1
/*
2
 * Copyright (c) 2021 Omar Polo <op@omarpolo.com>
3
 *
4
 * Permission to use, copy, modify, and distribute this software for any
5
 * purpose with or without fee is hereby granted, provided that the above
6
 * copyright notice and this permission notice appear in all copies.
7
 *
8
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15
 */
16

17
#include "gmid.h"
18

19
#include <sys/un.h>
20

21
#include <err.h>
22
#include <errno.h>
23

24
#include <event.h>
25
#include <fcntl.h>
26
#include <libgen.h>
27
#include <limits.h>
28
#include <signal.h>
29
#include <stdarg.h>
30
#include <string.h>
31

32
static void	handle_imsg_cgi_req(struct imsgbuf*, struct imsg*, size_t);
33
static void	handle_imsg_fcgi_req(struct imsgbuf*, struct imsg*, size_t);
34
static void	handle_imsg_conn_req(struct imsgbuf *, struct imsg *, size_t);
35
static void	handle_imsg_quit(struct imsgbuf*, struct imsg*, size_t);
36
static void	handle_dispatch_imsg(int, short, void*);
37

38
static imsg_handlerfn *handlers[] = {
39
	[IMSG_FCGI_REQ] = handle_imsg_fcgi_req,
40
	[IMSG_CGI_REQ] = handle_imsg_cgi_req,
41
	[IMSG_CONN_REQ] = handle_imsg_conn_req,
42
	[IMSG_QUIT] = handle_imsg_quit,
43
};
44

45
static inline void
46
safe_setenv(const char *name, const char *val)
47
{
48
	if (val == NULL)
49
		val = "";
50
	setenv(name, val, 1);
51
}
52

53
static char *
54
xasprintf(const char *fmt, ...)
55
{
56
	va_list ap;
57
	char *s;
58

59
	va_start(ap, fmt);
60
	if (vasprintf(&s, fmt, ap) == -1)
61
		s = NULL;
62
	va_end(ap);
63

64
	return s;
65
}
66

67
static void
68
do_exec(const char *ex, const char *spath, char *query)
69
{
70
	char **argv, buf[PATH_MAX], *sname, *t;
71
	size_t i, n;
72

73
	/* restore the default handlers */
74
	signal(SIGPIPE, SIG_DFL);
75
	signal(SIGCHLD, SIG_DFL);
76
	signal(SIGHUP,  SIG_DFL);
77
	signal(SIGINT,  SIG_DFL);
78
	signal(SIGTERM, SIG_DFL);
79

80
	strlcpy(buf, spath, sizeof(buf));
81
	sname = basename(buf);
82

83
	if (query == NULL || strchr(query, '=') != NULL) {
84
		if ((argv = calloc(2, sizeof(char*))) == NULL)
85
			err(1, "calloc");
86
		argv[0] = sname;
87
		execvp(ex, argv);
88
		warn("execvp: %s", argv[0]);
89
		return;
90
	}
91

92
	n = 1;
93
	for (t = query ;; t++, n++) {
94
		if ((t = strchr(t, '+')) == NULL)
95
			break;
96
	}
97

98
	if ((argv = calloc(n+2, sizeof(char*))) == NULL)
99
		err(1, "calloc");
100

101
	argv[0] = sname;
102
	for (i = 0; i < n; ++i) {
103
		t = strchr(query, '+');
104
		if (t != NULL)
105
			*t = '\0';
106
		argv[i+1] = pct_decode_str(query);
107
		query = t+1;
108
	}
109

110
	execvp(ex, argv);
111
	warn("execvp: %s", argv[0]);
112
}
113

114
static inline void
115
setenv_time(const char *var, time_t t)
116
{
117
	char timebuf[21];
118
	struct tm tminfo;
119

120
	if (t == -1)
121
		return;
122

123
	strftime(timebuf, sizeof(timebuf), "%FT%TZ",
124
	    gmtime_r(&t, &tminfo));
125
	setenv(var, timebuf, 1);
126
}
127

128
/* fd or -1 on error */
129
static int
130
launch_cgi(struct iri *iri, struct cgireq *req, struct vhost *vhost,
131
    struct location *loc)
132
{
133
	int p[2], errp[2];	/* read end, write end */
134

135
	if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, p) == -1)
136
		return -1;
137
	if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, errp) == -1)
138
		return -1;
139

140
	switch (fork()) {
141
	case -1:
142
		log_err(NULL, "fork failed: %s", strerror(errno));
143
		close(p[0]);
144
		close(p[1]);
145
		close(errp[0]);
146
		close(errp[1]);
147
		return -1;
148

149
	case 0: {		/* child */
150
		char *ex, *pwd;
151
		char iribuf[GEMINI_URL_LEN];
152
		char path[PATH_MAX];
153
		struct envlist *e;
154

155
		close(p[0]);
156
		if (dup2(p[1], 1) == -1)
157
			goto childerr;
158

159
		close(errp[0]);
160
		if (dup2(errp[1], 2) == -1)
161
			goto childerr;
162

163
		ex = xasprintf("%s/%s", loc->dir, req->spath);
164

165
		serialize_iri(iri, iribuf, sizeof(iribuf));
166

167
		safe_setenv("GATEWAY_INTERFACE", "CGI/1.1");
168
		safe_setenv("GEMINI_DOCUMENT_ROOT", loc->dir);
169
		safe_setenv("GEMINI_SCRIPT_FILENAME",
170
		    xasprintf("%s/%s", loc->dir, req->spath));
171
		safe_setenv("GEMINI_URL", iribuf);
172

173
		strlcpy(path, "/", sizeof(path));
174
		strlcat(path, req->spath, sizeof(path));
175
		safe_setenv("GEMINI_URL_PATH", path);
176

177
		if (*req->relpath != '\0') {
178
			strlcpy(path, "/", sizeof(path));
179
			strlcat(path, req->relpath, sizeof(path));
180
			safe_setenv("PATH_INFO", path);
181

182
			strlcpy(path, loc->dir, sizeof(path));
183
			strlcat(path, "/", sizeof(path));
184
			strlcat(path, req->relpath, sizeof(path));
185
			safe_setenv("PATH_TRANSLATED", path);
186
		}
187

188
		safe_setenv("QUERY_STRING", iri->query);
189
		safe_setenv("REMOTE_ADDR", req->addr);
190
		safe_setenv("REMOTE_HOST", req->addr);
191
		safe_setenv("REQUEST_METHOD", "");
192

193
		strlcpy(path, "/", sizeof(path));
194
		strlcat(path, req->spath, sizeof(path));
195
		safe_setenv("SCRIPT_NAME", path);
196

197
		safe_setenv("SERVER_NAME", iri->host);
198

199
		snprintf(path, sizeof(path), "%d", conf.port);
200
		safe_setenv("SERVER_PORT", path);
201

202
		safe_setenv("SERVER_PROTOCOL", "GEMINI");
203
		safe_setenv("SERVER_SOFTWARE", GMID_VERSION);
204

205
		if (*req->subject != '\0')
206
			safe_setenv("AUTH_TYPE", "Certificate");
207
		else
208
			safe_setenv("AUTH_TYPE", "");
209

210
		safe_setenv("REMOTE_USER", req->subject);
211
		safe_setenv("TLS_CLIENT_ISSUER", req->issuer);
212
		safe_setenv("TLS_CLIENT_HASH", req->hash);
213
		safe_setenv("TLS_VERSION", req->version);
214
		safe_setenv("TLS_CIPHER", req->cipher);
215

216
		snprintf(path, sizeof(path), "%d", req->cipher_strength);
217
		safe_setenv("TLS_CIPHER_STRENGTH", path);
218

219
		setenv_time("TLS_CLIENT_NOT_AFTER", req->notafter);
220
		setenv_time("TLS_CLIENT_NOT_BEFORE", req->notbefore);
221

222
		TAILQ_FOREACH(e, &vhost->env, envs) {
223
			safe_setenv(e->name, e->value);
224
		}
225

226
		strlcpy(path, ex, sizeof(path));
227

228
		pwd = dirname(path);
229
		if (chdir(pwd)) {
230
			warn("chdir");
231
			goto childerr;
232
		}
233

234
		do_exec(ex, req->spath, iri->query);
235
		goto childerr;
236
	}
237

238
	default:
239
		close(p[1]);
240
		close(errp[0]);
241
		close(errp[1]);
242
		mark_nonblock(p[0]);
243
		return p[0];
244
	}
245

246
childerr:
247
	dprintf(p[1], "%d internal server error\r\n", TEMP_FAILURE);
248
	_exit(1);
249
}
250

251
static struct vhost *
252
host_nth(size_t n)
253
{
254
	struct vhost *h;
255

256
	TAILQ_FOREACH(h, &hosts, vhosts) {
257
		if (n == 0)
258
			return h;
259
		n--;
260
	}
261

262
	return NULL;
263
}
264

265
static struct location *
266
loc_nth(struct vhost *vhost, size_t n)
267
{
268
	struct location *loc;
269

270
	TAILQ_FOREACH(loc, &vhost->locations, locations) {
271
		if (n == 0)
272
			return loc;
273
		n--;
274
	}
275

276
	return NULL;
277
}
278

279
static void
280
handle_imsg_cgi_req(struct imsgbuf *ibuf, struct imsg *imsg, size_t datalen)
281
{
282
	struct vhost	*h;
283
	struct location	*l;
284
	struct cgireq	 req;
285
	struct iri	 iri;
286
	int		 fd;
287

288
	if (datalen != sizeof(req))
289
		abort();
290

291
	memcpy(&req, imsg->data, sizeof(req));
292

293
	iri.schema = req.iri_schema_off + req.buf;
294
	iri.host = req.iri_host_off + req.buf;
295
	iri.port = req.iri_port_off + req.buf;
296
	iri.path = req.iri_path_off + req.buf;
297
	iri.query = req.iri_query_off + req.buf;
298
	iri.fragment = req.iri_fragment_off + req.buf;
299

300
	/* patch the query, otherwise do_exec will always pass "" as
301
	 * first argument to the script. */
302
	if (*iri.query == '\0')
303
		iri.query = NULL;
304

305
	if ((h = host_nth(req.host_off)) == NULL)
306
		abort();
307

308
	if ((l = loc_nth(h, req.loc_off)) == NULL)
309
		abort();
310

311
	fd = launch_cgi(&iri, &req, h, l);
312
	imsg_compose(ibuf, IMSG_CGI_RES, imsg->hdr.peerid, 0, fd, NULL, 0);
313
	imsg_flush(ibuf);
314
}
315

316
static int
317
fcgi_open_prog(struct fcgi *f)
318
{
319
	int s[2];
320
	pid_t p;
321

322
	/* XXX! */
323

324
	if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, s) == -1)
325
		err(1, "socketpair");
326

327
	switch (p = fork()) {
328
	case -1:
329
		err(1, "fork");
330
	case 0:
331
		close(s[0]);
332
		if (dup2(s[1], 0) == -1)
333
			err(1, "dup2");
334
		execl(f->prog, f->prog, NULL);
335
		err(1, "execl %s", f->prog);
336
	default:
337
		close(s[1]);
338
		return s[0];
339
	}
340
}
341

342
static int
343
fcgi_open_sock(struct fcgi *f)
344
{
345
	struct sockaddr_un	addr;
346
	int			fd;
347

348
	if ((fd = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) {
349
		log_err(NULL, "socket: %s", strerror(errno));
350
		return -1;
351
	}
352

353
	memset(&addr, 0, sizeof(addr));
354
	addr.sun_family = AF_UNIX;
355
	strlcpy(addr.sun_path, f->path, sizeof(addr.sun_path));
356

357
	if (connect(fd, (struct sockaddr*)&addr, sizeof(addr)) == -1) {
358
		log_warn(NULL, "failed to connect to %s: %s", f->path,
359
		    strerror(errno));
360
		close(fd);
361
		return -1;
362
	}
363

364
	return fd;
365
}
366

367
static int
368
fcgi_open_conn(struct fcgi *f)
369
{
370
	struct addrinfo	hints, *servinfo, *p;
371
	int		r, sock;
372

373
	memset(&hints, 0, sizeof(hints));
374
	hints.ai_family = AF_UNSPEC;
375
	hints.ai_socktype = SOCK_STREAM;
376
	hints.ai_flags = AI_ADDRCONFIG;
377

378
	if ((r = getaddrinfo(f->path, f->port, &hints, &servinfo)) != 0) {
379
		log_warn(NULL, "getaddrinfo %s:%s: %s", f->path, f->port,
380
		    gai_strerror(r));
381
		return -1;
382
	}
383

384
	for (p = servinfo; p != NULL; p = p->ai_next) {
385
		sock = socket(p->ai_family, p->ai_socktype, p->ai_protocol);
386
		if (sock == -1)
387
			continue;
388
		if (connect(sock, p->ai_addr, p->ai_addrlen) == -1) {
389
			close(sock);
390
			continue;
391
		}
392
		break;
393
	}
394

395
	if (p == NULL) {
396
		log_warn(NULL, "couldn't connect to %s:%s", f->path, f->port);
397
		sock = -1;
398
	}
399

400
	freeaddrinfo(servinfo);
401
	return sock;
402
}
403

404
static void
405
handle_imsg_fcgi_req(struct imsgbuf *ibuf, struct imsg *imsg, size_t datalen)
406
{
407
	struct fcgi	*f;
408
	int		 id, fd;
409

410
	if (datalen != sizeof(id))
411
		abort();
412
	memcpy(&id, imsg->data, sizeof(id));
413

414
	if (id > FCGI_MAX || (fcgi[id].path == NULL && fcgi[id].prog == NULL))
415
		abort();
416

417
	f = &fcgi[id];
418
	if (f->prog != NULL)
419
		fd = fcgi_open_prog(f);
420
	else if (f->port != NULL)
421
		fd = fcgi_open_conn(f);
422
	else
423
		fd = fcgi_open_sock(f);
424

425
	imsg_compose(ibuf, IMSG_FCGI_FD, imsg->hdr.peerid, 0, fd, NULL, 0);
426
	imsg_flush(ibuf);
427
}
428

429
static void
430
handle_imsg_conn_req(struct imsgbuf *ibuf, struct imsg *imsg, size_t datalen)
431
{
432
	struct addrinfo hints, *res, *res0;
433
	struct connreq req;
434
	int r, sock;
435

436
	if (datalen != sizeof(req))
437
		abort();
438
	memcpy(&req, imsg->data, sizeof(req));
439
	req.flag = 0;
440

441
	memset(&hints, 0, sizeof(hints));
442
	hints.ai_family = AF_UNSPEC;
443
	hints.ai_socktype = SOCK_STREAM;
444

445
	/* XXX: do this asynchronously if possible */
446
	r = getaddrinfo(req.host, req.port, &hints, &res0);
447
	if (r != 0) {
448
		log_warn(NULL, "getaddrinfo(\"%s\", \"%s\"): %s",
449
		    req.host, req.port, gai_strerror(r));
450
		goto err;
451
	}
452

453
	for (res = res0; res; res = res->ai_next) {
454
		sock = socket(res->ai_family, res->ai_socktype,
455
		    res->ai_protocol);
456
		if (sock == -1)
457
			continue;
458

459
		if (connect(sock, res->ai_addr, res->ai_addrlen) == -1) {
460
			close(sock);
461
			sock = -1;
462
			continue;
463
		}
464

465
		break;
466
	}
467

468
	freeaddrinfo(res0);
469

470
	if (sock == -1) {
471
		log_warn(NULL, "can't connect to %s:%s", req.host,
472
		    req.port);
473
		goto err;
474
	}
475

476
	imsg_compose(ibuf, IMSG_CONN_FD, imsg->hdr.peerid, 0, sock, NULL, 0);
477
	imsg_flush(ibuf);
478
	return;
479

480
err:
481
	imsg_compose(ibuf, IMSG_CONN_FD, imsg->hdr.peerid, 0, -1, NULL, 0);
482
	imsg_flush(ibuf);
483
}
484

485
static void
486
handle_imsg_quit(struct imsgbuf *ibuf, struct imsg *imsg, size_t datalen)
487
{
488
	int i;
489

490
	for (i = 0; i < conf.prefork; ++i) {
491
		imsg_compose(&servibuf[i], IMSG_QUIT, 0, 0, -1, NULL, 0);
492
		imsg_flush(&exibuf);
493
		close(servibuf[i].fd);
494
	}
495

496
	event_loopbreak();
497
}
498

499
static void
500
handle_dispatch_imsg(int fd, short ev, void *d)
501
{
502
	struct imsgbuf *ibuf = d;
503
	dispatch_imsg(ibuf, handlers, sizeof(handlers));
504
}
505

506
int
507
executor_main(struct imsgbuf *ibuf)
508
{
509
	struct event	 evs[PROC_MAX], imsgev;
510
	int		 i;
511

512
	event_init();
513

514
	if (ibuf != NULL) {
515
		event_set(&imsgev, ibuf->fd, EV_READ | EV_PERSIST,
516
		    handle_dispatch_imsg, ibuf);
517
		event_add(&imsgev, NULL);
518
	}
519

520
	for (i = 0; i < conf.prefork; ++i) {
521
		event_set(&evs[i], servibuf[i].fd, EV_READ | EV_PERSIST,
522
		    handle_dispatch_imsg, &servibuf[i]);
523
		event_add(&evs[i], NULL);
524
	}
525

526
	sandbox_executor_process();
527

528
	event_dispatch();
529

530
	return 1;
531
}