1*5845290fSbluhm# $OpenBSD: Server.pm,v 1.14 2021/12/22 15:14:13 bluhm Exp $ 21f53c19fSbluhm 3*5845290fSbluhm# Copyright (c) 2010-2021 Alexander Bluhm <bluhm@openbsd.org> 41f53c19fSbluhm# 51f53c19fSbluhm# Permission to use, copy, modify, and distribute this software for any 61f53c19fSbluhm# purpose with or without fee is hereby granted, provided that the above 71f53c19fSbluhm# copyright notice and this permission notice appear in all copies. 81f53c19fSbluhm# 91f53c19fSbluhm# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 101f53c19fSbluhm# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 111f53c19fSbluhm# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 121f53c19fSbluhm# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 131f53c19fSbluhm# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 141f53c19fSbluhm# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 151f53c19fSbluhm# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 161f53c19fSbluhm 171f53c19fSbluhmuse strict; 181f53c19fSbluhmuse warnings; 191f53c19fSbluhm 201f53c19fSbluhmpackage Server; 211f53c19fSbluhmuse parent 'Proc'; 221f53c19fSbluhmuse Carp; 231f53c19fSbluhmuse Socket; 241f53c19fSbluhmuse Socket6; 251f53c19fSbluhmuse IO::Socket; 261f53c19fSbluhmuse IO::Socket::SSL; 271f53c19fSbluhm 281f53c19fSbluhmsub new { 291f53c19fSbluhm my $class = shift; 301f53c19fSbluhm my %args = @_; 31df3b6e8eSbluhm $args{ktracepid} = "ktrace" if $args{ktrace}; 32df3b6e8eSbluhm $args{ktracepid} = $ENV{KTRACE} if $ENV{KTRACE}; 331f53c19fSbluhm $args{ktracefile} ||= "server.ktrace"; 341f53c19fSbluhm $args{logfile} ||= "server.log"; 351f53c19fSbluhm $args{up} ||= "Accepted"; 361f53c19fSbluhm my $self = Proc::new($class, %args); 37a0156d40Sbluhm $self->{listenproto} ||= "udp"; 3873e391cdSbluhm defined($self->{listendomain}) 391f53c19fSbluhm or croak "$class listen domain not given"; 406d1e9c8eSbluhm return $self->listen(); 416d1e9c8eSbluhm} 426d1e9c8eSbluhm 436d1e9c8eSbluhmsub listen { 446d1e9c8eSbluhm my $self = shift; 451f53c19fSbluhm $SSL_ERROR = ""; 46a0156d40Sbluhm my $iosocket = $self->{listenproto} eq "tls" ? 47*5845290fSbluhm "IO::Socket::SSL" : "IO::Socket::IP"; 48a0156d40Sbluhm my $proto = $self->{listenproto}; 491f53c19fSbluhm $proto = "tcp" if $proto eq "tls"; 501f53c19fSbluhm my $ls = $iosocket->new( 511f53c19fSbluhm Proto => $proto, 521f53c19fSbluhm ReuseAddr => 1, 531f53c19fSbluhm Domain => $self->{listendomain}, 541f53c19fSbluhm $self->{listenaddr} ? (LocalAddr => $self->{listenaddr}) : (), 551f53c19fSbluhm $self->{listenport} ? (LocalPort => $self->{listenport}) : (), 56027fd6b9Sbluhm SSL_server => 1, 572bccb94aSbluhm SSL_key_file => "server.key", 582bccb94aSbluhm SSL_cert_file => "server.crt", 5915bf65a9Sbluhm SSL_ca_file => ($self->{sslca} || "ca.crt"), 6015bf65a9Sbluhm SSL_verify_mode => ($self->{sslca} ? 6115bf65a9Sbluhm SSL_VERIFY_PEER : SSL_VERIFY_NONE), 6215bf65a9Sbluhm $self->{sslca} ? (SSL_verifycn_scheme => "none") : (), 63dbe795f4Sbluhm $self->{sslversion} ? (SSL_version => $self->{sslversion}) : (), 64dbe795f4Sbluhm $self->{sslciphers} ? (SSL_cipher_list => $self->{sslciphers}) : (), 65ef01d180Sbluhm ) or die ref($self), " $iosocket socket failed: $!,$SSL_ERROR"; 6691c6fcb1Sbluhm if ($self->{sndbuf}) { 6791c6fcb1Sbluhm setsockopt($ls, SOL_SOCKET, SO_SNDBUF, 6891c6fcb1Sbluhm pack('i', $self->{sndbuf})) 6991c6fcb1Sbluhm or die ref($self), " set SO_SNDBUF failed: $!"; 7091c6fcb1Sbluhm } 7191c6fcb1Sbluhm if ($self->{rcvbuf}) { 7291c6fcb1Sbluhm setsockopt($ls, SOL_SOCKET, SO_RCVBUF, 7391c6fcb1Sbluhm pack('i', $self->{rcvbuf})) 7491c6fcb1Sbluhm or die ref($self), " set SO_RCVBUF failed: $!"; 7591c6fcb1Sbluhm } 762bccb94aSbluhm if ($self->{listenproto} ne "udp") { 771f53c19fSbluhm listen($ls, 1) 78ef01d180Sbluhm or die ref($self), " socket listen failed: $!"; 791f53c19fSbluhm } 801f53c19fSbluhm my $log = $self->{log}; 811f53c19fSbluhm print $log "listen sock: ",$ls->sockhost()," ",$ls->sockport(),"\n"; 821f53c19fSbluhm $self->{listenaddr} = $ls->sockhost() unless $self->{listenaddr}; 831f53c19fSbluhm $self->{listenport} = $ls->sockport() unless $self->{listenport}; 841f53c19fSbluhm $self->{ls} = $ls; 851f53c19fSbluhm return $self; 861f53c19fSbluhm} 871f53c19fSbluhm 886d1e9c8eSbluhmsub close { 896d1e9c8eSbluhm my $self = shift; 906d1e9c8eSbluhm $self->{ls}->close() 916d1e9c8eSbluhm or die ref($self)," ",ref($self->{ls}), 926d1e9c8eSbluhm " socket close failed: $!,$SSL_ERROR"; 936d1e9c8eSbluhm delete $self->{ls}; 946d1e9c8eSbluhm return $self; 956d1e9c8eSbluhm} 966d1e9c8eSbluhm 976d1e9c8eSbluhmsub run { 986d1e9c8eSbluhm my $self = shift; 996d1e9c8eSbluhm Proc::run($self, @_); 1006d1e9c8eSbluhm return $self->close(); 1016d1e9c8eSbluhm} 1026d1e9c8eSbluhm 1031f53c19fSbluhmsub child { 1041f53c19fSbluhm my $self = shift; 1051f53c19fSbluhm 106d8bc0d06Sbluhm # TLS 1.3 writes multiple messages without acknowledgement. 107d8bc0d06Sbluhm # If the other side closes early, we want broken pipe error. 108d8bc0d06Sbluhm $SIG{PIPE} = 'IGNORE' if $self->{listenproto} eq "tls"; 109d8bc0d06Sbluhm 1101f53c19fSbluhm my $as = $self->{ls}; 111a0156d40Sbluhm if ($self->{listenproto} ne "udp") { 1121f53c19fSbluhm $as = $self->{ls}->accept() 1132bccb94aSbluhm or die ref($self)," ",ref($self->{ls}), 1142bccb94aSbluhm " socket accept failed: $!,$SSL_ERROR"; 1151f53c19fSbluhm print STDERR "accept sock: ",$as->sockhost()," ", 1161f53c19fSbluhm $as->sockport(),"\n"; 1171f53c19fSbluhm print STDERR "accept peer: ",$as->peerhost()," ", 1181f53c19fSbluhm $as->peerport(),"\n"; 1191f53c19fSbluhm } 120dbe795f4Sbluhm if ($self->{listenproto} eq "tls") { 121dbe795f4Sbluhm print STDERR "ssl version: ",$as->get_sslversion(),"\n"; 122dbe795f4Sbluhm print STDERR "ssl cipher: ",$as->get_cipher(),"\n"; 123476918efSbluhm print STDERR "ssl subject: ", $as->peer_certificate("subject") 12415bf65a9Sbluhm ,"\n" if $self->{sslca}; 125dbe795f4Sbluhm } 1261f53c19fSbluhm 1271f53c19fSbluhm *STDIN = *STDOUT = $self->{as} = $as; 1281f53c19fSbluhm} 1291f53c19fSbluhm 1301f53c19fSbluhm1; 131