op public repos

Blob

Date:: Wed Oct 7 12:41:17 2020 UTC
Message:: rewrote the main loop to use poll We can handle up to MAX_USERS (64 by default) concurrently. Now, given that we don’t support CGI, it’s not a big deal. Gemini requests are small (up to 1024 bytes), and also the replies from the server are small (one line plus the document — if any), all over TLS obviously. (but even there, it’s lighter than HTTP because we don’t need to send the whole chain for the certificate — see TOFU). Given all the above, this doesn’t really improve the performance in the real world, but it’s nice to have. The main use case for this is to disallow slow clients to stop fast clients.
Actions:: History | Blame | Raw File
1 /*
2  * Copyright (c) 2020 Omar Polo <op@omarpolo.com>
3  *
4  * Permission to use, copy, modify, and distribute this software for any
5  * purpose with or without fee is hereby granted, provided that the above
6  * copyright notice and this permission notice appear in all copies.
7  *
8  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15  */
16 
17 #include <sys/socket.h>
18 #include <sys/stat.h>
19 
20 #include <netinet/in.h>
21 
22 #include <assert.h>
23 #include <err.h>
24 #include <errno.h>
25 #include <fcntl.h>
26 #include <poll.h>
27 #include <stdio.h>
28 #include <stdlib.h>
29 #include <string.h>
30 #include <tls.h>
31 #include <unistd.h>
32 
33 #ifndef __OpenBSD__
34 # define pledge(a, b) 0
35 # define unveil(a, b) 0
36 #endif /* __OpenBSD__ */
37 
38 #ifndef INFTIM
39 # define INFTIM -1
40 #endif /* INFTIM */
41 
42 #define GEMINI_URL_LEN (1024+3)	/* URL max len + \r\n + \0 */
43 
44 /* large enough to hold a copy of a gemini URL and still have extra room */
45 #define PATHBUF		2048
46 
47 #define FILEBUF		1024
48 
49 #define SUCCESS		20
50 #define NOT_FOUND	51
51 #define BAD_REQUEST	59
52 
53 #ifndef MAX_USERS
54 #define MAX_USERS	64
55 #endif
56 
57 enum {
58 	S_OPEN,
59 	S_INITIALIZING,
60 	S_SENDING,
61 	S_CLOSING,
62 };
63 
64 struct client {
65 	struct tls	*ctx;
66 	int		state;
67 	int		code;
68 	const char	*meta;
69 	int		fd;
70 };
71 
72 int dirfd;
73 
74 char		*url_after_proto(char*);
75 char		*url_start_of_request(char*);
76 int		 url_trim(char*);
77 void		 adjust_path(char*);
78 int		 path_isdir(char*);
79 
80 int		 start_reply(struct pollfd*, struct client*, int, const char*);
81 int		 isdir(int);
82 void		 send_file(char*, struct pollfd*, struct client*);
83 void		 send_dir(char*, struct pollfd*, struct client*);
84 void		 handle(struct pollfd*, struct client*);
85 
86 void		 mark_nonblock(int);
87 int		 make_soket(int);
88 void		 do_accept(int, struct tls*, struct pollfd*, struct client*);
89 void		 goodbye(struct pollfd*, struct client*);
90 void		 loop(struct tls*, int);
91 
92 void		 usage(const char*);
93 
94 char *
95 url_after_proto(char *url)
96 {
97 	char *s;
98 	const char *proto = "gemini";
99 	const char *marker = "://";
100 
101 	if ((s = strstr(url, marker)) == NULL)
102 		return url;
103 
104 	/* not a gemini:// URL */
105 
106 	if (s - strlen(proto) < url)
107 		return NULL;
108 	/* TODO: */
109 	/* if (strcmp(s - strlen(proto), proto)) */
110 	/* 	return NULL; */
111 
112 	/* a valid gemini:// URL */
113 	return s + strlen(marker);
114 }
115 
116 char *
117 url_start_of_request(char *url)
118 {
119 	char *s, *t;
120 
121 	if ((s = url_after_proto(url)) == NULL)
122 		return NULL;
123 
124 	if ((t = strstr(s, "/")) == NULL)
125 		return s + strlen(s);
126 	return t;
127 }
128 
129 int
130 url_trim(char *url)
131 {
132 	const char *e = "\r\n";
133 	char *s;
134 
135 	if ((s = strstr(url, e)) == NULL)
136 		return 0;
137 	s[0] = '\0';
138 	s[1] = '\0';
139 
140 	if (s[2] != '\0') {
141 		fprintf(stderr, "the request was longer than 1024 bytes\n");
142 		return 0;
143 	}
144 
145 	return 1;
146 }
147 
148 void
149 adjust_path(char *path)
150 {
151 	char *s;
152 	size_t len;
153 
154         /* /.. -> / */
155 	len = strlen(path);
156 	if (len >= 3) {
157 		if (!strcmp(&path[len-3], "/..")) {
158 			path[len-2] = '\0';
159 		}
160 	}
161 
162 	/* if the path is only `..` trim out and exit */
163 	if (!strcmp(path, "..")) {
164 		path[0] = '\0';
165 		return;
166 	}
167 
168 	/* remove every ../ in the path */
169 	while (1) {
170 		if ((s = strstr(path, "../")) == NULL)
171 			return;
172 		memmove(s, s+3, strlen(s)+1);	/* copy also the \0 */
173 	}
174 }
175 
176 int
177 path_isdir(char *path)
178 {
179 	if (*path == '\0')
180 		return 1;
181 	return path[strlen(path)-1] == '/';
182 }
183 
184 int
185 start_reply(struct pollfd *pfd, struct client *client, int code, const char *reason)
186 {
187 	char buf[1030] = {0}; 	/* status + ' ' + max reply len + \r\n\0 */
188 	int len;
189 	int ret;
190 
191 	client->code = code;
192 	client->meta = reason;
193 	client->state = S_INITIALIZING;
194 
195 	len = snprintf(buf, sizeof(buf), "%d %s\r\n", code, reason);
196 	assert(len < (int)sizeof(buf));
197 	ret = tls_write(client->ctx, buf, len);
198 	if (ret == TLS_WANT_POLLIN) {
199 		pfd->events = POLLIN;
200 		return 0;
201 	}
202 
203 	if (ret == TLS_WANT_POLLOUT) {
204 		pfd->events = POLLOUT;
205 		return 0;
206 	}
207 
208 	return 1;
209 }
210 
211 int
212 isdir(int fd)
213 {
214 	struct stat sb;
215 
216 	if (fstat(fd, &sb) == -1) {
217 		warn("fstat");
218 		return 1; 	/* we'll probably fail later on anyway */
219 	}
220 
221 	return S_ISDIR(sb.st_mode);
222 }
223 
224 void
225 send_file(char *path, struct pollfd *fds, struct client *client)
226 {
227 	char fpath[PATHBUF];
228 	char buf[FILEBUF];
229 	size_t i;
230 	ssize_t t, w;
231 
232 	if (client->fd == -1) {
233 		assert(path != NULL);
234 
235 		bzero(fpath, sizeof(fpath));
236 
237 		if (*path != '.')
238 			fpath[0] = '.';
239 		strlcat(fpath, path, PATHBUF);
240 
241 		if ((client->fd = openat(dirfd, fpath, O_RDONLY | O_NOFOLLOW)) == -1) {
242 			warn("open: %s", fpath);
243 			if (!start_reply(fds, client, NOT_FOUND, "not found"))
244 				return;
245 			goodbye(fds, client);
246 			return;
247 		}
248 
249 		if (isdir(client->fd)) {
250 			warnx("%s is a directory, trying %s/index.gmi", fpath, fpath);
251 			close(client->fd);
252 			client->fd = -1;
253 			send_dir(fpath, fds, client);
254 			return;
255 		}
256 
257 		/* assume it's a text/gemini file */
258 		if (!start_reply(fds, client, SUCCESS, "text/gemini"))
259 			return;
260 	}
261 
262 	while (1) {
263 		w = read(client->fd, buf, sizeof(buf));
264 		if (w == -1)
265 			warn("read");
266 		if (w == 0 || w == -1) {
267 			goodbye(fds, client);
268 			return;
269 		}
270 
271 		t = w;
272 		i = 0;
273 
274 		while (w > 0) {
275 			t = tls_write(client->ctx, buf+i, w);
276 			switch (t) {
277 			case -1:
278 				warnx("tls_write: %s", tls_error(client->ctx));
279 				goodbye(fds, client);
280 				return;
281 
282 			case TLS_WANT_POLLIN:
283 			case TLS_WANT_POLLOUT:
284 				fds->events = (t == TLS_WANT_POLLIN)
285 					? POLLIN
286 					: POLLOUT;
287 				return;
288 
289 			default:
290 				w -= t;
291 				i += t;
292 				break;
293 			}
294 		}
295 	}
296 }
297 
298 void
299 send_dir(char *path, struct pollfd *fds, struct client *client)
300 {
301 	char fpath[PATHBUF];
302 	size_t len;
303 
304 	bzero(fpath, PATHBUF);
305 
306 	if (*path != '.')
307 		fpath[0] = '.';
308 
309 	/* this cannot fail since sizeof(fpath) > maxlen of path */
310 	strlcat(fpath, path, PATHBUF);
311 	len = strlen(fpath);
312 
313 	/* add a trailing / in case. */
314 	if (fpath[len-1] != '/') {
315 		fpath[len] = '/';
316 	}
317 
318 	strlcat(fpath, "index.gmi", sizeof(fpath));
319 
320 	send_file(fpath, fds, client);
321 }
322 
323 void
324 handle(struct pollfd *fds, struct client *client)
325 {
326 	char buf[GEMINI_URL_LEN];
327 	char *path;
328 
329 	switch (client->state) {
330 	case S_OPEN:
331 		bzero(buf, GEMINI_URL_LEN);
332 		switch (tls_read(client->ctx, buf, sizeof(buf)-1)) {
333 		case -1:
334 			warnx("tls_read: %s", tls_error(client->ctx));
335 			goodbye(fds, client);
336 			return;
337 
338 		case TLS_WANT_POLLIN:
339 			fds->events = POLLIN;
340 			return;
341 
342 		case TLS_WANT_POLLOUT:
343 			fds->events = POLLOUT;
344 			return;
345 		}
346 
347 		if (!url_trim(buf)) {
348 			if (!start_reply(fds, client, BAD_REQUEST, "bad request"))
349 				return;
350 			goodbye(fds, client);
351 			return;
352 		}
353 
354 		if ((path = url_start_of_request(buf)) == NULL) {
355 			if (!start_reply(fds, client, BAD_REQUEST, "bad request"))
356 				return;
357 			goodbye(fds, client);
358 			return;
359 		}
360 
361 		adjust_path(path);
362 		fprintf(stderr, "requested path: %s\n", path);
363 
364 		if (path_isdir(path))
365 			send_dir(path, fds, client);
366 		else
367 			send_file(path, fds, client);
368 		break;
369 
370 	case S_INITIALIZING:
371 		if (!start_reply(fds, client, client->code, client->meta))
372 			return;
373 
374 		if (client->code != SUCCESS) {
375 			/* we don't need a body */
376 			goodbye(fds, client);
377 			return;
378 		}
379 
380 		client->state = S_SENDING;
381 
382 		/* fallthrough */
383 
384 	case S_SENDING:
385 		send_file(NULL, fds, client);
386 		break;
387 
388 	case S_CLOSING:
389 		goodbye(fds, client);
390 		break;
391 
392 	default:
393 		/* unreachable */
394 		abort();
395 	}
396 }
397 
398 void
399 mark_nonblock(int fd)
400 {
401 	int flags;
402 
403 	if ((flags = fcntl(fd, F_GETFL)) == -1)
404 		err(1, "fcntl(F_GETFL)");
405 	if (fcntl(fd, F_SETFL, flags | O_NONBLOCK) == -1)
406 		err(1, "fcntl(F_SETFL)");
407 }
408 
409 int
410 make_socket(int port)
411 {
412 	int sock, v;
413 	struct sockaddr_in addr;
414 
415 	if ((sock = socket(AF_INET, SOCK_STREAM, 0)) == -1)
416                 err(1, "socket");
417 
418 	v = 1;
419 	if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &v, sizeof(v)) == -1)
420 		err(1, "setsockopt(SO_REUSEADDR)");
421 
422 	v = 1;
423 	if (setsockopt(sock, SOL_SOCKET, SO_REUSEPORT, &v, sizeof(v)) == -1)
424 		err(1, "setsockopt(SO_REUSEPORT)");
425 
426 	mark_nonblock(sock);
427 
428 	bzero(&addr, sizeof(addr));
429 	addr.sin_family = AF_INET;
430 	addr.sin_port = htons(port);
431 	addr.sin_addr.s_addr = INADDR_ANY;
432 
433 	if (bind(sock, (struct sockaddr*)&addr, sizeof(addr)) == -1)
434                 err(1, "bind");
435 
436 	if (listen(sock, 16) == -1)
437                 err(1, "listen");
438 
439 	return sock;
440 }
441 
442 void
443 do_accept(int sock, struct tls *ctx, struct pollfd *fds, struct client *clients)
444 {
445 	int i, fd;
446 	struct sockaddr_in addr;
447 	socklen_t len;
448 
449 	len = sizeof(addr);
450 	if ((fd = accept(sock, (struct sockaddr*)&addr, &len)) == -1) {
451 		if (errno == EWOULDBLOCK)
452 			return;
453 		err(1, "accept");
454 	}
455 
456 	mark_nonblock(fd);
457 
458 	for (i = 0; i < MAX_USERS; ++i) {
459 		if (fds[i].fd == -1) {
460 			bzero(&clients[i], sizeof(struct client));
461 			if (tls_accept_socket(ctx, &clients[i].ctx, fd) == -1)
462 				break; /* goodbye fd! */
463 
464 			fds[i].fd = fd;
465 			fds[i].events = POLLIN;
466 
467 			clients[i].state = S_OPEN;
468 			clients[i].fd = -1;
469 
470 			return;
471 		}
472 	}
473 
474 	printf("too much clients. goodbye bro!\n");
475 	close(fd);
476 }
477 
478 void
479 goodbye(struct pollfd *pfd, struct client *c)
480 {
481 	ssize_t ret;
482 
483 	c->state = S_CLOSING;
484 
485 	ret = tls_close(c->ctx);
486 	if (ret == TLS_WANT_POLLIN) {
487 		pfd->events = POLLIN;
488 		return;
489 	}
490 	if (ret == TLS_WANT_POLLOUT) {
491 		pfd->events = POLLOUT;
492 		return;
493 	}
494 
495 	tls_free(c->ctx);
496 	c->ctx = NULL;
497 
498 	if (c->fd != -1)
499 		close(c->fd);
500 
501 	close(pfd->fd);
502 	pfd->fd = -1;
503 }
504 
505 void
506 loop(struct tls *ctx, int sock)
507 {
508 	int i, todo;
509 	struct client clients[MAX_USERS];
510 	struct pollfd fds[MAX_USERS];
511 
512 	for (i = 0; i < MAX_USERS; ++i) {
513 		fds[i].fd = -1;
514 		fds[i].events = POLLIN;
515 		bzero(&clients[i], sizeof(struct client));
516 	}
517 
518 	fds[0].fd = sock;
519 
520 	for (;;) {
521                 if ((todo = poll(fds, MAX_USERS, INFTIM)) == -1)
522 			err(1, "poll");
523 
524 		for (i = 0; i < MAX_USERS; i++) {
525 			assert(i < MAX_USERS);
526 
527 			if (fds[i].revents == 0)
528 				continue;
529 
530 			if (fds[i].revents & (POLLERR|POLLNVAL))
531 				err(1, "bad fd %d", fds[i].fd);
532 
533 			if (fds[i].revents & POLLHUP) {
534 				goodbye(&fds[i], &clients[i]);
535 				continue;
536 			}
537 
538 			todo--;
539 
540 			if (i == 0) { /* new client */
541 				do_accept(sock, ctx, fds, clients);
542 				continue;
543 			}
544 
545 			handle(&fds[i], &clients[i]);
546 
547 		}
548 	}
549 }
550 
551 void
552 usage(const char *me)
553 {
554 	fprintf(stderr,
555 	    "USAGE: %s [-h] [-c cert.pem] [-d docs] [-k key.pem]\n",
556 	    me);
557 }
558 
559 int
560 main(int argc, char **argv)
561 {
562 	const char *cert = "cert.pem", *key = "key.pem", *dir = "docs";
563 	struct tls *ctx = NULL;
564 	struct tls_config *conf;
565 	int sock, ch;
566 
567 	while ((ch = getopt(argc, argv, "c:d:hk:")) != -1) {
568 		switch (ch) {
569 		case 'c':
570 			cert = optarg;
571 			break;
572 
573 		case 'd':
574 			dir = optarg;
575 			break;
576 
577 		case 'h':
578 			usage(*argv);
579 			return 0;
580 
581 		case 'k':
582 			key = optarg;
583 			break;
584 
585 		default:
586 			usage(*argv);
587 			return 1;
588 		}
589 	}
590 
591 	if ((conf = tls_config_new()) == NULL)
592 		err(1, "tls_config_new");
593 
594 	if (tls_config_set_protocols(conf,
595 	    TLS_PROTOCOL_TLSv1_2 | TLS_PROTOCOL_TLSv1_3) == -1)
596 		err(1, "tls_config_set_protocols");
597 
598 	if (tls_config_set_cert_file(conf, cert) == -1)
599 		err(1, "tls_config_set_cert_file: %s", cert);
600 
601 	if (tls_config_set_key_file(conf, key) == -1)
602 		err(1, "tls_config_set_key_file: %s", key);
603 
604 	if ((ctx = tls_server()) == NULL)
605 		err(1, "tls_server");
606 
607 	if (tls_configure(ctx, conf) == -1)
608 		errx(1, "tls_configure: %s", tls_error(ctx));
609 
610 	sock = make_socket(1965);
611 
612 	if ((dirfd = open(dir, O_RDONLY | O_DIRECTORY)) == -1)
613 		err(1, "open: %s", dir);
614 
615 	if (unveil(dir, "r") == -1)
616 		err(1, "unveil");
617 
618 	if (pledge("stdio rpath inet", "") == -1)
619 		err(1, "pledge");
620 
621 	loop(ctx, sock);
622 
623 	close(sock);
624 	tls_free(ctx);
625 	tls_config_free(conf);
626 }