1 /*
2  * Copyright (c) 2021 Omar Polo <op@omarpolo.com>
3  *
4  * Permission to use, copy, modify, and distribute this software for any
5  * purpose with or without fee is hereby granted, provided that the above
6  * copyright notice and this permission notice appear in all copies.
7  *
8  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15  */
16 
17 #include <sys/mman.h>
18 #include <sys/stat.h>
19 
20 #include <netdb.h>
21 
22 #include <assert.h>
23 #include <errno.h>
24 #include <fcntl.h>
25 #include <fnmatch.h>
26 #include <string.h>
27 
28 #include "gmid.h"
29 
30 int connected_clients;
31 
32 const char *
33 vhost_lang(struct vhost *v, const char *path)
34 {
35 	struct location *loc;
36 	const char *lang = NULL;
37 
38 	for (loc = v->locations; loc->match != NULL; ++loc) {
39 		if (!fnmatch(loc->match, path, 0)) {
40 			if (loc->lang != NULL)
41 				lang = loc->lang;
42 		}
43 	}
44 
45 	return lang;
46 }
47 
48 const char *
49 vhost_default_mime(struct vhost *v, const char *path)
50 {
51 	struct location *loc;
52 	const char *default_mime = "application/octet-stream";
53 
54 	for (loc = v->locations; loc->match != NULL; ++loc) {
55 		if (!fnmatch(loc->match, path, 0)) {
56 			if (loc->default_mime != NULL)
57 				default_mime = loc->default_mime;
58 		}
59 	}
60 
61 	return default_mime;
62 }
63 
64 const char *
65 vhost_index(struct vhost *v, const char *path)
66 {
67 	struct location *loc;
68 	const char *index = "index.gmi";
69 
70 	for (loc = v->locations; loc->match != NULL; ++loc) {
71 		if (!fnmatch(loc->match, path, 0)) {
72 			if (loc->index != NULL)
73 				index = loc->index;
74 		}
75 	}
76 
77 	return index;
78 }
79 
80 int
81 check_path(struct client *c, const char *path, int *fd)
82 {
83 	struct stat sb;
84 	const char *p;
85 
86 	assert(path != NULL);
87 
88 	if (*path == '\0')
89 		p = ".";
90 	else if (*path == '/')
91 		/* in send_dir we add an initial / (to be
92 		 * redirect-friendly), but here we want to skip it */
93 		p = path+1;
94 	else
95 		p = path;
96 
97 	if ((*fd = openat(c->host->dirfd, p, O_RDONLY | O_NOFOLLOW)) == -1) {
98 		return FILE_MISSING;
99 	}
100 
101 	if (fstat(*fd, &sb) == -1) {
102 		LOGN(c, "failed stat for %s: %s", path, strerror(errno));
103 		return FILE_MISSING;
104 	}
105 
106 	if (S_ISDIR(sb.st_mode))
107 		return FILE_DIRECTORY;
108 
109 	if (sb.st_mode & S_IXUSR)
110 		return FILE_EXECUTABLE;
111 
112 	return FILE_EXISTS;
113 }
114 
115 void
116 open_file(struct pollfd *fds, struct client *c)
117 {
118 	switch (check_path(c, c->iri.path, &c->fd)) {
119 	case FILE_EXECUTABLE:
120 		if (c->host->cgi != NULL && starts_with(c->iri.path, c->host->cgi)) {
121 			start_cgi(c->iri.path, "", c->iri.query, fds, c);
122 			return;
123 		}
124 
125 		/* fallthrough */
126 
127 	case FILE_EXISTS:
128 		if ((c->len = filesize(c->fd)) == -1) {
129 			LOGE(c, "failed to get file size for %s", c->iri.path);
130 			close_conn(fds, c);
131 			return;
132 		}
133 
134 		if ((c->buf = mmap(NULL, c->len, PROT_READ, MAP_PRIVATE,
135 			    c->fd, 0)) == MAP_FAILED) {
136 			LOGW(c, "mmap: %s: %s", c->iri.path, strerror(errno));
137 			close_conn(fds, c);
138 			return;
139 		}
140 		c->i = c->buf;
141 		c->next = S_SENDING_FILE;
142 		start_reply(fds, c, SUCCESS, mime(c->host, c->iri.path));
143 		return;
144 
145 	case FILE_DIRECTORY:
146 		close(c->fd);
147 		c->fd = -1;
148 		send_dir(fds, c);
149 		return;
150 
151 	case FILE_MISSING:
152 		if (c->host->cgi != NULL && starts_with(c->iri.path, c->host->cgi)) {
153 			check_for_cgi(c->iri.path, c->iri.query, fds, c);
154 			return;
155 		}
156 		start_reply(fds, c, NOT_FOUND, "not found");
157 		return;
158 
159 	default:
160 		/* unreachable */
161 		abort();
162 	}
163 }
164 
165 
166 /*
167  * the inverse of this algorithm, i.e. starting from the start of the
168  * path + strlen(cgi), and checking if each component, should be
169  * faster.  But it's tedious to write.  This does the opposite: starts
170  * from the end and strip one component at a time, until either an
171  * executable is found or we emptied the path.
172  */
173 void
174 check_for_cgi(char *path, char *query, struct pollfd *fds, struct client *c)
175 {
176 	char *end;
177 	end = strchr(path, '\0');
178 
179 	/* NB: assume CGI is enabled and path matches cgi */
180 
181 	while (end > path) {
182 		/* go up one level.  UNIX paths are simple and POSIX
183 		 * dirname, with its ambiguities on if the given path
184 		 * is changed or not, gives me headaches. */
185 		while (*end != '/')
186 			end--;
187 		*end = '\0';
188 
189 		switch (check_path(c, path, &c->fd)) {
190 		case FILE_EXECUTABLE:
191 			start_cgi(path, end+1, query, fds,c);
192 			return;
193 		case FILE_MISSING:
194 			break;
195 		default:
196 			goto err;
197 		}
198 
199 		*end = '/';
200 		end--;
201 	}
202 
203 err:
204 	start_reply(fds, c, NOT_FOUND, "not found");
205 	return;
206 }
207 
208 void
209 mark_nonblock(int fd)
210 {
211 	int flags;
212 
213 	if ((flags = fcntl(fd, F_GETFL)) == -1)
214 		fatal("fcntl(F_GETFL): %s", strerror(errno));
215 	if (fcntl(fd, F_SETFL, flags | O_NONBLOCK) == -1)
216 		fatal("fcntl(F_SETFL): %s", strerror(errno));
217 }
218 
219 void
220 handle_handshake(struct pollfd *fds, struct client *c)
221 {
222 	struct vhost *h;
223 	const char *servname;
224 
225 	switch (tls_handshake(c->ctx)) {
226 	case 0:  /* success */
227 	case -1: /* already handshaked */
228 		break;
229 	case TLS_WANT_POLLIN:
230 		fds->events = POLLIN;
231 		return;
232 	case TLS_WANT_POLLOUT:
233 		fds->events = POLLOUT;
234 		return;
235 	default:
236 		/* unreachable */
237 		abort();
238 	}
239 
240 	servname = tls_conn_servername(c->ctx);
241 
242 	for (h = hosts; h->domain != NULL; ++h) {
243 		if (!strcmp(h->domain, "*"))
244 			break;
245 
246 		if (servname != NULL && !fnmatch(h->domain, servname, 0))
247 			break;
248 	}
249 
250 	if (h->domain != NULL) {
251 		c->state = S_OPEN;
252 		c->host = h;
253 		handle_open_conn(fds, c);
254 		return;
255 	}
256 
257 	if (servname != NULL)
258 		strncpy(c->req, servname, sizeof(c->req));
259 	else
260 		strncpy(c->req, "null", sizeof(c->req));
261 
262 	start_reply(fds, c, BAD_REQUEST, "Wrong host or missing SNI");
263 }
264 
265 void
266 handle_open_conn(struct pollfd *fds, struct client *c)
267 {
268 	const char *parse_err = "invalid request";
269 
270 	bzero(c->req, sizeof(c->req));
271 	bzero(&c->iri, sizeof(c->iri));
272 
273 	switch (tls_read(c->ctx, c->req, sizeof(c->req)-1)) {
274 	case -1:
275 		LOGE(c, "tls_read: %s", tls_error(c->ctx));
276 		close_conn(fds, c);
277 		return;
278 
279 	case TLS_WANT_POLLIN:
280 		fds->events = POLLIN;
281 		return;
282 
283 	case TLS_WANT_POLLOUT:
284 		fds->events = POLLOUT;
285 		return;
286 	}
287 
288 	if (!trim_req_iri(c->req) || !parse_iri(c->req, &c->iri, &parse_err)) {
289 		start_reply(fds, c, BAD_REQUEST, parse_err);
290 		return;
291 	}
292 
293 	/* XXX: we should check that the SNI matches the requested host */
294 	if (strcmp(c->iri.schema, "gemini") || c->iri.port_no != conf.port) {
295 		start_reply(fds, c, PROXY_REFUSED, "won't proxy request");
296 		return;
297 	}
298 
299 	open_file(fds, c);
300 }
301 
302 void
303 start_reply(struct pollfd *pfd, struct client *c, int code, const char *meta)
304 {
305 	char buf[1030];		/* status + ' ' + max reply len + \r\n\0 */
306 	const char *lang;
307 	size_t len;
308 
309 	c->code = code;
310 	c->meta = meta;
311 	c->state = S_INITIALIZING;
312 
313 	lang = vhost_lang(c->host, c->iri.path);
314 
315 	snprintf(buf, sizeof(buf), "%d ", code);
316 	strlcat(buf, meta, sizeof(buf));
317 	if (!strcmp(meta, "text/gemini") && lang != NULL) {
318 		strlcat(buf, "; lang=", sizeof(buf));
319 		strlcat(buf, lang, sizeof(buf));
320 	}
321 
322 	len = strlcat(buf, "\r\n", sizeof(buf));
323 	assert(len < sizeof(buf));
324 
325 	switch (tls_write(c->ctx, buf, len)) {
326 	case -1:
327 		close_conn(pfd, c);
328 		return;
329 	case TLS_WANT_POLLIN:
330 		pfd->events = POLLIN;
331 		return;
332 	case TLS_WANT_POLLOUT:
333 		pfd->events = POLLOUT;
334 		return;
335 	}
336 
337 	log_request(c, buf, sizeof(buf));
338 
339 	/* we don't need a body */
340 	if (c->code != SUCCESS) {
341 		close_conn(pfd, c);
342 		return;
343 	}
344 
345 	/* advance the state machine */
346 	c->state = c->next;
347 	handle(pfd, c);
348 }
349 
350 void
351 start_cgi(const char *spath, const char *relpath, const char *query,
352     struct pollfd *fds, struct client *c)
353 {
354 	char addr[NI_MAXHOST];
355 	const char *ruser, *cissuer, *chash;
356 	int e;
357 
358 	e = getnameinfo((struct sockaddr*)&c->addr, sizeof(c->addr),
359 	    addr, sizeof(addr),
360 	    NULL, 0,
361 	    NI_NUMERICHOST);
362 	if (e != 0)
363 		goto err;
364 
365 	if (tls_peer_cert_provided(c->ctx)) {
366 		ruser = tls_peer_cert_subject(c->ctx);
367 		cissuer = tls_peer_cert_issuer(c->ctx);
368 		chash = tls_peer_cert_hash(c->ctx);
369 	} else {
370 		ruser = NULL;
371 		cissuer = NULL;
372 		chash = NULL;
373 	}
374 
375 	if (!send_string(exfd, spath)
376 	    || !send_string(exfd, relpath)
377 	    || !send_string(exfd, query)
378 	    || !send_string(exfd, addr)
379 	    || !send_string(exfd, ruser)
380 	    || !send_string(exfd, cissuer)
381 	    || !send_string(exfd, chash)
382 	    || !send_vhost(exfd, c->host))
383 		goto err;
384 
385 	close(c->fd);
386 	if ((c->fd = recv_fd(exfd)) == -1) {
387 		start_reply(fds, c, TEMP_FAILURE, "internal server error");
388 		return;
389 	}
390 	c->state = S_SENDING_CGI;
391 	cgi_poll_on_child(fds, c);
392 	c->code = -1;
393 	/* handle_cgi(fds, c); */
394 	return;
395 
396 err:
397 	/* fatal("cannot talk to the executor process: %s", strerror(errno)); */
398 	fatal("cannot talk to the executor process");
399 }
400 
401 void
402 send_file(struct pollfd *fds, struct client *c)
403 {
404 	ssize_t ret, len;
405 
406 	/* ensure the correct state */
407 	c->state = S_SENDING_FILE;
408 
409 	len = (c->buf + c->len) - c->i;
410 
411 	while (len > 0) {
412 		switch (ret = tls_write(c->ctx, c->i, len)) {
413 		case -1:
414 			LOGE(c, "tls_write: %s", tls_error(c->ctx));
415 			close_conn(fds, c);
416 			return;
417 
418 		case TLS_WANT_POLLIN:
419 			fds->events = POLLIN;
420 			return;
421 
422 		case TLS_WANT_POLLOUT:
423 			fds->events = POLLOUT;
424 			return;
425 
426 		default:
427 			c->i += ret;
428 			len -= ret;
429 			break;
430 		}
431 	}
432 
433 	close_conn(fds, c);
434 }
435 
436 void
437 send_dir(struct pollfd *fds, struct client *c)
438 {
439 	size_t len;
440 
441 	/* guard against a re-entrant call: open_file -> send_dir ->
442 	 * open_file -> send_dir.  This can happen only if:
443 	 *
444 	 *  - user requested a dir, say foo/
445 	 *  - we try to serve foo/$INDEX
446 	 *  - foo/$INDEX is a directory.
447 	 */
448 	if (c->iri.path == c->sbuf) {
449 		start_reply(fds, c, TEMP_REDIRECT, c->sbuf);
450 		return;
451 	}
452 
453 	strlcpy(c->sbuf, "/", sizeof(c->sbuf));
454 
455 	len = strlen(c->iri.path);
456 	if (len > 0 && c->iri.path[len-1] != '/') {
457 		/* redirect to url with the trailing / */
458 		strlcat(c->sbuf, c->iri.path, sizeof(c->sbuf));
459 		strlcat(c->sbuf, "/", sizeof(c->sbuf));
460 		start_reply(fds, c, TEMP_REDIRECT, c->sbuf);
461 		return;
462 	}
463 
464 	strlcat(c->sbuf, c->iri.path, sizeof(c->sbuf));
465 
466 	if (!ends_with(c->sbuf, "/"))
467 		strlcat(c->sbuf, "/", sizeof(c->sbuf));
468 
469 	len = strlcat(c->sbuf, vhost_index(c->host, c->iri.path),
470 	    sizeof(c->sbuf));
471 
472 	if (len >= sizeof(c->sbuf)) {
473 		start_reply(fds, c, TEMP_FAILURE, "internal server error");
474 		return;
475 	}
476 
477 	close(c->fd);
478 	c->iri.path = c->sbuf;
479 	open_file(fds, c);
480 }
481 
482 void
483 cgi_poll_on_child(struct pollfd *fds, struct client *c)
484 {
485 	int fd;
486 
487 	if (c->waiting_on_child)
488 		return;
489 	c->waiting_on_child = 1;
490 
491 	fds->events = POLLIN;
492 
493 	fd = fds->fd;
494 	fds->fd = c->fd;
495 	c->fd = fd;
496 }
497 
498 void
499 cgi_poll_on_client(struct pollfd *fds, struct client *c)
500 {
501 	int fd;
502 
503 	if (!c->waiting_on_child)
504 		return;
505 	c->waiting_on_child = 0;
506 
507 	fd = fds->fd;
508 	fds->fd = c->fd;
509 	c->fd = fd;
510 }
511 
512 /* handle the read from the child process.  Return like read(2) */
513 static ssize_t
514 read_from_cgi(struct client *c)
515 {
516 	void	*buf;
517 	size_t	 len;
518 	ssize_t	 r;
519 
520 	/* if we haven't read a whole response line, we want to
521 	 * continue reading. */
522 
523 	if (c->code == -1) {
524 		buf = c->sbuf + c->len;
525 		len = sizeof(c->sbuf) - c->len;
526 	} else {
527 		buf = c->sbuf;
528 		len = sizeof(c->sbuf);
529 	}
530 
531 	r = read(c->fd, buf, len);
532 	if (r == 0 || r == -1)
533 		return r;
534 
535 	c->len += r;
536 	c->off = 0;
537 
538 	if (c->code != -1)
539 		return r;
540 
541 	if (strchr(c->sbuf, '\n') || c->len == sizeof(c->sbuf)) {
542 		c->code = 0;
543 		log_request(c, c->sbuf, c->len);
544 	}
545 
546 	return r;
547 }
548 
549 void
550 handle_cgi(struct pollfd *fds, struct client *c)
551 {
552 	ssize_t r;
553 
554 	/* ensure c->fd is the child and fds->fd the client */
555 	cgi_poll_on_client(fds, c);
556 
557 	while (1) {
558 		if (c->code == -1 || c->len == 0) {
559 			switch (r = read_from_cgi(c)) {
560 			case 0:
561 				goto end;
562 
563 			case -1:
564 				if (errno == EAGAIN || errno == EWOULDBLOCK) {
565 					cgi_poll_on_child(fds, c);
566 					return;
567 				}
568 				goto end;
569 			}
570 		}
571 
572 		if (c->code == -1) {
573 			cgi_poll_on_child(fds, c);
574 			return;
575 		}
576 
577 		while (c->len > 0) {
578 			switch (r = tls_write(c->ctx, c->sbuf + c->off, c->len)) {
579 			case -1:
580 				goto end;
581 
582 			case TLS_WANT_POLLOUT:
583 				fds->events = POLLOUT;
584 				return;
585 
586 			case TLS_WANT_POLLIN:
587 				fds->events = POLLIN;
588 				return;
589 
590 			default:
591                                 c->off += r;
592 				c->len -= r;
593 				break;
594 			}
595 		}
596 	}
597 
598 end:
599 	close_conn(fds, c);
600 }
601 
602 void
603 close_conn(struct pollfd *pfd, struct client *c)
604 {
605 	c->state = S_CLOSING;
606 
607 	switch (tls_close(c->ctx)) {
608 	case TLS_WANT_POLLIN:
609 		pfd->events = POLLIN;
610 		return;
611 	case TLS_WANT_POLLOUT:
612 		pfd->events = POLLOUT;
613 		return;
614 	}
615 
616 	connected_clients--;
617 
618 	tls_free(c->ctx);
619 	c->ctx = NULL;
620 
621 	if (c->buf != MAP_FAILED)
622 		munmap(c->buf, c->len);
623 
624 	if (c->fd != -1)
625 		close(c->fd);
626 
627 	close(pfd->fd);
628 	pfd->fd = -1;
629 }
630 
631 void
632 do_accept(int sock, struct tls *ctx, struct pollfd *fds, struct client *clients)
633 {
634 	int i, fd;
635 	struct sockaddr_storage addr;
636 	socklen_t len;
637 
638 	len = sizeof(addr);
639 	if ((fd = accept(sock, (struct sockaddr*)&addr, &len)) == -1) {
640 		if (errno == EWOULDBLOCK)
641 			return;
642 		fatal("accept: %s", strerror(errno));
643 	}
644 
645 	mark_nonblock(fd);
646 
647 	for (i = 0; i < MAX_USERS; ++i) {
648 		if (fds[i].fd == -1) {
649 			bzero(&clients[i], sizeof(struct client));
650 			if (tls_accept_socket(ctx, &clients[i].ctx, fd) == -1)
651 				break; /* goodbye fd! */
652 
653 			fds[i].fd = fd;
654 			fds[i].events = POLLIN;
655 
656 			clients[i].state = S_HANDSHAKE;
657 			clients[i].next = S_SENDING_FILE;
658 			clients[i].fd = -1;
659 			clients[i].waiting_on_child = 0;
660 			clients[i].buf = MAP_FAILED;
661 			clients[i].addr = addr;
662 
663 			connected_clients++;
664 			return;
665 		}
666 	}
667 
668 	close(fd);
669 }
670 
671 void
672 handle(struct pollfd *fds, struct client *client)
673 {
674 	switch (client->state) {
675 	case S_HANDSHAKE:
676 		handle_handshake(fds, client);
677 		break;
678 
679 	case S_OPEN:
680                 handle_open_conn(fds, client);
681 		break;
682 
683 	case S_INITIALIZING:
684 		start_reply(fds, client, client->code, client->meta);
685                 break;
686 
687 	case S_SENDING_FILE:
688 		send_file(fds, client);
689 		break;
690 
691 	case S_SENDING_CGI:
692 		handle_cgi(fds, client);
693 		break;
694 
695 	case S_CLOSING:
696 		close_conn(fds, client);
697 		break;
698 
699 	default:
700 		/* unreachable */
701 		abort();
702 	}
703 }
704 
705 void
706 loop(struct tls *ctx, int sock4, int sock6)
707 {
708 	int i;
709 	struct client clients[MAX_USERS];
710 	struct pollfd fds[MAX_USERS];
711 
712 	connected_clients = 0;
713 
714 	for (i = 0; i < MAX_USERS; ++i) {
715 		fds[i].fd = -1;
716 		fds[i].events = POLLIN;
717 		bzero(&clients[i], sizeof(struct client));
718 	}
719 
720 	fds[0].fd = sock4;
721 	fds[1].fd = sock6;
722 
723 	for (;;) {
724 		if (poll(fds, MAX_USERS, INFTIM) == -1) {
725 			if (errno == EINTR) {
726                                 fprintf(stderr, "connected clients: %d\n",
727 				    connected_clients);
728 				continue;
729 			}
730 			fatal("poll: %s", strerror(errno));
731 		}
732 
733 		for (i = 0; i < MAX_USERS; i++) {
734 			if (fds[i].revents == 0)
735 				continue;
736 
737 			if (fds[i].revents & (POLLERR|POLLNVAL))
738 				fatal("bad fd %d: %s", fds[i].fd,
739 				    strerror(errno));
740 
741 			if (fds[i].revents & POLLHUP) {
742 				/* fds[i] may be the fd of the stdin
743 				 * of a cgi script that has exited. */
744 				if (!clients[i].waiting_on_child) {
745 					close_conn(&fds[i], &clients[i]);
746 					continue;
747 				}
748 			}
749 
750 			if (fds[i].fd == sock4)
751 				do_accept(sock4, ctx, fds, clients);
752 			else if (fds[i].fd == sock6)
753 				do_accept(sock6, ctx, fds, clients);
754 			else
755 				handle(&fds[i], &clients[i]);
756 		}
757 	}
758 }