1 /*
2  * Copyright (c) 2021 Omar Polo <op@omarpolo.com>
3  *
4  * Permission to use, copy, modify, and distribute this software for any
5  * purpose with or without fee is hereby granted, provided that the above
6  * copyright notice and this permission notice appear in all copies.
7  *
8  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15  */
16 
17 /*
18  * TODO:
19  *  - move the various
20  *	imsg_compose(...);
21  *	imsg_flush(...);
22  *    to something more asynchronous
23  */
24 
25 #include <telescope.h>
26 
27 #include <sys/types.h>
28 #include <sys/socket.h>
29 
30 #include <netinet/in.h>
31 
32 #include <assert.h>
33 #include <ctype.h>
34 #include <errno.h>
35 #include <netdb.h>
36 #include <stdarg.h>
37 #include <stdio.h>
38 #include <stdlib.h>
39 #include <string.h>
40 #include <tls.h>
41 #include <unistd.h>
42 
43 #if HAVE_ASR_RUN
44 # include <asr.h>
45 #endif
46 
47 static struct event		 imsgev;
48 static struct tls_config	*tlsconf;
49 static struct imsgbuf		*ibuf;
50 
51 struct req;
52 
53 static void		 die(void) __attribute__((__noreturn__));
54 
55 #if HAVE_ASR_RUN
56 static void		 try_to_connect(int, short, void*);
57 static void		 query_done(struct asr_result*, void*);
58 static void		 async_conn_towards(struct req*);
59 #else
60 static void 		 blocking_conn_towards(struct req*);
61 #endif
62 
63 static void		 close_with_err(struct req*, const char*);
64 static void		 close_with_errf(struct req*, const char*, ...) __attribute__((format(printf, 2, 3)));
65 static struct req	*req_by_id(uint32_t);
66 static struct req	*req_by_id_try(uint32_t);
67 
68 static void		 setup_tls(struct req*);
69 static void		 do_handshake(int, short, void*);
70 static void		 write_request(int, short, void*);
71 static void		 read_reply(int, short, void*);
72 static void		 parse_reply(struct req*);
73 static void		 copy_body(int, short, void*);
74 
75 static void		 handle_get(struct imsg*, size_t);
76 static void		 handle_cert_status(struct imsg*, size_t);
77 static void		 handle_proceed(struct imsg*, size_t);
78 static void		 handle_stop(struct imsg*, size_t);
79 static void		 handle_quit(struct imsg*, size_t);
80 static void		 handle_dispatch_imsg(int, short, void*);
81 
82 /* TODO: making this customizable */
83 struct timeval timeout_for_handshake = { 5, 0 };
84 
85 static imsg_handlerfn *handlers[] = {
86 	[IMSG_GET]		= handle_get,
87 	[IMSG_CERT_STATUS]	= handle_cert_status,
88 	[IMSG_PROCEED]		= handle_proceed,
89 	[IMSG_STOP]		= handle_stop,
90 	[IMSG_QUIT]		= handle_quit,
91 };
92 
93 typedef void (*statefn)(int, short, void*);
94 
95 TAILQ_HEAD(, req) reqhead;
96 /* a pending request */
97 struct req {
98 	struct event		 ev;
99 	struct url		 url;
100 	uint32_t		 id;
101 	int			 fd;
102 	struct tls		*ctx;
103 	char			 buf[1024];
104 	size_t			 off;
105 
106 #if HAVE_ASR_RUN
107 	struct addrinfo		 hints, *servinfo, *p;
108 	struct event_asr	*asrev;
109 #endif
110 
111 	TAILQ_ENTRY(req)	 reqs;
112 };
113 
114 static inline void
115 yield_r(struct req *req, statefn fn, struct timeval *tv)
116 {
117 	event_once(req->fd, EV_READ, fn, req, tv);
118 }
119 
120 static inline void
121 yield_w(struct req *req, statefn fn, struct timeval *tv)
122 {
123 	event_once(req->fd, EV_WRITE, fn, req, tv);
124 }
125 
126 static inline void
127 advance_buf(struct req *req, size_t len)
128 {
129 	assert(len <= req->off);
130 
131 	req->off -= len;
132 	memmove(req->buf, req->buf + len, req->off);
133 }
134 
135 static void __attribute__((__noreturn__))
136 die(void)
137 {
138 	abort(); 		/* TODO */
139 }
140 
141 #if HAVE_ASR_RUN
142 static void
143 try_to_connect(int fd, short ev, void *d)
144 {
145 	struct req	*req = d;
146 	int		 error = 0;
147 	socklen_t	 len = sizeof(error);
148 
149 again:
150 	if (req->p == NULL)
151 		goto err;
152 
153 	if (req->fd != -1) {
154 		if (getsockopt(req->fd, SOL_SOCKET, SO_ERROR, &error, &len) == -1)
155 			goto err;
156 		if (error != 0) {
157                         errno = error;
158                         goto err;
159 		}
160 		goto done;
161 	}
162 
163 	req->fd = socket(req->p->ai_family, req->p->ai_socktype, req->p->ai_protocol);
164 	if (req->fd == -1) {
165 		req->p = req->p->ai_next;
166 		goto again;
167 	} else {
168 		mark_nonblock(req->fd);
169 		if (connect(req->fd, req->p->ai_addr, req->p->ai_addrlen) == 0)
170 			goto done;
171 		yield_w(req, try_to_connect, NULL);
172 	}
173 	return;
174 
175 err:
176 	freeaddrinfo(req->servinfo);
177 	close_with_errf(req, "failed to connect to %s",
178 	    req->url.host);
179 	return;
180 
181 done:
182 	freeaddrinfo(req->servinfo);
183 	setup_tls(req);
184 }
185 
186 static void
187 query_done(struct asr_result *res, void *d)
188 {
189 	struct req	*req = d;
190 
191 	req->asrev = NULL;
192 	if (res->ar_gai_errno != 0) {
193 		close_with_errf(req, "failed to resolve %s: %s",
194 		    req->url.host, gai_strerror(res->ar_gai_errno));
195 		return;
196 	}
197 
198 	req->fd = -1;
199 	req->servinfo = res->ar_addrinfo;
200 	req->p = res->ar_addrinfo;
201 	try_to_connect(0, 0, req);
202 }
203 
204 static void
205 async_conn_towards(struct req *req)
206 {
207 	struct asr_query	*q;
208 	const char		*proto = "1965";
209 
210 	if (*req->url.port != '\0')
211 		proto = req->url.port;
212 
213 	req->hints.ai_family = AF_UNSPEC;
214 	req->hints.ai_socktype = SOCK_STREAM;
215 	q = getaddrinfo_async(req->url.host, proto, &req->hints, NULL);
216 	req->asrev = event_asr_run(q, query_done, req);
217 }
218 #else
219 static void
220 blocking_conn_towards(struct req *req)
221 {
222 	struct addrinfo	 hints, *servinfo, *p;
223 	struct url	*url = &req->url;
224 	int		 status, sock;
225 	const char	*proto = "1965";
226 
227 	if (*url->port != '\0')
228 		proto = url->port;
229 
230 	memset(&hints, 0, sizeof(hints));
231 	hints.ai_family = AF_UNSPEC;
232 	hints.ai_socktype = SOCK_STREAM;
233 
234 	if ((status = getaddrinfo(url->host, proto, &hints, &servinfo))) {
235 		close_with_errf(req, "failed to resolve %s: %s",
236 		    url->host, gai_strerror(status));
237 		return;
238 	}
239 
240 	sock = -1;
241 	for (p = servinfo; p != NULL; p = p->ai_next) {
242 		if ((sock = socket(p->ai_family, p->ai_socktype, p->ai_protocol)) == -1)
243 			continue;
244 		if (connect(sock, p->ai_addr, p->ai_addrlen) != -1)
245 			break;
246 		close(sock);
247 	}
248 	freeaddrinfo(servinfo);
249 
250 	if (sock == -1) {
251 		close_with_errf(req, "couldn't connect to %s", url->host);
252 		return;
253 	}
254 
255 	req->fd = sock;
256 	mark_nonblock(req->fd);
257 	setup_tls(req);
258 }
259 #endif
260 
261 static struct req *
262 req_by_id(uint32_t id)
263 {
264 	struct req *r;
265 
266 	if ((r = req_by_id_try(id)) == NULL)
267 		die();
268 	return r;
269 }
270 
271 static struct req *
272 req_by_id_try(uint32_t id)
273 {
274 	struct req *r;
275 
276 	TAILQ_FOREACH(r, &reqhead, reqs) {
277 		if (r->id == id)
278 			return r;
279 	}
280 
281 	return NULL;
282 }
283 
284 static void
285 close_conn(int fd, short ev, void *d)
286 {
287 	struct req	*req = d;
288 
289 #if HAVE_ASR_RUN
290 	if (req->asrev != NULL)
291 		event_asr_abort(req->asrev);
292 #endif
293 
294 	if (req->ctx != NULL) {
295 		switch (tls_close(req->ctx)) {
296 		case TLS_WANT_POLLIN:
297 			yield_r(req, close_conn, NULL);
298 			return;
299 		case TLS_WANT_POLLOUT:
300 			yield_w(req, close_conn, NULL);
301 			return;
302 		}
303 
304 		tls_free(req->ctx);
305 	}
306 
307 	TAILQ_REMOVE(&reqhead, req, reqs);
308 	if (req->fd != -1)
309 		close(req->fd);
310 	free(req);
311 }
312 
313 static void
314 close_with_err(struct req *req, const char *err)
315 {
316 	imsg_compose(ibuf, IMSG_ERR, req->id, 0, -1, err, strlen(err)+1);
317 	imsg_flush(ibuf);
318 	close_conn(0, 0, req);
319 }
320 
321 static void
322 close_with_errf(struct req *req, const char *fmt, ...)
323 {
324 	va_list	 ap;
325 	char	*s;
326 
327 	va_start(ap, fmt);
328 	if (vasprintf(&s, fmt, ap) == -1)
329 		abort();
330 	va_end(ap);
331 
332 	close_with_err(req, s);
333 	free(s);
334 }
335 
336 static void
337 setup_tls(struct req *req)
338 {
339 	if ((req->ctx = tls_client()) == NULL) {
340 		close_with_errf(req, "tls_client: %s", strerror(errno));
341 		return;
342 	}
343 	if (tls_configure(req->ctx, tlsconf) == -1) {
344 		close_with_errf(req, "tls_configure: %s", tls_error(req->ctx));
345 		return;
346 	}
347 	if (tls_connect_socket(req->ctx, req->fd, req->url.host) == -1) {
348 		close_with_errf(req, "tls_connect_socket: %s", tls_error(req->ctx));
349 		return;
350 	}
351 	yield_w(req, do_handshake, &timeout_for_handshake);
352 }
353 
354 static void
355 do_handshake(int fd, short ev, void *d)
356 {
357 	struct req	*req = d;
358 	const char	*hash;
359 
360 	if (ev == EV_TIMEOUT) {
361 		close_with_err(req, "Timeout loading page");
362 		return;
363 	}
364 
365 	switch (tls_handshake(req->ctx)) {
366 	case TLS_WANT_POLLIN:
367 		yield_r(req, do_handshake, NULL);
368 		return;
369 	case TLS_WANT_POLLOUT:
370 		yield_w(req, do_handshake, NULL);
371 		return;
372 	}
373 
374 	hash = tls_peer_cert_hash(req->ctx);
375 	if (hash == NULL) {
376 		close_with_errf(req, "handshake failed: %s", tls_error(req->ctx));
377 		return;
378 	}
379 	imsg_compose(ibuf, IMSG_CHECK_CERT, req->id, 0, -1, hash, strlen(hash)+1);
380 	imsg_flush(ibuf);
381 }
382 
383 static void
384 write_request(int fd, short ev, void *d)
385 {
386 	struct req	*req = d;
387 	ssize_t		 r;
388 	size_t		 len;
389 	char		 buf[1027]; /* URL + \r\n\0 */
390 
391 	strlcpy(buf, "gemini://", sizeof(buf));
392 	strlcat(buf, req->url.host, sizeof(buf));
393 	if (*req->url.port != '\0' && strcmp("1965", req->url.port)) {
394 		strlcat(buf, ":", sizeof(buf));
395 		strlcat(buf, req->url.port, sizeof(buf));
396 	}
397 	strlcat(buf, "/", sizeof(buf));
398 	strlcat(buf, req->url.path, sizeof(buf));
399 
400 	if (req->url.query[0] != '\0') {
401 		strlcat(buf, "?", sizeof(buf));
402 		strlcat(buf, req->url.query, sizeof(buf));
403 	}
404 
405 	len = strlcat(buf, "\r\n", sizeof(buf));
406 
407 	assert(len <= sizeof(buf));
408 
409 	switch (r = tls_write(req->ctx, buf, len)) {
410 	case -1:
411 		close_with_errf(req, "tls_write: %s", tls_error(req->ctx));
412 		break;
413 	case TLS_WANT_POLLIN:
414 		yield_r(req, write_request, NULL);
415 		break;
416 	case TLS_WANT_POLLOUT:
417 		yield_w(req, write_request, NULL);
418 		break;
419 	default:
420 		/* assume r == len */
421 		(void)r;
422 		yield_r(req, read_reply, NULL);
423 		break;
424 	}
425 }
426 
427 static void
428 read_reply(int fd, short ev, void *d)
429 {
430 	struct req	*req = d;
431 	size_t		 len;
432 	ssize_t		 r;
433 	char		*buf;
434 
435 	buf = req->buf + req->off;
436 	len = sizeof(req->buf) - req->off;
437 
438 	switch (r = tls_read(req->ctx, buf, len)) {
439 	case -1:
440 		close_with_errf(req, "tls_read: %s", tls_error(req->ctx));
441 		break;
442 	case TLS_WANT_POLLIN:
443 		yield_r(req, read_reply, NULL);
444 		break;
445 	case TLS_WANT_POLLOUT:
446 		yield_w(req, read_reply, NULL);
447 		break;
448 	default:
449 		req->off += r;
450 
451 		if (memmem(req->buf, req->off, "\r\n", 2) != NULL)
452 			parse_reply(req);
453 		else if (req->off == sizeof(req->buf))
454 			close_with_err(req, "invalid response");
455 		else
456 			yield_r(req, read_reply, NULL);
457 		break;
458 	}
459 }
460 
461 static void
462 parse_reply(struct req *req)
463 {
464 	int	 code;
465 	char	*e;
466 	size_t	 len;
467 
468 	if (req->off < 4)
469 		goto err;
470 
471 	if (!isdigit(req->buf[0]) || !isdigit(req->buf[1]))
472 		goto err;
473 
474 	code = (req->buf[0] - '0')*10 + (req->buf[1] - '0');
475 
476 	if (!isspace(req->buf[2]))
477 		goto err;
478 
479 	advance_buf(req, 3);
480 	if ((e = memmem(req->buf, req->off, "\r\n", 2)) == NULL)
481 		goto err;
482 
483 	*e = '\0';
484 	e++;
485 	len = e - req->buf;
486 	imsg_compose(ibuf, IMSG_GOT_CODE, req->id, 0, -1, &code, sizeof(code));
487 	imsg_compose(ibuf, IMSG_GOT_META, req->id, 0, -1, req->buf, len);
488 	imsg_flush(ibuf);
489 
490 	if (20 <= code && code < 30)
491 		advance_buf(req, len+1); /* skip \n too */
492 	else
493 		close_conn(0, 0, req);
494 
495 	return;
496 
497 err:
498 	close_with_err(req, "malformed request");
499 }
500 
501 static void
502 copy_body(int fd, short ev, void *d)
503 {
504 	struct req	*req = d;
505 	ssize_t		 r;
506 
507 	for (;;) {
508 		if (req->off != 0) {
509 			imsg_compose(ibuf, IMSG_BUF, req->id, 0, -1,
510 			    req->buf, req->off);
511 			imsg_flush(ibuf);
512 			req->off = 0;
513 		}
514 
515 		switch (r = tls_read(req->ctx, req->buf, sizeof(req->buf))) {
516 		case TLS_WANT_POLLIN:
517 			yield_r(req, copy_body, NULL);
518 			return;
519 		case TLS_WANT_POLLOUT:
520 			yield_w(req, copy_body, NULL);
521 			return;
522 		case 0:
523 			imsg_compose(ibuf, IMSG_EOF, req->id, 0, -1, NULL, 0);
524 			imsg_flush(ibuf);
525 			close_conn(0, 0, req);
526 			return;
527 		default:
528 			req->off = r;
529 		}
530 	}
531 }
532 
533 static void
534 handle_get(struct imsg *imsg, size_t datalen)
535 {
536 	struct req	*req;
537 	const char	*e;
538 	char		*data;
539 
540 	data = imsg->data;
541 
542 	if (data[datalen-1] != '\0')
543 		die();
544 
545 	if ((req = calloc(1, sizeof(*req))) == NULL)
546 		die();
547 
548 	req->id = imsg->hdr.peerid;
549 	TAILQ_INSERT_HEAD(&reqhead, req, reqs);
550 
551         if (!url_parse(imsg->data, &req->url, &e)) {
552 		close_with_err(req, e);
553 		return;
554 	}
555 
556 #if HAVE_ASR_RUN
557         async_conn_towards(req);
558 #else
559 	blocking_conn_towards(req);
560 #endif
561 }
562 
563 static void
564 handle_cert_status(struct imsg *imsg, size_t datalen)
565 {
566 	struct req	*req;
567 	int		 is_ok;
568 
569 	req = req_by_id(imsg->hdr.peerid);
570 
571 	if (datalen < sizeof(is_ok))
572 		die();
573 	memcpy(&is_ok, imsg->data, sizeof(is_ok));
574 
575 	if (is_ok)
576 		yield_w(req, write_request, NULL);
577 	else
578 		close_conn(0, 0, req);
579 }
580 
581 static void
582 handle_proceed(struct imsg *imsg, size_t datalen)
583 {
584 	yield_r(req_by_id(imsg->hdr.peerid),
585 	    copy_body, NULL);
586 }
587 
588 static void
589 handle_stop(struct imsg *imsg, size_t datalen)
590 {
591 	struct req	*req;
592 
593 	if ((req = req_by_id_try(imsg->hdr.peerid)) == NULL)
594 		return;
595 	close_conn(0, 0, req);
596 }
597 
598 static void
599 handle_quit(struct imsg *imsg, size_t datalen)
600 {
601 	event_loopbreak();
602 }
603 
604 static void
605 handle_dispatch_imsg(int fd, short ev, void *d)
606 {
607 	struct imsgbuf	*ibuf = d;
608 	dispatch_imsg(ibuf, handlers, sizeof(handlers));
609 }
610 
611 int
612 client_main(struct imsgbuf *b)
613 {
614 	ibuf = b;
615 
616 	TAILQ_INIT(&reqhead);
617 
618 	if ((tlsconf = tls_config_new()) == NULL)
619 		die();
620 	tls_config_insecure_noverifycert(tlsconf);
621 	tls_config_insecure_noverifyname(tlsconf);
622 
623 	event_init();
624 
625 	event_set(&imsgev, ibuf->fd, EV_READ | EV_PERSIST, handle_dispatch_imsg, ibuf);
626 	event_add(&imsgev, NULL);
627 
628 	sandbox_network_process();
629 
630 	event_dispatch();
631 	return 0;
632 }