1 /*
2  * Copyright (c) 2021, 2022 Omar Polo <op@omarpolo.com>
3  *
4  * Permission to use, copy, modify, and distribute this software for any
5  * purpose with or without fee is hereby granted, provided that the above
6  * copyright notice and this permission notice appear in all copies.
7  *
8  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15  */
16 
17 #include "gmid.h"
18 
19 #include <ctype.h>
20 #include <errno.h>
21 #include <string.h>
22 
23 #include "log.h"
24 
25 #define MIN(a, b)	((a) < (b) ? (a) : (b))
26 
27 static const struct timeval handshake_timeout = { 5, 0 };
28 
29 static void	proxy_tls_readcb(int, short, void *);
30 static void	proxy_tls_writecb(int, short, void *);
31 static void	proxy_read(struct bufferevent *, void *);
32 static void	proxy_write(struct bufferevent *, void *);
33 static void	proxy_error(struct bufferevent *, short, void *);
34 
35 static void
36 proxy_tls_readcb(int fd, short event, void *d)
37 {
38 	struct bufferevent	*bufev = d;
39 	struct client		*c = bufev->cbarg;
40 	char			 buf[IBUF_READ_SIZE];
41 	int			 what = EVBUFFER_READ;
42 	int			 howmuch = IBUF_READ_SIZE;
43 	int			 res;
44 	ssize_t			 ret;
45 	size_t			 len;
46 
47 	if (event == EV_TIMEOUT) {
48 		what |= EVBUFFER_TIMEOUT;
49 		goto err;
50 	}
51 
52 	if (bufev->wm_read.high != 0)
53 		howmuch = MIN(sizeof(buf), bufev->wm_read.high);
54 
55 	switch (ret = tls_read(c->proxyctx, buf, howmuch)) {
56 	case TLS_WANT_POLLIN:
57 	case TLS_WANT_POLLOUT:
58 		goto retry;
59 	case -1:
60 		what |= EVBUFFER_ERROR;
61 		goto err;
62 	}
63 	len = ret;
64 
65 	if (len == 0) {
66 		what |= EVBUFFER_EOF;
67 		goto err;
68 	}
69 
70 	res = evbuffer_add(bufev->input, buf, len);
71 	if (res == -1) {
72 		what |= EVBUFFER_ERROR;
73 		goto err;
74 	}
75 
76 	event_add(&bufev->ev_read, NULL);
77 
78 	len = EVBUFFER_LENGTH(bufev->input);
79 	if (bufev->wm_read.low != 0 && len < bufev->wm_read.low)
80 		return;
81 
82 	if (bufev->readcb != NULL)
83 		(*bufev->readcb)(bufev, bufev->cbarg);
84 	return;
85 
86 retry:
87 	event_add(&bufev->ev_read, NULL);
88 	return;
89 
90 err:
91 	(*bufev->errorcb)(bufev, what, bufev->cbarg);
92 }
93 
94 static void
95 proxy_tls_writecb(int fd, short event, void *d)
96 {
97 	struct bufferevent	*bufev = d;
98 	struct client		*c = bufev->cbarg;
99 	ssize_t			 ret;
100 	size_t			 len;
101 	short			 what = EVBUFFER_WRITE;
102 
103 	if (event & EV_TIMEOUT) {
104 		what |= EVBUFFER_TIMEOUT;
105 		goto err;
106 	}
107 
108 	if (EVBUFFER_LENGTH(bufev->output) != 0) {
109 		ret = tls_write(c->proxyctx, EVBUFFER_DATA(bufev->output),
110 		    EVBUFFER_LENGTH(bufev->output));
111 		switch (ret) {
112 		case TLS_WANT_POLLIN:
113 		case TLS_WANT_POLLOUT:
114 			goto retry;
115 		case -1:
116 			what |= EVBUFFER_ERROR;
117 			goto err;
118 		}
119 		len = ret;
120 
121 		evbuffer_drain(bufev->output, len);
122 	}
123 
124 	if (EVBUFFER_LENGTH(bufev->output) != 0)
125 		event_add(&bufev->ev_write, NULL);
126 
127 	if (bufev->writecb != NULL &&
128 	    EVBUFFER_LENGTH(bufev->output) <= bufev->wm_write.low)
129 		(*bufev->writecb)(bufev, bufev->cbarg);
130 	return;
131 
132 retry:
133 	event_add(&bufev->ev_write, NULL);
134 	return;
135 
136 err:
137 	(*bufev->errorcb)(bufev, what, bufev->cbarg);
138 }
139 
140 static void
141 proxy_read(struct bufferevent *bev, void *d)
142 {
143 	struct client	*c = d;
144 	struct evbuffer	*src = EVBUFFER_INPUT(bev);
145 	char		*hdr;
146 	size_t		 len;
147 	int		 code;
148 
149 	/* intercept the header */
150 	if (c->code == 0) {
151 		hdr = evbuffer_readln(src, &len, EVBUFFER_EOL_CRLF_STRICT);
152 		if (hdr == NULL) {
153 			/* max reply + \r\n */
154 			if (EVBUFFER_LENGTH(src) > 1029) {
155 				log_warnx("upstream server is trying to "
156 				    "send a header that's too long.");
157 				proxy_error(bev, EVBUFFER_READ, c);
158 			}
159 
160 			/* wait a bit */
161 			return;
162 		}
163 
164 		if (len < 3 || len > 1029 ||
165 		    !isdigit((unsigned char)hdr[0]) ||
166 		    !isdigit((unsigned char)hdr[1]) ||
167 		    !isspace((unsigned char)hdr[2])) {
168 			free(hdr);
169 			log_warnx("upstream server is trying to send a "
170 			    "header that's too long.");
171 			proxy_error(bev, EVBUFFER_READ, c);
172 			return;
173 		}
174 
175 		c->header = hdr;
176 		code = (hdr[0] - '0') * 10 + (hdr[1] - '0');
177 
178 		if (code < 10 || code >= 70) {
179 			log_warnx("upstream server is trying to send an "
180 			    "invalid reply code: %d", code);
181 			proxy_error(bev, EVBUFFER_READ, c);
182 			return;
183 		}
184 
185 		start_reply(c, code, hdr + 3);
186 
187 		if (c->code < 20 || c->code > 29) {
188 			proxy_error(bev, EVBUFFER_EOF, c);
189 			return;
190 		}
191 	}
192 
193 	bufferevent_write_buffer(c->bev, src);
194 }
195 
196 static void
197 proxy_write(struct bufferevent *bev, void *d)
198 {
199 	struct evbuffer	*dst = EVBUFFER_OUTPUT(bev);
200 
201 	/* request successfully sent */
202 	if (EVBUFFER_LENGTH(dst) == 0)
203 		bufferevent_disable(bev, EV_WRITE);
204 }
205 
206 static void
207 proxy_error(struct bufferevent *bev, short error, void *d)
208 {
209 	struct client	*c = d;
210 
211 	/*
212 	 * If we're here it means that some kind of non-recoverable
213 	 * error appened.
214 	 */
215 
216 	bufferevent_free(bev);
217 	c->proxybev = NULL;
218 
219 	tls_free(c->proxyctx);
220 	c->proxyctx = NULL;
221 
222 	close(c->pfd);
223 	c->pfd = -1;
224 
225 	/* EOF and no header */
226 	if (c->code == 0) {
227 		start_reply(c, PROXY_ERROR, "protocol error");
228 		return;
229 	}
230 
231 	c->type = REQUEST_DONE;
232 	client_write(c->bev, c);
233 }
234 
235 static void
236 proxy_enqueue_req(struct client *c)
237 {
238 	struct proxy *p = c->proxy;
239 	struct evbuffer	*evb;
240 	char		 iribuf[GEMINI_URL_LEN];
241 
242 	c->proxybev = bufferevent_new(c->pfd, proxy_read, proxy_write,
243 	    proxy_error, c);
244 	if (c->proxybev == NULL)
245 		fatal("can't allocate bufferevent");
246 
247 	if (!p->notls) {
248 		event_set(&c->proxybev->ev_read, c->pfd, EV_READ,
249 		    proxy_tls_readcb, c->proxybev);
250 		event_set(&c->proxybev->ev_write, c->pfd, EV_WRITE,
251 		    proxy_tls_writecb, c->proxybev);
252 
253 #if HAVE_LIBEVENT2
254 		evbuffer_unfreeze(c->proxybev->input, 0);
255 		evbuffer_unfreeze(c->proxybev->output, 1);
256 #endif
257 	}
258 
259 	serialize_iri(&c->iri, iribuf, sizeof(iribuf));
260 
261 	evb = EVBUFFER_OUTPUT(c->proxybev);
262 	evbuffer_add_printf(evb, "%s\r\n", iribuf);
263 
264 	bufferevent_enable(c->proxybev, EV_READ|EV_WRITE);
265 }
266 
267 static void
268 proxy_handshake(int fd, short event, void *d)
269 {
270 	struct client	*c = d;
271 
272 	if (event == EV_TIMEOUT) {
273 		start_reply(c, PROXY_ERROR, "timeout");
274 		return;
275 	}
276 
277 	switch (tls_handshake(c->proxyctx)) {
278 	case TLS_WANT_POLLIN:
279 		event_set(&c->proxyev, fd, EV_READ, proxy_handshake, c);
280 		event_add(&c->proxyev, &handshake_timeout);
281 		return;
282 	case TLS_WANT_POLLOUT:
283 		event_set(&c->proxyev, fd, EV_WRITE, proxy_handshake, c);
284 		event_add(&c->proxyev, &handshake_timeout);
285 		return;
286 	case -1:
287 		log_warnx("handshake with proxy failed: %s",
288 		    tls_error(c->proxyctx));
289 		start_reply(c, PROXY_ERROR, "handshake failed");
290 		return;
291 	}
292 
293 	c->proxyevset = 0;
294 	proxy_enqueue_req(c);
295 }
296 
297 static int
298 proxy_setup_tls(struct client *c)
299 {
300 	struct proxy *p = c->proxy;
301 	struct tls_config *conf = NULL;
302 	const char *hn;
303 
304 	if ((conf = tls_config_new()) == NULL)
305 		return -1;
306 
307 	if (p->noverifyname)
308 		tls_config_insecure_noverifyname(conf);
309 
310 	tls_config_insecure_noverifycert(conf);
311 	tls_config_set_protocols(conf, p->protocols);
312 
313 	if (p->cert != NULL) {
314 		int r;
315 
316 		r = tls_config_set_cert_mem(conf, p->cert, p->certlen);
317 		if (r == -1)
318 			goto err;
319 
320 		r = tls_config_set_key_mem(conf, p->key, p->keylen);
321 		if (r == -1)
322 			goto err;
323 	}
324 
325 	if ((c->proxyctx = tls_client()) == NULL)
326 		goto err;
327 
328 	if (tls_configure(c->proxyctx, conf) == -1)
329 		goto err;
330 
331 	if (*(hn = p->sni) == '\0')
332 		hn = p->host;
333 	if (tls_connect_socket(c->proxyctx, c->pfd, hn) == -1)
334 		goto err;
335 
336 	c->proxyevset = 1;
337 	event_set(&c->proxyev, c->pfd, EV_READ|EV_WRITE, proxy_handshake, c);
338 	event_add(&c->proxyev, &handshake_timeout);
339 
340 	tls_config_free(conf);
341 	return 0;
342 
343 err:
344 	tls_config_free(conf);
345 	if (c->proxyctx != NULL) {
346 		tls_free(c->proxyctx);
347 		c->proxyctx = NULL;
348 	}
349 	return -1;
350 }
351 
352 int
353 proxy_init(struct client *c)
354 {
355 	struct proxy *p = c->proxy;
356 
357 	if (!p->notls && proxy_setup_tls(c) == -1)
358 		return -1;
359 	else if (p->notls)
360 		proxy_enqueue_req(c);
361 
362 	c->type = REQUEST_PROXY;
363 
364 	return 0;
365 }