2 * Copyright (c) 2023 Omar Polo <op@omarpolo.com>
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
26 #include <openssl/pem.h>
36 conf = xcalloc(1, sizeof(*conf));
38 TAILQ_INIT(&conf->fcgi);
39 TAILQ_INIT(&conf->hosts);
40 TAILQ_INIT(&conf->pkis);
41 TAILQ_INIT(&conf->addrs);
43 conf->protos = TLS_PROTOCOL_TLSv1_2 | TLS_PROTOCOL_TLSv1_3;
45 init_mime(&conf->mime);
49 conf->log_facility = LOG_DAEMON;
50 conf->log_format = LOG_FORMAT_LEGACY;
53 conf->use_privsep_crypto = 1;
60 config_purge(struct conf *conf)
65 struct location *l, *tl;
67 struct envlist *e, *te;
69 struct pki *pki, *tpki;
70 struct address *addr, *taddr;
71 int use_privsep_crypto, log_format;
74 use_privsep_crypto = conf->use_privsep_crypto;
75 log_format = conf->log_format;
77 free(conf->log_access);
78 free_mime(&conf->mime);
79 TAILQ_FOREACH_SAFE(f, &conf->fcgi, fcgi, tf) {
80 TAILQ_REMOVE(&conf->fcgi, f, fcgi);
84 TAILQ_FOREACH_SAFE(h, &conf->hosts, vhosts, th) {
92 TAILQ_FOREACH_SAFE(addr, &h->addrs, addrs, taddr) {
93 TAILQ_REMOVE(&h->addrs, addr, addrs);
97 TAILQ_FOREACH_SAFE(l, &h->locations, locations, tl) {
98 TAILQ_REMOVE(&h->locations, l, locations);
104 X509_STORE_free(l->reqca);
106 TAILQ_FOREACH_SAFE(e, &l->params, envs, te) {
107 TAILQ_REMOVE(&l->params, e, envs);
114 TAILQ_FOREACH_SAFE(a, &h->aliases, aliases, ta) {
115 TAILQ_REMOVE(&h->aliases, a, aliases);
119 TAILQ_FOREACH_SAFE(p, &h->proxies, proxies, tp) {
120 TAILQ_REMOVE(&h->proxies, p, proxies);
126 X509_STORE_free(p->reqca);
130 TAILQ_REMOVE(&conf->hosts, h, vhosts);
134 TAILQ_FOREACH_SAFE(pki, &conf->pkis, pkis, tpki) {
135 TAILQ_REMOVE(&conf->pkis, pki, pkis);
137 EVP_PKEY_free(pki->pkey);
141 TAILQ_FOREACH_SAFE(addr, &conf->addrs, addrs, taddr) {
142 TAILQ_REMOVE(&conf->addrs, addr, addrs);
143 if (addr->sock != -1) {
145 event_del(&addr->evsock);
151 memset(conf, 0, sizeof(*conf));
154 conf->use_privsep_crypto = use_privsep_crypto;
155 conf->protos = TLS_PROTOCOL_TLSv1_2 | TLS_PROTOCOL_TLSv1_3;
156 conf->log_syslog = 1;
157 conf->log_facility = LOG_DAEMON;
158 conf->log_format = log_format;
159 init_mime(&conf->mime);
160 TAILQ_INIT(&conf->fcgi);
161 TAILQ_INIT(&conf->hosts);
162 TAILQ_INIT(&conf->pkis);
166 config_send_file(struct privsep *ps, enum privsep_procid id, int type,
167 int fd, void *data, size_t l)
172 proc_range(ps, id, &n, &m);
173 for (n = 0; n < m; ++n) {
175 if (fd != -1 && (d = dup(fd)) == -1)
177 if (proc_compose_imsg(ps, id, n, type, -1, d, data, l)
185 /* avoid fd rampage */
186 if (proc_flush_imsg(ps, id, -1) == -1) {
187 log_warn("%s: proc_fush_imsg", __func__);
195 config_open_send(struct privsep *ps, enum privsep_procid id, int type,
200 log_debug("sending %s", path);
202 if ((fd = open(path, O_RDONLY)) == -1)
203 fatal("can't open %s", path);
205 return config_send_file(ps, id, type, fd, NULL, 0);
209 config_send_kp(struct privsep *ps, int cert_type, int key_type,
210 const char *cert, const char *key)
212 struct conf *conf = ps->ps_env;
213 int fd, d, key_target;
215 log_debug("sending %s", cert);
216 if ((fd = open(cert, O_RDONLY)) == -1)
217 fatal("can't open %s", cert);
218 if ((d = dup(fd)) == -1)
221 if (config_send_file(ps, PROC_SERVER, cert_type, fd, NULL, 0) == -1) {
225 if (conf->use_privsep_crypto &&
226 config_send_file(ps, PROC_CRYPTO, cert_type, d, NULL, 0) == -1)
229 key_target = PROC_CRYPTO;
230 if (!conf->use_privsep_crypto)
231 key_target = PROC_SERVER;
233 if (config_open_send(ps, key_target, key_type, key) == -1)
240 config_send_socks(struct conf *conf)
242 struct privsep *ps = conf->ps;
243 struct address *addr, a;
246 TAILQ_FOREACH(addr, &conf->addrs, addrs) {
247 sock = socket(addr->ai_family, addr->ai_socktype,
253 if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &v, sizeof(v))
255 fatal("setsockopt(SO_REUSEADDR)");
258 if (setsockopt(sock, SOL_SOCKET, SO_REUSEPORT, &v, sizeof(v))
260 fatal("setsockopt(SO_REUSEPORT)");
264 if (bind(sock, (struct sockaddr *)&addr->ss, addr->slen)
268 if (listen(sock, 16) == -1)
271 memcpy(&a, addr, sizeof(a));
274 memset(&a.evsock, 0, sizeof(a.evsock));
275 memset(&a.addrs, 0, sizeof(a.addrs));
277 if (config_send_file(ps, PROC_SERVER, IMSG_RECONF_SOCK, sock,
278 &a, sizeof(a)) == -1)
286 config_send(struct conf *conf)
288 struct privsep *ps = conf->ps;
298 if (proc_compose(ps, PROC_SERVER, IMSG_RECONF_LOG_FMT,
299 &conf->log_format, sizeof(conf->log_format)) == -1)
302 for (i = 0; i < conf->mime.len; ++i) {
303 m = &conf->mime.t[i];
304 if (proc_compose(ps, PROC_SERVER, IMSG_RECONF_MIME,
305 m, sizeof(*m)) == -1)
309 if (proc_compose(ps, PROC_SERVER, IMSG_RECONF_PROTOS,
310 &conf->protos, sizeof(conf->protos)) == -1)
313 if (config_send_socks(conf) == -1)
316 TAILQ_FOREACH(fcgi, &conf->fcgi, fcgi) {
317 log_debug("sending fastcgi %s", fcgi->path);
318 if (proc_compose(ps, PROC_SERVER, IMSG_RECONF_FCGI,
319 fcgi, sizeof(*fcgi)) == -1)
323 TAILQ_FOREACH(h, &conf->hosts, vhosts) {
325 struct address *addr, acopy;
327 memcpy(&vcopy, h, sizeof(vcopy));
328 vcopy.cert_path = NULL;
329 vcopy.key_path = NULL;
330 vcopy.ocsp_path = NULL;
332 log_debug("sending host %s", h->domain);
334 if (proc_compose(ps, PROC_SERVER, IMSG_RECONF_HOST,
335 &vcopy, sizeof(vcopy)) == -1)
338 if (config_send_kp(ps, IMSG_RECONF_CERT, IMSG_RECONF_KEY,
339 h->cert_path, h->key_path) == -1)
342 if (h->ocsp_path != NULL) {
343 if (config_open_send(ps, PROC_SERVER, IMSG_RECONF_OCSP,
348 TAILQ_FOREACH(addr, &h->addrs, addrs) {
349 memcpy(&acopy, addr, sizeof(acopy));
350 memset(&acopy.addrs, 0, sizeof(acopy.addrs));
352 if (proc_compose(ps, PROC_SERVER,
353 IMSG_RECONF_HOST_ADDR, &acopy, sizeof(acopy))
358 if (proc_flush_imsg(ps, PROC_SERVER, -1) == -1) {
359 log_warn("%s: proc_fush_imsg", __func__);
363 TAILQ_FOREACH(l, &h->locations, locations) {
364 struct location lcopy;
367 memcpy(&lcopy, l, sizeof(lcopy));
368 lcopy.reqca_path = NULL;
371 memset(&lcopy.locations, 0, sizeof(lcopy.locations));
373 if (l->reqca_path != NULL &&
374 (fd = open(l->reqca_path, O_RDONLY)) == -1)
375 fatal("can't open %s", l->reqca_path);
377 if (config_send_file(ps, PROC_SERVER, IMSG_RECONF_LOC,
378 fd, &lcopy, sizeof(lcopy)) == -1)
381 TAILQ_FOREACH(e, &l->params, envs) {
382 if (proc_compose(ps, PROC_SERVER,
383 IMSG_RECONF_ENV, e, sizeof(*e)) == -1)
388 if (proc_flush_imsg(ps, PROC_SERVER, -1) == -1)
391 TAILQ_FOREACH(a, &h->aliases, aliases) {
392 if (proc_compose(ps, PROC_SERVER, IMSG_RECONF_ALIAS,
393 a, sizeof(*a)) == -1)
397 if (proc_flush_imsg(ps, PROC_SERVER, -1) == -1)
400 TAILQ_FOREACH(p, &h->proxies, proxies) {
404 memcpy(&pcopy, p, sizeof(pcopy));
405 pcopy.cert_path = NULL;
408 pcopy.key_path = NULL;
411 pcopy.reqca_path = NULL;
414 if (p->reqca_path != NULL) {
415 fd = open(p->reqca_path, O_RDONLY);
417 fatal("can't open %s", p->reqca_path);
420 if (config_send_file(ps, PROC_SERVER, IMSG_RECONF_PROXY,
421 fd, &pcopy, sizeof(pcopy)) == -1)
424 if (p->cert_path == NULL || p->key_path == NULL)
427 if (config_open_send(ps, PROC_SERVER,
428 IMSG_RECONF_PROXY_CERT, p->cert_path) == -1 ||
429 config_open_send(ps, PROC_SERVER,
430 IMSG_RECONF_PROXY_KEY, p->key_path) == -1)
439 load_file(int fd, uint8_t **data, size_t *len)
444 if (fstat(fd, &sb) == -1)
447 if (sb.st_size < 0 /* || sb.st_size > SIZE_MAX */) {
448 log_warnx("file too large");
454 if ((*data = malloc(*len)) == NULL)
457 r = pread(fd, *data, *len, 0);
458 if (r == -1 || (size_t)r != *len) {
459 log_warn("read failed");
470 config_crypto_recv_kp(struct conf *conf, struct imsg *imsg)
472 static struct pki *pki;
476 /* XXX: check for duplicates */
479 fatalx("no fd for imsg %d", imsg->hdr.type);
481 switch (imsg->hdr.type) {
482 case IMSG_RECONF_CERT:
484 fatalx("imsg in wrong order; pki is not NULL");
485 if ((pki = calloc(1, sizeof(*pki))) == NULL)
487 if (load_file(imsg->fd, &d, &len) == -1)
488 fatalx("can't load file");
489 if ((pki->hash = ssl_pubkey_hash(d, len)) == NULL)
490 fatalx("failed to compute cert hash");
492 TAILQ_INSERT_TAIL(&conf->pkis, pki, pkis);
495 case IMSG_RECONF_KEY:
497 fatalx("got key without cert beforehand %d",
499 if (load_file(imsg->fd, &d, &len) == -1)
500 fatalx("failed to load private key");
501 if ((pki->pkey = ssl_load_pkey(d, len)) == NULL)
502 fatalx("failed load private key");
515 config_recv(struct conf *conf, struct imsg *imsg)
517 static struct vhost *h;
518 static struct location *l;
519 static struct proxy *p;
520 struct privsep *ps = conf->ps;
523 struct vhost *vh, vht;
524 struct location *loc;
528 struct address *addr;
532 datalen = IMSG_DATA_SIZE(imsg);
534 switch (imsg->hdr.type) {
535 case IMSG_RECONF_START:
541 case IMSG_RECONF_LOG_FMT:
542 IMSG_SIZE_CHECK(imsg, &conf->log_format);
543 memcpy(&conf->log_format, imsg->data, datalen);
546 case IMSG_RECONF_MIME:
547 IMSG_SIZE_CHECK(imsg, &m);
548 memcpy(&m, imsg->data, datalen);
549 if (m.mime[sizeof(m.mime) - 1] != '\0' ||
550 m.ext[sizeof(m.ext) - 1] != '\0')
551 fatal("received corrupted IMSG_RECONF_MIME");
552 if (add_mime(&conf->mime, m.mime, m.ext) == -1)
553 fatal("failed to add mime mapping %s -> %s",
557 case IMSG_RECONF_PROTOS:
558 IMSG_SIZE_CHECK(imsg, &conf->protos);
559 memcpy(&conf->protos, imsg->data, datalen);
562 case IMSG_RECONF_SOCK:
563 addr = xcalloc(1, sizeof(*addr));
564 IMSG_SIZE_CHECK(imsg, addr);
565 memcpy(addr, imsg->data, sizeof(*addr));
567 fatalx("missing socket for IMSG_RECONF_SOCK");
569 addr->sock = imsg->fd;
570 event_set(&addr->evsock, addr->sock, EV_READ|EV_PERSIST,
571 server_accept, addr);
572 if ((addr->ctx = tls_server()) == NULL)
573 fatal("tls_server failure");
574 TAILQ_INSERT_HEAD(&conf->addrs, addr, addrs);
577 case IMSG_RECONF_FCGI:
578 IMSG_SIZE_CHECK(imsg, fcgi);
579 fcgi = xcalloc(1, sizeof(*fcgi));
580 memcpy(fcgi, imsg->data, datalen);
581 log_debug("received fcgi %s", fcgi->path);
582 TAILQ_INSERT_TAIL(&conf->fcgi, fcgi, fcgi);
585 case IMSG_RECONF_HOST:
586 IMSG_SIZE_CHECK(imsg, &vht);
587 memcpy(&vht, imsg->data, datalen);
589 strlcpy(vh->domain, vht.domain, sizeof(vh->domain));
591 TAILQ_INSERT_TAIL(&conf->hosts, h, vhosts);
593 /* reset location and proxy */
598 case IMSG_RECONF_CERT:
599 log_debug("receiving cert");
600 if (privsep_process == PROC_CRYPTO)
601 return config_crypto_recv_kp(conf, imsg);
603 fatalx("recv'd cert without host");
605 fatalx("cert already received");
607 fatalx("no fd for IMSG_RECONF_CERT");
608 if (load_file(imsg->fd, &h->cert, &h->certlen) == -1)
609 fatalx("failed to load cert for %s",
613 case IMSG_RECONF_KEY:
614 log_debug("receiving key");
615 if (privsep_process == PROC_CRYPTO)
616 return config_crypto_recv_kp(conf, imsg);
618 fatalx("recv'd key without host");
620 fatalx("key already received");
622 fatalx("no fd for IMSG_RECONF_KEY");
623 if (load_file(imsg->fd, &h->key, &h->keylen) == -1)
624 fatalx("failed to load key for %s",
628 case IMSG_RECONF_OCSP:
629 log_debug("receiving ocsp");
631 fatalx("recv'd ocsp without host");
633 fatalx("ocsp already received");
635 fatalx("no fd for IMSG_RECONF_OCSP");
636 if (load_file(imsg->fd, &h->ocsp, &h->ocsplen) == -1)
637 fatalx("failed to load ocsp for %s",
641 case IMSG_RECONF_HOST_ADDR:
642 log_debug("receiving host addr");
644 fatalx("recv'd host address withouth host");
645 IMSG_SIZE_CHECK(imsg, addr);
646 addr = xcalloc(1, sizeof(*addr));
647 memcpy(addr, imsg->data, datalen);
648 TAILQ_INSERT_TAIL(&h->addrs, addr, addrs);
651 case IMSG_RECONF_LOC:
653 fatalx("recv'd location without host");
654 IMSG_SIZE_CHECK(imsg, loc);
655 loc = xcalloc(1, sizeof(*loc));
656 memcpy(loc, imsg->data, datalen);
657 TAILQ_INIT(&loc->params);
659 if (imsg->fd != -1) {
660 if (load_file(imsg->fd, &d, &len) == -1)
662 loc->reqca = load_ca(d, len);
663 if (loc->reqca == NULL)
664 fatalx("failed to load CA");
669 TAILQ_INSERT_TAIL(&h->locations, loc, locations);
672 case IMSG_RECONF_ENV:
674 fatalx("recv'd env without location");
675 IMSG_SIZE_CHECK(imsg, env);
676 env = xcalloc(1, sizeof(*env));
677 memcpy(env, imsg->data, datalen);
678 TAILQ_INSERT_TAIL(&l->params, env, envs);
681 case IMSG_RECONF_ALIAS:
683 fatalx("recv'd alias without host");
684 IMSG_SIZE_CHECK(imsg, alias);
685 alias = xcalloc(1, sizeof(*alias));
686 memcpy(alias, imsg->data, datalen);
687 TAILQ_INSERT_TAIL(&h->aliases, alias, aliases);
690 case IMSG_RECONF_PROXY:
691 log_debug("receiving proxy");
693 fatalx("recv'd proxy without host");
694 IMSG_SIZE_CHECK(imsg, proxy);
695 proxy = xcalloc(1, sizeof(*proxy));
696 memcpy(proxy, imsg->data, datalen);
698 if (imsg->fd != -1) {
699 if (load_file(imsg->fd, &d, &len) == -1)
701 proxy->reqca = load_ca(d, len);
702 if (proxy->reqca == NULL)
703 fatal("failed to load CA");
707 TAILQ_INSERT_TAIL(&h->proxies, proxy, proxies);
711 case IMSG_RECONF_PROXY_CERT:
712 log_debug("receiving proxy cert");
714 fatalx("recv'd proxy cert without proxy");
716 fatalx("proxy cert already received");
718 fatalx("no fd for IMSG_RECONF_PROXY_CERT");
719 if (load_file(imsg->fd, &p->cert, &p->certlen) == -1)
720 fatalx("failed to load cert for proxy %s of %s",
724 case IMSG_RECONF_PROXY_KEY:
725 log_debug("receiving proxy key");
727 fatalx("recv'd proxy key without proxy");
729 fatalx("proxy key already received");
731 fatalx("no fd for IMSG_RECONF_PROXY_KEY");
732 if (load_file(imsg->fd, &p->key, &p->keylen) == -1)
733 fatalx("failed to load key for proxy %s of %s",
737 case IMSG_RECONF_END:
738 if (proc_compose(ps, PROC_PARENT, IMSG_RECONF_DONE,
751 config_test(struct conf *conf)
754 struct address *addr;
758 * can't use config_crypto_recv_kp() because not on all platforms
759 * we're using the privsep crypto engine (yet).
761 conf->use_privsep_crypto = 0;
763 TAILQ_FOREACH(h, &conf->hosts, vhosts) {
764 if ((fd = open(h->cert_path, O_RDONLY)) == -1) {
765 log_warn("can't open %s", h->cert_path);
768 if (load_file(fd, &h->cert, &h->certlen) == -1) {
769 log_warnx("failed to load cert for %s",
774 if ((fd = open(h->key_path, O_RDONLY)) == -1) {
775 log_warn("can't open %s", h->key_path);
778 if (load_file(fd, &h->key, &h->keylen) == -1) {
779 log_warnx("failed to load key for %s",
785 TAILQ_FOREACH(addr, &conf->addrs, addrs) {
786 if ((addr->ctx = tls_server()) == NULL)
787 fatal("tls_server failed");
791 if (server_configure_done(conf))
