1 /*
2  * Copyright (c) 2023 Omar Polo <op@omarpolo.com>
3  *
4  * Permission to use, copy, modify, and distribute this software for any
5  * purpose with or without fee is hereby granted, provided that the above
6  * copyright notice and this permission notice appear in all copies.
7  *
8  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15  */
16 
17 #include "config.h"
18 
19 #include <sys/stat.h>
20 #include <sys/socket.h>
21 
22 #include <errno.h>
23 #include <fcntl.h>
24 #include <netdb.h>
25 #include <poll.h>
26 #include <stdio.h>
27 #include <stdlib.h>
28 #include <string.h>
29 #include <tls.h>
30 #include <unistd.h>
31 
32 #include "iri.h"
33 
34 #ifndef INFTIM
35 #define INFTIM -1
36 #endif
37 
38 #ifndef __OpenBSD__
39 #define pledge(a, b) (0)
40 #endif
41 
42 static int
43 dial(const char *hostname, const char *port)
44 {
45 	struct addrinfo	 hints, *res, *res0;
46 	int		 error, save_errno, s;
47 	const char	*cause = NULL;
48 
49 	if (port == NULL || *port == '\0')
50 		port = "1965";
51 
52 	memset(&hints, 0, sizeof(hints));
53 	hints.ai_family = AF_UNSPEC;
54 	hints.ai_socktype = SOCK_STREAM;
55 	error = getaddrinfo(hostname, port, &hints, &res0);
56 	if (error)
57 		errx(1, "can't resolve %s: %s", hostname, gai_strerror(error));
58 
59 	s = -1;
60 	for (res = res0; res; res = res->ai_next) {
61 		s = socket(res->ai_family, res->ai_socktype,
62 		    res->ai_protocol);
63 		if (s == -1) {
64 			cause = "socket";
65 			continue;
66 		}
67 
68 		if (connect(s, res->ai_addr, res->ai_addrlen) == -1) {
69 			cause = "connect";
70 			save_errno = errno;
71 			close(s);
72 			errno = save_errno;
73 			s = -1;
74 			continue;
75 		}
76 
77 		if (fcntl(s, F_SETFL, O_NONBLOCK) == -1)
78 			err(1, "fcntl");
79 		break; /* got one */
80 	}
81 	if (s == -1)
82 		err(1, "%s", cause);
83 	freeaddrinfo(res0);
84 	return (s);
85 }
86 
87 /* returns read bytes, or -1 on error */
88 static ssize_t
89 iomux(struct tls *ctx, int fd, const char *in, size_t inlen, char *out,
90     size_t outlen)
91 {
92 	struct pollfd	 pfd;
93 	size_t		 outwrote = 0;
94 	ssize_t		 ret;
95 
96 	memset(&pfd, 0, sizeof(pfd));
97 	pfd.fd = fd;
98 	pfd.events = POLLIN|POLLOUT;
99 
100 	for (;;) {
101 		if (poll(&pfd, 1, INFTIM) == -1)
102 			err(1, "poll");
103 		if (pfd.revents & (POLLERR|POLLNVAL))
104 			errx(1, "bad fd %d", pfd.fd);
105 
106 		/* attempt to read */
107 		if (out != NULL) {
108 			switch (ret = tls_read(ctx, out, outlen)) {
109 			case TLS_WANT_POLLIN:
110 			case TLS_WANT_POLLOUT:
111 				break;
112 			case -1:
113 				return -1;
114 			case 0:
115 				if (outwrote == 0)
116 					return -1;
117 				return outwrote;
118 			default:
119 				outwrote += ret;
120 				out += ret;
121 				outlen -= ret;
122 			}
123 
124 			/*
125 			 * don't write if we're reading; titan works
126 			 * like this.
127 			 */
128 			if (outwrote != 0)
129 				continue;
130 		}
131 
132 		if (inlen == 0 && out == NULL)
133 			break;
134 		if (inlen == 0)
135 			continue;
136 
137 		switch (ret = tls_write(ctx, in, inlen)) {
138 		case TLS_WANT_POLLIN:
139 		case TLS_WANT_POLLOUT:
140 			continue;
141 		case 0:
142 		case -1:
143 			return -1;
144 		default:
145 			in += ret;
146 			inlen -= ret;
147 		}
148 	}
149 
150 	return 0;
151 }
152 
153 static FILE *
154 open_input_file(int argc, char **argv)
155 {
156 	FILE	*fp;
157 	char	 buf[BUFSIZ];
158 	char	 sfn[22];
159 	size_t	 r;
160 	int	 fd;
161 
162 	if (argc > 1) {
163 		if ((fp = fopen(argv[1], "r")) == NULL)
164 			err(1, "can't open %s", argv[1]);
165 		return fp;
166 	}
167 
168 	strlcpy(sfn, "/tmp/titan.XXXXXXXXXX", sizeof(sfn));
169 	if ((fd = mkstemp(sfn)) == -1 ||
170 	    (fp = fdopen(fd, "w+")) == NULL) {
171 		warn("%s", sfn);
172 		if (fd != -1) {
173 			unlink(sfn);
174 			close(fd);
175 		}
176 		errx(1, "can't create temp file");
177 	}
178 	unlink(sfn);
179 
180 	for (;;) {
181 		r = fread(buf, 1, sizeof(buf), stdin);
182 		if (r == 0)
183 			break;
184 		fwrite(buf, 1, r, fp);
185 	}
186 	if (ferror(fp))
187 		err(1, "I/O error");
188 
189 	if (fseeko(fp, 0, SEEK_SET) == -1)
190 		err(1, "fseeko");
191 
192 	return fp;
193 }
194 
195 static int
196 parse_response(char *r)
197 {
198 	int code;
199 
200 	if (r[0] < '0' || r[0] > '9' ||
201 	    r[1] < '0' || r[1] > '9' ||
202 	    r[2] != ' ')
203 		errx(1, "illegal response");
204 
205 	code = (r[0] - '0') * 10 + (r[1] - '0');
206 	if (code < 10 || code >= 70)
207 		errx(1, "invalid response code: %d", code);
208 	if (code >= 20 && code < 30)
209 		return 0;
210 	if (code >= 30 && code < 40) {
211 		puts(r + 3);
212 		return 0;
213 	}
214 	warnx("server error: %s", r + 3);
215 	return 2;
216 }
217 
218 static void __dead
219 usage(void)
220 {
221 	fprintf(stderr,
222 	    "usage: %s [-C cert] [-K key] [-m mime] [-t token] url [file]\n",
223 	    getprogname());
224 	exit(1);
225 }
226 
227 int
228 main(int argc, char **argv)
229 {
230 	struct tls_config *config;
231 	struct tls	*ctx;
232 	struct stat	 sb;
233 	struct iri	 iri;
234 	FILE		*in;
235 	const char	*cert = NULL, *key = NULL, *mime = NULL, *token = NULL;
236 	const char	*errstr;
237 	char		 iribuf[1025];
238 	char		 reqbuf[1025];
239 	char		 resbuf[1025];
240 	char		*path;
241 	int		 sock, ch, ret = 0;
242 
243 	if (pledge("stdio rpath tmppath inet dns", NULL) == -1)
244 		err(1, "pledge");
245 
246 	while ((ch = getopt(argc, argv, "C:K:m:t:")) != -1) {
247 		switch (ch) {
248 		case 'C':
249 			cert = optarg;
250 			break;
251 		case 'K':
252 			key = optarg;
253 			break;
254 		case 'm':
255 			mime = optarg;
256 			break;
257 		case 't':
258 			token = optarg;
259 			break;
260 		}
261 	}
262 	argc -= optind;
263 	argv += optind;
264 
265 	if (cert == NULL && key != NULL)
266 		usage();
267 	if (cert != NULL && key == NULL)
268 		key = cert;
269 
270 	if (argc > 2)
271 		usage();
272 
273 	in = open_input_file(argc, argv);
274 
275 	/* drop rpath tmppath */
276 	if (pledge("stdio inet dns", NULL) == -1)
277 		err(1, "pledge");
278 
279 	if (fstat(fileno(in), &sb) == -1)
280 		err(1, "fstat");
281 
282 	/* prepare the IRI */
283 	if (strlcpy(iribuf, argv[0], sizeof(iribuf)) >= sizeof(iribuf))
284 		errx(1, "IRI too long");
285 
286 	if (!parse_iri(iribuf, &iri, &errstr))
287 		errx(1, "invalid IRI: %s", errstr);
288 
289 	if (strcmp(iri.schema, "titan") != 0)
290 		errx(1, "not a titan:// IRI");
291 
292 	if (token && mime) {
293 		if (asprintf(&path, "%s;size=%lld;token=%s;mime=%s", iri.path,
294 		    (long long)sb.st_size, token, mime) == -1)
295 			err(1, "asprintf");
296 	} else if (token) {
297 		if (asprintf(&path, "%s;size=%lld;token=%s", iri.path,
298 		    (long long)sb.st_size, token) == -1)
299 			err(1, "asprintf");
300 	} else if (mime) {
301 		if (asprintf(&path, "%s;size=%lld;mime=%s", iri.path,
302 		    (long long)sb.st_size, mime) == -1)
303 			err(1, "asprintf");
304 	} else {
305 		if (asprintf(&path, "%s;size=%lld", iri.path,
306 		    (long long)sb.st_size) == -1)
307 			err(1, "asprintf");
308 	}
309 
310 	iri.path = path;
311 	if (!serialize_iri(&iri, reqbuf, sizeof(reqbuf)) ||
312 	    strlcat(reqbuf, "\r\n", sizeof(reqbuf)) >= sizeof(reqbuf))
313 		errx(1, "IRI too long");
314 
315 	if ((config = tls_config_new()) == NULL)
316 		err(1, "tls_config_new");
317 	tls_config_insecure_noverifycert(config);
318 	tls_config_insecure_noverifyname(config);
319 
320 	if (cert && tls_config_set_keypair_file(config, cert, key) == -1)
321 		errx(1, "cant load certificate client %s", cert);
322 
323 	if ((ctx = tls_client()) == NULL)
324 		errx(1, "can't create tls context");
325 
326 	if (tls_configure(ctx, config) == -1)
327 		errx(1, "tls_configure: %s", tls_error(ctx));
328 
329 	sock = dial(iri.host, iri.port);
330 
331 	/* drop inet tls */
332 	if (pledge("stdio", NULL) == -1)
333 		err(1, "pledge");
334 
335 	if (tls_connect_socket(ctx, sock, iri.host) == -1)
336 		errx(1, "failed to connect to %s:%s: %s", iri.host,
337 		    *iri.port == '\0' ? "1965" : iri.port, tls_error(ctx));
338 
339 	/* send request */
340 	if (iomux(ctx, sock, reqbuf, strlen(reqbuf), NULL, 0) == -1)
341 		errx(1, "I/O error: %s", tls_error(ctx));
342 
343 	for (;;) {
344 		static char buf[BUFSIZ];
345 		size_t buflen;
346 		ssize_t w;
347 		char *m;
348 
349 		/* will be zero on EOF */
350 		buflen = fread(buf, 1, sizeof(buf), in);
351 
352 		w = iomux(ctx, sock, buf, buflen, resbuf, sizeof(resbuf));
353 		if (w == -1) {
354 			errstr = tls_error(ctx);
355 			if (errstr == NULL)
356 				errstr = "unexpected EOF";
357 			errx(1, "I/O error: %s", errstr);
358 		}
359 		if (w != 0) {
360 			if ((m = memmem(resbuf, w, "\r\n", 2)) == NULL)
361 				errx(1, "invalid reply");
362 			*m = '\0';
363 			ret = parse_response(resbuf);
364 			break;
365 		}
366 	}
367 
368 	/* close connection */
369 	for (;;) {
370 		struct pollfd pfd;
371 
372 		memset(&pfd, 0, sizeof(pfd));
373 		pfd.fd = sock;
374 		pfd.events = POLLIN|POLLOUT;
375 
376 		switch (tls_close(ctx)) {
377 		case TLS_WANT_POLLIN:
378 		case TLS_WANT_POLLOUT:
379 			if (poll(&pfd, 1, INFTIM) == -1)
380 				err(1, "poll");
381 			break;
382 		case -1:
383 			warnx("tls_close: %s", tls_error(ctx));
384 			/* fallthrough */
385 		default:
386 			tls_free(ctx);
387 			return (ret);
388 		}
389 	}
390 }