1 /*
2  * Copyright (c) 2021 Omar Polo <op@omarpolo.com>
3  *
4  * Permission to use, copy, modify, and distribute this software for any
5  * purpose with or without fee is hereby granted, provided that the above
6  * copyright notice and this permission notice appear in all copies.
7  *
8  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15  */
16 
17 /*
18  * TODO:
19  *  - move the various
20  *	imsg_compose(...);
21  *	imsg_flush(...);
22  *    to something more asynchronous
23  */
24 
25 #include <telescope.h>
26 
27 #include <sys/types.h>
28 #include <sys/socket.h>
29 
30 #include <netinet/in.h>
31 
32 #include <assert.h>
33 #include <ctype.h>
34 #include <errno.h>
35 #include <netdb.h>
36 #include <stdarg.h>
37 #include <stdio.h>
38 #include <stdlib.h>
39 #include <string.h>
40 #include <tls.h>
41 #include <unistd.h>
42 
43 #if HAVE_ASR_RUN
44 # include <asr.h>
45 #endif
46 
47 static struct event		 imsgev;
48 static struct tls_config	*tlsconf;
49 static struct imsgbuf		*ibuf;
50 
51 struct req;
52 
53 static void		 die(void) __attribute__((__noreturn__));
54 
55 #if HAVE_ASR_RUN
56 static void		 try_to_connect(int, short, void*);
57 static void		 query_done(struct asr_result*, void*);
58 static void		 async_conn_towards(struct req*);
59 #else
60 static char		*xasprintf(const char*, ...);
61 static int 		 blocking_conn_towards(struct url*, char**);
62 #endif
63 
64 static void		 close_with_err(struct req*, const char*);
65 static void		 close_with_errf(struct req*, const char*, ...) __attribute__((format(printf, 2, 3)));
66 static struct req	*req_by_id(uint32_t);
67 static struct req	*req_by_id_try(uint32_t);
68 
69 static void		 setup_tls(struct req*);
70 static void		 do_handshake(int, short, void*);
71 static void		 write_request(int, short, void*);
72 static void		 read_reply(int, short, void*);
73 static void		 parse_reply(struct req*);
74 static void		 copy_body(int, short, void*);
75 
76 static void		 handle_get(struct imsg*, size_t);
77 static void		 handle_cert_status(struct imsg*, size_t);
78 static void		 handle_proceed(struct imsg*, size_t);
79 static void		 handle_stop(struct imsg*, size_t);
80 static void		 handle_quit(struct imsg*, size_t);
81 static void		 handle_dispatch_imsg(int, short, void*);
82 
83 /* TODO: making this customizable */
84 struct timeval timeout_for_handshake = { 5, 0 };
85 
86 static imsg_handlerfn *handlers[] = {
87 	[IMSG_GET] = handle_get,
88 	[IMSG_CERT_STATUS] = handle_cert_status,
89 	[IMSG_PROCEED] = handle_proceed,
90 	[IMSG_STOP] = handle_stop,
91 	[IMSG_QUIT] = handle_quit,
92 };
93 
94 typedef void (*statefn)(int, short, void*);
95 
96 TAILQ_HEAD(, req) reqhead;
97 /* a pending request */
98 struct req {
99 	struct event		 ev;
100 	struct url		 url;
101 	uint32_t		 id;
102 	int			 fd;
103 	struct tls		*ctx;
104 	char			 buf[1024];
105 	size_t			 off;
106 
107 #if HAVE_ASR_RUN
108 	struct addrinfo		 hints, *servinfo, *p;
109 	struct event_asr	*asrev;
110 #endif
111 
112 	TAILQ_ENTRY(req)	 reqs;
113 };
114 
115 static inline void
116 yield_r(struct req *req, statefn fn, struct timeval *tv)
117 {
118 	event_once(req->fd, EV_READ, fn, req, tv);
119 }
120 
121 static inline void
122 yield_w(struct req *req, statefn fn, struct timeval *tv)
123 {
124 	event_once(req->fd, EV_WRITE, fn, req, tv);
125 }
126 
127 static inline void
128 advance_buf(struct req *req, size_t len)
129 {
130 	assert(len <= req->off);
131 
132 	req->off -= len;
133 	memmove(req->buf, req->buf + len, req->off);
134 }
135 
136 static void __attribute__((__noreturn__))
137 die(void)
138 {
139 	abort(); 		/* TODO */
140 }
141 
142 #if HAVE_ASR_RUN
143 static void
144 try_to_connect(int fd, short ev, void *d)
145 {
146 	struct req	*req = d;
147 	int		 error = 0;
148 	socklen_t	 len = sizeof(error);
149 
150 	if (req->p == NULL)
151 		goto err;
152 
153 	if (req->fd != -1) {
154 		if (getsockopt(req->fd, SOL_SOCKET, SO_ERROR, &error, &len) == -1)
155 			goto err;
156 		if (error != 0) {
157                         errno = error;
158                         goto err;
159 		}
160 		goto done;
161 	}
162 
163 	req->fd = socket(req->p->ai_family, req->p->ai_socktype, req->p->ai_protocol);
164 	if (req->fd == -1) {
165 		req->p = req->p->ai_next;
166 		try_to_connect(fd, ev, req);
167 	} else {
168 		mark_nonblock(req->fd);
169 		if (connect(req->fd, req->p->ai_addr, req->p->ai_addrlen) == 0)
170 			goto done;
171 		yield_w(req, try_to_connect, NULL);
172 	}
173 	return;
174 
175 err:
176 	freeaddrinfo(req->servinfo);
177 	close_with_errf(req, "failed to connect to %s",
178 	    req->url.host);
179 	return;
180 
181 done:
182 	freeaddrinfo(req->servinfo);
183 	setup_tls(req);
184 }
185 
186 static void
187 query_done(struct asr_result *res, void *d)
188 {
189 	struct req	*req = d;
190 
191 	req->asrev = NULL;
192 	if (res->ar_gai_errno != 0) {
193 		close_with_errf(req, "failed to resolve %s: %s",
194 		    req->url.host, gai_strerror(res->ar_gai_errno));
195 		return;
196 	}
197 
198 	req->fd = -1;
199 	req->servinfo = res->ar_addrinfo;
200 	req->p = res->ar_addrinfo;
201 	try_to_connect(0, 0, req);
202 }
203 
204 static void
205 async_conn_towards(struct req *req)
206 {
207 	struct asr_query	*q;
208 	const char		*proto = "1965";
209 
210 	if (*req->url.port != '\0')
211 		proto = req->url.port;
212 
213 	req->hints.ai_family = AF_UNSPEC;
214 	req->hints.ai_socktype = SOCK_STREAM;
215 	q = getaddrinfo_async(req->url.host, proto, &req->hints, NULL);
216 	req->asrev = event_asr_run(q, query_done, req);
217 }
218 #else
219 static char *
220 xasprintf(const char *fmt, ...)
221 {
222 	va_list ap;
223 	char *s;
224 
225 	va_start(ap, fmt);
226 	if (vasprintf(&s, fmt, ap) == -1)
227 		s = NULL;
228 	va_end(ap);
229 
230 	return s;
231 }
232 
233 static int
234 blocking_conn_towards(struct url *url, char **err)
235 {
236 	struct addrinfo	 hints, *servinfo, *p;
237 	int		 status, sock;
238 	const char	*proto = "1965";
239 
240 	*err = NULL;
241 
242 	if (*url->port != '\0')
243 		proto = url->port;
244 
245 	memset(&hints, 0, sizeof(hints));
246 	hints.ai_family = AF_UNSPEC;
247 	hints.ai_socktype = SOCK_STREAM;
248 
249 	if ((status = getaddrinfo(url->host, proto, &hints, &servinfo))) {
250 		*err = xasprintf("failed to resolve %s: %s",
251 		    url->host, gai_strerror(status));
252 		return -1;
253 	}
254 
255 	sock = -1;
256 	for (p = servinfo; p != NULL; p = p->ai_next) {
257 		if ((sock = socket(p->ai_family, p->ai_socktype, p->ai_protocol)) == -1)
258 			continue;
259 		if (connect(sock, p->ai_addr, p->ai_addrlen) != -1)
260 			break;
261 		close(sock);
262 	}
263 
264 	if (sock == -1)
265 		*err = xasprintf("couldn't connect to %s", url->host);
266 	else
267 		mark_nonblock(sock);
268 
269 	freeaddrinfo(servinfo);
270 	return sock;
271 }
272 #endif
273 
274 static struct req *
275 req_by_id(uint32_t id)
276 {
277 	struct req *r;
278 
279 	if ((r = req_by_id_try(id)) == NULL)
280 		die();
281 	return r;
282 }
283 
284 static struct req *
285 req_by_id_try(uint32_t id)
286 {
287 	struct req *r;
288 
289 	TAILQ_FOREACH(r, &reqhead, reqs) {
290 		if (r->id == id)
291 			return r;
292 	}
293 
294 	return NULL;
295 }
296 
297 static void
298 close_conn(int fd, short ev, void *d)
299 {
300 	struct req	*req = d;
301 
302 #if HAVE_ASR_RUN
303 	if (req->asrev != NULL)
304 		event_asr_abort(req->asrev);
305 #endif
306 
307 	if (req->ctx != NULL) {
308 		switch (tls_close(req->ctx)) {
309 		case TLS_WANT_POLLIN:
310 			yield_r(req, close_conn, NULL);
311 			return;
312 		case TLS_WANT_POLLOUT:
313 			yield_w(req, close_conn, NULL);
314 			return;
315 		}
316 
317 		tls_free(req->ctx);
318 	}
319 
320 	TAILQ_REMOVE(&reqhead, req, reqs);
321 	if (req->fd != -1)
322 		close(req->fd);
323 	free(req);
324 }
325 
326 static void
327 close_with_err(struct req *req, const char *err)
328 {
329 	imsg_compose(ibuf, IMSG_ERR, req->id, 0, -1, err, strlen(err)+1);
330 	imsg_flush(ibuf);
331 	close_conn(0, 0, req);
332 }
333 
334 static void
335 close_with_errf(struct req *req, const char *fmt, ...)
336 {
337 	va_list	 ap;
338 	char	*s;
339 
340 	va_start(ap, fmt);
341 	if (vasprintf(&s, fmt, ap) == -1)
342 		abort();
343 	va_end(ap);
344 
345 	close_with_err(req, s);
346 	free(s);
347 }
348 
349 static void
350 setup_tls(struct req *req)
351 {
352 	if ((req->ctx = tls_client()) == NULL) {
353 		close_with_errf(req, "tls_client: %s", strerror(errno));
354 		return;
355 	}
356 	if (tls_configure(req->ctx, tlsconf) == -1) {
357 		close_with_errf(req, "tls_configure: %s", tls_error(req->ctx));
358 		return;
359 	}
360 	if (tls_connect_socket(req->ctx, req->fd, req->url.host) == -1) {
361 		close_with_errf(req, "tls_connect_socket: %s", tls_error(req->ctx));
362 		return;
363 	}
364 	yield_w(req, do_handshake, &timeout_for_handshake);
365 }
366 
367 static void
368 do_handshake(int fd, short ev, void *d)
369 {
370 	struct req	*req = d;
371 	const char	*hash;
372 
373 	if (ev == EV_TIMEOUT) {
374 		close_with_err(req, "Timeout loading page");
375 		return;
376 	}
377 
378 	switch (tls_handshake(req->ctx)) {
379 	case TLS_WANT_POLLIN:
380 		yield_r(req, do_handshake, NULL);
381 		return;
382 	case TLS_WANT_POLLOUT:
383 		yield_w(req, do_handshake, NULL);
384 		return;
385 	}
386 
387 	hash = tls_peer_cert_hash(req->ctx);
388 	if (hash == NULL) {
389 		close_with_errf(req, "handshake failed: %s", tls_error(req->ctx));
390 		return;
391 	}
392 	imsg_compose(ibuf, IMSG_CHECK_CERT, req->id, 0, -1, hash, strlen(hash)+1);
393 	imsg_flush(ibuf);
394 }
395 
396 static void
397 write_request(int fd, short ev, void *d)
398 {
399 	struct req	*req = d;
400 	ssize_t		 r;
401 	size_t		 len;
402 	char		 buf[1024];
403 
404 	strlcpy(buf, "gemini://", sizeof(buf));
405 	strlcat(buf, req->url.host, sizeof(buf));
406 	strlcat(buf, "/", sizeof(buf));
407 	strlcat(buf, req->url.path, sizeof(buf));
408 
409 	if (req->url.query[0] != '\0') {
410 		strlcat(buf, "?", sizeof(buf));
411 		strlcat(buf, req->url.query, sizeof(buf));
412 	}
413 
414 	len = strlcat(buf, "\r\n", sizeof(buf));
415 
416 	assert(len <= sizeof(buf));
417 
418 	switch (r = tls_write(req->ctx, buf, len)) {
419 	case -1:
420 		close_with_errf(req, "tls_write: %s", tls_error(req->ctx));
421 		break;
422 	case TLS_WANT_POLLIN:
423 		yield_r(req, write_request, NULL);
424 		break;
425 	case TLS_WANT_POLLOUT:
426 		yield_w(req, write_request, NULL);
427 		break;
428 	default:
429 		/* assume r == len */
430 		(void)r;
431 		yield_r(req, read_reply, NULL);
432 		break;
433 	}
434 }
435 
436 static void
437 read_reply(int fd, short ev, void *d)
438 {
439 	struct req	*req = d;
440 	size_t		 len;
441 	ssize_t		 r;
442 	char		*buf;
443 
444 	buf = req->buf + req->off;
445 	len = sizeof(req->buf) - req->off;
446 
447 	switch (r = tls_read(req->ctx, buf, len)) {
448 	case -1:
449 		close_with_errf(req, "tls_read: %s", tls_error(req->ctx));
450 		break;
451 	case TLS_WANT_POLLIN:
452 		yield_r(req, read_reply, NULL);
453 		break;
454 	case TLS_WANT_POLLOUT:
455 		yield_w(req, read_reply, NULL);
456 		break;
457 	default:
458 		req->off += r;
459 
460 		if (memmem(req->buf, req->off, "\r\n", 2) != NULL)
461 			parse_reply(req);
462 		else if (req->off == sizeof(req->buf))
463 			close_with_err(req, "invalid response");
464 		else
465 			yield_r(req, read_reply, NULL);
466 		break;
467 	}
468 }
469 
470 static void
471 parse_reply(struct req *req)
472 {
473 	int	 code;
474 	char	*e;
475 	size_t	 len;
476 
477 	if (req->off < 4)
478 		goto err;
479 
480 	if (!isdigit(req->buf[0]) || !isdigit(req->buf[1]))
481 		goto err;
482 
483 	code = (req->buf[0] - '0')*10 + (req->buf[1] - '0');
484 
485 	if (!isspace(req->buf[2]))
486 		goto err;
487 
488 	advance_buf(req, 3);
489 	if ((e = memmem(req->buf, req->off, "\r\n", 2)) == NULL)
490 		goto err;
491 
492 	*e = '\0';
493 	e++;
494 	len = e - req->buf;
495 	imsg_compose(ibuf, IMSG_GOT_CODE, req->id, 0, -1, &code, sizeof(code));
496 	imsg_compose(ibuf, IMSG_GOT_META, req->id, 0, -1,
497 	    req->buf, len);
498 	imsg_flush(ibuf);
499 
500 	if (code != 20)
501 		close_conn(0, 0, req);
502 	else
503 		advance_buf(req, len+1); /* skip \n too */
504 
505 	return;
506 
507 err:
508 	close_with_err(req, "malformed request");
509 }
510 
511 static void
512 copy_body(int fd, short ev, void *d)
513 {
514 	struct req	*req = d;
515 	ssize_t		 r;
516 
517 	for (;;) {
518 		if (req->off != 0) {
519 			imsg_compose(ibuf, IMSG_BUF, req->id, 0, -1,
520 			    req->buf, req->off);
521 			imsg_flush(ibuf);
522 			req->off = 0;
523 		}
524 
525 		switch (r = tls_read(req->ctx, req->buf, sizeof(req->buf))) {
526 		case TLS_WANT_POLLIN:
527 			yield_r(req, copy_body, NULL);
528 			return;
529 		case TLS_WANT_POLLOUT:
530 			yield_w(req, copy_body, NULL);
531 			return;
532 		case 0:
533 			imsg_compose(ibuf, IMSG_EOF, req->id, 0, -1, NULL, 0);
534 			imsg_flush(ibuf);
535 			close_conn(0, 0, req);
536 			return;
537 		default:
538 			req->off = r;
539 		}
540 	}
541 }
542 
543 static void
544 handle_get(struct imsg *imsg, size_t datalen)
545 {
546 	struct req	*req;
547 	const char	*e;
548 	char		*data;
549 
550 	data = imsg->data;
551 
552 	if (data[datalen-1] != '\0')
553 		die();
554 
555 	if ((req = calloc(1, sizeof(*req))) == NULL)
556 		die();
557 
558 	req->id = imsg->hdr.peerid;
559 	TAILQ_INSERT_HEAD(&reqhead, req, reqs);
560 
561         if (!url_parse(imsg->data, &req->url, &e)) {
562 		close_with_err(req, e);
563 		return;
564 	}
565 
566 #if HAVE_ASR_RUN
567         async_conn_towards(req);
568 #else
569 	{
570 		char *err = NULL;
571 
572 		if ((req->fd = blocking_conn_towards(&req->url, &err)) == -1) {
573 			close_with_err(req, err);
574 			free(err);
575 			return;
576 		}
577 		setup_tls(req);
578 	}
579 #endif
580 }
581 
582 static void
583 handle_cert_status(struct imsg *imsg, size_t datalen)
584 {
585 	struct req	*req;
586 	int		 is_ok;
587 
588 	req = req_by_id(imsg->hdr.peerid);
589 
590 	if (datalen < sizeof(is_ok))
591 		die();
592 	memcpy(&is_ok, imsg->data, sizeof(is_ok));
593 
594 	if (is_ok)
595 		yield_w(req, write_request, NULL);
596 	else
597 		close_conn(0, 0, req);
598 }
599 
600 static void
601 handle_proceed(struct imsg *imsg, size_t datalen)
602 {
603 	yield_r(req_by_id(imsg->hdr.peerid),
604 	    copy_body, NULL);
605 }
606 
607 static void
608 handle_stop(struct imsg *imsg, size_t datalen)
609 {
610 	struct req	*req;
611 
612 	if ((req = req_by_id_try(imsg->hdr.peerid)) == NULL)
613 		return;
614 	close_conn(0, 0, req);
615 }
616 
617 static void
618 handle_quit(struct imsg *imsg, size_t datalen)
619 {
620 	event_loopbreak();
621 }
622 
623 static void
624 handle_dispatch_imsg(int fd, short ev, void *d)
625 {
626 	struct imsgbuf	*ibuf = d;
627 	dispatch_imsg(ibuf, handlers, sizeof(handlers));
628 }
629 
630 int
631 client_main(struct imsgbuf *b)
632 {
633 	ibuf = b;
634 
635 	TAILQ_INIT(&reqhead);
636 
637 	if ((tlsconf = tls_config_new()) == NULL)
638 		die();
639 	tls_config_insecure_noverifycert(tlsconf);
640 	tls_config_insecure_noverifyname(tlsconf);
641 
642 	event_init();
643 
644 	event_set(&imsgev, ibuf->fd, EV_READ | EV_PERSIST, handle_dispatch_imsg, ibuf);
645 	event_add(&imsgev, NULL);
646 
647 	sandbox_network_process();
648 
649 	event_dispatch();
650 	return 0;
651 }