2 c68baad2 2023-06-06 op * Copyright (c) 2023 Omar Polo <op@omarpolo.com>
4 c68baad2 2023-06-06 op * Permission to use, copy, modify, and distribute this software for any
5 c68baad2 2023-06-06 op * purpose with or without fee is hereby granted, provided that the above
6 c68baad2 2023-06-06 op * copyright notice and this permission notice appear in all copies.
8 c68baad2 2023-06-06 op * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 c68baad2 2023-06-06 op * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 c68baad2 2023-06-06 op * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 c68baad2 2023-06-06 op * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 c68baad2 2023-06-06 op * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 c68baad2 2023-06-06 op * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 c68baad2 2023-06-06 op * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 c68baad2 2023-06-06 op #include "gmid.h"
19 c26f2460 2023-06-08 op #include <sys/stat.h>
21 c26f2460 2023-06-08 op #include <fcntl.h>
22 c26f2460 2023-06-08 op #include <limits.h>
23 c68baad2 2023-06-06 op #include <string.h>
25 86693a33 2023-06-11 op #include <openssl/pem.h>
27 c26f2460 2023-06-08 op #include "log.h"
28 c26f2460 2023-06-08 op #include "proc.h"
31 af1dab18 2023-06-09 op config_new(void)
33 af1dab18 2023-06-09 op struct conf *conf;
35 af1dab18 2023-06-09 op conf = xcalloc(1, sizeof(*conf));
37 af1dab18 2023-06-09 op TAILQ_INIT(&conf->fcgi);
38 af1dab18 2023-06-09 op TAILQ_INIT(&conf->hosts);
39 86693a33 2023-06-11 op TAILQ_INIT(&conf->pkis);
40 509d0509 2023-06-23 op TAILQ_INIT(&conf->addrs);
42 af1dab18 2023-06-09 op conf->protos = TLS_PROTOCOL_TLSv1_2 | TLS_PROTOCOL_TLSv1_3;
44 af1dab18 2023-06-09 op init_mime(&conf->mime);
46 af1dab18 2023-06-09 op conf->prefork = 3;
48 ba290ef3 2023-06-11 op #ifdef __OpenBSD__
49 ba290ef3 2023-06-11 op conf->use_privsep_crypto = 1;
56 af1dab18 2023-06-09 op config_purge(struct conf *conf)
58 c26f2460 2023-06-08 op struct privsep *ps;
59 5d22294a 2023-06-09 op struct fcgi *f, *tf;
60 c68baad2 2023-06-06 op struct vhost *h, *th;
61 c68baad2 2023-06-06 op struct location *l, *tl;
62 c68baad2 2023-06-06 op struct proxy *p, *tp;
63 c68baad2 2023-06-06 op struct envlist *e, *te;
64 c68baad2 2023-06-06 op struct alist *a, *ta;
65 86693a33 2023-06-11 op struct pki *pki, *tpki;
66 509d0509 2023-06-23 op struct address *addr, *taddr;
67 ba290ef3 2023-06-11 op int use_privsep_crypto;
69 af1dab18 2023-06-09 op ps = conf->ps;
70 ba290ef3 2023-06-11 op use_privsep_crypto = conf->use_privsep_crypto;
72 226f13ec 2023-07-24 op free(conf->log_access);
73 af1dab18 2023-06-09 op free_mime(&conf->mime);
74 af1dab18 2023-06-09 op TAILQ_FOREACH_SAFE(f, &conf->fcgi, fcgi, tf) {
75 af1dab18 2023-06-09 op TAILQ_REMOVE(&conf->fcgi, f, fcgi);
79 af1dab18 2023-06-09 op TAILQ_FOREACH_SAFE(h, &conf->hosts, vhosts, th) {
80 1c6967b3 2023-06-08 op free(h->cert_path);
81 1c6967b3 2023-06-08 op free(h->key_path);
82 1c6967b3 2023-06-08 op free(h->ocsp_path);
83 c26f2460 2023-06-08 op free(h->cert);
85 c26f2460 2023-06-08 op free(h->ocsp);
87 509d0509 2023-06-23 op TAILQ_FOREACH_SAFE(addr, &h->addrs, addrs, taddr) {
88 509d0509 2023-06-23 op TAILQ_REMOVE(&h->addrs, addr, addrs);
92 c68baad2 2023-06-06 op TAILQ_FOREACH_SAFE(l, &h->locations, locations, tl) {
93 c68baad2 2023-06-06 op TAILQ_REMOVE(&h->locations, l, locations);
95 c68baad2 2023-06-06 op if (l->dirfd != -1)
96 c68baad2 2023-06-06 op close(l->dirfd);
98 deadd9e1 2023-06-09 op free(l->reqca_path);
99 deadd9e1 2023-06-09 op X509_STORE_free(l->reqca);
101 a1ba9650 2023-07-23 op TAILQ_FOREACH_SAFE(e, &l->params, envs, te) {
102 a1ba9650 2023-07-23 op TAILQ_REMOVE(&l->params, e, envs);
109 c68baad2 2023-06-06 op TAILQ_FOREACH_SAFE(a, &h->aliases, aliases, ta) {
110 c68baad2 2023-06-06 op TAILQ_REMOVE(&h->aliases, a, aliases);
114 c68baad2 2023-06-06 op TAILQ_FOREACH_SAFE(p, &h->proxies, proxies, tp) {
115 c68baad2 2023-06-06 op TAILQ_REMOVE(&h->proxies, p, proxies);
116 deadd9e1 2023-06-09 op free(p->cert_path);
117 deadd9e1 2023-06-09 op free(p->cert);
118 deadd9e1 2023-06-09 op free(p->key_path);
119 deadd9e1 2023-06-09 op free(p->key);
120 deadd9e1 2023-06-09 op free(p->reqca_path);
121 deadd9e1 2023-06-09 op X509_STORE_free(p->reqca);
125 af1dab18 2023-06-09 op TAILQ_REMOVE(&conf->hosts, h, vhosts);
129 86693a33 2023-06-11 op TAILQ_FOREACH_SAFE(pki, &conf->pkis, pkis, tpki) {
130 86693a33 2023-06-11 op TAILQ_REMOVE(&conf->pkis, pki, pkis);
131 86693a33 2023-06-11 op free(pki->hash);
132 86693a33 2023-06-11 op EVP_PKEY_free(pki->pkey);
136 509d0509 2023-06-23 op TAILQ_FOREACH_SAFE(addr, &conf->addrs, addrs, taddr) {
137 509d0509 2023-06-23 op TAILQ_REMOVE(&conf->addrs, addr, addrs);
138 509d0509 2023-06-23 op if (addr->sock != -1) {
139 509d0509 2023-06-23 op close(addr->sock);
140 509d0509 2023-06-23 op event_del(&addr->evsock);
141 e50f85ad 2023-06-24 op tls_free(addr->ctx);
146 af1dab18 2023-06-09 op memset(conf, 0, sizeof(*conf));
148 af1dab18 2023-06-09 op conf->ps = ps;
149 ba290ef3 2023-06-11 op conf->use_privsep_crypto = use_privsep_crypto;
150 af1dab18 2023-06-09 op conf->protos = TLS_PROTOCOL_TLSv1_2 | TLS_PROTOCOL_TLSv1_3;
151 af1dab18 2023-06-09 op init_mime(&conf->mime);
152 af1dab18 2023-06-09 op TAILQ_INIT(&conf->fcgi);
153 af1dab18 2023-06-09 op TAILQ_INIT(&conf->hosts);
154 86693a33 2023-06-11 op TAILQ_INIT(&conf->pkis);
158 2e880a57 2023-06-10 op config_send_file(struct privsep *ps, enum privsep_procid id, int type,
159 2e880a57 2023-06-10 op int fd, void *data, size_t l)
164 c26f2460 2023-06-08 op proc_range(ps, id, &n, &m);
165 c26f2460 2023-06-08 op for (n = 0; n < m; ++n) {
167 deadd9e1 2023-06-09 op if (fd != -1 && (d = dup(fd)) == -1)
168 deadd9e1 2023-06-09 op fatal("dup %d", fd);
169 deadd9e1 2023-06-09 op if (proc_compose_imsg(ps, id, n, type, -1, d, data, l)
174 deadd9e1 2023-06-09 op if (fd != -1)
177 9fda9628 2023-06-24 op /* avoid fd rampage */
178 9fda9628 2023-06-24 op if (proc_flush_imsg(ps, id, -1) == -1) {
179 9fda9628 2023-06-24 op log_warn("%s: proc_fush_imsg", __func__);
187 2e880a57 2023-06-10 op config_open_send(struct privsep *ps, enum privsep_procid id, int type,
188 2e880a57 2023-06-10 op const char *path)
192 deadd9e1 2023-06-09 op log_debug("sending %s", path);
194 deadd9e1 2023-06-09 op if ((fd = open(path, O_RDONLY)) == -1)
195 deadd9e1 2023-06-09 op fatal("can't open %s", path);
197 2e880a57 2023-06-10 op return config_send_file(ps, id, type, fd, NULL, 0);
201 86693a33 2023-06-11 op config_send_kp(struct privsep *ps, int cert_type, int key_type,
202 86693a33 2023-06-11 op const char *cert, const char *key)
204 ba290ef3 2023-06-11 op struct conf *conf = ps->ps_env;
205 ba290ef3 2023-06-11 op int fd, d, key_target;
207 86693a33 2023-06-11 op log_debug("sending %s", cert);
208 86693a33 2023-06-11 op if ((fd = open(cert, O_RDONLY)) == -1)
209 86693a33 2023-06-11 op fatal("can't open %s", cert);
210 86693a33 2023-06-11 op if ((d = dup(fd)) == -1)
213 86693a33 2023-06-11 op if (config_send_file(ps, PROC_SERVER, cert_type, fd, NULL, 0) == -1) {
217 ba290ef3 2023-06-11 op if (conf->use_privsep_crypto &&
218 ba290ef3 2023-06-11 op config_send_file(ps, PROC_CRYPTO, cert_type, d, NULL, 0) == -1)
221 ba290ef3 2023-06-11 op key_target = PROC_CRYPTO;
222 ba290ef3 2023-06-11 op if (!conf->use_privsep_crypto)
223 ba290ef3 2023-06-11 op key_target = PROC_SERVER;
225 89cfcb45 2023-06-12 op if (config_open_send(ps, key_target, key_type, key) == -1)
232 509d0509 2023-06-23 op config_send_socks(struct conf *conf)
234 509d0509 2023-06-23 op struct privsep *ps = conf->ps;
235 509d0509 2023-06-23 op struct address *addr, a;
238 509d0509 2023-06-23 op TAILQ_FOREACH(addr, &conf->addrs, addrs) {
239 509d0509 2023-06-23 op sock = socket(addr->ai_family, addr->ai_socktype,
240 509d0509 2023-06-23 op addr->ai_protocol);
241 509d0509 2023-06-23 op if (sock == -1)
242 509d0509 2023-06-23 op fatal("socket");
245 509d0509 2023-06-23 op if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &v, sizeof(v))
247 509d0509 2023-06-23 op fatal("setsockopt(SO_REUSEADDR)");
250 509d0509 2023-06-23 op if (setsockopt(sock, SOL_SOCKET, SO_REUSEPORT, &v, sizeof(v))
252 509d0509 2023-06-23 op fatal("setsockopt(SO_REUSEPORT)");
254 509d0509 2023-06-23 op mark_nonblock(sock);
256 509d0509 2023-06-23 op if (bind(sock, (struct sockaddr *)&addr->ss, addr->slen)
258 509d0509 2023-06-23 op fatal("bind");
260 509d0509 2023-06-23 op if (listen(sock, 16) == -1)
261 509d0509 2023-06-23 op fatal("listen");
263 509d0509 2023-06-23 op memcpy(&a, addr, sizeof(a));
264 509d0509 2023-06-23 op a.conf = NULL;
266 509d0509 2023-06-23 op memset(&a.evsock, 0, sizeof(a.evsock));
267 509d0509 2023-06-23 op memset(&a.addrs, 0, sizeof(a.addrs));
269 509d0509 2023-06-23 op if (config_send_file(ps, PROC_SERVER, IMSG_RECONF_SOCK, sock,
270 509d0509 2023-06-23 op &a, sizeof(a)) == -1)
278 e45334e6 2023-06-09 op config_send(struct conf *conf)
280 c26f2460 2023-06-08 op struct privsep *ps = conf->ps;
281 c26f2460 2023-06-08 op struct etm *m;
282 5d22294a 2023-06-09 op struct fcgi *fcgi;
283 c26f2460 2023-06-08 op struct vhost *h;
284 c26f2460 2023-06-08 op struct location *l;
285 c26f2460 2023-06-08 op struct proxy *p;
286 c26f2460 2023-06-08 op struct envlist *e;
287 c26f2460 2023-06-08 op struct alist *a;
290 c26f2460 2023-06-08 op for (i = 0; i < conf->mime.len; ++i) {
291 c26f2460 2023-06-08 op m = &conf->mime.t[i];
292 c26f2460 2023-06-08 op if (proc_compose(ps, PROC_SERVER, IMSG_RECONF_MIME,
293 c26f2460 2023-06-08 op m, sizeof(*m)) == -1)
297 c26f2460 2023-06-08 op if (proc_compose(ps, PROC_SERVER, IMSG_RECONF_PROTOS,
298 c26f2460 2023-06-08 op &conf->protos, sizeof(conf->protos)) == -1)
301 c26f2460 2023-06-08 op if (config_send_socks(conf) == -1)
304 5d22294a 2023-06-09 op TAILQ_FOREACH(fcgi, &conf->fcgi, fcgi) {
305 5d22294a 2023-06-09 op log_debug("sending fastcgi %s", fcgi->path);
306 c26f2460 2023-06-08 op if (proc_compose(ps, PROC_SERVER, IMSG_RECONF_FCGI,
307 5d22294a 2023-06-09 op fcgi, sizeof(*fcgi)) == -1)
311 e45334e6 2023-06-09 op TAILQ_FOREACH(h, &conf->hosts, vhosts) {
312 1c6967b3 2023-06-08 op struct vhost vcopy;
313 a0a42860 2023-06-24 op struct address *addr, acopy;
315 1c6967b3 2023-06-08 op memcpy(&vcopy, h, sizeof(vcopy));
316 1c6967b3 2023-06-08 op vcopy.cert_path = NULL;
317 1c6967b3 2023-06-08 op vcopy.key_path = NULL;
318 1c6967b3 2023-06-08 op vcopy.ocsp_path = NULL;
320 c26f2460 2023-06-08 op log_debug("sending host %s", h->domain);
322 c26f2460 2023-06-08 op if (proc_compose(ps, PROC_SERVER, IMSG_RECONF_HOST,
323 1c6967b3 2023-06-08 op &vcopy, sizeof(vcopy)) == -1)
326 86693a33 2023-06-11 op if (config_send_kp(ps, IMSG_RECONF_CERT, IMSG_RECONF_KEY,
327 86693a33 2023-06-11 op h->cert_path, h->key_path) == -1)
330 1c6967b3 2023-06-08 op if (h->ocsp_path != NULL) {
331 15e60fdf 2023-06-11 op if (config_open_send(ps, PROC_SERVER, IMSG_RECONF_OCSP,
332 15e60fdf 2023-06-11 op h->ocsp_path) == -1)
336 a0a42860 2023-06-24 op TAILQ_FOREACH(addr, &h->addrs, addrs) {
337 a0a42860 2023-06-24 op memcpy(&acopy, addr, sizeof(acopy));
338 a0a42860 2023-06-24 op memset(&acopy.addrs, 0, sizeof(acopy.addrs));
340 a0a42860 2023-06-24 op if (proc_compose(ps, PROC_SERVER,
341 a0a42860 2023-06-24 op IMSG_RECONF_HOST_ADDR, &acopy, sizeof(acopy))
346 a0a42860 2023-06-24 op if (proc_flush_imsg(ps, PROC_SERVER, -1) == -1) {
347 a0a42860 2023-06-24 op log_warn("%s: proc_fush_imsg", __func__);
351 c26f2460 2023-06-08 op TAILQ_FOREACH(l, &h->locations, locations) {
352 deadd9e1 2023-06-09 op struct location lcopy;
355 deadd9e1 2023-06-09 op memcpy(&lcopy, l, sizeof(lcopy));
356 deadd9e1 2023-06-09 op lcopy.reqca_path = NULL;
357 deadd9e1 2023-06-09 op lcopy.reqca = NULL;
358 deadd9e1 2023-06-09 op lcopy.dirfd = -1;
359 deadd9e1 2023-06-09 op memset(&lcopy.locations, 0, sizeof(lcopy.locations));
361 deadd9e1 2023-06-09 op if (l->reqca_path != NULL &&
362 deadd9e1 2023-06-09 op (fd = open(l->reqca_path, O_RDONLY)) == -1)
363 deadd9e1 2023-06-09 op fatal("can't open %s", l->reqca_path);
365 2e880a57 2023-06-10 op if (config_send_file(ps, PROC_SERVER, IMSG_RECONF_LOC,
366 2e880a57 2023-06-10 op fd, &lcopy, sizeof(lcopy)) == -1)
369 a1ba9650 2023-07-23 op TAILQ_FOREACH(e, &l->params, envs) {
370 a1ba9650 2023-07-23 op if (proc_compose(ps, PROC_SERVER,
371 a1ba9650 2023-07-23 op IMSG_RECONF_ENV, e, sizeof(*e)) == -1)
376 c26f2460 2023-06-08 op if (proc_flush_imsg(ps, PROC_SERVER, -1) == -1)
379 c26f2460 2023-06-08 op TAILQ_FOREACH(a, &h->aliases, aliases) {
380 c26f2460 2023-06-08 op if (proc_compose(ps, PROC_SERVER, IMSG_RECONF_ALIAS,
381 c26f2460 2023-06-08 op a, sizeof(*a)) == -1)
385 c26f2460 2023-06-08 op if (proc_flush_imsg(ps, PROC_SERVER, -1) == -1)
388 c26f2460 2023-06-08 op TAILQ_FOREACH(p, &h->proxies, proxies) {
389 deadd9e1 2023-06-09 op struct proxy pcopy;
392 deadd9e1 2023-06-09 op memcpy(&pcopy, p, sizeof(pcopy));
393 deadd9e1 2023-06-09 op pcopy.cert_path = NULL;
394 deadd9e1 2023-06-09 op pcopy.cert = NULL;
395 deadd9e1 2023-06-09 op pcopy.certlen = 0;
396 deadd9e1 2023-06-09 op pcopy.key_path = NULL;
397 deadd9e1 2023-06-09 op pcopy.key = NULL;
398 deadd9e1 2023-06-09 op pcopy.keylen = 0;
399 deadd9e1 2023-06-09 op pcopy.reqca_path = NULL;
400 deadd9e1 2023-06-09 op pcopy.reqca = NULL;
402 deadd9e1 2023-06-09 op if (p->reqca_path != NULL) {
403 deadd9e1 2023-06-09 op fd = open(p->reqca_path, O_RDONLY);
404 deadd9e1 2023-06-09 op if (fd == -1)
405 deadd9e1 2023-06-09 op fatal("can't open %s", p->reqca_path);
408 2e880a57 2023-06-10 op if (config_send_file(ps, PROC_SERVER, IMSG_RECONF_PROXY,
409 2e880a57 2023-06-10 op fd, &pcopy, sizeof(pcopy)) == -1)
412 86693a33 2023-06-11 op if (p->cert_path == NULL || p->key_path == NULL)
415 86693a33 2023-06-11 op if (config_open_send(ps, PROC_SERVER,
416 86693a33 2023-06-11 op IMSG_RECONF_PROXY_CERT, p->cert_path) == -1 ||
417 2e880a57 2023-06-10 op config_open_send(ps, PROC_SERVER,
418 2e880a57 2023-06-10 op IMSG_RECONF_PROXY_KEY, p->key_path) == -1)
427 c26f2460 2023-06-08 op load_file(int fd, uint8_t **data, size_t *len)
429 c26f2460 2023-06-08 op struct stat sb;
432 c26f2460 2023-06-08 op if (fstat(fd, &sb) == -1)
433 c26f2460 2023-06-08 op fatal("fstat");
435 c26f2460 2023-06-08 op if (sb.st_size < 0 /* || sb.st_size > SIZE_MAX */) {
436 c26f2460 2023-06-08 op log_warnx("file too large");
440 c26f2460 2023-06-08 op *len = sb.st_size;
442 c26f2460 2023-06-08 op if ((*data = malloc(*len)) == NULL)
443 c26f2460 2023-06-08 op fatal("malloc");
445 4ad573d0 2023-06-11 op r = pread(fd, *data, *len, 0);
446 4ad573d0 2023-06-11 op if (r == -1 || (size_t)r != *len) {
447 4ad573d0 2023-06-11 op log_warn("read failed");
458 86693a33 2023-06-11 op config_crypto_recv_kp(struct conf *conf, struct imsg *imsg)
460 86693a33 2023-06-11 op static struct pki *pki;
464 86693a33 2023-06-11 op /* XXX: check for duplicates */
466 86693a33 2023-06-11 op if (imsg->fd == -1)
467 86693a33 2023-06-11 op fatalx("no fd for imsg %d", imsg->hdr.type);
469 86693a33 2023-06-11 op switch (imsg->hdr.type) {
470 86693a33 2023-06-11 op case IMSG_RECONF_CERT:
471 86693a33 2023-06-11 op if (pki != NULL)
472 86693a33 2023-06-11 op fatalx("imsg in wrong order; pki is not NULL");
473 86693a33 2023-06-11 op if ((pki = calloc(1, sizeof(*pki))) == NULL)
474 86693a33 2023-06-11 op fatal("calloc");
475 86693a33 2023-06-11 op if (load_file(imsg->fd, &d, &len) == -1)
476 86693a33 2023-06-11 op fatalx("can't load file");
477 86693a33 2023-06-11 op if ((pki->hash = ssl_pubkey_hash(d, len)) == NULL)
478 86693a33 2023-06-11 op fatalx("failed to compute cert hash");
480 86693a33 2023-06-11 op TAILQ_INSERT_TAIL(&conf->pkis, pki, pkis);
483 86693a33 2023-06-11 op case IMSG_RECONF_KEY:
484 86693a33 2023-06-11 op if (pki == NULL)
485 86693a33 2023-06-11 op fatalx("got key without cert beforehand %d",
486 86693a33 2023-06-11 op imsg->hdr.type);
487 86693a33 2023-06-11 op if (load_file(imsg->fd, &d, &len) == -1)
488 86693a33 2023-06-11 op fatalx("failed to load private key");
489 86693a33 2023-06-11 op if ((pki->pkey = ssl_load_pkey(d, len)) == NULL)
490 86693a33 2023-06-11 op fatalx("failed load private key");
503 c26f2460 2023-06-08 op config_recv(struct conf *conf, struct imsg *imsg)
505 c26f2460 2023-06-08 op static struct vhost *h;
506 a1ba9650 2023-07-23 op static struct location *l;
507 deadd9e1 2023-06-09 op static struct proxy *p;
508 c26f2460 2023-06-08 op struct privsep *ps = conf->ps;
509 c26f2460 2023-06-08 op struct etm m;
510 5d22294a 2023-06-09 op struct fcgi *fcgi;
511 c26f2460 2023-06-08 op struct vhost *vh, vht;
512 c26f2460 2023-06-08 op struct location *loc;
513 c26f2460 2023-06-08 op struct envlist *env;
514 c26f2460 2023-06-08 op struct alist *alias;
515 c26f2460 2023-06-08 op struct proxy *proxy;
516 509d0509 2023-06-23 op struct address *addr;
518 2cef5cf4 2023-06-12 op size_t len, datalen;
520 c26f2460 2023-06-08 op datalen = IMSG_DATA_SIZE(imsg);
522 c26f2460 2023-06-08 op switch (imsg->hdr.type) {
523 c26f2460 2023-06-08 op case IMSG_RECONF_START:
524 af1dab18 2023-06-09 op config_purge(conf);
529 c26f2460 2023-06-08 op case IMSG_RECONF_MIME:
530 c26f2460 2023-06-08 op IMSG_SIZE_CHECK(imsg, &m);
531 c26f2460 2023-06-08 op memcpy(&m, imsg->data, datalen);
532 c26f2460 2023-06-08 op if (m.mime[sizeof(m.mime) - 1] != '\0' ||
533 c26f2460 2023-06-08 op m.ext[sizeof(m.ext) - 1] != '\0')
534 c26f2460 2023-06-08 op fatal("received corrupted IMSG_RECONF_MIME");
535 c26f2460 2023-06-08 op if (add_mime(&conf->mime, m.mime, m.ext) == -1)
536 c26f2460 2023-06-08 op fatal("failed to add mime mapping %s -> %s",
537 c26f2460 2023-06-08 op m.mime, m.ext);
540 c26f2460 2023-06-08 op case IMSG_RECONF_PROTOS:
541 c26f2460 2023-06-08 op IMSG_SIZE_CHECK(imsg, &conf->protos);
542 c26f2460 2023-06-08 op memcpy(&conf->protos, imsg->data, datalen);
545 509d0509 2023-06-23 op case IMSG_RECONF_SOCK:
546 509d0509 2023-06-23 op addr = xcalloc(1, sizeof(*addr));
547 509d0509 2023-06-23 op IMSG_SIZE_CHECK(imsg, addr);
548 509d0509 2023-06-23 op memcpy(addr, imsg->data, sizeof(*addr));
549 c26f2460 2023-06-08 op if (imsg->fd == -1)
550 35dd3fc8 2023-06-24 op fatalx("missing socket for IMSG_RECONF_SOCK");
551 509d0509 2023-06-23 op addr->conf = conf;
552 509d0509 2023-06-23 op addr->sock = imsg->fd;
553 509d0509 2023-06-23 op event_set(&addr->evsock, addr->sock, EV_READ|EV_PERSIST,
554 71b02f63 2023-07-01 op server_accept, addr);
555 e50f85ad 2023-06-24 op if ((addr->ctx = tls_server()) == NULL)
556 e50f85ad 2023-06-24 op fatal("tls_server failure");
557 509d0509 2023-06-23 op TAILQ_INSERT_HEAD(&conf->addrs, addr, addrs);
560 c26f2460 2023-06-08 op case IMSG_RECONF_FCGI:
561 5d22294a 2023-06-09 op IMSG_SIZE_CHECK(imsg, fcgi);
562 5d22294a 2023-06-09 op fcgi = xcalloc(1, sizeof(*fcgi));
563 5d22294a 2023-06-09 op memcpy(fcgi, imsg->data, datalen);
564 5d22294a 2023-06-09 op log_debug("received fcgi %s", fcgi->path);
565 5d22294a 2023-06-09 op TAILQ_INSERT_TAIL(&conf->fcgi, fcgi, fcgi);
568 c26f2460 2023-06-08 op case IMSG_RECONF_HOST:
569 c26f2460 2023-06-08 op IMSG_SIZE_CHECK(imsg, &vht);
570 c26f2460 2023-06-08 op memcpy(&vht, imsg->data, datalen);
571 c26f2460 2023-06-08 op vh = new_vhost();
572 c26f2460 2023-06-08 op strlcpy(vh->domain, vht.domain, sizeof(vh->domain));
574 e45334e6 2023-06-09 op TAILQ_INSERT_TAIL(&conf->hosts, h, vhosts);
576 a1ba9650 2023-07-23 op /* reset location and proxy */
581 c26f2460 2023-06-08 op case IMSG_RECONF_CERT:
582 c26f2460 2023-06-08 op log_debug("receiving cert");
583 86693a33 2023-06-11 op if (privsep_process == PROC_CRYPTO)
584 86693a33 2023-06-11 op return config_crypto_recv_kp(conf, imsg);
585 c26f2460 2023-06-08 op if (h == NULL)
586 c26f2460 2023-06-08 op fatalx("recv'd cert without host");
587 c26f2460 2023-06-08 op if (h->cert != NULL)
588 c26f2460 2023-06-08 op fatalx("cert already received");
589 c26f2460 2023-06-08 op if (imsg->fd == -1)
590 c26f2460 2023-06-08 op fatalx("no fd for IMSG_RECONF_CERT");
591 c26f2460 2023-06-08 op if (load_file(imsg->fd, &h->cert, &h->certlen) == -1)
592 c26f2460 2023-06-08 op fatalx("failed to load cert for %s",
596 c26f2460 2023-06-08 op case IMSG_RECONF_KEY:
597 c26f2460 2023-06-08 op log_debug("receiving key");
598 86693a33 2023-06-11 op if (privsep_process == PROC_CRYPTO)
599 86693a33 2023-06-11 op return config_crypto_recv_kp(conf, imsg);
600 c26f2460 2023-06-08 op if (h == NULL)
601 c26f2460 2023-06-08 op fatalx("recv'd key without host");
602 c26f2460 2023-06-08 op if (h->key != NULL)
603 c26f2460 2023-06-08 op fatalx("key already received");
604 c26f2460 2023-06-08 op if (imsg->fd == -1)
605 c26f2460 2023-06-08 op fatalx("no fd for IMSG_RECONF_KEY");
606 c26f2460 2023-06-08 op if (load_file(imsg->fd, &h->key, &h->keylen) == -1)
607 c26f2460 2023-06-08 op fatalx("failed to load key for %s",
611 c26f2460 2023-06-08 op case IMSG_RECONF_OCSP:
612 c26f2460 2023-06-08 op log_debug("receiving ocsp");
613 c26f2460 2023-06-08 op if (h == NULL)
614 c26f2460 2023-06-08 op fatalx("recv'd ocsp without host");
615 c26f2460 2023-06-08 op if (h->ocsp != NULL)
616 c26f2460 2023-06-08 op fatalx("ocsp already received");
617 c26f2460 2023-06-08 op if (imsg->fd == -1)
618 c26f2460 2023-06-08 op fatalx("no fd for IMSG_RECONF_OCSP");
619 c26f2460 2023-06-08 op if (load_file(imsg->fd, &h->ocsp, &h->ocsplen) == -1)
620 c26f2460 2023-06-08 op fatalx("failed to load ocsp for %s",
624 a0a42860 2023-06-24 op case IMSG_RECONF_HOST_ADDR:
625 a0a42860 2023-06-24 op log_debug("receiving host addr");
626 a0a42860 2023-06-24 op if (h == NULL)
627 a0a42860 2023-06-24 op fatalx("recv'd host address withouth host");
628 a0a42860 2023-06-24 op IMSG_SIZE_CHECK(imsg, addr);
629 a0a42860 2023-06-24 op addr = xcalloc(1, sizeof(*addr));
630 a0a42860 2023-06-24 op memcpy(addr, imsg->data, datalen);
631 a0a42860 2023-06-24 op TAILQ_INSERT_TAIL(&h->addrs, addr, addrs);
634 c26f2460 2023-06-08 op case IMSG_RECONF_LOC:
635 c26f2460 2023-06-08 op if (h == NULL)
636 c26f2460 2023-06-08 op fatalx("recv'd location without host");
637 c26f2460 2023-06-08 op IMSG_SIZE_CHECK(imsg, loc);
638 c26f2460 2023-06-08 op loc = xcalloc(1, sizeof(*loc));
639 c26f2460 2023-06-08 op memcpy(loc, imsg->data, datalen);
640 a1ba9650 2023-07-23 op TAILQ_INIT(&loc->params);
642 deadd9e1 2023-06-09 op if (imsg->fd != -1) {
643 2cef5cf4 2023-06-12 op if (load_file(imsg->fd, &d, &len) == -1)
644 2cef5cf4 2023-06-12 op fatal("load_file");
645 2cef5cf4 2023-06-12 op loc->reqca = load_ca(d, len);
646 deadd9e1 2023-06-09 op if (loc->reqca == NULL)
647 deadd9e1 2023-06-09 op fatalx("failed to load CA");
652 c26f2460 2023-06-08 op TAILQ_INSERT_TAIL(&h->locations, loc, locations);
655 c26f2460 2023-06-08 op case IMSG_RECONF_ENV:
656 a1ba9650 2023-07-23 op if (l == NULL)
657 a1ba9650 2023-07-23 op fatalx("recv'd env without location");
658 c26f2460 2023-06-08 op IMSG_SIZE_CHECK(imsg, env);
659 c26f2460 2023-06-08 op env = xcalloc(1, sizeof(*env));
660 c26f2460 2023-06-08 op memcpy(env, imsg->data, datalen);
661 a1ba9650 2023-07-23 op TAILQ_INSERT_TAIL(&l->params, env, envs);
664 c26f2460 2023-06-08 op case IMSG_RECONF_ALIAS:
665 c26f2460 2023-06-08 op if (h == NULL)
666 c26f2460 2023-06-08 op fatalx("recv'd alias without host");
667 c26f2460 2023-06-08 op IMSG_SIZE_CHECK(imsg, alias);
668 c26f2460 2023-06-08 op alias = xcalloc(1, sizeof(*alias));
669 c26f2460 2023-06-08 op memcpy(alias, imsg->data, datalen);
670 c26f2460 2023-06-08 op TAILQ_INSERT_TAIL(&h->aliases, alias, aliases);
673 c26f2460 2023-06-08 op case IMSG_RECONF_PROXY:
674 c26f2460 2023-06-08 op log_debug("receiving proxy");
675 c26f2460 2023-06-08 op if (h == NULL)
676 c26f2460 2023-06-08 op fatalx("recv'd proxy without host");
677 c26f2460 2023-06-08 op IMSG_SIZE_CHECK(imsg, proxy);
678 c26f2460 2023-06-08 op proxy = xcalloc(1, sizeof(*proxy));
679 c26f2460 2023-06-08 op memcpy(proxy, imsg->data, datalen);
681 deadd9e1 2023-06-09 op if (imsg->fd != -1) {
682 2cef5cf4 2023-06-12 op if (load_file(imsg->fd, &d, &len) == -1)
683 2cef5cf4 2023-06-12 op fatal("load_file");
684 2cef5cf4 2023-06-12 op proxy->reqca = load_ca(d, len);
685 deadd9e1 2023-06-09 op if (proxy->reqca == NULL)
686 deadd9e1 2023-06-09 op fatal("failed to load CA");
690 c26f2460 2023-06-08 op TAILQ_INSERT_TAIL(&h->proxies, proxy, proxies);
694 deadd9e1 2023-06-09 op case IMSG_RECONF_PROXY_CERT:
695 deadd9e1 2023-06-09 op log_debug("receiving proxy cert");
696 deadd9e1 2023-06-09 op if (p == NULL)
697 deadd9e1 2023-06-09 op fatalx("recv'd proxy cert without proxy");
698 deadd9e1 2023-06-09 op if (p->cert != NULL)
699 deadd9e1 2023-06-09 op fatalx("proxy cert already received");
700 deadd9e1 2023-06-09 op if (imsg->fd == -1)
701 deadd9e1 2023-06-09 op fatalx("no fd for IMSG_RECONF_PROXY_CERT");
702 deadd9e1 2023-06-09 op if (load_file(imsg->fd, &p->cert, &p->certlen) == -1)
703 deadd9e1 2023-06-09 op fatalx("failed to load cert for proxy %s of %s",
704 deadd9e1 2023-06-09 op p->host, h->domain);
707 deadd9e1 2023-06-09 op case IMSG_RECONF_PROXY_KEY:
708 deadd9e1 2023-06-09 op log_debug("receiving proxy key");
709 deadd9e1 2023-06-09 op if (p == NULL)
710 deadd9e1 2023-06-09 op fatalx("recv'd proxy key without proxy");
711 deadd9e1 2023-06-09 op if (p->key != NULL)
712 deadd9e1 2023-06-09 op fatalx("proxy key already received");
713 deadd9e1 2023-06-09 op if (imsg->fd == -1)
714 deadd9e1 2023-06-09 op fatalx("no fd for IMSG_RECONF_PROXY_KEY");
715 deadd9e1 2023-06-09 op if (load_file(imsg->fd, &p->key, &p->keylen) == -1)
716 deadd9e1 2023-06-09 op fatalx("failed to load key for proxy %s of %s",
717 deadd9e1 2023-06-09 op p->host, h->domain);
720 c26f2460 2023-06-08 op case IMSG_RECONF_END:
721 c26f2460 2023-06-08 op if (proc_compose(ps, PROC_PARENT, IMSG_RECONF_DONE,
722 c26f2460 2023-06-08 op NULL, 0) == -1)
