1 /*
2  * Copyright (c) 2020, 2021, 2022 Omar Polo <op@omarpolo.com>
3  *
4  * Permission to use, copy, modify, and distribute this software for any
5  * purpose with or without fee is hereby granted, provided that the above
6  * copyright notice and this permission notice appear in all copies.
7  *
8  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15  */
16 
17 #ifndef GMID_H
18 #define GMID_H
19 
20 #include "config.h"
21 
22 #include <sys/socket.h>
23 #include <sys/types.h>
24 
25 #include <arpa/inet.h>
26 #include <netinet/in.h>
27 
28 #include <dirent.h>
29 #include <limits.h>
30 #include <netdb.h>
31 #include <signal.h>
32 #include <stdio.h>
33 #include <stdlib.h>
34 #include <time.h>
35 #include <tls.h>
36 #include <unistd.h>
37 
38 #include <openssl/x509.h>
39 
40 #if HAVE_EVENT2
41 # include <event2/event.h>
42 # include <event2/event_compat.h>
43 # include <event2/event_struct.h>
44 # include <event2/buffer.h>
45 # include <event2/buffer_compat.h>
46 # include <event2/bufferevent.h>
47 # include <event2/bufferevent_struct.h>
48 # include <event2/bufferevent_compat.h>
49 #else
50 # include <event.h>
51 #endif
52 
53 #define GMID_STRING	"gmid " VERSION
54 #define GMID_VERSION	"gmid/" VERSION
55 
56 #define GEMINI_URL_LEN (1024+3)	/* URL max len + \r\n + \0 */
57 
58 #define SUCCESS		20
59 #define TEMP_REDIRECT	30
60 #define TEMP_FAILURE	40
61 #define CGI_ERROR	42
62 #define PROXY_ERROR	43
63 #define NOT_FOUND	51
64 #define PROXY_REFUSED	53
65 #define BAD_REQUEST	59
66 #define CLIENT_CERT_REQ	60
67 #define CERT_NOT_AUTH	61
68 
69 /* maximum hostname and label length, +1 for the NUL-terminator */
70 #define DOMAIN_NAME_LEN	(253+1)
71 #define LABEL_LEN	(63+1)
72 
73 #define FCGI_MAX	32
74 #define PROC_MAX	16
75 
76 struct iri {
77 	char		*schema;
78 	char		*host;
79 	char		*port;
80 	uint16_t	 port_no;
81 	char		*path;
82 	char		*query;
83 	char		*fragment;
84 };
85 
86 struct parser {
87 	char		*iri;
88 	struct iri	*parsed;
89 	const char	*err;
90 };
91 
92 struct fcgi {
93 	int		 id;
94 	char		*path;
95 	char		*port;
96 	char		*prog;
97 };
98 extern struct fcgi fcgi[FCGI_MAX];
99 
100 TAILQ_HEAD(proxyhead, proxy);
101 struct proxy {
102 	char		*match_proto;
103 	char		*match_host;
104 	const char	*match_port;
105 
106 	char		*host;
107 	const char	*port;
108 	char		*sni;
109 	int		 notls;
110 	uint32_t	 protocols;
111 	int		 noverifyname;
112 	uint8_t		*cert;
113 	size_t		 certlen;
114 	uint8_t		*key;
115 	size_t		 keylen;
116 	X509_STORE	*reqca;
117 
118 	TAILQ_ENTRY(proxy) proxies;
119 };
120 
121 TAILQ_HEAD(lochead, location);
122 struct location {
123 	const char	*match;
124 	const char	*lang;
125 	const char	*default_mime;
126 	const char	*index;
127 	int		 auto_index; /* 0 auto, -1 off, 1 on */
128 	int		 block_code;
129 	const char	*block_fmt;
130 	int		 strip;
131 	X509_STORE	*reqca;
132 	int		 disable_log;
133 	int		 fcgi;
134 
135 	const char	*dir;
136 	int		 dirfd;
137 
138 	TAILQ_ENTRY(location) locations;
139 };
140 
141 TAILQ_HEAD(envhead, envlist);
142 struct envlist {
143 	char		*name;
144 	char		*value;
145 	TAILQ_ENTRY(envlist) envs;
146 };
147 
148 TAILQ_HEAD(aliashead, alist);
149 struct alist {
150 	char		*alias;
151 	TAILQ_ENTRY(alist) aliases;
152 };
153 
154 extern TAILQ_HEAD(vhosthead, vhost) hosts;
155 struct vhost {
156 	const char	*domain;
157 	const char	*cert;
158 	const char	*key;
159 	const char	*ocsp;
160 	const char	*cgi;
161 	const char	*entrypoint;
162 
163 	TAILQ_ENTRY(vhost) vhosts;
164 
165 	/*
166 	 * the first location rule is always '*' and holds the default
167 	 * settings for the vhost, then follows the "real" location
168 	 * rules as specified in the configuration.
169 	 */
170 	struct lochead	 locations;
171 
172 	struct envhead	 env;
173 	struct envhead	 params;
174 	struct aliashead aliases;
175 	struct proxyhead proxies;
176 };
177 
178 struct etm {			/* extension to mime */
179 	char	*mime;
180 	char	*ext;
181 };
182 
183 struct mime {
184 	struct etm	*t;
185 	size_t		 len;
186 	size_t		 cap;
187 
188 	/*
189 	 * Backward compatibility: types override the built-in list,
190 	 * but the deprecated `mime' and `map' don't.  It's still too
191 	 * early to remove `mime' and `map' from the config parser.
192 	 */
193 	int		 skip_defaults;
194 };
195 
196 struct conf {
197 	/* from command line */
198 	int		 foreground;
199 	int		 verbose;
200 
201 	/* in the config */
202 	int		 port;
203 	int		 ipv6;
204 	uint32_t	 protos;
205 	struct mime	 mime;
206 	char		*chroot;
207 	char		*user;
208 	int		 prefork;
209 };
210 
211 extern const char *config_path;
212 extern struct conf conf;
213 
214 extern struct imsgbuf logibuf, exibuf, servibuf[PROC_MAX];
215 
216 extern int servpipes[PROC_MAX];
217 
218 typedef void (imsg_handlerfn)(struct imsgbuf*, struct imsg*, size_t);
219 
220 enum {
221 	REQUEST_UNDECIDED,
222 	REQUEST_FILE,
223 	REQUEST_DIR,
224 	REQUEST_CGI,
225 	REQUEST_FCGI,
226 	REQUEST_PROXY,
227 	REQUEST_DONE,
228 };
229 
230 #define IS_INTERNAL_REQUEST(x) \
231 	((x) != REQUEST_CGI && \
232 	 (x) != REQUEST_FCGI && \
233 	 (x) != REQUEST_PROXY)
234 
235 struct client {
236 	uint32_t	 id;
237 	struct tls	*ctx;
238 	char		*req;
239 	size_t		 reqlen;
240 	struct iri	 iri;
241 	char		 domain[DOMAIN_NAME_LEN];
242 
243 	struct bufferevent *bev;
244 
245 	int		 type;
246 
247 	struct bufferevent *cgibev;
248 
249 	struct proxy	*proxy;
250 	struct bufferevent *proxybev;
251 	struct tls	*proxyctx;
252 	int		 proxyevset;
253 	struct event	 proxyev;
254 
255 	char		*header;
256 
257 	int		 code;
258 	const char	*meta;
259 	int		 fd, pfd;
260 	struct dirent	**dir;
261 	int		 dirlen, diroff;
262 
263 	/* big enough to store STATUS + SPACE + META + CRLF */
264 	char		 sbuf[1029];
265 	ssize_t		 len, off;
266 
267 	struct sockaddr_storage	 addr;
268 	struct vhost	*host;	/* host they're talking to */
269 	size_t		 loc;	/* location matched */
270 
271 	SPLAY_ENTRY(client) entry;
272 };
273 SPLAY_HEAD(client_tree_id, client);
274 extern struct client_tree_id clients;
275 
276 struct cgireq {
277 	char		buf[GEMINI_URL_LEN];
278 
279 	size_t		iri_schema_off;
280 	size_t		iri_host_off;
281 	size_t		iri_port_off;
282 	size_t		iri_path_off;
283 	size_t		iri_query_off;
284 	size_t		iri_fragment_off;
285 	int		iri_portno;
286 
287 	char		spath[PATH_MAX+1];
288 	char		relpath[PATH_MAX+1];
289 	char		addr[NI_MAXHOST+1];
290 
291 	/* AFAIK there isn't an upper limit for these two fields. */
292 	char		subject[64+1];
293 	char		issuer[64+1];
294 
295 	char		hash[128+1];
296 	char		version[8];
297 	char		cipher[32];
298 	int		cipher_strength;
299 	time_t		notbefore;
300 	time_t		notafter;
301 
302 	size_t		host_off;
303 	size_t		loc_off;
304 };
305 
306 struct connreq {
307 	char	host[NI_MAXHOST];
308 	char	port[NI_MAXSERV];
309 	int	flag;
310 };
311 
312 enum {
313 	FILE_EXISTS,
314 	FILE_EXECUTABLE,
315 	FILE_DIRECTORY,
316 	FILE_MISSING,
317 };
318 
319 enum imsg_type {
320 	IMSG_CGI_REQ,
321 	IMSG_CGI_RES,
322 	IMSG_FCGI_REQ,
323 	IMSG_FCGI_FD,
324 	IMSG_CONN_REQ,
325 	IMSG_CONN_FD,
326 	IMSG_LOG,
327 	IMSG_LOG_REQUEST,
328 	IMSG_LOG_TYPE,
329 	IMSG_QUIT,
330 };
331 
332 /* gmid.c */
333 char		*data_dir(void);
334 void		 load_local_cert(const char*, const char*);
335 void		 load_vhosts(void);
336 int		 make_socket(int, int);
337 void		 setup_tls(void);
338 void		 init_config(void);
339 void		 free_config(void);
340 void		 drop_priv(void);
341 
342 void		 yyerror(const char*, ...);
343 void		 parse_conf(const char*);
344 void		 print_conf(void);
345 int		 cmdline_symset(char *);
346 
347 /* log.c */
348 void		 fatal(const char*, ...)
349 	__attribute__((format (printf, 1, 2)))
350 	__attribute__((__noreturn__));
351 
352 #define LOG_ATTR_FMT __attribute__((format (printf, 2, 3)))
353 void		 log_err(struct client*, const char*, ...)	LOG_ATTR_FMT;
354 void		 log_warn(struct client*, const char*, ...)	LOG_ATTR_FMT;
355 void		 log_notice(struct client*, const char*, ...)	LOG_ATTR_FMT;
356 void		 log_info(struct client*, const char*, ...)	LOG_ATTR_FMT;
357 void		 log_debug(struct client*, const char*, ...)	LOG_ATTR_FMT;
358 void		 log_request(struct client*, char*, size_t);
359 int		 logger_main(int, struct imsgbuf*);
360 
361 /* mime.c */
362 void		 init_mime(struct mime*);
363 int		 add_mime(struct mime*, const char*, const char*);
364 int		 load_default_mime(struct mime*);
365 const char	*mime(struct vhost*, const char*);
366 void		 free_mime(struct mime *);
367 
368 /* server.c */
369 extern int	shutting_down;
370 const char	*vhost_lang(struct vhost*, const char*);
371 const char	*vhost_default_mime(struct vhost*, const char*);
372 const char	*vhost_index(struct vhost*, const char*);
373 int		 vhost_auto_index(struct vhost*, const char*);
374 int		 vhost_block_return(struct vhost*, const char*, int*, const char**);
375 int		 vhost_fastcgi(struct vhost*, const char*);
376 int		 vhost_dirfd(struct vhost*, const char*, size_t*);
377 int		 vhost_strip(struct vhost*, const char*);
378 X509_STORE	*vhost_require_ca(struct vhost*, const char*);
379 int		 vhost_disable_log(struct vhost*, const char*);
380 
381 void		 mark_nonblock(int);
382 void		 client_write(struct bufferevent *, void *);
383 void		 start_reply(struct client*, int, const char*);
384 void		 client_close(struct client *);
385 struct client	*client_by_id(int);
386 void		 loop(struct tls*, int, int, struct imsgbuf*);
387 
388 int		 client_tree_cmp(struct client *, struct client *);
389 SPLAY_PROTOTYPE(client_tree_id, client, entry, client_tree_cmp);
390 
391 /* dirs.c */
392 int		 scandir_fd(int, struct dirent***, int(*)(const struct dirent*),
393 		    int(*)(const struct dirent**, const struct dirent**));
394 int		 select_non_dot(const struct dirent*);
395 int		 select_non_dotdot(const struct dirent*);
396 
397 /* ex.c */
398 int		 send_string(int, const char*);
399 int		 recv_string(int, char**);
400 int		 send_iri(int, struct iri*);
401 int		 recv_iri(int, struct iri*);
402 void		 free_recvd_iri(struct iri*);
403 int		 send_vhost(int, struct vhost*);
404 int		 recv_vhost(int, struct vhost**);
405 int		 send_time(int, time_t);
406 int		 recv_time(int, time_t*);
407 int		 send_fd(int, int);
408 int		 recv_fd(int);
409 int		 executor_main(struct imsgbuf*);
410 
411 /* fcgi.c */
412 void		 fcgi_read(struct bufferevent *, void *);
413 void		 fcgi_write(struct bufferevent *, void *);
414 void		 fcgi_error(struct bufferevent *, short, void *);
415 void		 fcgi_req(struct client *);
416 
417 /* sandbox.c */
418 void		 sandbox_server_process(void);
419 void		 sandbox_executor_process(void);
420 void		 sandbox_logger_process(void);
421 
422 /* utf8.c */
423 int		 valid_multibyte_utf8(struct parser*);
424 char		*utf8_nth(char*, size_t);
425 
426 /* iri.c */
427 int		 parse_iri(char*, struct iri*, const char**);
428 int		 serialize_iri(struct iri*, char*, size_t);
429 char		*pct_decode_str(char *);
430 
431 /* proxy.c */
432 int		 proxy_init(struct client *);
433 
434 /* puny.c */
435 int		 puny_decode(const char*, char*, size_t, const char**);
436 
437 /* utils.c */
438 void		 block_signals(void);
439 void		 unblock_signals(void);
440 int		 starts_with(const char*, const char*);
441 int		 ends_with(const char*, const char*);
442 ssize_t		 filesize(int);
443 char		*absolutify_path(const char*);
444 char		*xstrdup(const char*);
445 void		*xcalloc(size_t, size_t);
446 void		 gen_certificate(const char*, const char*, const char*);
447 X509_STORE	*load_ca(const char*);
448 int		 validate_against_ca(X509_STORE*, const uint8_t*, size_t);
449 void		 dispatch_imsg(struct imsgbuf*, imsg_handlerfn**, size_t);
450 
451 #endif