2 * Copyright (c) 2021 Omar Polo <op@omarpolo.com>
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
31 struct client clients[MAX_USERS];
33 static struct tls *ctx;
35 static struct event e4, e6, imsgev, siginfo, sigusr2;
36 static int has_ipv6, has_siginfo;
38 int connected_clients;
40 static inline int matches(const char*, const char*);
42 static inline void yield_read(int, struct client*, statefn);
43 static inline void yield_write(int, struct client*, statefn);
45 static int check_path(struct client*, const char*, int*);
46 static void open_file(struct client*);
47 static void check_for_cgi(struct client*);
48 static void handle_handshake(int, short, void*);
49 static const char *strip_path(const char*, int);
50 static void fmt_sbuf(const char*, struct client*, const char*);
51 static int apply_block_return(struct client*);
52 static int apply_require_ca(struct client*);
53 static void handle_open_conn(int, short, void*);
54 static void handle_start_reply(int, short, void*);
55 static size_t host_nth(struct vhost*);
56 static void start_cgi(const char*, const char*, struct client*);
57 static void open_dir(struct client*);
58 static void redirect_canonical_dir(struct client*);
59 static void enter_handle_dirlist(int, short, void*);
60 static void handle_dirlist(int, short, void*);
61 static int read_next_dir_entry(struct client*);
62 static void send_directory_listing(int, short, void*);
63 static void handle_cgi_reply(int, short, void*);
64 static void handle_copy(int, short, void*);
65 static void do_accept(int, short, void*);
66 static void handle_imsg_cgi_res(struct imsgbuf*, struct imsg*, size_t);
67 static void handle_imsg_fcgi_fd(struct imsgbuf*, struct imsg*, size_t);
68 static void handle_imsg_quit(struct imsgbuf*, struct imsg*, size_t);
69 static void handle_siginfo(int, short, void*);
71 static imsg_handlerfn *handlers[] = {
72 [IMSG_QUIT] = handle_imsg_quit,
73 [IMSG_CGI_RES] = handle_imsg_cgi_res,
74 [IMSG_FCGI_FD] = handle_imsg_fcgi_fd,
78 matches(const char *pattern, const char *path)
82 return !fnmatch(pattern, path, 0);
86 yield_read(int fd, struct client *c, statefn fn)
88 event_once(fd, EV_READ, fn, c, NULL);
92 yield_write(int fd, struct client *c, statefn fn)
94 event_once(fd, EV_WRITE, fn, c, NULL);
98 vhost_lang(struct vhost *v, const char *path)
100 struct location *loc;
102 if (v == NULL || path == NULL)
105 loc = TAILQ_FIRST(&v->locations);
106 while ((loc = TAILQ_NEXT(loc, locations)) != NULL) {
107 if (loc->lang != NULL) {
108 if (matches(loc->match, path))
113 return TAILQ_FIRST(&v->locations)->lang;
117 vhost_default_mime(struct vhost *v, const char *path)
119 struct location *loc;
120 const char *default_mime = "application/octet-stream";
122 if (v == NULL || path == NULL)
125 loc = TAILQ_FIRST(&v->locations);
126 while ((loc = TAILQ_NEXT(loc, locations)) != NULL) {
127 if (loc->default_mime != NULL) {
128 if (matches(loc->match, path))
129 return loc->default_mime;
133 loc = TAILQ_FIRST(&v->locations);
134 if (loc->default_mime != NULL)
135 return loc->default_mime;
140 vhost_index(struct vhost *v, const char *path)
142 struct location *loc;
143 const char *index = "index.gmi";
145 if (v == NULL || path == NULL)
148 loc = TAILQ_FIRST(&v->locations);
149 while ((loc = TAILQ_NEXT(loc, locations)) != NULL) {
150 if (loc->index != NULL) {
151 if (matches(loc->match, path))
156 loc = TAILQ_FIRST(&v->locations);
157 if (loc->index != NULL)
163 vhost_auto_index(struct vhost *v, const char *path)
165 struct location *loc;
167 if (v == NULL || path == NULL)
170 loc = TAILQ_FIRST(&v->locations);
171 while ((loc = TAILQ_NEXT(loc, locations)) != NULL) {
172 if (loc->auto_index != 0) {
173 if (matches(loc->match, path))
174 return loc->auto_index == 1;
178 loc = TAILQ_FIRST(&v->locations);
179 return loc->auto_index == 1;
183 vhost_block_return(struct vhost *v, const char *path, int *code, const char **fmt)
185 struct location *loc;
187 if (v == NULL || path == NULL)
190 loc = TAILQ_FIRST(&v->locations);
191 while ((loc = TAILQ_NEXT(loc, locations)) != NULL) {
192 if (loc->block_code != 0) {
193 if (matches(loc->match, path)) {
194 *code = loc->block_code;
195 *fmt = loc->block_fmt;
201 loc = TAILQ_FIRST(&v->locations);
202 *code = loc->block_code;
203 *fmt = loc->block_fmt;
204 return loc->block_code != 0;
208 vhost_fastcgi(struct vhost *v, const char *path)
210 struct location *loc;
212 if (v == NULL || path == NULL)
215 loc = TAILQ_FIRST(&v->locations);
216 while ((loc = TAILQ_NEXT(loc, locations)) != NULL) {
218 if (matches(loc->match, path))
222 loc = TAILQ_FIRST(&v->locations);
227 vhost_dirfd(struct vhost *v, const char *path, size_t *retloc)
229 struct location *loc;
232 if (v == NULL || path == NULL)
235 loc = TAILQ_FIRST(&v->locations);
236 while ((loc = TAILQ_NEXT(loc, locations)) != NULL) {
238 if (loc->dirfd != -1)
239 if (matches(loc->match, path)) {
246 loc = TAILQ_FIRST(&v->locations);
251 vhost_strip(struct vhost *v, const char *path)
253 struct location *loc;
255 if (v == NULL || path == NULL)
258 loc = TAILQ_FIRST(&v->locations);
259 while ((loc = TAILQ_NEXT(loc, locations)) != NULL) {
260 if (loc->strip != 0) {
261 if (matches(loc->match, path))
266 loc = TAILQ_FIRST(&v->locations);
271 vhost_require_ca(struct vhost *v, const char *path)
273 struct location *loc;
275 if (v == NULL || path == NULL)
278 loc = TAILQ_FIRST(&v->locations);
279 while ((loc = TAILQ_NEXT(loc, locations)) != NULL) {
280 if (loc->reqca != NULL) {
281 if (matches(loc->match, path))
286 loc = TAILQ_FIRST(&v->locations);
291 vhost_disable_log(struct vhost *v, const char *path)
293 struct location *loc;
295 if (v == NULL || path == NULL)
298 loc = TAILQ_FIRST(&v->locations);
299 while ((loc = TAILQ_NEXT(loc, locations)) != NULL) {
300 if (loc->disable_log && matches(loc->match, path))
304 loc = TAILQ_FIRST(&v->locations);
305 return loc->disable_log;
309 check_path(struct client *c, const char *path, int *fd)
315 assert(path != NULL);
318 * in send_dir we add an initial / (to be redirect-friendly),
319 * but here we want to skip it
324 strip = vhost_strip(c->host, path);
325 p = strip_path(path, strip);
332 dirfd = vhost_dirfd(c->host, path, &c->loc);
333 log_debug(c, "check_path: strip=%d path=%s original=%s",
335 if (*fd == -1 && (*fd = openat(dirfd, p, O_RDONLY)) == -1)
338 if (fstat(*fd, &sb) == -1) {
339 log_notice(c, "failed stat for %s: %s", path, strerror(errno));
343 if (S_ISDIR(sb.st_mode))
344 return FILE_DIRECTORY;
346 if (sb.st_mode & S_IXUSR)
347 return FILE_EXECUTABLE;
353 open_file(struct client *c)
355 switch (check_path(c, c->iri.path, &c->pfd)) {
356 case FILE_EXECUTABLE:
357 if (c->host->cgi != NULL && matches(c->host->cgi, c->iri.path)) {
358 start_cgi(c->iri.path, "", c);
365 c->next = handle_copy;
366 start_reply(c, SUCCESS, mime(c->host, c->iri.path));
374 if (c->host->cgi != NULL && matches(c->host->cgi, c->iri.path)) {
378 start_reply(c, NOT_FOUND, "not found");
388 * the inverse of this algorithm, i.e. starting from the start of the
389 * path + strlen(cgi), and checking if each component, should be
390 * faster. But it's tedious to write. This does the opposite: starts
391 * from the end and strip one component at a time, until either an
392 * executable is found or we emptied the path.
395 check_for_cgi(struct client *c)
400 strlcpy(path, c->iri.path, sizeof(path));
401 end = strchr(path, '\0');
405 * go up one level. UNIX paths are simple and POSIX
406 * dirname, with its ambiguities on if the given
407 * pointer is changed or not, gives me headaches.
413 switch (check_path(c, path, &c->pfd)) {
414 case FILE_EXECUTABLE:
415 start_cgi(path, end+1, c);
428 start_reply(c, NOT_FOUND, "not found");
433 mark_nonblock(int fd)
437 if ((flags = fcntl(fd, F_GETFL)) == -1)
438 fatal("fcntl(F_GETFL): %s", strerror(errno));
439 if (fcntl(fd, F_SETFL, flags | O_NONBLOCK) == -1)
440 fatal("fcntl(F_SETFL): %s", strerror(errno));
444 handle_handshake(int fd, short ev, void *d)
446 struct client *c = d;
449 const char *servname;
450 const char *parse_err = "unknown error";
452 switch (tls_handshake(c->ctx)) {
453 case 0: /* success */
454 case -1: /* already handshaked */
456 case TLS_WANT_POLLIN:
457 yield_read(fd, c, &handle_handshake);
459 case TLS_WANT_POLLOUT:
460 yield_write(fd, c, &handle_handshake);
467 if ((servname = tls_conn_servername(c->ctx)) == NULL) {
468 log_debug(c, "handshake: missing SNI");
472 if (!puny_decode(servname, c->domain, sizeof(c->domain), &parse_err)) {
473 log_info(c, "puny_decode: %s", parse_err);
477 TAILQ_FOREACH(h, &hosts, vhosts) {
478 if (matches(h->domain, c->domain))
480 TAILQ_FOREACH(a, &h->aliases, aliases) {
481 if (matches(a->alias, c->domain))
487 log_debug(c, "handshake: SNI: \"%s\"; decoded: \"%s\"; matched: \"%s\"",
488 servname != NULL ? servname : "(null)",
490 h != NULL ? h->domain : "(null)");
494 handle_open_conn(fd, ev, c);
499 if (servname != NULL)
500 strlcpy(c->req, servname, sizeof(c->req));
502 strlcpy(c->req, "null", sizeof(c->req));
504 start_reply(c, BAD_REQUEST, "Wrong/malformed host or missing SNI");
508 strip_path(const char *path, int strip)
513 if ((t = strchr(path, '/')) == NULL) {
514 path = strchr(path, '\0');
525 fmt_sbuf(const char *fmt, struct client *c, const char *path)
530 memset(buf, 0, sizeof(buf));
531 for (i = 0; *fmt; ++fmt) {
532 if (i == sizeof(buf)-1 || *fmt == '%') {
533 strlcat(c->sbuf, buf, sizeof(c->sbuf));
534 memset(buf, 0, sizeof(buf));
545 strlcat(c->sbuf, "%", sizeof(c->sbuf));
549 strlcat(c->sbuf, "/", sizeof(c->sbuf));
550 strlcat(c->sbuf, path, sizeof(c->sbuf));
553 strlcat(c->sbuf, c->iri.query, sizeof(c->sbuf));
556 snprintf(buf, sizeof(buf), "%d", conf.port);
557 strlcat(c->sbuf, buf, sizeof(c->sbuf));
558 memset(buf, 0, sizeof(buf));
561 strlcat(c->sbuf, c->domain, sizeof(c->sbuf));
564 fatal("%s: unknown fmt specifier %c",
570 strlcat(c->sbuf, buf, sizeof(c->sbuf));
573 /* 1 if a matching `block return' (and apply it), 0 otherwise */
575 apply_block_return(struct client *c)
577 const char *fmt, *path;
580 if (!vhost_block_return(c->host, c->iri.path, &code, &fmt))
583 path = strip_path(c->iri.path, vhost_strip(c->host, c->iri.path));
584 fmt_sbuf(fmt, c, path);
586 start_reply(c, code, c->sbuf);
590 /* 1 if matching `fcgi' (and apply it), 0 otherwise */
592 apply_fastcgi(struct client *c)
597 if ((id = vhost_fastcgi(c->host, c->iri.path)) == -1)
600 switch ((f = &fcgi[id])->s) {
602 f->s = FCGI_INFLIGHT;
603 log_info(c, "opening fastcgi connection for (%s,%s,%s)",
604 f->path, f->port, f->prog);
605 imsg_compose(&exibuf, IMSG_FCGI_REQ, 0, 0, -1,
621 /* 1 if matching `require client ca' fails (and apply it), 0 otherwise */
623 apply_require_ca(struct client *c)
629 if ((store = vhost_require_ca(c->host, c->iri.path)) == NULL)
632 if (!tls_peer_cert_provided(c->ctx)) {
633 start_reply(c, CLIENT_CERT_REQ, "client certificate required");
637 cert = tls_peer_cert_chain_pem(c->ctx, &len);
638 if (!validate_against_ca(store, cert, len)) {
639 start_reply(c, CERT_NOT_AUTH, "certificate not authorised");
647 handle_open_conn(int fd, short ev, void *d)
649 struct client *c = d;
650 const char *parse_err = "invalid request";
651 char decoded[DOMAIN_NAME_LEN];
653 switch (tls_read(c->ctx, c->req, sizeof(c->req)-1)) {
655 log_err(c, "tls_read: %s", tls_error(c->ctx));
656 close_conn(fd, ev, c);
659 case TLS_WANT_POLLIN:
660 yield_read(fd, c, &handle_open_conn);
663 case TLS_WANT_POLLOUT:
664 yield_write(fd, c, &handle_open_conn);
668 if (!trim_req_iri(c->req, &parse_err)
669 || !parse_iri(c->req, &c->iri, &parse_err)
670 || !puny_decode(c->iri.host, decoded, sizeof(decoded), &parse_err)) {
671 log_info(c, "iri parse error: %s", parse_err);
672 start_reply(c, BAD_REQUEST, "invalid request");
676 if (c->iri.port_no != conf.port
677 || strcmp(c->iri.schema, "gemini")
678 || strcmp(decoded, c->domain)) {
679 start_reply(c, PROXY_REFUSED, "won't proxy request");
683 if (apply_require_ca(c))
686 if (apply_block_return(c))
689 if (apply_fastcgi(c))
692 if (c->host->entrypoint != NULL) {
694 start_cgi(c->host->entrypoint, c->iri.path, c);
702 start_reply(struct client *c, int code, const char *meta)
706 handle_start_reply(c->fd, 0, c);
710 handle_start_reply(int fd, short ev, void *d)
712 struct client *c = d;
713 char buf[1030]; /* status + ' ' + max reply len + \r\n\0 */
717 lang = vhost_lang(c->host, c->iri.path);
719 snprintf(buf, sizeof(buf), "%d ", c->code);
720 strlcat(buf, c->meta, sizeof(buf));
721 if (!strcmp(c->meta, "text/gemini") && lang != NULL) {
722 strlcat(buf, "; lang=", sizeof(buf));
723 strlcat(buf, lang, sizeof(buf));
726 len = strlcat(buf, "\r\n", sizeof(buf));
727 assert(len < sizeof(buf));
729 switch (tls_write(c->ctx, buf, len)) {
731 close_conn(fd, ev, c);
733 case TLS_WANT_POLLIN:
734 yield_read(fd, c, &handle_start_reply);
736 case TLS_WANT_POLLOUT:
737 yield_write(fd, c, &handle_start_reply);
741 if (!vhost_disable_log(c->host, c->iri.path))
742 log_request(c, buf, sizeof(buf));
744 if (c->code != SUCCESS)
745 close_conn(fd, ev, c);
751 host_nth(struct vhost *h)
756 TAILQ_FOREACH(v, &hosts, vhosts) {
766 start_cgi(const char *spath, const char *relpath, struct client *c)
768 char addr[NI_MAXHOST];
773 e = getnameinfo((struct sockaddr*)&c->addr, sizeof(c->addr),
778 fatal("getnameinfo failed");
780 memset(&req, 0, sizeof(req));
782 memcpy(req.buf, c->req, sizeof(req.buf));
784 req.iri_schema_off = c->iri.schema - c->req;
785 req.iri_host_off = c->iri.host - c->req;
786 req.iri_port_off = c->iri.port - c->req;
787 req.iri_path_off = c->iri.path - c->req;
788 req.iri_query_off = c->iri.query - c->req;
789 req.iri_fragment_off = c->iri.fragment - c->req;
791 req.iri_portno = c->iri.port_no;
793 strlcpy(req.spath, spath, sizeof(req.spath));
794 strlcpy(req.relpath, relpath, sizeof(req.relpath));
795 strlcpy(req.addr, addr, sizeof(req.addr));
797 if ((t = tls_peer_cert_subject(c->ctx)) != NULL)
798 strlcpy(req.subject, t, sizeof(req.subject));
799 if ((t = tls_peer_cert_issuer(c->ctx)) != NULL)
800 strlcpy(req.issuer, t, sizeof(req.issuer));
801 if ((t = tls_peer_cert_hash(c->ctx)) != NULL)
802 strlcpy(req.hash, t, sizeof(req.hash));
803 if ((t = tls_conn_version(c->ctx)) != NULL)
804 strlcpy(req.version, t, sizeof(req.version));
805 if ((t = tls_conn_cipher(c->ctx)) != NULL)
806 strlcpy(req.cipher, t, sizeof(req.cipher));
808 req.cipher_strength = tls_conn_cipher_strength(c->ctx);
809 req.notbefore = tls_peer_cert_notbefore(c->ctx);
810 req.notafter = tls_peer_cert_notafter(c->ctx);
812 req.host_off = host_nth(c->host);
813 req.loc_off = c->loc;
815 imsg_compose(&exibuf, IMSG_CGI_REQ, c->id, 0, -1, &req, sizeof(req));
822 open_dir(struct client *c)
828 root = !strcmp(c->iri.path, "/") || *c->iri.path == '\0';
830 len = strlen(c->iri.path);
831 if (len > 0 && !ends_with(c->iri.path, "/")) {
832 redirect_canonical_dir(c);
836 strlcpy(c->sbuf, "/", sizeof(c->sbuf));
837 strlcat(c->sbuf, c->iri.path, sizeof(c->sbuf));
838 if (!ends_with(c->sbuf, "/"))
839 strlcat(c->sbuf, "/", sizeof(c->sbuf));
840 before_file = strchr(c->sbuf, '\0');
841 len = strlcat(c->sbuf, vhost_index(c->host, c->iri.path),
843 if (len >= sizeof(c->sbuf)) {
844 start_reply(c, TEMP_FAILURE, "internal server error");
848 c->iri.path = c->sbuf;
850 /* close later unless we have to generate the dir listing */
854 switch (check_path(c, c->iri.path, &c->pfd)) {
855 case FILE_EXECUTABLE:
856 if (c->host->cgi != NULL && matches(c->host->cgi, c->iri.path)) {
857 start_cgi(c->iri.path, "", c);
864 c->next = handle_copy;
865 start_reply(c, SUCCESS, mime(c->host, c->iri.path));
869 start_reply(c, TEMP_REDIRECT, c->sbuf);
875 if (!vhost_auto_index(c->host, c->iri.path)) {
876 start_reply(c, NOT_FOUND, "not found");
880 c->next = enter_handle_dirlist;
882 c->dirlen = scandir_fd(dirfd, &c->dir,
883 root ? select_non_dotdot : select_non_dot,
885 if (c->dirlen == -1) {
886 log_err(c, "scandir_fd(%d) (vhost:%s) %s: %s",
887 c->pfd, c->host->domain, c->iri.path, strerror(errno));
888 start_reply(c, TEMP_FAILURE, "internal server error");
894 start_reply(c, SUCCESS, "text/gemini");
906 redirect_canonical_dir(struct client *c)
910 strlcpy(c->sbuf, "/", sizeof(c->sbuf));
911 strlcat(c->sbuf, c->iri.path, sizeof(c->sbuf));
912 len = strlcat(c->sbuf, "/", sizeof(c->sbuf));
914 if (len >= sizeof(c->sbuf)) {
915 start_reply(c, TEMP_FAILURE, "internal server error");
919 start_reply(c, TEMP_REDIRECT, c->sbuf);
923 enter_handle_dirlist(int fd, short ev, void *d)
925 struct client *c = d;
929 strlcpy(b, c->iri.path, sizeof(b));
930 l = snprintf(c->sbuf, sizeof(c->sbuf),
931 "# Index of %s\n\n", b);
932 if (l >= sizeof(c->sbuf)) {
934 * This is impossible, given that we have enough space
935 * in c->sbuf to hold the ancilliary string plus the
936 * full path; but it wouldn't read nice without some
937 * error checking, and I'd like to avoid a strlen.
939 close_conn(fd, ev, c);
944 handle_dirlist(fd, ev, c);
948 handle_dirlist(int fd, short ev, void *d)
950 struct client *c = d;
954 switch (r = tls_write(c->ctx, c->sbuf + c->off, c->len)) {
956 close_conn(fd, ev, c);
958 case TLS_WANT_POLLOUT:
959 yield_read(fd, c, &handle_dirlist);
961 case TLS_WANT_POLLIN:
962 yield_write(fd, c, &handle_dirlist);
970 send_directory_listing(fd, ev, c);
974 read_next_dir_entry(struct client *c)
976 if (c->diroff == c->dirlen)
979 /* XXX: url escape */
980 snprintf(c->sbuf, sizeof(c->sbuf), "=> %s\n",
981 c->dir[c->diroff]->d_name);
983 free(c->dir[c->diroff]);
986 c->len = strlen(c->sbuf);
992 send_directory_listing(int fd, short ev, void *d)
994 struct client *c = d;
999 if (!read_next_dir_entry(c))
1003 while (c->len > 0) {
1004 switch (r = tls_write(c->ctx, c->sbuf + c->off, c->len)) {
1008 case TLS_WANT_POLLOUT:
1009 yield_read(fd, c, &send_directory_listing);
1012 case TLS_WANT_POLLIN:
1013 yield_write(fd, c, &send_directory_listing);
1025 close_conn(fd, ev, d);
1028 /* accumulate the meta line from the cgi script. */
1030 handle_cgi_reply(int fd, short ev, void *d)
1032 struct client *c = d;
1038 buf = c->sbuf + c->len;
1039 len = sizeof(c->sbuf) - c->len;
1041 r = read(c->pfd, buf, len);
1042 if (r == 0 || r == -1) {
1043 start_reply(c, CGI_ERROR, "CGI error");
1049 /* TODO: error if the CGI script don't reply correctly */
1050 e = strchr(c->sbuf, '\n');
1051 if (e != NULL || c->len == sizeof(c->sbuf)) {
1052 log_request(c, c->sbuf, c->len);
1055 handle_copy(fd, ev, c);
1059 yield_read(fd, c, &handle_cgi_reply);
1063 handle_copy(int fd, short ev, void *d)
1065 struct client *c = d;
1069 while (c->len > 0) {
1070 switch (r = tls_write(c->ctx, c->sbuf + c->off, c->len)) {
1074 case TLS_WANT_POLLOUT:
1075 yield_write(c->fd, c, &handle_copy);
1078 case TLS_WANT_POLLIN:
1079 yield_read(c->fd, c, &handle_copy);
1089 switch (r = read(c->pfd, c->sbuf, sizeof(c->sbuf))) {
1093 if (errno == EAGAIN || errno == EWOULDBLOCK) {
1094 yield_read(c->pfd, c, &handle_copy);
1105 close_conn(c->fd, ev, d);
1109 close_conn(int fd, short ev, void *d)
1111 struct client *c = d;
1114 switch (tls_close(c->ctx)) {
1115 case TLS_WANT_POLLIN:
1116 yield_read(c->fd, c, &close_conn);
1118 case TLS_WANT_POLLOUT:
1119 yield_read(c->fd, c, &close_conn);
1123 connected_clients--;
1125 while ((mbuf = TAILQ_FIRST(&c->mbufhead)) != NULL) {
1126 TAILQ_REMOVE(&c->mbufhead, mbuf, mbufs);
1144 do_accept(int sock, short et, void *d)
1147 struct sockaddr_storage addr;
1148 struct sockaddr *saddr;
1154 saddr = (struct sockaddr*)&addr;
1156 if ((fd = accept(sock, saddr, &len)) == -1) {
1157 if (errno == EWOULDBLOCK || errno == EAGAIN)
1159 fatal("accept: %s", strerror(errno));
1164 for (i = 0; i < MAX_USERS; ++i) {
1167 memset(c, 0, sizeof(*c));
1169 if (tls_accept_socket(ctx, &c->ctx, fd) == -1)
1170 break; /* goodbye fd! */
1178 yield_read(fd, c, &handle_handshake);
1179 connected_clients++;
1187 static struct client *
1188 client_by_id(int id)
1190 if ((size_t)id > sizeof(clients)/sizeof(clients[0]))
1191 fatal("in client_by_id: invalid id %d", id);
1192 return &clients[id];
1196 try_client_by_id(int id)
1198 if ((size_t)id > sizeof(clients)/sizeof(clients[0]))
1200 return &clients[id];
1204 handle_imsg_cgi_res(struct imsgbuf *ibuf, struct imsg *imsg, size_t len)
1208 c = client_by_id(imsg->hdr.peerid);
1210 if ((c->pfd = imsg->fd) == -1)
1211 start_reply(c, TEMP_FAILURE, "internal server error");
1213 yield_read(c->pfd, c, &handle_cgi_reply);
1217 handle_imsg_fcgi_fd(struct imsgbuf *ibuf, struct imsg *imsg, size_t len)
1223 id = imsg->hdr.peerid;
1226 if ((f->fd = imsg->fd) != -1) {
1228 event_set(&f->e, imsg->fd, EV_READ | EV_PERSIST, &handle_fcgi,
1230 event_add(&f->e, NULL);
1235 for (i = 0; i < MAX_USERS; ++i) {
1244 start_reply(c, TEMP_FAILURE, "internal server error");
1246 send_fcgi_req(f, c);
1251 handle_imsg_quit(struct imsgbuf *ibuf, struct imsg *imsg, size_t len)
1259 * don't call event_loopbreak since we want to finish to
1260 * handle the ongoing connections.
1269 signal_del(&siginfo);
1271 signal_del(&sigusr2);
1273 for (i = 0; i < FCGI_MAX; ++i) {
1274 if (fcgi[i].path == NULL && fcgi[i].prog == NULL)
1277 if (!event_pending(&fcgi[i].e, EV_READ, NULL) ||
1278 fcgi[i].pending != 0)
1281 fcgi_close_backend(&fcgi[i]);
1286 handle_dispatch_imsg(int fd, short ev, void *d)
1288 struct imsgbuf *ibuf = d;
1289 dispatch_imsg(ibuf, handlers, sizeof(handlers));
1293 handle_siginfo(int fd, short ev, void *d)
1299 log_info(NULL, "%d connected clients", connected_clients);
1303 loop(struct tls *ctx_, int sock4, int sock6, struct imsgbuf *ibuf)
1311 memset(&clients, 0, sizeof(clients));
1312 for (i = 0; i < MAX_USERS; ++i)
1315 event_set(&e4, sock4, EV_READ | EV_PERSIST, &do_accept, NULL);
1316 event_add(&e4, NULL);
1320 event_set(&e6, sock6, EV_READ | EV_PERSIST, &do_accept, NULL);
1321 event_add(&e6, NULL);
1324 event_set(&imsgev, ibuf->fd, EV_READ | EV_PERSIST, handle_dispatch_imsg, ibuf);
1325 event_add(&imsgev, NULL);
1329 signal_set(&siginfo, SIGINFO, &handle_siginfo, NULL);
1330 signal_add(&siginfo, NULL);
1332 signal_set(&sigusr2, SIGUSR2, &handle_siginfo, NULL);
1333 signal_add(&sigusr2, NULL);
1335 sandbox_server_process();