1 /* $OpenBSD: server.c,v 1.129 2023/11/08 19:19:10 millert Exp $ */ 2 3 /* 4 * Copyright (c) 2006 - 2015 Reyk Floeter <reyk@openbsd.org> 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19 #include <sys/types.h> 20 #include <sys/queue.h> 21 #include <sys/time.h> 22 #include <sys/stat.h> 23 #include <sys/socket.h> 24 #include <sys/uio.h> 25 #include <sys/tree.h> 26 27 #include <netinet/in.h> 28 #include <netinet/tcp.h> 29 #include <arpa/inet.h> 30 31 #include <stdio.h> 32 #include <stdlib.h> 33 #include <stdarg.h> 34 #include <limits.h> 35 #include <errno.h> 36 #include <fcntl.h> 37 #include <string.h> 38 #include <syslog.h> 39 #include <unistd.h> 40 #include <event.h> 41 #include <imsg.h> 42 #include <tls.h> 43 #include <vis.h> 44 45 #include "httpd.h" 46 47 #define MINIMUM(a, b) (((a) < (b)) ? (a) : (b)) 48 49 int server_dispatch_parent(int, struct privsep_proc *, 50 struct imsg *); 51 int server_dispatch_logger(int, struct privsep_proc *, 52 struct imsg *); 53 void server_shutdown(void); 54 55 void server_init(struct privsep *, struct privsep_proc *p, void *); 56 void server_launch(void); 57 int server_socket(struct sockaddr_storage *, in_port_t, 58 struct server_config *, int, int); 59 int server_socket_listen(struct sockaddr_storage *, in_port_t, 60 struct server_config *); 61 struct server *server_byid(uint32_t); 62 63 int server_tls_init(struct server *); 64 void server_tls_readcb(int, short, void *); 65 void server_tls_writecb(int, short, void *); 66 void server_tls_handshake(int, short, void *); 67 68 void server_accept(int, short, void *); 69 void server_input(struct client *); 70 void server_inflight_dec(struct client *, const char *); 71 72 extern void bufferevent_read_pressure_cb(struct evbuffer *, size_t, 73 size_t, void *); 74 75 volatile int server_clients; 76 volatile int server_inflight = 0; 77 uint32_t server_cltid; 78 79 static struct privsep_proc procs[] = { 80 { "parent", PROC_PARENT, server_dispatch_parent }, 81 { "logger", PROC_LOGGER, server_dispatch_logger } 82 }; 83 84 void 85 server(struct privsep *ps, struct privsep_proc *p) 86 { 87 proc_run(ps, p, procs, nitems(procs), server_init, NULL); 88 server_http(); 89 } 90 91 void 92 server_shutdown(void) 93 { 94 config_purge(httpd_env, CONFIG_ALL); 95 usleep(200); /* XXX server needs to shutdown last */ 96 } 97 98 int 99 server_privinit(struct server *srv) 100 { 101 struct server *s; 102 103 if (srv->srv_conf.flags & SRVFLAG_LOCATION) 104 return (0); 105 106 log_debug("%s: adding server %s", __func__, srv->srv_conf.name); 107 108 /* 109 * There's no need to open a new socket if a server with the 110 * same address already exists. 111 */ 112 TAILQ_FOREACH(s, httpd_env->sc_servers, srv_entry) { 113 if (s != srv && s->srv_s != -1 && 114 s->srv_conf.port == srv->srv_conf.port && 115 sockaddr_cmp((struct sockaddr *)&s->srv_conf.ss, 116 (struct sockaddr *)&srv->srv_conf.ss, 117 s->srv_conf.prefixlen) == 0) 118 return (0); 119 } 120 121 /* Open listening socket in the privileged process */ 122 if ((srv->srv_s = server_socket_listen(&srv->srv_conf.ss, 123 srv->srv_conf.port, &srv->srv_conf)) == -1) 124 return (-1); 125 126 return (0); 127 } 128 129 int 130 server_tls_cmp(struct server *s1, struct server *s2) 131 { 132 struct server_config *sc1, *sc2; 133 134 sc1 = &s1->srv_conf; 135 sc2 = &s2->srv_conf; 136 137 if (sc1->tls_flags != sc2->tls_flags) 138 return (-1); 139 if (sc1->tls_protocols != sc2->tls_protocols) 140 return (-1); 141 if (sc1->tls_ticket_lifetime != sc2->tls_ticket_lifetime) 142 return (-1); 143 if (strcmp(sc1->tls_ciphers, sc2->tls_ciphers) != 0) 144 return (-1); 145 if (strcmp(sc1->tls_dhe_params, sc2->tls_dhe_params) != 0) 146 return (-1); 147 if (strcmp(sc1->tls_ecdhe_curves, sc2->tls_ecdhe_curves) != 0) 148 return (-1); 149 150 return (0); 151 } 152 153 int 154 server_tls_load_keypair(struct server *srv) 155 { 156 if ((srv->srv_conf.flags & SRVFLAG_TLS) == 0) 157 return (0); 158 159 if ((srv->srv_conf.tls_cert = tls_load_file(srv->srv_conf.tls_cert_file, 160 &srv->srv_conf.tls_cert_len, NULL)) == NULL) 161 return (-1); 162 log_debug("%s: using certificate %s", __func__, 163 srv->srv_conf.tls_cert_file); 164 165 /* XXX allow to specify password for encrypted key */ 166 if ((srv->srv_conf.tls_key = tls_load_file(srv->srv_conf.tls_key_file, 167 &srv->srv_conf.tls_key_len, NULL)) == NULL) 168 return (-1); 169 log_debug("%s: using private key %s", __func__, 170 srv->srv_conf.tls_key_file); 171 172 return (0); 173 } 174 175 int 176 server_tls_load_ocsp(struct server *srv) 177 { 178 if ((srv->srv_conf.flags & SRVFLAG_TLS) == 0) 179 return (0); 180 181 if (srv->srv_conf.tls_ocsp_staple_file == NULL) 182 return (0); 183 184 if ((srv->srv_conf.tls_ocsp_staple = tls_load_file( 185 srv->srv_conf.tls_ocsp_staple_file, 186 &srv->srv_conf.tls_ocsp_staple_len, NULL)) == NULL) { 187 log_warnx("%s: Failed to load ocsp staple from %s", __func__, 188 srv->srv_conf.tls_ocsp_staple_file); 189 return (-1); 190 } 191 192 if (srv->srv_conf.tls_ocsp_staple_len == 0) { 193 log_warnx("%s: ignoring 0 length ocsp staple from %s", __func__, 194 srv->srv_conf.tls_ocsp_staple_file); 195 return (0); 196 } 197 198 log_debug("%s: using ocsp staple from %s", __func__, 199 srv->srv_conf.tls_ocsp_staple_file); 200 201 return (0); 202 } 203 204 int 205 server_tls_load_ca(struct server *srv) 206 { 207 if ((srv->srv_conf.tls_flags & TLSFLAG_CA) == 0 || 208 srv->srv_conf.tls_ca_file == NULL) 209 return (0); 210 211 if ((srv->srv_conf.tls_ca = tls_load_file( 212 srv->srv_conf.tls_ca_file, 213 &srv->srv_conf.tls_ca_len, NULL)) == NULL) 214 return (-1); 215 log_debug("%s: using ca cert(s) from %s", __func__, 216 srv->srv_conf.tls_ca_file); 217 218 return (0); 219 } 220 221 int 222 server_tls_load_crl(struct server *srv) 223 { 224 if ((srv->srv_conf.tls_flags & TLSFLAG_CA) == 0 || 225 srv->srv_conf.tls_crl_file == NULL) 226 return (0); 227 228 if ((srv->srv_conf.tls_crl = tls_load_file( 229 srv->srv_conf.tls_crl_file, 230 &srv->srv_conf.tls_crl_len, NULL)) == NULL) 231 return (-1); 232 log_debug("%s: using crl(s) from %s", __func__, 233 srv->srv_conf.tls_crl_file); 234 235 return (0); 236 } 237 238 int 239 server_tls_init(struct server *srv) 240 { 241 struct server_config *srv_conf; 242 243 if ((srv->srv_conf.flags & SRVFLAG_TLS) == 0) 244 return (0); 245 246 log_debug("%s: setting up tls for %s", __func__, srv->srv_conf.name); 247 248 if ((srv->srv_tls_config = tls_config_new()) == NULL) { 249 log_warnx("%s: failed to get tls config", __func__); 250 return (-1); 251 } 252 if ((srv->srv_tls_ctx = tls_server()) == NULL) { 253 log_warnx("%s: failed to get tls server", __func__); 254 return (-1); 255 } 256 257 if (tls_config_set_protocols(srv->srv_tls_config, 258 srv->srv_conf.tls_protocols) != 0) { 259 log_warnx("%s: failed to set tls protocols: %s", 260 __func__, tls_config_error(srv->srv_tls_config)); 261 return (-1); 262 } 263 if (tls_config_set_ciphers(srv->srv_tls_config, 264 srv->srv_conf.tls_ciphers) != 0) { 265 log_warnx("%s: failed to set tls ciphers: %s", 266 __func__, tls_config_error(srv->srv_tls_config)); 267 return (-1); 268 } 269 if (tls_config_set_dheparams(srv->srv_tls_config, 270 srv->srv_conf.tls_dhe_params) != 0) { 271 log_warnx("%s: failed to set tls dhe params: %s", 272 __func__, tls_config_error(srv->srv_tls_config)); 273 return (-1); 274 } 275 if (tls_config_set_ecdhecurves(srv->srv_tls_config, 276 srv->srv_conf.tls_ecdhe_curves) != 0) { 277 log_warnx("%s: failed to set tls ecdhe curves: %s", 278 __func__, tls_config_error(srv->srv_tls_config)); 279 return (-1); 280 } 281 282 if (tls_config_set_keypair_ocsp_mem(srv->srv_tls_config, 283 srv->srv_conf.tls_cert, srv->srv_conf.tls_cert_len, 284 srv->srv_conf.tls_key, srv->srv_conf.tls_key_len, 285 srv->srv_conf.tls_ocsp_staple, 286 srv->srv_conf.tls_ocsp_staple_len) != 0) { 287 log_warnx("%s: failed to set tls certificate/key: %s", 288 __func__, tls_config_error(srv->srv_tls_config)); 289 return (-1); 290 } 291 292 if (srv->srv_conf.tls_ca != NULL) { 293 if (tls_config_set_ca_mem(srv->srv_tls_config, 294 srv->srv_conf.tls_ca, srv->srv_conf.tls_ca_len) != 0) { 295 log_warnx("%s: failed to add ca cert(s)", __func__); 296 return (-1); 297 } 298 if (tls_config_set_crl_mem(srv->srv_tls_config, 299 srv->srv_conf.tls_crl, srv->srv_conf.tls_crl_len) != 0) { 300 log_warnx("%s: failed to add crl(s)", __func__); 301 return (-1); 302 } 303 if (srv->srv_conf.tls_flags & TLSFLAG_OPTIONAL) 304 tls_config_verify_client_optional(srv->srv_tls_config); 305 else 306 tls_config_verify_client(srv->srv_tls_config); 307 } 308 309 TAILQ_FOREACH(srv_conf, &srv->srv_hosts, entry) { 310 if (srv_conf->tls_cert == NULL || srv_conf->tls_key == NULL) 311 continue; 312 log_debug("%s: adding keypair for server %s", __func__, 313 srv->srv_conf.name); 314 if (tls_config_add_keypair_ocsp_mem(srv->srv_tls_config, 315 srv_conf->tls_cert, srv_conf->tls_cert_len, 316 srv_conf->tls_key, srv_conf->tls_key_len, 317 srv_conf->tls_ocsp_staple, 318 srv_conf->tls_ocsp_staple_len) != 0) { 319 log_warnx("%s: failed to add tls keypair", __func__); 320 return (-1); 321 } 322 } 323 324 /* set common session ID among all processes */ 325 if (tls_config_set_session_id(srv->srv_tls_config, 326 httpd_env->sc_tls_sid, sizeof(httpd_env->sc_tls_sid)) == -1) { 327 log_warnx("%s: could not set the TLS session ID: %s", 328 __func__, tls_config_error(srv->srv_tls_config)); 329 return (-1); 330 } 331 332 /* ticket support */ 333 if (srv->srv_conf.tls_ticket_lifetime) { 334 if (tls_config_set_session_lifetime(srv->srv_tls_config, 335 srv->srv_conf.tls_ticket_lifetime) == -1) { 336 log_warnx("%s: could not set the TLS session lifetime: " 337 "%s", __func__, 338 tls_config_error(srv->srv_tls_config)); 339 return (-1); 340 } 341 tls_config_add_ticket_key(srv->srv_tls_config, 342 srv->srv_conf.tls_ticket_key.tt_keyrev, 343 srv->srv_conf.tls_ticket_key.tt_key, 344 sizeof(srv->srv_conf.tls_ticket_key.tt_key)); 345 explicit_bzero(&srv->srv_conf.tls_ticket_key, 346 sizeof(srv->srv_conf.tls_ticket_key)); 347 } 348 349 if (tls_configure(srv->srv_tls_ctx, srv->srv_tls_config) != 0) { 350 log_warnx("%s: failed to configure tls - %s", __func__, 351 tls_error(srv->srv_tls_ctx)); 352 return (-1); 353 } 354 355 /* We're now done with the public/private key & ca/crl... */ 356 tls_config_clear_keys(srv->srv_tls_config); 357 freezero(srv->srv_conf.tls_cert, srv->srv_conf.tls_cert_len); 358 freezero(srv->srv_conf.tls_key, srv->srv_conf.tls_key_len); 359 free(srv->srv_conf.tls_ca); 360 free(srv->srv_conf.tls_crl); 361 srv->srv_conf.tls_ca = NULL; 362 srv->srv_conf.tls_cert = NULL; 363 srv->srv_conf.tls_crl = NULL; 364 srv->srv_conf.tls_key = NULL; 365 srv->srv_conf.tls_ca_len = 0; 366 srv->srv_conf.tls_cert_len = 0; 367 srv->srv_conf.tls_crl_len = 0; 368 srv->srv_conf.tls_key_len = 0; 369 370 return (0); 371 } 372 373 void 374 server_generate_ticket_key(struct server_config *srv_conf) 375 { 376 struct server_tls_ticket *key = &srv_conf->tls_ticket_key; 377 378 key->tt_id = srv_conf->id; 379 key->tt_keyrev = arc4random(); 380 arc4random_buf(key->tt_key, sizeof(key->tt_key)); 381 } 382 383 void 384 server_init(struct privsep *ps, struct privsep_proc *p, void *arg) 385 { 386 server_http(); 387 388 if (config_init(ps->ps_env) == -1) 389 fatal("failed to initialize configuration"); 390 391 /* We use a custom shutdown callback */ 392 p->p_shutdown = server_shutdown; 393 394 /* Unlimited file descriptors (use system limits) */ 395 socket_rlimit(-1); 396 397 if (pledge("stdio rpath inet unix recvfd", NULL) == -1) 398 fatal("pledge"); 399 400 #if 0 401 /* Schedule statistics timer */ 402 evtimer_set(&ps->ps_env->sc_statev, server_statistics, NULL); 403 memcpy(&tv, &ps->ps_env->sc_statinterval, sizeof(tv)); 404 evtimer_add(&ps->ps_env->sc_statev, &tv); 405 #endif 406 } 407 408 void 409 server_launch(void) 410 { 411 struct server *srv; 412 413 TAILQ_FOREACH(srv, httpd_env->sc_servers, srv_entry) { 414 log_debug("%s: configuring server %s", __func__, 415 srv->srv_conf.name); 416 417 server_tls_init(srv); 418 server_http_init(srv); 419 420 log_debug("%s: running server %s", __func__, 421 srv->srv_conf.name); 422 423 event_set(&srv->srv_ev, srv->srv_s, EV_READ, 424 server_accept, srv); 425 event_add(&srv->srv_ev, NULL); 426 evtimer_set(&srv->srv_evt, server_accept, srv); 427 } 428 } 429 430 void 431 server_purge(struct server *srv) 432 { 433 struct client *clt; 434 struct server_config *srv_conf; 435 436 /* shutdown and remove server */ 437 if (event_initialized(&srv->srv_ev)) 438 event_del(&srv->srv_ev); 439 if (evtimer_initialized(&srv->srv_evt)) 440 evtimer_del(&srv->srv_evt); 441 442 if (srv->srv_s != -1) 443 close(srv->srv_s); 444 TAILQ_REMOVE(httpd_env->sc_servers, srv, srv_entry); 445 446 /* cleanup sessions */ 447 while ((clt = 448 SPLAY_ROOT(&srv->srv_clients)) != NULL) 449 server_close(clt, NULL); 450 451 /* cleanup hosts */ 452 while ((srv_conf = 453 TAILQ_FIRST(&srv->srv_hosts)) != NULL) { 454 TAILQ_REMOVE(&srv->srv_hosts, srv_conf, entry); 455 456 /* It might point to our own "default" entry */ 457 if (srv_conf != &srv->srv_conf) { 458 serverconfig_free(srv_conf); 459 free(srv_conf); 460 } 461 } 462 463 tls_config_free(srv->srv_tls_config); 464 tls_free(srv->srv_tls_ctx); 465 466 free(srv); 467 } 468 469 void 470 serverconfig_free(struct server_config *srv_conf) 471 { 472 struct fastcgi_param *param, *tparam; 473 474 free(srv_conf->return_uri); 475 free(srv_conf->tls_ca_file); 476 free(srv_conf->tls_ca); 477 free(srv_conf->tls_cert_file); 478 free(srv_conf->tls_crl_file); 479 free(srv_conf->tls_crl); 480 free(srv_conf->tls_key_file); 481 free(srv_conf->tls_ocsp_staple_file); 482 free(srv_conf->tls_ocsp_staple); 483 freezero(srv_conf->tls_cert, srv_conf->tls_cert_len); 484 freezero(srv_conf->tls_key, srv_conf->tls_key_len); 485 486 TAILQ_FOREACH_SAFE(param, &srv_conf->fcgiparams, entry, tparam) 487 free(param); 488 } 489 490 void 491 serverconfig_reset(struct server_config *srv_conf) 492 { 493 srv_conf->auth = NULL; 494 srv_conf->return_uri = NULL; 495 srv_conf->tls_ca = NULL; 496 srv_conf->tls_ca_file = NULL; 497 srv_conf->tls_cert = NULL; 498 srv_conf->tls_cert_file = NULL; 499 srv_conf->tls_crl = NULL; 500 srv_conf->tls_crl_file = NULL; 501 srv_conf->tls_key = NULL; 502 srv_conf->tls_key_file = NULL; 503 srv_conf->tls_ocsp_staple = NULL; 504 srv_conf->tls_ocsp_staple_file = NULL; 505 TAILQ_INIT(&srv_conf->fcgiparams); 506 } 507 508 struct server * 509 server_byaddr(struct sockaddr *addr, in_port_t port) 510 { 511 struct server *srv; 512 513 TAILQ_FOREACH(srv, httpd_env->sc_servers, srv_entry) { 514 if (port == srv->srv_conf.port && 515 sockaddr_cmp((struct sockaddr *)&srv->srv_conf.ss, 516 addr, srv->srv_conf.prefixlen) == 0) 517 return (srv); 518 } 519 520 return (NULL); 521 } 522 523 struct server_config * 524 serverconfig_byid(uint32_t id) 525 { 526 struct server *srv; 527 struct server_config *srv_conf; 528 529 TAILQ_FOREACH(srv, httpd_env->sc_servers, srv_entry) { 530 if (srv->srv_conf.id == id) 531 return (&srv->srv_conf); 532 TAILQ_FOREACH(srv_conf, &srv->srv_hosts, entry) { 533 if (srv_conf->id == id) 534 return (srv_conf); 535 } 536 } 537 538 return (NULL); 539 } 540 541 struct server * 542 server_byid(uint32_t id) 543 { 544 struct server *srv; 545 546 TAILQ_FOREACH(srv, httpd_env->sc_servers, srv_entry) { 547 if (srv->srv_conf.id == id) 548 return (srv); 549 } 550 return (NULL); 551 } 552 553 int 554 server_foreach(int (*srv_cb)(struct server *, 555 struct server_config *, void *), void *arg) 556 { 557 struct server *srv; 558 struct server_config *srv_conf; 559 560 TAILQ_FOREACH(srv, httpd_env->sc_servers, srv_entry) { 561 if ((srv_cb)(srv, &srv->srv_conf, arg) == -1) 562 return (-1); 563 TAILQ_FOREACH(srv_conf, &srv->srv_hosts, entry) { 564 if ((srv_cb)(srv, srv_conf, arg) == -1) 565 return (-1); 566 } 567 } 568 569 return (0); 570 } 571 572 struct server * 573 server_match(struct server *s2, int match_name) 574 { 575 struct server *s1; 576 577 /* Attempt to find matching server. */ 578 TAILQ_FOREACH(s1, httpd_env->sc_servers, srv_entry) { 579 if ((s1->srv_conf.flags & SRVFLAG_LOCATION) != 0) 580 continue; 581 if (match_name) { 582 if (strcmp(s1->srv_conf.name, s2->srv_conf.name) != 0) 583 continue; 584 } 585 if (s1->srv_conf.port != s2->srv_conf.port) 586 continue; 587 if (sockaddr_cmp( 588 (struct sockaddr *)&s1->srv_conf.ss, 589 (struct sockaddr *)&s2->srv_conf.ss, 590 s1->srv_conf.prefixlen) != 0) 591 continue; 592 593 return (s1); 594 } 595 596 return (NULL); 597 } 598 599 int 600 server_socket_af(struct sockaddr_storage *ss, in_port_t port) 601 { 602 switch (ss->ss_family) { 603 case AF_INET: 604 ((struct sockaddr_in *)ss)->sin_port = port; 605 ((struct sockaddr_in *)ss)->sin_len = 606 sizeof(struct sockaddr_in); 607 break; 608 case AF_INET6: 609 ((struct sockaddr_in6 *)ss)->sin6_port = port; 610 ((struct sockaddr_in6 *)ss)->sin6_len = 611 sizeof(struct sockaddr_in6); 612 break; 613 default: 614 return (-1); 615 } 616 617 return (0); 618 } 619 620 in_port_t 621 server_socket_getport(struct sockaddr_storage *ss) 622 { 623 switch (ss->ss_family) { 624 case AF_INET: 625 return (((struct sockaddr_in *)ss)->sin_port); 626 case AF_INET6: 627 return (((struct sockaddr_in6 *)ss)->sin6_port); 628 default: 629 return (0); 630 } 631 632 /* NOTREACHED */ 633 return (0); 634 } 635 636 int 637 server_socket(struct sockaddr_storage *ss, in_port_t port, 638 struct server_config *srv_conf, int fd, int reuseport) 639 { 640 struct linger lng; 641 int s = -1, val; 642 643 if (server_socket_af(ss, port) == -1) 644 goto bad; 645 646 s = fd == -1 ? socket(ss->ss_family, SOCK_STREAM | SOCK_NONBLOCK, 647 IPPROTO_TCP) : fd; 648 if (s == -1) 649 goto bad; 650 651 /* 652 * Socket options 653 */ 654 memset(&lng, 0, sizeof(lng)); 655 if (setsockopt(s, SOL_SOCKET, SO_LINGER, &lng, sizeof(lng)) == -1) 656 goto bad; 657 if (reuseport) { 658 val = 1; 659 if (setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &val, 660 sizeof(int)) == -1) 661 goto bad; 662 } 663 if (srv_conf->tcpflags & TCPFLAG_BUFSIZ) { 664 val = srv_conf->tcpbufsiz; 665 if (setsockopt(s, SOL_SOCKET, SO_RCVBUF, 666 &val, sizeof(val)) == -1) 667 goto bad; 668 val = srv_conf->tcpbufsiz; 669 if (setsockopt(s, SOL_SOCKET, SO_SNDBUF, 670 &val, sizeof(val)) == -1) 671 goto bad; 672 } 673 674 /* 675 * IP options 676 */ 677 if (srv_conf->tcpflags & TCPFLAG_IPTTL) { 678 val = (int)srv_conf->tcpipttl; 679 switch (ss->ss_family) { 680 case AF_INET: 681 if (setsockopt(s, IPPROTO_IP, IP_TTL, 682 &val, sizeof(val)) == -1) 683 goto bad; 684 break; 685 case AF_INET6: 686 if (setsockopt(s, IPPROTO_IPV6, IPV6_UNICAST_HOPS, 687 &val, sizeof(val)) == -1) 688 goto bad; 689 break; 690 } 691 } 692 if (srv_conf->tcpflags & TCPFLAG_IPMINTTL) { 693 val = (int)srv_conf->tcpipminttl; 694 switch (ss->ss_family) { 695 case AF_INET: 696 if (setsockopt(s, IPPROTO_IP, IP_MINTTL, 697 &val, sizeof(val)) == -1) 698 goto bad; 699 break; 700 case AF_INET6: 701 if (setsockopt(s, IPPROTO_IPV6, IPV6_MINHOPCOUNT, 702 &val, sizeof(val)) == -1) 703 goto bad; 704 break; 705 } 706 } 707 708 /* 709 * TCP options 710 */ 711 if (srv_conf->tcpflags & (TCPFLAG_NODELAY|TCPFLAG_NNODELAY)) { 712 if (srv_conf->tcpflags & TCPFLAG_NNODELAY) 713 val = 0; 714 else 715 val = 1; 716 if (setsockopt(s, IPPROTO_TCP, TCP_NODELAY, 717 &val, sizeof(val)) == -1) 718 goto bad; 719 } 720 if (srv_conf->tcpflags & (TCPFLAG_SACK|TCPFLAG_NSACK)) { 721 if (srv_conf->tcpflags & TCPFLAG_NSACK) 722 val = 0; 723 else 724 val = 1; 725 if (setsockopt(s, IPPROTO_TCP, TCP_SACK_ENABLE, 726 &val, sizeof(val)) == -1) 727 goto bad; 728 } 729 730 return (s); 731 732 bad: 733 if (s != -1) 734 close(s); 735 return (-1); 736 } 737 738 int 739 server_socket_listen(struct sockaddr_storage *ss, in_port_t port, 740 struct server_config *srv_conf) 741 { 742 int s; 743 744 if ((s = server_socket(ss, port, srv_conf, -1, 1)) == -1) 745 return (-1); 746 747 if (bind(s, (struct sockaddr *)ss, ss->ss_len) == -1) 748 goto bad; 749 if (listen(s, srv_conf->tcpbacklog) == -1) 750 goto bad; 751 752 return (s); 753 754 bad: 755 close(s); 756 return (-1); 757 } 758 759 int 760 server_socket_connect(struct sockaddr_storage *ss, in_port_t port, 761 struct server_config *srv_conf) 762 { 763 int s; 764 765 if ((s = server_socket(ss, port, srv_conf, -1, 0)) == -1) 766 return (-1); 767 768 if (connect(s, (struct sockaddr *)ss, ss->ss_len) == -1) { 769 if (errno != EINPROGRESS) 770 goto bad; 771 } 772 773 return (s); 774 775 bad: 776 close(s); 777 return (-1); 778 } 779 780 void 781 server_tls_readcb(int fd, short event, void *arg) 782 { 783 struct bufferevent *bufev = arg; 784 struct client *clt = bufev->cbarg; 785 char rbuf[IBUF_READ_SIZE]; 786 int what = EVBUFFER_READ; 787 int howmuch = IBUF_READ_SIZE; 788 ssize_t ret; 789 size_t len; 790 791 if (event == EV_TIMEOUT) { 792 what |= EVBUFFER_TIMEOUT; 793 goto err; 794 } 795 796 if (bufev->wm_read.high != 0) 797 howmuch = MINIMUM(sizeof(rbuf), bufev->wm_read.high); 798 799 ret = tls_read(clt->clt_tls_ctx, rbuf, howmuch); 800 if (ret == TLS_WANT_POLLIN || ret == TLS_WANT_POLLOUT) { 801 goto retry; 802 } else if (ret == -1) { 803 what |= EVBUFFER_ERROR; 804 goto err; 805 } 806 len = ret; 807 808 if (len == 0) { 809 what |= EVBUFFER_EOF; 810 goto err; 811 } 812 813 if (evbuffer_add(bufev->input, rbuf, len) == -1) { 814 what |= EVBUFFER_ERROR; 815 goto err; 816 } 817 818 server_bufferevent_add(&bufev->ev_read, bufev->timeout_read); 819 820 len = EVBUFFER_LENGTH(bufev->input); 821 if (bufev->wm_read.low != 0 && len < bufev->wm_read.low) 822 return; 823 if (bufev->wm_read.high != 0 && len > bufev->wm_read.high) { 824 struct evbuffer *buf = bufev->input; 825 event_del(&bufev->ev_read); 826 evbuffer_setcb(buf, bufferevent_read_pressure_cb, bufev); 827 return; 828 } 829 830 if (bufev->readcb != NULL) 831 (*bufev->readcb)(bufev, bufev->cbarg); 832 return; 833 834 retry: 835 server_bufferevent_add(&bufev->ev_read, bufev->timeout_read); 836 return; 837 838 err: 839 (*bufev->errorcb)(bufev, what, bufev->cbarg); 840 } 841 842 void 843 server_tls_writecb(int fd, short event, void *arg) 844 { 845 struct bufferevent *bufev = arg; 846 struct client *clt = bufev->cbarg; 847 ssize_t ret; 848 short what = EVBUFFER_WRITE; 849 size_t len; 850 851 if (event == EV_TIMEOUT) { 852 what |= EVBUFFER_TIMEOUT; 853 goto err; 854 } 855 856 if (EVBUFFER_LENGTH(bufev->output)) { 857 ret = tls_write(clt->clt_tls_ctx, 858 EVBUFFER_DATA(bufev->output), 859 EVBUFFER_LENGTH(bufev->output)); 860 if (ret == TLS_WANT_POLLIN || ret == TLS_WANT_POLLOUT) { 861 goto retry; 862 } else if (ret == -1) { 863 what |= EVBUFFER_ERROR; 864 goto err; 865 } 866 len = ret; 867 evbuffer_drain(bufev->output, len); 868 } 869 870 if (EVBUFFER_LENGTH(bufev->output) != 0) 871 server_bufferevent_add(&bufev->ev_write, bufev->timeout_write); 872 873 if (bufev->writecb != NULL && 874 EVBUFFER_LENGTH(bufev->output) <= bufev->wm_write.low) 875 (*bufev->writecb)(bufev, bufev->cbarg); 876 return; 877 878 retry: 879 server_bufferevent_add(&bufev->ev_write, bufev->timeout_write); 880 return; 881 882 err: 883 (*bufev->errorcb)(bufev, what, bufev->cbarg); 884 } 885 886 void 887 server_input(struct client *clt) 888 { 889 struct server_config *srv_conf = clt->clt_srv_conf; 890 evbuffercb inrd = server_read; 891 evbuffercb inwr = server_write; 892 socklen_t slen; 893 894 if (server_httpdesc_init(clt) == -1) { 895 server_close(clt, "failed to allocate http descriptor"); 896 return; 897 } 898 899 clt->clt_toread = TOREAD_HTTP_HEADER; 900 inrd = server_read_http; 901 902 slen = sizeof(clt->clt_sndbufsiz); 903 if (getsockopt(clt->clt_s, SOL_SOCKET, SO_SNDBUF, 904 &clt->clt_sndbufsiz, &slen) == -1) { 905 server_close(clt, "failed to get send buffer size"); 906 return; 907 } 908 909 /* 910 * Client <-> Server 911 */ 912 clt->clt_bev = bufferevent_new(clt->clt_s, inrd, inwr, 913 server_error, clt); 914 if (clt->clt_bev == NULL) { 915 server_close(clt, "failed to allocate input buffer event"); 916 return; 917 } 918 919 if (srv_conf->flags & SRVFLAG_TLS) { 920 event_set(&clt->clt_bev->ev_read, clt->clt_s, EV_READ, 921 server_tls_readcb, clt->clt_bev); 922 event_set(&clt->clt_bev->ev_write, clt->clt_s, EV_WRITE, 923 server_tls_writecb, clt->clt_bev); 924 } 925 926 /* Adjust write watermark to the socket buffer output size */ 927 bufferevent_setwatermark(clt->clt_bev, EV_WRITE, 928 SERVER_MIN_PREFETCHED * clt->clt_sndbufsiz, 0); 929 /* Read at most amount of data that fits in one fcgi record. */ 930 bufferevent_setwatermark(clt->clt_bev, EV_READ, 0, FCGI_CONTENT_SIZE); 931 932 bufferevent_settimeout(clt->clt_bev, 933 srv_conf->requesttimeout.tv_sec, srv_conf->requesttimeout.tv_sec); 934 bufferevent_enable(clt->clt_bev, EV_READ|EV_WRITE); 935 } 936 937 void 938 server_write(struct bufferevent *bev, void *arg) 939 { 940 struct client *clt = arg; 941 struct evbuffer *dst = EVBUFFER_OUTPUT(bev); 942 943 if (EVBUFFER_LENGTH(dst) == 0 && 944 clt->clt_toread == TOREAD_HTTP_NONE) 945 goto done; 946 947 getmonotime(&clt->clt_tv_last); 948 949 if (clt->clt_done) 950 goto done; 951 952 if (clt->clt_srvbev && clt->clt_srvbev_throttled) { 953 bufferevent_enable(clt->clt_srvbev, EV_READ); 954 clt->clt_srvbev_throttled = 0; 955 } 956 957 return; 958 done: 959 (*bev->errorcb)(bev, EVBUFFER_WRITE, bev->cbarg); 960 return; 961 } 962 963 void 964 server_dump(struct client *clt, const void *buf, size_t len) 965 { 966 if (!len) 967 return; 968 969 /* 970 * This function will dump the specified message directly 971 * to the underlying client, without waiting for success 972 * of non-blocking events etc. This is useful to print an 973 * error message before gracefully closing the client. 974 */ 975 if (clt->clt_tls_ctx != NULL) 976 (void)tls_write(clt->clt_tls_ctx, buf, len); 977 else 978 (void)write(clt->clt_s, buf, len); 979 } 980 981 void 982 server_read(struct bufferevent *bev, void *arg) 983 { 984 struct client *clt = arg; 985 struct evbuffer *src = EVBUFFER_INPUT(bev); 986 987 getmonotime(&clt->clt_tv_last); 988 989 if (!EVBUFFER_LENGTH(src)) 990 return; 991 if (server_bufferevent_write_buffer(clt, src) == -1) 992 goto fail; 993 if (clt->clt_done) 994 goto done; 995 996 if (EVBUFFER_LENGTH(EVBUFFER_OUTPUT(clt->clt_bev)) > (size_t) 997 SERVER_MAX_PREFETCH * clt->clt_sndbufsiz) { 998 bufferevent_disable(clt->clt_srvbev, EV_READ); 999 clt->clt_srvbev_throttled = 1; 1000 } 1001 1002 return; 1003 done: 1004 (*bev->errorcb)(bev, EVBUFFER_READ, bev->cbarg); 1005 return; 1006 fail: 1007 server_close(clt, strerror(errno)); 1008 } 1009 1010 void 1011 server_error(struct bufferevent *bev, short error, void *arg) 1012 { 1013 struct client *clt = arg; 1014 struct evbuffer *dst; 1015 1016 if (error & EVBUFFER_TIMEOUT) { 1017 if (!clt->clt_headersdone && clt->clt_line > 0) 1018 server_abort_http(clt, 408, "timeout"); 1019 else 1020 server_close(clt, "timeout"); 1021 return; 1022 } 1023 if (error & EVBUFFER_ERROR) { 1024 if (errno == EFBIG) { 1025 bufferevent_enable(bev, EV_READ); 1026 return; 1027 } 1028 server_close(clt, "buffer event error"); 1029 return; 1030 } 1031 if (error & EVBUFFER_EOF) { 1032 server_close(clt, "closed"); 1033 return; 1034 } 1035 if (error & (EVBUFFER_READ|EVBUFFER_WRITE)) { 1036 bufferevent_disable(bev, EV_READ|EV_WRITE); 1037 1038 clt->clt_done = 1; 1039 1040 dst = EVBUFFER_OUTPUT(clt->clt_bev); 1041 if (EVBUFFER_LENGTH(dst)) { 1042 /* Finish writing all data first */ 1043 bufferevent_enable(clt->clt_bev, EV_WRITE); 1044 return; 1045 } 1046 1047 server_close(clt, "done"); 1048 return; 1049 } 1050 server_close(clt, "unknown event error"); 1051 return; 1052 } 1053 1054 void 1055 server_accept(int fd, short event, void *arg) 1056 { 1057 struct server *srv = arg; 1058 struct client *clt = NULL; 1059 socklen_t slen; 1060 struct sockaddr_storage ss; 1061 int s = -1; 1062 1063 event_add(&srv->srv_ev, NULL); 1064 if ((event & EV_TIMEOUT)) 1065 return; 1066 1067 slen = sizeof(ss); 1068 if ((s = accept_reserve(fd, (struct sockaddr *)&ss, 1069 &slen, FD_RESERVE, &server_inflight)) == -1) { 1070 /* 1071 * Pause accept if we are out of file descriptors, or 1072 * libevent will haunt us here too. 1073 */ 1074 if (errno == ENFILE || errno == EMFILE) { 1075 struct timeval evtpause = { 1, 0 }; 1076 1077 event_del(&srv->srv_ev); 1078 evtimer_add(&srv->srv_evt, &evtpause); 1079 log_debug("%s: deferring connections", __func__); 1080 } 1081 return; 1082 } 1083 if (server_clients >= SERVER_MAX_CLIENTS) 1084 goto err; 1085 1086 if ((clt = calloc(1, sizeof(*clt))) == NULL) 1087 goto err; 1088 1089 /* Pre-allocate log buffer */ 1090 clt->clt_log = evbuffer_new(); 1091 if (clt->clt_log == NULL) 1092 goto err; 1093 1094 clt->clt_s = s; 1095 clt->clt_fd = -1; 1096 clt->clt_toread = TOREAD_UNLIMITED; 1097 clt->clt_srv = srv; 1098 clt->clt_srv_conf = &srv->srv_conf; 1099 clt->clt_id = ++server_cltid; 1100 clt->clt_srv_id = srv->srv_conf.id; 1101 clt->clt_pid = getpid(); 1102 clt->clt_inflight = 1; 1103 1104 /* get local address */ 1105 slen = sizeof(clt->clt_srv_ss); 1106 if (getsockname(s, (struct sockaddr *)&clt->clt_srv_ss, 1107 &slen) == -1) { 1108 server_close(clt, "listen address lookup failed"); 1109 return; 1110 } 1111 1112 /* get client address */ 1113 memcpy(&clt->clt_ss, &ss, sizeof(clt->clt_ss)); 1114 1115 /* get ports */ 1116 switch (ss.ss_family) { 1117 case AF_INET: 1118 clt->clt_port = ((struct sockaddr_in *)&ss)->sin_port; 1119 break; 1120 case AF_INET6: 1121 clt->clt_port = ((struct sockaddr_in6 *)&ss)->sin6_port; 1122 break; 1123 } 1124 1125 getmonotime(&clt->clt_tv_start); 1126 memcpy(&clt->clt_tv_last, &clt->clt_tv_start, sizeof(clt->clt_tv_last)); 1127 1128 server_clients++; 1129 SPLAY_INSERT(client_tree, &srv->srv_clients, clt); 1130 1131 /* Pre-allocate output buffer */ 1132 clt->clt_output = evbuffer_new(); 1133 if (clt->clt_output == NULL) { 1134 server_close(clt, "failed to allocate output buffer"); 1135 return; 1136 } 1137 1138 if (srv->srv_conf.flags & SRVFLAG_TLS) { 1139 if (tls_accept_socket(srv->srv_tls_ctx, &clt->clt_tls_ctx, 1140 clt->clt_s) != 0) { 1141 server_close(clt, "failed to accept tls socket"); 1142 return; 1143 } 1144 event_again(&clt->clt_ev, clt->clt_s, EV_TIMEOUT|EV_READ, 1145 server_tls_handshake, &clt->clt_tv_start, 1146 &srv->srv_conf.timeout, clt); 1147 return; 1148 } 1149 1150 server_input(clt); 1151 return; 1152 1153 err: 1154 if (s != -1) { 1155 close(s); 1156 free(clt); 1157 /* 1158 * the client struct was not completely set up, but still 1159 * counted as an inflight client. account for this. 1160 */ 1161 server_inflight_dec(NULL, __func__); 1162 } 1163 } 1164 1165 void 1166 server_tls_handshake(int fd, short event, void *arg) 1167 { 1168 struct client *clt = (struct client *)arg; 1169 struct server *srv = (struct server *)clt->clt_srv; 1170 int ret; 1171 1172 if (event == EV_TIMEOUT) { 1173 server_close(clt, "tls handshake timeout"); 1174 return; 1175 } 1176 1177 if (srv->srv_tls_ctx == NULL || clt->clt_tls_ctx == NULL) 1178 fatalx("NULL tls context"); 1179 1180 ret = tls_handshake(clt->clt_tls_ctx); 1181 if (ret == 0) { 1182 server_input(clt); 1183 } else if (ret == TLS_WANT_POLLIN) { 1184 event_again(&clt->clt_ev, clt->clt_s, EV_TIMEOUT|EV_READ, 1185 server_tls_handshake, &clt->clt_tv_start, 1186 &srv->srv_conf.timeout, clt); 1187 } else if (ret == TLS_WANT_POLLOUT) { 1188 event_again(&clt->clt_ev, clt->clt_s, EV_TIMEOUT|EV_WRITE, 1189 server_tls_handshake, &clt->clt_tv_start, 1190 &srv->srv_conf.timeout, clt); 1191 } else { 1192 log_debug("%s: tls handshake failed - %s", __func__, 1193 tls_error(clt->clt_tls_ctx)); 1194 server_close(clt, "tls handshake failed"); 1195 } 1196 } 1197 1198 void 1199 server_inflight_dec(struct client *clt, const char *why) 1200 { 1201 if (clt != NULL) { 1202 /* the flight already left inflight mode. */ 1203 if (clt->clt_inflight == 0) 1204 return; 1205 clt->clt_inflight = 0; 1206 } 1207 1208 /* the file was never opened, thus this was an inflight client. */ 1209 server_inflight--; 1210 DPRINTF("%s: inflight decremented, now %d, %s", 1211 __func__, server_inflight, why); 1212 } 1213 1214 void 1215 server_sendlog(struct server_config *srv_conf, int cmd, const char *emsg, ...) 1216 { 1217 va_list ap; 1218 char *msg; 1219 int ret; 1220 struct iovec iov[2]; 1221 1222 if (srv_conf->flags & SRVFLAG_SYSLOG) { 1223 va_start(ap, emsg); 1224 if (cmd == IMSG_LOG_ACCESS) 1225 vlog(LOG_INFO, emsg, ap); 1226 else 1227 vlog(LOG_DEBUG, emsg, ap); 1228 va_end(ap); 1229 return; 1230 } 1231 1232 va_start(ap, emsg); 1233 ret = vasprintf(&msg, emsg, ap); 1234 va_end(ap); 1235 if (ret == -1) { 1236 log_warn("%s: vasprintf", __func__); 1237 return; 1238 } 1239 1240 iov[0].iov_base = &srv_conf->id; 1241 iov[0].iov_len = sizeof(srv_conf->id); 1242 iov[1].iov_base = msg; 1243 iov[1].iov_len = ret + 1; 1244 1245 if (proc_composev(httpd_env->sc_ps, PROC_LOGGER, cmd, iov, 2) != 0) { 1246 log_warn("%s: failed to compose imsg", __func__); 1247 free(msg); 1248 return; 1249 } 1250 free(msg); 1251 } 1252 1253 void 1254 server_log(struct client *clt, const char *msg) 1255 { 1256 char ibuf[HOST_NAME_MAX+1], obuf[HOST_NAME_MAX+1]; 1257 struct server_config *srv_conf = clt->clt_srv_conf; 1258 char *ptr = NULL, *vmsg = NULL; 1259 int debug_cmd = -1; 1260 1261 switch (srv_conf->logformat) { 1262 case LOG_FORMAT_CONNECTION: 1263 debug_cmd = IMSG_LOG_ACCESS; 1264 break; 1265 default: 1266 if (log_getverbose() > 1) 1267 debug_cmd = IMSG_LOG_ERROR; 1268 if (EVBUFFER_LENGTH(clt->clt_log)) { 1269 while ((ptr = 1270 evbuffer_readline(clt->clt_log)) != NULL) { 1271 server_sendlog(srv_conf, 1272 IMSG_LOG_ACCESS, "%s", ptr); 1273 free(ptr); 1274 } 1275 } 1276 break; 1277 } 1278 1279 if (debug_cmd != -1 && msg != NULL) { 1280 memset(ibuf, 0, sizeof(ibuf)); 1281 memset(obuf, 0, sizeof(obuf)); 1282 (void)print_host(&clt->clt_ss, ibuf, sizeof(ibuf)); 1283 (void)server_http_host(&clt->clt_srv_ss, obuf, sizeof(obuf)); 1284 if (EVBUFFER_LENGTH(clt->clt_log) && 1285 evbuffer_add_printf(clt->clt_log, "\n") != -1) 1286 ptr = evbuffer_readline(clt->clt_log); 1287 (void)stravis(&vmsg, msg, HTTPD_LOGVIS); 1288 server_sendlog(srv_conf, debug_cmd, "server %s, " 1289 "client %d (%d active), %s:%u -> %s, " 1290 "%s%s%s", srv_conf->name, clt->clt_id, server_clients, 1291 ibuf, ntohs(clt->clt_port), obuf, vmsg == NULL ? "" : vmsg, 1292 ptr == NULL ? "" : ",", ptr == NULL ? "" : ptr); 1293 free(vmsg); 1294 free(ptr); 1295 } 1296 } 1297 1298 void 1299 server_close(struct client *clt, const char *msg) 1300 { 1301 struct server *srv = clt->clt_srv; 1302 1303 if (clt->clt_fcgi_count-- > 0) { 1304 clt->clt_fcgi_error = msg; 1305 return; 1306 } 1307 1308 SPLAY_REMOVE(client_tree, &srv->srv_clients, clt); 1309 1310 /* free the HTTP descriptors incl. headers */ 1311 server_close_http(clt); 1312 1313 /* tls_close must be called before the underlying socket is closed. */ 1314 if (clt->clt_tls_ctx != NULL) 1315 tls_close(clt->clt_tls_ctx); /* XXX - error handling */ 1316 tls_free(clt->clt_tls_ctx); 1317 1318 event_del(&clt->clt_ev); 1319 if (clt->clt_bev != NULL) 1320 bufferevent_disable(clt->clt_bev, EV_READ|EV_WRITE); 1321 if (clt->clt_srvbev != NULL) 1322 bufferevent_disable(clt->clt_srvbev, EV_READ|EV_WRITE); 1323 1324 server_log(clt, msg); 1325 1326 if (clt->clt_bev != NULL) 1327 bufferevent_free(clt->clt_bev); 1328 if (clt->clt_output != NULL) 1329 evbuffer_free(clt->clt_output); 1330 if (clt->clt_srvevb != NULL) 1331 evbuffer_free(clt->clt_srvevb); 1332 1333 if (clt->clt_srvbev != NULL) 1334 bufferevent_free(clt->clt_srvbev); 1335 1336 if (clt->clt_fd != -1) 1337 close(clt->clt_fd); 1338 if (clt->clt_s != -1) 1339 close(clt->clt_s); 1340 1341 server_inflight_dec(clt, __func__); 1342 1343 if (clt->clt_log != NULL) 1344 evbuffer_free(clt->clt_log); 1345 1346 free(clt); 1347 server_clients--; 1348 } 1349 1350 int 1351 server_dispatch_parent(int fd, struct privsep_proc *p, struct imsg *imsg) 1352 { 1353 struct server *srv; 1354 struct server_tls_ticket key; 1355 1356 switch (imsg->hdr.type) { 1357 case IMSG_CFG_MEDIA: 1358 config_getmedia(httpd_env, imsg); 1359 break; 1360 case IMSG_CFG_AUTH: 1361 config_getauth(httpd_env, imsg); 1362 break; 1363 case IMSG_CFG_SERVER: 1364 config_getserver(httpd_env, imsg); 1365 break; 1366 case IMSG_CFG_TLS: 1367 config_getserver_tls(httpd_env, imsg); 1368 break; 1369 case IMSG_CFG_FCGI: 1370 config_getserver_fcgiparams(httpd_env, imsg); 1371 break; 1372 case IMSG_CFG_DONE: 1373 config_getcfg(httpd_env, imsg); 1374 break; 1375 case IMSG_CTL_START: 1376 server_launch(); 1377 break; 1378 case IMSG_CTL_RESET: 1379 config_getreset(httpd_env, imsg); 1380 break; 1381 case IMSG_TLSTICKET_REKEY: 1382 IMSG_SIZE_CHECK(imsg, (&key)); 1383 memcpy(&key, imsg->data, sizeof(key)); 1384 /* apply to the right server */ 1385 srv = server_byid(key.tt_id); 1386 if (srv) { 1387 tls_config_add_ticket_key(srv->srv_tls_config, 1388 key.tt_keyrev, key.tt_key, sizeof(key.tt_key)); 1389 } 1390 break; 1391 default: 1392 return (-1); 1393 } 1394 1395 return (0); 1396 } 1397 1398 int 1399 server_dispatch_logger(int fd, struct privsep_proc *p, struct imsg *imsg) 1400 { 1401 switch (imsg->hdr.type) { 1402 default: 1403 return (-1); 1404 } 1405 1406 return (0); 1407 } 1408 1409 int 1410 server_bufferevent_add(struct event *ev, int timeout) 1411 { 1412 struct timeval tv, *ptv = NULL; 1413 1414 if (timeout) { 1415 timerclear(&tv); 1416 tv.tv_sec = timeout; 1417 ptv = &tv; 1418 } 1419 1420 return (event_add(ev, ptv)); 1421 } 1422 1423 int 1424 server_bufferevent_printf(struct client *clt, const char *fmt, ...) 1425 { 1426 int ret; 1427 va_list ap; 1428 char *str; 1429 1430 va_start(ap, fmt); 1431 ret = vasprintf(&str, fmt, ap); 1432 va_end(ap); 1433 1434 if (ret == -1) 1435 return (ret); 1436 1437 ret = server_bufferevent_print(clt, str); 1438 free(str); 1439 1440 return (ret); 1441 } 1442 1443 int 1444 server_bufferevent_print(struct client *clt, const char *str) 1445 { 1446 if (clt->clt_bev == NULL) 1447 return (evbuffer_add(clt->clt_output, str, strlen(str))); 1448 return (bufferevent_write(clt->clt_bev, str, strlen(str))); 1449 } 1450 1451 int 1452 server_bufferevent_write_buffer(struct client *clt, struct evbuffer *buf) 1453 { 1454 if (clt->clt_bev == NULL) 1455 return (evbuffer_add_buffer(clt->clt_output, buf)); 1456 return (bufferevent_write_buffer(clt->clt_bev, buf)); 1457 } 1458 1459 int 1460 server_bufferevent_write_chunk(struct client *clt, 1461 struct evbuffer *buf, size_t size) 1462 { 1463 int ret; 1464 ret = server_bufferevent_write(clt, EVBUFFER_DATA(buf), size); 1465 if (ret != -1) 1466 evbuffer_drain(buf, size); 1467 return (ret); 1468 } 1469 1470 int 1471 server_bufferevent_write(struct client *clt, void *data, size_t size) 1472 { 1473 if (clt->clt_bev == NULL) 1474 return (evbuffer_add(clt->clt_output, data, size)); 1475 return (bufferevent_write(clt->clt_bev, data, size)); 1476 } 1477 1478 int 1479 server_client_cmp(struct client *a, struct client *b) 1480 { 1481 return ((int)a->clt_id - b->clt_id); 1482 } 1483 1484 SPLAY_GENERATE(client_tree, client, clt_nodes, server_client_cmp); 1485