cert = NULL; 264 srv->srv_conf.tls_key = NULL; 265 srv->srv_conf.tls_cert_len = 0; 266 srv->srv_conf.tls_key_len = 0; 267 268 return (0); 269} 270 271void 272server_init(struct privsep *ps, struct privsep_proc *p, void *arg) 273{ 274 server_http(ps->ps_env); 275 276 if (config_init(ps->ps_env) == -1) 277 fatal("failed to initialize configuration"); 278 279 /* Set to current prefork id */ 280 proc_id = p->p_instance; 281 282 /* We use a custom shutdown callback */ 283 p->p_shutdown = server_shutdown; 284 285 /* Unlimited file descriptors (use system limits) */ 286 socket_rlimit(-1); 287 288 if (pledge("stdio rpath inet unix recvfd", NULL) == -1) 289 fatal("pledge"); 290 291#if 0 292 /* Schedule statistics timer */ 293 evtimer_set(&env->sc_statev, server_statistics, NULL); 294 memcpy(&tv, &env->sc_statinterval, sizeof(tv)); 295 evtimer_add(&env->sc_statev, &tv); 296#endif 297} 298 299void 300server_launch(void) 301{ 302 struct server *srv; 303 304 TAILQ_FOREACH(srv, env->sc_servers, srv_entry) { 305 log_debug("%s: configuring server %s", __func__, 306 srv->srv_conf.name); 307 308 server_tls_init(srv); 309 server_http_init(srv); 310 311 log_debug("%s: running server %s", __func__, 312 srv->srv_conf.name); 313 314 event_set(&srv->srv_ev, srv->srv_s, EV_READ, 315 server_accept, srv); 316 event_add(&srv->srv_ev, NULL); 317 evtimer_set(&srv->srv_evt, server_accept, srv); 318 } 319} 320 321void 322server_purge(struct server *srv) 323{ 324 struct client *clt; 325 struct server_config *srv_conf; 326 327 /* shutdown and remove server */ 328 if (event_initialized(&srv->srv_ev)) 329 event_del(&srv->srv_ev); 330 if (evtimer_initialized(&srv->srv_evt)) 331 evtimer_del(&srv->srv_evt); 332 333 if (srv->srv_s != -1) 334 close(srv->srv_s); 335 TAILQ_REMOVE(env->sc_servers, srv, srv_entry); 336 337 /* cleanup sessions */ 338 while ((clt = 339 SPLAY_ROOT(&srv->srv_clients)) != NULL) 340 server_close(clt, NULL); 341 342 /* cleanup hosts */ 343 while ((srv_conf = 344 TAILQ_FIRST(&srv->srv_hosts)) != NULL) { 345 TAILQ_REMOVE(&srv->srv_hosts, srv_conf, entry); 346 347 /* It might point to our own "default" entry */ 348 if (srv_conf != &srv->srv_conf) { 349 serverconfig_free(srv_conf); 350 free(srv_conf); 351 } 352 } 353 354 tls_config_free(srv->srv_tls_config); 355 tls_free(srv->srv_tls_ctx); 356 357 free(srv); 358} 359 360void 361serverconfig_free(struct server_config *srv_conf) 362{ 363 free(srv_conf->return_uri); 364 free(srv_conf->tls_cert_file); 365 free(srv_conf->tls_key_file); 366 367 if (srv_conf->tls_cert != NULL) { 368 explicit_bzero(srv_conf->tls_cert, srv_conf->tls_cert_len); 369 free(srv_conf->tls_cert); 370 } 371 372 if (srv_conf->tls_key != NULL) { 373 explicit_bzero(srv_conf->tls_key, srv_conf->tls_key_len); 374 free(srv_conf->tls_key); 375 } 376} 377 378void 379serverconfig_reset(struct server_config *srv_conf) 380{ 381 srv_conf->auth = NULL; 382 srv_conf->return_uri = NULL; 383 srv_conf->tls_cert = NULL; 384 srv_conf->tls_cert_file = NULL; 385 srv_conf->tls_key = NULL; 386 srv_conf->tls_key_file = NULL; 387} 388 389struct server * 390server_byaddr(struct sockaddr *addr, in_port_t port) 391{ 392 struct server *srv; 393 394 TAILQ_FOREACH(srv, env->sc_servers, srv_entry) { 395 if (port == srv->srv_conf.port && 396 sockaddr_cmp((struct sockaddr *)&srv->srv_conf.ss, 397 addr, srv->srv_conf.prefixlen) == 0) 398 return (srv); 399 } 400 401 return (NULL); 402} 403 404struct server_config * 405serverconfig_byid(uint32_t id) 406{ 407 struct server *srv; 408 struct server_config *srv_conf; 409 410 TAILQ_FOREACH(srv, env->sc_servers, srv_entry) { 411 if (srv->srv_conf.id == id) 412 return (&srv->srv_conf); 413 TAILQ_FOREACH(srv_conf, &srv->srv_hosts, entry) { 414 if (srv_conf->id == id) 415 return (srv_conf); 416 } 417 } 418 419 return (NULL); 420} 421 422int 423server_foreach(int (*srv_cb)(struct server *, 424 struct server_config *, void *), void *arg) 425{ 426 struct server *srv; 427 struct server_config *srv_conf; 428 429 TAILQ_FOREACH(srv, env->sc_servers, srv_entry) { 430 if ((srv_cb)(srv, &srv->srv_conf, arg) == -1) 431 return (-1); 432 TAILQ_FOREACH(srv_conf, &srv->srv_hosts, entry) { 433 if ((srv_cb)(srv, srv_conf, arg) == -1) 434 return (-1); 435 } 436 } 437 438 return (0); 439} 440 441struct server * 442server_match(struct server *s2, int match_name) 443{ 444 struct server *s1; 445 446 /* Attempt to find matching server. */ 447 TAILQ_FOREACH(s1, env->sc_servers, srv_entry) { 448 if ((s1->srv_conf.flags & SRVFLAG_LOCATION) != 0) 449 continue; 450 if (match_name) { 451 if (strcmp(s1->srv_conf.name, s2->srv_conf.name) != 0) 452 continue; 453 } 454 if (s1->srv_conf.port != s2->srv_conf.port) 455 continue; 456 if (sockaddr_cmp( 457 (struct sockaddr *)&s1->srv_conf.ss, 458 (struct sockaddr *)&s2->srv_conf.ss, 459 s1->srv_conf.prefixlen) != 0) 460 continue; 461 462 return (s1); 463 } 464 465 return (NULL); 466} 467 468int 469server_socket_af(struct sockaddr_storage *ss, in_port_t port) 470{ 471 switch (ss->ss_family) { 472 case AF_INET: 473 ((struct sockaddr_in *)ss)->sin_port = port; 474 ((struct sockaddr_in *)ss)->sin_len = 475 sizeof(struct sockaddr_in); 476 break; 477 case AF_INET6: 478 ((struct sockaddr_in6 *)ss)->sin6_port = port; 479 ((struct sockaddr_in6 *)ss)->sin6_len = 480 sizeof(struct sockaddr_in6); 481 break; 482 default: 483 return (-1); 484 } 485 486 return (0); 487} 488 489in_port_t 490server_socket_getport(struct sockaddr_storage *ss) 491{ 492 switch (ss->ss_family) { 493 case AF_INET: 494 return (((struct sockaddr_in *)ss)->sin_port); 495 case AF_INET6: 496 return (((struct sockaddr_in6 *)ss)->sin6_port); 497 default: 498 return (0); 499 } 500 501 /* NOTREACHED */ 502 return (0); 503} 504 505int 506server_socket(struct sockaddr_storage *ss, in_port_t port, 507 struct server_config *srv_conf, int fd, int reuseport) 508{ 509 struct linger lng; 510 int s = -1, val; 511 512 if (server_socket_af(ss, port) == -1) 513 goto bad; 514 515 s = fd == -1 ? socket(ss->ss_family, SOCK_STREAM | SOCK_NONBLOCK, 516 IPPROTO_TCP) : fd; 517 if (s == -1) 518 goto bad; 519 520 /* 521 * Socket options 522 */ 523 memset(&lng, 0, sizeof(lng)); 524 if (setsockopt(s, SOL_SOCKET, SO_LINGER, &lng, sizeof(lng)) == -1) 525 goto bad; 526 if (reuseport) { 527 val = 1; 528 if (setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &val, 529 sizeof(int)) == -1) 530 goto bad; 531 } 532 if (srv_conf->tcpflags & TCPFLAG_BUFSIZ) { 533 val = srv_conf->tcpbufsiz; 534 if (setsockopt(s, SOL_SOCKET, SO_RCVBUF, 535 &val, sizeof(val)) == -1) 536 goto bad; 537 val = srv_conf->tcpbufsiz; 538 if (setsockopt(s, SOL_SOCKET, SO_SNDBUF, 539 &val, sizeof(val)) == -1) 540 goto bad; 541 } 542 543 /* 544 * IP options 545 */ 546 if (srv_conf->tcpflags & TCPFLAG_IPTTL) { 547 val = (int)srv_conf->tcpipttl; 548 if (setsockopt(s, IPPROTO_IP, IP_TTL, 549 &val, sizeof(val)) == -1) 550 goto bad; 551 } 552 if (srv_conf->tcpflags & TCPFLAG_IPMINTTL) { 553 val = (int)srv_conf->tcpipminttl; 554 if (setsockopt(s, IPPROTO_IP, IP_MINTTL, 555 &val, sizeof(val)) == -1) 556 goto bad; 557 } 558 559 /* 560 * TCP options 561 */ 562 if (srv_conf->tcpflags & (TCPFLAG_NODELAY|TCPFLAG_NNODELAY)) { 563 if (srv_conf->tcpflags & TCPFLAG_NNODELAY) 564 val = 0; 565 else 566 val = 1; 567 if (setsockopt(s, IPPROTO_TCP, TCP_NODELAY, 568 &val, sizeof(val)) == -1) 569 goto bad; 570 } 571 if (srv_conf->tcpflags & (TCPFLAG_SACK|TCPFLAG_NSACK)) { 572 if (srv_conf->tcpflags & TCPFLAG_NSACK) 573 val = 0; 574 else 575 val = 1; 576 if (setsockopt(s, IPPROTO_TCP, TCP_SACK_ENABLE, 577 &val, sizeof(val)) == -1) 578 goto bad; 579 } 580 581 return (s); 582 583 bad: 584 if (s != -1) 585 close(s); 586 return (-1); 587} 588 589int 590server_socket_listen(struct sockaddr_storage *ss, in_port_t port, 591 struct server_config *srv_conf) 592{ 593 int s; 594 595 if ((s = server_socket(ss, port, srv_conf, -1, 1)) == -1) 596 return (-1); 597 598 if (bind(s, (struct sockaddr *)ss, ss->ss_len) == -1) 599 goto bad; 600 if (listen(s, srv_conf->tcpbacklog) == -1) 601 goto bad; 602 603 return (s); 604 605 bad: 606 close(s); 607 return (-1); 608} 609 610int 611server_socket_connect(struct sockaddr_storage *ss, in_port_t port, 612 struct server_config *srv_conf) 613{ 614 int s; 615 616 if ((s = server_socket(ss, port, srv_conf, -1, 0)) == -1) 617 return (-1); 618 619 if (connect(s, (struct sockaddr *)ss, ss->ss_len) == -1) { 620 if (errno != EINPROGRESS) 621 goto bad; 622 } 623 624 return (s); 625 626 bad: 627 close(s); 628 return (-1); 629} 630 631void 632server_tls_readcb(int fd, short event, void *arg) 633{ 634 struct bufferevent *bufev = arg; 635 struct client *clt = bufev->cbarg; 636 char rbuf[IBUF_READ_SIZE]; 637 int what = EVBUFFER_READ; 638 int howmuch = IBUF_READ_SIZE; 639 ssize_t ret; 640 size_t len; 641 642 if (event == EV_TIMEOUT) { 643 what |= EVBUFFER_TIMEOUT; 644 goto err; 645 } 646 647 if (bufev->wm_read.high != 0) 648 howmuch = MINIMUM(sizeof(rbuf), bufev->wm_read.high); 649 650 ret = tls_read(clt->clt_tls_ctx, rbuf, howmuch); 651 if (ret == TLS_WANT_POLLIN || ret == TLS_WANT_POLLOUT) { 652 goto retry; 653 } else if (ret < 0) { 654 what |= EVBUFFER_ERROR; 655 goto err; 656 } 657 len = ret; 658 659 if (len == 0) { 660 what |= EVBUFFER_EOF; 661 goto err; 662 } 663 664 if (evbuffer_add(bufev->input, rbuf, len) == -1) { 665 what |= EVBUFFER_ERROR; 666 goto err; 667 } 668 669 server_bufferevent_add(&bufev->ev_read, bufev->timeout_read); 670 671 len = EVBUFFER_LENGTH(bufev->input); 672 if (bufev->wm_read.low != 0 && len < bufev->wm_read.low) 673 return; 674 if (bufev->wm_read.high != 0 && len > bufev->wm_read.high) { 675 struct evbuffer *buf = bufev->input; 676 event_del(&bufev->ev_read); 677 evbuffer_setcb(buf, bufferevent_read_pressure_cb, bufev); 678 return; 679 } 680 681 if (bufev->readcb != NULL) 682 (*bufev->readcb)(bufev, bufev->cbarg); 683 return; 684 685 retry: 686 server_bufferevent_add(&bufev->ev_read, bufev->timeout_read); 687 return; 688 689 err: 690 (*bufev->errorcb)(bufev, what, bufev->cbarg); 691} 692 693void 694server_tls_writecb(int fd, short event, void *arg) 695{ 696 struct bufferevent *bufev = arg; 697 struct client *clt = bufev->cbarg; 698 ssize_t ret; 699 short what = EVBUFFER_WRITE; 700 size_t len; 701 702 if (event == EV_TIMEOUT) { 703 what |= EVBUFFER_TIMEOUT; 704 goto err; 705 } 706 707 if (EVBUFFER_LENGTH(bufev->output)) { 708 ret = tls_write(clt->clt_tls_ctx, 709 EVBUFFER_DATA(bufev->output), 710 EVBUFFER_LENGTH(bufev->output)); 711 if (ret == TLS_WANT_POLLIN || ret == TLS_WANT_POLLOUT) { 712 goto retry; 713 } else if (ret < 0) { 714 what |= EVBUFFER_ERROR; 715 goto err; 716 } 717 len = ret; 718 evbuffer_drain(bufev->output, len); 719 } 720 721 if (EVBUFFER_LENGTH(bufev->output) != 0) 722 server_bufferevent_add(&bufev->ev_write, bufev->timeout_write); 723 724 if (bufev->writecb != NULL && 725 EVBUFFER_LENGTH(bufev->output) <= bufev->wm_write.low) 726 (*bufev->writecb)(bufev, bufev->cbarg); 727 return; 728 729 retry: 730 server_bufferevent_add(&bufev->ev_write, bufev->timeout_write); 731 return; 732 733 err: 734 (*bufev->errorcb)(bufev, what, bufev->cbarg); 735} 736 737void 738server_input(struct client *clt) 739{ 740 struct server_config *srv_conf = clt->clt_srv_conf; 741 evbuffercb inrd = server_read; 742 evbuffercb inwr = server_write; 743 socklen_t slen; 744 745 if (server_httpdesc_init(clt) == -1) { 746 server_close(clt, "failed to allocate http descriptor"); 747 return; 748 } 749 750 clt->clt_toread = TOREAD_HTTP_HEADER; 751 inrd = server_read_http; 752 753 slen = sizeof(clt->clt_sndbufsiz); 754 if (getsockopt(clt->clt_s, SOL_SOCKET, SO_SNDBUF, 755 &clt->clt_sndbufsiz, &slen) == -1) { 756 server_close(clt, "failed to get send buffer size"); 757 return; 758 } 759 760 /* 761 * Client <-> Server 762 */ 763 clt->clt_bev = bufferevent_new(clt->clt_s, inrd, inwr, 764 server_error, clt); 765 if (clt->clt_bev == NULL) { 766 server_close(clt, "failed to allocate input buffer event"); 767 return; 768 } 769 770 if (srv_conf->flags & SRVFLAG_TLS) { 771 event_set(&clt->clt_bev->ev_read, clt->clt_s, EV_READ, 772 server_tls_readcb, clt->clt_bev); 773 event_set(&clt->clt_bev->ev_write, clt->clt_s, EV_WRITE, 774 server_tls_writecb, clt->clt_bev); 775 } 776 777 /* Adjust write watermark to the socket buffer output size */ 778 bufferevent_setwatermark(clt->clt_bev, EV_WRITE, 779 SERVER_MIN_PREFETCHED * clt->clt_sndbufsiz, 0); 780 /* Read at most amount of data that fits in one fcgi record. */ 781 bufferevent_setwatermark(clt->clt_bev, EV_READ, 0, FCGI_CONTENT_SIZE); 782 783 bufferevent_settimeout(clt->clt_bev, 784 srv_conf->timeout.tv_sec, srv_conf->timeout.tv_sec); 785 bufferevent_enable(clt->clt_bev, EV_READ|EV_WRITE); 786} 787 788void 789server_write(struct bufferevent *bev, void *arg) 790{ 791 struct client *clt = arg; 792 struct evbuffer *dst = EVBUFFER_OUTPUT(bev); 793 794 if (EVBUFFER_LENGTH(dst) == 0 && 795 clt->clt_toread == TOREAD_HTTP_NONE) 796 goto done; 797 798 getmonotime(&clt->clt_tv_last); 799 800 if (clt->clt_done) 801 goto done; 802 803 bufferevent_enable(bev, EV_READ); 804 805 if (clt->clt_srvbev && clt->clt_srvbev_throttled) { 806 bufferevent_enable(clt->clt_srvbev, EV_READ); 807 clt->clt_srvbev_throttled = 0; 808 } 809 810 return; 811 done: 812 (*bev->errorcb)(bev, EVBUFFER_WRITE|EVBUFFER_EOF, bev->cbarg); 813 return; 814} 815 816void 817server_dump(struct client *clt, const void *buf, size_t len) 818{ 819 if (!len) 820 return; 821 822 /* 823 * This function will dump the specified message directly 824 * to the underlying client, without waiting for success 825 * of non-blocking events etc. This is useful to print an 826 * error message before gracefully closing the client. 827 */ 828 if (clt->clt_tls_ctx != NULL) 829 (void)tls_write(clt->clt_tls_ctx, buf, len); 830 else 831 (void)write(clt->clt_s, buf, len); 832} 833 834void 835server_read(struct bufferevent *bev, void *arg) 836{ 837 struct client *clt = arg; 838 struct evbuffer *src = EVBUFFER_INPUT(bev); 839 840 getmonotime(&clt->clt_tv_last); 841 842 if (!EVBUFFER_LENGTH(src)) 843 return; 844 if (server_bufferevent_write_buffer(clt, src) == -1) 845 goto fail; 846 if (clt->clt_done) 847 goto done; 848 849 if (EVBUFFER_LENGTH(EVBUFFER_OUTPUT(clt->clt_bev)) > (size_t) 850 SERVER_MAX_PREFETCH * clt->clt_sndbufsiz) { 851 bufferevent_disable(clt->clt_srvbev, EV_READ); 852 clt->clt_srvbev_throttled = 1; 853 } 854 855 return; 856 done: 857 (*bev->errorcb)(bev, EVBUFFER_READ|EVBUFFER_EOF, bev->cbarg); 858 return; 859 fail: 860 server_close(clt, strerror(errno)); 861} 862 863void 864server_error(struct bufferevent *bev, short error, void *arg) 865{ 866 struct client *clt = arg; 867 struct evbuffer *dst; 868 869 if (error & EVBUFFER_TIMEOUT) { 870 server_close(clt, "buffer event timeout"); 871 return; 872 } 873 if (error & EVBUFFER_ERROR) { 874 if (errno == EFBIG) { 875 bufferevent_enable(bev, EV_READ); 876 return; 877 } 878 server_close(clt, "buffer event error"); 879 return; 880 } 881 if (error & (EVBUFFER_READ|EVBUFFER_WRITE|EVBUFFER_EOF)) { 882 bufferevent_disable(bev, EV_READ|EV_WRITE); 883 884 clt->clt_done = 1; 885 886 dst = EVBUFFER_OUTPUT(clt->clt_bev); 887 if (EVBUFFER_LENGTH(dst)) { 888 /* Finish writing all data first */ 889 bufferevent_enable(clt->clt_bev, EV_WRITE); 890 return; 891 } 892 893 server_close(clt, "done"); 894 return; 895 } 896 server_close(clt, "unknown event error"); 897 return; 898} 899 900void 901server_accept(int fd, short event, void *arg) 902{ 903 struct server *srv = arg; 904 struct client *clt = NULL; 905 socklen_t slen; 906 struct sockaddr_storage ss; 907 int s = -1; 908 909 event_add(&srv->srv_ev, NULL); 910 if ((event & EV_TIMEOUT)) 911 return; 912 913 slen = sizeof(ss); 914 if ((s = accept_reserve(fd, (struct sockaddr *)&ss, 915 &slen, FD_RESERVE, &server_inflight)) == -1) { 916 /* 917 * Pause accept if we are out of file descriptors, or 918 * libevent will haunt us here too. 919 */ 920 if (errno == ENFILE || errno == EMFILE) { 921 struct timeval evtpause = { 1, 0 }; 922 923 event_del(&srv->srv_ev); 924 evtimer_add(&srv->srv_evt, &evtpause); 925 log_debug("%s: deferring connections", __func__); 926 } 927 return; 928 } 929 if (server_clients >= SERVER_MAX_CLIENTS) 930 goto err; 931 932 if ((clt = calloc(1, sizeof(*clt))) == NULL) 933 goto err; 934 935 /* Pre-allocate log buffer */ 936 clt->clt_log = evbuffer_new(); 937 if (clt->clt_log == NULL) 938 goto err; 939 940 clt->clt_s = s; 941 clt->clt_fd = -1; 942 clt->clt_toread = TOREAD_UNLIMITED; 943 clt->clt_srv = srv; 944 clt->clt_srv_conf = &srv->srv_conf; 945 clt->clt_id = ++server_cltid; 946 clt->clt_srv_id = srv->srv_conf.id; 947 clt->clt_pid = getpid(); 948 clt->clt_inflight = 1; 949 950 /* get local address */ 951 slen = sizeof(clt->clt_srv_ss); 952 if (getsockname(s, (struct sockaddr *)&clt->clt_srv_ss, 953 &slen) == -1) { 954 server_close(clt, "listen address lookup failed"); 955 return; 956 } 957 958 /* get client address */ 959 memcpy(&clt->clt_ss, &ss, sizeof(clt->clt_ss)); 960 961 /* get ports */ 962 switch (ss.ss_family) { 963 case AF_INET: 964 clt->clt_port = ((struct sockaddr_in *)&ss)->sin_port; 965 break; 966 case AF_INET6: 967 clt->clt_port = ((struct sockaddr_in6 *)&ss)->sin6_port; 968 break; 969 } 970 971 getmonotime(&clt->clt_tv_start); 972 memcpy(&clt->clt_tv_last, &clt->clt_tv_start, sizeof(clt->clt_tv_last)); 973 974 server_clients++; 975 SPLAY_INSERT(client_tree, &srv->srv_clients, clt); 976 977 /* Increment the per-relay client counter */ 978 //srv->srv_stats[proc_id].last++; 979 980 /* Pre-allocate output buffer */ 981 clt->clt_output = evbuffer_new(); 982 if (clt->clt_output == NULL) { 983 server_close(clt, "failed to allocate output buffer"); 984 return; 985 } 986 987 if (srv->srv_conf.flags & SRVFLAG_TLS) { 988 if (tls_accept_socket(srv->srv_tls_ctx, &clt->clt_tls_ctx, 989 clt->clt_s) != 0) { 990 server_close(clt, "failed to setup tls context"); 991 return; 992 } 993 event_again(&clt->clt_ev, clt->clt_s, EV_TIMEOUT|EV_READ, 994 server_tls_handshake, &clt->clt_tv_start, 995 &srv->srv_conf.timeout, clt); 996 return; 997 } 998 999 server_input(clt); 1000 return; 1001 1002 err: 1003 if (s != -1) { 1004 close(s); 1005 free(clt); 1006 /* 1007 * the client struct was not completely set up, but still 1008 * counted as an inflight client. account for this. 1009 */ 1010 server_inflight_dec(NULL, __func__); 1011 } 1012} 1013 1014void 1015server_tls_handshake(int fd, short event, void *arg) 1016{ 1017 struct client *clt = (struct client *)arg; 1018 struct server *srv = (struct server *)clt->clt_srv; 1019 int ret; 1020 1021 if (event == EV_TIMEOUT) { 1022 server_close(clt, "tls handshake timeout"); 1023 return; 1024 } 1025 1026 if (srv->srv_tls_ctx == NULL || clt->clt_tls_ctx == NULL) 1027 fatalx("NULL tls context"); 1028 1029 ret = tls_handshake(clt->clt_tls_ctx); 1030 if (ret == 0) { 1031 server_input(clt); 1032 } else if (ret == TLS_WANT_POLLIN) { 1033 event_again(&clt->clt_ev, clt->clt_s, EV_TIMEOUT|EV_READ, 1034 server_tls_handshake, &clt->clt_tv_start, 1035 &srv->srv_conf.timeout, clt); 1036 } else if (ret == TLS_WANT_POLLOUT) { 1037 event_again(&clt->clt_ev, clt->clt_s, EV_TIMEOUT|EV_WRITE, 1038 server_tls_handshake, &clt->clt_tv_start, 1039 &srv->srv_conf.timeout, clt); 1040 } else { 1041 log_debug("%s: tls handshake failed - %s", __func__, 1042 tls_error(clt->clt_tls_ctx)); 1043 server_close(clt, "tls handshake failed"); 1044 } 1045} 1046 1047void 1048server_inflight_dec(struct client *clt, const char *why) 1049{ 1050 if (clt != NULL) { 1051 /* the flight already left inflight mode. */ 1052 if (clt->clt_inflight == 0) 1053 return; 1054 clt->clt_inflight = 0; 1055 } 1056 1057 /* the file was never opened, thus this was an inflight client. */ 1058 server_inflight--; 1059 DPRINTF("%s: inflight decremented, now %d, %s", 1060 __func__, server_inflight, why); 1061} 1062 1063void 1064server_sendlog(struct server_config *srv_conf, int cmd, const char *emsg, ...) 1065{ 1066 va_list ap; 1067 char *msg; 1068 int ret; 1069 struct iovec iov[2]; 1070 1071 if (srv_conf->flags & SRVFLAG_SYSLOG) { 1072 va_start(ap, emsg); 1073 if (cmd == IMSG_LOG_ACCESS) 1074 vlog(LOG_INFO, emsg, ap); 1075 else 1076 vlog(LOG_DEBUG, emsg, ap); 1077 va_end(ap); 1078 return; 1079 } 1080 1081 va_start(ap, emsg); 1082 ret = vasprintf(&msg, emsg, ap); 1083 va_end(ap); 1084 if (ret == -1) { 1085 log_warn("%s: vasprintf", __func__); 1086 return; 1087 } 1088 1089 iov[0].iov_base = &srv_conf->id; 1090 iov[0].iov_len = sizeof(srv_conf->id); 1091 iov[1].iov_base = msg; 1092 iov[1].iov_len = strlen(msg) + 1; 1093 1094 if (proc_composev(env->sc_ps, PROC_LOGGER, cmd, iov, 2) != 0) { 1095 log_warn("%s: failed to compose imsg", __func__); 1096 return; 1097 } 1098} 1099 1100void 1101server_log(struct client *clt, const char *msg) 1102{ 1103 char ibuf[HOST_NAME_MAX+1], obuf[HOST_NAME_MAX+1]; 1104 struct server_config *srv_conf = clt->clt_srv_conf; 1105 char *ptr = NULL, *vmsg = NULL; 1106 int debug_cmd = -1; 1107 extern int verbose; 1108 1109 switch (srv_conf->logformat) { 1110 case LOG_FORMAT_CONNECTION: 1111 debug_cmd = IMSG_LOG_ACCESS; 1112 break; 1113 default: 1114 if (verbose > 1) 1115 debug_cmd = IMSG_LOG_ERROR; 1116 if (EVBUFFER_LENGTH(clt->clt_log)) { 1117 while ((ptr = 1118 evbuffer_readline(clt->clt_log)) != NULL) { 1119 server_sendlog(srv_conf, 1120 IMSG_LOG_ACCESS, "%s", ptr); 1121 free(ptr); 1122 } 1123 } 1124 break; 1125 } 1126 1127 if (debug_cmd != -1 && msg != NULL) { 1128 memset(ibuf, 0, sizeof(ibuf)); 1129 memset(obuf, 0, sizeof(obuf)); 1130 (void)print_host(&clt->clt_ss, ibuf, sizeof(ibuf)); 1131 (void)server_http_host(&clt->clt_srv_ss, obuf, sizeof(obuf)); 1132 if (EVBUFFER_LENGTH(clt->clt_log) && 1133 evbuffer_add_printf(clt->clt_log, "\n") != -1) 1134 ptr = evbuffer_readline(clt->clt_log); 1135 (void)stravis(&vmsg, msg, HTTPD_LOGVIS); 1136 server_sendlog(srv_conf, debug_cmd, "server %s, " 1137 "client %d (%d active), %s:%u -> %s, " 1138 "%s%s%s", srv_conf->name, clt->clt_id, server_clients, 1139 ibuf, ntohs(clt->clt_port), obuf, vmsg == NULL ? "" : vmsg, 1140 ptr == NULL ? "" : ",", ptr == NULL ? "" : ptr); 1141 free(vmsg); 1142 free(ptr); 1143 } 1144} 1145 1146void 1147server_close(struct client *clt, const char *msg) 1148{ 1149 struct server *srv = clt->clt_srv; 1150 1151 SPLAY_REMOVE(client_tree, &srv->srv_clients, clt); 1152 1153 /* free the HTTP descriptors incl. headers */ 1154 server_close_http(clt); 1155 1156 event_del(&clt->clt_ev); 1157 if (clt->clt_bev != NULL) 1158 bufferevent_disable(clt->clt_bev, EV_READ|EV_WRITE); 1159 if (clt->clt_srvbev != NULL) 1160 bufferevent_disable(clt->clt_srvbev, EV_READ|EV_WRITE); 1161 1162 server_log(clt, msg); 1163 1164 if (clt->clt_bev != NULL) 1165 bufferevent_free(clt->clt_bev); 1166 if (clt->clt_output != NULL) 1167 evbuffer_free(clt->clt_output); 1168 if (clt->clt_srvevb != NULL) 1169 evbuffer_free(clt->clt_srvevb); 1170 1171 if (clt->clt_srvbev != NULL) 1172 bufferevent_free(clt->clt_srvbev); 1173 if (clt->clt_fd != -1) 1174 close(clt->clt_fd); 1175 if (clt->clt_s != -1) 1176 close(clt->clt_s); 1177 1178 if (clt->clt_tls_ctx != NULL) 1179 tls_close(clt->clt_tls_ctx); 1180 tls_free(clt->clt_tls_ctx); 1181 1182 server_inflight_dec(clt, __func__); 1183 1184 if (clt->clt_log != NULL) 1185 evbuffer_free(clt->clt_log); 1186 1187 free(clt); 1188 server_clients--; 1189} 1190 1191int 1192server_dispatch_parent(int fd, struct privsep_proc *p, struct imsg *imsg) 1193{ 1194 switch (imsg->hdr.type) { 1195 case IMSG_CFG_MEDIA: 1196 config_getmedia(env, imsg); 1197 break; 1198 case IMSG_CFG_AUTH: 1199 config_getauth(env, imsg); 1200 break; 1201 case IMSG_CFG_SERVER: 1202 config_getserver(env, imsg); 1203 break; 1204 case IMSG_CFG_TLS: 1205 config_gettls(env, imsg); 1206 break; 1207 case IMSG_CFG_DONE: 1208 config_getcfg(env, imsg); 1209 break; 1210 case IMSG_CTL_START: 1211 server_launch(); 1212 break; 1213 case IMSG_CTL_RESET: 1214 config_getreset(env, imsg); 1215 break; 1216 default: 1217 return (-1); 1218 } 1219 1220 return (0); 1221} 1222 1223int 1224server_dispatch_logger(int fd, struct privsep_proc *p, struct imsg *imsg) 1225{ 1226 switch (imsg->hdr.type) { 1227 default: 1228 return (-1); 1229 } 1230 1231 return (0); 1232} 1233 1234int 1235server_bufferevent_add(struct event *ev, int timeout) 1236{ 1237 struct timeval tv, *ptv = NULL; 1238 1239 if (timeout) { 1240 timerclear(&tv); 1241 tv.tv_sec = timeout; 1242 ptv = &tv; 1243 } 1244 1245 return (event_add(ev, ptv)); 1246} 1247 1248int 1249server_bufferevent_printf(struct client *clt, const char *fmt, ...) 1250{ 1251 int ret; 1252 va_list ap; 1253 char *str; 1254 1255 va_start(ap, fmt); 1256 ret = vasprintf(&str, fmt, ap); 1257 va_end(ap); 1258 1259 if (ret == -1) 1260 return (ret); 1261 1262 ret = server_bufferevent_print(clt, str); 1263 free(str); 1264 1265 return (ret); 1266} 1267 1268int 1269server_bufferevent_print(struct client *clt, const char *str) 1270{ 1271 if (clt->clt_bev == NULL) 1272 return (evbuffer_add(clt->clt_output, str, strlen(str))); 1273 return (bufferevent_write(clt->clt_bev, str, strlen(str))); 1274} 1275 1276int 1277server_bufferevent_write_buffer(struct client *clt, struct evbuffer *buf) 1278{ 1279 if (clt->clt_bev == NULL) 1280 return (evbuffer_add_buffer(clt->clt_output, buf)); 1281 return (bufferevent_write_buffer(clt->clt_bev, buf)); 1282} 1283 1284int 1285server_bufferevent_write_chunk(struct client *clt, 1286 struct evbuffer *buf, size_t size) 1287{ 1288 int ret; 1289 ret = server_bufferevent_write(clt, buf->buffer, size); 1290 if (ret != -1) 1291 evbuffer_drain(buf, size); 1292 return (ret); 1293} 1294 1295int 1296server_bufferevent_write(struct client *clt, void *data, size_t size) 1297{ 1298 if (clt->clt_bev == NULL) 1299 return (evbuffer_add(clt->clt_output, data, size)); 1300 return (bufferevent_write(clt->clt_bev, data, size)); 1301} 1302 1303int 1304server_client_cmp(struct client *a, struct client *b) 1305{ 1306 return ((int)a->clt_id - b->clt_id); 1307} 1308 1309SPLAY_GENERATE(client_tree, client, clt_nodes, server_client_cmp); 1310