op public repos

Blame

Date:: Thu Jun 8 19:35:05 2023 UTC
Message:: safety measure, explicitly memset config in config_init
Actions:: History | Blob | Raw File
  1 c68baad2 2023-06-06 op /*
  2 c68baad2 2023-06-06 op  * Copyright (c) 2023 Omar Polo <op@omarpolo.com>
  3 c68baad2 2023-06-06 op  *
  4 c68baad2 2023-06-06 op  * Permission to use, copy, modify, and distribute this software for any
  5 c68baad2 2023-06-06 op  * purpose with or without fee is hereby granted, provided that the above
  6 c68baad2 2023-06-06 op  * copyright notice and this permission notice appear in all copies.
  7 c68baad2 2023-06-06 op  *
  8 c68baad2 2023-06-06 op  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
  9 c68baad2 2023-06-06 op  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 10 c68baad2 2023-06-06 op  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 11 c68baad2 2023-06-06 op  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 12 c68baad2 2023-06-06 op  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 13 c68baad2 2023-06-06 op  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 14 c68baad2 2023-06-06 op  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 15 c68baad2 2023-06-06 op  */
 16 c68baad2 2023-06-06 op 
 17 c68baad2 2023-06-06 op #include "gmid.h"
 18 c68baad2 2023-06-06 op 
 19 c26f2460 2023-06-08 op #include <sys/stat.h>
 20 c26f2460 2023-06-08 op 
 21 c26f2460 2023-06-08 op #include <fcntl.h>
 22 c26f2460 2023-06-08 op #include <limits.h>
 23 c68baad2 2023-06-06 op #include <string.h>
 24 c68baad2 2023-06-06 op 
 25 c26f2460 2023-06-08 op #include "log.h"
 26 c26f2460 2023-06-08 op #include "proc.h"
 27 c26f2460 2023-06-08 op 
 28 c68baad2 2023-06-06 op void
 29 c68baad2 2023-06-06 op config_init(void)
 30 c68baad2 2023-06-06 op {
 31 9b2587bb 2023-06-08 op 	memset(&conf, 0, sizeof(conf));
 32 9b2587bb 2023-06-08 op 
 33 c68baad2 2023-06-06 op 	TAILQ_INIT(&hosts);
 34 c68baad2 2023-06-06 op 
 35 c68baad2 2023-06-06 op 	conf.port = 1965;
 36 c68baad2 2023-06-06 op 	conf.ipv6 = 0;
 37 c68baad2 2023-06-06 op 	conf.protos = TLS_PROTOCOL_TLSv1_2 | TLS_PROTOCOL_TLSv1_3;
 38 c68baad2 2023-06-06 op 
 39 c68baad2 2023-06-06 op 	init_mime(&conf.mime);
 40 c68baad2 2023-06-06 op 
 41 c68baad2 2023-06-06 op 	conf.prefork = 3;
 42 c26f2460 2023-06-08 op 
 43 c26f2460 2023-06-08 op 	conf.sock4 = -1;
 44 c26f2460 2023-06-08 op 	conf.sock6 = -1;
 45 c68baad2 2023-06-06 op }
 46 c68baad2 2023-06-06 op 
 47 c68baad2 2023-06-06 op void
 48 c68baad2 2023-06-06 op config_free(void)
 49 c68baad2 2023-06-06 op {
 50 c26f2460 2023-06-08 op 	struct privsep *ps;
 51 c68baad2 2023-06-06 op 	struct vhost *h, *th;
 52 c68baad2 2023-06-06 op 	struct location *l, *tl;
 53 c68baad2 2023-06-06 op 	struct proxy *p, *tp;
 54 c68baad2 2023-06-06 op 	struct envlist *e, *te;
 55 c68baad2 2023-06-06 op 	struct alist *a, *ta;
 56 c68baad2 2023-06-06 op 
 57 c26f2460 2023-06-08 op 	ps = conf.ps;
 58 c68baad2 2023-06-06 op 
 59 c26f2460 2023-06-08 op 	if (conf.sock4 != -1) {
 60 c26f2460 2023-06-08 op 		event_del(&conf.evsock4);
 61 c26f2460 2023-06-08 op 		close(conf.sock4);
 62 c26f2460 2023-06-08 op 	}
 63 c26f2460 2023-06-08 op 
 64 c26f2460 2023-06-08 op 	if (conf.sock6 != -1) {
 65 c26f2460 2023-06-08 op 		event_del(&conf.evsock6);
 66 c26f2460 2023-06-08 op 		close(conf.sock6);
 67 c26f2460 2023-06-08 op 	}
 68 c26f2460 2023-06-08 op 
 69 c68baad2 2023-06-06 op 	free_mime(&conf.mime);
 70 c68baad2 2023-06-06 op 	memset(&conf, 0, sizeof(conf));
 71 c68baad2 2023-06-06 op 
 72 c26f2460 2023-06-08 op 	conf.ps = ps;
 73 c26f2460 2023-06-08 op 	conf.sock4 = conf.sock6 = -1;
 74 c26f2460 2023-06-08 op 	conf.protos = TLS_PROTOCOL_TLSv1_2 | TLS_PROTOCOL_TLSv1_3;
 75 c26f2460 2023-06-08 op 	init_mime(&conf.mime);
 76 c68baad2 2023-06-06 op 
 77 c68baad2 2023-06-06 op 	TAILQ_FOREACH_SAFE(h, &hosts, vhosts, th) {
 78 1c6967b3 2023-06-08 op 		free(h->cert_path);
 79 1c6967b3 2023-06-08 op 		free(h->key_path);
 80 1c6967b3 2023-06-08 op 		free(h->ocsp_path);
 81 c26f2460 2023-06-08 op 		free(h->cert);
 82 c26f2460 2023-06-08 op 		free(h->key);
 83 c26f2460 2023-06-08 op 		free(h->ocsp);
 84 c26f2460 2023-06-08 op 
 85 c68baad2 2023-06-06 op 		TAILQ_FOREACH_SAFE(l, &h->locations, locations, tl) {
 86 c68baad2 2023-06-06 op 			TAILQ_REMOVE(&h->locations, l, locations);
 87 c68baad2 2023-06-06 op 
 88 c68baad2 2023-06-06 op 			if (l->dirfd != -1)
 89 c68baad2 2023-06-06 op 				close(l->dirfd);
 90 c68baad2 2023-06-06 op 
 91 c68baad2 2023-06-06 op 			free(l);
 92 c68baad2 2023-06-06 op 		}
 93 c68baad2 2023-06-06 op 
 94 c68baad2 2023-06-06 op 		TAILQ_FOREACH_SAFE(e, &h->params, envs, te) {
 95 c68baad2 2023-06-06 op 			TAILQ_REMOVE(&h->params, e, envs);
 96 c68baad2 2023-06-06 op 			free(e);
 97 c68baad2 2023-06-06 op 		}
 98 c68baad2 2023-06-06 op 
 99 c68baad2 2023-06-06 op 		TAILQ_FOREACH_SAFE(a, &h->aliases, aliases, ta) {
100 c68baad2 2023-06-06 op 			TAILQ_REMOVE(&h->aliases, a, aliases);
101 c68baad2 2023-06-06 op 			free(a);
102 c68baad2 2023-06-06 op 		}
103 c68baad2 2023-06-06 op 
104 c68baad2 2023-06-06 op 		TAILQ_FOREACH_SAFE(p, &h->proxies, proxies, tp) {
105 c68baad2 2023-06-06 op 			TAILQ_REMOVE(&h->proxies, p, proxies);
106 c68baad2 2023-06-06 op 			tls_unload_file(p->cert, p->certlen);
107 c68baad2 2023-06-06 op 			tls_unload_file(p->key, p->keylen);
108 c68baad2 2023-06-06 op 			free(p);
109 c68baad2 2023-06-06 op 		}
110 c68baad2 2023-06-06 op 
111 c68baad2 2023-06-06 op 		TAILQ_REMOVE(&hosts, h, vhosts);
112 c68baad2 2023-06-06 op 		free(h);
113 c68baad2 2023-06-06 op 	}
114 c68baad2 2023-06-06 op 
115 c68baad2 2023-06-06 op 	memset(fcgi, 0, sizeof(fcgi));
116 c68baad2 2023-06-06 op }
117 c26f2460 2023-06-08 op 
118 c26f2460 2023-06-08 op static int
119 c26f2460 2023-06-08 op config_send_file(struct privsep *ps, int fd, int type)
120 c26f2460 2023-06-08 op {
121 c26f2460 2023-06-08 op 	int	 n, m, id, d;
122 c26f2460 2023-06-08 op 
123 c26f2460 2023-06-08 op 	id = PROC_SERVER;
124 c26f2460 2023-06-08 op 	n = -1;
125 c26f2460 2023-06-08 op 	proc_range(ps, id, &n, &m);
126 c26f2460 2023-06-08 op 	for (n = 0; n < m; ++n) {
127 c26f2460 2023-06-08 op 		if ((d = dup(fd)) == -1)
128 c26f2460 2023-06-08 op 			fatal("dup");
129 c26f2460 2023-06-08 op 		if (proc_compose_imsg(ps, id, n, type, -1, d, NULL, 0)
130 c26f2460 2023-06-08 op 		    == -1)
131 c26f2460 2023-06-08 op 			return -1;
132 c26f2460 2023-06-08 op 	}
133 c26f2460 2023-06-08 op 
134 c26f2460 2023-06-08 op 	close(fd);
135 c26f2460 2023-06-08 op 	return 0;
136 c26f2460 2023-06-08 op }
137 c26f2460 2023-06-08 op 
138 c26f2460 2023-06-08 op static int
139 4f4937f0 2023-06-08 op make_socket(int port, int family)
140 4f4937f0 2023-06-08 op {
141 4f4937f0 2023-06-08 op 	int sock, v;
142 4f4937f0 2023-06-08 op 	struct sockaddr_in addr4;
143 4f4937f0 2023-06-08 op 	struct sockaddr_in6 addr6;
144 4f4937f0 2023-06-08 op 	struct sockaddr *addr;
145 4f4937f0 2023-06-08 op 	socklen_t len;
146 4f4937f0 2023-06-08 op 
147 4f4937f0 2023-06-08 op 	switch (family) {
148 4f4937f0 2023-06-08 op 	case AF_INET:
149 4f4937f0 2023-06-08 op 		memset(&addr4, 0, sizeof(addr4));
150 4f4937f0 2023-06-08 op 		addr4.sin_family = family;
151 4f4937f0 2023-06-08 op 		addr4.sin_port = htons(port);
152 4f4937f0 2023-06-08 op 		addr4.sin_addr.s_addr = INADDR_ANY;
153 4f4937f0 2023-06-08 op 		addr = (struct sockaddr*)&addr4;
154 4f4937f0 2023-06-08 op 		len = sizeof(addr4);
155 4f4937f0 2023-06-08 op 		break;
156 4f4937f0 2023-06-08 op 
157 4f4937f0 2023-06-08 op 	case AF_INET6:
158 4f4937f0 2023-06-08 op 		memset(&addr6, 0, sizeof(addr6));
159 4f4937f0 2023-06-08 op 		addr6.sin6_family = AF_INET6;
160 4f4937f0 2023-06-08 op 		addr6.sin6_port = htons(port);
161 4f4937f0 2023-06-08 op 		addr6.sin6_addr = in6addr_any;
162 4f4937f0 2023-06-08 op 		addr = (struct sockaddr*)&addr6;
163 4f4937f0 2023-06-08 op 		len = sizeof(addr6);
164 4f4937f0 2023-06-08 op 		break;
165 4f4937f0 2023-06-08 op 
166 4f4937f0 2023-06-08 op 	default:
167 4f4937f0 2023-06-08 op 		/* unreachable */
168 4f4937f0 2023-06-08 op 		abort();
169 4f4937f0 2023-06-08 op 	}
170 4f4937f0 2023-06-08 op 
171 4f4937f0 2023-06-08 op 	if ((sock = socket(family, SOCK_STREAM, 0)) == -1)
172 4f4937f0 2023-06-08 op 		fatal("socket");
173 4f4937f0 2023-06-08 op 
174 4f4937f0 2023-06-08 op 	v = 1;
175 4f4937f0 2023-06-08 op 	if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &v, sizeof(v)) == -1)
176 4f4937f0 2023-06-08 op 		fatal("setsockopt(SO_REUSEADDR)");
177 4f4937f0 2023-06-08 op 
178 4f4937f0 2023-06-08 op 	v = 1;
179 4f4937f0 2023-06-08 op 	if (setsockopt(sock, SOL_SOCKET, SO_REUSEPORT, &v, sizeof(v)) == -1)
180 4f4937f0 2023-06-08 op 		fatal("setsockopt(SO_REUSEPORT)");
181 4f4937f0 2023-06-08 op 
182 4f4937f0 2023-06-08 op 	mark_nonblock(sock);
183 4f4937f0 2023-06-08 op 
184 4f4937f0 2023-06-08 op 	if (bind(sock, addr, len) == -1)
185 4f4937f0 2023-06-08 op 		fatal("bind");
186 4f4937f0 2023-06-08 op 
187 4f4937f0 2023-06-08 op 	if (listen(sock, 16) == -1)
188 4f4937f0 2023-06-08 op 		fatal("listen");
189 4f4937f0 2023-06-08 op 
190 4f4937f0 2023-06-08 op 	return sock;
191 4f4937f0 2023-06-08 op }
192 4f4937f0 2023-06-08 op 
193 4f4937f0 2023-06-08 op static int
194 c26f2460 2023-06-08 op config_send_socks(struct conf *conf)
195 c26f2460 2023-06-08 op {
196 c26f2460 2023-06-08 op 	struct privsep	*ps = conf->ps;
197 c26f2460 2023-06-08 op 	int		 sock;
198 c26f2460 2023-06-08 op 
199 c26f2460 2023-06-08 op 	if ((sock = make_socket(conf->port, AF_INET)) == -1)
200 c26f2460 2023-06-08 op 		return -1;
201 c26f2460 2023-06-08 op 
202 c26f2460 2023-06-08 op 	if (config_send_file(ps, sock, IMSG_RECONF_SOCK4) == -1)
203 c26f2460 2023-06-08 op 		return -1;
204 c26f2460 2023-06-08 op 
205 c26f2460 2023-06-08 op 	if (!conf->ipv6)
206 c26f2460 2023-06-08 op 		return 0;
207 c26f2460 2023-06-08 op 
208 c26f2460 2023-06-08 op 	if ((sock = make_socket(conf->port, AF_INET6)) == -1)
209 c26f2460 2023-06-08 op 		return -1;
210 c26f2460 2023-06-08 op 
211 c26f2460 2023-06-08 op 	if (config_send_file(ps, sock, IMSG_RECONF_SOCK6) == -1)
212 c26f2460 2023-06-08 op 		return -1;
213 c26f2460 2023-06-08 op 
214 c26f2460 2023-06-08 op 	return 0;
215 c26f2460 2023-06-08 op }
216 c26f2460 2023-06-08 op 
217 c26f2460 2023-06-08 op int
218 c26f2460 2023-06-08 op config_send(struct conf *conf, struct fcgi *fcgi, struct vhosthead *hosts)
219 c26f2460 2023-06-08 op {
220 c26f2460 2023-06-08 op 	struct privsep	*ps = conf->ps;
221 c26f2460 2023-06-08 op 	struct etm	*m;
222 c26f2460 2023-06-08 op 	struct vhost	*h;
223 c26f2460 2023-06-08 op 	struct location	*l;
224 c26f2460 2023-06-08 op 	struct proxy	*p;
225 c26f2460 2023-06-08 op 	struct envlist	*e;
226 c26f2460 2023-06-08 op 	struct alist	*a;
227 c26f2460 2023-06-08 op 	size_t		 i;
228 c26f2460 2023-06-08 op 	int		 fd;
229 c26f2460 2023-06-08 op 
230 c26f2460 2023-06-08 op 	for (i = 0; i < conf->mime.len; ++i) {
231 c26f2460 2023-06-08 op 		m = &conf->mime.t[i];
232 c26f2460 2023-06-08 op 		if (proc_compose(ps, PROC_SERVER, IMSG_RECONF_MIME,
233 c26f2460 2023-06-08 op 		    m, sizeof(*m)) == -1)
234 c26f2460 2023-06-08 op 			return -1;
235 c26f2460 2023-06-08 op 	}
236 c26f2460 2023-06-08 op 
237 c26f2460 2023-06-08 op 	if (proc_compose(ps, PROC_SERVER, IMSG_RECONF_PROTOS,
238 c26f2460 2023-06-08 op 	    &conf->protos, sizeof(conf->protos)) == -1)
239 c26f2460 2023-06-08 op 		return -1;
240 c26f2460 2023-06-08 op 
241 c26f2460 2023-06-08 op 	if (proc_compose(ps, PROC_SERVER, IMSG_RECONF_PORT,
242 c26f2460 2023-06-08 op 	    &conf->port, sizeof(conf->port)) == -1)
243 c26f2460 2023-06-08 op 		return -1;
244 c26f2460 2023-06-08 op 
245 c26f2460 2023-06-08 op 	if (proc_flush_imsg(ps, PROC_SERVER, -1) == -1)
246 c26f2460 2023-06-08 op 		return -1;
247 c26f2460 2023-06-08 op 
248 c26f2460 2023-06-08 op 	if (config_send_socks(conf) == -1)
249 c26f2460 2023-06-08 op 		return -1;
250 c26f2460 2023-06-08 op 
251 c26f2460 2023-06-08 op 	if (proc_flush_imsg(ps, PROC_SERVER, -1) == -1)
252 c26f2460 2023-06-08 op 		return -1;
253 c26f2460 2023-06-08 op 
254 c26f2460 2023-06-08 op 	for (i = 0; i < FCGI_MAX; ++i) {
255 c26f2460 2023-06-08 op 		if (*fcgi[i].path == '\0')
256 c26f2460 2023-06-08 op 			break;
257 c26f2460 2023-06-08 op 		if (proc_compose(ps, PROC_SERVER, IMSG_RECONF_FCGI,
258 c26f2460 2023-06-08 op 		    &fcgi[i], sizeof(fcgi[i])) == -1)
259 c26f2460 2023-06-08 op 			return -1;
260 c26f2460 2023-06-08 op 	}
261 c26f2460 2023-06-08 op 
262 c26f2460 2023-06-08 op 	TAILQ_FOREACH(h, hosts, vhosts) {
263 1c6967b3 2023-06-08 op 		struct vhost vcopy;
264 1c6967b3 2023-06-08 op 
265 1c6967b3 2023-06-08 op 		memcpy(&vcopy, h, sizeof(vcopy));
266 1c6967b3 2023-06-08 op 		vcopy.cert_path = NULL;
267 1c6967b3 2023-06-08 op 		vcopy.key_path = NULL;
268 1c6967b3 2023-06-08 op 		vcopy.ocsp_path = NULL;
269 1c6967b3 2023-06-08 op 
270 c26f2460 2023-06-08 op 		log_debug("sending host %s", h->domain);
271 c26f2460 2023-06-08 op 
272 c26f2460 2023-06-08 op 		if (proc_compose(ps, PROC_SERVER, IMSG_RECONF_HOST,
273 1c6967b3 2023-06-08 op 		    &vcopy, sizeof(vcopy)) == -1)
274 c26f2460 2023-06-08 op 			return -1;
275 c26f2460 2023-06-08 op 
276 c26f2460 2023-06-08 op 		log_debug("sending certificate %s", h->cert_path);
277 c26f2460 2023-06-08 op 		if ((fd = open(h->cert_path, O_RDONLY)) == -1)
278 c26f2460 2023-06-08 op 			fatal("can't open %s", h->cert_path);
279 c26f2460 2023-06-08 op 		if (config_send_file(ps, fd, IMSG_RECONF_CERT) == -1)
280 c26f2460 2023-06-08 op 			return -1;
281 c26f2460 2023-06-08 op 
282 c26f2460 2023-06-08 op 		log_debug("sending key %s", h->key_path);
283 c26f2460 2023-06-08 op 		if ((fd = open(h->key_path, O_RDONLY)) == -1)
284 c26f2460 2023-06-08 op 			fatal("can't open %s", h->key_path);
285 c26f2460 2023-06-08 op 		if (config_send_file(ps, fd, IMSG_RECONF_KEY) == -1)
286 c26f2460 2023-06-08 op 			return -1;
287 c26f2460 2023-06-08 op 
288 1c6967b3 2023-06-08 op 		if (h->ocsp_path != NULL) {
289 c26f2460 2023-06-08 op 			log_debug("sending ocsp %s", h->ocsp_path);
290 c26f2460 2023-06-08 op 			if ((fd = open(h->ocsp_path, O_RDONLY)) == -1)
291 c26f2460 2023-06-08 op 				fatal("can't open %s", h->ocsp_path);
292 c26f2460 2023-06-08 op 			if (config_send_file(ps, fd, IMSG_RECONF_OCSP) == -1)
293 c26f2460 2023-06-08 op 				return -1;
294 c26f2460 2023-06-08 op 		}
295 c26f2460 2023-06-08 op 
296 c26f2460 2023-06-08 op 		TAILQ_FOREACH(l, &h->locations, locations) {
297 c26f2460 2023-06-08 op 			if (proc_compose(ps, PROC_SERVER, IMSG_RECONF_LOC,
298 c26f2460 2023-06-08 op 			    l, sizeof(*l)) == -1)
299 c26f2460 2023-06-08 op 				return -1;
300 c26f2460 2023-06-08 op 		}
301 c26f2460 2023-06-08 op 
302 c26f2460 2023-06-08 op 		if (proc_flush_imsg(ps, PROC_SERVER, -1) == -1)
303 c26f2460 2023-06-08 op 			return -1;
304 c26f2460 2023-06-08 op 
305 c26f2460 2023-06-08 op 		TAILQ_FOREACH(e, &h->params, envs) {
306 c26f2460 2023-06-08 op 			if (proc_compose(ps, PROC_SERVER, IMSG_RECONF_ENV,
307 c26f2460 2023-06-08 op 			    e, sizeof(*e)) == -1)
308 c26f2460 2023-06-08 op 				return -1;
309 c26f2460 2023-06-08 op 		}
310 c26f2460 2023-06-08 op 
311 c26f2460 2023-06-08 op 		if (proc_flush_imsg(ps, PROC_SERVER, -1) == -1)
312 c26f2460 2023-06-08 op 			return -1;
313 c26f2460 2023-06-08 op 
314 c26f2460 2023-06-08 op 		TAILQ_FOREACH(a, &h->aliases, aliases) {
315 c26f2460 2023-06-08 op 			if (proc_compose(ps, PROC_SERVER, IMSG_RECONF_ALIAS,
316 c26f2460 2023-06-08 op 			    a, sizeof(*a)) == -1)
317 c26f2460 2023-06-08 op 				return -1;
318 c26f2460 2023-06-08 op 		}
319 c26f2460 2023-06-08 op 
320 c26f2460 2023-06-08 op 		if (proc_flush_imsg(ps, PROC_SERVER, -1) == -1)
321 c26f2460 2023-06-08 op 			return -1;
322 c26f2460 2023-06-08 op 
323 c26f2460 2023-06-08 op 		TAILQ_FOREACH(p, &h->proxies, proxies) {
324 c26f2460 2023-06-08 op 			if (proc_compose(ps, PROC_SERVER, IMSG_RECONF_PROXY,
325 c26f2460 2023-06-08 op 			    p, sizeof(*p)) == -1)
326 c26f2460 2023-06-08 op 				return -1;
327 c26f2460 2023-06-08 op 		}
328 c26f2460 2023-06-08 op 
329 c26f2460 2023-06-08 op 		if (proc_flush_imsg(ps, PROC_SERVER, -1) == -1)
330 c26f2460 2023-06-08 op 			return -1;
331 c26f2460 2023-06-08 op 	}
332 c26f2460 2023-06-08 op 
333 c26f2460 2023-06-08 op 	return 0;
334 c26f2460 2023-06-08 op }
335 c26f2460 2023-06-08 op 
336 c26f2460 2023-06-08 op static int
337 c26f2460 2023-06-08 op load_file(int fd, uint8_t **data, size_t *len)
338 c26f2460 2023-06-08 op {
339 c26f2460 2023-06-08 op 	struct stat	 sb;
340 c26f2460 2023-06-08 op 	FILE		*fp;
341 c26f2460 2023-06-08 op 	size_t		 r;
342 c26f2460 2023-06-08 op 
343 c26f2460 2023-06-08 op 	if (fstat(fd, &sb) == -1)
344 c26f2460 2023-06-08 op 		fatal("fstat");
345 c26f2460 2023-06-08 op 
346 c26f2460 2023-06-08 op 	if ((fp = fdopen(fd, "r")) == NULL)
347 c26f2460 2023-06-08 op 		fatal("fdopen");
348 c26f2460 2023-06-08 op 
349 c26f2460 2023-06-08 op 	if (sb.st_size < 0 /* || sb.st_size > SIZE_MAX */) {
350 c26f2460 2023-06-08 op 		log_warnx("file too large");
351 c26f2460 2023-06-08 op 		fclose(fp);
352 c26f2460 2023-06-08 op 		return -1;
353 c26f2460 2023-06-08 op 	}
354 c26f2460 2023-06-08 op 	*len = sb.st_size;
355 c26f2460 2023-06-08 op 
356 c26f2460 2023-06-08 op 	if ((*data = malloc(*len)) == NULL)
357 c26f2460 2023-06-08 op 		fatal("malloc");
358 c26f2460 2023-06-08 op 
359 c26f2460 2023-06-08 op 	r = fread(*data, 1, *len, fp);
360 c26f2460 2023-06-08 op 	if (r != *len) {
361 c26f2460 2023-06-08 op 		log_warn("read");
362 c26f2460 2023-06-08 op 		fclose(fp);
363 c26f2460 2023-06-08 op 		free(*data);
364 c26f2460 2023-06-08 op 		return -1;
365 c26f2460 2023-06-08 op 	}
366 c26f2460 2023-06-08 op 
367 c26f2460 2023-06-08 op 	fclose(fp);
368 c26f2460 2023-06-08 op 	return 0;
369 c26f2460 2023-06-08 op }
370 c26f2460 2023-06-08 op 
371 c26f2460 2023-06-08 op int
372 c26f2460 2023-06-08 op config_recv(struct conf *conf, struct imsg *imsg)
373 c26f2460 2023-06-08 op {
374 c26f2460 2023-06-08 op 	static struct vhost *h;
375 c26f2460 2023-06-08 op 	struct privsep	*ps = conf->ps;
376 c26f2460 2023-06-08 op 	struct etm	 m;
377 c26f2460 2023-06-08 op 	struct fcgi	*f;
378 c26f2460 2023-06-08 op 	struct vhost	*vh, vht;
379 c26f2460 2023-06-08 op 	struct location	*loc;
380 c26f2460 2023-06-08 op 	struct envlist	*env;
381 c26f2460 2023-06-08 op 	struct alist	*alias;
382 c26f2460 2023-06-08 op 	struct proxy	*proxy;
383 c26f2460 2023-06-08 op 	size_t		 i, datalen;
384 c26f2460 2023-06-08 op 
385 c26f2460 2023-06-08 op 	datalen = IMSG_DATA_SIZE(imsg);
386 c26f2460 2023-06-08 op 
387 c26f2460 2023-06-08 op 	switch (imsg->hdr.type) {
388 c26f2460 2023-06-08 op 	case IMSG_RECONF_START:
389 c26f2460 2023-06-08 op 		config_free();
390 c26f2460 2023-06-08 op 		h = NULL;
391 c26f2460 2023-06-08 op 		break;
392 c26f2460 2023-06-08 op 
393 c26f2460 2023-06-08 op 	case IMSG_RECONF_MIME:
394 c26f2460 2023-06-08 op 		IMSG_SIZE_CHECK(imsg, &m);
395 c26f2460 2023-06-08 op 		memcpy(&m, imsg->data, datalen);
396 c26f2460 2023-06-08 op 		if (m.mime[sizeof(m.mime) - 1] != '\0' ||
397 c26f2460 2023-06-08 op 		    m.ext[sizeof(m.ext) - 1] != '\0')
398 c26f2460 2023-06-08 op 			fatal("received corrupted IMSG_RECONF_MIME");
399 c26f2460 2023-06-08 op 		if (add_mime(&conf->mime, m.mime, m.ext) == -1)
400 c26f2460 2023-06-08 op 			fatal("failed to add mime mapping %s -> %s",
401 c26f2460 2023-06-08 op 			    m.mime, m.ext);
402 c26f2460 2023-06-08 op 		break;
403 c26f2460 2023-06-08 op 
404 c26f2460 2023-06-08 op 	case IMSG_RECONF_PROTOS:
405 c26f2460 2023-06-08 op 		IMSG_SIZE_CHECK(imsg, &conf->protos);
406 c26f2460 2023-06-08 op 		memcpy(&conf->protos, imsg->data, datalen);
407 c26f2460 2023-06-08 op 		break;
408 c26f2460 2023-06-08 op 
409 c26f2460 2023-06-08 op 	case IMSG_RECONF_PORT:
410 c26f2460 2023-06-08 op 		IMSG_SIZE_CHECK(imsg, &conf->port);
411 c26f2460 2023-06-08 op 		memcpy(&conf->port, imsg->data, datalen);
412 c26f2460 2023-06-08 op 		break;
413 c26f2460 2023-06-08 op 
414 c26f2460 2023-06-08 op 	case IMSG_RECONF_SOCK4:
415 c26f2460 2023-06-08 op 		if (conf->sock4 != -1)
416 c26f2460 2023-06-08 op 			fatalx("socket ipv4 already recv'd");
417 c26f2460 2023-06-08 op 		if (imsg->fd == -1)
418 c26f2460 2023-06-08 op 			fatalx("missing socket for IMSG_RECONF_SOCK4");
419 c26f2460 2023-06-08 op 		conf->sock4 = imsg->fd;
420 c26f2460 2023-06-08 op 		event_set(&conf->evsock4, conf->sock4, EV_READ|EV_PERSIST,
421 c26f2460 2023-06-08 op 		    do_accept, NULL);
422 c26f2460 2023-06-08 op 		break;
423 c26f2460 2023-06-08 op 
424 c26f2460 2023-06-08 op 	case IMSG_RECONF_SOCK6:
425 c26f2460 2023-06-08 op 		if (conf->sock6 != -1)
426 c26f2460 2023-06-08 op 			fatalx("socket ipv6 already recv'd");
427 c26f2460 2023-06-08 op 		if (imsg->fd == -1)
428 c26f2460 2023-06-08 op 			fatalx("missing socket for IMSG_RECONF_SOCK6");
429 c26f2460 2023-06-08 op 		conf->sock6 = imsg->fd;
430 c26f2460 2023-06-08 op 		event_set(&conf->evsock6, conf->sock6, EV_READ|EV_PERSIST,
431 c26f2460 2023-06-08 op 		    do_accept, NULL);
432 c26f2460 2023-06-08 op 		break;
433 c26f2460 2023-06-08 op 
434 c26f2460 2023-06-08 op 	case IMSG_RECONF_FCGI:
435 c26f2460 2023-06-08 op 		for (i = 0; i < FCGI_MAX; ++i) {
436 c26f2460 2023-06-08 op 			f = &fcgi[i];
437 c26f2460 2023-06-08 op 			if (*f->path != '\0')
438 c26f2460 2023-06-08 op 				continue;
439 c26f2460 2023-06-08 op 			IMSG_SIZE_CHECK(imsg, f);
440 c26f2460 2023-06-08 op 			memcpy(f, imsg->data, datalen);
441 c26f2460 2023-06-08 op 			break;
442 c26f2460 2023-06-08 op 		}
443 c26f2460 2023-06-08 op 		if (i == FCGI_MAX)
444 c26f2460 2023-06-08 op 			fatalx("recv too many fcgi");
445 c26f2460 2023-06-08 op 		break;
446 c26f2460 2023-06-08 op 
447 c26f2460 2023-06-08 op 	case IMSG_RECONF_HOST:
448 c26f2460 2023-06-08 op 		IMSG_SIZE_CHECK(imsg, &vht);
449 c26f2460 2023-06-08 op 		memcpy(&vht, imsg->data, datalen);
450 c26f2460 2023-06-08 op 		vh = new_vhost();
451 c26f2460 2023-06-08 op 		strlcpy(vh->domain, vht.domain, sizeof(vh->domain));
452 c26f2460 2023-06-08 op 		h = vh;
453 c26f2460 2023-06-08 op 		TAILQ_INSERT_TAIL(&hosts, h, vhosts);
454 c26f2460 2023-06-08 op 		break;
455 c26f2460 2023-06-08 op 
456 c26f2460 2023-06-08 op 	case IMSG_RECONF_CERT:
457 c26f2460 2023-06-08 op 		log_debug("receiving cert");
458 c26f2460 2023-06-08 op 		if (h == NULL)
459 c26f2460 2023-06-08 op 			fatalx("recv'd cert without host");
460 c26f2460 2023-06-08 op 		if (h->cert != NULL)
461 c26f2460 2023-06-08 op 			fatalx("cert already received");
462 c26f2460 2023-06-08 op 		if (imsg->fd == -1)
463 c26f2460 2023-06-08 op 			fatalx("no fd for IMSG_RECONF_CERT");
464 c26f2460 2023-06-08 op 		if (load_file(imsg->fd, &h->cert, &h->certlen) == -1)
465 c26f2460 2023-06-08 op 			fatalx("failed to load cert for %s",
466 c26f2460 2023-06-08 op 			    h->domain);
467 c26f2460 2023-06-08 op 		break;
468 c26f2460 2023-06-08 op 
469 c26f2460 2023-06-08 op 	case IMSG_RECONF_KEY:
470 c26f2460 2023-06-08 op 		log_debug("receiving key");
471 c26f2460 2023-06-08 op 		if (h == NULL)
472 c26f2460 2023-06-08 op 			fatalx("recv'd key without host");
473 c26f2460 2023-06-08 op 		if (h->key != NULL)
474 c26f2460 2023-06-08 op 			fatalx("key already received");
475 c26f2460 2023-06-08 op 		if (imsg->fd == -1)
476 c26f2460 2023-06-08 op 			fatalx("no fd for IMSG_RECONF_KEY");
477 c26f2460 2023-06-08 op 		if (load_file(imsg->fd, &h->key, &h->keylen) == -1)
478 c26f2460 2023-06-08 op 			fatalx("failed to load key for %s",
479 c26f2460 2023-06-08 op 			    h->domain);
480 c26f2460 2023-06-08 op 		break;
481 c26f2460 2023-06-08 op 
482 c26f2460 2023-06-08 op 	case IMSG_RECONF_OCSP:
483 c26f2460 2023-06-08 op 		log_debug("receiving ocsp");
484 c26f2460 2023-06-08 op 		if (h == NULL)
485 c26f2460 2023-06-08 op 			fatalx("recv'd ocsp without host");
486 c26f2460 2023-06-08 op 		if (h->ocsp != NULL)
487 c26f2460 2023-06-08 op 			fatalx("ocsp already received");
488 c26f2460 2023-06-08 op 		if (imsg->fd == -1)
489 c26f2460 2023-06-08 op 			fatalx("no fd for IMSG_RECONF_OCSP");
490 c26f2460 2023-06-08 op 		if (load_file(imsg->fd, &h->ocsp, &h->ocsplen) == -1)
491 c26f2460 2023-06-08 op 			fatalx("failed to load ocsp for %s",
492 c26f2460 2023-06-08 op 			    h->domain);
493 c26f2460 2023-06-08 op 		break;
494 c26f2460 2023-06-08 op 
495 c26f2460 2023-06-08 op 	case IMSG_RECONF_LOC:
496 c26f2460 2023-06-08 op 		if (h == NULL)
497 c26f2460 2023-06-08 op 			fatalx("recv'd location without host");
498 c26f2460 2023-06-08 op 		IMSG_SIZE_CHECK(imsg, loc);
499 c26f2460 2023-06-08 op 
500 c26f2460 2023-06-08 op 		//loc = new_location();
501 c26f2460 2023-06-08 op 		loc = xcalloc(1, sizeof(*loc));
502 c26f2460 2023-06-08 op 		loc->dirfd = -1;
503 c26f2460 2023-06-08 op 		loc->fcgi = -1;
504 c26f2460 2023-06-08 op 
505 c26f2460 2023-06-08 op 		memcpy(loc, imsg->data, datalen);
506 c26f2460 2023-06-08 op 		loc->dirfd = -1; /* XXX */
507 c26f2460 2023-06-08 op 		loc->reqca = NULL; /* XXX */
508 c26f2460 2023-06-08 op 		TAILQ_INSERT_TAIL(&h->locations, loc, locations);
509 c26f2460 2023-06-08 op 		break;
510 c26f2460 2023-06-08 op 
511 c26f2460 2023-06-08 op 	case IMSG_RECONF_ENV:
512 c26f2460 2023-06-08 op 		if (h == NULL)
513 c26f2460 2023-06-08 op 			fatalx("recv'd env without host");
514 c26f2460 2023-06-08 op 		IMSG_SIZE_CHECK(imsg, env);
515 c26f2460 2023-06-08 op 		env = xcalloc(1, sizeof(*env));
516 c26f2460 2023-06-08 op 		memcpy(env, imsg->data, datalen);
517 c26f2460 2023-06-08 op 		TAILQ_INSERT_TAIL(&h->params, env, envs);
518 c26f2460 2023-06-08 op 		break;
519 c26f2460 2023-06-08 op 
520 c26f2460 2023-06-08 op 	case IMSG_RECONF_ALIAS:
521 c26f2460 2023-06-08 op 		if (h == NULL)
522 c26f2460 2023-06-08 op 			fatalx("recv'd alias without host");
523 c26f2460 2023-06-08 op 		IMSG_SIZE_CHECK(imsg, alias);
524 c26f2460 2023-06-08 op 		alias = xcalloc(1, sizeof(*alias));
525 c26f2460 2023-06-08 op 		memcpy(alias, imsg->data, datalen);
526 c26f2460 2023-06-08 op 		TAILQ_INSERT_TAIL(&h->aliases, alias, aliases);
527 c26f2460 2023-06-08 op 		break;
528 c26f2460 2023-06-08 op 
529 c26f2460 2023-06-08 op 	case IMSG_RECONF_PROXY:
530 c26f2460 2023-06-08 op 		log_debug("receiving proxy");
531 c26f2460 2023-06-08 op 		if (h == NULL)
532 c26f2460 2023-06-08 op 			fatalx("recv'd proxy without host");
533 c26f2460 2023-06-08 op 		IMSG_SIZE_CHECK(imsg, proxy);
534 c26f2460 2023-06-08 op 		proxy = xcalloc(1, sizeof(*proxy));
535 c26f2460 2023-06-08 op 		memcpy(proxy, imsg->data, datalen);
536 c26f2460 2023-06-08 op 		proxy->reqca = NULL; /* XXX */
537 c26f2460 2023-06-08 op 		proxy->cert = proxy->key = NULL; /* XXX */
538 c26f2460 2023-06-08 op 		proxy->certlen = proxy->keylen = 0; /* XXX */
539 c26f2460 2023-06-08 op 		TAILQ_INSERT_TAIL(&h->proxies, proxy, proxies);
540 c26f2460 2023-06-08 op 		break;
541 c26f2460 2023-06-08 op 
542 c26f2460 2023-06-08 op 	case IMSG_RECONF_END:
543 c26f2460 2023-06-08 op 		if (proc_compose(ps, PROC_PARENT, IMSG_RECONF_DONE,
544 c26f2460 2023-06-08 op 		    NULL, 0) == -1)
545 c26f2460 2023-06-08 op 			return -1;
546 c26f2460 2023-06-08 op 		break;
547 c26f2460 2023-06-08 op 
548 c26f2460 2023-06-08 op 	default:
549 c26f2460 2023-06-08 op 		return -1;
550 c26f2460 2023-06-08 op 	}
551 c26f2460 2023-06-08 op 
552 c26f2460 2023-06-08 op 	return 0;
553 c26f2460 2023-06-08 op }