2 * Copyright (c) 2023 Omar Polo <op@omarpolo.com>
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
25 #include <openssl/pem.h>
35 conf = xcalloc(1, sizeof(*conf));
37 TAILQ_INIT(&conf->fcgi);
38 TAILQ_INIT(&conf->hosts);
39 TAILQ_INIT(&conf->pkis);
40 TAILQ_INIT(&conf->addrs);
42 conf->protos = TLS_PROTOCOL_TLSv1_2 | TLS_PROTOCOL_TLSv1_3;
44 init_mime(&conf->mime);
49 conf->use_privsep_crypto = 1;
56 config_purge(struct conf *conf)
61 struct location *l, *tl;
63 struct envlist *e, *te;
65 struct pki *pki, *tpki;
66 struct address *addr, *taddr;
67 int use_privsep_crypto;
70 use_privsep_crypto = conf->use_privsep_crypto;
72 free_mime(&conf->mime);
73 TAILQ_FOREACH_SAFE(f, &conf->fcgi, fcgi, tf) {
74 TAILQ_REMOVE(&conf->fcgi, f, fcgi);
78 TAILQ_FOREACH_SAFE(h, &conf->hosts, vhosts, th) {
86 TAILQ_FOREACH_SAFE(addr, &h->addrs, addrs, taddr) {
87 TAILQ_REMOVE(&h->addrs, addr, addrs);
91 TAILQ_FOREACH_SAFE(l, &h->locations, locations, tl) {
92 TAILQ_REMOVE(&h->locations, l, locations);
98 X509_STORE_free(l->reqca);
102 TAILQ_FOREACH_SAFE(e, &h->params, envs, te) {
103 TAILQ_REMOVE(&h->params, e, envs);
107 TAILQ_FOREACH_SAFE(a, &h->aliases, aliases, ta) {
108 TAILQ_REMOVE(&h->aliases, a, aliases);
112 TAILQ_FOREACH_SAFE(p, &h->proxies, proxies, tp) {
113 TAILQ_REMOVE(&h->proxies, p, proxies);
119 X509_STORE_free(p->reqca);
123 TAILQ_REMOVE(&conf->hosts, h, vhosts);
127 TAILQ_FOREACH_SAFE(pki, &conf->pkis, pkis, tpki) {
128 TAILQ_REMOVE(&conf->pkis, pki, pkis);
130 EVP_PKEY_free(pki->pkey);
134 TAILQ_FOREACH_SAFE(addr, &conf->addrs, addrs, taddr) {
135 TAILQ_REMOVE(&conf->addrs, addr, addrs);
136 if (addr->sock != -1) {
138 event_del(&addr->evsock);
143 memset(conf, 0, sizeof(*conf));
146 conf->use_privsep_crypto = use_privsep_crypto;
147 conf->protos = TLS_PROTOCOL_TLSv1_2 | TLS_PROTOCOL_TLSv1_3;
148 init_mime(&conf->mime);
149 TAILQ_INIT(&conf->fcgi);
150 TAILQ_INIT(&conf->hosts);
151 TAILQ_INIT(&conf->pkis);
155 config_send_file(struct privsep *ps, enum privsep_procid id, int type,
156 int fd, void *data, size_t l)
161 proc_range(ps, id, &n, &m);
162 for (n = 0; n < m; ++n) {
164 if (fd != -1 && (d = dup(fd)) == -1)
166 if (proc_compose_imsg(ps, id, n, type, -1, d, data, l)
177 config_open_send(struct privsep *ps, enum privsep_procid id, int type,
182 log_debug("sending %s", path);
184 if ((fd = open(path, O_RDONLY)) == -1)
185 fatal("can't open %s", path);
187 return config_send_file(ps, id, type, fd, NULL, 0);
191 config_send_kp(struct privsep *ps, int cert_type, int key_type,
192 const char *cert, const char *key)
194 struct conf *conf = ps->ps_env;
195 int fd, d, key_target;
197 log_debug("sending %s", cert);
198 if ((fd = open(cert, O_RDONLY)) == -1)
199 fatal("can't open %s", cert);
200 if ((d = dup(fd)) == -1)
203 if (config_send_file(ps, PROC_SERVER, cert_type, fd, NULL, 0) == -1) {
207 if (conf->use_privsep_crypto &&
208 config_send_file(ps, PROC_CRYPTO, cert_type, d, NULL, 0) == -1)
211 key_target = PROC_CRYPTO;
212 if (!conf->use_privsep_crypto)
213 key_target = PROC_SERVER;
215 if (config_open_send(ps, key_target, key_type, key) == -1)
218 if (proc_flush_imsg(ps, PROC_SERVER, -1) == -1)
220 if (proc_flush_imsg(ps, PROC_CRYPTO, -1) == -1)
226 config_send_socks(struct conf *conf)
228 struct privsep *ps = conf->ps;
229 struct address *addr, a;
232 TAILQ_FOREACH(addr, &conf->addrs, addrs) {
233 sock = socket(addr->ai_family, addr->ai_socktype,
239 if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &v, sizeof(v))
241 fatal("setsockopt(SO_REUSEADDR)");
244 if (setsockopt(sock, SOL_SOCKET, SO_REUSEPORT, &v, sizeof(v))
246 fatal("setsockopt(SO_REUSEPORT)");
250 if (bind(sock, (struct sockaddr *)&addr->ss, addr->slen)
254 if (listen(sock, 16) == -1)
257 memcpy(&a, addr, sizeof(a));
260 memset(&a.evsock, 0, sizeof(a.evsock));
261 memset(&a.addrs, 0, sizeof(a.addrs));
263 if (config_send_file(ps, PROC_SERVER, IMSG_RECONF_SOCK, sock,
264 &a, sizeof(a)) == -1)
272 config_send(struct conf *conf)
274 struct privsep *ps = conf->ps;
284 for (i = 0; i < conf->mime.len; ++i) {
285 m = &conf->mime.t[i];
286 if (proc_compose(ps, PROC_SERVER, IMSG_RECONF_MIME,
287 m, sizeof(*m)) == -1)
291 if (proc_compose(ps, PROC_SERVER, IMSG_RECONF_PROTOS,
292 &conf->protos, sizeof(conf->protos)) == -1)
295 if (proc_flush_imsg(ps, PROC_SERVER, -1) == -1)
298 if (config_send_socks(conf) == -1)
301 if (proc_flush_imsg(ps, PROC_SERVER, -1) == -1)
304 TAILQ_FOREACH(fcgi, &conf->fcgi, fcgi) {
305 log_debug("sending fastcgi %s", fcgi->path);
306 if (proc_compose(ps, PROC_SERVER, IMSG_RECONF_FCGI,
307 fcgi, sizeof(*fcgi)) == -1)
311 TAILQ_FOREACH(h, &conf->hosts, vhosts) {
314 memcpy(&vcopy, h, sizeof(vcopy));
315 vcopy.cert_path = NULL;
316 vcopy.key_path = NULL;
317 vcopy.ocsp_path = NULL;
319 log_debug("sending host %s", h->domain);
321 if (proc_compose(ps, PROC_SERVER, IMSG_RECONF_HOST,
322 &vcopy, sizeof(vcopy)) == -1)
325 if (config_send_kp(ps, IMSG_RECONF_CERT, IMSG_RECONF_KEY,
326 h->cert_path, h->key_path) == -1)
329 if (h->ocsp_path != NULL) {
330 if (config_open_send(ps, PROC_SERVER, IMSG_RECONF_OCSP,
333 if (proc_flush_imsg(ps, PROC_SERVER, -1) == -1)
337 TAILQ_FOREACH(l, &h->locations, locations) {
338 struct location lcopy;
341 memcpy(&lcopy, l, sizeof(lcopy));
342 lcopy.reqca_path = NULL;
345 memset(&lcopy.locations, 0, sizeof(lcopy.locations));
347 if (l->reqca_path != NULL &&
348 (fd = open(l->reqca_path, O_RDONLY)) == -1)
349 fatal("can't open %s", l->reqca_path);
351 if (config_send_file(ps, PROC_SERVER, IMSG_RECONF_LOC,
352 fd, &lcopy, sizeof(lcopy)) == -1)
356 if (proc_flush_imsg(ps, PROC_SERVER, -1) == -1)
359 TAILQ_FOREACH(e, &h->params, envs) {
360 if (proc_compose(ps, PROC_SERVER, IMSG_RECONF_ENV,
361 e, sizeof(*e)) == -1)
365 if (proc_flush_imsg(ps, PROC_SERVER, -1) == -1)
368 TAILQ_FOREACH(a, &h->aliases, aliases) {
369 if (proc_compose(ps, PROC_SERVER, IMSG_RECONF_ALIAS,
370 a, sizeof(*a)) == -1)
374 if (proc_flush_imsg(ps, PROC_SERVER, -1) == -1)
377 TAILQ_FOREACH(p, &h->proxies, proxies) {
381 memcpy(&pcopy, p, sizeof(pcopy));
382 pcopy.cert_path = NULL;
385 pcopy.key_path = NULL;
388 pcopy.reqca_path = NULL;
391 if (p->reqca_path != NULL) {
392 fd = open(p->reqca_path, O_RDONLY);
394 fatal("can't open %s", p->reqca_path);
397 if (config_send_file(ps, PROC_SERVER, IMSG_RECONF_PROXY,
398 fd, &pcopy, sizeof(pcopy)) == -1)
401 if (proc_flush_imsg(ps, PROC_SERVER, -1) == -1)
404 if (p->cert_path == NULL || p->key_path == NULL)
407 if (config_open_send(ps, PROC_SERVER,
408 IMSG_RECONF_PROXY_CERT, p->cert_path) == -1 ||
409 config_open_send(ps, PROC_SERVER,
410 IMSG_RECONF_PROXY_KEY, p->key_path) == -1)
413 if (proc_flush_imsg(ps, PROC_SERVER, -1) == -1)
417 if (proc_flush_imsg(ps, PROC_SERVER, -1) == -1)
425 load_file(int fd, uint8_t **data, size_t *len)
430 if (fstat(fd, &sb) == -1)
433 if (sb.st_size < 0 /* || sb.st_size > SIZE_MAX */) {
434 log_warnx("file too large");
440 if ((*data = malloc(*len)) == NULL)
443 r = pread(fd, *data, *len, 0);
444 if (r == -1 || (size_t)r != *len) {
445 log_warn("read failed");
456 config_crypto_recv_kp(struct conf *conf, struct imsg *imsg)
458 static struct pki *pki;
462 /* XXX: check for duplicates */
465 fatalx("no fd for imsg %d", imsg->hdr.type);
467 switch (imsg->hdr.type) {
468 case IMSG_RECONF_CERT:
470 fatalx("imsg in wrong order; pki is not NULL");
471 if ((pki = calloc(1, sizeof(*pki))) == NULL)
473 if (load_file(imsg->fd, &d, &len) == -1)
474 fatalx("can't load file");
475 if ((pki->hash = ssl_pubkey_hash(d, len)) == NULL)
476 fatalx("failed to compute cert hash");
478 TAILQ_INSERT_TAIL(&conf->pkis, pki, pkis);
481 case IMSG_RECONF_KEY:
483 fatalx("got key without cert beforehand %d",
485 if (load_file(imsg->fd, &d, &len) == -1)
486 fatalx("failed to load private key");
487 if ((pki->pkey = ssl_load_pkey(d, len)) == NULL)
488 fatalx("failed load private key");
501 config_recv(struct conf *conf, struct imsg *imsg)
503 static struct vhost *h;
504 static struct proxy *p;
505 struct privsep *ps = conf->ps;
508 struct vhost *vh, vht;
509 struct location *loc;
513 struct address *addr;
517 datalen = IMSG_DATA_SIZE(imsg);
519 switch (imsg->hdr.type) {
520 case IMSG_RECONF_START:
526 case IMSG_RECONF_MIME:
527 IMSG_SIZE_CHECK(imsg, &m);
528 memcpy(&m, imsg->data, datalen);
529 if (m.mime[sizeof(m.mime) - 1] != '\0' ||
530 m.ext[sizeof(m.ext) - 1] != '\0')
531 fatal("received corrupted IMSG_RECONF_MIME");
532 if (add_mime(&conf->mime, m.mime, m.ext) == -1)
533 fatal("failed to add mime mapping %s -> %s",
537 case IMSG_RECONF_PROTOS:
538 IMSG_SIZE_CHECK(imsg, &conf->protos);
539 memcpy(&conf->protos, imsg->data, datalen);
542 case IMSG_RECONF_SOCK:
543 addr = xcalloc(1, sizeof(*addr));
544 IMSG_SIZE_CHECK(imsg, addr);
545 memcpy(addr, imsg->data, sizeof(*addr));
547 fatalx("missing socket for IMSG_RECONF_SOCK4");
549 addr->sock = imsg->fd;
550 event_set(&addr->evsock, addr->sock, EV_READ|EV_PERSIST,
552 TAILQ_INSERT_HEAD(&conf->addrs, addr, addrs);
555 case IMSG_RECONF_FCGI:
556 IMSG_SIZE_CHECK(imsg, fcgi);
557 fcgi = xcalloc(1, sizeof(*fcgi));
558 memcpy(fcgi, imsg->data, datalen);
559 log_debug("received fcgi %s", fcgi->path);
560 TAILQ_INSERT_TAIL(&conf->fcgi, fcgi, fcgi);
563 case IMSG_RECONF_HOST:
564 IMSG_SIZE_CHECK(imsg, &vht);
565 memcpy(&vht, imsg->data, datalen);
567 strlcpy(vh->domain, vht.domain, sizeof(vh->domain));
569 TAILQ_INSERT_TAIL(&conf->hosts, h, vhosts);
575 case IMSG_RECONF_CERT:
576 log_debug("receiving cert");
577 if (privsep_process == PROC_CRYPTO)
578 return config_crypto_recv_kp(conf, imsg);
580 fatalx("recv'd cert without host");
582 fatalx("cert already received");
584 fatalx("no fd for IMSG_RECONF_CERT");
585 if (load_file(imsg->fd, &h->cert, &h->certlen) == -1)
586 fatalx("failed to load cert for %s",
590 case IMSG_RECONF_KEY:
591 log_debug("receiving key");
592 if (privsep_process == PROC_CRYPTO)
593 return config_crypto_recv_kp(conf, imsg);
595 fatalx("recv'd key without host");
597 fatalx("key already received");
599 fatalx("no fd for IMSG_RECONF_KEY");
600 if (load_file(imsg->fd, &h->key, &h->keylen) == -1)
601 fatalx("failed to load key for %s",
605 case IMSG_RECONF_OCSP:
606 log_debug("receiving ocsp");
608 fatalx("recv'd ocsp without host");
610 fatalx("ocsp already received");
612 fatalx("no fd for IMSG_RECONF_OCSP");
613 if (load_file(imsg->fd, &h->ocsp, &h->ocsplen) == -1)
614 fatalx("failed to load ocsp for %s",
618 case IMSG_RECONF_LOC:
620 fatalx("recv'd location without host");
621 IMSG_SIZE_CHECK(imsg, loc);
622 loc = xcalloc(1, sizeof(*loc));
623 memcpy(loc, imsg->data, datalen);
625 if (imsg->fd != -1) {
626 if (load_file(imsg->fd, &d, &len) == -1)
628 loc->reqca = load_ca(d, len);
629 if (loc->reqca == NULL)
630 fatalx("failed to load CA");
634 TAILQ_INSERT_TAIL(&h->locations, loc, locations);
637 case IMSG_RECONF_ENV:
639 fatalx("recv'd env without host");
640 IMSG_SIZE_CHECK(imsg, env);
641 env = xcalloc(1, sizeof(*env));
642 memcpy(env, imsg->data, datalen);
643 TAILQ_INSERT_TAIL(&h->params, env, envs);
646 case IMSG_RECONF_ALIAS:
648 fatalx("recv'd alias without host");
649 IMSG_SIZE_CHECK(imsg, alias);
650 alias = xcalloc(1, sizeof(*alias));
651 memcpy(alias, imsg->data, datalen);
652 TAILQ_INSERT_TAIL(&h->aliases, alias, aliases);
655 case IMSG_RECONF_PROXY:
656 log_debug("receiving proxy");
658 fatalx("recv'd proxy without host");
659 IMSG_SIZE_CHECK(imsg, proxy);
660 proxy = xcalloc(1, sizeof(*proxy));
661 memcpy(proxy, imsg->data, datalen);
663 if (imsg->fd != -1) {
664 if (load_file(imsg->fd, &d, &len) == -1)
666 proxy->reqca = load_ca(d, len);
667 if (proxy->reqca == NULL)
668 fatal("failed to load CA");
672 TAILQ_INSERT_TAIL(&h->proxies, proxy, proxies);
676 case IMSG_RECONF_PROXY_CERT:
677 log_debug("receiving proxy cert");
679 fatalx("recv'd proxy cert without proxy");
681 fatalx("proxy cert already received");
683 fatalx("no fd for IMSG_RECONF_PROXY_CERT");
684 if (load_file(imsg->fd, &p->cert, &p->certlen) == -1)
685 fatalx("failed to load cert for proxy %s of %s",
689 case IMSG_RECONF_PROXY_KEY:
690 log_debug("receiving proxy key");
692 fatalx("recv'd proxy key without proxy");
694 fatalx("proxy key already received");
696 fatalx("no fd for IMSG_RECONF_PROXY_KEY");
697 if (load_file(imsg->fd, &p->key, &p->keylen) == -1)
698 fatalx("failed to load key for proxy %s of %s",
702 case IMSG_RECONF_END:
703 if (proc_compose(ps, PROC_PARENT, IMSG_RECONF_DONE,