2 * Copyright (c) 2021 Omar Polo <op@omarpolo.com>
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
29 struct client clients[MAX_USERS];
31 static struct tls *ctx;
33 static struct event e4, e6, imsgev, siginfo, sigusr2;
34 static int has_ipv6, has_siginfo;
36 int connected_clients;
38 static inline int matches(const char*, const char*);
40 static inline void yield_read(int, struct client*, statefn);
41 static inline void yield_write(int, struct client*, statefn);
43 static int check_path(struct client*, const char*, int*);
44 static void open_file(struct client*);
45 static void check_for_cgi(struct client*);
46 static void handle_handshake(int, short, void*);
47 static char *strip_path(char*, int);
48 static void fmt_sbuf(const char*, struct client*, const char*);
49 static int apply_block_return(struct client*);
50 static int apply_require_ca(struct client*);
51 static void handle_open_conn(int, short, void*);
52 static void handle_start_reply(int, short, void*);
53 static size_t host_nth(struct vhost*);
54 static void start_cgi(const char*, const char*, struct client*);
55 static void open_dir(struct client*);
56 static void redirect_canonical_dir(struct client*);
57 static void enter_handle_dirlist(int, short, void*);
58 static void handle_dirlist(int, short, void*);
59 static int read_next_dir_entry(struct client*);
60 static void send_directory_listing(int, short, void*);
61 static void handle_cgi_reply(int, short, void*);
62 static void handle_copy(int, short, void*);
63 static void do_accept(int, short, void*);
64 static void handle_imsg_cgi_res(struct imsgbuf*, struct imsg*, size_t);
65 static void handle_imsg_fcgi_fd(struct imsgbuf*, struct imsg*, size_t);
66 static void handle_imsg_quit(struct imsgbuf*, struct imsg*, size_t);
67 static void handle_siginfo(int, short, void*);
69 static imsg_handlerfn *handlers[] = {
70 [IMSG_QUIT] = handle_imsg_quit,
71 [IMSG_CGI_RES] = handle_imsg_cgi_res,
72 [IMSG_FCGI_FD] = handle_imsg_fcgi_fd,
76 matches(const char *pattern, const char *path)
80 return !fnmatch(pattern, path, 0);
84 yield_read(int fd, struct client *c, statefn fn)
86 event_once(fd, EV_READ, fn, c, NULL);
90 yield_write(int fd, struct client *c, statefn fn)
92 event_once(fd, EV_WRITE, fn, c, NULL);
96 vhost_lang(struct vhost *v, const char *path)
100 if (v == NULL || path == NULL)
103 loc = TAILQ_FIRST(&v->locations);
104 while ((loc = TAILQ_NEXT(loc, locations)) != NULL) {
105 if (loc->lang != NULL) {
106 if (matches(loc->match, path))
111 return TAILQ_FIRST(&v->locations)->lang;
115 vhost_default_mime(struct vhost *v, const char *path)
117 struct location *loc;
118 const char *default_mime = "application/octet-stream";
120 if (v == NULL || path == NULL)
123 loc = TAILQ_FIRST(&v->locations);
124 while ((loc = TAILQ_NEXT(loc, locations)) != NULL) {
125 if (loc->default_mime != NULL) {
126 if (matches(loc->match, path))
127 return loc->default_mime;
131 loc = TAILQ_FIRST(&v->locations);
132 if (loc->default_mime != NULL)
133 return loc->default_mime;
138 vhost_index(struct vhost *v, const char *path)
140 struct location *loc;
141 const char *index = "index.gmi";
143 if (v == NULL || path == NULL)
146 loc = TAILQ_FIRST(&v->locations);
147 while ((loc = TAILQ_NEXT(loc, locations)) != NULL) {
148 if (loc->index != NULL) {
149 if (matches(loc->match, path))
154 loc = TAILQ_FIRST(&v->locations);
155 if (loc->index != NULL)
161 vhost_auto_index(struct vhost *v, const char *path)
163 struct location *loc;
165 if (v == NULL || path == NULL)
168 loc = TAILQ_FIRST(&v->locations);
169 while ((loc = TAILQ_NEXT(loc, locations)) != NULL) {
170 if (loc->auto_index != 0) {
171 if (matches(loc->match, path))
172 return loc->auto_index == 1;
176 loc = TAILQ_FIRST(&v->locations);
177 return loc->auto_index == 1;
181 vhost_block_return(struct vhost *v, const char *path, int *code, const char **fmt)
183 struct location *loc;
185 if (v == NULL || path == NULL)
188 loc = TAILQ_FIRST(&v->locations);
189 while ((loc = TAILQ_NEXT(loc, locations)) != NULL) {
190 if (loc->block_code != 0) {
191 if (matches(loc->match, path)) {
192 *code = loc->block_code;
193 *fmt = loc->block_fmt;
199 loc = TAILQ_FIRST(&v->locations);
200 *code = loc->block_code;
201 *fmt = loc->block_fmt;
202 return loc->block_code != 0;
206 vhost_fastcgi(struct vhost *v, const char *path)
208 struct location *loc;
210 if (v == NULL || path == NULL)
213 loc = TAILQ_FIRST(&v->locations);
214 while ((loc = TAILQ_NEXT(loc, locations)) != NULL) {
216 if (matches(loc->match, path))
220 loc = TAILQ_FIRST(&v->locations);
225 vhost_dirfd(struct vhost *v, const char *path)
227 struct location *loc;
229 if (v == NULL || path == NULL)
232 loc = TAILQ_FIRST(&v->locations);
233 while ((loc = TAILQ_NEXT(loc, locations)) != NULL) {
234 if (loc->dirfd != -1)
235 if (matches(loc->match, path))
239 loc = TAILQ_FIRST(&v->locations);
244 vhost_strip(struct vhost *v, const char *path)
246 struct location *loc;
248 if (v == NULL || path == NULL)
251 loc = TAILQ_FIRST(&v->locations);
252 while ((loc = TAILQ_NEXT(loc, locations)) != NULL) {
253 if (loc->strip != 0) {
254 if (matches(loc->match, path))
259 loc = TAILQ_FIRST(&v->locations);
264 vhost_require_ca(struct vhost *v, const char *path)
266 struct location *loc;
268 if (v == NULL || path == NULL)
271 loc = TAILQ_FIRST(&v->locations);
272 while ((loc = TAILQ_NEXT(loc, locations)) != NULL) {
273 if (loc->reqca != NULL) {
274 if (matches(loc->match, path))
279 loc = TAILQ_FIRST(&v->locations);
284 vhost_disable_log(struct vhost *v, const char *path)
286 struct location *loc;
288 if (v == NULL || path == NULL)
291 loc = TAILQ_FIRST(&v->locations);
292 while ((loc = TAILQ_NEXT(loc, locations)) != NULL) {
293 if (loc->disable_log && matches(loc->match, path))
297 loc = TAILQ_FIRST(&v->locations);
298 return loc->disable_log;
302 check_path(struct client *c, const char *path, int *fd)
306 int flags, dirfd, strip;
308 assert(path != NULL);
311 * in send_dir we add an initial / (to be redirect-friendly),
312 * but here we want to skip it
317 strip = vhost_strip(c->host, path);
318 p = strip_path(path, strip);
325 dirfd = vhost_dirfd(c->host, path);
326 log_debug(c, "check_path: strip=%d path=%s original=%s",
328 flags = O_RDONLY | O_NOFOLLOW;
329 if (*fd == -1 && (*fd = openat(dirfd, p, flags)) == -1)
332 if (fstat(*fd, &sb) == -1) {
333 log_notice(c, "failed stat for %s: %s", path, strerror(errno));
337 if (S_ISDIR(sb.st_mode))
338 return FILE_DIRECTORY;
340 if (sb.st_mode & S_IXUSR)
341 return FILE_EXECUTABLE;
347 open_file(struct client *c)
349 switch (check_path(c, c->iri.path, &c->pfd)) {
350 case FILE_EXECUTABLE:
351 if (c->host->cgi != NULL && matches(c->host->cgi, c->iri.path)) {
352 start_cgi(c->iri.path, "", c);
359 c->next = handle_copy;
360 start_reply(c, SUCCESS, mime(c->host, c->iri.path));
368 if (c->host->cgi != NULL && matches(c->host->cgi, c->iri.path)) {
372 start_reply(c, NOT_FOUND, "not found");
382 * the inverse of this algorithm, i.e. starting from the start of the
383 * path + strlen(cgi), and checking if each component, should be
384 * faster. But it's tedious to write. This does the opposite: starts
385 * from the end and strip one component at a time, until either an
386 * executable is found or we emptied the path.
389 check_for_cgi(struct client *c)
394 strlcpy(path, c->iri.path, sizeof(path));
395 end = strchr(path, '\0');
398 /* go up one level. UNIX paths are simple and POSIX
399 * dirname, with its ambiguities on if the given path
400 * is changed or not, gives me headaches. */
405 switch (check_path(c, path, &c->pfd)) {
406 case FILE_EXECUTABLE:
407 start_cgi(path, end+1, c);
420 start_reply(c, NOT_FOUND, "not found");
425 mark_nonblock(int fd)
429 if ((flags = fcntl(fd, F_GETFL)) == -1)
430 fatal("fcntl(F_GETFL): %s", strerror(errno));
431 if (fcntl(fd, F_SETFL, flags | O_NONBLOCK) == -1)
432 fatal("fcntl(F_SETFL): %s", strerror(errno));
436 handle_handshake(int fd, short ev, void *d)
438 struct client *c = d;
441 const char *servname;
442 const char *parse_err = "unknown error";
444 switch (tls_handshake(c->ctx)) {
445 case 0: /* success */
446 case -1: /* already handshaked */
448 case TLS_WANT_POLLIN:
449 yield_read(fd, c, &handle_handshake);
451 case TLS_WANT_POLLOUT:
452 yield_write(fd, c, &handle_handshake);
459 servname = tls_conn_servername(c->ctx);
460 if (!puny_decode(servname, c->domain, sizeof(c->domain), &parse_err)) {
461 log_info(c, "puny_decode: %s", parse_err);
465 TAILQ_FOREACH(h, &hosts, vhosts) {
466 if (matches(h->domain, c->domain))
468 TAILQ_FOREACH(a, &h->aliases, aliases) {
469 if (matches(a->alias, c->domain))
475 log_debug(c, "handshake: SNI: \"%s\"; decoded: \"%s\"; matched: \"%s\"",
476 servname != NULL ? servname : "(null)",
478 h != NULL ? h->domain : "(null)");
482 handle_open_conn(fd, ev, c);
487 if (servname != NULL)
488 strncpy(c->req, servname, sizeof(c->req));
490 strncpy(c->req, "null", sizeof(c->req));
492 start_reply(c, BAD_REQUEST, "Wrong/malformed host or missing SNI");
496 strip_path(char *path, int strip)
501 if ((t = strchr(path, '/')) == NULL) {
502 path = strchr(path, '\0');
513 fmt_sbuf(const char *fmt, struct client *c, const char *path)
518 memset(buf, 0, sizeof(buf));
519 for (i = 0; *fmt; ++fmt) {
520 if (i == sizeof(buf)-1 || *fmt == '%') {
521 strlcat(c->sbuf, buf, sizeof(c->sbuf));
522 memset(buf, 0, sizeof(buf));
533 strlcat(c->sbuf, "%", sizeof(c->sbuf));
537 strlcat(c->sbuf, "/", sizeof(c->sbuf));
538 strlcat(c->sbuf, path, sizeof(c->sbuf));
541 strlcat(c->sbuf, c->iri.query, sizeof(c->sbuf));
544 snprintf(buf, sizeof(buf), "%d", conf.port);
545 strlcat(c->sbuf, buf, sizeof(c->sbuf));
546 memset(buf, 0, sizeof(buf));
549 strlcat(c->sbuf, c->domain, sizeof(c->sbuf));
552 fatal("%s: unknown fmt specifier %c",
558 strlcat(c->sbuf, buf, sizeof(c->sbuf));
561 /* 1 if a matching `block return' (and apply it), 0 otherwise */
563 apply_block_return(struct client *c)
565 const char *fmt, *path;
568 if (!vhost_block_return(c->host, c->iri.path, &code, &fmt))
571 path = strip_path(c->iri.path, vhost_strip(c->host, c->iri.path));
572 fmt_sbuf(fmt, c, path);
574 start_reply(c, code, c->sbuf);
578 /* 1 if matching `fcgi' (and apply it), 0 otherwise */
580 apply_fastcgi(struct client *c)
585 if ((id = vhost_fastcgi(c->host, c->iri.path)) == -1)
588 switch ((f = &fcgi[id])->s) {
590 f->s = FCGI_INFLIGHT;
591 log_info(c, "opening fastcgi connection for (%s,%s,%s)",
592 f->path, f->port, f->prog);
593 imsg_compose(&exibuf, IMSG_FCGI_REQ, 0, 0, -1,
609 /* 1 if matching `require client ca' fails (and apply it), 0 otherwise */
611 apply_require_ca(struct client *c)
617 if ((store = vhost_require_ca(c->host, c->iri.path)) == NULL)
620 if (!tls_peer_cert_provided(c->ctx)) {
621 start_reply(c, CLIENT_CERT_REQ, "client certificate required");
625 cert = tls_peer_cert_chain_pem(c->ctx, &len);
626 if (!validate_against_ca(store, cert, len)) {
627 start_reply(c, CERT_NOT_AUTH, "certificate not authorised");
635 handle_open_conn(int fd, short ev, void *d)
637 struct client *c = d;
638 const char *parse_err = "invalid request";
639 char decoded[DOMAIN_NAME_LEN];
641 bzero(c->req, sizeof(c->req));
642 bzero(&c->iri, sizeof(c->iri));
644 switch (tls_read(c->ctx, c->req, sizeof(c->req)-1)) {
646 log_err(c, "tls_read: %s", tls_error(c->ctx));
647 close_conn(fd, ev, c);
650 case TLS_WANT_POLLIN:
651 yield_read(fd, c, &handle_open_conn);
654 case TLS_WANT_POLLOUT:
655 yield_write(fd, c, &handle_open_conn);
659 if (!trim_req_iri(c->req, &parse_err)
660 || !parse_iri(c->req, &c->iri, &parse_err)
661 || !puny_decode(c->iri.host, decoded, sizeof(decoded), &parse_err)) {
662 log_info(c, "iri parse error: %s", parse_err);
663 start_reply(c, BAD_REQUEST, "invalid request");
667 if (c->iri.port_no != conf.port
668 || strcmp(c->iri.schema, "gemini")
669 || strcmp(decoded, c->domain)) {
670 start_reply(c, PROXY_REFUSED, "won't proxy request");
674 if (apply_require_ca(c))
677 if (apply_block_return(c))
680 if (apply_fastcgi(c))
683 if (c->host->entrypoint != NULL) {
684 start_cgi(c->host->entrypoint, c->iri.path, c);
692 start_reply(struct client *c, int code, const char *meta)
696 handle_start_reply(c->fd, 0, c);
700 handle_start_reply(int fd, short ev, void *d)
702 struct client *c = d;
703 char buf[1030]; /* status + ' ' + max reply len + \r\n\0 */
707 lang = vhost_lang(c->host, c->iri.path);
709 snprintf(buf, sizeof(buf), "%d ", c->code);
710 strlcat(buf, c->meta, sizeof(buf));
711 if (!strcmp(c->meta, "text/gemini") && lang != NULL) {
712 strlcat(buf, "; lang=", sizeof(buf));
713 strlcat(buf, lang, sizeof(buf));
716 len = strlcat(buf, "\r\n", sizeof(buf));
717 assert(len < sizeof(buf));
719 switch (tls_write(c->ctx, buf, len)) {
721 close_conn(fd, ev, c);
723 case TLS_WANT_POLLIN:
724 yield_read(fd, c, &handle_start_reply);
726 case TLS_WANT_POLLOUT:
727 yield_write(fd, c, &handle_start_reply);
731 if (!vhost_disable_log(c->host, c->iri.path))
732 log_request(c, buf, sizeof(buf));
734 if (c->code != SUCCESS)
735 close_conn(fd, ev, c);
741 host_nth(struct vhost *h)
746 TAILQ_FOREACH(v, &hosts, vhosts) {
756 start_cgi(const char *spath, const char *relpath, struct client *c)
758 char addr[NI_MAXHOST];
763 e = getnameinfo((struct sockaddr*)&c->addr, sizeof(c->addr),
768 fatal("getnameinfo failed");
770 memset(&req, 0, sizeof(req));
772 memcpy(req.buf, c->req, sizeof(req.buf));
774 req.iri_schema_off = c->iri.schema - c->req;
775 req.iri_host_off = c->iri.host - c->req;
776 req.iri_port_off = c->iri.port - c->req;
777 req.iri_path_off = c->iri.path - c->req;
778 req.iri_query_off = c->iri.query - c->req;
779 req.iri_fragment_off = c->iri.fragment - c->req;
781 req.iri_portno = c->iri.port_no;
783 strlcpy(req.spath, spath, sizeof(req.spath));
784 strlcpy(req.relpath, relpath, sizeof(req.relpath));
785 strlcpy(req.addr, addr, sizeof(req.addr));
787 if ((t = tls_peer_cert_subject(c->ctx)) != NULL)
788 strlcpy(req.subject, t, sizeof(req.subject));
789 if ((t = tls_peer_cert_issuer(c->ctx)) != NULL)
790 strlcpy(req.issuer, t, sizeof(req.issuer));
791 if ((t = tls_peer_cert_hash(c->ctx)) != NULL)
792 strlcpy(req.hash, t, sizeof(req.hash));
793 if ((t = tls_conn_version(c->ctx)) != NULL)
794 strlcpy(req.version, t, sizeof(req.version));
795 if ((t = tls_conn_cipher(c->ctx)) != NULL)
796 strlcpy(req.cipher, t, sizeof(req.cipher));
798 req.cipher_strength = tls_conn_cipher_strength(c->ctx);
799 req.notbefore = tls_peer_cert_notbefore(c->ctx);
800 req.notafter = tls_peer_cert_notafter(c->ctx);
802 req.host_off = host_nth(c->host);
804 imsg_compose(&exibuf, IMSG_CGI_REQ, c->id, 0, -1, &req, sizeof(req));
811 open_dir(struct client *c)
817 root = !strcmp(c->iri.path, "/") || *c->iri.path == '\0';
819 len = strlen(c->iri.path);
820 if (len > 0 && !ends_with(c->iri.path, "/")) {
821 redirect_canonical_dir(c);
825 strlcpy(c->sbuf, "/", sizeof(c->sbuf));
826 strlcat(c->sbuf, c->iri.path, sizeof(c->sbuf));
827 if (!ends_with(c->sbuf, "/"))
828 strlcat(c->sbuf, "/", sizeof(c->sbuf));
829 before_file = strchr(c->sbuf, '\0');
830 len = strlcat(c->sbuf, vhost_index(c->host, c->iri.path),
832 if (len >= sizeof(c->sbuf)) {
833 start_reply(c, TEMP_FAILURE, "internal server error");
837 c->iri.path = c->sbuf;
839 /* close later unless we have to generate the dir listing */
843 switch (check_path(c, c->iri.path, &c->pfd)) {
844 case FILE_EXECUTABLE:
845 if (c->host->cgi != NULL && matches(c->host->cgi, c->iri.path)) {
846 start_cgi(c->iri.path, "", c);
853 c->next = handle_copy;
854 start_reply(c, SUCCESS, mime(c->host, c->iri.path));
858 start_reply(c, TEMP_REDIRECT, c->sbuf);
864 if (!vhost_auto_index(c->host, c->iri.path)) {
865 start_reply(c, NOT_FOUND, "not found");
869 c->next = enter_handle_dirlist;
871 c->dirlen = scandir_fd(dirfd, &c->dir,
872 root ? select_non_dotdot : select_non_dot,
874 if (c->dirlen == -1) {
875 log_err(c, "scandir_fd(%d) (vhost:%s) %s: %s",
876 c->pfd, c->host->domain, c->iri.path, strerror(errno));
877 start_reply(c, TEMP_FAILURE, "internal server error");
883 start_reply(c, SUCCESS, "text/gemini");
895 redirect_canonical_dir(struct client *c)
899 strlcpy(c->sbuf, "/", sizeof(c->sbuf));
900 strlcat(c->sbuf, c->iri.path, sizeof(c->sbuf));
901 len = strlcat(c->sbuf, "/", sizeof(c->sbuf));
903 if (len >= sizeof(c->sbuf)) {
904 start_reply(c, TEMP_FAILURE, "internal server error");
908 start_reply(c, TEMP_REDIRECT, c->sbuf);
912 enter_handle_dirlist(int fd, short ev, void *d)
914 struct client *c = d;
918 strlcpy(b, c->iri.path, sizeof(b));
919 l = snprintf(c->sbuf, sizeof(c->sbuf),
920 "# Index of %s\n\n", b);
921 if (l >= sizeof(c->sbuf)) {
922 /* this is impossible, given that we have enough space
923 * in c->sbuf to hold the ancilliary string plus the
924 * full path; but it wouldn't read nice without some
925 * error checking, and I'd like to avoid a strlen. */
926 close_conn(fd, ev, c);
931 handle_dirlist(fd, ev, c);
935 handle_dirlist(int fd, short ev, void *d)
937 struct client *c = d;
941 switch (r = tls_write(c->ctx, c->sbuf + c->off, c->len)) {
943 close_conn(fd, ev, c);
945 case TLS_WANT_POLLOUT:
946 yield_read(fd, c, &handle_dirlist);
948 case TLS_WANT_POLLIN:
949 yield_write(fd, c, &handle_dirlist);
957 send_directory_listing(fd, ev, c);
961 read_next_dir_entry(struct client *c)
963 if (c->diroff == c->dirlen)
966 /* XXX: url escape */
967 snprintf(c->sbuf, sizeof(c->sbuf), "=> %s\n",
968 c->dir[c->diroff]->d_name);
970 free(c->dir[c->diroff]);
973 c->len = strlen(c->sbuf);
979 send_directory_listing(int fd, short ev, void *d)
981 struct client *c = d;
986 if (!read_next_dir_entry(c))
991 switch (r = tls_write(c->ctx, c->sbuf + c->off, c->len)) {
995 case TLS_WANT_POLLOUT:
996 yield_read(fd, c, &send_directory_listing);
999 case TLS_WANT_POLLIN:
1000 yield_write(fd, c, &send_directory_listing);
1012 close_conn(fd, ev, d);
1015 /* accumulate the meta line from the cgi script. */
1017 handle_cgi_reply(int fd, short ev, void *d)
1019 struct client *c = d;
1025 buf = c->sbuf + c->len;
1026 len = sizeof(c->sbuf) - c->len;
1028 r = read(c->pfd, buf, len);
1029 if (r == 0 || r == -1) {
1030 start_reply(c, CGI_ERROR, "CGI error");
1036 /* TODO: error if the CGI script don't reply correctly */
1037 e = strchr(c->sbuf, '\n');
1038 if (e != NULL || c->len == sizeof(c->sbuf)) {
1039 log_request(c, c->sbuf, c->len);
1042 handle_copy(fd, ev, c);
1046 yield_read(fd, c, &handle_cgi_reply);
1050 handle_copy(int fd, short ev, void *d)
1052 struct client *c = d;
1056 while (c->len > 0) {
1057 switch (r = tls_write(c->ctx, c->sbuf + c->off, c->len)) {
1061 case TLS_WANT_POLLOUT:
1062 yield_write(c->fd, c, &handle_copy);
1065 case TLS_WANT_POLLIN:
1066 yield_read(c->fd, c, &handle_copy);
1076 switch (r = read(c->pfd, c->sbuf, sizeof(c->sbuf))) {
1080 if (errno == EAGAIN || errno == EWOULDBLOCK) {
1081 yield_read(c->pfd, c, &handle_copy);
1092 close_conn(c->fd, ev, d);
1096 close_conn(int fd, short ev, void *d)
1098 struct client *c = d;
1101 switch (tls_close(c->ctx)) {
1102 case TLS_WANT_POLLIN:
1103 yield_read(fd, c, &close_conn);
1105 case TLS_WANT_POLLOUT:
1106 yield_read(fd, c, &close_conn);
1110 connected_clients--;
1112 while ((mbuf = TAILQ_FIRST(&c->mbufhead)) != NULL) {
1113 TAILQ_REMOVE(&c->mbufhead, mbuf, mbufs);
1131 do_accept(int sock, short et, void *d)
1134 struct sockaddr_storage addr;
1135 struct sockaddr *saddr;
1141 saddr = (struct sockaddr*)&addr;
1143 if ((fd = accept(sock, saddr, &len)) == -1) {
1144 if (errno == EWOULDBLOCK || errno == EAGAIN)
1146 fatal("accept: %s", strerror(errno));
1151 for (i = 0; i < MAX_USERS; ++i) {
1154 memset(c, 0, sizeof(*c));
1156 if (tls_accept_socket(ctx, &c->ctx, fd) == -1)
1157 break; /* goodbye fd! */
1165 yield_read(fd, c, &handle_handshake);
1166 connected_clients++;
1174 static struct client *
1175 client_by_id(int id)
1177 if ((size_t)id > sizeof(clients)/sizeof(clients[0]))
1178 fatal("in client_by_id: invalid id %d", id);
1179 return &clients[id];
1183 try_client_by_id(int id)
1185 if ((size_t)id > sizeof(clients)/sizeof(clients[0]))
1187 return &clients[id];
1191 handle_imsg_cgi_res(struct imsgbuf *ibuf, struct imsg *imsg, size_t len)
1195 c = client_by_id(imsg->hdr.peerid);
1197 if ((c->pfd = imsg->fd) == -1)
1198 start_reply(c, TEMP_FAILURE, "internal server error");
1200 yield_read(c->pfd, c, &handle_cgi_reply);
1204 handle_imsg_fcgi_fd(struct imsgbuf *ibuf, struct imsg *imsg, size_t len)
1210 id = imsg->hdr.peerid;
1213 if ((f->fd = imsg->fd) != -1) {
1214 event_set(&f->e, imsg->fd, EV_READ | EV_PERSIST, &handle_fcgi,
1216 event_add(&f->e, NULL);
1221 for (i = 0; i < MAX_USERS; ++i) {
1230 start_reply(c, TEMP_FAILURE, "internal server error");
1232 send_fcgi_req(f, c);
1237 handle_imsg_quit(struct imsgbuf *ibuf, struct imsg *imsg, size_t len)
1242 /* don't call event_loopbreak since we want to finish to
1243 * handle the ongoing connections. */
1249 signal_del(&siginfo);
1251 signal_del(&sigusr2);
1255 handle_dispatch_imsg(int fd, short ev, void *d)
1257 struct imsgbuf *ibuf = d;
1258 dispatch_imsg(ibuf, handlers, sizeof(handlers));
1262 handle_siginfo(int fd, short ev, void *d)
1268 log_info(NULL, "%d connected clients", connected_clients);
1272 loop(struct tls *ctx_, int sock4, int sock6, struct imsgbuf *ibuf)
1280 memset(&clients, 0, sizeof(clients));
1281 for (i = 0; i < MAX_USERS; ++i)
1284 event_set(&e4, sock4, EV_READ | EV_PERSIST, &do_accept, NULL);
1285 event_add(&e4, NULL);
1289 event_set(&e6, sock6, EV_READ | EV_PERSIST, &do_accept, NULL);
1290 event_add(&e6, NULL);
1293 event_set(&imsgev, ibuf->fd, EV_READ | EV_PERSIST, handle_dispatch_imsg, ibuf);
1294 event_add(&imsgev, NULL);
1298 signal_set(&siginfo, SIGINFO, &handle_siginfo, NULL);
1299 signal_add(&siginfo, NULL);
1301 signal_set(&sigusr2, SIGUSR2, &handle_siginfo, NULL);
1302 signal_add(&sigusr2, NULL);
1304 sandbox_server_process();