1 /*
2  * Copyright (c) 2020 Omar Polo <op@omarpolo.com>
3  *
4  * Permission to use, copy, modify, and distribute this software for any
5  * purpose with or without fee is hereby granted, provided that the above
6  * copyright notice and this permission notice appear in all copies.
7  *
8  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15  */
16 
17 #include "gmid.h"
18 
19 #include <sys/stat.h>
20 
21 #include <errno.h>
22 #include <fcntl.h>
23 #include <libgen.h>
24 #include <limits.h>
25 #include <pwd.h>
26 #include <signal.h>
27 #include <string.h>
28 
29 struct vhosthead hosts;
30 
31 int sock4, sock6;
32 
33 struct imsgbuf logibuf, exibuf, servibuf[PROC_MAX];
34 
35 const char *config_path, *certs_dir, *hostname;
36 
37 struct conf conf;
38 
39 struct tls_config *tlsconf;
40 struct tls *ctx;
41 
42 static void
43 dummy_handler(int signo)
44 {
45 	return;
46 }
47 
48 /* wrapper around dirname(3).  dn must be PATH_MAX+1 at least. */
49 static void
50 pdirname(const char *path, char *dn)
51 {
52 	char	 p[PATH_MAX+1];
53 	char	*t;
54 
55 	strlcpy(p, path, sizeof(p));
56 	t = dirname(p);
57 	memmove(dn, t, strlen(t)+1);
58 }
59 
60 static void
61 mkdirs(const char *path, mode_t mode)
62 {
63 	char	dname[PATH_MAX+1];
64 
65 	pdirname(path, dname);
66 	if (!strcmp(dname, "/"))
67 		return;
68 	mkdirs(dname, mode);
69 	if (mkdir(path, mode) != 0 && errno != EEXIST)
70 		fatal("can't mkdir %s: %s", path, strerror(errno));
71 }
72 
73 /* $XDG_DATA_HOME/gmid */
74 char *
75 data_dir(void)
76 {
77 	const char *home, *xdg;
78 	char *t;
79 
80 	if ((xdg = getenv("XDG_DATA_HOME")) == NULL) {
81 		if ((home = getenv("HOME")) == NULL)
82 			errx(1, "XDG_DATA_HOME and HOME both empty");
83 		if (asprintf(&t, "%s/.local/share/gmid", home) == -1)
84 			err(1, "asprintf");
85 	} else {
86 		if (asprintf(&t, "%s/gmid", xdg) == -1)
87 			err(1, "asprintf");
88 	}
89 
90 	mkdirs(t, 0755);
91 	return t;
92 }
93 
94 void
95 load_local_cert(const char *hostname, const char *dir)
96 {
97 	char *cert, *key;
98 	struct vhost *h;
99 
100 	if (asprintf(&cert, "%s/%s.cert.pem", dir, hostname) == -1)
101 		errx(1, "asprintf");
102 	if (asprintf(&key, "%s/%s.key.pem", dir, hostname) == -1)
103 		errx(1, "asprintf");
104 
105 	if (access(cert, R_OK) == -1 || access(key, R_OK) == -1)
106 		gen_certificate(hostname, cert, key);
107 
108 	h = TAILQ_FIRST(&hosts);
109 	h->cert = cert;
110 	h->key = key;
111 	h->domain = hostname;
112 }
113 
114 void
115 load_vhosts(void)
116 {
117 	struct vhost *h;
118 
119 	TAILQ_FOREACH(h, &hosts, vhosts) {
120 		if ((h->dirfd = open(h->dir, O_RDONLY | O_DIRECTORY)) == -1)
121 			fatal("open %s for domain %s", h->dir, h->domain);
122 	}
123 }
124 
125 int
126 make_socket(int port, int family)
127 {
128 	int sock, v;
129 	struct sockaddr_in addr4;
130 	struct sockaddr_in6 addr6;
131 	struct sockaddr *addr;
132 	socklen_t len;
133 
134         switch (family) {
135 	case AF_INET:
136 		bzero(&addr4, sizeof(addr4));
137 		addr4.sin_family = family;
138 		addr4.sin_port = htons(port);
139 		addr4.sin_addr.s_addr = INADDR_ANY;
140 		addr = (struct sockaddr*)&addr4;
141 		len = sizeof(addr4);
142 		break;
143 
144 	case AF_INET6:
145 		bzero(&addr6, sizeof(addr6));
146 		addr6.sin6_family = AF_INET6;
147 		addr6.sin6_port = htons(port);
148 		addr6.sin6_addr = in6addr_any;
149 		addr = (struct sockaddr*)&addr6;
150 		len = sizeof(addr6);
151 		break;
152 
153 	default:
154 		/* unreachable */
155 		abort();
156 	}
157 
158 	if ((sock = socket(family, SOCK_STREAM, 0)) == -1)
159 		fatal("socket: %s", strerror(errno));
160 
161 	v = 1;
162 	if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &v, sizeof(v)) == -1)
163 		fatal("setsockopt(SO_REUSEADDR): %s", strerror(errno));
164 
165 	v = 1;
166 	if (setsockopt(sock, SOL_SOCKET, SO_REUSEPORT, &v, sizeof(v)) == -1)
167 		fatal("setsockopt(SO_REUSEPORT): %s", strerror(errno));
168 
169 	mark_nonblock(sock);
170 
171 	if (bind(sock, addr, len) == -1)
172 		fatal("bind: %s", strerror(errno));
173 
174 	if (listen(sock, 16) == -1)
175 		fatal("listen: %s", strerror(errno));
176 
177 	return sock;
178 }
179 
180 void
181 setup_tls(void)
182 {
183 	struct vhost *h;
184 
185 	if ((tlsconf = tls_config_new()) == NULL)
186 		fatal("tls_config_new");
187 
188 	/* optionally accept client certs, but don't try to verify them */
189 	tls_config_verify_client_optional(tlsconf);
190 	tls_config_insecure_noverifycert(tlsconf);
191 
192 	if (tls_config_set_protocols(tlsconf, conf.protos) == -1)
193 		fatal("tls_config_set_protocols");
194 
195 	if ((ctx = tls_server()) == NULL)
196 		fatal("tls_server failure");
197 
198 	h = TAILQ_FIRST(&hosts);
199 
200 	/* we need to set something, then we can add how many key we want */
201 	if (tls_config_set_keypair_file(tlsconf, h->cert, h->key))
202 		fatal("tls_config_set_keypair_file failed for (%s, %s)",
203 		    h->cert, h->key);
204 
205 	while ((h = TAILQ_NEXT(h, vhosts)) != NULL) {
206 		if (tls_config_add_keypair_file(tlsconf, h->cert, h->key) == -1)
207 			fatal("failed to load the keypair (%s, %s)",
208 			    h->cert, h->key);
209 	}
210 
211 	if (tls_configure(ctx, tlsconf) == -1)
212 		fatal("tls_configure: %s", tls_error(ctx));
213 }
214 
215 static int
216 listener_main(struct imsgbuf *ibuf)
217 {
218 	drop_priv();
219 	load_default_mime(&conf.mime);
220 	load_vhosts();
221 	loop(ctx, sock4, sock6, ibuf);
222 	return 0;
223 }
224 
225 void
226 init_config(void)
227 {
228 	TAILQ_INIT(&hosts);
229 
230 	conf.port = 1965;
231 	conf.ipv6 = 0;
232 	conf.protos = TLS_PROTOCOL_TLSv1_2 | TLS_PROTOCOL_TLSv1_3;
233 
234 	init_mime(&conf.mime);
235 
236 	conf.chroot = NULL;
237 	conf.user = NULL;
238 
239 	conf.prefork = 3;
240 }
241 
242 void
243 free_config(void)
244 {
245 	struct vhost *h, *th;
246 	struct location *l, *tl;
247 	struct envlist *e, *te;
248 	int v;
249 
250 	v = conf.verbose;
251 
252 	free(conf.chroot);
253 	free(conf.user);
254 	memset(&conf, 0, sizeof(conf));
255 
256 	conf.verbose = v;
257 
258 	TAILQ_FOREACH_SAFE(h, &hosts, vhosts, th) {
259 		TAILQ_FOREACH_SAFE(l, &h->locations, locations, tl) {
260 			TAILQ_REMOVE(&h->locations, l, locations);
261 
262 			free((char*)l->match);
263 			free((char*)l->lang);
264 			free((char*)l->default_mime);
265 			free((char*)l->index);
266 			free((char*)l->block_fmt);
267 			free(l);
268 		}
269 
270 		TAILQ_FOREACH_SAFE(e, &h->env, envs, te) {
271 			free(e->name);
272 			free(e->value);
273 			free(e);
274 		}
275 
276 		TAILQ_REMOVE(&hosts, h, vhosts);
277 		free(h);
278 	}
279 
280 	tls_free(ctx);
281 	tls_config_free(tlsconf);
282 }
283 
284 static int
285 wait_signal(void)
286 {
287 	sigset_t mask;
288 	int signo;
289 
290 	sigemptyset(&mask);
291 	sigaddset(&mask, SIGHUP);
292 	sigaddset(&mask, SIGINT);
293 	sigaddset(&mask, SIGTERM);
294 	sigwait(&mask, &signo);
295 
296 	return signo == SIGHUP;
297 }
298 
299 void
300 drop_priv(void)
301 {
302 	struct passwd *pw = NULL;
303 
304 	if (conf.chroot != NULL && conf.user == NULL)
305 		fatal("can't chroot without an user to switch to after.");
306 
307 	if (conf.user != NULL) {
308 		if ((pw = getpwnam(conf.user)) == NULL)
309 			fatal("can't find user %s", conf.user);
310 	}
311 
312 	if (conf.chroot != NULL) {
313 		if (chroot(conf.chroot) != 0 || chdir("/") != 0)
314 			fatal("%s: %s", conf.chroot, strerror(errno));
315 	}
316 
317 	if (pw != NULL) {
318 		if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) == -1)
319 			fatal("setresuid(%d): %s", pw->pw_uid,
320 			    strerror(errno));
321 	}
322 
323 	if (getuid() == 0)
324 		log_warn(NULL, "not a good idea to run a network daemon as root");
325 }
326 
327 static void
328 usage(const char *me)
329 {
330 	fprintf(stderr,
331 	    "USAGE: %s [-fn] [-c config] | [-6h] [-d certs-dir] [-H host]\n"
332 	    "       [-p port] [-x cgi] [dir]\n",
333 	    me);
334 }
335 
336 static void
337 logger_init(void)
338 {
339 	int p[2];
340 
341 	if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, p) == -1)
342 		err(1, "socketpair");
343 
344 	switch (fork()) {
345 	case -1:
346 		err(1, "fork");
347 	case 0:
348 		signal(SIGHUP, SIG_IGN);
349 		close(p[0]);
350 		setproctitle("logger");
351 		imsg_init(&logibuf, p[1]);
352 		drop_priv();
353 		_exit(logger_main(p[1], &logibuf));
354 	default:
355 		close(p[1]);
356 		imsg_init(&logibuf, p[0]);
357 		return;
358 	}
359 }
360 
361 static int
362 serve(int argc, char **argv, struct imsgbuf *ibuf)
363 {
364 	char		 path[PATH_MAX];
365 	int		 i, p[2];
366 	struct vhost	*h;
367 	struct location	*l;
368 
369         if (config_path == NULL) {
370 		if (hostname == NULL)
371 			hostname = "localhost";
372 		if (certs_dir == NULL)
373 			certs_dir = data_dir();
374 		load_local_cert(hostname, certs_dir);
375 
376 		h = TAILQ_FIRST(&hosts);
377 		h->domain = "*";
378 
379 		l = TAILQ_FIRST(&h->locations);
380 		l->auto_index = 1;
381 		l->match = "*";
382 
383 		switch (argc) {
384 		case 0:
385 			h->dir = getcwd(path, sizeof(path));
386 			break;
387 		case 1:
388 			h->dir = absolutify_path(argv[0]);
389 			break;
390 		default:
391 			usage(getprogname());
392 			return 1;
393 		}
394 
395 		log_notice(NULL, "serving %s on port %d", h->dir, conf.port);
396 	}
397 
398 	/* setup tls before dropping privileges: we don't want user
399 	 * to put private certs inside the chroot. */
400 	setup_tls();
401 
402 	for (i = 0; i < conf.prefork; ++i) {
403 		if (socketpair(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC,
404 		    PF_UNSPEC, p) == -1)
405 			fatal("socketpair: %s", strerror(errno));
406 
407 		switch (fork()) {
408 		case -1:
409 			fatal("fork: %s", strerror(errno));
410 		case 0:		/* child */
411 			close(p[0]);
412 			imsg_init(&exibuf, p[1]);
413 			setproctitle("server");
414 			_exit(listener_main(&exibuf));
415 		default:
416 			close(p[1]);
417 			imsg_init(&servibuf[i], p[0]);
418 		}
419 	}
420 
421 	setproctitle("executor");
422 	drop_priv();
423 	_exit(executor_main(ibuf));
424 }
425 
426 static int
427 write_pidfile(const char *pidfile)
428 {
429 	struct flock	lock;
430 	int		fd;
431 
432 	if (pidfile == NULL)
433 		return -1;
434 
435 	if ((fd = open(pidfile, O_WRONLY|O_CREAT|O_CLOEXEC, 0600)) == -1)
436 		fatal("can't open pidfile %s: %s", pidfile, strerror(errno));
437 
438 	lock.l_start = 0;
439 	lock.l_len = 0;
440 	lock.l_type = F_WRLCK;
441 	lock.l_whence = SEEK_SET;
442 
443 	if (fcntl(fd, F_SETLK, &lock) == -1)
444 		fatal("can't lock %s, gmid is already running?", pidfile);
445 
446 	if (ftruncate(fd, 0) == -1)
447 		fatal("ftruncate: %s: %s", pidfile, strerror(errno));
448 
449 	dprintf(fd, "%d\n", getpid());
450 
451 	return fd;
452 }
453 
454 static void
455 setup_configless(int argc, char **argv, const char *cgi)
456 {
457 	struct vhost	*host;
458 	struct location	*loc;
459 
460 	host = xcalloc(1, sizeof(*host));
461 	host->cgi = cgi;
462 	TAILQ_INSERT_HEAD(&hosts, host, vhosts);
463 
464 	loc = xcalloc(1, sizeof(*loc));
465 	TAILQ_INSERT_HEAD(&host->locations, loc, locations);
466 
467 	serve(argc, argv, NULL);
468 	imsg_compose(&logibuf, IMSG_QUIT, 0, 0, -1, NULL, 0);
469 	imsg_flush(&logibuf);
470 }
471 
472 int
473 main(int argc, char **argv)
474 {
475 	struct imsgbuf exibuf;
476 	int ch, conftest = 0, configless = 0;
477 	int old_ipv6, old_port;
478 	const char *cgi = NULL;
479 
480 	init_config();
481 
482 	while ((ch = getopt(argc, argv, "6c:d:fH:hnp:vx:")) != -1) {
483 		switch (ch) {
484 		case '6':
485 			conf.ipv6 = 1;
486 			configless = 1;
487 			break;
488 
489 		case 'c':
490 			config_path = absolutify_path(optarg);
491 			break;
492 
493 		case 'd':
494 			certs_dir = optarg;
495 			configless = 1;
496 			break;
497 
498 		case 'f':
499 			conf.foreground = 1;
500 			break;
501 
502 		case 'H':
503 			hostname = optarg;
504 			configless = 1;
505 			break;
506 
507 		case 'h':
508 			usage(*argv);
509 			return 0;
510 
511 		case 'n':
512 			conftest = 1;
513 			break;
514 
515 		case 'p':
516 			conf.port = parse_portno(optarg);
517 			configless = 1;
518 			break;
519 
520 		case 'v':
521 			conf.verbose++;
522 			break;
523 
524 		case 'x':
525 			/* drop the starting / (if any) */
526 			if (*optarg == '/')
527 				optarg++;
528 			cgi = optarg;
529 			configless = 1;
530 			break;
531 
532 		default:
533 			usage(*argv);
534 			return 1;
535 		}
536 	}
537 	argc -= optind;
538 	argv += optind;
539 
540 	if (config_path == NULL) {
541 		configless = 1;
542 		conf.foreground = 1;
543 		conf.prefork = 1;
544 		conf.verbose++;
545 	}
546 
547 	if (config_path != NULL && (argc > 0 || configless))
548 		err(1, "can't specify options in config mode.");
549 
550 	if (conftest) {
551 		parse_conf(config_path);
552 		puts("config OK");
553 		return 0;
554 	}
555 
556 	if (!conf.foreground && !configless) {
557 		if (daemon(1, 1) == -1)
558 			err(1, "daemon");
559 	}
560 
561 	if (config_path != NULL)
562 		parse_conf(config_path);
563 
564 	logger_init();
565 
566 	sock4 = make_socket(conf.port, AF_INET);
567 	sock6 = -1;
568 	if (conf.ipv6)
569 		sock6 = make_socket(conf.port, AF_INET6);
570 
571 	signal(SIGPIPE, SIG_IGN);
572 	signal(SIGCHLD, SIG_IGN);
573 
574 	if (configless) {
575 		setup_configless(argc, argv, cgi);
576 		return 0;
577 	}
578 
579 	/* Linux seems to call the event handlers even when we're
580 	 * doing a sigwait.  These dummy handlers are here to avoid
581 	 * being terminated on SIGHUP, SIGINT or SIGTERM. */
582 	signal(SIGHUP, dummy_handler);
583 	signal(SIGINT, dummy_handler);
584 	signal(SIGTERM, dummy_handler);
585 
586 	/* wait a sighup and reload the daemon */
587 	for (;;) {
588 		int p[2];
589 
590 		if (socketpair(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC,
591 		    PF_UNSPEC, p) == -1)
592 			fatal("socketpair: %s", strerror(errno));
593 
594 		switch (fork()) {
595 		case -1:
596 			fatal("fork: %s", strerror(errno));
597 		case 0:
598 			close(p[0]);
599 			imsg_init(&exibuf, p[1]);
600 			_exit(serve(argc, argv, &exibuf));
601 		}
602 
603 		close(p[1]);
604 		imsg_init(&exibuf, p[0]);
605 
606 		if (!wait_signal())
607 			break;
608 
609 		log_info(NULL, "reloading configuration %s", config_path);
610 
611 		/* close the executor (it'll close the servers too) */
612 		imsg_compose(&exibuf, IMSG_QUIT, 0, 0, -1, NULL, 0);
613 		imsg_flush(&exibuf);
614 		close(p[0]);
615 
616 		old_ipv6 = conf.ipv6;
617 		old_port = conf.port;
618 
619 		free_config();
620 		init_config();
621 		parse_conf(config_path);
622 
623 		if (old_port != conf.port) {
624 			close(sock4);
625 			close(sock6);
626 			sock4 = -1;
627 			sock6 = -1;
628 		}
629 
630 		if (sock6 != -1 && old_ipv6 != conf.ipv6) {
631 			close(sock6);
632 			sock6 = -1;
633 		}
634 
635 		if (sock4 == -1)
636 			sock4 = make_socket(conf.port, AF_INET);
637 		if (sock6 == -1 && conf.ipv6)
638 			sock6 = make_socket(conf.port, AF_INET6);
639 	}
640 
641 	imsg_compose(&exibuf, IMSG_QUIT, 0, 0, -1, NULL, 0);
642 	imsg_flush(&exibuf);
643 
644 	imsg_compose(&logibuf, IMSG_QUIT, 0, 0, -1, NULL, 0);
645 	imsg_flush(&logibuf);
646 
647 	return 0;
648 }