1 /* $OpenBSD: server.c,v 1.126 2021/07/14 13:33:57 kn Exp $ */
2
3 /*
4 * Copyright (c) 2006 - 2015 Reyk Floeter <reyk@openbsd.org>
5 *
6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
9 *
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 */
18
19 #include <sys/types.h>
20 #include <sys/queue.h>
21 #include <sys/time.h>
22 #include <sys/stat.h>
23 #include <sys/socket.h>
24 #include <sys/uio.h>
25 #include <sys/tree.h>
26 #include <sys/param.h>
27
28 #include <netinet/in.h>
29 #include <netinet/tcp.h>
30 #include <arpa/inet.h>
31
32 #include <stdio.h>
33 #include <stdlib.h>
34 #include <stdarg.h>
35 #include <limits.h>
36 #include <errno.h>
37 #include <fcntl.h>
38 #include <string.h>
39 #include <syslog.h>
40 #include <unistd.h>
41 #include <event.h>
42 #include <imsg.h>
43 #include <tls.h>
44 #include <vis.h>
45
46 #include "httpd.h"
47
48 #ifndef __OpenBSD__
49 #include "compat.h"
50 #define IPV6_MINHOPCOUNT 65 /* int; minimum recv hop limit */
51 #endif
52
53 #define MINIMUM(a, b) (((a) < (b)) ? (a) : (b))
54
55 int server_dispatch_parent(int, struct privsep_proc *,
56 struct imsg *);
57 int server_dispatch_logger(int, struct privsep_proc *,
58 struct imsg *);
59 void server_shutdown(void);
60
61 void server_init(struct privsep *, struct privsep_proc *p, void *);
62 void server_launch(void);
63 int server_socket(struct sockaddr_storage *, in_port_t,
64 struct server_config *, int, int);
65 int server_socket_listen(struct sockaddr_storage *, in_port_t,
66 struct server_config *);
67 struct server *server_byid(uint32_t);
68
69 int server_tls_init(struct server *);
70 void server_tls_readcb(int, short, void *);
71 void server_tls_writecb(int, short, void *);
72 void server_tls_handshake(int, short, void *);
73
74 void server_accept(int, short, void *);
75 void server_input(struct client *);
76 void server_inflight_dec(struct client *, const char *);
77
78 extern void bufferevent_read_pressure_cb(struct evbuffer *, size_t,
79 size_t, void *);
80
81 volatile int server_clients;
82 volatile int server_inflight = 0;
83 uint32_t server_cltid;
84
85 static struct privsep_proc procs[] = {
86 { "parent", PROC_PARENT, server_dispatch_parent },
87 { "logger", PROC_LOGGER, server_dispatch_logger }
88 };
89
90 void
server(struct privsep * ps,struct privsep_proc * p)91 server(struct privsep *ps, struct privsep_proc *p)
92 {
93 proc_run(ps, p, procs, nitems(procs), server_init, NULL);
94 server_http();
95 }
96
97 void
server_shutdown(void)98 server_shutdown(void)
99 {
100 config_purge(httpd_env, CONFIG_ALL);
101 usleep(200); /* XXX server needs to shutdown last */
102 }
103
104 int
server_privinit(struct server * srv)105 server_privinit(struct server *srv)
106 {
107 struct server *s;
108
109 if (srv->srv_conf.flags & SRVFLAG_LOCATION)
110 return (0);
111
112 log_debug("%s: adding server %s", __func__, srv->srv_conf.name);
113
114 /*
115 * There's no need to open a new socket if a server with the
116 * same address already exists.
117 */
118 TAILQ_FOREACH(s, httpd_env->sc_servers, srv_entry) {
119 if (s != srv && s->srv_s != -1 &&
120 s->srv_conf.port == srv->srv_conf.port &&
121 sockaddr_cmp((struct sockaddr *)&s->srv_conf.ss,
122 (struct sockaddr *)&srv->srv_conf.ss,
123 s->srv_conf.prefixlen) == 0)
124 return (0);
125 }
126
127 /* Open listening socket in the privileged process */
128 if ((srv->srv_s = server_socket_listen(&srv->srv_conf.ss,
129 srv->srv_conf.port, &srv->srv_conf)) == -1)
130 return (-1);
131
132 return (0);
133 }
134
135 int
server_tls_cmp(struct server * s1,struct server * s2)136 server_tls_cmp(struct server *s1, struct server *s2)
137 {
138 struct server_config *sc1, *sc2;
139
140 sc1 = &s1->srv_conf;
141 sc2 = &s2->srv_conf;
142
143 if (sc1->tls_flags != sc2->tls_flags)
144 return (-1);
145 if (sc1->tls_protocols != sc2->tls_protocols)
146 return (-1);
147 if (sc1->tls_ticket_lifetime != sc2->tls_ticket_lifetime)
148 return (-1);
149 if (strcmp(sc1->tls_ciphers, sc2->tls_ciphers) != 0)
150 return (-1);
151 if (strcmp(sc1->tls_dhe_params, sc2->tls_dhe_params) != 0)
152 return (-1);
153 if (strcmp(sc1->tls_ecdhe_curves, sc2->tls_ecdhe_curves) != 0)
154 return (-1);
155
156 return (0);
157 }
158
159 int
server_tls_load_keypair(struct server * srv)160 server_tls_load_keypair(struct server *srv)
161 {
162 if ((srv->srv_conf.flags & SRVFLAG_TLS) == 0)
163 return (0);
164
165 if ((srv->srv_conf.tls_cert = tls_load_file(srv->srv_conf.tls_cert_file,
166 &srv->srv_conf.tls_cert_len, NULL)) == NULL)
167 return (-1);
168 log_debug("%s: using certificate %s", __func__,
169 srv->srv_conf.tls_cert_file);
170
171 /* XXX allow to specify password for encrypted key */
172 if ((srv->srv_conf.tls_key = tls_load_file(srv->srv_conf.tls_key_file,
173 &srv->srv_conf.tls_key_len, NULL)) == NULL)
174 return (-1);
175 log_debug("%s: using private key %s", __func__,
176 srv->srv_conf.tls_key_file);
177
178 return (0);
179 }
180
181 int
server_tls_load_ocsp(struct server * srv)182 server_tls_load_ocsp(struct server *srv)
183 {
184 if ((srv->srv_conf.flags & SRVFLAG_TLS) == 0)
185 return (0);
186
187 if (srv->srv_conf.tls_ocsp_staple_file == NULL)
188 return (0);
189
190 if ((srv->srv_conf.tls_ocsp_staple = tls_load_file(
191 srv->srv_conf.tls_ocsp_staple_file,
192 &srv->srv_conf.tls_ocsp_staple_len, NULL)) == NULL) {
193 log_warnx("%s: Failed to load ocsp staple from %s", __func__,
194 srv->srv_conf.tls_ocsp_staple_file);
195 return (-1);
196 }
197
198 if (srv->srv_conf.tls_ocsp_staple_len == 0) {
199 log_warnx("%s: ignoring 0 length ocsp staple from %s", __func__,
200 srv->srv_conf.tls_ocsp_staple_file);
201 return (0);
202 }
203
204 log_debug("%s: using ocsp staple from %s", __func__,
205 srv->srv_conf.tls_ocsp_staple_file);
206
207 return (0);
208 }
209
210 int
server_tls_load_ca(struct server * srv)211 server_tls_load_ca(struct server *srv)
212 {
213 if ((srv->srv_conf.tls_flags & TLSFLAG_CA) == 0 ||
214 srv->srv_conf.tls_ca_file == NULL)
215 return (0);
216
217 if ((srv->srv_conf.tls_ca = tls_load_file(
218 srv->srv_conf.tls_ca_file,
219 &srv->srv_conf.tls_ca_len, NULL)) == NULL)
220 return (-1);
221 log_debug("%s: using ca cert(s) from %s", __func__,
222 srv->srv_conf.tls_ca_file);
223
224 return (0);
225 }
226
227 int
server_tls_load_crl(struct server * srv)228 server_tls_load_crl(struct server *srv)
229 {
230 if ((srv->srv_conf.tls_flags & TLSFLAG_CA) == 0 ||
231 srv->srv_conf.tls_crl_file == NULL)
232 return (0);
233
234 if ((srv->srv_conf.tls_crl = tls_load_file(
235 srv->srv_conf.tls_crl_file,
236 &srv->srv_conf.tls_crl_len, NULL)) == NULL)
237 return (-1);
238 log_debug("%s: using crl(s) from %s", __func__,
239 srv->srv_conf.tls_crl_file);
240
241 return (0);
242 }
243
244 int
server_tls_init(struct server * srv)245 server_tls_init(struct server *srv)
246 {
247 struct server_config *srv_conf;
248
249 if ((srv->srv_conf.flags & SRVFLAG_TLS) == 0)
250 return (0);
251
252 log_debug("%s: setting up tls for %s", __func__, srv->srv_conf.name);
253
254 if ((srv->srv_tls_config = tls_config_new()) == NULL) {
255 log_warnx("%s: failed to get tls config", __func__);
256 return (-1);
257 }
258 if ((srv->srv_tls_ctx = tls_server()) == NULL) {
259 log_warnx("%s: failed to get tls server", __func__);
260 return (-1);
261 }
262
263 if (tls_config_set_protocols(srv->srv_tls_config,
264 srv->srv_conf.tls_protocols) != 0) {
265 log_warnx("%s: failed to set tls protocols: %s",
266 __func__, tls_config_error(srv->srv_tls_config));
267 return (-1);
268 }
269 if (tls_config_set_ciphers(srv->srv_tls_config,
270 srv->srv_conf.tls_ciphers) != 0) {
271 log_warnx("%s: failed to set tls ciphers: %s",
272 __func__, tls_config_error(srv->srv_tls_config));
273 return (-1);
274 }
275 if (tls_config_set_dheparams(srv->srv_tls_config,
276 srv->srv_conf.tls_dhe_params) != 0) {
277 log_warnx("%s: failed to set tls dhe params: %s",
278 __func__, tls_config_error(srv->srv_tls_config));
279 return (-1);
280 }
281 if (tls_config_set_ecdhecurves(srv->srv_tls_config,
282 srv->srv_conf.tls_ecdhe_curves) != 0) {
283 log_warnx("%s: failed to set tls ecdhe curves: %s",
284 __func__, tls_config_error(srv->srv_tls_config));
285 return (-1);
286 }
287
288 if (tls_config_set_keypair_ocsp_mem(srv->srv_tls_config,
289 srv->srv_conf.tls_cert, srv->srv_conf.tls_cert_len,
290 srv->srv_conf.tls_key, srv->srv_conf.tls_key_len,
291 srv->srv_conf.tls_ocsp_staple,
292 srv->srv_conf.tls_ocsp_staple_len) != 0) {
293 log_warnx("%s: failed to set tls certificate/key: %s",
294 __func__, tls_config_error(srv->srv_tls_config));
295 return (-1);
296 }
297
298 if (srv->srv_conf.tls_ca != NULL) {
299 if (tls_config_set_ca_mem(srv->srv_tls_config,
300 srv->srv_conf.tls_ca, srv->srv_conf.tls_ca_len) != 0) {
301 log_warnx("%s: failed to add ca cert(s)", __func__);
302 return (-1);
303 }
304 if (tls_config_set_crl_mem(srv->srv_tls_config,
305 srv->srv_conf.tls_crl, srv->srv_conf.tls_crl_len) != 0) {
306 log_warnx("%s: failed to add crl(s)", __func__);
307 return (-1);
308 }
309 if (srv->srv_conf.tls_flags & TLSFLAG_OPTIONAL)
310 tls_config_verify_client_optional(srv->srv_tls_config);
311 else
312 tls_config_verify_client(srv->srv_tls_config);
313 }
314
315 TAILQ_FOREACH(srv_conf, &srv->srv_hosts, entry) {
316 if (srv_conf->tls_cert == NULL || srv_conf->tls_key == NULL)
317 continue;
318 log_debug("%s: adding keypair for server %s", __func__,
319 srv->srv_conf.name);
320 if (tls_config_add_keypair_ocsp_mem(srv->srv_tls_config,
321 srv_conf->tls_cert, srv_conf->tls_cert_len,
322 srv_conf->tls_key, srv_conf->tls_key_len,
323 srv_conf->tls_ocsp_staple,
324 srv_conf->tls_ocsp_staple_len) != 0) {
325 log_warnx("%s: failed to add tls keypair", __func__);
326 return (-1);
327 }
328 }
329
330 /* set common session ID among all processes */
331 if (tls_config_set_session_id(srv->srv_tls_config,
332 httpd_env->sc_tls_sid, sizeof(httpd_env->sc_tls_sid)) == -1) {
333 log_warnx("%s: could not set the TLS session ID: %s",
334 __func__, tls_config_error(srv->srv_tls_config));
335 return (-1);
336 }
337
338 /* ticket support */
339 if (srv->srv_conf.tls_ticket_lifetime) {
340 if (tls_config_set_session_lifetime(srv->srv_tls_config,
341 srv->srv_conf.tls_ticket_lifetime) == -1) {
342 log_warnx("%s: could not set the TLS session lifetime: "
343 "%s", __func__,
344 tls_config_error(srv->srv_tls_config));
345 return (-1);
346 }
347 tls_config_add_ticket_key(srv->srv_tls_config,
348 srv->srv_conf.tls_ticket_key.tt_keyrev,
349 srv->srv_conf.tls_ticket_key.tt_key,
350 sizeof(srv->srv_conf.tls_ticket_key.tt_key));
351 explicit_bzero(&srv->srv_conf.tls_ticket_key,
352 sizeof(srv->srv_conf.tls_ticket_key));
353 }
354
355 if (tls_configure(srv->srv_tls_ctx, srv->srv_tls_config) != 0) {
356 log_warnx("%s: failed to configure tls - %s", __func__,
357 tls_error(srv->srv_tls_ctx));
358 return (-1);
359 }
360
361 /* We're now done with the public/private key & ca/crl... */
362 tls_config_clear_keys(srv->srv_tls_config);
363 freezero(srv->srv_conf.tls_cert, srv->srv_conf.tls_cert_len);
364 freezero(srv->srv_conf.tls_key, srv->srv_conf.tls_key_len);
365 free(srv->srv_conf.tls_ca);
366 free(srv->srv_conf.tls_crl);
367 srv->srv_conf.tls_ca = NULL;
368 srv->srv_conf.tls_cert = NULL;
369 srv->srv_conf.tls_crl = NULL;
370 srv->srv_conf.tls_key = NULL;
371 srv->srv_conf.tls_ca_len = 0;
372 srv->srv_conf.tls_cert_len = 0;
373 srv->srv_conf.tls_crl_len = 0;
374 srv->srv_conf.tls_key_len = 0;
375
376 return (0);
377 }
378
379 void
server_generate_ticket_key(struct server_config * srv_conf)380 server_generate_ticket_key(struct server_config *srv_conf)
381 {
382 struct server_tls_ticket *key = &srv_conf->tls_ticket_key;
383
384 key->tt_id = srv_conf->id;
385 key->tt_keyrev = arc4random();
386 arc4random_buf(key->tt_key, sizeof(key->tt_key));
387 }
388
389 void
server_init(struct privsep * ps,struct privsep_proc * p,void * arg)390 server_init(struct privsep *ps, struct privsep_proc *p, void *arg)
391 {
392 server_http();
393
394 if (config_init(ps->ps_env) == -1)
395 fatal("failed to initialize configuration");
396
397 /* We use a custom shutdown callback */
398 p->p_shutdown = server_shutdown;
399
400 /* Unlimited file descriptors (use system limits) */
401 socket_rlimit(-1);
402
403 #ifdef __OpenBSD__
404 if (pledge("stdio rpath inet unix recvfd", NULL) == -1)
405 fatal("pledge");
406 #endif
407
408 #if 0
409 /* Schedule statistics timer */
410 evtimer_set(&ps->ps_env->sc_statev, server_statistics, NULL);
411 memcpy(&tv, &ps->ps_env->sc_statinterval, sizeof(tv));
412 evtimer_add(&ps->ps_env->sc_statev, &tv);
413 #endif
414 }
415
416 void
server_launch(void)417 server_launch(void)
418 {
419 struct server *srv;
420
421 TAILQ_FOREACH(srv, httpd_env->sc_servers, srv_entry) {
422 log_debug("%s: configuring server %s", __func__,
423 srv->srv_conf.name);
424
425 server_tls_init(srv);
426 server_http_init(srv);
427
428 log_debug("%s: running server %s", __func__,
429 srv->srv_conf.name);
430
431 event_set(&srv->srv_ev, srv->srv_s, EV_READ,
432 server_accept, srv);
433 event_add(&srv->srv_ev, NULL);
434 evtimer_set(&srv->srv_evt, server_accept, srv);
435 }
436 }
437
438 void
server_purge(struct server * srv)439 server_purge(struct server *srv)
440 {
441 struct client *clt;
442 struct server_config *srv_conf;
443
444 /* shutdown and remove server */
445 if (event_initialized(&srv->srv_ev))
446 event_del(&srv->srv_ev);
447 if (evtimer_initialized(&srv->srv_evt))
448 evtimer_del(&srv->srv_evt);
449
450 if (srv->srv_s != -1)
451 close(srv->srv_s);
452 TAILQ_REMOVE(httpd_env->sc_servers, srv, srv_entry);
453
454 /* cleanup sessions */
455 while ((clt =
456 SPLAY_ROOT(&srv->srv_clients)) != NULL)
457 server_close(clt, NULL);
458
459 /* cleanup hosts */
460 while ((srv_conf =
461 TAILQ_FIRST(&srv->srv_hosts)) != NULL) {
462 TAILQ_REMOVE(&srv->srv_hosts, srv_conf, entry);
463
464 /* It might point to our own "default" entry */
465 if (srv_conf != &srv->srv_conf) {
466 serverconfig_free(srv_conf);
467 free(srv_conf);
468 }
469 }
470
471 tls_config_free(srv->srv_tls_config);
472 tls_free(srv->srv_tls_ctx);
473
474 free(srv);
475 }
476
477 void
serverconfig_free(struct server_config * srv_conf)478 serverconfig_free(struct server_config *srv_conf)
479 {
480 struct fastcgi_param *param, *tparam;
481
482 free(srv_conf->return_uri);
483 free(srv_conf->tls_ca_file);
484 free(srv_conf->tls_ca);
485 free(srv_conf->tls_cert_file);
486 free(srv_conf->tls_crl_file);
487 free(srv_conf->tls_crl);
488 free(srv_conf->tls_key_file);
489 free(srv_conf->tls_ocsp_staple_file);
490 free(srv_conf->tls_ocsp_staple);
491 freezero(srv_conf->tls_cert, srv_conf->tls_cert_len);
492 freezero(srv_conf->tls_key, srv_conf->tls_key_len);
493
494 TAILQ_FOREACH_MUTABLE(param, &srv_conf->fcgiparams, entry, tparam)
495 free(param);
496 }
497
498 void
serverconfig_reset(struct server_config * srv_conf)499 serverconfig_reset(struct server_config *srv_conf)
500 {
501 srv_conf->auth = NULL;
502 srv_conf->return_uri = NULL;
503 srv_conf->tls_ca = NULL;
504 srv_conf->tls_ca_file = NULL;
505 srv_conf->tls_cert = NULL;
506 srv_conf->tls_cert_file = NULL;
507 srv_conf->tls_crl = NULL;
508 srv_conf->tls_crl_file = NULL;
509 srv_conf->tls_key = NULL;
510 srv_conf->tls_key_file = NULL;
511 srv_conf->tls_ocsp_staple = NULL;
512 srv_conf->tls_ocsp_staple_file = NULL;
513 TAILQ_INIT(&srv_conf->fcgiparams);
514 }
515
516 struct server *
server_byaddr(struct sockaddr * addr,in_port_t port)517 server_byaddr(struct sockaddr *addr, in_port_t port)
518 {
519 struct server *srv;
520
521 TAILQ_FOREACH(srv, httpd_env->sc_servers, srv_entry) {
522 if (port == srv->srv_conf.port &&
523 sockaddr_cmp((struct sockaddr *)&srv->srv_conf.ss,
524 addr, srv->srv_conf.prefixlen) == 0)
525 return (srv);
526 }
527
528 return (NULL);
529 }
530
531 struct server_config *
serverconfig_byid(uint32_t id)532 serverconfig_byid(uint32_t id)
533 {
534 struct server *srv;
535 struct server_config *srv_conf;
536
537 TAILQ_FOREACH(srv, httpd_env->sc_servers, srv_entry) {
538 if (srv->srv_conf.id == id)
539 return (&srv->srv_conf);
540 TAILQ_FOREACH(srv_conf, &srv->srv_hosts, entry) {
541 if (srv_conf->id == id)
542 return (srv_conf);
543 }
544 }
545
546 return (NULL);
547 }
548
549 struct server *
server_byid(uint32_t id)550 server_byid(uint32_t id)
551 {
552 struct server *srv;
553
554 TAILQ_FOREACH(srv, httpd_env->sc_servers, srv_entry) {
555 if (srv->srv_conf.id == id)
556 return (srv);
557 }
558 return (NULL);
559 }
560
561 int
server_foreach(int (* srv_cb)(struct server *,struct server_config *,void *),void * arg)562 server_foreach(int (*srv_cb)(struct server *,
563 struct server_config *, void *), void *arg)
564 {
565 struct server *srv;
566 struct server_config *srv_conf;
567
568 TAILQ_FOREACH(srv, httpd_env->sc_servers, srv_entry) {
569 if ((srv_cb)(srv, &srv->srv_conf, arg) == -1)
570 return (-1);
571 TAILQ_FOREACH(srv_conf, &srv->srv_hosts, entry) {
572 if ((srv_cb)(srv, srv_conf, arg) == -1)
573 return (-1);
574 }
575 }
576
577 return (0);
578 }
579
580 struct server *
server_match(struct server * s2,int match_name)581 server_match(struct server *s2, int match_name)
582 {
583 struct server *s1;
584
585 /* Attempt to find matching server. */
586 TAILQ_FOREACH(s1, httpd_env->sc_servers, srv_entry) {
587 if ((s1->srv_conf.flags & SRVFLAG_LOCATION) != 0)
588 continue;
589 if (match_name) {
590 if (strcmp(s1->srv_conf.name, s2->srv_conf.name) != 0)
591 continue;
592 }
593 if (s1->srv_conf.port != s2->srv_conf.port)
594 continue;
595 if (sockaddr_cmp(
596 (struct sockaddr *)&s1->srv_conf.ss,
597 (struct sockaddr *)&s2->srv_conf.ss,
598 s1->srv_conf.prefixlen) != 0)
599 continue;
600
601 return (s1);
602 }
603
604 return (NULL);
605 }
606
607 int
server_socket_af(struct sockaddr_storage * ss,in_port_t port)608 server_socket_af(struct sockaddr_storage *ss, in_port_t port)
609 {
610 switch (ss->ss_family) {
611 case AF_INET:
612 ((struct sockaddr_in *)ss)->sin_port = port;
613 ((struct sockaddr_in *)ss)->sin_len =
614 sizeof(struct sockaddr_in);
615 break;
616 case AF_INET6:
617 ((struct sockaddr_in6 *)ss)->sin6_port = port;
618 ((struct sockaddr_in6 *)ss)->sin6_len =
619 sizeof(struct sockaddr_in6);
620 break;
621 default:
622 return (-1);
623 }
624
625 return (0);
626 }
627
628 in_port_t
server_socket_getport(struct sockaddr_storage * ss)629 server_socket_getport(struct sockaddr_storage *ss)
630 {
631 switch (ss->ss_family) {
632 case AF_INET:
633 return (((struct sockaddr_in *)ss)->sin_port);
634 case AF_INET6:
635 return (((struct sockaddr_in6 *)ss)->sin6_port);
636 default:
637 return (0);
638 }
639
640 /* NOTREACHED */
641 return (0);
642 }
643
644 int
server_socket(struct sockaddr_storage * ss,in_port_t port,struct server_config * srv_conf,int fd,int reuseport)645 server_socket(struct sockaddr_storage *ss, in_port_t port,
646 struct server_config *srv_conf, int fd, int reuseport)
647 {
648 struct linger lng;
649 int s = -1, val;
650
651 if (server_socket_af(ss, port) == -1)
652 goto bad;
653
654 s = fd == -1 ? socket(ss->ss_family, SOCK_STREAM | SOCK_NONBLOCK,
655 IPPROTO_TCP) : fd;
656 if (s == -1)
657 goto bad;
658
659 /*
660 * Socket options
661 */
662 memset(&lng, 0, sizeof(lng));
663 if (setsockopt(s, SOL_SOCKET, SO_LINGER, &lng, sizeof(lng)) == -1)
664 goto bad;
665 if (reuseport) {
666 val = 1;
667 if (setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &val,
668 sizeof(int)) == -1)
669 goto bad;
670 }
671 if (srv_conf->tcpflags & TCPFLAG_BUFSIZ) {
672 val = srv_conf->tcpbufsiz;
673 if (setsockopt(s, SOL_SOCKET, SO_RCVBUF,
674 &val, sizeof(val)) == -1)
675 goto bad;
676 val = srv_conf->tcpbufsiz;
677 if (setsockopt(s, SOL_SOCKET, SO_SNDBUF,
678 &val, sizeof(val)) == -1)
679 goto bad;
680 }
681
682 /*
683 * IP options
684 */
685 if (srv_conf->tcpflags & TCPFLAG_IPTTL) {
686 val = (int)srv_conf->tcpipttl;
687 switch (ss->ss_family) {
688 case AF_INET:
689 if (setsockopt(s, IPPROTO_IP, IP_TTL,
690 &val, sizeof(val)) == -1)
691 goto bad;
692 break;
693 case AF_INET6:
694 if (setsockopt(s, IPPROTO_IPV6, IPV6_UNICAST_HOPS,
695 &val, sizeof(val)) == -1)
696 goto bad;
697 break;
698 }
699 }
700 if (srv_conf->tcpflags & TCPFLAG_IPMINTTL) {
701 val = (int)srv_conf->tcpipminttl;
702 switch (ss->ss_family) {
703 case AF_INET:
704 if (setsockopt(s, IPPROTO_IP, IP_MINTTL,
705 &val, sizeof(val)) == -1)
706 goto bad;
707 break;
708 case AF_INET6:
709 if (setsockopt(s, IPPROTO_IPV6, IPV6_MINHOPCOUNT,
710 &val, sizeof(val)) == -1)
711 goto bad;
712 break;
713 }
714 }
715
716 /*
717 * TCP options
718 */
719 if (srv_conf->tcpflags & (TCPFLAG_NODELAY|TCPFLAG_NNODELAY)) {
720 if (srv_conf->tcpflags & TCPFLAG_NNODELAY)
721 val = 0;
722 else
723 val = 1;
724 if (setsockopt(s, IPPROTO_TCP, TCP_NODELAY,
725 &val, sizeof(val)) == -1)
726 goto bad;
727 }
728 if (srv_conf->tcpflags & (TCPFLAG_SACK|TCPFLAG_NSACK)) {
729 if (srv_conf->tcpflags & TCPFLAG_NSACK)
730 val = 0;
731 else
732 val = 1;
733 #ifdef __OpenBSD__
734 if (setsockopt(s, IPPROTO_TCP, TCP_SACK_ENABLE,
735 &val, sizeof(val)) == -1)
736 goto bad;
737 #endif
738 }
739
740 return (s);
741
742 bad:
743 if (s != -1)
744 close(s);
745 return (-1);
746 }
747
748 int
server_socket_listen(struct sockaddr_storage * ss,in_port_t port,struct server_config * srv_conf)749 server_socket_listen(struct sockaddr_storage *ss, in_port_t port,
750 struct server_config *srv_conf)
751 {
752 int s;
753
754 if ((s = server_socket(ss, port, srv_conf, -1, 1)) == -1)
755 return (-1);
756
757 if (bind(s, (struct sockaddr *)ss, ss->ss_len) == -1)
758 goto bad;
759 if (listen(s, srv_conf->tcpbacklog) == -1)
760 goto bad;
761
762 return (s);
763
764 bad:
765 close(s);
766 return (-1);
767 }
768
769 int
server_socket_connect(struct sockaddr_storage * ss,in_port_t port,struct server_config * srv_conf)770 server_socket_connect(struct sockaddr_storage *ss, in_port_t port,
771 struct server_config *srv_conf)
772 {
773 int s;
774
775 if ((s = server_socket(ss, port, srv_conf, -1, 0)) == -1)
776 return (-1);
777
778 if (connect(s, (struct sockaddr *)ss, ss->ss_len) == -1) {
779 if (errno != EINPROGRESS)
780 goto bad;
781 }
782
783 return (s);
784
785 bad:
786 close(s);
787 return (-1);
788 }
789
790 void
server_tls_readcb(int fd,short event,void * arg)791 server_tls_readcb(int fd, short event, void *arg)
792 {
793 struct bufferevent *bufev = arg;
794 struct client *clt = bufev->cbarg;
795 char rbuf[IBUF_READ_SIZE];
796 int what = EVBUFFER_READ;
797 int howmuch = IBUF_READ_SIZE;
798 ssize_t ret;
799 size_t len;
800
801 if (event == EV_TIMEOUT) {
802 what |= EVBUFFER_TIMEOUT;
803 goto err;
804 }
805
806 if (bufev->wm_read.high != 0)
807 howmuch = MINIMUM(sizeof(rbuf), bufev->wm_read.high);
808
809 ret = tls_read(clt->clt_tls_ctx, rbuf, howmuch);
810 if (ret == TLS_WANT_POLLIN || ret == TLS_WANT_POLLOUT) {
811 goto retry;
812 } else if (ret == -1) {
813 what |= EVBUFFER_ERROR;
814 goto err;
815 }
816 len = ret;
817
818 if (len == 0) {
819 what |= EVBUFFER_EOF;
820 goto err;
821 }
822
823 if (evbuffer_add(bufev->input, rbuf, len) == -1) {
824 what |= EVBUFFER_ERROR;
825 goto err;
826 }
827
828 server_bufferevent_add(&bufev->ev_read, bufev->timeout_read);
829
830 len = EVBUFFER_LENGTH(bufev->input);
831 if (bufev->wm_read.low != 0 && len < bufev->wm_read.low)
832 return;
833 if (bufev->wm_read.high != 0 && len > bufev->wm_read.high) {
834 struct evbuffer *buf = bufev->input;
835 event_del(&bufev->ev_read);
836 evbuffer_setcb(buf, bufferevent_read_pressure_cb, bufev);
837 return;
838 }
839
840 if (bufev->readcb != NULL)
841 (*bufev->readcb)(bufev, bufev->cbarg);
842 return;
843
844 retry:
845 server_bufferevent_add(&bufev->ev_read, bufev->timeout_read);
846 return;
847
848 err:
849 (*bufev->errorcb)(bufev, what, bufev->cbarg);
850 }
851
852 void
server_tls_writecb(int fd,short event,void * arg)853 server_tls_writecb(int fd, short event, void *arg)
854 {
855 struct bufferevent *bufev = arg;
856 struct client *clt = bufev->cbarg;
857 ssize_t ret;
858 short what = EVBUFFER_WRITE;
859 size_t len;
860
861 if (event == EV_TIMEOUT) {
862 what |= EVBUFFER_TIMEOUT;
863 goto err;
864 }
865
866 if (EVBUFFER_LENGTH(bufev->output)) {
867 ret = tls_write(clt->clt_tls_ctx,
868 EVBUFFER_DATA(bufev->output),
869 EVBUFFER_LENGTH(bufev->output));
870 if (ret == TLS_WANT_POLLIN || ret == TLS_WANT_POLLOUT) {
871 goto retry;
872 } else if (ret == -1) {
873 what |= EVBUFFER_ERROR;
874 goto err;
875 }
876 len = ret;
877 evbuffer_drain(bufev->output, len);
878 }
879
880 if (EVBUFFER_LENGTH(bufev->output) != 0)
881 server_bufferevent_add(&bufev->ev_write, bufev->timeout_write);
882
883 if (bufev->writecb != NULL &&
884 EVBUFFER_LENGTH(bufev->output) <= bufev->wm_write.low)
885 (*bufev->writecb)(bufev, bufev->cbarg);
886 return;
887
888 retry:
889 server_bufferevent_add(&bufev->ev_write, bufev->timeout_write);
890 return;
891
892 err:
893 (*bufev->errorcb)(bufev, what, bufev->cbarg);
894 }
895
896 void
server_input(struct client * clt)897 server_input(struct client *clt)
898 {
899 struct server_config *srv_conf = clt->clt_srv_conf;
900 evbuffercb inrd = server_read;
901 evbuffercb inwr = server_write;
902 socklen_t slen;
903
904 if (server_httpdesc_init(clt) == -1) {
905 server_close(clt, "failed to allocate http descriptor");
906 return;
907 }
908
909 clt->clt_toread = TOREAD_HTTP_HEADER;
910 inrd = server_read_http;
911
912 slen = sizeof(clt->clt_sndbufsiz);
913 if (getsockopt(clt->clt_s, SOL_SOCKET, SO_SNDBUF,
914 &clt->clt_sndbufsiz, &slen) == -1) {
915 server_close(clt, "failed to get send buffer size");
916 return;
917 }
918
919 /*
920 * Client <-> Server
921 */
922 clt->clt_bev = bufferevent_new(clt->clt_s, inrd, inwr,
923 server_error, clt);
924 if (clt->clt_bev == NULL) {
925 server_close(clt, "failed to allocate input buffer event");
926 return;
927 }
928
929 if (srv_conf->flags & SRVFLAG_TLS) {
930 event_set(&clt->clt_bev->ev_read, clt->clt_s, EV_READ,
931 server_tls_readcb, clt->clt_bev);
932 event_set(&clt->clt_bev->ev_write, clt->clt_s, EV_WRITE,
933 server_tls_writecb, clt->clt_bev);
934 }
935
936 /* Adjust write watermark to the socket buffer output size */
937 bufferevent_setwatermark(clt->clt_bev, EV_WRITE,
938 SERVER_MIN_PREFETCHED * clt->clt_sndbufsiz, 0);
939 /* Read at most amount of data that fits in one fcgi record. */
940 bufferevent_setwatermark(clt->clt_bev, EV_READ, 0, FCGI_CONTENT_SIZE);
941
942 bufferevent_settimeout(clt->clt_bev,
943 srv_conf->requesttimeout.tv_sec, srv_conf->requesttimeout.tv_sec);
944 bufferevent_enable(clt->clt_bev, EV_READ|EV_WRITE);
945 }
946
947 void
server_write(struct bufferevent * bev,void * arg)948 server_write(struct bufferevent *bev, void *arg)
949 {
950 struct client *clt = arg;
951 struct evbuffer *dst = EVBUFFER_OUTPUT(bev);
952
953 if (EVBUFFER_LENGTH(dst) == 0 &&
954 clt->clt_toread == TOREAD_HTTP_NONE)
955 goto done;
956
957 getmonotime(&clt->clt_tv_last);
958
959 if (clt->clt_done)
960 goto done;
961 #ifndef __OpenBSD__
962 /*
963 On FreeBSD lots of 'buffer event timeout' if buffer event not enabled
964 */
965 bufferevent_enable(bev, EV_READ);
966 #endif
967
968 if (clt->clt_srvbev && clt->clt_srvbev_throttled) {
969 bufferevent_enable(clt->clt_srvbev, EV_READ);
970 clt->clt_srvbev_throttled = 0;
971 }
972
973 return;
974 done:
975 (*bev->errorcb)(bev, EVBUFFER_WRITE, bev->cbarg);
976 return;
977 }
978
979 void
server_dump(struct client * clt,const void * buf,size_t len)980 server_dump(struct client *clt, const void *buf, size_t len)
981 {
982 if (!len)
983 return;
984
985 /*
986 * This function will dump the specified message directly
987 * to the underlying client, without waiting for success
988 * of non-blocking events etc. This is useful to print an
989 * error message before gracefully closing the client.
990 */
991 if (clt->clt_tls_ctx != NULL)
992 (void)tls_write(clt->clt_tls_ctx, buf, len);
993 else
994 (void)write(clt->clt_s, buf, len);
995 }
996
997 void
server_read(struct bufferevent * bev,void * arg)998 server_read(struct bufferevent *bev, void *arg)
999 {
1000 struct client *clt = arg;
1001 struct evbuffer *src = EVBUFFER_INPUT(bev);
1002
1003 getmonotime(&clt->clt_tv_last);
1004
1005 if (!EVBUFFER_LENGTH(src))
1006 return;
1007 if (server_bufferevent_write_buffer(clt, src) == -1)
1008 goto fail;
1009 if (clt->clt_done)
1010 goto done;
1011
1012 if (EVBUFFER_LENGTH(EVBUFFER_OUTPUT(clt->clt_bev)) > (size_t)
1013 SERVER_MAX_PREFETCH * clt->clt_sndbufsiz) {
1014 bufferevent_disable(clt->clt_srvbev, EV_READ);
1015 clt->clt_srvbev_throttled = 1;
1016 }
1017
1018 return;
1019 done:
1020 (*bev->errorcb)(bev, EVBUFFER_READ, bev->cbarg);
1021 return;
1022 fail:
1023 server_close(clt, strerror(errno));
1024 }
1025
1026 void
server_error(struct bufferevent * bev,short error,void * arg)1027 server_error(struct bufferevent *bev, short error, void *arg)
1028 {
1029 struct client *clt = arg;
1030 struct evbuffer *dst;
1031
1032 if (error & EVBUFFER_TIMEOUT) {
1033 if (!clt->clt_headersdone && clt->clt_line > 0)
1034 server_abort_http(clt, 408, "timeout");
1035 else
1036 server_close(clt, "timeout");
1037 return;
1038 }
1039 if (error & EVBUFFER_ERROR) {
1040 if (errno == EFBIG) {
1041 bufferevent_enable(bev, EV_READ);
1042 return;
1043 }
1044 server_close(clt, "buffer event error");
1045 return;
1046 }
1047 if (error & EVBUFFER_EOF) {
1048 server_close(clt, "closed");
1049 return;
1050 }
1051 if (error & (EVBUFFER_READ|EVBUFFER_WRITE)) {
1052 bufferevent_disable(bev, EV_READ|EV_WRITE);
1053
1054 clt->clt_done = 1;
1055
1056 dst = EVBUFFER_OUTPUT(clt->clt_bev);
1057 if (EVBUFFER_LENGTH(dst)) {
1058 /* Finish writing all data first */
1059 bufferevent_enable(clt->clt_bev, EV_WRITE);
1060 return;
1061 }
1062
1063 server_close(clt, "done");
1064 return;
1065 }
1066 server_close(clt, "unknown event error");
1067 return;
1068 }
1069
1070 void
server_accept(int fd,short event,void * arg)1071 server_accept(int fd, short event, void *arg)
1072 {
1073 struct server *srv = arg;
1074 struct client *clt = NULL;
1075 socklen_t slen;
1076 struct sockaddr_storage ss;
1077 int s = -1;
1078
1079 event_add(&srv->srv_ev, NULL);
1080 if ((event & EV_TIMEOUT))
1081 return;
1082
1083 slen = sizeof(ss);
1084 if ((s = accept_reserve(fd, (struct sockaddr *)&ss,
1085 &slen, FD_RESERVE, &server_inflight)) == -1) {
1086 /*
1087 * Pause accept if we are out of file descriptors, or
1088 * libevent will haunt us here too.
1089 */
1090 if (errno == ENFILE || errno == EMFILE) {
1091 struct timeval evtpause = { 1, 0 };
1092
1093 event_del(&srv->srv_ev);
1094 evtimer_add(&srv->srv_evt, &evtpause);
1095 log_debug("%s: deferring connections", __func__);
1096 }
1097 return;
1098 }
1099 if (server_clients >= SERVER_MAX_CLIENTS)
1100 goto err;
1101
1102 if ((clt = calloc(1, sizeof(*clt))) == NULL)
1103 goto err;
1104
1105 /* Pre-allocate log buffer */
1106 clt->clt_log = evbuffer_new();
1107 if (clt->clt_log == NULL)
1108 goto err;
1109
1110 clt->clt_s = s;
1111 clt->clt_fd = -1;
1112 clt->clt_toread = TOREAD_UNLIMITED;
1113 clt->clt_srv = srv;
1114 clt->clt_srv_conf = &srv->srv_conf;
1115 clt->clt_id = ++server_cltid;
1116 clt->clt_srv_id = srv->srv_conf.id;
1117 clt->clt_pid = getpid();
1118 clt->clt_inflight = 1;
1119
1120 /* get local address */
1121 slen = sizeof(clt->clt_srv_ss);
1122 if (getsockname(s, (struct sockaddr *)&clt->clt_srv_ss,
1123 &slen) == -1) {
1124 server_close(clt, "listen address lookup failed");
1125 return;
1126 }
1127
1128 /* get client address */
1129 memcpy(&clt->clt_ss, &ss, sizeof(clt->clt_ss));
1130
1131 /* get ports */
1132 switch (ss.ss_family) {
1133 case AF_INET:
1134 clt->clt_port = ((struct sockaddr_in *)&ss)->sin_port;
1135 break;
1136 case AF_INET6:
1137 clt->clt_port = ((struct sockaddr_in6 *)&ss)->sin6_port;
1138 break;
1139 }
1140
1141 getmonotime(&clt->clt_tv_start);
1142 memcpy(&clt->clt_tv_last, &clt->clt_tv_start, sizeof(clt->clt_tv_last));
1143
1144 server_clients++;
1145 SPLAY_INSERT(client_tree, &srv->srv_clients, clt);
1146
1147 /* Pre-allocate output buffer */
1148 clt->clt_output = evbuffer_new();
1149 if (clt->clt_output == NULL) {
1150 server_close(clt, "failed to allocate output buffer");
1151 return;
1152 }
1153
1154 if (srv->srv_conf.flags & SRVFLAG_TLS) {
1155 if (tls_accept_socket(srv->srv_tls_ctx, &clt->clt_tls_ctx,
1156 clt->clt_s) != 0) {
1157 server_close(clt, "failed to accept tls socket");
1158 return;
1159 }
1160 event_again(&clt->clt_ev, clt->clt_s, EV_TIMEOUT|EV_READ,
1161 server_tls_handshake, &clt->clt_tv_start,
1162 &srv->srv_conf.timeout, clt);
1163 return;
1164 }
1165
1166 server_input(clt);
1167 return;
1168
1169 err:
1170 if (s != -1) {
1171 close(s);
1172 free(clt);
1173 /*
1174 * the client struct was not completely set up, but still
1175 * counted as an inflight client. account for this.
1176 */
1177 server_inflight_dec(NULL, __func__);
1178 }
1179 }
1180
1181 void
server_tls_handshake(int fd,short event,void * arg)1182 server_tls_handshake(int fd, short event, void *arg)
1183 {
1184 struct client *clt = (struct client *)arg;
1185 struct server *srv = (struct server *)clt->clt_srv;
1186 int ret;
1187
1188 if (event == EV_TIMEOUT) {
1189 server_close(clt, "tls handshake timeout");
1190 return;
1191 }
1192
1193 if (srv->srv_tls_ctx == NULL || clt->clt_tls_ctx == NULL)
1194 fatalx("NULL tls context");
1195
1196 ret = tls_handshake(clt->clt_tls_ctx);
1197 if (ret == 0) {
1198 server_input(clt);
1199 } else if (ret == TLS_WANT_POLLIN) {
1200 event_again(&clt->clt_ev, clt->clt_s, EV_TIMEOUT|EV_READ,
1201 server_tls_handshake, &clt->clt_tv_start,
1202 &srv->srv_conf.timeout, clt);
1203 } else if (ret == TLS_WANT_POLLOUT) {
1204 event_again(&clt->clt_ev, clt->clt_s, EV_TIMEOUT|EV_WRITE,
1205 server_tls_handshake, &clt->clt_tv_start,
1206 &srv->srv_conf.timeout, clt);
1207 } else {
1208 log_debug("%s: tls handshake failed - %s", __func__,
1209 tls_error(clt->clt_tls_ctx));
1210 server_close(clt, "tls handshake failed");
1211 }
1212 }
1213
1214 void
server_inflight_dec(struct client * clt,const char * why)1215 server_inflight_dec(struct client *clt, const char *why)
1216 {
1217 if (clt != NULL) {
1218 /* the flight already left inflight mode. */
1219 if (clt->clt_inflight == 0)
1220 return;
1221 clt->clt_inflight = 0;
1222 }
1223
1224 /* the file was never opened, thus this was an inflight client. */
1225 server_inflight--;
1226 DPRINTF("%s: inflight decremented, now %d, %s",
1227 __func__, server_inflight, why);
1228 }
1229
1230 void
server_sendlog(struct server_config * srv_conf,int cmd,const char * emsg,...)1231 server_sendlog(struct server_config *srv_conf, int cmd, const char *emsg, ...)
1232 {
1233 va_list ap;
1234 char *msg;
1235 int ret;
1236 struct iovec iov[2];
1237
1238 if (srv_conf->flags & SRVFLAG_SYSLOG) {
1239 va_start(ap, emsg);
1240 if (cmd == IMSG_LOG_ACCESS)
1241 vlog(LOG_INFO, emsg, ap);
1242 else
1243 vlog(LOG_DEBUG, emsg, ap);
1244 va_end(ap);
1245 return;
1246 }
1247
1248 va_start(ap, emsg);
1249 ret = vasprintf(&msg, emsg, ap);
1250 va_end(ap);
1251 if (ret == -1) {
1252 log_warn("%s: vasprintf", __func__);
1253 return;
1254 }
1255
1256 iov[0].iov_base = &srv_conf->id;
1257 iov[0].iov_len = sizeof(srv_conf->id);
1258 iov[1].iov_base = msg;
1259 iov[1].iov_len = ret + 1;
1260
1261 if (proc_composev(httpd_env->sc_ps, PROC_LOGGER, cmd, iov, 2) != 0) {
1262 log_warn("%s: failed to compose imsg", __func__);
1263 free(msg);
1264 return;
1265 }
1266 free(msg);
1267 }
1268
1269 void
server_log(struct client * clt,const char * msg)1270 server_log(struct client *clt, const char *msg)
1271 {
1272 char ibuf[HOST_NAME_MAX+1], obuf[HOST_NAME_MAX+1];
1273 struct server_config *srv_conf = clt->clt_srv_conf;
1274 char *ptr = NULL, *vmsg = NULL;
1275 int debug_cmd = -1;
1276
1277 switch (srv_conf->logformat) {
1278 case LOG_FORMAT_CONNECTION:
1279 debug_cmd = IMSG_LOG_ACCESS;
1280 break;
1281 default:
1282 if (log_getverbose() > 1)
1283 debug_cmd = IMSG_LOG_ERROR;
1284 if (EVBUFFER_LENGTH(clt->clt_log)) {
1285 while ((ptr =
1286 evbuffer_readline(clt->clt_log)) != NULL) {
1287 server_sendlog(srv_conf,
1288 IMSG_LOG_ACCESS, "%s", ptr);
1289 free(ptr);
1290 }
1291 }
1292 break;
1293 }
1294
1295 if (debug_cmd != -1 && msg != NULL) {
1296 memset(ibuf, 0, sizeof(ibuf));
1297 memset(obuf, 0, sizeof(obuf));
1298 (void)print_host(&clt->clt_ss, ibuf, sizeof(ibuf));
1299 (void)server_http_host(&clt->clt_srv_ss, obuf, sizeof(obuf));
1300 if (EVBUFFER_LENGTH(clt->clt_log) &&
1301 evbuffer_add_printf(clt->clt_log, "\n") != -1)
1302 ptr = evbuffer_readline(clt->clt_log);
1303 (void)stravis(&vmsg, msg, HTTPD_LOGVIS);
1304 server_sendlog(srv_conf, debug_cmd, "server %s, "
1305 "client %d (%d active), %s:%u -> %s, "
1306 "%s%s%s", srv_conf->name, clt->clt_id, server_clients,
1307 ibuf, ntohs(clt->clt_port), obuf, vmsg == NULL ? "" : vmsg,
1308 ptr == NULL ? "" : ",", ptr == NULL ? "" : ptr);
1309 free(vmsg);
1310 free(ptr);
1311 }
1312 }
1313
1314 void
server_close(struct client * clt,const char * msg)1315 server_close(struct client *clt, const char *msg)
1316 {
1317 struct server *srv = clt->clt_srv;
1318
1319 SPLAY_REMOVE(client_tree, &srv->srv_clients, clt);
1320
1321 /* free the HTTP descriptors incl. headers */
1322 server_close_http(clt);
1323
1324 /* tls_close must be called before the underlying socket is closed. */
1325 if (clt->clt_tls_ctx != NULL)
1326 tls_close(clt->clt_tls_ctx); /* XXX - error handling */
1327 tls_free(clt->clt_tls_ctx);
1328
1329 event_del(&clt->clt_ev);
1330 if (clt->clt_bev != NULL)
1331 bufferevent_disable(clt->clt_bev, EV_READ|EV_WRITE);
1332 if (clt->clt_srvbev != NULL)
1333 bufferevent_disable(clt->clt_srvbev, EV_READ|EV_WRITE);
1334
1335 server_log(clt, msg);
1336
1337 if (clt->clt_bev != NULL)
1338 bufferevent_free(clt->clt_bev);
1339 if (clt->clt_output != NULL)
1340 evbuffer_free(clt->clt_output);
1341 if (clt->clt_srvevb != NULL)
1342 evbuffer_free(clt->clt_srvevb);
1343
1344 if (clt->clt_srvbev != NULL)
1345 bufferevent_free(clt->clt_srvbev);
1346
1347 if (clt->clt_fd != -1)
1348 close(clt->clt_fd);
1349 if (clt->clt_s != -1)
1350 close(clt->clt_s);
1351
1352 server_inflight_dec(clt, __func__);
1353
1354 if (clt->clt_log != NULL)
1355 evbuffer_free(clt->clt_log);
1356
1357 free(clt);
1358 server_clients--;
1359 }
1360
1361 int
server_dispatch_parent(int fd,struct privsep_proc * p,struct imsg * imsg)1362 server_dispatch_parent(int fd, struct privsep_proc *p, struct imsg *imsg)
1363 {
1364 struct server *srv;
1365 struct server_tls_ticket key;
1366
1367 switch (imsg->hdr.type) {
1368 case IMSG_CFG_MEDIA:
1369 config_getmedia(httpd_env, imsg);
1370 break;
1371 case IMSG_CFG_AUTH:
1372 config_getauth(httpd_env, imsg);
1373 break;
1374 case IMSG_CFG_SERVER:
1375 config_getserver(httpd_env, imsg);
1376 break;
1377 case IMSG_CFG_TLS:
1378 config_getserver_tls(httpd_env, imsg);
1379 break;
1380 case IMSG_CFG_FCGI:
1381 config_getserver_fcgiparams(httpd_env, imsg);
1382 break;
1383 case IMSG_CFG_DONE:
1384 config_getcfg(httpd_env, imsg);
1385 break;
1386 case IMSG_CTL_START:
1387 server_launch();
1388 break;
1389 case IMSG_CTL_RESET:
1390 config_getreset(httpd_env, imsg);
1391 break;
1392 case IMSG_TLSTICKET_REKEY:
1393 IMSG_SIZE_CHECK(imsg, (&key));
1394 memcpy(&key, imsg->data, sizeof(key));
1395 /* apply to the right server */
1396 srv = server_byid(key.tt_id);
1397 if (srv) {
1398 tls_config_add_ticket_key(srv->srv_tls_config,
1399 key.tt_keyrev, key.tt_key, sizeof(key.tt_key));
1400 }
1401 break;
1402 default:
1403 return (-1);
1404 }
1405
1406 return (0);
1407 }
1408
1409 int
server_dispatch_logger(int fd,struct privsep_proc * p,struct imsg * imsg)1410 server_dispatch_logger(int fd, struct privsep_proc *p, struct imsg *imsg)
1411 {
1412 switch (imsg->hdr.type) {
1413 default:
1414 return (-1);
1415 }
1416
1417 return (0);
1418 }
1419
1420 int
server_bufferevent_add(struct event * ev,int timeout)1421 server_bufferevent_add(struct event *ev, int timeout)
1422 {
1423 struct timeval tv, *ptv = NULL;
1424
1425 if (timeout) {
1426 timerclear(&tv);
1427 tv.tv_sec = timeout;
1428 ptv = &tv;
1429 }
1430
1431 return (event_add(ev, ptv));
1432 }
1433
1434 int
server_bufferevent_printf(struct client * clt,const char * fmt,...)1435 server_bufferevent_printf(struct client *clt, const char *fmt, ...)
1436 {
1437 int ret;
1438 va_list ap;
1439 char *str;
1440
1441 va_start(ap, fmt);
1442 ret = vasprintf(&str, fmt, ap);
1443 va_end(ap);
1444
1445 if (ret == -1)
1446 return (ret);
1447
1448 ret = server_bufferevent_print(clt, str);
1449 free(str);
1450
1451 return (ret);
1452 }
1453
1454 int
server_bufferevent_print(struct client * clt,const char * str)1455 server_bufferevent_print(struct client *clt, const char *str)
1456 {
1457 if (clt->clt_bev == NULL)
1458 return (evbuffer_add(clt->clt_output, str, strlen(str)));
1459 return (bufferevent_write(clt->clt_bev, str, strlen(str)));
1460 }
1461
1462 int
server_bufferevent_write_buffer(struct client * clt,struct evbuffer * buf)1463 server_bufferevent_write_buffer(struct client *clt, struct evbuffer *buf)
1464 {
1465 if (clt->clt_bev == NULL)
1466 return (evbuffer_add_buffer(clt->clt_output, buf));
1467 return (bufferevent_write_buffer(clt->clt_bev, buf));
1468 }
1469
1470 int
server_bufferevent_write_chunk(struct client * clt,struct evbuffer * buf,size_t size)1471 server_bufferevent_write_chunk(struct client *clt,
1472 struct evbuffer *buf, size_t size)
1473 {
1474 int ret;
1475 ret = server_bufferevent_write(clt, buf->buffer, size);
1476 if (ret != -1)
1477 evbuffer_drain(buf, size);
1478 return (ret);
1479 }
1480
1481 int
server_bufferevent_write(struct client * clt,void * data,size_t size)1482 server_bufferevent_write(struct client *clt, void *data, size_t size)
1483 {
1484 if (clt->clt_bev == NULL)
1485 return (evbuffer_add(clt->clt_output, data, size));
1486 return (bufferevent_write(clt->clt_bev, data, size));
1487 }
1488
1489 int
server_client_cmp(struct client * a,struct client * b)1490 server_client_cmp(struct client *a, struct client *b)
1491 {
1492 return ((int)a->clt_id - b->clt_id);
1493 }
1494
1495 SPLAY_GENERATE(client_tree, client, clt_nodes, server_client_cmp);
1496