Blob


1 /*
2 * Copyright (c) 2020, 2021, 2022, 2023 Omar Polo <op@omarpolo.com>
3 *
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
7 *
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 */
17 #ifndef GMID_H
18 #define GMID_H
20 #include "config.h"
22 #include <sys/socket.h>
23 #include <sys/types.h>
25 #include <arpa/inet.h>
26 #include <netinet/in.h>
28 #include <dirent.h>
29 #include <limits.h>
30 #include <netdb.h>
31 #include <signal.h>
32 #include <stdio.h>
33 #include <stdlib.h>
34 #include <time.h>
35 #include <tls.h>
36 #include <unistd.h>
38 #include <openssl/x509.h>
40 #if HAVE_EVENT2
41 # include <event2/event.h>
42 # include <event2/event_compat.h>
43 # include <event2/event_struct.h>
44 # include <event2/buffer.h>
45 # include <event2/buffer_compat.h>
46 # include <event2/bufferevent.h>
47 # include <event2/bufferevent_struct.h>
48 # include <event2/bufferevent_compat.h>
49 #else
50 # include <event.h>
51 #endif
53 #include "iri.h"
55 #define VERSION_STR(n) n " " VERSION
56 #define GEMEXP_STRING VERSION_STR("gemexp")
57 #define GG_STRING VERSION_STR("gg")
58 #define GMID_STRING VERSION_STR("gmid")
60 #define GMID_VERSION "gmid/" VERSION
62 #define GEMINI_URL_LEN (1024+3) /* URL max len + \r\n + \0 */
64 #define SUCCESS 20
65 #define TEMP_REDIRECT 30
66 #define TEMP_FAILURE 40
67 #define CGI_ERROR 42
68 #define PROXY_ERROR 43
69 #define NOT_FOUND 51
70 #define PROXY_REFUSED 53
71 #define BAD_REQUEST 59
72 #define CLIENT_CERT_REQ 60
73 #define CERT_NOT_AUTH 61
75 /* maximum hostname and label length, +1 for the NUL-terminator */
76 #define DOMAIN_NAME_LEN (253+1)
77 #define LABEL_LEN (63+1)
79 #define MEDIATYPE_NAMEMAX 128 /* file name extension */
80 #define MEDIATYPE_TYPEMAX 128 /* length of type/subtype */
82 #define FCGI_NAME_MAX 511
83 #define FCGI_VAL_MAX 511
85 #define PROC_MAX_INSTANCES 16
87 #define TLS_CERT_HASH_SIZE 128
89 /* forward declaration */
90 struct privsep;
91 struct privsep_proc;
93 enum log_format {
94 LOG_FORMAT_CONDENSED,
95 LOG_FORMAT_COMMON,
96 LOG_FORMAT_COMBINED,
97 LOG_FORMAT_LEGACY,
98 };
100 struct parser {
101 char *iri;
102 struct iri *parsed;
103 const char *err;
104 };
106 struct conf;
107 TAILQ_HEAD(addrhead, address);
108 struct address {
109 int ai_flags;
110 int ai_family;
111 int ai_socktype;
112 int ai_protocol;
113 struct sockaddr_storage ss;
114 socklen_t slen;
115 int16_t port;
116 int proxy;
118 /* pretty-printed version of `ss' */
119 char pp[NI_MAXHOST];
121 /* used in the server */
122 struct conf *conf;
123 int sock;
124 struct event evsock; /* set if sock != -1 */
125 struct tls *ctx;
127 TAILQ_ENTRY(address) addrs;
128 };
130 TAILQ_HEAD(fcgihead, fcgi);
131 struct fcgi {
132 int id;
133 char path[PATH_MAX];
134 char port[32];
135 TAILQ_ENTRY(fcgi) fcgi;
136 };
138 TAILQ_HEAD(envhead, envlist);
139 struct envlist {
140 char name[FCGI_NAME_MAX];
141 char value[FCGI_VAL_MAX];
142 TAILQ_ENTRY(envlist) envs;
143 };
145 TAILQ_HEAD(aliashead, alist);
146 struct alist {
147 char alias[HOST_NAME_MAX + 1];
148 TAILQ_ENTRY(alist) aliases;
149 };
151 TAILQ_HEAD(proxyhead, proxy);
152 struct proxy {
153 char match_proto[32];
154 char match_host[HOST_NAME_MAX + 1];
155 char match_port[32];
157 char host[HOST_NAME_MAX + 1];
158 char port[32];
159 char sni[HOST_NAME_MAX];
160 int notls;
161 uint32_t protocols;
162 int noverifyname;
163 char *cert_path;
164 uint8_t *cert;
165 size_t certlen;
166 char *key_path;
167 uint8_t *key;
168 size_t keylen;
169 char *reqca_path;
170 X509_STORE *reqca;
172 TAILQ_ENTRY(proxy) proxies;
173 };
175 TAILQ_HEAD(lochead, location);
176 struct location {
177 char match[128];
178 char lang[32];
179 char default_mime[MEDIATYPE_TYPEMAX];
180 char index[PATH_MAX];
181 int auto_index; /* 0 auto, -1 off, 1 on */
182 int block_code;
183 char block_fmt[GEMINI_URL_LEN];
184 int strip;
185 char *reqca_path;
186 X509_STORE *reqca;
187 int disable_log;
188 int fcgi;
189 int nofcgi;
190 int fcgi_strip;
191 struct envhead params;
193 char dir[PATH_MAX];
194 int dirfd;
196 TAILQ_ENTRY(location) locations;
197 };
199 TAILQ_HEAD(vhosthead, vhost);
200 struct vhost {
201 char domain[HOST_NAME_MAX + 1];
202 char *cert_path;
203 char *key_path;
204 char *ocsp_path;
206 uint8_t *cert;
207 size_t certlen;
209 uint8_t *key;
210 size_t keylen;
212 uint8_t *ocsp;
213 size_t ocsplen;
215 TAILQ_ENTRY(vhost) vhosts;
217 struct addrhead addrs;
219 /*
220 * the first location rule is always '*' and holds the default
221 * settings for the vhost, then follows the "real" location
222 * rules as specified in the configuration.
223 */
224 struct lochead locations;
226 struct aliashead aliases;
227 struct proxyhead proxies;
228 };
230 struct etm { /* extension to mime */
231 char mime[MEDIATYPE_TYPEMAX];
232 char ext[MEDIATYPE_NAMEMAX];
233 };
235 struct mime {
236 struct etm *t;
237 size_t len;
238 size_t cap;
239 };
241 TAILQ_HEAD(pkihead, pki);
242 struct pki {
243 char *hash;
244 EVP_PKEY *pkey;
245 TAILQ_ENTRY(pki) pkis;
246 };
248 struct conf {
249 struct privsep *ps;
250 uint32_t protos;
251 struct mime mime;
252 char chroot[PATH_MAX];
253 char user[LOGIN_NAME_MAX];
254 int prefork;
255 int reload;
256 int log_syslog;
257 int log_facility;
258 char *log_access;
259 enum log_format log_format;
260 int use_privsep_crypto;
261 int conftest;
263 struct fcgihead fcgi;
264 struct vhosthead hosts;
265 struct pkihead pkis;
266 struct addrhead addrs;
267 };
269 extern const char *config_path;
271 extern int servpipes[PROC_MAX_INSTANCES];
272 extern int privsep_process;
274 typedef void (imsg_handlerfn)(struct imsgbuf*, struct imsg*, size_t);
276 enum {
277 REQUEST_UNDECIDED,
278 REQUEST_FILE,
279 REQUEST_DIR,
280 REQUEST_FCGI,
281 REQUEST_PROXY,
282 REQUEST_DONE,
283 };
285 enum proto {
286 PROTO_V4,
287 PROTO_V6,
288 PROTO_UNKNOWN,
289 };
291 struct proxy_protocol_v1 {
292 enum proto proto;
293 union {
294 struct in_addr v4;
295 struct in6_addr v6;
296 } srcaddr, dstaddr;
297 uint16_t srcport, dstport;
298 };
300 #define BUFLAYER_MAX 108
302 struct buflayer {
303 char data[BUFLAYER_MAX];
304 size_t len;
305 size_t read_pos;
306 int has_tail;
307 };
309 struct client {
310 struct conf *conf;
311 struct address *addr;
312 int proxy_proto;
313 struct buflayer buf;
314 uint32_t id;
315 struct tls *ctx;
316 char *req;
317 size_t reqlen;
318 struct iri iri;
319 char domain[DOMAIN_NAME_LEN];
320 char rhost[NI_MAXHOST];
321 char rserv[NI_MAXSERV];
323 struct bufferevent *bev;
325 int type;
327 struct bufferevent *cgibev;
329 struct proxy *proxy;
330 struct bufferevent *proxybev;
331 struct tls *proxyctx;
332 int proxyevset;
333 struct event proxyev;
335 char *header;
337 int code;
338 const char *meta;
339 int fd, pfd;
340 struct dirent **dir;
341 int dirlen, diroff;
343 /* big enough to store STATUS + SPACE + META + CRLF */
344 char sbuf[1029];
345 size_t soff;
347 struct sockaddr_storage raddr;
348 socklen_t raddrlen;
350 struct vhost *host; /* host they're talking to */
351 size_t loc; /* location matched */
353 SPLAY_ENTRY(client) entry;
354 };
355 SPLAY_HEAD(client_tree_id, client);
356 extern struct client_tree_id clients;
358 struct connreq {
359 char host[NI_MAXHOST];
360 char port[NI_MAXSERV];
361 int flag;
362 };
364 enum imsg_type {
365 IMSG_LOG_REQUEST,
366 IMSG_LOG_ACCESS,
367 IMSG_LOG_SYSLOG,
368 IMSG_LOG_FACILITY,
370 IMSG_RECONF_START,
371 IMSG_RECONF_LOG_FMT,
372 IMSG_RECONF_MIME,
373 IMSG_RECONF_PROTOS,
374 IMSG_RECONF_SOCK,
375 IMSG_RECONF_FCGI,
376 IMSG_RECONF_HOST,
377 IMSG_RECONF_CERT,
378 IMSG_RECONF_KEY,
379 IMSG_RECONF_OCSP,
380 IMSG_RECONF_HOST_ADDR,
381 IMSG_RECONF_LOC,
382 IMSG_RECONF_ENV,
383 IMSG_RECONF_ALIAS,
384 IMSG_RECONF_PROXY,
385 IMSG_RECONF_PROXY_CERT,
386 IMSG_RECONF_PROXY_KEY,
387 IMSG_RECONF_END,
388 IMSG_RECONF_DONE,
390 IMSG_CRYPTO_RSA_PRIVENC,
391 IMSG_CRYPTO_RSA_PRIVDEC,
392 IMSG_CRYPTO_ECDSA_SIGN,
394 IMSG_CTL_PROCFD,
395 };
397 /* gmid.c / ge.c */
398 void log_request(struct client *, int, const char *);
400 /* config.c */
401 struct conf *config_new(void);
402 void config_purge(struct conf *);
403 int config_send(struct conf *);
404 int config_recv(struct conf *, struct imsg *);
405 int config_test(struct conf *);
407 /* crypto.c */
408 void crypto(struct privsep *, struct privsep_proc *);
409 void crypto_engine_init(struct conf *);
411 /* parse.y */
412 int parse_conf(struct conf *, const char*);
413 int cmdline_symset(char *);
415 /* mime.c */
416 void init_mime(struct mime*);
417 int add_mime(struct mime*, const char*, const char*);
418 int load_default_mime(struct mime*);
419 void sort_mime(struct mime *);
420 const char *mime(struct conf *, struct vhost*, const char*);
421 void free_mime(struct mime *);
423 /* server.c */
424 const char *vhost_lang(struct vhost*, const char*);
425 const char *vhost_default_mime(struct vhost*, const char*);
426 const char *vhost_index(struct vhost*, const char*);
427 int vhost_auto_index(struct vhost*, const char*);
428 int vhost_block_return(struct vhost*, const char*, int*, const char**);
429 struct location *vhost_fastcgi(struct vhost*, const char*);
430 int vhost_dirfd(struct vhost*, const char*, size_t*);
431 int vhost_strip(struct vhost*, const char*);
432 X509_STORE *vhost_require_ca(struct vhost*, const char*);
433 int vhost_disable_log(struct vhost*, const char*);
435 void mark_nonblock(int);
436 void client_write(struct bufferevent *, void *);
437 int start_reply(struct client*, int, const char*);
438 void client_close(struct client *);
439 void server_accept(int, short, void *);
440 void server_init(struct privsep *, struct privsep_proc *, void *);
441 int server_configure_done(struct conf *);
442 void server(struct privsep *ps, struct privsep_proc *);
444 int client_tree_cmp(struct client *, struct client *);
445 SPLAY_PROTOTYPE(client_tree_id, client, entry, client_tree_cmp);
447 /* dirs.c */
448 int scandir_fd(int, struct dirent***, int(*)(const struct dirent*),
449 int(*)(const struct dirent**, const struct dirent**));
450 int select_non_dot(const struct dirent*);
451 int select_non_dotdot(const struct dirent*);
453 /* fcgi.c */
454 void fcgi_read(struct bufferevent *, void *);
455 void fcgi_write(struct bufferevent *, void *);
456 void fcgi_error(struct bufferevent *, short, void *);
457 void fcgi_req(struct client *, struct location *);
459 /* sandbox.c */
460 void sandbox_main_process(void);
461 void sandbox_server_process(void);
462 void sandbox_crypto_process(void);
463 void sandbox_logger_process(void);
465 /* utf8.c */
466 int valid_multibyte_utf8(struct parser*);
467 char *utf8_nth(char*, size_t);
469 /* logger.c */
470 void logger(struct privsep *, struct privsep_proc *);
472 /* proxy.c */
473 int proxy_init(struct client *);
475 /* puny.c */
476 int puny_decode(const char*, char*, size_t, const char**);
478 /* utils.c */
479 const char *strip_path(const char *, int);
480 int ends_with(const char*, const char*);
481 char *absolutify_path(const char*);
482 char *xstrdup(const char*);
483 void *xcalloc(size_t, size_t);
484 void gencert(const char *, const char *, const char *, int);
485 X509_STORE *load_ca(uint8_t *, size_t);
486 int validate_against_ca(X509_STORE*, const uint8_t*, size_t);
487 void ssl_error(const char *);
488 char *ssl_pubkey_hash(const uint8_t *, size_t);
489 EVP_PKEY *ssl_load_pkey(const uint8_t *, size_t);
490 struct vhost *new_vhost(void);
491 struct location *new_location(void);
492 struct proxy *new_proxy(void);
494 /* proxy-proto.c */
495 int proxy_proto_v1_parse(struct proxy_protocol_v1 *, char *, size_t, size_t *);
496 int proxy_proto_v1_string(const struct proxy_protocol_v1 *, char*, size_t);
498 #endif