1 /*
2  * Copyright (c) 2020 Omar Polo <op@omarpolo.com>
3  *
4  * Permission to use, copy, modify, and distribute this software for any
5  * purpose with or without fee is hereby granted, provided that the above
6  * copyright notice and this permission notice appear in all copies.
7  *
8  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15  */
16 
17 #ifndef GMID_H
18 #define GMID_H
19 
20 #include "config.h"
21 
22 #include <sys/socket.h>
23 #include <sys/types.h>
24 
25 #include <arpa/inet.h>
26 #include <netinet/in.h>
27 
28 #include <dirent.h>
29 #include <event.h>
30 #include <limits.h>
31 #include <netdb.h>
32 #include <signal.h>
33 #include <stdio.h>
34 #include <stdlib.h>
35 #include <time.h>
36 #include <tls.h>
37 #include <unistd.h>
38 
39 #include <openssl/x509.h>
40 
41 #define GMID_STRING	"gmid 1.7"
42 #define GMID_VERSION	"gmid/1.7"
43 
44 #define GEMINI_URL_LEN (1024+3)	/* URL max len + \r\n + \0 */
45 
46 #define SUCCESS		20
47 #define TEMP_REDIRECT	30
48 #define TEMP_FAILURE	40
49 #define CGI_ERROR	42
50 #define NOT_FOUND	51
51 #define PROXY_REFUSED	53
52 #define BAD_REQUEST	59
53 #define CLIENT_CERT_REQ	60
54 #define CERT_NOT_AUTH	61
55 
56 #define MAX_USERS	64
57 
58 /* maximum hostname and label length, +1 for the NUL-terminator */
59 #define DOMAIN_NAME_LEN	(253+1)
60 #define LABEL_LEN	(63+1)
61 
62 #define FCGI_MAX	32
63 #define PROC_MAX	16
64 
65 struct fcgi {
66 	int		 id;
67 	char		*path;
68 	char		*port;
69 	char		*prog;
70 	int		 fd;
71 	struct event	 e;
72 
73 #define FCGI_OFF	0
74 #define FCGI_INFLIGHT	1
75 #define FCGI_READY	2
76 	int		 s;
77 };
78 extern struct fcgi fcgi[FCGI_MAX];
79 
80 TAILQ_HEAD(lochead, location);
81 struct location {
82 	const char	*match;
83 	const char	*lang;
84 	const char	*default_mime;
85 	const char	*index;
86 	int		 auto_index; /* 0 auto, -1 off, 1 on */
87 	int		 block_code;
88 	const char	*block_fmt;
89 	int		 strip;
90 	X509_STORE	*reqca;
91 	int		 disable_log;
92 	int		 fcgi;
93 
94 	const char	*dir;
95 	int		 dirfd;
96 
97 	TAILQ_ENTRY(location) locations;
98 };
99 
100 TAILQ_HEAD(envhead, envlist);
101 struct envlist {
102 	char		*name;
103 	char		*value;
104 	TAILQ_ENTRY(envlist) envs;
105 };
106 
107 TAILQ_HEAD(aliashead, alist);
108 struct alist {
109 	char		*alias;
110 	TAILQ_ENTRY(alist) aliases;
111 };
112 
113 extern TAILQ_HEAD(vhosthead, vhost) hosts;
114 struct vhost {
115 	const char	*domain;
116 	const char	*cert;
117 	const char	*key;
118 	const char	*cgi;
119 	const char	*entrypoint;
120 
121 	TAILQ_ENTRY(vhost) vhosts;
122 
123 	/* the first location rule is always '*' and holds the default
124 	 * settings for the vhost, then follows the "real" location
125 	 * rules as specified in the configuration. */
126 	struct lochead	 locations;
127 
128 	struct envhead	 env;
129 	struct envhead	 params;
130 	struct aliashead aliases;
131 };
132 
133 struct etm {			/* extension to mime */
134 	const char	*mime;
135 	const char	*ext;
136 };
137 
138 struct mime {
139 	struct etm	*t;
140 	size_t		len;
141 	size_t		cap;
142 };
143 
144 struct conf {
145 	/* from command line */
146 	int		 foreground;
147 	int		 verbose;
148 
149 	/* in the config */
150 	int		 port;
151 	int		 ipv6;
152 	uint32_t	 protos;
153 	struct mime	 mime;
154 	char		*chroot;
155 	char		*user;
156 	int		 prefork;
157 };
158 
159 extern const char *config_path;
160 extern struct conf conf;
161 
162 extern struct imsgbuf logibuf, exibuf, servibuf[PROC_MAX];
163 
164 extern int servpipes[PROC_MAX];
165 
166 struct iri {
167 	char		*schema;
168 	char		*host;
169 	char		*port;
170 	uint16_t	 port_no;
171 	char		*path;
172 	char		*query;
173 	char		*fragment;
174 };
175 
176 struct parser {
177 	char		*iri;
178 	struct iri	*parsed;
179 	const char	*err;
180 };
181 
182 struct mbuf {
183 	size_t			len;
184 	size_t			off;
185 	TAILQ_ENTRY(mbuf)	mbufs;
186 	char			data[];
187 };
188 TAILQ_HEAD(mbufhead, mbuf);
189 
190 typedef void (imsg_handlerfn)(struct imsgbuf*, struct imsg*, size_t);
191 
192 typedef void (*statefn)(int, short, void*);
193 
194 /*
195  * DFA: handle_handshake is the initial state, close_conn the final.
196  * Sometimes we have an enter_* function to handle the state switch.
197  *
198  * handle_handshake -> handle_open_conn
199  * handle_handshake -> close_conn		// on err
200  *
201  * handle_open_conn -> handle_cgi_reply		// via open_file/dir/...
202  * handle_open_conn -> send_fcgi_req		// via apply_fastcgi, IMSG_FCGI_FD
203  * handle_open_conn -> handle_dirlist		// ...same
204  * handle_open_conn -> send_file		// ...same
205  * handle_open_conn -> start_reply		// on error
206  *
207  * handle_cgi_reply -> handle_cgi	// after logging the CGI reply
208  * handle_cgi_reply -> start_reply	// on error
209  *
210  * handle_cgi -> close_conn
211  *
212  * send_fcgi_req -> copy_mbuf		// via handle_fcgi
213  * handle_fcgi -> close_all		// on error
214  * copy_mbuf -> close_conn		// on success/error
215  *
216  * handle_dirlist -> send_directory_listing
217  * handle_dirlist -> close_conn			// on error
218  *
219  * send_directory_listing -> close_conn
220  *
221  * send_file -> close_conn
222  */
223 struct client {
224 	int		 id;
225 	struct tls	*ctx;
226 	char		 req[GEMINI_URL_LEN];
227 	struct iri	 iri;
228 	char		 domain[DOMAIN_NAME_LEN];
229 
230 	/*
231 	 * start_reply uses this to know what function call after the
232 	 * reply.  It's also used as sentinel value in fastcgi to know
233 	 * if the server has closed the request.
234 	 */
235 	statefn		 next;
236 
237 	int		 code;
238 	const char	*meta;
239 	int		 fd, pfd;
240 	struct dirent	**dir;
241 	int		 dirlen, diroff;
242 	int		 fcgi;
243 
244 	/* big enough to store STATUS + SPACE + META + CRLF */
245 	char		 sbuf[1029];
246 	ssize_t		 len, off;
247 
248 	struct mbufhead	 mbufhead;
249 
250 	struct sockaddr_storage	 addr;
251 	struct vhost	*host;	/* host they're talking to */
252 	size_t		 loc;	/* location matched */
253 };
254 
255 extern struct client clients[MAX_USERS];
256 
257 struct cgireq {
258 	char		buf[GEMINI_URL_LEN];
259 
260 	size_t		iri_schema_off;
261 	size_t		iri_host_off;
262 	size_t		iri_port_off;
263 	size_t		iri_path_off;
264 	size_t		iri_query_off;
265 	size_t		iri_fragment_off;
266 	int		iri_portno;
267 
268 	char		spath[PATH_MAX+1];
269 	char		relpath[PATH_MAX+1];
270 	char		addr[NI_MAXHOST+1];
271 
272 	/* AFAIK there isn't an upper limit for these two fields. */
273 	char		subject[64+1];
274 	char		issuer[64+1];
275 
276 	char		hash[128+1];
277 	char		version[8];
278 	char		cipher[32];
279 	int		cipher_strength;
280 	time_t		notbefore;
281 	time_t		notafter;
282 
283 	size_t		host_off;
284 	size_t		loc_off;
285 };
286 
287 enum {
288 	FILE_EXISTS,
289 	FILE_EXECUTABLE,
290 	FILE_DIRECTORY,
291 	FILE_MISSING,
292 };
293 
294 enum imsg_type {
295 	IMSG_CGI_REQ,
296 	IMSG_CGI_RES,
297 	IMSG_FCGI_REQ,
298 	IMSG_FCGI_FD,
299 	IMSG_LOG,
300 	IMSG_LOG_TYPE,
301 	IMSG_QUIT,
302 };
303 
304 /* gmid.c */
305 char		*data_dir(void);
306 void		 load_local_cert(const char*, const char*);
307 void		 load_vhosts(void);
308 int		 make_socket(int, int);
309 void		 setup_tls(void);
310 void		 init_config(void);
311 void		 free_config(void);
312 void		 drop_priv(void);
313 
314 void		 yyerror(const char*, ...);
315 int		 parse_portno(const char*);
316 void		 parse_conf(const char*);
317 int		 cmdline_symset(char *);
318 
319 /* log.c */
320 void		 fatal(const char*, ...)
321 	__attribute__((format (printf, 1, 2)))
322 	__attribute__((__noreturn__));
323 
324 #define LOG_ATTR_FMT __attribute__((format (printf, 2, 3)))
325 void		 log_err(struct client*, const char*, ...)	LOG_ATTR_FMT;
326 void		 log_warn(struct client*, const char*, ...)	LOG_ATTR_FMT;
327 void		 log_notice(struct client*, const char*, ...)	LOG_ATTR_FMT;
328 void		 log_info(struct client*, const char*, ...)	LOG_ATTR_FMT;
329 void		 log_debug(struct client*, const char*, ...)	LOG_ATTR_FMT;
330 void		 log_request(struct client*, char*, size_t);
331 int		 logger_main(int, struct imsgbuf*);
332 
333 /* mime.c */
334 void		 init_mime(struct mime*);
335 void		 add_mime(struct mime*, const char*, const char*);
336 void		 load_default_mime(struct mime*);
337 const char	*mime(struct vhost*, const char*);
338 
339 /* server.c */
340 const char	*vhost_lang(struct vhost*, const char*);
341 const char	*vhost_default_mime(struct vhost*, const char*);
342 const char	*vhost_index(struct vhost*, const char*);
343 int		 vhost_auto_index(struct vhost*, const char*);
344 int		 vhost_block_return(struct vhost*, const char*, int*, const char**);
345 int		 vhost_fastcgi(struct vhost*, const char*);
346 int		 vhost_dirfd(struct vhost*, const char*, size_t*);
347 int		 vhost_strip(struct vhost*, const char*);
348 X509_STORE	*vhost_require_ca(struct vhost*, const char*);
349 int		 vhost_disable_log(struct vhost*, const char*);
350 
351 void		 mark_nonblock(int);
352 void		 start_reply(struct client*, int, const char*);
353 void		 close_conn(int, short, void*);
354 struct client	*try_client_by_id(int);
355 void		 loop(struct tls*, int, int, struct imsgbuf*);
356 
357 /* dirs.c */
358 int		 scandir_fd(int, struct dirent***, int(*)(const struct dirent*),
359 		    int(*)(const struct dirent**, const struct dirent**));
360 int		 select_non_dot(const struct dirent*);
361 int		 select_non_dotdot(const struct dirent*);
362 
363 /* ex.c */
364 int		 send_string(int, const char*);
365 int		 recv_string(int, char**);
366 int		 send_iri(int, struct iri*);
367 int		 recv_iri(int, struct iri*);
368 void		 free_recvd_iri(struct iri*);
369 int		 send_vhost(int, struct vhost*);
370 int		 recv_vhost(int, struct vhost**);
371 int		 send_time(int, time_t);
372 int		 recv_time(int, time_t*);
373 int		 send_fd(int, int);
374 int		 recv_fd(int);
375 int		 executor_main(struct imsgbuf*);
376 
377 /* fcgi.c */
378 void		 handle_fcgi(int, short, void*);
379 void		 send_fcgi_req(struct fcgi*, struct client*);
380 
381 /* sandbox.c */
382 void		 sandbox_server_process(void);
383 void		 sandbox_executor_process(void);
384 void		 sandbox_logger_process(void);
385 
386 /* utf8.c */
387 int		 valid_multibyte_utf8(struct parser*);
388 char		*utf8_nth(char*, size_t);
389 
390 /* iri.c */
391 int		 parse_iri(char*, struct iri*, const char**);
392 int		 trim_req_iri(char*, const char **);
393 int		 serialize_iri(struct iri*, char*, size_t);
394 char		*pct_decode_str(char *);
395 
396 /* puny.c */
397 int		 puny_decode(const char*, char*, size_t, const char**);
398 
399 /* utils.c */
400 void		 block_signals(void);
401 void		 unblock_signals(void);
402 int		 starts_with(const char*, const char*);
403 int		 ends_with(const char*, const char*);
404 ssize_t		 filesize(int);
405 char		*absolutify_path(const char*);
406 char		*xstrdup(const char*);
407 void		*xcalloc(size_t, size_t);
408 void		 gen_certificate(const char*, const char*, const char*);
409 X509_STORE	*load_ca(const char*);
410 int		 validate_against_ca(X509_STORE*, const uint8_t*, size_t);
411 void		 dispatch_imsg(struct imsgbuf*, imsg_handlerfn**, size_t);
412 
413 #endif