002
2022-07-04
op
* Copyright (c) 2020, 2021, 2022 Omar Polo <op@omarpolo.com>
004
2020-10-02
op
* Permission to use, copy, modify, and distribute this software for any
005
2020-10-02
op
* purpose with or without fee is hereby granted, provided that the above
006
2020-10-02
op
* copyright notice and this permission notice appear in all copies.
008
2020-10-02
op
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
009
2020-10-02
op
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
010
2020-10-02
op
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
011
2020-10-02
op
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
012
2020-10-02
op
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
013
2020-10-02
op
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
014
2020-10-02
op
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
017
2021-02-12
op
#include "gmid.h"
019
2021-01-25
op
#include <sys/stat.h>
021
2020-10-07
op
#include <errno.h>
022
2020-10-02
op
#include <fcntl.h>
023
2021-06-29
op
#include <getopt.h>
024
2021-03-31
op
#include <libgen.h>
025
2021-02-01
op
#include <limits.h>
026
2021-01-25
op
#include <pwd.h>
027
2020-11-03
op
#include <signal.h>
028
2020-10-02
op
#include <string.h>
030
2022-09-08
op
static const char *opts = "D:df:hnP:Vv";
032
2022-03-19
op
static const struct option longopts[] = {
033
2021-06-29
op
{"help", no_argument, NULL, 'h'},
034
2021-06-29
op
{"version", no_argument, NULL, 'V'},
035
2021-06-29
op
{NULL, 0, NULL, 0},
038
2021-05-09
op
struct fcgi fcgi[FCGI_MAX];
040
2021-03-31
op
struct vhosthead hosts;
042
2021-03-19
op
int sock4, sock6;
044
2022-09-10
op
struct imsgbuf logibuf, servibuf[PROC_MAX];
046
2022-09-08
op
const char *config_path = "/etc/gmid.conf";
047
2022-09-08
op
const char *pidfile;
049
2021-01-15
op
struct conf conf;
051
2021-02-04
op
struct tls_config *tlsconf;
052
2021-01-25
op
struct tls *ctx;
054
2021-03-20
op
static void
055
2021-03-20
op
dummy_handler(int signo)
061
2021-01-25
op
load_vhosts(void)
063
2021-04-30
op
struct vhost *h;
064
2021-04-30
op
struct location *l;
066
2021-03-31
op
TAILQ_FOREACH(h, &hosts, vhosts) {
067
2021-04-30
op
TAILQ_FOREACH(l, &h->locations, locations) {
068
2022-10-05
op
if (*l->dir == '\0')
069
2021-04-30
op
continue;
070
2021-04-30
op
if ((l->dirfd = open(l->dir, O_RDONLY | O_DIRECTORY)) == -1)
071
2021-10-07
op
fatal("open %s for domain %s: %s", l->dir, h->domain,
072
2021-10-07
op
strerror(errno));
078
2020-10-15
op
make_socket(int port, int family)
080
2020-10-02
op
int sock, v;
081
2020-10-15
op
struct sockaddr_in addr4;
082
2020-10-15
op
struct sockaddr_in6 addr6;
083
2020-10-15
op
struct sockaddr *addr;
084
2020-10-15
op
socklen_t len;
086
2021-09-24
op
switch (family) {
087
2020-10-15
op
case AF_INET:
088
2021-09-24
op
memset(&addr4, 0, sizeof(addr4));
089
2020-10-15
op
addr4.sin_family = family;
090
2020-10-15
op
addr4.sin_port = htons(port);
091
2020-10-15
op
addr4.sin_addr.s_addr = INADDR_ANY;
092
2020-10-15
op
addr = (struct sockaddr*)&addr4;
093
2020-10-15
op
len = sizeof(addr4);
096
2020-10-15
op
case AF_INET6:
097
2021-09-24
op
memset(&addr6, 0, sizeof(addr6));
098
2020-10-15
op
addr6.sin6_family = AF_INET6;
099
2020-10-15
op
addr6.sin6_port = htons(port);
100
2020-10-15
op
addr6.sin6_addr = in6addr_any;
101
2020-10-15
op
addr = (struct sockaddr*)&addr6;
102
2020-10-15
op
len = sizeof(addr6);
106
2020-10-15
op
/* unreachable */
110
2020-10-15
op
if ((sock = socket(family, SOCK_STREAM, 0)) == -1)
111
2021-01-10
op
fatal("socket: %s", strerror(errno));
114
2020-10-02
op
if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &v, sizeof(v)) == -1)
115
2021-01-10
op
fatal("setsockopt(SO_REUSEADDR): %s", strerror(errno));
118
2020-10-02
op
if (setsockopt(sock, SOL_SOCKET, SO_REUSEPORT, &v, sizeof(v)) == -1)
119
2021-01-10
op
fatal("setsockopt(SO_REUSEPORT): %s", strerror(errno));
121
2020-10-07
op
mark_nonblock(sock);
123
2020-10-15
op
if (bind(sock, addr, len) == -1)
124
2021-01-10
op
fatal("bind: %s", strerror(errno));
126
2020-10-02
op
if (listen(sock, 16) == -1)
127
2021-01-10
op
fatal("listen: %s", strerror(errno));
129
2020-10-02
op
return sock;
132
2021-10-15
op
static void
133
2021-10-15
op
add_keypair(struct vhost *h)
135
2022-10-05
op
if (*h->ocsp == '\0') {
136
2021-10-15
op
if (tls_config_add_keypair_file(tlsconf, h->cert, h->key) == -1)
137
2021-10-15
op
fatal("failed to load the keypair (%s, %s)",
138
2021-10-15
op
h->cert, h->key);
140
2021-10-15
op
if (tls_config_add_keypair_ocsp_file(tlsconf, h->cert, h->key,
141
2021-10-15
op
h->ocsp) == -1)
142
2021-10-15
op
fatal("failed to load the keypair (%s, %s, %s)",
143
2021-10-15
op
h->cert, h->key, h->ocsp);
148
2021-01-25
op
setup_tls(void)
150
2021-01-25
op
struct vhost *h;
152
2021-01-16
op
if ((tlsconf = tls_config_new()) == NULL)
153
2021-01-18
op
fatal("tls_config_new");
155
2021-01-16
op
/* optionally accept client certs, but don't try to verify them */
156
2021-01-16
op
tls_config_verify_client_optional(tlsconf);
157
2021-01-16
op
tls_config_insecure_noverifycert(tlsconf);
159
2021-01-16
op
if (tls_config_set_protocols(tlsconf, conf.protos) == -1)
160
2021-01-18
op
fatal("tls_config_set_protocols");
162
2021-01-16
op
if ((ctx = tls_server()) == NULL)
163
2021-01-18
op
fatal("tls_server failure");
165
2021-03-31
op
h = TAILQ_FIRST(&hosts);
167
2021-01-25
op
/* we need to set something, then we can add how many key we want */
168
2021-03-31
op
if (tls_config_set_keypair_file(tlsconf, h->cert, h->key))
169
2021-02-04
op
fatal("tls_config_set_keypair_file failed for (%s, %s)",
170
2021-03-31
op
h->cert, h->key);
172
2021-10-15
op
/* same for OCSP */
173
2022-10-05
op
if (*h->ocsp != '\0' &&
174
2021-10-15
op
tls_config_set_ocsp_staple_file(tlsconf, h->ocsp) == -1)
175
2021-10-15
op
fatal("tls_config_set_ocsp_staple_file failed for (%s)",
176
2021-10-15
op
h->ocsp);
178
2021-10-15
op
while ((h = TAILQ_NEXT(h, vhosts)) != NULL)
179
2021-10-15
op
add_keypair(h);
181
2021-01-16
op
if (tls_configure(ctx, tlsconf) == -1)
182
2021-01-18
op
fatal("tls_configure: %s", tls_error(ctx));
185
2021-02-03
op
static int
186
2021-03-19
op
listener_main(struct imsgbuf *ibuf)
188
2021-02-07
op
drop_priv();
189
2022-09-10
op
if (load_default_mime(&conf.mime) == -1)
190
2022-04-08
op
fatal("load_default_mime: %s", strerror(errno));
191
2022-04-08
op
sort_mime(&conf.mime);
192
2021-01-25
op
load_vhosts();
193
2021-03-19
op
loop(ctx, sock4, sock6, ibuf);
194
2021-01-16
op
return 0;
198
2021-01-24
op
init_config(void)
200
2021-03-31
op
TAILQ_INIT(&hosts);
202
2021-01-15
op
conf.port = 1965;
203
2021-01-15
op
conf.ipv6 = 0;
204
2021-01-15
op
conf.protos = TLS_PROTOCOL_TLSv1_2 | TLS_PROTOCOL_TLSv1_3;
206
2021-01-21
op
init_mime(&conf.mime);
208
2021-02-07
op
conf.prefork = 3;
212
2021-02-04
op
free_config(void)
214
2021-03-31
op
struct vhost *h, *th;
215
2021-03-31
op
struct location *l, *tl;
216
2021-01-02
op
struct proxy *p, *tp;
217
2021-04-28
op
struct envlist *e, *te;
218
2021-04-29
op
struct alist *a, *ta;
221
2021-04-28
op
v = conf.verbose;
223
2022-04-08
op
free_mime(&conf.mime);
224
2021-02-04
op
memset(&conf, 0, sizeof(conf));
226
2021-04-28
op
conf.verbose = v;
228
2021-03-31
op
TAILQ_FOREACH_SAFE(h, &hosts, vhosts, th) {
229
2021-03-31
op
TAILQ_FOREACH_SAFE(l, &h->locations, locations, tl) {
230
2021-03-31
op
TAILQ_REMOVE(&h->locations, l, locations);
232
2021-04-30
op
if (l->dirfd != -1)
233
2021-04-30
op
close(l->dirfd);
238
2021-06-12
op
TAILQ_FOREACH_SAFE(e, &h->params, envs, te) {
239
2021-06-12
op
TAILQ_REMOVE(&h->params, e, envs);
243
2021-04-29
op
TAILQ_FOREACH_SAFE(a, &h->aliases, aliases, ta) {
244
2021-06-12
op
TAILQ_REMOVE(&h->aliases, a, aliases);
248
2021-01-02
op
TAILQ_FOREACH_SAFE(p, &h->proxies, proxies, tp) {
249
2021-01-02
op
TAILQ_REMOVE(&h->proxies, p, proxies);
250
2021-01-02
op
tls_unload_file(p->cert, p->certlen);
251
2021-01-02
op
tls_unload_file(p->key, p->keylen);
255
2021-03-31
op
TAILQ_REMOVE(&hosts, h, vhosts);
259
2022-10-05
op
memset(fcgi, 0, sizeof(fcgi));
261
2021-02-04
op
tls_free(ctx);
262
2021-02-04
op
tls_config_free(tlsconf);
265
2021-03-20
op
static int
266
2021-03-20
op
wait_signal(void)
268
2021-02-04
op
sigset_t mask;
269
2021-02-04
op
int signo;
271
2021-02-04
op
sigemptyset(&mask);
272
2021-02-04
op
sigaddset(&mask, SIGHUP);
273
2021-03-20
op
sigaddset(&mask, SIGINT);
274
2021-03-20
op
sigaddset(&mask, SIGTERM);
275
2021-02-04
op
sigwait(&mask, &signo);
277
2021-03-20
op
return signo == SIGHUP;
281
2021-01-25
op
drop_priv(void)
283
2021-01-25
op
struct passwd *pw = NULL;
285
2022-09-10
op
if (*conf.chroot != '\0' && *conf.user == '\0')
286
2021-01-25
op
fatal("can't chroot without an user to switch to after.");
288
2022-09-10
op
if (*conf.user != '\0') {
289
2021-01-25
op
if ((pw = getpwnam(conf.user)) == NULL)
290
2021-01-25
op
fatal("can't find user %s", conf.user);
293
2022-09-10
op
if (*conf.chroot != '\0') {
294
2021-01-25
op
if (chroot(conf.chroot) != 0 || chdir("/") != 0)
295
2021-01-25
op
fatal("%s: %s", conf.chroot, strerror(errno));
298
2021-01-25
op
if (pw != NULL) {
299
2021-01-25
op
if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) == -1)
300
2021-01-25
op
fatal("setresuid(%d): %s", pw->pw_uid,
301
2021-01-25
op
strerror(errno));
304
2021-01-25
op
if (getuid() == 0)
305
2021-02-07
op
log_warn(NULL, "not a good idea to run a network daemon as root");
308
2021-02-07
op
static void
309
2021-06-29
op
usage(void)
311
2021-02-07
op
fprintf(stderr,
312
2021-06-29
op
"Version: " GMID_STRING "\n"
313
2022-09-08
op
"Usage: %s [-dhnVv] [-D macro=value] [-f config] [-P pidfile]\n",
314
2021-06-29
op
getprogname());
317
2021-02-23
op
static void
318
2021-02-23
op
logger_init(void)
320
2021-02-23
op
int p[2];
322
2021-02-23
op
if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, p) == -1)
323
2021-02-23
op
err(1, "socketpair");
325
2021-02-23
op
switch (fork()) {
327
2021-02-23
op
err(1, "fork");
329
2021-03-19
op
signal(SIGHUP, SIG_IGN);
330
2021-02-23
op
close(p[0]);
331
2021-02-23
op
setproctitle("logger");
332
2021-03-19
op
imsg_init(&logibuf, p[1]);
333
2021-02-23
op
drop_priv();
334
2021-03-19
op
_exit(logger_main(p[1], &logibuf));
336
2021-02-23
op
close(p[1]);
337
2021-03-19
op
imsg_init(&logibuf, p[0]);
342
2022-09-06
op
static void
343
2022-09-06
op
serve(void)
345
2022-09-06
op
int i, p[2];
347
2021-02-03
op
/* setup tls before dropping privileges: we don't want user
348
2021-02-03
op
* to put private certs inside the chroot. */
349
2021-02-03
op
setup_tls();
351
2021-03-03
op
for (i = 0; i < conf.prefork; ++i) {
352
2021-03-03
op
if (socketpair(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC,
353
2021-03-03
op
PF_UNSPEC, p) == -1)
354
2021-03-03
op
fatal("socketpair: %s", strerror(errno));
356
2021-03-03
op
switch (fork()) {
358
2021-03-03
op
fatal("fork: %s", strerror(errno));
359
2021-03-03
op
case 0: /* child */
360
2021-03-03
op
close(p[0]);
361
2022-09-10
op
imsg_init(&servibuf[i], p[1]);
362
2021-03-03
op
setproctitle("server");
363
2022-09-10
op
_exit(listener_main(&servibuf[i]));
365
2021-03-03
op
close(p[1]);
366
2021-03-19
op
imsg_init(&servibuf[i], p[0]);
371
2021-04-28
op
static int
372
2021-04-28
op
write_pidfile(const char *pidfile)
374
2021-04-28
op
struct flock lock;
377
2021-04-28
op
if (pidfile == NULL)
378
2021-04-28
op
return -1;
380
2021-04-28
op
if ((fd = open(pidfile, O_WRONLY|O_CREAT|O_CLOEXEC, 0600)) == -1)
381
2021-04-28
op
fatal("can't open pidfile %s: %s", pidfile, strerror(errno));
383
2021-04-28
op
lock.l_start = 0;
384
2021-04-28
op
lock.l_len = 0;
385
2021-04-28
op
lock.l_type = F_WRLCK;
386
2021-04-28
op
lock.l_whence = SEEK_SET;
388
2021-04-28
op
if (fcntl(fd, F_SETLK, &lock) == -1)
389
2021-04-28
op
fatal("can't lock %s, gmid is already running?", pidfile);
391
2021-04-28
op
if (ftruncate(fd, 0) == -1)
392
2021-04-28
op
fatal("ftruncate: %s: %s", pidfile, strerror(errno));
394
2021-04-28
op
dprintf(fd, "%d\n", getpid());
396
2021-04-28
op
return fd;
400
2021-01-24
op
main(int argc, char **argv)
402
2022-09-08
op
int i, ch, conftest = 0;
403
2021-04-28
op
int pidfd, old_ipv6, old_port;
405
2021-07-07
op
logger_init();
406
2021-01-24
op
init_config();
408
2021-06-29
op
while ((ch = getopt_long(argc, argv, opts, longopts, NULL)) != -1) {
409
2020-10-02
op
switch (ch) {
410
2021-06-29
op
case 'D':
411
2021-06-29
op
if (cmdline_symset(optarg) == -1)
412
2021-07-07
op
fatal("could not parse macro definition: %s",
415
2022-09-08
op
case 'd':
416
2021-02-07
op
conf.foreground = 1;
418
2022-09-08
op
case 'f':
419
2022-09-08
op
config_path = absolutify_path(optarg);
421
2020-10-02
op
case 'h':
423
2020-10-02
op
return 0;
424
2021-01-15
op
case 'n':
425
2021-10-09
op
conftest++;
427
2021-04-28
op
case 'P':
428
2021-04-28
op
pidfile = optarg;
430
2021-06-29
op
case 'V':
431
2021-06-29
op
puts("Version: " GMID_STRING);
432
2021-06-29
op
return 0;
433
2021-01-27
op
case 'v':
434
2021-02-07
op
conf.verbose++;
438
2020-10-02
op
return 1;
441
2021-01-25
op
argc -= optind;
442
2021-01-25
op
argv += optind;
444
2022-09-08
op
if (argc != 0)
447
2022-09-08
op
parse_conf(config_path);
449
2021-01-18
op
if (conftest) {
450
2021-10-09
op
fprintf(stderr, "config OK\n");
451
2021-10-09
op
if (conftest > 1)
452
2021-10-09
op
print_conf();
453
2021-01-18
op
return 0;
456
2022-09-08
op
if (!conf.foreground) {
457
2021-07-07
op
/* log to syslog */
458
2021-07-07
op
imsg_compose(&logibuf, IMSG_LOG_TYPE, 0, 0, -1, NULL, 0);
459
2021-07-07
op
imsg_flush(&logibuf);
461
2021-01-17
op
if (daemon(1, 1) == -1)
462
2021-07-07
op
fatal("daemon: %s", strerror(errno));
465
2021-02-03
op
sock4 = make_socket(conf.port, AF_INET);
466
2021-02-03
op
sock6 = -1;
467
2021-02-03
op
if (conf.ipv6)
468
2021-02-03
op
sock6 = make_socket(conf.port, AF_INET6);
470
2021-04-20
op
signal(SIGPIPE, SIG_IGN);
472
2021-04-28
op
pidfd = write_pidfile(pidfile);
475
2021-07-07
op
* Linux seems to call the event handlers even when we're
476
2021-04-26
op
* doing a sigwait. These dummy handlers are here to avoid
477
2021-07-07
op
* being terminated on SIGHUP, SIGINT or SIGTERM.
479
2021-03-20
op
signal(SIGHUP, dummy_handler);
480
2021-03-20
op
signal(SIGINT, dummy_handler);
481
2021-03-20
op
signal(SIGTERM, dummy_handler);
483
2021-02-04
op
/* wait a sighup and reload the daemon */
484
2021-02-04
op
for (;;) {
487
2022-09-08
op
if (!wait_signal())
490
2021-02-07
op
log_info(NULL, "reloading configuration %s", config_path);
492
2022-09-06
op
/* close the servers */
493
2022-09-06
op
for (i = 0; i < conf.prefork; ++i) {
494
2022-09-06
op
imsg_compose(&servibuf[i], IMSG_QUIT, 0, 0, -1, NULL, 0);
495
2022-09-06
op
imsg_flush(&servibuf[i]);
496
2022-09-06
op
close(servibuf[i].fd);
499
2021-02-04
op
old_ipv6 = conf.ipv6;
500
2021-02-04
op
old_port = conf.port;
502
2021-02-04
op
free_config();
503
2021-02-04
op
init_config();
504
2021-02-04
op
parse_conf(config_path);
506
2021-02-04
op
if (old_port != conf.port) {
507
2021-02-04
op
close(sock4);
508
2021-02-04
op
close(sock6);
509
2021-02-04
op
sock4 = -1;
510
2021-02-04
op
sock6 = -1;
513
2021-02-04
op
if (sock6 != -1 && old_ipv6 != conf.ipv6) {
514
2021-02-04
op
close(sock6);
515
2021-02-04
op
sock6 = -1;
518
2021-02-04
op
if (sock4 == -1)
519
2021-02-04
op
sock4 = make_socket(conf.port, AF_INET);
520
2021-02-04
op
if (sock6 == -1 && conf.ipv6)
521
2021-02-04
op
sock6 = make_socket(conf.port, AF_INET6);
524
2022-09-10
op
for (i = 0; i < conf.prefork; ++i) {
525
2022-09-10
op
imsg_compose(&servibuf[i], IMSG_QUIT, 0, 0, -1, NULL, 0);
526
2022-09-10
op
imsg_flush(&servibuf[i]);
527
2022-09-10
op
close(servibuf[i].fd);
530
2021-03-20
op
imsg_compose(&logibuf, IMSG_QUIT, 0, 0, -1, NULL, 0);
531
2021-03-20
op
imsg_flush(&logibuf);
532
2022-09-10
op
close(logibuf.fd);
534
2021-04-28
op
if (pidfd != -1)
535
2021-04-28
op
close(pidfd);
537
2021-03-20
op
return 0;