1 /*
2 * Pound - the reverse-proxy load-balancer
3 * Copyright (C) 2002-2010 Apsis GmbH
4 *
5 * This file is part of Pound.
6 *
7 * Pound is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * Pound is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program. If not, see <http://www.gnu.org/licenses/>.
19 *
20 * Contact information:
21 * Apsis GmbH
22 * P.O.Box
23 * 8707 Uetikon am See
24 * Switzerland
25 * EMail: roseg@apsis.ch
26 */
27
28 #include "pound.h"
29
30 /* HTTP error replies */
31 static char *h500 = "500 Internal Server Error",
32 *h501 = "501 Not Implemented",
33 *h503 = "503 Service Unavailable",
34 *h414 = "414 Request URI too long",
35 *h400 = "Bad Request";
36
37 static char *err_response = "HTTP/1.0 %s\r\nContent-Type: text/html\r\nContent-Length: %d\r\nExpires: now\r\nPragma: no-cache\r\nCache-control: no-cache,no-store\r\n\r\n%s";
38
39 /*
40 * Reply with an error
41 */
42 static void
err_reply(BIO * const c,const char * head,const char * txt)43 err_reply(BIO *const c, const char *head, const char *txt)
44 {
45 BIO_printf(c, err_response, head, strlen(txt), txt);
46 BIO_flush(c);
47 return;
48 }
49
50 /*
51 * Reply with a redirect
52 */
53 static void
redirect_reply(BIO * const c,const char * url,const int code)54 redirect_reply(BIO *const c, const char *url, const int code)
55 {
56 char rep[MAXBUF], cont[MAXBUF], safe_url[MAXBUF], *code_msg;
57 int i, j;
58
59 switch(code) {
60 case 301:
61 code_msg = "Moved Permanently";
62 break;
63 case 307:
64 code_msg = "Temporary Redirect";
65 break;
66 default:
67 code_msg = "Found";
68 break;
69 }
70 /*
71 * Make sure to return a safe version of the URL (otherwise CSRF becomes a possibility)
72 */
73 memset(safe_url, 0, MAXBUF);
74 for(i = j = 0; i < MAXBUF && j < MAXBUF && url[i]; i++)
75 if(isalnum(url[i]) || url[i] == '_' || url[i] == '.' || url[i] == ':' || url[i] == '/'
76 || url[i] == '?' || url[i] == '&' || url[i] == ';' || url[i] == '-' || url[i] == '=')
77 safe_url[j++] = url[i];
78 else {
79 sprintf(safe_url + j, "%%%02x", url[i]);
80 j += 3;
81 }
82 snprintf(cont, sizeof(cont),
83 "<html><head><title>Redirect</title></head><body><h1>Redirect</h1><p>You should go to <a href=\"%s\">%s</a></p></body></html>",
84 safe_url, safe_url);
85 snprintf(rep, sizeof(rep),
86 "HTTP/1.0 %d %s\r\nLocation: %s\r\nContent-Type: text/html\r\nContent-Length: %d\r\n\r\n",
87 code, code_msg, safe_url, (int)strlen(cont));
88 BIO_write(c, rep, strlen(rep));
89 BIO_write(c, cont, strlen(cont));
90 BIO_flush(c);
91 return;
92 }
93
94 /*
95 * Read and write some binary data
96 */
97 static int
copy_bin(BIO * const cl,BIO * const be,LONG cont,LONG * res_bytes,const int no_write)98 copy_bin(BIO *const cl, BIO *const be, LONG cont, LONG *res_bytes, const int no_write)
99 {
100 char buf[MAXBUF];
101 int res;
102
103 while(cont > L0) {
104 if((res = BIO_read(cl, buf, cont > MAXBUF? MAXBUF: cont)) < 0)
105 return -1;
106 else if(res == 0)
107 return -2;
108 if(!no_write)
109 if(BIO_write(be, buf, res) != res)
110 return -3;
111 cont -= res;
112 if(res_bytes)
113 *res_bytes += res;
114 }
115 if(!no_write)
116 if(BIO_flush(be) != 1)
117 return -4;
118 return 0;
119 }
120
121 /*
122 * Get a "line" from a BIO, strip the trailing newline, skip the input stream if buffer too small
123 * The result buffer is NULL terminated
124 * Return 0 on success
125 */
126 static int
get_line(BIO * const in,char * const buf,const int bufsize)127 get_line(BIO *const in, char *const buf, const int bufsize)
128 {
129 char tmp;
130 int i, n_read, seen_cr;
131
132 memset(buf, 0, bufsize);
133 for(i = 0, seen_cr = 0; i < bufsize - 1; i++)
134 switch(BIO_read(in, &tmp, 1)) {
135 case -2:
136 /* BIO_gets not implemented */
137 return -1;
138 case 0:
139 case -1:
140 return 1;
141 default:
142 if(seen_cr)
143 if(tmp != '\n') {
144 /* we have CR not followed by NL */
145 do {
146 if(BIO_read(in, &tmp, 1) <= 0)
147 return 1;
148 } while(tmp != '\n');
149 return 1;
150 } else {
151 buf[i - 1] = '\0';
152 return 0;
153 }
154
155 if(!iscntrl(tmp) || tmp == '\t') {
156 buf[i] = tmp;
157 continue;
158 }
159
160 if(tmp == '\r') {
161 seen_cr = 1;
162 continue;
163 }
164
165 if(tmp == '\n') {
166 /* line ends in NL only (no CR) */
167 buf[i] = 0;
168 return 0;
169 }
170
171 /* all other control characters cause an error */
172 do {
173 if(BIO_read(in, &tmp, 1) <= 0)
174 return 1;
175 } while(tmp != '\n');
176 return 1;
177 }
178
179 /* line too long */
180 do {
181 if(BIO_read(in, &tmp, 1) <= 0)
182 return 1;
183 } while(tmp != '\n');
184 return 1;
185 }
186
187 /*
188 * Strip trailing CRLF
189 */
190 static int
strip_eol(char * lin)191 strip_eol(char *lin)
192 {
193 while(*lin)
194 if(*lin == '\n' || (*lin == '\r' && *(lin + 1) == '\n')) {
195 *lin = '\0';
196 return 1;
197 } else
198 lin++;
199 return 0;
200 }
201
202 /*
203 * Copy chunked
204 */
205 static int
copy_chunks(BIO * const cl,BIO * const be,LONG * res_bytes,const int no_write,const LONG max_size)206 copy_chunks(BIO *const cl, BIO *const be, LONG *res_bytes, const int no_write, const LONG max_size)
207 {
208 char buf[MAXBUF];
209 LONG cont, tot_size;
210 regmatch_t matches[2];
211 int res;
212
213 for(tot_size = 0L;;) {
214 if((res = get_line(cl, buf, MAXBUF)) < 0) {
215 logmsg(LOG_NOTICE, "(%lx) chunked read error: %s", pthread_self(), strerror(errno));
216 return -1;
217 } else if(res > 0)
218 /* EOF */
219 return 0;
220 if(!regexec(&CHUNK_HEAD, buf, 2, matches, 0))
221 cont = STRTOL(buf, NULL, 16);
222 else {
223 /* not chunk header */
224 logmsg(LOG_NOTICE, "(%lx) bad chunk header <%s>: %s", pthread_self(), buf, strerror(errno));
225 return -2;
226 }
227 if(!no_write)
228 if(BIO_printf(be, "%s\r\n", buf) <= 0) {
229 logmsg(LOG_NOTICE, "(%lx) error write chunked: %s", pthread_self(), strerror(errno));
230 return -3;
231 }
232
233 tot_size += cont;
234 if(max_size > L0 && tot_size > max_size) {
235 logmsg(LOG_WARNING, "(%lx) chunk content too large", pthread_self);
236 return -4;
237 }
238
239 if(cont > L0) {
240 if(copy_bin(cl, be, cont, res_bytes, no_write)) {
241 if(errno)
242 logmsg(LOG_NOTICE, "(%lx) error copy chunk cont: %s", pthread_self(), strerror(errno));
243 return -4;
244 }
245 } else
246 break;
247 /* final CRLF */
248 if((res = get_line(cl, buf, MAXBUF)) < 0) {
249 logmsg(LOG_NOTICE, "(%lx) error after chunk: %s", pthread_self(), strerror(errno));
250 return -5;
251 } else if(res > 0) {
252 logmsg(LOG_NOTICE, "(%lx) unexpected EOF after chunk", pthread_self());
253 return -5;
254 }
255 if(buf[0])
256 logmsg(LOG_NOTICE, "(%lx) unexpected after chunk \"%s\"", pthread_self(), buf);
257 if(!no_write)
258 if(BIO_printf(be, "%s\r\n", buf) <= 0) {
259 logmsg(LOG_NOTICE, "(%lx) error after chunk write: %s", pthread_self(), strerror(errno));
260 return -6;
261 }
262 }
263 /* possibly trailing headers */
264 for(;;) {
265 if((res = get_line(cl, buf, MAXBUF)) < 0) {
266 logmsg(LOG_NOTICE, "(%lx) error post-chunk: %s", pthread_self(), strerror(errno));
267 return -7;
268 } else if(res > 0)
269 break;
270 if(!no_write)
271 if(BIO_printf(be, "%s\r\n", buf) <= 0) {
272 logmsg(LOG_NOTICE, "(%lx) error post-chunk write: %s", pthread_self(), strerror(errno));
273 return -8;
274 }
275 if(!buf[0])
276 break;
277 }
278 if(!no_write)
279 if(BIO_flush(be) != 1) {
280 logmsg(LOG_NOTICE, "(%lx) copy_chunks flush error: %s", pthread_self(), strerror(errno));
281 return -4;
282 }
283 return 0;
284 }
285
286 static int err_to = -1;
287
288 typedef struct {
289 int timeout;
290 RENEG_STATE *reneg_state;
291 } BIO_ARG;
292
293 /*
294 * Time-out for client read/gets
295 * the SSL manual says not to do it, but it works well enough anyway...
296 */
297 static long
bio_callback(BIO * const bio,const int cmd,const char * argp,int argi,long argl,long ret)298 bio_callback(BIO *const bio, const int cmd, const char *argp, int argi, long argl, long ret)
299 {
300 BIO_ARG *bio_arg;
301 struct pollfd p;
302 int to, p_res, p_err;
303
304 if(cmd != BIO_CB_READ && cmd != BIO_CB_WRITE)
305 return ret;
306
307 /* a time-out already occured */
308 if((bio_arg = (BIO_ARG*)BIO_get_callback_arg(bio))==NULL)
309 return ret;
310 if((to = bio_arg->timeout * 1000) < 0) {
311 errno = ETIMEDOUT;
312 return -1;
313 }
314
315 /* Renegotiations */
316 /* logmsg(LOG_NOTICE, "RENEG STATE %d", bio_arg->reneg_state==NULL?-1:*bio_arg->reneg_state); */
317 if (bio_arg->reneg_state != NULL && *bio_arg->reneg_state == RENEG_ABORT) {
318 logmsg(LOG_NOTICE, "REJECTING renegotiated session");
319 errno = ECONNABORTED;
320 return -1;
321 }
322
323 if (to == 0)
324 return ret;
325
326 for(;;) {
327 memset(&p, 0, sizeof(p));
328 BIO_get_fd(bio, &p.fd);
329 p.events = (cmd == BIO_CB_READ)? (POLLIN | POLLPRI): POLLOUT;
330 p_res = poll(&p, 1, to);
331 p_err = errno;
332 switch(p_res) {
333 case 1:
334 if(cmd == BIO_CB_READ) {
335 if((p.revents & POLLIN) || (p.revents & POLLPRI))
336 /* there is readable data */
337 return ret;
338 else {
339 #ifdef EBUG
340 logmsg(LOG_WARNING, "(%lx) CALLBACK read 0x%04x poll: %s",
341 pthread_self(), p.revents, strerror(p_err));
342 #endif
343 errno = EIO;
344 }
345 } else {
346 if(p.revents & POLLOUT)
347 /* data can be written */
348 return ret;
349 else {
350 #ifdef EBUG
351 logmsg(LOG_WARNING, "(%lx) CALLBACK write 0x%04x poll: %s",
352 pthread_self(), p.revents, strerror(p_err));
353 #endif
354 errno = ECONNRESET;
355 }
356 }
357 return -1;
358 case 0:
359 /* timeout - mark the BIO as unusable for the future */
360 bio_arg->timeout = err_to;
361 #ifdef EBUG
362 logmsg(LOG_WARNING, "(%lx) CALLBACK timeout poll after %d secs: %s",
363 pthread_self(), to / 1000, strerror(p_err));
364 #endif
365 errno = ETIMEDOUT;
366 return 0;
367 default:
368 /* error */
369 if(p_err != EINTR) {
370 #ifdef EBUG
371 logmsg(LOG_WARNING, "(%lx) CALLBACK bad %d poll: %s",
372 pthread_self(), p_res, strerror(p_err));
373 #endif
374 return -2;
375 #ifdef EBUG
376 } else
377 logmsg(LOG_WARNING, "(%lx) CALLBACK interrupted %d poll: %s",
378 pthread_self(), p_res, strerror(p_err));
379 #else
380 }
381 #endif
382 }
383 }
384 }
385
386 /*
387 * Check if the file underlying a BIO is readable
388 */
389 static int
is_readable(BIO * const bio,const int to_wait)390 is_readable(BIO *const bio, const int to_wait)
391 {
392 struct pollfd p;
393
394 if(BIO_pending(bio) > 0)
395 return 1;
396 memset(&p, 0, sizeof(p));
397 BIO_get_fd(bio, &p.fd);
398 p.events = POLLIN | POLLPRI;
399 return (poll(&p, 1, to_wait * 1000) > 0);
400 }
401
402 static void
free_headers(char ** headers)403 free_headers(char **headers)
404 {
405 int i;
406
407 for(i = 0; i < MAXHEADERS; i++)
408 if(headers[i])
409 free(headers[i]);
410 free(headers);
411 return;
412 }
413
414 static char **
get_headers(BIO * const in,BIO * const cl,const LISTENER * lstn)415 get_headers(BIO *const in, BIO *const cl, const LISTENER *lstn)
416 {
417 char **headers, buf[MAXBUF];
418 int res, n, has_eol;
419
420 /* HTTP/1.1 allows leading CRLF */
421 memset(buf, 0, MAXBUF);
422 while((res = get_line(in, buf, MAXBUF)) == 0)
423 if(buf[0])
424 break;
425
426 if(res < 0) {
427 /* this is expected to occur only on client reads */
428 /* logmsg(LOG_NOTICE, "headers: bad starting read"); */
429 return NULL;
430 }
431
432 if((headers = (char **)calloc(MAXHEADERS, sizeof(char *))) == NULL) {
433 logmsg(LOG_WARNING, "(%lx) e500 headers: out of memory", pthread_self());
434 err_reply(cl, h500, lstn->err500);
435 return NULL;
436 }
437 if((headers[0] = (char *)malloc(MAXBUF)) == NULL) {
438 free_headers(headers);
439 logmsg(LOG_WARNING, "(%lx) e500 header: out of memory", pthread_self());
440 err_reply(cl, h500, lstn->err500);
441 return NULL;
442 }
443 memset(headers[0], 0, MAXBUF);
444 strncpy(headers[0], buf, MAXBUF - 1);
445
446 for(n = 1; n < MAXHEADERS; n++) {
447 if(get_line(in, buf, MAXBUF)) {
448 free_headers(headers);
449 /* this is not necessarily an error, EOF/timeout are possible
450 logmsg(LOG_WARNING, "(%lx) e500 can't read header", pthread_self());
451 err_reply(cl, h500, lstn->err500);
452 */
453 return NULL;
454 }
455 if(!buf[0])
456 return headers;
457 if((headers[n] = (char *)malloc(MAXBUF)) == NULL) {
458 free_headers(headers);
459 logmsg(LOG_WARNING, "(%lx) e500 header: out of memory", pthread_self());
460 err_reply(cl, h500, lstn->err500);
461 return NULL;
462 }
463 memset(headers[n], 0, MAXBUF);
464 strncpy(headers[n], buf, MAXBUF - 1);
465 }
466
467 free_headers(headers);
468 logmsg(LOG_NOTICE, "(%lx) e500 too many headers", pthread_self());
469 err_reply(cl, h500, lstn->err500);
470 return NULL;
471 }
472
473 #define LOG_TIME_SIZE 32
474 /*
475 * Apache log-file-style time format
476 */
477 static void
log_time(char * res)478 log_time(char *res)
479 {
480 time_t now;
481 struct tm *t_now, t_res;
482
483 now = time(NULL);
484 #ifdef HAVE_LOCALTIME_R
485 t_now = localtime_r(&now, &t_res);
486 #else
487 t_now = localtime(&now);
488 #endif
489 strftime(res, LOG_TIME_SIZE - 1, "%d/%b/%Y:%H:%M:%S %z", t_now);
490 return;
491 }
492
493 static double
cur_time(void)494 cur_time(void)
495 {
496 #ifdef HAVE_GETTIMEOFDAY
497 struct timeval tv;
498 struct timezone tz;
499 int sv_errno;
500
501 sv_errno = errno;
502 gettimeofday(&tv, &tz);
503 errno = sv_errno;
504 return tv.tv_sec * 1000000.0 + tv.tv_usec;
505 #else
506 return time(NULL) * 1000000.0;
507 #endif
508 }
509
510 #define LOG_BYTES_SIZE 32
511 /*
512 * Apache log-file-style number format
513 */
514 static void
log_bytes(char * res,const LONG cnt)515 log_bytes(char *res, const LONG cnt)
516 {
517 if(cnt > L0)
518 #ifdef HAVE_LONG_LONG_INT
519 snprintf(res, LOG_BYTES_SIZE - 1, "%lld", cnt);
520 #else
521 snprintf(res, LOG_BYTES_SIZE - 1, "%ld", cnt);
522 #endif
523 else
524 strcpy(res, "-");
525 return;
526 }
527
528 /* Cleanup code. This should really be in the pthread_cleanup_push, except for bugs in some implementations */
529
530 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
531 # define clear_error()
532 #elif OPENSSL_VERSION_NUMBER >= 0x10000000L
533 # define clear_error() \
534 if(ssl != NULL) { ERR_clear_error(); ERR_remove_thread_state(NULL); }
535 #else
536 # define clear_error() \
537 if(ssl != NULL) { ERR_clear_error(); ERR_remove_state(0); }
538 #endif
539
540 #define clean_all() { \
541 if(ssl != NULL) { BIO_ssl_shutdown(cl); } \
542 if(be != NULL) { BIO_flush(be); BIO_reset(be); BIO_free_all(be); be = NULL; } \
543 if(cl != NULL) { BIO_flush(cl); BIO_reset(cl); BIO_free_all(cl); cl = NULL; } \
544 if(x509 != NULL) { X509_free(x509); x509 = NULL; } \
545 clear_error(); \
546 }
547
548 /*
549 * handle an HTTP request
550 */
551 void
do_http(thr_arg * arg)552 do_http(thr_arg *arg)
553 {
554 int cl_11, be_11, res, chunked, n, sock, no_cont, skip, conn_closed, force_10, sock_proto, is_rpc, is_ws;
555 LISTENER *lstn;
556 SERVICE *svc;
557 BACKEND *backend, *cur_backend, *old_backend;
558 struct addrinfo from_host, z_addr;
559 struct sockaddr_storage from_host_addr;
560 BIO *cl, *be, *bb, *b64;
561 X509 *x509;
562 char request[MAXBUF], response[MAXBUF], buf[MAXBUF], url[MAXBUF], loc_path[MAXBUF], **headers,
563 headers_ok[MAXHEADERS], v_host[MAXBUF], referer[MAXBUF], u_agent[MAXBUF], u_name[MAXBUF],
564 caddr[MAXBUF], req_time[LOG_TIME_SIZE], s_res_bytes[LOG_BYTES_SIZE], *mh;
565 SSL *ssl, *be_ssl;
566 LONG cont, res_bytes;
567 regmatch_t matches[4];
568 struct linger l;
569 double start_req, end_req;
570 RENEG_STATE reneg_state;
571 BIO_ARG ba1, ba2;
572
573 reneg_state = RENEG_INIT;
574 ba1.reneg_state = &reneg_state;
575 ba2.reneg_state = &reneg_state;
576 ba1.timeout = 0;
577 ba2.timeout = 0;
578 from_host = ((thr_arg *)arg)->from_host;
579 memcpy(&from_host_addr, from_host.ai_addr, from_host.ai_addrlen);
580 from_host.ai_addr = (struct sockaddr *)&from_host_addr;
581 lstn = ((thr_arg *)arg)->lstn;
582 sock = ((thr_arg *)arg)->sock;
583 free(((thr_arg *)arg)->from_host.ai_addr);
584 free(arg);
585
586 if(lstn->allow_client_reneg)
587 reneg_state = RENEG_ALLOW;
588
589 n = 1;
590 setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, (void *)&n, sizeof(n));
591 l.l_onoff = 1;
592 l.l_linger = 10;
593 setsockopt(sock, SOL_SOCKET, SO_LINGER, (void *)&l, sizeof(l));
594 #ifdef TCP_LINGER2
595 n = 5;
596 setsockopt(sock, SOL_TCP, TCP_LINGER2, (void *)&n, sizeof(n));
597 #endif
598 n = 1;
599 setsockopt(sock, SOL_TCP, TCP_NODELAY, (void *)&n, sizeof(n));
600
601 cl = NULL;
602 be = NULL;
603 ssl = NULL;
604 x509 = NULL;
605
606 if((cl = BIO_new_socket(sock, 1)) == NULL) {
607 logmsg(LOG_WARNING, "(%lx) BIO_new_socket failed", pthread_self());
608 shutdown(sock, 2);
609 close(sock);
610 return;
611 }
612 ba1.timeout = lstn->to;
613 BIO_set_callback_arg(cl, (char *)&ba1);
614 BIO_set_callback(cl, bio_callback);
615
616 if(lstn->ctx != NULL) {
617 if((ssl = SSL_new(lstn->ctx->ctx)) == NULL) {
618 logmsg(LOG_WARNING, "(%lx) SSL_new: failed", pthread_self());
619 BIO_reset(cl);
620 BIO_free_all(cl);
621 return;
622 }
623 SSL_set_app_data(ssl, &reneg_state);
624 SSL_set_bio(ssl, cl, cl);
625 if((bb = BIO_new(BIO_f_ssl())) == NULL) {
626 logmsg(LOG_WARNING, "(%lx) BIO_new(Bio_f_ssl()) failed", pthread_self());
627 BIO_reset(cl);
628 BIO_free_all(cl);
629 return;
630 }
631 BIO_set_ssl(bb, ssl, BIO_CLOSE);
632 BIO_set_ssl_mode(bb, 0);
633 cl = bb;
634 if(BIO_do_handshake(cl) <= 0) {
635 /* no need to log every client without a certificate...
636 addr2str(caddr, MAXBUF - 1, &from_host, 1);
637 logmsg(LOG_NOTICE, "BIO_do_handshake with %s failed: %s", caddr,
638 ERR_error_string(ERR_get_error(), NULL));
639 x509 = NULL;
640 */
641 BIO_reset(cl);
642 BIO_free_all(cl);
643 return;
644 } else {
645 if((x509 = SSL_get_peer_certificate(ssl)) != NULL && lstn->clnt_check < 3
646 && SSL_get_verify_result(ssl) != X509_V_OK) {
647 addr2str(caddr, MAXBUF - 1, &from_host, 1);
648 logmsg(LOG_NOTICE, "Bad certificate from %s", caddr);
649 X509_free(x509);
650 BIO_reset(cl);
651 BIO_free_all(cl);
652 return;
653 }
654 }
655 } else {
656 x509 = NULL;
657 }
658 cur_backend = NULL;
659
660 if((bb = BIO_new(BIO_f_buffer())) == NULL) {
661 logmsg(LOG_WARNING, "(%lx) BIO_new(buffer) failed", pthread_self());
662 if(x509 != NULL)
663 X509_free(x509);
664 BIO_reset(cl);
665 BIO_free_all(cl);
666 return;
667 }
668 BIO_set_close(cl, BIO_CLOSE);
669 BIO_set_buffer_size(cl, MAXBUF);
670 cl = BIO_push(bb, cl);
671
672 for(cl_11 = be_11 = 0;;) {
673 res_bytes = L0;
674 is_rpc = -1;
675 is_ws = 0;
676 v_host[0] = referer[0] = u_agent[0] = u_name[0] = '\0';
677 conn_closed = 0;
678 for(n = 0; n < MAXHEADERS; n++)
679 headers_ok[n] = 1;
680 if((headers = get_headers(cl, cl, lstn)) == NULL) {
681 if(!cl_11) {
682 if(errno) {
683 addr2str(caddr, MAXBUF - 1, &from_host, 1);
684 logmsg(LOG_NOTICE, "(%lx) error read from %s: %s", pthread_self(), caddr, strerror(errno));
685 /* err_reply(cl, h500, lstn->err500); */
686 }
687 }
688 clean_all();
689 return;
690 }
691 memset(req_time, 0, LOG_TIME_SIZE);
692 start_req = cur_time();
693 log_time(req_time);
694
695 /* check for correct request */
696 strncpy(request, headers[0], MAXBUF);
697 if(!regexec(&lstn->verb, request, 3, matches, 0)) {
698 no_cont = !strncasecmp(request + matches[1].rm_so, "HEAD", matches[1].rm_eo - matches[1].rm_so);
699 if(!strncasecmp(request + matches[1].rm_so, "RPC_IN_DATA", matches[1].rm_eo - matches[1].rm_so))
700 is_rpc = 1;
701 else if(!strncasecmp(request + matches[1].rm_so, "RPC_OUT_DATA", matches[1].rm_eo - matches[1].rm_so))
702 is_rpc = 0;
703 else if(!strncasecmp(request + matches[1].rm_so, "GET", matches[1].rm_eo - matches[1].rm_so))
704 is_ws |= 0x1;
705 } else {
706 addr2str(caddr, MAXBUF - 1, &from_host, 1);
707 logmsg(LOG_WARNING, "(%lx) e501 bad request \"%s\" from %s", pthread_self(), request, caddr);
708 err_reply(cl, h501, lstn->err501);
709 free_headers(headers);
710 clean_all();
711 return;
712 }
713 cl_11 = (request[strlen(request) - 1] == '1');
714 n = cpURL(url, request + matches[2].rm_so, matches[2].rm_eo - matches[2].rm_so);
715 if(n != strlen(url)) {
716 /* the URL probably contained a %00 aka NULL - which we don't allow */
717 addr2str(caddr, MAXBUF - 1, &from_host, 1);
718 logmsg(LOG_NOTICE, "(%lx) e501 URL \"%s\" (contains NULL) from %s", pthread_self(), url, caddr);
719 err_reply(cl, h501, lstn->err501);
720 free_headers(headers);
721 clean_all();
722 return;
723 }
724 if(lstn->has_pat && regexec(&lstn->url_pat, url, 0, NULL, 0)) {
725 addr2str(caddr, MAXBUF - 1, &from_host, 1);
726 logmsg(LOG_NOTICE, "(%lx) e501 bad URL \"%s\" from %s", pthread_self(), url, caddr);
727 err_reply(cl, h501, lstn->err501);
728 free_headers(headers);
729 clean_all();
730 return;
731 }
732
733 /* check other headers */
734 for(chunked = 0, cont = L_1, n = 1; n < MAXHEADERS && headers[n]; n++) {
735 /* no overflow - see check_header for details */
736 switch(check_header(headers[n], buf)) {
737 case HEADER_HOST:
738 strcpy(v_host, buf);
739 break;
740 case HEADER_REFERER:
741 strcpy(referer, buf);
742 break;
743 case HEADER_USER_AGENT:
744 strcpy(u_agent, buf);
745 break;
746 case HEADER_CONNECTION:
747 if(!strcasecmp("close", buf))
748 conn_closed = 1;
749 /* Connection: upgrade */
750 else if(!regexec(&CONN_UPGRD, buf, 0, NULL, 0))
751 is_ws |= 0x2;
752 break;
753 case HEADER_UPGRADE:
754 if(!strcasecmp("websocket", buf))
755 is_ws |= 0x4;
756 break;
757 case HEADER_TRANSFER_ENCODING:
758 if(!strcasecmp("chunked", buf))
759 chunked = 1;
760 else {
761 addr2str(caddr, MAXBUF - 1, &from_host, 1);
762 logmsg(LOG_NOTICE, "(%lx) e400 multiple Transfer-encoding \"%s\" from %s", pthread_self(), url, caddr);
763 err_reply(cl, h400, "Bad request: multiple Transfer-encoding values");
764 free_headers(headers);
765 clean_all();
766 return;
767 }
768 break;
769 case HEADER_CONTENT_LENGTH:
770 if(cont != L_1 || strchr(buf, ',')) {
771 addr2str(caddr, MAXBUF - 1, &from_host, 1);
772 logmsg(LOG_NOTICE, "(%lx) e400 multiple Content-length \"%s\" from %s", pthread_self(), url, caddr);
773 err_reply(cl, h400, "Bad request: multiple Content-length values");
774 free_headers(headers);
775 clean_all();
776 return;
777 }
778 for(mh = buf; *mh; mh++)
779 if(!isdigit(*mh)) {
780 addr2str(caddr, MAXBUF - 1, &from_host, 1);
781 logmsg(LOG_NOTICE, "(%lx) e400 Content-length bad value \"%s\" from %s", pthread_self(), url, caddr);
782 err_reply(cl, h400, "Bad request: Content-length bad value");
783 free_headers(headers);
784 clean_all();
785 return;
786 }
787 if((cont = ATOL(buf)) < 0L)
788 headers_ok[n] = 0;
789 if(is_rpc == 1 && (cont < 0x20000L || cont > 0x80000000L))
790 is_rpc = -1;
791 break;
792 case HEADER_EXPECT:
793 /*
794 * we do NOT support the "Expect: 100-continue" headers
795 * support may involve severe performance penalties (non-responding back-end, etc)
796 * as a stop-gap measure we just skip these headers
797 */
798 if(!strcasecmp("100-continue", buf))
799 headers_ok[n] = 0;
800 break;
801 case HEADER_ILLEGAL:
802 if(lstn->log_level > 0) {
803 addr2str(caddr, MAXBUF - 1, &from_host, 1);
804 logmsg(LOG_NOTICE, "(%lx) bad header from %s (%s)", pthread_self(), caddr, headers[n]);
805 }
806 headers_ok[n] = 0;
807 break;
808 }
809 if(headers_ok[n] && lstn->head_off) {
810 /* maybe header to be removed */
811 MATCHER *m;
812
813 for(m = lstn->head_off; m; m = m->next)
814 if(!(headers_ok[n] = regexec(&m->pat, headers[n], 0, NULL, 0)))
815 break;
816 }
817 /* get User name */
818 if(!regexec(&AUTHORIZATION, headers[n], 2, matches, 0)) {
819 int inlen;
820
821 if((bb = BIO_new(BIO_s_mem())) == NULL) {
822 logmsg(LOG_WARNING, "(%lx) Can't alloc BIO_s_mem", pthread_self());
823 continue;
824 }
825 if((b64 = BIO_new(BIO_f_base64())) == NULL) {
826 logmsg(LOG_WARNING, "(%lx) Can't alloc BIO_f_base64", pthread_self());
827 BIO_free(bb);
828 continue;
829 }
830 b64 = BIO_push(b64, bb);
831 BIO_write(bb, headers[n] + matches[1].rm_so, matches[1].rm_eo - matches[1].rm_so);
832 BIO_write(bb, "\n", 1);
833 if((inlen = BIO_read(b64, buf, MAXBUF - 1)) <= 0) {
834 logmsg(LOG_WARNING, "(%lx) Can't read BIO_f_base64", pthread_self());
835 BIO_free_all(b64);
836 continue;
837 }
838 BIO_free_all(b64);
839 if((mh = strchr(buf, ':')) == NULL) {
840 logmsg(LOG_WARNING, "(%lx) Unknown authentication", pthread_self());
841 continue;
842 }
843 *mh = '\0';
844 strcpy(u_name, buf);
845 }
846 }
847
848 /* check for possible request smuggling attempt */
849 if(chunked != 0 && cont != L_1) {
850 addr2str(caddr, MAXBUF - 1, &from_host, 1);
851 logmsg(LOG_NOTICE, "(%lx) e501 Transfer-encoding and Content-length \"%s\" from %s", pthread_self(), url, caddr);
852 err_reply(cl, h400, "Bad request: Transfer-encoding and Content-length headers present");
853 free_headers(headers);
854 clean_all();
855 return;
856 }
857
858 /* possibly limited request size */
859 if(lstn->max_req > L0 && cont > L0 && cont > lstn->max_req && is_rpc != 1) {
860 addr2str(caddr, MAXBUF - 1, &from_host, 1);
861 logmsg(LOG_NOTICE, "(%lx) e501 request too large (%ld) from %s", pthread_self(), cont, caddr);
862 err_reply(cl, h501, lstn->err501);
863 free_headers(headers);
864 clean_all();
865 return;
866 }
867
868 if(be != NULL) {
869 if(is_readable(be, 0)) {
870 /* The only way it's readable is if it's at EOF, so close it! */
871 BIO_reset(be);
872 BIO_free_all(be);
873 be = NULL;
874 }
875 }
876
877 /* check that the requested URL still fits the old back-end (if any) */
878 if((svc = get_service(lstn, url, &headers[1])) == NULL) {
879 addr2str(caddr, MAXBUF - 1, &from_host, 1);
880 logmsg(LOG_NOTICE, "(%lx) e503 no service \"%s\" from %s %s", pthread_self(), request, caddr, v_host[0]? v_host: "-");
881 err_reply(cl, h503, lstn->err503);
882 free_headers(headers);
883 clean_all();
884 return;
885 }
886 if((backend = get_backend(svc, &from_host, url, &headers[1])) == NULL) {
887 addr2str(caddr, MAXBUF - 1, &from_host, 1);
888 logmsg(LOG_NOTICE, "(%lx) e503 no back-end \"%s\" from %s %s", pthread_self(), request, caddr, v_host[0]? v_host: "-");
889 err_reply(cl, h503, lstn->err503);
890 free_headers(headers);
891 clean_all();
892 return;
893 }
894
895 if(be != NULL && backend != cur_backend) {
896 BIO_reset(be);
897 BIO_free_all(be);
898 be = NULL;
899 }
900 while(be == NULL && backend->be_type == 0) {
901 switch(backend->addr.ai_family) {
902 case AF_INET:
903 sock_proto = PF_INET;
904 break;
905 case AF_INET6:
906 sock_proto = PF_INET6;
907 break;
908 case AF_UNIX:
909 sock_proto = PF_UNIX;
910 break;
911 default:
912 logmsg(LOG_WARNING, "(%lx) e503 backend: unknown family %d", pthread_self(), backend->addr.ai_family);
913 err_reply(cl, h503, lstn->err503);
914 free_headers(headers);
915 clean_all();
916 return;
917 }
918 if((sock = socket(sock_proto, SOCK_STREAM, 0)) < 0) {
919 str_be(buf, MAXBUF - 1, backend);
920 logmsg(LOG_WARNING, "(%lx) e503 backend %s socket create: %s", pthread_self(), buf, strerror(errno));
921 err_reply(cl, h503, lstn->err503);
922 free_headers(headers);
923 clean_all();
924 return;
925 }
926 if(connect_nb(sock, &backend->addr, backend->conn_to) < 0) {
927 str_be(buf, MAXBUF - 1, backend);
928 logmsg(LOG_WARNING, "(%lx) backend %s connect: %s", pthread_self(), buf, strerror(errno));
929 shutdown(sock, 2);
930 close(sock);
931 /*
932 * kill the back-end only if no HAport is defined for it
933 * otherwise allow the HAport mechanism to do its job
934 */
935 memset(&z_addr, 0, sizeof(z_addr));
936 if(memcmp(&(backend->ha_addr), &(z_addr), sizeof(z_addr)) == 0)
937 kill_be(svc, backend, BE_KILL);
938 /*
939 * ...but make sure we don't get into a loop with the same back-end
940 */
941 old_backend = backend;
942 if((backend = get_backend(svc, &from_host, url, &headers[1])) == NULL || backend == old_backend) {
943 addr2str(caddr, MAXBUF - 1, &from_host, 1);
944 logmsg(LOG_NOTICE, "(%lx) e503 no back-end \"%s\" from %s", pthread_self(), request, caddr);
945 err_reply(cl, h503, lstn->err503);
946 free_headers(headers);
947 clean_all();
948 return;
949 }
950 continue;
951 }
952 if(sock_proto == PF_INET || sock_proto == PF_INET6) {
953 n = 1;
954 setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, (void *)&n, sizeof(n));
955 l.l_onoff = 1;
956 l.l_linger = 10;
957 setsockopt(sock, SOL_SOCKET, SO_LINGER, (void *)&l, sizeof(l));
958 #ifdef TCP_LINGER2
959 n = 5;
960 setsockopt(sock, SOL_TCP, TCP_LINGER2, (void *)&n, sizeof(n));
961 #endif
962 n = 1;
963 setsockopt(sock, SOL_TCP, TCP_NODELAY, (void *)&n, sizeof(n));
964 }
965 if((be = BIO_new_socket(sock, 1)) == NULL) {
966 logmsg(LOG_WARNING, "(%lx) e503 BIO_new_socket server failed", pthread_self());
967 shutdown(sock, 2);
968 close(sock);
969 err_reply(cl, h503, lstn->err503);
970 free_headers(headers);
971 clean_all();
972 return;
973 }
974 BIO_set_close(be, BIO_CLOSE);
975 if(backend->to > 0) {
976 ba2.timeout = backend->to;
977 BIO_set_callback_arg(be, (char *)&ba2);
978 BIO_set_callback(be, bio_callback);
979 }
980 if(backend->ctx != NULL) {
981 if((be_ssl = SSL_new(backend->ctx)) == NULL) {
982 logmsg(LOG_WARNING, "(%lx) be SSL_new: failed", pthread_self());
983 err_reply(cl, h503, lstn->err503);
984 free_headers(headers);
985 clean_all();
986 return;
987 }
988 SSL_set_bio(be_ssl, be, be);
989 if((bb = BIO_new(BIO_f_ssl())) == NULL) {
990 logmsg(LOG_WARNING, "(%lx) BIO_new(Bio_f_ssl()) failed", pthread_self());
991 err_reply(cl, h503, lstn->err503);
992 free_headers(headers);
993 clean_all();
994 return;
995 }
996 BIO_set_ssl(bb, be_ssl, BIO_CLOSE);
997 BIO_set_ssl_mode(bb, 1);
998 be = bb;
999 if(BIO_do_handshake(be) <= 0) {
1000 str_be(buf, MAXBUF - 1, backend);
1001 logmsg(LOG_NOTICE, "BIO_do_handshake with %s failed: %s", buf,
1002 ERR_error_string(ERR_get_error(), NULL));
1003 err_reply(cl, h503, lstn->err503);
1004 free_headers(headers);
1005 clean_all();
1006 return;
1007 }
1008 }
1009 if((bb = BIO_new(BIO_f_buffer())) == NULL) {
1010 logmsg(LOG_WARNING, "(%lx) e503 BIO_new(buffer) server failed", pthread_self());
1011 err_reply(cl, h503, lstn->err503);
1012 free_headers(headers);
1013 clean_all();
1014 return;
1015 }
1016 BIO_set_buffer_size(bb, MAXBUF);
1017 BIO_set_close(bb, BIO_CLOSE);
1018 be = BIO_push(bb, be);
1019 }
1020 cur_backend = backend;
1021
1022 /* if we have anything but a BACK_END we close the channel */
1023 if(be != NULL && cur_backend->be_type) {
1024 BIO_reset(be);
1025 BIO_free_all(be);
1026 be = NULL;
1027 }
1028
1029 /* send the request */
1030 if(cur_backend->be_type == 0) {
1031 for(n = 0; n < MAXHEADERS && headers[n]; n++) {
1032 if(!headers_ok[n])
1033 continue;
1034 /* this is the earliest we can check for Destination - we had no back-end before */
1035 if(lstn->rewr_dest && check_header(headers[n], buf) == HEADER_DESTINATION) {
1036 if(regexec(&LOCATION, buf, 4, matches, 0)) {
1037 logmsg(LOG_NOTICE, "(%lx) Can't parse Destination %s", pthread_self(), buf);
1038 break;
1039 }
1040 str_be(caddr, MAXBUF - 1, cur_backend);
1041 strcpy(loc_path, buf + matches[3].rm_so);
1042 snprintf(buf, MAXBUF, "Destination: http://%s%s", caddr, loc_path);
1043 free(headers[n]);
1044 if((headers[n] = strdup(buf)) == NULL) {
1045 logmsg(LOG_WARNING, "(%lx) rewrite Destination - out of memory: %s",
1046 pthread_self(), strerror(errno));
1047 free_headers(headers);
1048 clean_all();
1049 return;
1050 }
1051 }
1052 if(BIO_printf(be, "%s\r\n", headers[n]) <= 0) {
1053 str_be(buf, MAXBUF - 1, cur_backend);
1054 end_req = cur_time();
1055 logmsg(LOG_WARNING, "(%lx) e500 error write to %s/%s: %s (%.3f sec)",
1056 pthread_self(), buf, request, strerror(errno),
1057 (end_req - start_req) / 1000000.0);
1058 err_reply(cl, h500, lstn->err500);
1059 free_headers(headers);
1060 clean_all();
1061 return;
1062 }
1063 }
1064 /* add header if required */
1065 if(lstn->add_head != NULL)
1066 if(BIO_printf(be, "%s\r\n", lstn->add_head) <= 0) {
1067 str_be(buf, MAXBUF - 1, cur_backend);
1068 end_req = cur_time();
1069 logmsg(LOG_WARNING, "(%lx) e500 error write AddHeader to %s: %s (%.3f sec)",
1070 pthread_self(), buf, strerror(errno), (end_req - start_req) / 1000000.0);
1071 err_reply(cl, h500, lstn->err500);
1072 free_headers(headers);
1073 clean_all();
1074 return;
1075 }
1076 }
1077 free_headers(headers);
1078
1079 /* if SSL put additional headers for client certificate */
1080 if(cur_backend->be_type == 0 && ssl != NULL) {
1081 const SSL_CIPHER *cipher;
1082
1083 if((cipher = SSL_get_current_cipher(ssl)) != NULL) {
1084 SSL_CIPHER_description(cipher, buf, MAXBUF - 1);
1085 strip_eol(buf);
1086 if(BIO_printf(be, "X-SSL-cipher: %s/%s\r\n", SSL_get_version(ssl), buf) <= 0) {
1087 str_be(buf, MAXBUF - 1, cur_backend);
1088 end_req = cur_time();
1089 logmsg(LOG_WARNING, "(%lx) e500 error write X-SSL-cipher to %s: %s (%.3f sec)",
1090 pthread_self(), buf, strerror(errno), (end_req - start_req) / 1000000.0);
1091 err_reply(cl, h500, lstn->err500);
1092 clean_all();
1093 return;
1094 }
1095 }
1096
1097 if(lstn->clnt_check > 0 && x509 != NULL && (bb = BIO_new(BIO_s_mem())) != NULL) {
1098 X509_NAME_print_ex(bb, X509_get_subject_name(x509), 8, XN_FLAG_ONELINE & ~ASN1_STRFLGS_ESC_MSB);
1099 get_line(bb, buf, MAXBUF);
1100 if(BIO_printf(be, "X-SSL-Subject: %s\r\n", buf) <= 0) {
1101 str_be(buf, MAXBUF - 1, cur_backend);
1102 end_req = cur_time();
1103 logmsg(LOG_WARNING, "(%lx) e500 error write X-SSL-Subject to %s: %s (%.3f sec)",
1104 pthread_self(), buf, strerror(errno), (end_req - start_req) / 1000000.0);
1105 err_reply(cl, h500, lstn->err500);
1106 BIO_free_all(bb);
1107 clean_all();
1108 return;
1109 }
1110
1111 X509_NAME_print_ex(bb, X509_get_issuer_name(x509), 8, XN_FLAG_ONELINE & ~ASN1_STRFLGS_ESC_MSB);
1112 get_line(bb, buf, MAXBUF);
1113 if(BIO_printf(be, "X-SSL-Issuer: %s\r\n", buf) <= 0) {
1114 str_be(buf, MAXBUF - 1, cur_backend);
1115 end_req = cur_time();
1116 logmsg(LOG_WARNING, "(%lx) e500 error write X-SSL-Issuer to %s: %s (%.3f sec)",
1117 pthread_self(), buf, strerror(errno), (end_req - start_req) / 1000000.0);
1118 err_reply(cl, h500, lstn->err500);
1119 BIO_free_all(bb);
1120 clean_all();
1121 return;
1122 }
1123
1124 ASN1_TIME_print(bb, X509_get_notBefore(x509));
1125 get_line(bb, buf, MAXBUF);
1126 if(BIO_printf(be, "X-SSL-notBefore: %s\r\n", buf) <= 0) {
1127 str_be(buf, MAXBUF - 1, cur_backend);
1128 end_req = cur_time();
1129 logmsg(LOG_WARNING, "(%lx) e500 error write X-SSL-notBefore to %s: %s (%.3f sec)",
1130 pthread_self(), buf, strerror(errno), (end_req - start_req) / 1000000.0);
1131 err_reply(cl, h500, lstn->err500);
1132 BIO_free_all(bb);
1133 clean_all();
1134 return;
1135 }
1136
1137 ASN1_TIME_print(bb, X509_get_notAfter(x509));
1138 get_line(bb, buf, MAXBUF);
1139 if(BIO_printf(be, "X-SSL-notAfter: %s\r\n", buf) <= 0) {
1140 str_be(buf, MAXBUF - 1, cur_backend);
1141 end_req = cur_time();
1142 logmsg(LOG_WARNING, "(%lx) e500 error write X-SSL-notAfter to %s: %s (%.3f sec)",
1143 pthread_self(), buf, strerror(errno), (end_req - start_req) / 1000000.0);
1144 err_reply(cl, h500, lstn->err500);
1145 BIO_free_all(bb);
1146 clean_all();
1147 return;
1148 }
1149 if(BIO_printf(be, "X-SSL-serial: %ld\r\n", ASN1_INTEGER_get(X509_get_serialNumber(x509))) <= 0) {
1150 str_be(buf, MAXBUF - 1, cur_backend);
1151 end_req = cur_time();
1152 logmsg(LOG_WARNING, "(%lx) e500 error write X-SSL-serial to %s: %s (%.3f sec)",
1153 pthread_self(), buf, strerror(errno), (end_req - start_req) / 1000000.0);
1154 err_reply(cl, h500, lstn->err500);
1155 BIO_free_all(bb);
1156 clean_all();
1157 return;
1158 }
1159 PEM_write_bio_X509(bb, x509);
1160 get_line(bb, buf, MAXBUF);
1161 if(BIO_printf(be, "X-SSL-certificate: %s", buf) <= 0) {
1162 str_be(buf, MAXBUF - 1, cur_backend);
1163 end_req = cur_time();
1164 logmsg(LOG_WARNING, "(%lx) e500 error write X-SSL-certificate to %s: %s (%.3f sec)",
1165 pthread_self(), buf, strerror(errno), (end_req - start_req) / 1000000.0);
1166 err_reply(cl, h500, lstn->err500);
1167 BIO_free_all(bb);
1168 clean_all();
1169 return;
1170 }
1171 while(get_line(bb, buf, MAXBUF) == 0) {
1172 if(BIO_printf(be, "%s", buf) <= 0) {
1173 str_be(buf, MAXBUF - 1, cur_backend);
1174 end_req = cur_time();
1175 logmsg(LOG_WARNING, "(%lx) e500 error write X-SSL-certificate to %s: %s (%.3f sec)",
1176 pthread_self(), buf, strerror(errno), (end_req - start_req) / 1000000.0);
1177 err_reply(cl, h500, lstn->err500);
1178 BIO_free_all(bb);
1179 clean_all();
1180 return;
1181 }
1182 }
1183 if(BIO_printf(be, "\r\n") <= 0) {
1184 str_be(buf, MAXBUF - 1, cur_backend);
1185 end_req = cur_time();
1186 logmsg(LOG_WARNING, "(%lx) e500 error write X-SSL-certificate to %s: %s (%.3f sec)",
1187 pthread_self(), buf, strerror(errno), (end_req - start_req) / 1000000.0);
1188 err_reply(cl, h500, lstn->err500);
1189 BIO_free_all(bb);
1190 clean_all();
1191 return;
1192 }
1193 BIO_free_all(bb);
1194 }
1195 }
1196 /* put additional client IP header */
1197 if(cur_backend->be_type == 0) {
1198 addr2str(caddr, MAXBUF - 1, &from_host, 1);
1199 BIO_printf(be, "X-Forwarded-For: %s\r\n", caddr);
1200
1201 /* final CRLF */
1202 BIO_puts(be, "\r\n");
1203 }
1204
1205 if(cl_11 && chunked) {
1206 /* had Transfer-encoding: chunked so read/write all the chunks (HTTP/1.1 only) */
1207 if(copy_chunks(cl, be, NULL, cur_backend->be_type, lstn->max_req)) {
1208 str_be(buf, MAXBUF - 1, cur_backend);
1209 end_req = cur_time();
1210 addr2str(caddr, MAXBUF - 1, &from_host, 1);
1211 logmsg(LOG_NOTICE, "(%lx) e500 for %s copy_chunks to %s/%s (%.3f sec)",
1212 pthread_self(), caddr, buf, request, (end_req - start_req) / 1000000.0);
1213 err_reply(cl, h500, lstn->err500);
1214 clean_all();
1215 return;
1216 }
1217 } else if(cont > L0 && is_rpc != 1) {
1218 /* had Content-length, so do raw reads/writes for the length */
1219 if(copy_bin(cl, be, cont, NULL, cur_backend->be_type)) {
1220 str_be(buf, MAXBUF - 1, cur_backend);
1221 end_req = cur_time();
1222 addr2str(caddr, MAXBUF - 1, &from_host, 1);
1223 logmsg(LOG_NOTICE, "(%lx) e500 for %s error copy client cont to %s/%s: %s (%.3f sec)",
1224 pthread_self(), caddr, buf, request, strerror(errno), (end_req - start_req) / 1000000.0);
1225 err_reply(cl, h500, lstn->err500);
1226 clean_all();
1227 return;
1228 }
1229 } else if(cont > 0L && is_readable(cl, lstn->to)) {
1230 char one;
1231 BIO *cl_unbuf;
1232 /*
1233 * special mode for RPC_IN_DATA - content until EOF
1234 * force HTTP/1.0 - client closes connection when done.
1235 */
1236 cl_11 = be_11 = 0;
1237
1238 /*
1239 * first read whatever is already in the input buffer
1240 */
1241 while(BIO_pending(cl)) {
1242 if(BIO_read(cl, &one, 1) != 1) {
1243 logmsg(LOG_NOTICE, "(%lx) error read request pending: %s",
1244 pthread_self(), strerror(errno));
1245 clean_all();
1246 pthread_exit(NULL);
1247 }
1248 if (++res_bytes > cont) {
1249 logmsg(LOG_NOTICE, "(%lx) error read request pending: max. RPC length exceeded",
1250 pthread_self());
1251 clean_all();
1252 pthread_exit(NULL);
1253 }
1254 if(BIO_write(be, &one, 1) != 1) {
1255 if(errno)
1256 logmsg(LOG_NOTICE, "(%lx) error write request pending: %s",
1257 pthread_self(), strerror(errno));
1258 clean_all();
1259 pthread_exit(NULL);
1260 }
1261 }
1262 BIO_flush(be);
1263
1264 /*
1265 * find the socket BIO in the chain
1266 */
1267 if ((cl_unbuf = BIO_find_type(cl, lstn->ctx? BIO_TYPE_SSL : BIO_TYPE_SOCKET)) == NULL) {
1268 logmsg(LOG_WARNING, "(%lx) error get unbuffered: %s", pthread_self(), strerror(errno));
1269 clean_all();
1270 pthread_exit(NULL);
1271 }
1272
1273 /*
1274 * copy till EOF
1275 */
1276 while((res = BIO_read(cl_unbuf, buf, MAXBUF)) > 0) {
1277 if((res_bytes += res) > cont) {
1278 logmsg(LOG_NOTICE, "(%lx) error copy request body: max. RPC length exceeded",
1279 pthread_self());
1280 clean_all();
1281 pthread_exit(NULL);
1282 }
1283 if(BIO_write(be, buf, res) != res) {
1284 if(errno)
1285 logmsg(LOG_NOTICE, "(%lx) error copy request body: %s",
1286 pthread_self(), strerror(errno));
1287 clean_all();
1288 pthread_exit(NULL);
1289 } else {
1290 BIO_flush(be);
1291 }
1292 }
1293 }
1294
1295 /* flush to the back-end */
1296 if(cur_backend->be_type == 0 && BIO_flush(be) != 1) {
1297 str_be(buf, MAXBUF - 1, cur_backend);
1298 end_req = cur_time();
1299 addr2str(caddr, MAXBUF - 1, &from_host, 1);
1300 logmsg(LOG_NOTICE, "(%lx) e500 for %s error flush to %s/%s: %s (%.3f sec)",
1301 pthread_self(), caddr, buf, request, strerror(errno), (end_req - start_req) / 1000000.0);
1302 err_reply(cl, h500, lstn->err500);
1303 clean_all();
1304 return;
1305 }
1306
1307 /*
1308 * check on no_https_11:
1309 * - if 0 ignore
1310 * - if 1 and SSL force HTTP/1.0
1311 * - if 2 and SSL and MSIE force HTTP/1.0
1312 */
1313 switch(lstn->noHTTPS11) {
1314 case 1:
1315 force_10 = (ssl != NULL);
1316 break;
1317 case 2:
1318 force_10 = (ssl != NULL && strstr(u_agent, "MSIE") != NULL);
1319 break;
1320 default:
1321 force_10 = 0;
1322 break;
1323 }
1324
1325 /* if we have a redirector */
1326 if(cur_backend->be_type) {
1327 memset(buf, 0, sizeof(buf));
1328 if(!cur_backend->redir_req)
1329 snprintf(buf, sizeof(buf) - 1, "%s%s", cur_backend->url, url);
1330 else
1331 strncpy(buf, cur_backend->url, sizeof(buf) - 1);
1332 redirect_reply(cl, buf, cur_backend->be_type);
1333 addr2str(caddr, MAXBUF - 1, &from_host, 1);
1334 switch(lstn->log_level) {
1335 case 0:
1336 break;
1337 case 1:
1338 case 2:
1339 logmsg(LOG_INFO, "%s %s - REDIRECT %s", caddr, request, buf);
1340 break;
1341 case 3:
1342 if(v_host[0])
1343 logmsg(LOG_INFO, "%s %s - %s [%s] \"%s\" %d 0 \"%s\" \"%s\"", v_host, caddr,
1344 u_name[0]? u_name: "-", req_time, request, cur_backend->be_type, referer, u_agent);
1345 else
1346 logmsg(LOG_INFO, "%s - %s [%s] \"%s\" %d 0 \"%s\" \"%s\"", caddr,
1347 u_name[0]? u_name: "-", req_time, request, cur_backend->be_type, referer, u_agent);
1348 break;
1349 case 4:
1350 case 5:
1351 logmsg(LOG_INFO, "%s - %s [%s] \"%s\" %d 0 \"%s\" \"%s\"", caddr,
1352 u_name[0]? u_name: "-", req_time, request, cur_backend->be_type, referer, u_agent);
1353 break;
1354 }
1355 if(!cl_11 || conn_closed || force_10)
1356 break;
1357 continue;
1358 } else if(is_rpc == 1) {
1359 /* log RPC_IN_DATA */
1360 end_req = cur_time();
1361 memset(s_res_bytes, 0, LOG_BYTES_SIZE);
1362 /* actual request length */
1363 log_bytes(s_res_bytes, res_bytes);
1364 addr2str(caddr, MAXBUF - 1, &from_host, 1);
1365 str_be(buf, MAXBUF - 1, cur_backend);
1366 switch(lstn->log_level) {
1367 case 0:
1368 break;
1369 case 1:
1370 logmsg(LOG_INFO, "%s %s - -", caddr, request);
1371 break;
1372 case 2:
1373 if(v_host[0])
1374 logmsg(LOG_INFO, "%s %s - - (%s/%s -> %s) %.3f sec",
1375 caddr, request, v_host, svc->name[0]? svc->name: "-", buf,
1376 (end_req - start_req) / 1000000.0);
1377 else
1378 logmsg(LOG_INFO, "%s %s - - (%s -> %s) %.3f sec",
1379 caddr, request, svc->name[0]? svc->name: "-", buf,
1380 (end_req - start_req) / 1000000.0);
1381 break;
1382 case 3:
1383 logmsg(LOG_INFO, "%s %s - %s [%s] \"%s\" 000 %s \"%s\" \"%s\"",
1384 v_host[0]? v_host: "-",
1385 caddr, u_name[0]? u_name: "-", req_time, request,
1386 s_res_bytes, referer, u_agent);
1387 break;
1388 case 4:
1389 logmsg(LOG_INFO, "%s - %s [%s] \"%s\" 000 %s \"%s\" \"%s\"",
1390 caddr, u_name[0]? u_name: "-", req_time, request,
1391 s_res_bytes, referer, u_agent);
1392 break;
1393 case 5:
1394 logmsg(LOG_INFO, "%s %s - %s [%s] \"%s\" 000 %s \"%s\" \"%s\" (%s -> %s) %.3f sec",
1395 v_host[0]? v_host: "-",
1396 caddr, u_name[0]? u_name: "-", req_time, request,
1397 s_res_bytes, referer, u_agent, svc->name[0]? svc->name: "-", buf,
1398 (end_req - start_req) / 1000000.0);
1399 break;
1400 }
1401 /* no response expected - bail out */
1402 break;
1403 }
1404
1405 /* get the response */
1406 for(skip = 1; skip;) {
1407 if((headers = get_headers(be, cl, lstn)) == NULL) {
1408 str_be(buf, MAXBUF - 1, cur_backend);
1409 end_req = cur_time();
1410 addr2str(caddr, MAXBUF - 1, &from_host, 1);
1411 logmsg(LOG_NOTICE, "(%lx) e500 for %s response error read from %s/%s: %s (%.3f secs)",
1412 pthread_self(), caddr, buf, request, strerror(errno), (end_req - start_req) / 1000000.0);
1413 err_reply(cl, h500, lstn->err500);
1414 clean_all();
1415 return;
1416 }
1417
1418 strncpy(response, headers[0], MAXBUF);
1419 be_11 = (response[7] == '1');
1420 /* responses with code 100 are never passed back to the client */
1421 skip = !regexec(&RESP_SKIP, response, 0, NULL, 0);
1422 /* some response codes (1xx, 204, 304) have no content */
1423 if(!no_cont && !regexec(&RESP_IGN, response, 0, NULL, 0))
1424 no_cont = 1;
1425 if(!strncasecmp("101", response + 9, 3))
1426 is_ws |= 0x10;
1427
1428 for(chunked = 0, cont = -1L, n = 1; n < MAXHEADERS && headers[n]; n++) {
1429 switch(check_header(headers[n], buf)) {
1430 case HEADER_CONNECTION:
1431 if(!strcasecmp("close", buf))
1432 conn_closed = 1;
1433 /* Connection: upgrade */
1434 else if(!regexec(&CONN_UPGRD, buf, 0, NULL, 0))
1435 is_ws |= 0x20;
1436 break;
1437 case HEADER_UPGRADE:
1438 if(!strcasecmp("websocket", buf))
1439 is_ws |= 0x40;
1440 break;
1441 case HEADER_TRANSFER_ENCODING:
1442 if(!strcasecmp("chunked", buf)) {
1443 chunked = 1;
1444 no_cont = 0;
1445 }
1446 break;
1447 case HEADER_CONTENT_LENGTH:
1448 cont = ATOL(buf);
1449 /* treat RPC_OUT_DATA like reply without content-length */
1450 if(is_rpc == 0) {
1451 if(cont >= 0x20000L && cont <= 0x80000000L)
1452 cont = -1L;
1453 else
1454 is_rpc = -1;
1455 }
1456 break;
1457 case HEADER_LOCATION:
1458 if(v_host[0] && need_rewrite(lstn->rewr_loc, buf, loc_path, v_host, lstn, cur_backend)) {
1459 snprintf(buf, MAXBUF, "Location: %s://%s/%s",
1460 (ssl == NULL? "http": "https"), v_host, loc_path);
1461 free(headers[n]);
1462 if((headers[n] = strdup(buf)) == NULL) {
1463 logmsg(LOG_WARNING, "(%lx) rewrite Location - out of memory: %s",
1464 pthread_self(), strerror(errno));
1465 free_headers(headers);
1466 clean_all();
1467 return;
1468 }
1469 }
1470 break;
1471 case HEADER_CONTLOCATION:
1472 if(v_host[0] && need_rewrite(lstn->rewr_loc, buf, loc_path, v_host, lstn, cur_backend)) {
1473 snprintf(buf, MAXBUF, "Content-location: %s://%s/%s",
1474 (ssl == NULL? "http": "https"), v_host, loc_path);
1475 free(headers[n]);
1476 if((headers[n] = strdup(buf)) == NULL) {
1477 logmsg(LOG_WARNING, "(%lx) rewrite Content-location - out of memory: %s",
1478 pthread_self(), strerror(errno));
1479 free_headers(headers);
1480 clean_all();
1481 return;
1482 }
1483 }
1484 break;
1485 }
1486 }
1487
1488 /* possibly record session information (only for cookies/header) */
1489 upd_session(svc, &headers[1], cur_backend);
1490
1491 /* send the response */
1492 if(!skip)
1493 for(n = 0; n < MAXHEADERS && headers[n]; n++) {
1494 if(BIO_printf(cl, "%s\r\n", headers[n]) <= 0) {
1495 if(errno) {
1496 addr2str(caddr, MAXBUF - 1, &from_host, 1);
1497 logmsg(LOG_NOTICE, "(%lx) error write to %s: %s", pthread_self(), caddr, strerror(errno));
1498 }
1499 free_headers(headers);
1500 clean_all();
1501 return;
1502 }
1503 }
1504 free_headers(headers);
1505
1506 /* final CRLF */
1507 if(!skip)
1508 BIO_puts(cl, "\r\n");
1509 if(BIO_flush(cl) != 1) {
1510 if(errno) {
1511 addr2str(caddr, MAXBUF - 1, &from_host, 1);
1512 logmsg(LOG_NOTICE, "(%lx) error flush headers to %s: %s", pthread_self(), caddr, strerror(errno));
1513 }
1514 clean_all();
1515 return;
1516 }
1517
1518 if(!no_cont) {
1519 /* ignore this if request was HEAD or similar */
1520 if(be_11 && chunked) {
1521 /* had Transfer-encoding: chunked so read/write all the chunks (HTTP/1.1 only) */
1522 if(copy_chunks(be, cl, &res_bytes, skip, L0)) {
1523 /* copy_chunks() has its own error messages */
1524 clean_all();
1525 return;
1526 }
1527 } else if(cont >= L0) {
1528 /* may have had Content-length, so do raw reads/writes for the length */
1529 if(copy_bin(be, cl, cont, &res_bytes, skip)) {
1530 if(errno)
1531 logmsg(LOG_NOTICE, "(%lx) error copy server cont: %s", pthread_self(), strerror(errno));
1532 clean_all();
1533 return;
1534 }
1535 } else if(!skip) {
1536 if(is_readable(be, cur_backend->to)) {
1537 char one;
1538 BIO *be_unbuf;
1539 /*
1540 * old-style response - content until EOF
1541 * also implies the client may not use HTTP/1.1
1542 */
1543 cl_11 = be_11 = 0;
1544
1545 /*
1546 * first read whatever is already in the input buffer
1547 */
1548 while(BIO_pending(be)) {
1549 if(BIO_read(be, &one, 1) != 1) {
1550 logmsg(LOG_NOTICE, "(%lx) error read response pending: %s",
1551 pthread_self(), strerror(errno));
1552 clean_all();
1553 return;
1554 }
1555 if(BIO_write(cl, &one, 1) != 1) {
1556 if(errno)
1557 logmsg(LOG_NOTICE, "(%lx) error write response pending: %s",
1558 pthread_self(), strerror(errno));
1559 clean_all();
1560 return;
1561 }
1562 res_bytes++;
1563 }
1564 BIO_flush(cl);
1565
1566 /*
1567 * find the socket BIO in the chain
1568 */
1569 if((be_unbuf = BIO_find_type(be, cur_backend->ctx? BIO_TYPE_SSL : BIO_TYPE_SOCKET)) == NULL) {
1570 logmsg(LOG_WARNING, "(%lx) error get unbuffered: %s", pthread_self(), strerror(errno));
1571 clean_all();
1572 return;
1573 }
1574
1575 /*
1576 * copy till EOF
1577 */
1578 while((res = BIO_read(be_unbuf, buf, MAXBUF)) > 0) {
1579 if(BIO_write(cl, buf, res) != res) {
1580 if(errno)
1581 logmsg(LOG_NOTICE, "(%lx) error copy response body: %s",
1582 pthread_self(), strerror(errno));
1583 clean_all();
1584 return;
1585 } else {
1586 res_bytes += res;
1587 BIO_flush(cl);
1588 }
1589 }
1590 }
1591 }
1592 if(BIO_flush(cl) != 1) {
1593 /* client closes RPC_OUT_DATA connection - no error */
1594 if(is_rpc == 0 && res_bytes > 0L)
1595 break;
1596 if(errno) {
1597 addr2str(caddr, MAXBUF - 1, &from_host, 1);
1598 logmsg(LOG_NOTICE, "(%lx) error final flush to %s: %s", pthread_self(), caddr, strerror(errno));
1599 }
1600 clean_all();
1601 return;
1602 }
1603 } else if(is_ws == 0x77) {
1604 /*
1605 * special mode for Websockets - content until EOF
1606 */
1607 char one;
1608 BIO *cl_unbuf;
1609 BIO *be_unbuf;
1610 struct pollfd p[2];
1611
1612 cl_11 = be_11 = 0;
1613
1614 memset(p, 0, sizeof(p));
1615 BIO_get_fd(cl, &p[0].fd);
1616 p[0].events = POLLIN | POLLPRI;
1617 BIO_get_fd(be, &p[1].fd);
1618 p[1].events = POLLIN | POLLPRI;
1619
1620 while (BIO_pending(cl) || BIO_pending(be) || poll(p, 2, cur_backend->ws_to * 1000) > 0) {
1621
1622 /*
1623 * first read whatever is already in the input buffer
1624 */
1625 while(BIO_pending(cl)) {
1626 if(BIO_read(cl, &one, 1) != 1) {
1627 logmsg(LOG_NOTICE, "(%lx) error read ws request pending: %s",
1628 pthread_self(), strerror(errno));
1629 clean_all();
1630 return;
1631 }
1632 if(BIO_write(be, &one, 1) != 1) {
1633 if(errno)
1634 logmsg(LOG_NOTICE, "(%lx) error write ws request pending: %s",
1635 pthread_self(), strerror(errno));
1636 clean_all();
1637 return;
1638 }
1639 }
1640 BIO_flush(be);
1641
1642 while(BIO_pending(be)) {
1643 if(BIO_read(be, &one, 1) != 1) {
1644 logmsg(LOG_NOTICE, "(%lx) error read ws response pending: %s",
1645 pthread_self(), strerror(errno));
1646 clean_all();
1647 return;
1648 }
1649 if(BIO_write(cl, &one, 1) != 1) {
1650 if(errno)
1651 logmsg(LOG_NOTICE, "(%lx) error write ws response pending: %s",
1652 pthread_self(), strerror(errno));
1653 clean_all();
1654 return;
1655 }
1656 res_bytes++;
1657 }
1658 BIO_flush(cl);
1659
1660 /*
1661 * find the socket BIO in the chain
1662 */
1663 if ((cl_unbuf = BIO_find_type(cl, lstn->ctx? BIO_TYPE_SSL : BIO_TYPE_SOCKET)) == NULL) {
1664 logmsg(LOG_WARNING, "(%lx) error get unbuffered: %s", pthread_self(), strerror(errno));
1665 clean_all();
1666 return;
1667 }
1668 if((be_unbuf = BIO_find_type(be, cur_backend->ctx? BIO_TYPE_SSL : BIO_TYPE_SOCKET)) == NULL) {
1669 logmsg(LOG_WARNING, "(%lx) error get unbuffered: %s", pthread_self(), strerror(errno));
1670 clean_all();
1671 return;
1672 }
1673
1674 /*
1675 * copy till EOF
1676 */
1677 if(p[0].revents) {
1678 res = BIO_read(cl_unbuf, buf, MAXBUF);
1679 if(res <= 0) {
1680 break;
1681 }
1682 if(BIO_write(be, buf, res) != res) {
1683 if(errno)
1684 logmsg(LOG_NOTICE, "(%lx) error copy ws request body: %s",
1685 pthread_self(), strerror(errno));
1686 clean_all();
1687 return;
1688 } else {
1689 BIO_flush(be);
1690 }
1691 p[0].revents = 0;
1692 }
1693 if(p[1].revents) {
1694 res = BIO_read(be_unbuf, buf, MAXBUF);
1695 if(res <= 0) {
1696 break;
1697 }
1698 if(BIO_write(cl, buf, res) != res) {
1699 if(errno)
1700 logmsg(LOG_NOTICE, "(%lx) error copy ws response body: %s",
1701 pthread_self(), strerror(errno));
1702 clean_all();
1703 return;
1704 } else {
1705 res_bytes += res;
1706 BIO_flush(cl);
1707 }
1708 p[1].revents = 0;
1709 }
1710 }
1711 }
1712 }
1713 end_req = cur_time();
1714
1715 /* log what happened */
1716 memset(s_res_bytes, 0, LOG_BYTES_SIZE);
1717 log_bytes(s_res_bytes, res_bytes);
1718 addr2str(caddr, MAXBUF - 1, &from_host, 1);
1719 if(anonymise) {
1720 char *last;
1721
1722 if((last = strrchr(caddr, '.')) != NULL || (last = strrchr(caddr, ':')) != NULL)
1723 strcpy(++last, "0");
1724 }
1725 str_be(buf, MAXBUF - 1, cur_backend);
1726 switch(lstn->log_level) {
1727 case 0:
1728 break;
1729 case 1:
1730 logmsg(LOG_INFO, "%s %s - %s", caddr, request, response);
1731 break;
1732 case 2:
1733 if(v_host[0])
1734 logmsg(LOG_INFO, "%s %s - %s (%s/%s -> %s) %.3f sec",
1735 caddr, request, response, v_host, svc->name[0]? svc->name: "-", buf,
1736 (end_req - start_req) / 1000000.0);
1737 else
1738 logmsg(LOG_INFO, "%s %s - %s (%s -> %s) %.3f sec",
1739 caddr, request, response, svc->name[0]? svc->name: "-", buf,
1740 (end_req - start_req) / 1000000.0);
1741 break;
1742 case 3:
1743 logmsg(LOG_INFO, "%s %s - %s [%s] \"%s\" %c%c%c %s \"%s\" \"%s\"",
1744 v_host[0]? v_host: "-",
1745 caddr, u_name[0]? u_name: "-", req_time, request, response[9],
1746 response[10], response[11], s_res_bytes, referer, u_agent);
1747 break;
1748 case 4:
1749 logmsg(LOG_INFO, "%s - %s [%s] \"%s\" %c%c%c %s \"%s\" \"%s\"",
1750 caddr, u_name[0]? u_name: "-", req_time, request, response[9], response[10],
1751 response[11], s_res_bytes, referer, u_agent);
1752 break;
1753 case 5:
1754 logmsg(LOG_INFO, "%s %s - %s [%s] \"%s\" %c%c%c %s \"%s\" \"%s\" (%s -> %s) %.3f sec",
1755 v_host[0]? v_host: "-",
1756 caddr, u_name[0]? u_name: "-", req_time, request, response[9], response[10],
1757 response[11], s_res_bytes, referer, u_agent, svc->name[0]? svc->name: "-", buf,
1758 (end_req - start_req) / 1000000.0);
1759 break;
1760 }
1761
1762 if(!be_11) {
1763 BIO_reset(be);
1764 BIO_free_all(be);
1765 be = NULL;
1766 }
1767 /*
1768 * Stop processing if:
1769 * - client is not HTTP/1.1
1770 * or
1771 * - we had a "Connection: closed" header
1772 * or
1773 * - this is an SSL connection and we had a NoHTTPS11 directive
1774 */
1775 if(!cl_11 || conn_closed || force_10)
1776 break;
1777 }
1778
1779 /*
1780 * This may help with some versions of IE with a broken channel shutdown
1781 */
1782 if(ssl != NULL)
1783 SSL_set_shutdown(ssl, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
1784
1785 clean_all();
1786 return;
1787 }
1788
1789 void *
thr_http(void * dummy)1790 thr_http(void *dummy)
1791 {
1792 thr_arg *arg;
1793
1794 for(;;) {
1795 while((arg = get_thr_arg()) == NULL)
1796 logmsg(LOG_NOTICE, "NULL get_thr_arg");
1797 do_http(arg);
1798 }
1799 }
1800