op public repos

Blame

Date:: Fri Jun 9 10:42:36 2023 UTC
Message:: move fastcgi from global var to the config struct while here also make them a list rather than a fixed-size array.
Actions:: History | Blob | Raw File
  1 c68baad2 2023-06-06 op /*
  2 c68baad2 2023-06-06 op  * Copyright (c) 2023 Omar Polo <op@omarpolo.com>
  3 c68baad2 2023-06-06 op  *
  4 c68baad2 2023-06-06 op  * Permission to use, copy, modify, and distribute this software for any
  5 c68baad2 2023-06-06 op  * purpose with or without fee is hereby granted, provided that the above
  6 c68baad2 2023-06-06 op  * copyright notice and this permission notice appear in all copies.
  7 c68baad2 2023-06-06 op  *
  8 c68baad2 2023-06-06 op  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
  9 c68baad2 2023-06-06 op  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 10 c68baad2 2023-06-06 op  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 11 c68baad2 2023-06-06 op  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 12 c68baad2 2023-06-06 op  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 13 c68baad2 2023-06-06 op  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 14 c68baad2 2023-06-06 op  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 15 c68baad2 2023-06-06 op  */
 16 c68baad2 2023-06-06 op 
 17 c68baad2 2023-06-06 op #include "gmid.h"
 18 c68baad2 2023-06-06 op 
 19 c26f2460 2023-06-08 op #include <sys/stat.h>
 20 c26f2460 2023-06-08 op 
 21 c26f2460 2023-06-08 op #include <fcntl.h>
 22 c26f2460 2023-06-08 op #include <limits.h>
 23 c68baad2 2023-06-06 op #include <string.h>
 24 c68baad2 2023-06-06 op 
 25 c26f2460 2023-06-08 op #include "log.h"
 26 c26f2460 2023-06-08 op #include "proc.h"
 27 c26f2460 2023-06-08 op 
 28 c68baad2 2023-06-06 op void
 29 c68baad2 2023-06-06 op config_init(void)
 30 c68baad2 2023-06-06 op {
 31 9b2587bb 2023-06-08 op 	memset(&conf, 0, sizeof(conf));
 32 9b2587bb 2023-06-08 op 
 33 c68baad2 2023-06-06 op 	TAILQ_INIT(&hosts);
 34 c68baad2 2023-06-06 op 
 35 5d22294a 2023-06-09 op 	TAILQ_INIT(&conf.fcgi);
 36 5d22294a 2023-06-09 op 
 37 c68baad2 2023-06-06 op 	conf.port = 1965;
 38 c68baad2 2023-06-06 op 	conf.ipv6 = 0;
 39 c68baad2 2023-06-06 op 	conf.protos = TLS_PROTOCOL_TLSv1_2 | TLS_PROTOCOL_TLSv1_3;
 40 c68baad2 2023-06-06 op 
 41 c68baad2 2023-06-06 op 	init_mime(&conf.mime);
 42 c68baad2 2023-06-06 op 
 43 c68baad2 2023-06-06 op 	conf.prefork = 3;
 44 c26f2460 2023-06-08 op 
 45 c26f2460 2023-06-08 op 	conf.sock4 = -1;
 46 c26f2460 2023-06-08 op 	conf.sock6 = -1;
 47 c68baad2 2023-06-06 op }
 48 c68baad2 2023-06-06 op 
 49 c68baad2 2023-06-06 op void
 50 c68baad2 2023-06-06 op config_free(void)
 51 c68baad2 2023-06-06 op {
 52 c26f2460 2023-06-08 op 	struct privsep *ps;
 53 5d22294a 2023-06-09 op 	struct fcgi *f, *tf;
 54 c68baad2 2023-06-06 op 	struct vhost *h, *th;
 55 c68baad2 2023-06-06 op 	struct location *l, *tl;
 56 c68baad2 2023-06-06 op 	struct proxy *p, *tp;
 57 c68baad2 2023-06-06 op 	struct envlist *e, *te;
 58 c68baad2 2023-06-06 op 	struct alist *a, *ta;
 59 c68baad2 2023-06-06 op 
 60 c26f2460 2023-06-08 op 	ps = conf.ps;
 61 c68baad2 2023-06-06 op 
 62 c26f2460 2023-06-08 op 	if (conf.sock4 != -1) {
 63 c26f2460 2023-06-08 op 		event_del(&conf.evsock4);
 64 c26f2460 2023-06-08 op 		close(conf.sock4);
 65 c26f2460 2023-06-08 op 	}
 66 c26f2460 2023-06-08 op 
 67 c26f2460 2023-06-08 op 	if (conf.sock6 != -1) {
 68 c26f2460 2023-06-08 op 		event_del(&conf.evsock6);
 69 c26f2460 2023-06-08 op 		close(conf.sock6);
 70 c26f2460 2023-06-08 op 	}
 71 c26f2460 2023-06-08 op 
 72 c68baad2 2023-06-06 op 	free_mime(&conf.mime);
 73 5d22294a 2023-06-09 op 	TAILQ_FOREACH_SAFE(f, &conf.fcgi, fcgi, tf) {
 74 5d22294a 2023-06-09 op 		TAILQ_REMOVE(&conf.fcgi, f, fcgi);
 75 5d22294a 2023-06-09 op 		free(f);
 76 5d22294a 2023-06-09 op 	}
 77 c68baad2 2023-06-06 op 	memset(&conf, 0, sizeof(conf));
 78 c68baad2 2023-06-06 op 
 79 c26f2460 2023-06-08 op 	conf.ps = ps;
 80 c26f2460 2023-06-08 op 	conf.sock4 = conf.sock6 = -1;
 81 c26f2460 2023-06-08 op 	conf.protos = TLS_PROTOCOL_TLSv1_2 | TLS_PROTOCOL_TLSv1_3;
 82 c26f2460 2023-06-08 op 	init_mime(&conf.mime);
 83 5d22294a 2023-06-09 op 	TAILQ_INIT(&conf.fcgi);
 84 c68baad2 2023-06-06 op 
 85 c68baad2 2023-06-06 op 	TAILQ_FOREACH_SAFE(h, &hosts, vhosts, th) {
 86 1c6967b3 2023-06-08 op 		free(h->cert_path);
 87 1c6967b3 2023-06-08 op 		free(h->key_path);
 88 1c6967b3 2023-06-08 op 		free(h->ocsp_path);
 89 c26f2460 2023-06-08 op 		free(h->cert);
 90 c26f2460 2023-06-08 op 		free(h->key);
 91 c26f2460 2023-06-08 op 		free(h->ocsp);
 92 c26f2460 2023-06-08 op 
 93 c68baad2 2023-06-06 op 		TAILQ_FOREACH_SAFE(l, &h->locations, locations, tl) {
 94 c68baad2 2023-06-06 op 			TAILQ_REMOVE(&h->locations, l, locations);
 95 c68baad2 2023-06-06 op 
 96 c68baad2 2023-06-06 op 			if (l->dirfd != -1)
 97 c68baad2 2023-06-06 op 				close(l->dirfd);
 98 c68baad2 2023-06-06 op 
 99 deadd9e1 2023-06-09 op 			free(l->reqca_path);
100 deadd9e1 2023-06-09 op 			X509_STORE_free(l->reqca);
101 c68baad2 2023-06-06 op 			free(l);
102 c68baad2 2023-06-06 op 		}
103 c68baad2 2023-06-06 op 
104 c68baad2 2023-06-06 op 		TAILQ_FOREACH_SAFE(e, &h->params, envs, te) {
105 c68baad2 2023-06-06 op 			TAILQ_REMOVE(&h->params, e, envs);
106 c68baad2 2023-06-06 op 			free(e);
107 c68baad2 2023-06-06 op 		}
108 c68baad2 2023-06-06 op 
109 c68baad2 2023-06-06 op 		TAILQ_FOREACH_SAFE(a, &h->aliases, aliases, ta) {
110 c68baad2 2023-06-06 op 			TAILQ_REMOVE(&h->aliases, a, aliases);
111 c68baad2 2023-06-06 op 			free(a);
112 c68baad2 2023-06-06 op 		}
113 c68baad2 2023-06-06 op 
114 c68baad2 2023-06-06 op 		TAILQ_FOREACH_SAFE(p, &h->proxies, proxies, tp) {
115 c68baad2 2023-06-06 op 			TAILQ_REMOVE(&h->proxies, p, proxies);
116 deadd9e1 2023-06-09 op 			free(p->cert_path);
117 deadd9e1 2023-06-09 op 			free(p->cert);
118 deadd9e1 2023-06-09 op 			free(p->key_path);
119 deadd9e1 2023-06-09 op 			free(p->key);
120 deadd9e1 2023-06-09 op 			free(p->reqca_path);
121 deadd9e1 2023-06-09 op 			X509_STORE_free(p->reqca);
122 c68baad2 2023-06-06 op 			free(p);
123 c68baad2 2023-06-06 op 		}
124 c68baad2 2023-06-06 op 
125 c68baad2 2023-06-06 op 		TAILQ_REMOVE(&hosts, h, vhosts);
126 c68baad2 2023-06-06 op 		free(h);
127 c68baad2 2023-06-06 op 	}
128 c68baad2 2023-06-06 op }
129 c26f2460 2023-06-08 op 
130 c26f2460 2023-06-08 op static int
131 deadd9e1 2023-06-09 op config_send_file(struct privsep *ps, int type, int fd, void *data, size_t l)
132 c26f2460 2023-06-08 op {
133 c26f2460 2023-06-08 op 	int	 n, m, id, d;
134 c26f2460 2023-06-08 op 
135 c26f2460 2023-06-08 op 	id = PROC_SERVER;
136 c26f2460 2023-06-08 op 	n = -1;
137 c26f2460 2023-06-08 op 	proc_range(ps, id, &n, &m);
138 c26f2460 2023-06-08 op 	for (n = 0; n < m; ++n) {
139 deadd9e1 2023-06-09 op 		d = -1;
140 deadd9e1 2023-06-09 op 		if (fd != -1 && (d = dup(fd)) == -1)
141 deadd9e1 2023-06-09 op 			fatal("dup %d", fd);
142 deadd9e1 2023-06-09 op 		if (proc_compose_imsg(ps, id, n, type, -1, d, data, l)
143 c26f2460 2023-06-08 op 		    == -1)
144 c26f2460 2023-06-08 op 			return -1;
145 c26f2460 2023-06-08 op 	}
146 c26f2460 2023-06-08 op 
147 deadd9e1 2023-06-09 op 	if (fd != -1)
148 deadd9e1 2023-06-09 op 		close(fd);
149 c26f2460 2023-06-08 op 	return 0;
150 c26f2460 2023-06-08 op }
151 c26f2460 2023-06-08 op 
152 c26f2460 2023-06-08 op static int
153 deadd9e1 2023-06-09 op config_open_send(struct privsep *ps, int type, const char *path)
154 deadd9e1 2023-06-09 op {
155 deadd9e1 2023-06-09 op 	int fd;
156 deadd9e1 2023-06-09 op 
157 deadd9e1 2023-06-09 op 	log_debug("sending %s", path);
158 deadd9e1 2023-06-09 op 
159 deadd9e1 2023-06-09 op 	if ((fd = open(path, O_RDONLY)) == -1)
160 deadd9e1 2023-06-09 op 		fatal("can't open %s", path);
161 deadd9e1 2023-06-09 op 
162 deadd9e1 2023-06-09 op 	return config_send_file(ps, type, fd, NULL, 0);
163 deadd9e1 2023-06-09 op }
164 deadd9e1 2023-06-09 op 
165 deadd9e1 2023-06-09 op static int
166 4f4937f0 2023-06-08 op make_socket(int port, int family)
167 4f4937f0 2023-06-08 op {
168 4f4937f0 2023-06-08 op 	int sock, v;
169 4f4937f0 2023-06-08 op 	struct sockaddr_in addr4;
170 4f4937f0 2023-06-08 op 	struct sockaddr_in6 addr6;
171 4f4937f0 2023-06-08 op 	struct sockaddr *addr;
172 4f4937f0 2023-06-08 op 	socklen_t len;
173 4f4937f0 2023-06-08 op 
174 4f4937f0 2023-06-08 op 	switch (family) {
175 4f4937f0 2023-06-08 op 	case AF_INET:
176 4f4937f0 2023-06-08 op 		memset(&addr4, 0, sizeof(addr4));
177 4f4937f0 2023-06-08 op 		addr4.sin_family = family;
178 4f4937f0 2023-06-08 op 		addr4.sin_port = htons(port);
179 4f4937f0 2023-06-08 op 		addr4.sin_addr.s_addr = INADDR_ANY;
180 4f4937f0 2023-06-08 op 		addr = (struct sockaddr*)&addr4;
181 4f4937f0 2023-06-08 op 		len = sizeof(addr4);
182 4f4937f0 2023-06-08 op 		break;
183 4f4937f0 2023-06-08 op 
184 4f4937f0 2023-06-08 op 	case AF_INET6:
185 4f4937f0 2023-06-08 op 		memset(&addr6, 0, sizeof(addr6));
186 4f4937f0 2023-06-08 op 		addr6.sin6_family = AF_INET6;
187 4f4937f0 2023-06-08 op 		addr6.sin6_port = htons(port);
188 4f4937f0 2023-06-08 op 		addr6.sin6_addr = in6addr_any;
189 4f4937f0 2023-06-08 op 		addr = (struct sockaddr*)&addr6;
190 4f4937f0 2023-06-08 op 		len = sizeof(addr6);
191 4f4937f0 2023-06-08 op 		break;
192 4f4937f0 2023-06-08 op 
193 4f4937f0 2023-06-08 op 	default:
194 4f4937f0 2023-06-08 op 		/* unreachable */
195 4f4937f0 2023-06-08 op 		abort();
196 4f4937f0 2023-06-08 op 	}
197 4f4937f0 2023-06-08 op 
198 4f4937f0 2023-06-08 op 	if ((sock = socket(family, SOCK_STREAM, 0)) == -1)
199 4f4937f0 2023-06-08 op 		fatal("socket");
200 4f4937f0 2023-06-08 op 
201 4f4937f0 2023-06-08 op 	v = 1;
202 4f4937f0 2023-06-08 op 	if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &v, sizeof(v)) == -1)
203 4f4937f0 2023-06-08 op 		fatal("setsockopt(SO_REUSEADDR)");
204 4f4937f0 2023-06-08 op 
205 4f4937f0 2023-06-08 op 	v = 1;
206 4f4937f0 2023-06-08 op 	if (setsockopt(sock, SOL_SOCKET, SO_REUSEPORT, &v, sizeof(v)) == -1)
207 4f4937f0 2023-06-08 op 		fatal("setsockopt(SO_REUSEPORT)");
208 4f4937f0 2023-06-08 op 
209 4f4937f0 2023-06-08 op 	mark_nonblock(sock);
210 4f4937f0 2023-06-08 op 
211 4f4937f0 2023-06-08 op 	if (bind(sock, addr, len) == -1)
212 4f4937f0 2023-06-08 op 		fatal("bind");
213 4f4937f0 2023-06-08 op 
214 4f4937f0 2023-06-08 op 	if (listen(sock, 16) == -1)
215 4f4937f0 2023-06-08 op 		fatal("listen");
216 4f4937f0 2023-06-08 op 
217 4f4937f0 2023-06-08 op 	return sock;
218 4f4937f0 2023-06-08 op }
219 4f4937f0 2023-06-08 op 
220 4f4937f0 2023-06-08 op static int
221 c26f2460 2023-06-08 op config_send_socks(struct conf *conf)
222 c26f2460 2023-06-08 op {
223 c26f2460 2023-06-08 op 	struct privsep	*ps = conf->ps;
224 c26f2460 2023-06-08 op 	int		 sock;
225 c26f2460 2023-06-08 op 
226 c26f2460 2023-06-08 op 	if ((sock = make_socket(conf->port, AF_INET)) == -1)
227 c26f2460 2023-06-08 op 		return -1;
228 c26f2460 2023-06-08 op 
229 deadd9e1 2023-06-09 op 	if (config_send_file(ps, IMSG_RECONF_SOCK4, sock, NULL, 0) == -1)
230 c26f2460 2023-06-08 op 		return -1;
231 c26f2460 2023-06-08 op 
232 c26f2460 2023-06-08 op 	if (!conf->ipv6)
233 c26f2460 2023-06-08 op 		return 0;
234 c26f2460 2023-06-08 op 
235 c26f2460 2023-06-08 op 	if ((sock = make_socket(conf->port, AF_INET6)) == -1)
236 c26f2460 2023-06-08 op 		return -1;
237 c26f2460 2023-06-08 op 
238 deadd9e1 2023-06-09 op 	if (config_send_file(ps, IMSG_RECONF_SOCK6, sock, NULL, 0) == -1)
239 c26f2460 2023-06-08 op 		return -1;
240 c26f2460 2023-06-08 op 
241 c26f2460 2023-06-08 op 	return 0;
242 c26f2460 2023-06-08 op }
243 c26f2460 2023-06-08 op 
244 c26f2460 2023-06-08 op int
245 5d22294a 2023-06-09 op config_send(struct conf *conf, struct vhosthead *hosts)
246 c26f2460 2023-06-08 op {
247 c26f2460 2023-06-08 op 	struct privsep	*ps = conf->ps;
248 c26f2460 2023-06-08 op 	struct etm	*m;
249 5d22294a 2023-06-09 op 	struct fcgi	*fcgi;
250 c26f2460 2023-06-08 op 	struct vhost	*h;
251 c26f2460 2023-06-08 op 	struct location	*l;
252 c26f2460 2023-06-08 op 	struct proxy	*p;
253 c26f2460 2023-06-08 op 	struct envlist	*e;
254 c26f2460 2023-06-08 op 	struct alist	*a;
255 c26f2460 2023-06-08 op 	size_t		 i;
256 c26f2460 2023-06-08 op 	int		 fd;
257 c26f2460 2023-06-08 op 
258 c26f2460 2023-06-08 op 	for (i = 0; i < conf->mime.len; ++i) {
259 c26f2460 2023-06-08 op 		m = &conf->mime.t[i];
260 c26f2460 2023-06-08 op 		if (proc_compose(ps, PROC_SERVER, IMSG_RECONF_MIME,
261 c26f2460 2023-06-08 op 		    m, sizeof(*m)) == -1)
262 c26f2460 2023-06-08 op 			return -1;
263 c26f2460 2023-06-08 op 	}
264 c26f2460 2023-06-08 op 
265 c26f2460 2023-06-08 op 	if (proc_compose(ps, PROC_SERVER, IMSG_RECONF_PROTOS,
266 c26f2460 2023-06-08 op 	    &conf->protos, sizeof(conf->protos)) == -1)
267 c26f2460 2023-06-08 op 		return -1;
268 c26f2460 2023-06-08 op 
269 c26f2460 2023-06-08 op 	if (proc_compose(ps, PROC_SERVER, IMSG_RECONF_PORT,
270 c26f2460 2023-06-08 op 	    &conf->port, sizeof(conf->port)) == -1)
271 c26f2460 2023-06-08 op 		return -1;
272 c26f2460 2023-06-08 op 
273 c26f2460 2023-06-08 op 	if (proc_flush_imsg(ps, PROC_SERVER, -1) == -1)
274 c26f2460 2023-06-08 op 		return -1;
275 c26f2460 2023-06-08 op 
276 c26f2460 2023-06-08 op 	if (config_send_socks(conf) == -1)
277 c26f2460 2023-06-08 op 		return -1;
278 c26f2460 2023-06-08 op 
279 c26f2460 2023-06-08 op 	if (proc_flush_imsg(ps, PROC_SERVER, -1) == -1)
280 c26f2460 2023-06-08 op 		return -1;
281 c26f2460 2023-06-08 op 
282 5d22294a 2023-06-09 op 	TAILQ_FOREACH(fcgi, &conf->fcgi, fcgi) {
283 5d22294a 2023-06-09 op 		log_debug("sending fastcgi %s", fcgi->path);
284 c26f2460 2023-06-08 op 		if (proc_compose(ps, PROC_SERVER, IMSG_RECONF_FCGI,
285 5d22294a 2023-06-09 op 		    fcgi, sizeof(*fcgi)) == -1)
286 c26f2460 2023-06-08 op 			return -1;
287 c26f2460 2023-06-08 op 	}
288 c26f2460 2023-06-08 op 
289 c26f2460 2023-06-08 op 	TAILQ_FOREACH(h, hosts, vhosts) {
290 1c6967b3 2023-06-08 op 		struct vhost vcopy;
291 1c6967b3 2023-06-08 op 
292 1c6967b3 2023-06-08 op 		memcpy(&vcopy, h, sizeof(vcopy));
293 1c6967b3 2023-06-08 op 		vcopy.cert_path = NULL;
294 1c6967b3 2023-06-08 op 		vcopy.key_path = NULL;
295 1c6967b3 2023-06-08 op 		vcopy.ocsp_path = NULL;
296 1c6967b3 2023-06-08 op 
297 c26f2460 2023-06-08 op 		log_debug("sending host %s", h->domain);
298 c26f2460 2023-06-08 op 
299 c26f2460 2023-06-08 op 		if (proc_compose(ps, PROC_SERVER, IMSG_RECONF_HOST,
300 1c6967b3 2023-06-08 op 		    &vcopy, sizeof(vcopy)) == -1)
301 c26f2460 2023-06-08 op 			return -1;
302 c26f2460 2023-06-08 op 
303 c26f2460 2023-06-08 op 		log_debug("sending certificate %s", h->cert_path);
304 c26f2460 2023-06-08 op 		if ((fd = open(h->cert_path, O_RDONLY)) == -1)
305 c26f2460 2023-06-08 op 			fatal("can't open %s", h->cert_path);
306 deadd9e1 2023-06-09 op 		if (config_send_file(ps, IMSG_RECONF_CERT, fd, NULL, 0) == -1)
307 c26f2460 2023-06-08 op 			return -1;
308 c26f2460 2023-06-08 op 
309 c26f2460 2023-06-08 op 		log_debug("sending key %s", h->key_path);
310 c26f2460 2023-06-08 op 		if ((fd = open(h->key_path, O_RDONLY)) == -1)
311 c26f2460 2023-06-08 op 			fatal("can't open %s", h->key_path);
312 deadd9e1 2023-06-09 op 		if (config_send_file(ps, IMSG_RECONF_KEY, fd, NULL, 0) == -1)
313 c26f2460 2023-06-08 op 			return -1;
314 c26f2460 2023-06-08 op 
315 1c6967b3 2023-06-08 op 		if (h->ocsp_path != NULL) {
316 c26f2460 2023-06-08 op 			log_debug("sending ocsp %s", h->ocsp_path);
317 c26f2460 2023-06-08 op 			if ((fd = open(h->ocsp_path, O_RDONLY)) == -1)
318 c26f2460 2023-06-08 op 				fatal("can't open %s", h->ocsp_path);
319 deadd9e1 2023-06-09 op 			if (config_send_file(ps, IMSG_RECONF_OCSP, fd,
320 deadd9e1 2023-06-09 op 			    NULL, 0) == -1)
321 c26f2460 2023-06-08 op 				return -1;
322 c26f2460 2023-06-08 op 		}
323 c26f2460 2023-06-08 op 
324 c26f2460 2023-06-08 op 		TAILQ_FOREACH(l, &h->locations, locations) {
325 deadd9e1 2023-06-09 op 			struct location lcopy;
326 deadd9e1 2023-06-09 op 			int fd = -1;
327 deadd9e1 2023-06-09 op 
328 deadd9e1 2023-06-09 op 			memcpy(&lcopy, l, sizeof(lcopy));
329 deadd9e1 2023-06-09 op 			lcopy.reqca_path = NULL;
330 deadd9e1 2023-06-09 op 			lcopy.reqca = NULL;
331 deadd9e1 2023-06-09 op 			lcopy.dirfd = -1;
332 deadd9e1 2023-06-09 op 			memset(&lcopy.locations, 0, sizeof(lcopy.locations));
333 deadd9e1 2023-06-09 op 
334 deadd9e1 2023-06-09 op 			if (l->reqca_path != NULL &&
335 deadd9e1 2023-06-09 op 			    (fd = open(l->reqca_path, O_RDONLY)) == -1)
336 deadd9e1 2023-06-09 op 				fatal("can't open %s", l->reqca_path);
337 deadd9e1 2023-06-09 op 
338 deadd9e1 2023-06-09 op 			if (config_send_file(ps, IMSG_RECONF_LOC, fd,
339 deadd9e1 2023-06-09 op 			    &lcopy, sizeof(lcopy)) == -1)
340 c26f2460 2023-06-08 op 				return -1;
341 c26f2460 2023-06-08 op 		}
342 c26f2460 2023-06-08 op 
343 c26f2460 2023-06-08 op 		if (proc_flush_imsg(ps, PROC_SERVER, -1) == -1)
344 c26f2460 2023-06-08 op 			return -1;
345 c26f2460 2023-06-08 op 
346 c26f2460 2023-06-08 op 		TAILQ_FOREACH(e, &h->params, envs) {
347 c26f2460 2023-06-08 op 			if (proc_compose(ps, PROC_SERVER, IMSG_RECONF_ENV,
348 c26f2460 2023-06-08 op 			    e, sizeof(*e)) == -1)
349 c26f2460 2023-06-08 op 				return -1;
350 c26f2460 2023-06-08 op 		}
351 c26f2460 2023-06-08 op 
352 c26f2460 2023-06-08 op 		if (proc_flush_imsg(ps, PROC_SERVER, -1) == -1)
353 c26f2460 2023-06-08 op 			return -1;
354 c26f2460 2023-06-08 op 
355 c26f2460 2023-06-08 op 		TAILQ_FOREACH(a, &h->aliases, aliases) {
356 c26f2460 2023-06-08 op 			if (proc_compose(ps, PROC_SERVER, IMSG_RECONF_ALIAS,
357 c26f2460 2023-06-08 op 			    a, sizeof(*a)) == -1)
358 c26f2460 2023-06-08 op 				return -1;
359 c26f2460 2023-06-08 op 		}
360 c26f2460 2023-06-08 op 
361 c26f2460 2023-06-08 op 		if (proc_flush_imsg(ps, PROC_SERVER, -1) == -1)
362 c26f2460 2023-06-08 op 			return -1;
363 c26f2460 2023-06-08 op 
364 c26f2460 2023-06-08 op 		TAILQ_FOREACH(p, &h->proxies, proxies) {
365 deadd9e1 2023-06-09 op 			struct proxy pcopy;
366 deadd9e1 2023-06-09 op 			int fd = -1;
367 deadd9e1 2023-06-09 op 
368 deadd9e1 2023-06-09 op 			memcpy(&pcopy, p, sizeof(pcopy));
369 deadd9e1 2023-06-09 op 			pcopy.cert_path = NULL;
370 deadd9e1 2023-06-09 op 			pcopy.cert = NULL;
371 deadd9e1 2023-06-09 op 			pcopy.certlen = 0;
372 deadd9e1 2023-06-09 op 			pcopy.key_path = NULL;
373 deadd9e1 2023-06-09 op 			pcopy.key = NULL;
374 deadd9e1 2023-06-09 op 			pcopy.keylen = 0;
375 deadd9e1 2023-06-09 op 			pcopy.reqca_path = NULL;
376 deadd9e1 2023-06-09 op 			pcopy.reqca = NULL;
377 deadd9e1 2023-06-09 op 
378 deadd9e1 2023-06-09 op 			if (p->reqca_path != NULL) {
379 deadd9e1 2023-06-09 op 				fd = open(p->reqca_path, O_RDONLY);
380 deadd9e1 2023-06-09 op 				if (fd == -1)
381 deadd9e1 2023-06-09 op 					fatal("can't open %s", p->reqca_path);
382 deadd9e1 2023-06-09 op 			}
383 deadd9e1 2023-06-09 op 
384 deadd9e1 2023-06-09 op 			if (config_send_file(ps, IMSG_RECONF_PROXY, fd,
385 deadd9e1 2023-06-09 op 			    &pcopy, sizeof(pcopy)) == -1)
386 c26f2460 2023-06-08 op 				return -1;
387 deadd9e1 2023-06-09 op 
388 deadd9e1 2023-06-09 op 			if (p->cert_path != NULL &&
389 deadd9e1 2023-06-09 op 			    config_open_send(ps, IMSG_RECONF_PROXY_CERT,
390 deadd9e1 2023-06-09 op 			    p->cert_path) == -1)
391 deadd9e1 2023-06-09 op 				return -1;
392 deadd9e1 2023-06-09 op 
393 deadd9e1 2023-06-09 op 			if (p->key_path != NULL &&
394 deadd9e1 2023-06-09 op 			    config_open_send(ps, IMSG_RECONF_PROXY_KEY,
395 deadd9e1 2023-06-09 op 			    p->key_path) == -1)
396 deadd9e1 2023-06-09 op 				return -1;
397 deadd9e1 2023-06-09 op 
398 deadd9e1 2023-06-09 op 			if (proc_flush_imsg(ps, PROC_SERVER, -1) == -1)
399 deadd9e1 2023-06-09 op 				return -1;
400 c26f2460 2023-06-08 op 		}
401 c26f2460 2023-06-08 op 
402 c26f2460 2023-06-08 op 		if (proc_flush_imsg(ps, PROC_SERVER, -1) == -1)
403 c26f2460 2023-06-08 op 			return -1;
404 c26f2460 2023-06-08 op 	}
405 c26f2460 2023-06-08 op 
406 c26f2460 2023-06-08 op 	return 0;
407 c26f2460 2023-06-08 op }
408 c26f2460 2023-06-08 op 
409 c26f2460 2023-06-08 op static int
410 c26f2460 2023-06-08 op load_file(int fd, uint8_t **data, size_t *len)
411 c26f2460 2023-06-08 op {
412 c26f2460 2023-06-08 op 	struct stat	 sb;
413 c26f2460 2023-06-08 op 	FILE		*fp;
414 c26f2460 2023-06-08 op 	size_t		 r;
415 c26f2460 2023-06-08 op 
416 c26f2460 2023-06-08 op 	if (fstat(fd, &sb) == -1)
417 c26f2460 2023-06-08 op 		fatal("fstat");
418 c26f2460 2023-06-08 op 
419 c26f2460 2023-06-08 op 	if ((fp = fdopen(fd, "r")) == NULL)
420 c26f2460 2023-06-08 op 		fatal("fdopen");
421 c26f2460 2023-06-08 op 
422 c26f2460 2023-06-08 op 	if (sb.st_size < 0 /* || sb.st_size > SIZE_MAX */) {
423 c26f2460 2023-06-08 op 		log_warnx("file too large");
424 c26f2460 2023-06-08 op 		fclose(fp);
425 c26f2460 2023-06-08 op 		return -1;
426 c26f2460 2023-06-08 op 	}
427 c26f2460 2023-06-08 op 	*len = sb.st_size;
428 c26f2460 2023-06-08 op 
429 c26f2460 2023-06-08 op 	if ((*data = malloc(*len)) == NULL)
430 c26f2460 2023-06-08 op 		fatal("malloc");
431 c26f2460 2023-06-08 op 
432 c26f2460 2023-06-08 op 	r = fread(*data, 1, *len, fp);
433 c26f2460 2023-06-08 op 	if (r != *len) {
434 c26f2460 2023-06-08 op 		log_warn("read");
435 c26f2460 2023-06-08 op 		fclose(fp);
436 c26f2460 2023-06-08 op 		free(*data);
437 c26f2460 2023-06-08 op 		return -1;
438 c26f2460 2023-06-08 op 	}
439 c26f2460 2023-06-08 op 
440 c26f2460 2023-06-08 op 	fclose(fp);
441 c26f2460 2023-06-08 op 	return 0;
442 c26f2460 2023-06-08 op }
443 c26f2460 2023-06-08 op 
444 c26f2460 2023-06-08 op int
445 c26f2460 2023-06-08 op config_recv(struct conf *conf, struct imsg *imsg)
446 c26f2460 2023-06-08 op {
447 c26f2460 2023-06-08 op 	static struct vhost *h;
448 deadd9e1 2023-06-09 op 	static struct proxy *p;
449 c26f2460 2023-06-08 op 	struct privsep	*ps = conf->ps;
450 c26f2460 2023-06-08 op 	struct etm	 m;
451 5d22294a 2023-06-09 op 	struct fcgi	*fcgi;
452 c26f2460 2023-06-08 op 	struct vhost	*vh, vht;
453 c26f2460 2023-06-08 op 	struct location	*loc;
454 c26f2460 2023-06-08 op 	struct envlist	*env;
455 c26f2460 2023-06-08 op 	struct alist	*alias;
456 c26f2460 2023-06-08 op 	struct proxy	*proxy;
457 5d22294a 2023-06-09 op 	size_t		 datalen;
458 c26f2460 2023-06-08 op 
459 c26f2460 2023-06-08 op 	datalen = IMSG_DATA_SIZE(imsg);
460 c26f2460 2023-06-08 op 
461 c26f2460 2023-06-08 op 	switch (imsg->hdr.type) {
462 c26f2460 2023-06-08 op 	case IMSG_RECONF_START:
463 c26f2460 2023-06-08 op 		config_free();
464 c26f2460 2023-06-08 op 		h = NULL;
465 deadd9e1 2023-06-09 op 		p = NULL;
466 c26f2460 2023-06-08 op 		break;
467 c26f2460 2023-06-08 op 
468 c26f2460 2023-06-08 op 	case IMSG_RECONF_MIME:
469 c26f2460 2023-06-08 op 		IMSG_SIZE_CHECK(imsg, &m);
470 c26f2460 2023-06-08 op 		memcpy(&m, imsg->data, datalen);
471 c26f2460 2023-06-08 op 		if (m.mime[sizeof(m.mime) - 1] != '\0' ||
472 c26f2460 2023-06-08 op 		    m.ext[sizeof(m.ext) - 1] != '\0')
473 c26f2460 2023-06-08 op 			fatal("received corrupted IMSG_RECONF_MIME");
474 c26f2460 2023-06-08 op 		if (add_mime(&conf->mime, m.mime, m.ext) == -1)
475 c26f2460 2023-06-08 op 			fatal("failed to add mime mapping %s -> %s",
476 c26f2460 2023-06-08 op 			    m.mime, m.ext);
477 c26f2460 2023-06-08 op 		break;
478 c26f2460 2023-06-08 op 
479 c26f2460 2023-06-08 op 	case IMSG_RECONF_PROTOS:
480 c26f2460 2023-06-08 op 		IMSG_SIZE_CHECK(imsg, &conf->protos);
481 c26f2460 2023-06-08 op 		memcpy(&conf->protos, imsg->data, datalen);
482 c26f2460 2023-06-08 op 		break;
483 c26f2460 2023-06-08 op 
484 c26f2460 2023-06-08 op 	case IMSG_RECONF_PORT:
485 c26f2460 2023-06-08 op 		IMSG_SIZE_CHECK(imsg, &conf->port);
486 c26f2460 2023-06-08 op 		memcpy(&conf->port, imsg->data, datalen);
487 c26f2460 2023-06-08 op 		break;
488 c26f2460 2023-06-08 op 
489 c26f2460 2023-06-08 op 	case IMSG_RECONF_SOCK4:
490 c26f2460 2023-06-08 op 		if (conf->sock4 != -1)
491 c26f2460 2023-06-08 op 			fatalx("socket ipv4 already recv'd");
492 c26f2460 2023-06-08 op 		if (imsg->fd == -1)
493 c26f2460 2023-06-08 op 			fatalx("missing socket for IMSG_RECONF_SOCK4");
494 c26f2460 2023-06-08 op 		conf->sock4 = imsg->fd;
495 c26f2460 2023-06-08 op 		event_set(&conf->evsock4, conf->sock4, EV_READ|EV_PERSIST,
496 c26f2460 2023-06-08 op 		    do_accept, NULL);
497 c26f2460 2023-06-08 op 		break;
498 c26f2460 2023-06-08 op 
499 c26f2460 2023-06-08 op 	case IMSG_RECONF_SOCK6:
500 c26f2460 2023-06-08 op 		if (conf->sock6 != -1)
501 c26f2460 2023-06-08 op 			fatalx("socket ipv6 already recv'd");
502 c26f2460 2023-06-08 op 		if (imsg->fd == -1)
503 c26f2460 2023-06-08 op 			fatalx("missing socket for IMSG_RECONF_SOCK6");
504 c26f2460 2023-06-08 op 		conf->sock6 = imsg->fd;
505 c26f2460 2023-06-08 op 		event_set(&conf->evsock6, conf->sock6, EV_READ|EV_PERSIST,
506 c26f2460 2023-06-08 op 		    do_accept, NULL);
507 c26f2460 2023-06-08 op 		break;
508 c26f2460 2023-06-08 op 
509 c26f2460 2023-06-08 op 	case IMSG_RECONF_FCGI:
510 5d22294a 2023-06-09 op 		IMSG_SIZE_CHECK(imsg, fcgi);
511 5d22294a 2023-06-09 op 		fcgi = xcalloc(1, sizeof(*fcgi));
512 5d22294a 2023-06-09 op 		memcpy(fcgi, imsg->data, datalen);
513 5d22294a 2023-06-09 op 		log_debug("received fcgi %s", fcgi->path);
514 5d22294a 2023-06-09 op 		TAILQ_INSERT_TAIL(&conf->fcgi, fcgi, fcgi);
515 c26f2460 2023-06-08 op 		break;
516 c26f2460 2023-06-08 op 
517 c26f2460 2023-06-08 op 	case IMSG_RECONF_HOST:
518 c26f2460 2023-06-08 op 		IMSG_SIZE_CHECK(imsg, &vht);
519 c26f2460 2023-06-08 op 		memcpy(&vht, imsg->data, datalen);
520 c26f2460 2023-06-08 op 		vh = new_vhost();
521 c26f2460 2023-06-08 op 		strlcpy(vh->domain, vht.domain, sizeof(vh->domain));
522 c26f2460 2023-06-08 op 		h = vh;
523 c26f2460 2023-06-08 op 		TAILQ_INSERT_TAIL(&hosts, h, vhosts);
524 deadd9e1 2023-06-09 op 
525 deadd9e1 2023-06-09 op 		/* reset proxy */
526 deadd9e1 2023-06-09 op 		p = NULL;
527 c26f2460 2023-06-08 op 		break;
528 c26f2460 2023-06-08 op 
529 c26f2460 2023-06-08 op 	case IMSG_RECONF_CERT:
530 c26f2460 2023-06-08 op 		log_debug("receiving cert");
531 c26f2460 2023-06-08 op 		if (h == NULL)
532 c26f2460 2023-06-08 op 			fatalx("recv'd cert without host");
533 c26f2460 2023-06-08 op 		if (h->cert != NULL)
534 c26f2460 2023-06-08 op 			fatalx("cert already received");
535 c26f2460 2023-06-08 op 		if (imsg->fd == -1)
536 c26f2460 2023-06-08 op 			fatalx("no fd for IMSG_RECONF_CERT");
537 c26f2460 2023-06-08 op 		if (load_file(imsg->fd, &h->cert, &h->certlen) == -1)
538 c26f2460 2023-06-08 op 			fatalx("failed to load cert for %s",
539 c26f2460 2023-06-08 op 			    h->domain);
540 c26f2460 2023-06-08 op 		break;
541 c26f2460 2023-06-08 op 
542 c26f2460 2023-06-08 op 	case IMSG_RECONF_KEY:
543 c26f2460 2023-06-08 op 		log_debug("receiving key");
544 c26f2460 2023-06-08 op 		if (h == NULL)
545 c26f2460 2023-06-08 op 			fatalx("recv'd key without host");
546 c26f2460 2023-06-08 op 		if (h->key != NULL)
547 c26f2460 2023-06-08 op 			fatalx("key already received");
548 c26f2460 2023-06-08 op 		if (imsg->fd == -1)
549 c26f2460 2023-06-08 op 			fatalx("no fd for IMSG_RECONF_KEY");
550 c26f2460 2023-06-08 op 		if (load_file(imsg->fd, &h->key, &h->keylen) == -1)
551 c26f2460 2023-06-08 op 			fatalx("failed to load key for %s",
552 c26f2460 2023-06-08 op 			    h->domain);
553 c26f2460 2023-06-08 op 		break;
554 c26f2460 2023-06-08 op 
555 c26f2460 2023-06-08 op 	case IMSG_RECONF_OCSP:
556 c26f2460 2023-06-08 op 		log_debug("receiving ocsp");
557 c26f2460 2023-06-08 op 		if (h == NULL)
558 c26f2460 2023-06-08 op 			fatalx("recv'd ocsp without host");
559 c26f2460 2023-06-08 op 		if (h->ocsp != NULL)
560 c26f2460 2023-06-08 op 			fatalx("ocsp already received");
561 c26f2460 2023-06-08 op 		if (imsg->fd == -1)
562 c26f2460 2023-06-08 op 			fatalx("no fd for IMSG_RECONF_OCSP");
563 c26f2460 2023-06-08 op 		if (load_file(imsg->fd, &h->ocsp, &h->ocsplen) == -1)
564 c26f2460 2023-06-08 op 			fatalx("failed to load ocsp for %s",
565 c26f2460 2023-06-08 op 			    h->domain);
566 c26f2460 2023-06-08 op 		break;
567 c26f2460 2023-06-08 op 
568 c26f2460 2023-06-08 op 	case IMSG_RECONF_LOC:
569 c26f2460 2023-06-08 op 		if (h == NULL)
570 c26f2460 2023-06-08 op 			fatalx("recv'd location without host");
571 c26f2460 2023-06-08 op 		IMSG_SIZE_CHECK(imsg, loc);
572 c26f2460 2023-06-08 op 
573 c26f2460 2023-06-08 op 		//loc = new_location();
574 c26f2460 2023-06-08 op 		loc = xcalloc(1, sizeof(*loc));
575 c26f2460 2023-06-08 op 		loc->dirfd = -1;
576 c26f2460 2023-06-08 op 		loc->fcgi = -1;
577 c26f2460 2023-06-08 op 
578 c26f2460 2023-06-08 op 		memcpy(loc, imsg->data, datalen);
579 deadd9e1 2023-06-09 op 
580 deadd9e1 2023-06-09 op 		if (imsg->fd != -1) {
581 deadd9e1 2023-06-09 op 			loc->reqca = load_ca(imsg->fd);
582 deadd9e1 2023-06-09 op 			if (loc->reqca == NULL)
583 deadd9e1 2023-06-09 op 				fatalx("failed to load CA");
584 deadd9e1 2023-06-09 op 		}
585 deadd9e1 2023-06-09 op 
586 c26f2460 2023-06-08 op 		TAILQ_INSERT_TAIL(&h->locations, loc, locations);
587 c26f2460 2023-06-08 op 		break;
588 c26f2460 2023-06-08 op 
589 c26f2460 2023-06-08 op 	case IMSG_RECONF_ENV:
590 c26f2460 2023-06-08 op 		if (h == NULL)
591 c26f2460 2023-06-08 op 			fatalx("recv'd env without host");
592 c26f2460 2023-06-08 op 		IMSG_SIZE_CHECK(imsg, env);
593 c26f2460 2023-06-08 op 		env = xcalloc(1, sizeof(*env));
594 c26f2460 2023-06-08 op 		memcpy(env, imsg->data, datalen);
595 c26f2460 2023-06-08 op 		TAILQ_INSERT_TAIL(&h->params, env, envs);
596 c26f2460 2023-06-08 op 		break;
597 c26f2460 2023-06-08 op 
598 c26f2460 2023-06-08 op 	case IMSG_RECONF_ALIAS:
599 c26f2460 2023-06-08 op 		if (h == NULL)
600 c26f2460 2023-06-08 op 			fatalx("recv'd alias without host");
601 c26f2460 2023-06-08 op 		IMSG_SIZE_CHECK(imsg, alias);
602 c26f2460 2023-06-08 op 		alias = xcalloc(1, sizeof(*alias));
603 c26f2460 2023-06-08 op 		memcpy(alias, imsg->data, datalen);
604 c26f2460 2023-06-08 op 		TAILQ_INSERT_TAIL(&h->aliases, alias, aliases);
605 c26f2460 2023-06-08 op 		break;
606 c26f2460 2023-06-08 op 
607 c26f2460 2023-06-08 op 	case IMSG_RECONF_PROXY:
608 c26f2460 2023-06-08 op 		log_debug("receiving proxy");
609 c26f2460 2023-06-08 op 		if (h == NULL)
610 c26f2460 2023-06-08 op 			fatalx("recv'd proxy without host");
611 c26f2460 2023-06-08 op 		IMSG_SIZE_CHECK(imsg, proxy);
612 c26f2460 2023-06-08 op 		proxy = xcalloc(1, sizeof(*proxy));
613 c26f2460 2023-06-08 op 		memcpy(proxy, imsg->data, datalen);
614 deadd9e1 2023-06-09 op 
615 deadd9e1 2023-06-09 op 		if (imsg->fd != -1) {
616 deadd9e1 2023-06-09 op 			proxy->reqca = load_ca(imsg->fd);
617 deadd9e1 2023-06-09 op 			if (proxy->reqca == NULL)
618 deadd9e1 2023-06-09 op 				fatal("failed to load CA");
619 deadd9e1 2023-06-09 op 		}
620 deadd9e1 2023-06-09 op 
621 c26f2460 2023-06-08 op 		TAILQ_INSERT_TAIL(&h->proxies, proxy, proxies);
622 deadd9e1 2023-06-09 op 		p = proxy;
623 c26f2460 2023-06-08 op 		break;
624 c26f2460 2023-06-08 op 
625 deadd9e1 2023-06-09 op 	case IMSG_RECONF_PROXY_CERT:
626 deadd9e1 2023-06-09 op 		log_debug("receiving proxy cert");
627 deadd9e1 2023-06-09 op 		if (p == NULL)
628 deadd9e1 2023-06-09 op 			fatalx("recv'd proxy cert without proxy");
629 deadd9e1 2023-06-09 op 		if (p->cert != NULL)
630 deadd9e1 2023-06-09 op 			fatalx("proxy cert already received");
631 deadd9e1 2023-06-09 op 		if (imsg->fd == -1)
632 deadd9e1 2023-06-09 op 			fatalx("no fd for IMSG_RECONF_PROXY_CERT");
633 deadd9e1 2023-06-09 op 		if (load_file(imsg->fd, &p->cert, &p->certlen) == -1)
634 deadd9e1 2023-06-09 op 			fatalx("failed to load cert for proxy %s of %s",
635 deadd9e1 2023-06-09 op 			    p->host, h->domain);
636 deadd9e1 2023-06-09 op 		break;
637 deadd9e1 2023-06-09 op 
638 deadd9e1 2023-06-09 op 	case IMSG_RECONF_PROXY_KEY:
639 deadd9e1 2023-06-09 op 		log_debug("receiving proxy key");
640 deadd9e1 2023-06-09 op 		if (p == NULL)
641 deadd9e1 2023-06-09 op 			fatalx("recv'd proxy key without proxy");
642 deadd9e1 2023-06-09 op 		if (p->key != NULL)
643 deadd9e1 2023-06-09 op 			fatalx("proxy key already received");
644 deadd9e1 2023-06-09 op 		if (imsg->fd == -1)
645 deadd9e1 2023-06-09 op 			fatalx("no fd for IMSG_RECONF_PROXY_KEY");
646 deadd9e1 2023-06-09 op 		if (load_file(imsg->fd, &p->key, &p->keylen) == -1)
647 deadd9e1 2023-06-09 op 			fatalx("failed to load key for proxy %s of %s",
648 deadd9e1 2023-06-09 op 			    p->host, h->domain);
649 deadd9e1 2023-06-09 op 		break;
650 deadd9e1 2023-06-09 op 
651 c26f2460 2023-06-08 op 	case IMSG_RECONF_END:
652 c26f2460 2023-06-08 op 		if (proc_compose(ps, PROC_PARENT, IMSG_RECONF_DONE,
653 c26f2460 2023-06-08 op 		    NULL, 0) == -1)
654 c26f2460 2023-06-08 op 			return -1;
655 c26f2460 2023-06-08 op 		break;
656 c26f2460 2023-06-08 op 
657 c26f2460 2023-06-08 op 	default:
658 c26f2460 2023-06-08 op 		return -1;
659 c26f2460 2023-06-08 op 	}
660 c26f2460 2023-06-08 op 
661 c26f2460 2023-06-08 op 	return 0;
662 c26f2460 2023-06-08 op }