1 /*
2  * Copyright (c) 2020 Omar Polo <op@omarpolo.com>
3  *
4  * Permission to use, copy, modify, and distribute this software for any
5  * purpose with or without fee is hereby granted, provided that the above
6  * copyright notice and this permission notice appear in all copies.
7  *
8  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15  */
16 
17 #include <sys/mman.h>
18 #include <sys/socket.h>
19 #include <sys/stat.h>
20 
21 #include <arpa/inet.h>
22 #include <netinet/in.h>
23 
24 #include <assert.h>
25 #include <err.h>
26 #include <errno.h>
27 #include <fcntl.h>
28 #include <poll.h>
29 #include <signal.h>
30 #include <stdio.h>
31 #include <stdlib.h>
32 #include <string.h>
33 #include <tls.h>
34 #include <unistd.h>
35 
36 #ifndef __OpenBSD__
37 # define pledge(a, b) 0
38 # define unveil(a, b) 0
39 #endif /* __OpenBSD__ */
40 
41 #ifndef INFTIM
42 # define INFTIM -1
43 #endif /* INFTIM */
44 
45 #define GEMINI_URL_LEN (1024+3)	/* URL max len + \r\n + \0 */
46 
47 /* large enough to hold a copy of a gemini URL and still have extra room */
48 #define PATHBUF		2048
49 
50 #define SUCCESS		20
51 #define TEMP_FAILURE	40
52 #define NOT_FOUND	51
53 #define BAD_REQUEST	59
54 
55 #ifndef MAX_USERS
56 #define MAX_USERS	64
57 #endif
58 
59 enum {
60 	S_OPEN,
61 	S_INITIALIZING,
62 	S_SENDING,
63 	S_CLOSING,
64 };
65 
66 struct client {
67 	struct tls	*ctx;
68 	int		 state;
69 	int		 code;
70 	const char	*meta;
71 	int		 fd, waiting_on_child;
72 	pid_t		 child;
73 	char		 sbuf[1024];	  /* static buffer */
74 	void		*buf, *i;	  /* mmap buffer */
75 	ssize_t		 len, off;	  /* mmap/static buffer  */
76 	int		 af;
77 	struct in_addr	 addr;
78 };
79 
80 enum {
81 	FILE_EXISTS,
82 	FILE_EXECUTABLE,
83 	FILE_DIRECTORY,
84 	FILE_MISSING,
85 };
86 
87 struct etm {			/* file extension to mime */
88 	const char	*mime;
89 	const char	*ext;
90 } filetypes[] = {
91 	{"application/pdf",	"pdf"},
92 
93 	{"image/gif",		"gif"},
94 	{"image/jpeg",		"jpg"},
95 	{"image/jpeg",		"jpeg"},
96 	{"image/png",		"png"},
97 	{"image/svg+xml",	"svg"},
98 
99 	{"text/gemini",		"gemini"},
100 	{"text/gemini",		"gmi"},
101 	{"text/markdown",	"markdown"},
102 	{"text/markdown",	"md"},
103 	{"text/plain",		"txt"},
104 	{"text/xml",		"xml"},
105 
106 	{NULL, NULL}
107 };
108 
109 #define LOG(c, fmt, ...)						\
110 	do {								\
111 		char buf[INET_ADDRSTRLEN];				\
112 		if (inet_ntop((c)->af, &(c)->addr, buf, sizeof(buf)) == NULL) \
113 			err(1, "inet_ntop");				\
114 		dprintf(logfd, "[%s] " fmt "\n", buf, __VA_ARGS__);	\
115 	} while (0)
116 
117 const char *dir, *cgi;
118 int dirfd, logfd;
119 int connected_clients;
120 
121 void		 siginfo_handler(int);
122 int		 starts_with(const char*, const char*);
123 
124 char		*url_after_proto(char*);
125 char		*url_start_of_request(char*);
126 int		 url_trim(struct client*, char*);
127 char		*adjust_path(char*);
128 ssize_t		 filesize(int);
129 
130 int		 start_reply(struct pollfd*, struct client*, int, const char*);
131 const char	*path_ext(const char*);
132 const char	*mime(const char*);
133 int		 check_path(const char*, int*);
134 int		 check_for_cgi(char *, char*, struct pollfd*, struct client*);
135 int		 open_file(char*, char*, struct pollfd*, struct client*);
136 int		 start_cgi(const char*, const char*, const char*, struct pollfd*, struct client*);
137 void		 cgi_setpoll_on_child(struct pollfd*, struct client*);
138 void		 cgi_setpoll_on_client(struct pollfd*, struct client*);
139 void		 handle_cgi(struct pollfd*, struct client*);
140 void		 send_file(char*, char*, struct pollfd*, struct client*);
141 void		 send_dir(char*, struct pollfd*, struct client*);
142 void		 handle(struct pollfd*, struct client*);
143 
144 void		 mark_nonblock(int);
145 int		 make_soket(int);
146 void		 do_accept(int, struct tls*, struct pollfd*, struct client*);
147 void		 goodbye(struct pollfd*, struct client*);
148 void		 loop(struct tls*, int);
149 
150 void		 usage(const char*);
151 
152 void
153 siginfo_handler(int sig)
154 {
155 	(void)sig;
156 }
157 
158 int
159 starts_with(const char *str, const char *prefix)
160 {
161 	size_t i;
162 
163 	for (i = 0; prefix[i] != '\0'; ++i)
164 		if (str[i] != prefix[i])
165 			return 0;
166 	return 1;
167 }
168 
169 char *
170 url_after_proto(char *url)
171 {
172 	char *s;
173 	const char *proto = "gemini";
174 	const char *marker = "://";
175 
176 	/* a relative URL */
177 	if ((s = strstr(url, marker)) == NULL)
178 		return url;
179 
180 	if (s - strlen(proto) != url)
181 		return NULL;
182 
183 	if (!starts_with(url, proto))
184 		return NULL;
185 
186 	/* a valid gemini:// URL */
187 	return s + strlen(marker);
188 }
189 
190 char *
191 url_start_of_request(char *url)
192 {
193 	char *s, *t;
194 
195 	if ((s = url_after_proto(url)) == NULL)
196 		return NULL;
197 
198 	if ((t = strstr(s, "/")) == NULL)
199 		return s + strlen(s);
200 	return t;
201 }
202 
203 int
204 url_trim(struct client *c, char *url)
205 {
206 	const char *e = "\r\n";
207 	char *s;
208 
209 	if ((s = strstr(url, e)) == NULL)
210 		return 0;
211 	s[0] = '\0';
212 	s[1] = '\0';
213 
214 	if (s[2] != '\0') {
215 		LOG(c, "%s", "request longer than 1024 bytes\n");
216 		return 0;
217 	}
218 
219 	return 1;
220 }
221 
222 char *
223 adjust_path(char *path)
224 {
225 	char *s, *query;
226 	size_t len;
227 
228 	if ((query = strchr(path, '?')) != NULL) {
229 		*query = '\0';
230 		query++;
231 	}
232 
233 	/* /.. -> / */
234 	len = strlen(path);
235 	if (len >= 3) {
236 		if (!strcmp(&path[len-3], "/..")) {
237 			path[len-2] = '\0';
238 		}
239 	}
240 
241 	/* if the path is only `..` trim out and exit */
242 	if (!strcmp(path, "..")) {
243 		path[0] = '\0';
244 		return query;
245 	}
246 
247 	/* remove every ../ in the path */
248 	while (1) {
249 		if ((s = strstr(path, "../")) == NULL)
250 			return query;
251 		memmove(s, s+3, strlen(s)+1);	/* copy also the \0 */
252 	}
253 }
254 
255 int
256 start_reply(struct pollfd *pfd, struct client *client, int code, const char *reason)
257 {
258 	char buf[1030] = {0}; 	/* status + ' ' + max reply len + \r\n\0 */
259 	int len;
260 	int ret;
261 
262 	client->code = code;
263 	client->meta = reason;
264 	client->state = S_INITIALIZING;
265 
266 	len = snprintf(buf, sizeof(buf), "%d %s\r\n", code, reason);
267 	assert(len < (int)sizeof(buf));
268 	ret = tls_write(client->ctx, buf, len);
269 	if (ret == TLS_WANT_POLLIN) {
270 		pfd->events = POLLIN;
271 		return 0;
272 	}
273 
274 	if (ret == TLS_WANT_POLLOUT) {
275 		pfd->events = POLLOUT;
276 		return 0;
277 	}
278 
279 	return 1;
280 }
281 
282 ssize_t
283 filesize(int fd)
284 {
285 	ssize_t len;
286 
287 	if ((len = lseek(fd, 0, SEEK_END)) == -1)
288 		return -1;
289 	if (lseek(fd, 0, SEEK_SET) == -1)
290 		return -1;
291 	return len;
292 }
293 
294 const char *
295 path_ext(const char *path)
296 {
297 	const char *end;
298 
299 	end = path + strlen(path)-1; /* the last byte before the NUL */
300 	for (; end != path; --end) {
301 		if (*end == '.')
302 			return end+1;
303 		if (*end == '/')
304 			break;
305 	}
306 
307 	return NULL;
308 }
309 
310 const char *
311 mime(const char *path)
312 {
313 	const char *ext, *def = "application/octet-stream";
314 	struct etm *t;
315 
316 	if ((ext = path_ext(path)) == NULL)
317 		return def;
318 
319 	for (t = filetypes; t->mime != NULL; ++t)
320 		if (!strcmp(ext, t->ext))
321 			return t->mime;
322 
323 	return def;
324 }
325 
326 int
327 check_path(const char *path, int *fd)
328 {
329 	struct stat sb;
330 
331 	assert(path != NULL);
332 	if ((*fd = openat(dirfd, path,
333 		    O_RDONLY | O_NOFOLLOW | O_CLOEXEC)) == -1) {
334 		return FILE_MISSING;
335 	}
336 
337 	if (fstat(*fd, &sb) == -1) {
338 		dprintf(logfd, "failed stat for %s\n", path);
339 		return FILE_MISSING;
340 	}
341 
342 	if (S_ISDIR(sb.st_mode))
343 		return FILE_DIRECTORY;
344 
345 	if (sb.st_mode & S_IXUSR)
346 		return FILE_EXECUTABLE;
347 
348 	return FILE_EXISTS;
349 }
350 
351 /*
352  * the inverse of this algorithm, i.e. starting from the start of the
353  * path + strlen(cgi), and checking if each component, should be
354  * faster.  But it's tedious to write.  This does the opposite: starts
355  * from the end and strip one component at a time, until either an
356  * executable is found or we emptied the path.
357  */
358 int
359 check_for_cgi(char *path, char *query, struct pollfd *fds, struct client *c)
360 {
361 	char *end;
362 	end = strchr(path, '\0');
363 
364 	/* NB: assume CGI is enabled and path matches cgi */
365 
366 	while (end > path) {
367 		/* go up one level.  UNIX paths are simple and POSIX
368 		 * dirname, with its ambiguities on if the given path
369 		 * is changed or not, gives me headaches. */
370 		while (*end != '/')
371 			end--;
372 		*end = '\0';
373 
374 		switch (check_path(path, &c->fd)) {
375 		case FILE_EXECUTABLE:
376 			return start_cgi(path, end+1, query, fds,c);
377 		case FILE_MISSING:
378 			break;
379 		default:
380 			goto err;
381 		}
382 
383 		*end = '/';
384 		end--;
385 	}
386 
387 err:
388 	if (!start_reply(fds, c, NOT_FOUND, "not found"))
389 		return 0;
390 	goodbye(fds, c);
391 	return 0;
392 }
393 
394 
395 int
396 open_file(char *path, char *query, struct pollfd *fds, struct client *c)
397 {
398 	char fpath[PATHBUF];
399 
400 	bzero(fpath, sizeof(fpath));
401 
402 	if (*path != '.')
403 		fpath[0] = '.';
404 	strlcat(fpath, path, PATHBUF);
405 
406 	switch (check_path(fpath, &c->fd)) {
407 	case FILE_EXECUTABLE:
408 		/* +2 to skip the ./ */
409 		if (cgi != NULL && starts_with(fpath+2, cgi))
410 			return start_cgi(fpath, "", query, fds, c);
411 
412 		/* fallthrough */
413 
414 	case FILE_EXISTS:
415 		if ((c->len = filesize(c->fd)) == -1) {
416 			LOG(c, "failed to get file size for %s", fpath);
417 			goodbye(fds, c);
418 			return 0;
419 		}
420 
421 		if ((c->buf = mmap(NULL, c->len, PROT_READ, MAP_PRIVATE,
422 			    c->fd, 0)) == MAP_FAILED) {
423 			warn("mmap: %s", fpath);
424 			goodbye(fds, c);
425 			return 0;
426 		}
427 		c->i = c->buf;
428 		return start_reply(fds, c, SUCCESS, mime(fpath));
429 
430 	case FILE_DIRECTORY:
431 		LOG(c, "%s is a directory, trying %s/index.gmi", fpath, fpath);
432 		close(c->fd);
433 		c->fd = -1;
434 		send_dir(fpath, fds, c);
435 		return 0;
436 
437 	case FILE_MISSING:
438 		if (cgi != NULL && starts_with(fpath+2, cgi))
439 			return check_for_cgi(fpath, query, fds, c);
440 
441 		if (!start_reply(fds, c, NOT_FOUND, "not found"))
442 			return 0;
443 		goodbye(fds, c);
444 		return 0;
445 
446 	default:
447 		/* unreachable */
448 		abort();
449 	}
450 }
451 
452 int
453 start_cgi(const char *spath, const char *relpath, const char *query,
454     struct pollfd *fds, struct client *c)
455 {
456 	pid_t pid;
457 	int p[2]; 		/* read end, write end */
458 
459 	if (pipe(p) == -1)
460 		goto err;
461 
462 	switch (pid = fork()) {
463 	case -1:
464 		goto err;
465 
466 	case 0: { 		/* child */
467 		char *ex, *requri;
468 		char addr[INET_ADDRSTRLEN];
469 		char *argv[] = { NULL, NULL, NULL };
470 
471 		spath++;
472 
473 		close(p[0]);
474 		if (dup2(p[1], 1) == -1)
475 			goto childerr;
476 
477 		if (inet_ntop(c->af, &c->addr, addr, sizeof(addr)) == NULL)
478 			goto childerr;
479 
480 		if (asprintf(&ex, "%s%s", dir, spath+1) == -1)
481 			goto childerr;
482 
483 		if (asprintf(&requri, "%s%s%s", spath,
484 		    *relpath == '\0' ? "" : "/",
485 		    relpath) == -1)
486 			goto childerr;
487 
488 		argv[0] = argv[1] = ex;
489 
490 		/* fix the env */
491 		setenv("SERVER_SOFTWARE", "gmid", 1);
492 		setenv("SERVER_PORT", "1965", 1);
493 		/* setenv("SERVER_NAME", "", 1); */
494 		setenv("SCRIPT_NAME", spath, 1);
495 		setenv("SCRIPT_EXECUTABLE", ex, 1);
496 		setenv("REQUEST_URI", requri, 1);
497 		setenv("REQUEST_RELATIVE", relpath, 1);
498 		if (query != NULL)
499 			setenv("QUERY_STRING", query, 1);
500 		setenv("REMOTE_HOST", addr, 1);
501 		setenv("DOCUMENT_ROOT", dir, 1);
502 
503 		execvp(ex, argv);
504 		goto childerr;
505 	}
506 
507 	default:		/* parent */
508 		close(p[1]);
509 		close(c->fd);
510 		c->fd = p[0];
511 		c->child = pid;
512 		mark_nonblock(c->fd);
513 		c->state = S_SENDING;
514 		handle_cgi(fds, c);
515 		return 0;
516 	}
517 
518 err:
519 	if (!start_reply(fds, c, TEMP_FAILURE, "internal server error"))
520 		return 0;
521 	goodbye(fds, c);
522 	return 0;
523 
524 childerr:
525 	dprintf(p[1], "%d internal server error\r\n", TEMP_FAILURE);
526 	close(p[1]);
527 	_exit(1);
528 }
529 
530 void
531 cgi_setpoll_on_child(struct pollfd *fds, struct client *c)
532 {
533 	int fd;
534 
535 	if (c->waiting_on_child)
536 		return;
537 	c->waiting_on_child = 1;
538 
539 	fds->events = POLLIN;
540 
541 	fd = fds->fd;
542 	fds->fd = c->fd;
543 	c->fd = fd;
544 }
545 
546 void
547 cgi_setpoll_on_client(struct pollfd *fds, struct client *c)
548 {
549 	int fd;
550 
551 	if (!c->waiting_on_child)
552 		return;
553 	c->waiting_on_child = 0;
554 
555 	fd = fds->fd;
556 	fds->fd = c->fd;
557 	c->fd = fd;
558 }
559 
560 void
561 handle_cgi(struct pollfd *fds, struct client *c)
562 {
563 	ssize_t r;
564 
565 	/* ensure c->fd is the child and fds->fd the client */
566 	cgi_setpoll_on_client(fds, c);
567 
568 	while (1) {
569 		if (c->len == 0) {
570 			if ((r = read(c->fd, c->sbuf, sizeof(c->sbuf))) == 0)
571 				goto end;
572 			if (r == -1) {
573 				if (errno == EAGAIN || errno == EWOULDBLOCK) {
574 					cgi_setpoll_on_child(fds, c);
575 					return;
576 				}
577                                 goto end;
578 			}
579 			c->len = r;
580 			c->off = 0;
581 		}
582 
583 		while (c->len > 0) {
584 			switch (r = tls_write(c->ctx, c->sbuf + c->off, c->len)) {
585 			case -1:
586 				goto end;
587 
588 			case TLS_WANT_POLLOUT:
589 				fds->events = POLLOUT;
590 				return;
591 
592 			case TLS_WANT_POLLIN:
593 				fds->events = POLLIN;
594 				return;
595 
596 			default:
597                                 c->off += r;
598 				c->len -= r;
599 				break;
600 			}
601 		}
602 	}
603 
604 end:
605 	goodbye(fds, c);
606 }
607 
608 void
609 send_file(char *path, char *query, struct pollfd *fds, struct client *c)
610 {
611 	ssize_t ret, len;
612 
613 	if (c->fd == -1) {
614 		if (!open_file(path, query, fds, c))
615 			return;
616 		c->state = S_SENDING;
617 	}
618 
619 	len = (c->buf + c->len) - c->i;
620 
621 	while (len > 0) {
622 		switch (ret = tls_write(c->ctx, c->i, len)) {
623 		case -1:
624 			LOG(c, "tls_write: %s", tls_error(c->ctx));
625 			goodbye(fds, c);
626 			return;
627 
628 		case TLS_WANT_POLLIN:
629 			fds->events = POLLIN;
630 			return;
631 
632 		case TLS_WANT_POLLOUT:
633 			fds->events = POLLOUT;
634 			return;
635 
636 		default:
637 			c->i += ret;
638 			len -= ret;
639 			break;
640 		}
641 	}
642 
643 	goodbye(fds, c);
644 }
645 
646 void
647 send_dir(char *path, struct pollfd *fds, struct client *client)
648 {
649 	char fpath[PATHBUF];
650 	size_t len;
651 
652 	bzero(fpath, PATHBUF);
653 
654 	if (path[0] != '.')
655 		fpath[0] = '.';
656 
657 	/* this cannot fail since sizeof(fpath) > maxlen of path */
658 	strlcat(fpath, path, PATHBUF);
659 	len = strlen(fpath);
660 
661 	/* add a trailing / in case. */
662 	if (fpath[len-1] != '/') {
663 		fpath[len] = '/';
664 	}
665 
666 	strlcat(fpath, "index.gmi", sizeof(fpath));
667 
668 	send_file(fpath, NULL, fds, client);
669 }
670 
671 void
672 handle(struct pollfd *fds, struct client *client)
673 {
674 	char buf[GEMINI_URL_LEN];
675 	char *path;
676 	char *query;
677 
678 	switch (client->state) {
679 	case S_OPEN:
680 		bzero(buf, GEMINI_URL_LEN);
681 		switch (tls_read(client->ctx, buf, sizeof(buf)-1)) {
682 		case -1:
683 			LOG(client, "tls_read: %s", tls_error(client->ctx));
684 			goodbye(fds, client);
685 			return;
686 
687 		case TLS_WANT_POLLIN:
688 			fds->events = POLLIN;
689 			return;
690 
691 		case TLS_WANT_POLLOUT:
692 			fds->events = POLLOUT;
693 			return;
694 		}
695 
696 		if (!url_trim(client, buf)) {
697 			if (!start_reply(fds, client, BAD_REQUEST, "bad request"))
698 				return;
699 			goodbye(fds, client);
700 			return;
701 		}
702 
703 		if ((path = url_start_of_request(buf)) == NULL) {
704 			if (!start_reply(fds, client, BAD_REQUEST, "bad request"))
705 				return;
706 			goodbye(fds, client);
707 			return;
708 		}
709 
710 		query = adjust_path(path);
711 		LOG(client, "get %s%s%s", path,
712 		    query ? "?" : "",
713 		    query ? query : "");
714 
715 		send_file(path, query, fds, client);
716 		break;
717 
718 	case S_INITIALIZING:
719 		if (!start_reply(fds, client, client->code, client->meta))
720 			return;
721 
722 		if (client->code != SUCCESS) {
723 			/* we don't need a body */
724 			goodbye(fds, client);
725 			return;
726 		}
727 
728 		client->state = S_SENDING;
729 
730 		/* fallthrough */
731 
732 	case S_SENDING:
733 		if (client->child != -1)
734 			handle_cgi(fds, client);
735 		else
736 			send_file(NULL, NULL, fds, client);
737 		break;
738 
739 	case S_CLOSING:
740 		goodbye(fds, client);
741 		break;
742 
743 	default:
744 		/* unreachable */
745 		abort();
746 	}
747 }
748 
749 void
750 mark_nonblock(int fd)
751 {
752 	int flags;
753 
754 	if ((flags = fcntl(fd, F_GETFL)) == -1)
755 		err(1, "fcntl(F_GETFL)");
756 	if (fcntl(fd, F_SETFL, flags | O_NONBLOCK) == -1)
757 		err(1, "fcntl(F_SETFL)");
758 }
759 
760 int
761 make_socket(int port, int family)
762 {
763 	int sock, v;
764 	struct sockaddr_in addr4;
765 	struct sockaddr_in6 addr6;
766 	struct sockaddr *addr;
767 	socklen_t len;
768 
769         switch (family) {
770 	case AF_INET:
771 		bzero(&addr4, sizeof(addr4));
772 		addr4.sin_family = family;
773 		addr4.sin_port = htons(port);
774 		addr4.sin_addr.s_addr = INADDR_ANY;
775 		addr = (struct sockaddr*)&addr4;
776 		len = sizeof(addr4);
777 		break;
778 
779 	case AF_INET6:
780 		bzero(&addr6, sizeof(addr6));
781 		addr6.sin6_family = AF_INET6;
782 		addr6.sin6_port = htons(port);
783 		addr6.sin6_addr = in6addr_any;
784 		addr = (struct sockaddr*)&addr6;
785 		len = sizeof(addr6);
786 		break;
787 
788 	default:
789 		/* unreachable */
790 		abort();
791 	}
792 
793 	if ((sock = socket(family, SOCK_STREAM, 0)) == -1)
794 		err(1, "socket");
795 
796 	v = 1;
797 	if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &v, sizeof(v)) == -1)
798 		err(1, "setsockopt(SO_REUSEADDR)");
799 
800 	v = 1;
801 	if (setsockopt(sock, SOL_SOCKET, SO_REUSEPORT, &v, sizeof(v)) == -1)
802 		err(1, "setsockopt(SO_REUSEPORT)");
803 
804 	mark_nonblock(sock);
805 
806 	if (bind(sock, addr, len) == -1)
807 		err(1, "bind");
808 
809 	if (listen(sock, 16) == -1)
810 		err(1, "listen");
811 
812 	return sock;
813 }
814 
815 void
816 do_accept(int sock, struct tls *ctx, struct pollfd *fds, struct client *clients)
817 {
818 	int i, fd;
819 	struct sockaddr_in addr;
820 	socklen_t len;
821 
822 	len = sizeof(addr);
823 	if ((fd = accept(sock, (struct sockaddr*)&addr, &len)) == -1) {
824 		if (errno == EWOULDBLOCK)
825 			return;
826 		err(1, "accept");
827 	}
828 
829 	mark_nonblock(fd);
830 
831 	for (i = 0; i < MAX_USERS; ++i) {
832 		if (fds[i].fd == -1) {
833 			bzero(&clients[i], sizeof(struct client));
834 			if (tls_accept_socket(ctx, &clients[i].ctx, fd) == -1)
835 				break; /* goodbye fd! */
836 
837 			fds[i].fd = fd;
838 			fds[i].events = POLLIN;
839 
840 			clients[i].state = S_OPEN;
841 			clients[i].fd = -1;
842 			clients[i].child = -1;
843 			clients[i].buf = MAP_FAILED;
844 			clients[i].af = AF_INET;
845 			clients[i].addr = addr.sin_addr;
846 
847 			connected_clients++;
848 			return;
849 		}
850 	}
851 
852 	close(fd);
853 }
854 
855 void
856 goodbye(struct pollfd *pfd, struct client *c)
857 {
858 	ssize_t ret;
859 
860 	c->state = S_CLOSING;
861 
862 	ret = tls_close(c->ctx);
863 	if (ret == TLS_WANT_POLLIN) {
864 		pfd->events = POLLIN;
865 		return;
866 	}
867 	if (ret == TLS_WANT_POLLOUT) {
868 		pfd->events = POLLOUT;
869 		return;
870 	}
871 
872 	connected_clients--;
873 
874 	tls_free(c->ctx);
875 	c->ctx = NULL;
876 
877 	if (c->buf != MAP_FAILED)
878 		munmap(c->buf, c->len);
879 
880 	if (c->fd != -1)
881 		close(c->fd);
882 
883 	close(pfd->fd);
884 	pfd->fd = -1;
885 }
886 
887 void
888 loop(struct tls *ctx, int sock)
889 {
890 	int i, todo;
891 	struct client clients[MAX_USERS];
892 	struct pollfd fds[MAX_USERS];
893 
894 	for (i = 0; i < MAX_USERS; ++i) {
895 		fds[i].fd = -1;
896 		fds[i].events = POLLIN;
897 		bzero(&clients[i], sizeof(struct client));
898 	}
899 
900 	fds[0].fd = sock;
901 
902 	for (;;) {
903 		if ((todo = poll(fds, MAX_USERS, INFTIM)) == -1) {
904 			if (errno == EINTR) {
905                                 warnx("connected clients: %d", connected_clients);
906 				continue;
907 			}
908 			err(1, "poll");
909 		}
910 
911 		for (i = 0; i < MAX_USERS; i++) {
912 			assert(i < MAX_USERS);
913 
914 			if (fds[i].revents == 0)
915 				continue;
916 
917 			if (fds[i].revents & (POLLERR|POLLNVAL))
918 				err(1, "bad fd %d", fds[i].fd);
919 
920 			if (fds[i].revents & POLLHUP) {
921 				/* fds[i] may be the fd of the stdin
922 				 * of a cgi script that has exited. */
923 				if (!clients[i].waiting_on_child) {
924 					goodbye(&fds[i], &clients[i]);
925 					continue;
926 				}
927 			}
928 
929 			todo--;
930 
931 			if (i == 0) { /* new client */
932 				do_accept(sock, ctx, fds, clients);
933 				continue;
934 			}
935 
936 			handle(&fds[i], &clients[i]);
937 		}
938 	}
939 }
940 
941 void
942 usage(const char *me)
943 {
944 	fprintf(stderr,
945 	    "USAGE: %s [-h] [-c cert.pem] [-d docs] [-k key.pem] "
946 	    "[-l logfile] [-x cgi-bin]\n",
947 	    me);
948 }
949 
950 int
951 main(int argc, char **argv)
952 {
953 	const char *cert = "cert.pem", *key = "key.pem";
954 	struct tls *ctx = NULL;
955 	struct tls_config *conf;
956 	int sock, ch;
957 
958 	signal(SIGPIPE, SIG_IGN);
959 	signal(SIGCHLD, SIG_IGN);
960 
961 #ifdef SIGINFO
962 	signal(SIGINFO, siginfo_handler);
963 #endif
964 	signal(SIGUSR2, siginfo_handler);
965 
966 	connected_clients = 0;
967 
968 	dir = "docs/";
969 	logfd = 2;		/* stderr */
970 	cgi = NULL;
971 
972 	while ((ch = getopt(argc, argv, "c:d:hk:l:x:")) != -1) {
973 		switch (ch) {
974 		case 'c':
975 			cert = optarg;
976 			break;
977 
978 		case 'd':
979 			dir = optarg;
980 			break;
981 
982 		case 'h':
983 			usage(*argv);
984 			return 0;
985 
986 		case 'k':
987 			key = optarg;
988 			break;
989 
990 		case 'l':
991 			/* open log file or create it with 644 */
992 			if ((logfd = open(optarg, O_WRONLY | O_CREAT | O_CLOEXEC,
993 					S_IRUSR | S_IWUSR | S_IRGRP | S_IWOTH)) == -1)
994 				err(1, "%s", optarg);
995 			break;
996 
997 		case 'x':
998 			cgi = optarg;
999 			break;
1000 
1001 		default:
1002 			usage(*argv);
1003 			return 1;
1004 		}
1005 	}
1006 
1007 	if ((conf = tls_config_new()) == NULL)
1008 		err(1, "tls_config_new");
1009 
1010 	if (tls_config_set_protocols(conf,
1011 	    TLS_PROTOCOL_TLSv1_2 | TLS_PROTOCOL_TLSv1_3) == -1)
1012 		err(1, "tls_config_set_protocols");
1013 
1014 	if (tls_config_set_cert_file(conf, cert) == -1)
1015 		err(1, "tls_config_set_cert_file: %s", cert);
1016 
1017 	if (tls_config_set_key_file(conf, key) == -1)
1018 		err(1, "tls_config_set_key_file: %s", key);
1019 
1020 	if ((ctx = tls_server()) == NULL)
1021 		err(1, "tls_server");
1022 
1023 	if (tls_configure(ctx, conf) == -1)
1024 		errx(1, "tls_configure: %s", tls_error(ctx));
1025 
1026 	sock = make_socket(1965, AF_INET);
1027 
1028 	if ((dirfd = open(dir, O_RDONLY | O_DIRECTORY)) == -1)
1029 		err(1, "open: %s", dir);
1030 
1031 	if (cgi != NULL) {
1032 		if (unveil(dir, "rx") == -1)
1033 			err(1, "unveil");
1034 		if (pledge("stdio rpath inet proc exec", NULL) == -1)
1035 			err(1, "pledge");
1036 	} else {
1037 		if (unveil(dir, "r") == -1)
1038 			err(1, "unveil");
1039 		if (pledge("stdio rpath inet", NULL) == -1)
1040 			err(1, "pledge");
1041 	}
1042 
1043 	loop(ctx, sock);
1044 
1045 	close(sock);
1046 	tls_free(ctx);
1047 	tls_config_free(conf);
1048 }