1 /*
2  * Copyright (c) 2021 Omar Polo <op@omarpolo.com>
3  *
4  * Permission to use, copy, modify, and distribute this software for any
5  * purpose with or without fee is hereby granted, provided that the above
6  * copyright notice and this permission notice appear in all copies.
7  *
8  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15  */
16 
17 #include <sys/mman.h>
18 #include <sys/stat.h>
19 
20 #include <netdb.h>
21 
22 #include <assert.h>
23 #include <errno.h>
24 #include <fcntl.h>
25 #include <fnmatch.h>
26 #include <limits.h>
27 #include <string.h>
28 
29 #include "gmid.h"
30 
31 int connected_clients;
32 
33 static int	 check_path(struct client*, const char*, int*);
34 static void	 open_file(struct pollfd*, struct client*);
35 static void	 load_file(struct pollfd*, struct client*);
36 static void	 check_for_cgi(struct pollfd*, struct client*);
37 static void	 handle_handshake(struct pollfd*, struct client*);
38 static void	 handle_open_conn(struct pollfd*, struct client*);
39 static void	 start_reply(struct pollfd*, struct client*, int, const char*);
40 static void	 handle_start_reply(struct pollfd*, struct client*);
41 static void	 start_cgi(const char*, const char*, struct pollfd*, struct client*);
42 static void	 send_file(struct pollfd*, struct client*);
43 static void	 open_dir(struct pollfd*, struct client*);
44 static void	 redirect_canonical_dir(struct pollfd*, struct client*);
45 static void	 enter_handle_dirlist(struct pollfd*, struct client*);
46 static void	 handle_dirlist(struct pollfd*, struct client*);
47 static int 	 read_next_dir_entry(struct client*);
48 static void	 send_directory_listing(struct pollfd*, struct client*);
49 static void	 cgi_poll_on_child(struct pollfd*, struct client*);
50 static void	 cgi_poll_on_client(struct pollfd*, struct client*);
51 static void	 handle_cgi_reply(struct pollfd*, struct client*);
52 static void	 handle_cgi(struct pollfd*, struct client*);
53 static void	 close_conn(struct pollfd*, struct client*);
54 static void	 do_accept(int, struct tls*, struct pollfd*, struct client*);
55 
56 const char *
57 vhost_lang(struct vhost *v, const char *path)
58 {
59 	struct location *loc;
60 
61 	if (v == NULL || path == NULL)
62 		return NULL;
63 
64 	for (loc = &v->locations[1]; loc->match != NULL; ++loc) {
65 		if (!fnmatch(loc->match, path, 0)) {
66 			if (loc->lang != NULL)
67 				return loc->lang;
68 		}
69 	}
70 
71 	return v->locations[0].lang;
72 }
73 
74 const char *
75 vhost_default_mime(struct vhost *v, const char *path)
76 {
77 	struct location *loc;
78 	const char *default_mime = "application/octet-stream";
79 
80 	if (v == NULL || path == NULL)
81 		return default_mime;
82 
83 	for (loc = &v->locations[1]; loc->match != NULL; ++loc) {
84 		if (!fnmatch(loc->match, path, 0)) {
85 			if (loc->default_mime != NULL)
86 				return loc->default_mime;
87 		}
88 	}
89 
90 	if (v->locations[0].default_mime != NULL)
91 		return v->locations[0].default_mime;
92 	return default_mime;
93 }
94 
95 const char *
96 vhost_index(struct vhost *v, const char *path)
97 {
98 	struct location *loc;
99 	const char *index = "index.gmi";
100 
101 	if (v == NULL || path == NULL)
102 		return index;
103 
104 	for (loc = &v->locations[1]; loc->match != NULL; ++loc) {
105 		if (!fnmatch(loc->match, path, 0)) {
106 			if (loc->index != NULL)
107 				return loc->index;
108 		}
109 	}
110 
111 	if (v->locations[0].index != NULL)
112 		return v->locations[0].index;
113 	return index;
114 }
115 
116 int
117 vhost_auto_index(struct vhost *v, const char *path)
118 {
119 	struct location *loc;
120 
121 	if (v == NULL || path == NULL)
122 		return 0;
123 
124 	for (loc = v->locations; loc->match != NULL; ++loc) {
125 		if (!fnmatch(loc->match, path, 0)) {
126 			if (loc->auto_index != 0)
127 				return loc->auto_index == 1;
128 		}
129 	}
130 
131 	return v->locations[0].auto_index == 1;
132 }
133 
134 static int
135 check_path(struct client *c, const char *path, int *fd)
136 {
137 	struct stat sb;
138 	const char *p;
139 	int flags;
140 
141 	assert(path != NULL);
142 
143 	if (*path == '\0')
144 		p = ".";
145 	else if (*path == '/')
146 		/* in send_dir we add an initial / (to be
147 		 * redirect-friendly), but here we want to skip it */
148 		p = path+1;
149 	else
150 		p = path;
151 
152 	flags = O_RDONLY | O_NOFOLLOW;
153 
154 	if (*fd == -1 && (*fd = openat(c->host->dirfd, p, flags)) == -1)
155 		return FILE_MISSING;
156 
157 	if (fstat(*fd, &sb) == -1) {
158 		LOGN(c, "failed stat for %s: %s", path, strerror(errno));
159 		return FILE_MISSING;
160 	}
161 
162 	if (S_ISDIR(sb.st_mode))
163 		return FILE_DIRECTORY;
164 
165 	if (sb.st_mode & S_IXUSR)
166 		return FILE_EXECUTABLE;
167 
168 	return FILE_EXISTS;
169 }
170 
171 static void
172 open_file(struct pollfd *fds, struct client *c)
173 {
174 	switch (check_path(c, c->iri.path, &c->fd)) {
175 	case FILE_EXECUTABLE:
176 		if (c->host->cgi != NULL && !fnmatch(c->host->cgi, c->iri.path, 0)) {
177 			start_cgi(c->iri.path, "", fds, c);
178 			return;
179 		}
180 
181 		/* fallthrough */
182 
183 	case FILE_EXISTS:
184 		load_file(fds, c);
185 		return;
186 
187 	case FILE_DIRECTORY:
188 		open_dir(fds, c);
189 		return;
190 
191 	case FILE_MISSING:
192 		if (c->host->cgi != NULL && !fnmatch(c->host->cgi, c->iri.path, 0)) {
193 			check_for_cgi(fds, c);
194 			return;
195 		}
196 		start_reply(fds, c, NOT_FOUND, "not found");
197 		return;
198 
199 	default:
200 		/* unreachable */
201 		abort();
202 	}
203 }
204 
205 static void
206 load_file(struct pollfd *fds, struct client *c)
207 {
208 	if ((c->len = filesize(c->fd)) == -1) {
209 		LOGE(c, "failed to get file size for %s: %s",
210 		    c->iri.path, strerror(errno));
211 		start_reply(fds, c, TEMP_FAILURE, "internal server error");
212 		return;
213 	}
214 
215 	if ((c->buf = mmap(NULL, c->len, PROT_READ, MAP_PRIVATE,
216 		    c->fd, 0)) == MAP_FAILED) {
217 		LOGW(c, "mmap: %s: %s", c->iri.path, strerror(errno));
218 		start_reply(fds, c, TEMP_FAILURE, "internal server error");
219 		return;
220 	}
221 	c->i = c->buf;
222 	c->next = send_file;
223 	start_reply(fds, c, SUCCESS, mime(c->host, c->iri.path));
224 }
225 
226 /*
227  * the inverse of this algorithm, i.e. starting from the start of the
228  * path + strlen(cgi), and checking if each component, should be
229  * faster.  But it's tedious to write.  This does the opposite: starts
230  * from the end and strip one component at a time, until either an
231  * executable is found or we emptied the path.
232  */
233 static void
234 check_for_cgi(struct pollfd *fds, struct client *c)
235 {
236 	char path[PATH_MAX];
237 	char *end;
238 
239 	strlcpy(path, c->iri.path, sizeof(path));
240 	end = strchr(path, '\0');
241 
242 	/* NB: assume CGI is enabled and path matches cgi */
243 
244 	while (end > path) {
245 		/* go up one level.  UNIX paths are simple and POSIX
246 		 * dirname, with its ambiguities on if the given path
247 		 * is changed or not, gives me headaches. */
248 		while (*end != '/')
249 			end--;
250 		*end = '\0';
251 
252 		switch (check_path(c, path, &c->fd)) {
253 		case FILE_EXECUTABLE:
254 			start_cgi(path, end+1, fds, c);
255 			return;
256 		case FILE_MISSING:
257 			break;
258 		default:
259 			goto err;
260 		}
261 
262 		*end = '/';
263 		end--;
264 	}
265 
266 err:
267 	start_reply(fds, c, NOT_FOUND, "not found");
268 	return;
269 }
270 
271 static void
272 handle_handshake(struct pollfd *fds, struct client *c)
273 {
274 	struct vhost *h;
275 	const char *servname;
276 	const char *parse_err = "unknown error";
277 
278 	switch (tls_handshake(c->ctx)) {
279 	case 0:  /* success */
280 	case -1: /* already handshaked */
281 		break;
282 	case TLS_WANT_POLLIN:
283 		fds->events = POLLIN;
284 		return;
285 	case TLS_WANT_POLLOUT:
286 		fds->events = POLLOUT;
287 		return;
288 	default:
289 		/* unreachable */
290 		abort();
291 	}
292 
293 	servname = tls_conn_servername(c->ctx);
294 	if (!puny_decode(servname, c->domain, sizeof(c->domain), &parse_err)) {
295 		LOGI(c, "%s", parse_err);
296 		goto err;
297 	}
298 
299 	for (h = hosts; h->domain != NULL; ++h) {
300 		if (!fnmatch(h->domain, c->domain, 0))
301 			break;
302 	}
303 
304 	/* LOGD(c, "handshake: SNI: \"%s\"; decoded: \"%s\"; matched: \"%s\"", */
305 	/*     servname != NULL ? servname : "(null)", */
306 	/*     c->domain, */
307 	/*     h->domain != NULL ? h->domain : "(null)"); */
308 
309 	if (h->domain != NULL) {
310 		c->host = h;
311 		c->state = handle_open_conn;
312 		c->state(fds, c);
313 		return;
314 	}
315 
316 err:
317 	if (servname != NULL)
318 		strncpy(c->req, servname, sizeof(c->req));
319 	else
320 		strncpy(c->req, "null", sizeof(c->req));
321 
322 	start_reply(fds, c, BAD_REQUEST, "Wrong/malformed host or missing SNI");
323 }
324 
325 static void
326 handle_open_conn(struct pollfd *fds, struct client *c)
327 {
328 	const char *parse_err = "invalid request";
329 	char decoded[DOMAIN_NAME_LEN];
330 
331 	bzero(c->req, sizeof(c->req));
332 	bzero(&c->iri, sizeof(c->iri));
333 
334 	switch (tls_read(c->ctx, c->req, sizeof(c->req)-1)) {
335 	case -1:
336 		LOGE(c, "tls_read: %s", tls_error(c->ctx));
337 		close_conn(fds, c);
338 		return;
339 
340 	case TLS_WANT_POLLIN:
341 		fds->events = POLLIN;
342 		return;
343 
344 	case TLS_WANT_POLLOUT:
345 		fds->events = POLLOUT;
346 		return;
347 	}
348 
349 	if (!trim_req_iri(c->req, &parse_err)
350 	    || !parse_iri(c->req, &c->iri, &parse_err)
351 	    || !puny_decode(c->iri.host, decoded, sizeof(decoded), &parse_err)) {
352 		LOGI(c, "iri parse error: %s", parse_err);
353 		start_reply(fds, c, BAD_REQUEST, "invalid request");
354 		return;
355 	}
356 
357 	if (c->iri.port_no != conf.port
358 	    || strcmp(c->iri.schema, "gemini")
359 	    || strcmp(decoded, c->domain)) {
360 		start_reply(fds, c, PROXY_REFUSED, "won't proxy request");
361 		return;
362 	}
363 
364 	open_file(fds, c);
365 }
366 
367 static void
368 start_reply(struct pollfd *pfd, struct client *c, int code, const char *meta)
369 {
370 	c->code = code;
371 	c->meta = meta;
372 	c->state = handle_start_reply;
373 	handle_start_reply(pfd, c);
374 }
375 
376 static void
377 handle_start_reply(struct pollfd *pfd, struct client *c)
378 {
379 	char buf[1030];		/* status + ' ' + max reply len + \r\n\0 */
380 	const char *lang;
381 	size_t len;
382 
383 	lang = vhost_lang(c->host, c->iri.path);
384 
385 	snprintf(buf, sizeof(buf), "%d ", c->code);
386 	strlcat(buf, c->meta, sizeof(buf));
387 	if (!strcmp(c->meta, "text/gemini") && lang != NULL) {
388 		strlcat(buf, "; lang=", sizeof(buf));
389 		strlcat(buf, lang, sizeof(buf));
390 	}
391 
392 	len = strlcat(buf, "\r\n", sizeof(buf));
393 	assert(len < sizeof(buf));
394 
395 	switch (tls_write(c->ctx, buf, len)) {
396 	case -1:
397 		close_conn(pfd, c);
398 		return;
399 	case TLS_WANT_POLLIN:
400 		pfd->events = POLLIN;
401 		return;
402 	case TLS_WANT_POLLOUT:
403 		pfd->events = POLLOUT;
404 		return;
405 	}
406 
407 	log_request(c, buf, sizeof(buf));
408 
409 	/* we don't need a body */
410 	if (c->code != SUCCESS) {
411 		close_conn(pfd, c);
412 		return;
413 	}
414 
415 	/* advance the state machine */
416 	c->state = c->next;
417 	c->state(pfd, c);
418 }
419 
420 static void
421 start_cgi(const char *spath, const char *relpath,
422     struct pollfd *fds, struct client *c)
423 {
424 	char addr[NI_MAXHOST];
425 	const char *ruser, *cissuer, *chash;
426 	int e;
427 
428 	e = getnameinfo((struct sockaddr*)&c->addr, sizeof(c->addr),
429 	    addr, sizeof(addr),
430 	    NULL, 0,
431 	    NI_NUMERICHOST);
432 	if (e != 0)
433 		goto err;
434 
435 	if (tls_peer_cert_provided(c->ctx)) {
436 		ruser = tls_peer_cert_subject(c->ctx);
437 		cissuer = tls_peer_cert_issuer(c->ctx);
438 		chash = tls_peer_cert_hash(c->ctx);
439 	} else {
440 		ruser = NULL;
441 		cissuer = NULL;
442 		chash = NULL;
443 	}
444 
445 	if (!send_iri(exfd, &c->iri)
446 	    || !send_string(exfd, spath)
447 	    || !send_string(exfd, relpath)
448 	    || !send_string(exfd, addr)
449 	    || !send_string(exfd, ruser)
450 	    || !send_string(exfd, cissuer)
451 	    || !send_string(exfd, chash)
452 	    || !send_vhost(exfd, c->host))
453 		goto err;
454 
455 	close(c->fd);
456 	if ((c->fd = recv_fd(exfd)) == -1) {
457 		start_reply(fds, c, TEMP_FAILURE, "internal server error");
458 		return;
459 	}
460 
461 	cgi_poll_on_child(fds, c);
462 	c->state = handle_cgi_reply;
463 	return;
464 
465 err:
466 	/* fatal("cannot talk to the executor process: %s", strerror(errno)); */
467 	fatal("cannot talk to the executor process");
468 }
469 
470 static void
471 send_file(struct pollfd *fds, struct client *c)
472 {
473 	ssize_t ret, len;
474 
475 	len = (c->buf + c->len) - c->i;
476 
477 	while (len > 0) {
478 		switch (ret = tls_write(c->ctx, c->i, len)) {
479 		case -1:
480 			LOGE(c, "tls_write: %s", tls_error(c->ctx));
481 			close_conn(fds, c);
482 			return;
483 
484 		case TLS_WANT_POLLIN:
485 			fds->events = POLLIN;
486 			return;
487 
488 		case TLS_WANT_POLLOUT:
489 			fds->events = POLLOUT;
490 			return;
491 
492 		default:
493 			c->i += ret;
494 			len -= ret;
495 			break;
496 		}
497 	}
498 
499 	close_conn(fds, c);
500 }
501 
502 static void
503 open_dir(struct pollfd *fds, struct client *c)
504 {
505 	size_t len;
506 	int dirfd;
507 	char *before_file;
508 
509 	len = strlen(c->iri.path);
510 	if (len > 0 && !ends_with(c->iri.path, "/")) {
511 		redirect_canonical_dir(fds, c);
512 		return;
513 	}
514 
515 	strlcpy(c->sbuf, "/", sizeof(c->sbuf));
516 	strlcat(c->sbuf, c->iri.path, sizeof(c->sbuf));
517 	if (!ends_with(c->sbuf, "/"))
518 		strlcat(c->sbuf, "/", sizeof(c->sbuf));
519 	before_file = strchr(c->sbuf, '\0');
520 	len = strlcat(c->sbuf, vhost_index(c->host, c->iri.path),
521 	    sizeof(c->sbuf));
522 	if (len >= sizeof(c->sbuf)) {
523 		start_reply(fds, c, TEMP_FAILURE, "internal server error");
524 		return;
525 	}
526 
527 	c->iri.path = c->sbuf;
528 
529 	/* close later unless we have to generate the dir listing */
530 	dirfd = c->fd;
531 	c->fd = -1;
532 
533 	switch (check_path(c, c->iri.path, &c->fd)) {
534 	case FILE_EXECUTABLE:
535 		if (c->host->cgi != NULL && !fnmatch(c->host->cgi, c->iri.path, 0)) {
536 			start_cgi(c->iri.path, "", fds, c);
537 			break;
538 		}
539 
540 		/* fallthrough */
541 
542 	case FILE_EXISTS:
543                 load_file(fds, c);
544 		break;
545 
546 	case FILE_DIRECTORY:
547 		start_reply(fds, c, TEMP_REDIRECT, c->sbuf);
548 		break;
549 
550 	case FILE_MISSING:
551 		*before_file = '\0';
552 
553 		if (!vhost_auto_index(c->host, c->iri.path)) {
554 			start_reply(fds, c, NOT_FOUND, "not found");
555 			break;
556 		}
557 
558 		c->fd = dirfd;
559 		c->next = enter_handle_dirlist;
560 
561 		if ((c->dir = fdopendir(c->fd)) == NULL) {
562 			LOGE(c, "can't fdopendir(%d) (vhost:%s) %s: %s",
563 			    c->fd, c->host->domain, c->iri.path, strerror(errno));
564 			start_reply(fds, c, TEMP_FAILURE, "internal server error");
565 			return;
566 		}
567 		c->off = 0;
568 
569                 start_reply(fds, c, SUCCESS, "text/gemini");
570 		return;
571 
572 	default:
573 		/* unreachable */
574 		abort();
575 	}
576 
577 	close(dirfd);
578 }
579 
580 static void
581 redirect_canonical_dir(struct pollfd *fds, struct client *c)
582 {
583 	size_t len;
584 
585 	strlcpy(c->sbuf, "/", sizeof(c->sbuf));
586 	strlcat(c->sbuf, c->iri.path, sizeof(c->sbuf));
587 	len = strlcat(c->sbuf, "/", sizeof(c->sbuf));
588 
589 	if (len >= sizeof(c->sbuf)) {
590 		start_reply(fds, c, TEMP_FAILURE, "internal server error");
591 		return;
592 	}
593 
594 	start_reply(fds, c, TEMP_REDIRECT, c->sbuf);
595 }
596 
597 static void
598 enter_handle_dirlist(struct pollfd *fds, struct client *c)
599 {
600 	char b[PATH_MAX];
601 	size_t l;
602 
603 	strlcpy(b, c->iri.path, sizeof(b));
604 	l = snprintf(c->sbuf, sizeof(c->sbuf),
605 	    "# Index of %s\n\n", b);
606 	if (l >= sizeof(c->sbuf)) {
607 		/* this is impossible, given that we have enough space
608 		 * in c->sbuf to hold the ancilliary string plus the
609 		 * full path; but it wouldn't read nice without some
610 		 * error checking, and I'd like to avoid a strlen. */
611 		close_conn(fds, c);
612 		return;
613 	}
614 	c->len = l;
615 
616 	c->state = handle_dirlist;
617 	handle_dirlist(fds, c);
618 }
619 
620 static void
621 handle_dirlist(struct pollfd *fds, struct client *c)
622 {
623 	ssize_t r;
624 
625 	while (c->len > 0) {
626 		switch (r = tls_write(c->ctx, c->sbuf + c->off, c->len)) {
627 		case -1:
628 			close_conn(fds, c);
629 			return;
630 		case TLS_WANT_POLLOUT:
631 			fds->events = POLLOUT;
632 			return;
633 		case TLS_WANT_POLLIN:
634 			fds->events = POLLIN;
635 			return;
636 		default:
637 			c->off += r;
638 			c->len -= r;
639 		}
640 	}
641 
642 	c->state = send_directory_listing;
643 	send_directory_listing(fds, c);
644 }
645 
646 static int
647 read_next_dir_entry(struct client *c)
648 {
649 	struct dirent *d;
650 
651 	do {
652 		errno = 0;
653 		if ((d = readdir(c->dir)) == NULL) {
654 			if (errno != 0)
655 				LOGE(c, "readdir: %s", strerror(errno));
656 			return 0;
657 		}
658 	} while (!strcmp(d->d_name, "."));
659 
660 	/* XXX: url escape */
661 	snprintf(c->sbuf, sizeof(c->sbuf), "=> %s %s\n",
662 	    d->d_name, d->d_name);
663 	c->len = strlen(c->sbuf);
664 	c->off = 0;
665 
666 	return 1;
667 }
668 
669 static void
670 send_directory_listing(struct pollfd *fds, struct client *c)
671 {
672 	ssize_t r;
673 
674 	while (1) {
675 		if (c->len == 0) {
676 			if (!read_next_dir_entry(c))
677 				goto end;
678 		}
679 
680 		while (c->len > 0) {
681 			switch (r = tls_write(c->ctx, c->sbuf + c->off, c->len)) {
682 			case -1:
683 				goto end;
684 
685 			case TLS_WANT_POLLOUT:
686 				fds->events = POLLOUT;
687 				return;
688 
689 			case TLS_WANT_POLLIN:
690 				fds->events = POLLIN;
691 				return;
692 
693 			default:
694 				c->off += r;
695 				c->len -= r;
696 				break;
697 			}
698 		}
699 	}
700 
701 end:
702 	close_conn(fds, c);
703 }
704 
705 static inline void
706 cgi_poll_on_child(struct pollfd *fds, struct client *c)
707 {
708 	int fd;
709 
710 	if (c->waiting_on_child)
711 		return;
712 	c->waiting_on_child = 1;
713 
714 	fds->events = POLLIN;
715 
716 	fd = fds->fd;
717 	fds->fd = c->fd;
718 	c->fd = fd;
719 }
720 
721 static inline void
722 cgi_poll_on_client(struct pollfd *fds, struct client *c)
723 {
724 	int fd;
725 
726 	if (!c->waiting_on_child)
727 		return;
728 	c->waiting_on_child = 0;
729 
730 	fd = fds->fd;
731 	fds->fd = c->fd;
732 	c->fd = fd;
733 }
734 
735 /* accumulate the meta line from the cgi script. */
736 static void
737 handle_cgi_reply(struct pollfd *fds, struct client *c)
738 {
739 	void	*buf, *e;
740 	size_t	 len;
741 	ssize_t	 r;
742 
743 	buf = c->sbuf + c->len;
744 	len = sizeof(c->sbuf) - c->len;
745 
746 	/* we're polling on the child! */
747 	r = read(fds->fd, buf, len);
748 	if (r == 0 || r == -1) {
749 		cgi_poll_on_client(fds, c);
750 		start_reply(fds, c, CGI_ERROR, "CGI error");
751 		return;
752 	}
753 
754 	c->len += r;
755 
756 	/* TODO: error if the CGI script don't reply correctly */
757 	e = strchr(c->sbuf, '\n');
758 	if (e != NULL || c->len == sizeof(c->sbuf)) {
759 		log_request(c, c->sbuf, c->len);
760 
761 		c->off = 0;
762 		c->state = handle_cgi;
763 		c->state(fds, c);
764 		return;
765 	}
766 }
767 
768 static void
769 handle_cgi(struct pollfd *fds, struct client *c)
770 {
771 	ssize_t r;
772 
773 	/* ensure c->fd is the child and fds->fd the client */
774 	cgi_poll_on_client(fds, c);
775 
776 	while (1) {
777 		if (c->len == 0) {
778 			switch (r = read(c->fd, c->sbuf, sizeof(c->sbuf))) {
779 			case 0:
780 				goto end;
781 			case -1:
782 				if (errno == EAGAIN || errno == EWOULDBLOCK) {
783 					cgi_poll_on_child(fds, c);
784 					return;
785 				}
786 				goto end;
787 			default:
788 				c->len = r;
789 				c->off = 0;
790 			}
791 		}
792 
793 		while (c->len > 0) {
794 			switch (r = tls_write(c->ctx, c->sbuf + c->off, c->len)) {
795 			case -1:
796 				goto end;
797 
798 			case TLS_WANT_POLLOUT:
799 				fds->events = POLLOUT;
800 				return;
801 
802 			case TLS_WANT_POLLIN:
803 				fds->events = POLLIN;
804 				return;
805 
806 			default:
807                                 c->off += r;
808 				c->len -= r;
809 				break;
810 			}
811 		}
812 	}
813 
814 end:
815 	close_conn(fds, c);
816 }
817 
818 static void
819 close_conn(struct pollfd *pfd, struct client *c)
820 {
821 	c->state = close_conn;
822 
823 	switch (tls_close(c->ctx)) {
824 	case TLS_WANT_POLLIN:
825 		pfd->events = POLLIN;
826 		return;
827 	case TLS_WANT_POLLOUT:
828 		pfd->events = POLLOUT;
829 		return;
830 	}
831 
832 	connected_clients--;
833 
834 	tls_free(c->ctx);
835 	c->ctx = NULL;
836 
837 	if (c->buf != MAP_FAILED)
838 		munmap(c->buf, c->len);
839 
840 	if (c->fd != -1)
841 		close(c->fd);
842 
843 	if (c->dir != NULL)
844 		closedir(c->dir);
845 
846 	close(pfd->fd);
847 	pfd->fd = -1;
848 }
849 
850 static void
851 do_accept(int sock, struct tls *ctx, struct pollfd *fds, struct client *clients)
852 {
853 	int i, fd;
854 	struct sockaddr_storage addr;
855 	socklen_t len;
856 
857 	len = sizeof(addr);
858 	if ((fd = accept(sock, (struct sockaddr*)&addr, &len)) == -1) {
859 		if (errno == EWOULDBLOCK)
860 			return;
861 		fatal("accept: %s", strerror(errno));
862 	}
863 
864 	mark_nonblock(fd);
865 
866 	for (i = 0; i < MAX_USERS; ++i) {
867 		if (fds[i].fd == -1) {
868 			bzero(&clients[i], sizeof(struct client));
869 			if (tls_accept_socket(ctx, &clients[i].ctx, fd) == -1)
870 				break; /* goodbye fd! */
871 
872 			fds[i].fd = fd;
873 			fds[i].events = POLLIN;
874 
875 			clients[i].state = handle_handshake;
876 			clients[i].next = send_file;
877 			clients[i].fd = -1;
878 			clients[i].waiting_on_child = 0;
879 			clients[i].buf = MAP_FAILED;
880 			clients[i].dir = NULL;
881 			clients[i].addr = addr;
882 
883 			connected_clients++;
884 			return;
885 		}
886 	}
887 
888 	close(fd);
889 }
890 
891 void
892 loop(struct tls *ctx, int sock4, int sock6)
893 {
894 	int i;
895 	struct client clients[MAX_USERS];
896 	struct pollfd fds[MAX_USERS];
897 
898 	connected_clients = 0;
899 
900 	for (i = 0; i < MAX_USERS; ++i) {
901 		fds[i].fd = -1;
902 		fds[i].events = POLLIN;
903 		bzero(&clients[i], sizeof(struct client));
904 	}
905 
906 	fds[0].fd = sock4;
907 	fds[1].fd = sock6;
908 
909 	for (;;) {
910 		if (poll(fds, MAX_USERS, INFTIM) == -1) {
911 			if (errno == EINTR) {
912                                 fprintf(stderr, "connected clients: %d\n",
913 				    connected_clients);
914 				continue;
915 			}
916 			fatal("poll: %s", strerror(errno));
917 		}
918 
919 		for (i = 0; i < MAX_USERS; i++) {
920 			if (fds[i].revents == 0)
921 				continue;
922 
923 			if (fds[i].revents & (POLLERR|POLLNVAL))
924 				fatal("bad fd %d: %s", fds[i].fd,
925 				    strerror(errno));
926 
927 			if (fds[i].revents & POLLHUP) {
928 				/* fds[i] may be the fd of the stdin
929 				 * of a cgi script that has exited. */
930 				if (!clients[i].waiting_on_child) {
931 					close_conn(&fds[i], &clients[i]);
932 					continue;
933 				}
934 			}
935 
936 			if (fds[i].fd == sock4)
937 				do_accept(sock4, ctx, fds, clients);
938 			else if (fds[i].fd == sock6)
939 				do_accept(sock6, ctx, fds, clients);
940 			else
941 				clients[i].state(&fds[i], &clients[i]);
942 		}
943 	}
944 }