2 * Copyright (c) 2021 Omar Polo <op@omarpolo.com>
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
30 #define MIN(a, b) ((a) < (b) ? (a) : (b))
34 struct client clients[MAX_USERS];
36 static struct tls *ctx;
38 static struct event e4, e6, imsgev, siginfo, sigusr2;
39 static int has_ipv6, has_siginfo;
41 int connected_clients;
43 static inline int matches(const char*, const char*);
45 static int check_path(struct client*, const char*, int*);
46 static void open_file(struct client*);
47 static void check_for_cgi(struct client*);
48 static void handle_handshake(int, short, void*);
49 static const char *strip_path(const char*, int);
50 static void fmt_sbuf(const char*, struct client*, const char*);
51 static int apply_block_return(struct client*);
52 static int apply_fastcgi(struct client*);
53 static int apply_require_ca(struct client*);
54 static size_t host_nth(struct vhost*);
55 static void start_cgi(const char*, const char*, struct client*);
56 static void open_dir(struct client*);
57 static void redirect_canonical_dir(struct client*);
59 static void client_tls_readcb(int, short, void *);
60 static void client_tls_writecb(int, short, void *);
62 static void client_read(struct bufferevent *, void *);
63 void client_write(struct bufferevent *, void *);
64 static void client_error(struct bufferevent *, short, void *);
66 static void client_close_ev(int, short, void *);
68 static void cgi_read(struct bufferevent *, void *);
69 static void cgi_write(struct bufferevent *, void *);
70 static void cgi_error(struct bufferevent *, short, void *);
72 static void do_accept(int, short, void*);
73 static struct client *client_by_id(int);
75 static void handle_imsg_cgi_res(struct imsgbuf*, struct imsg*, size_t);
76 static void handle_imsg_fcgi_fd(struct imsgbuf*, struct imsg*, size_t);
77 static void handle_imsg_quit(struct imsgbuf*, struct imsg*, size_t);
78 static void handle_dispatch_imsg(int, short, void *);
79 static void handle_siginfo(int, short, void*);
81 static imsg_handlerfn *handlers[] = {
82 [IMSG_QUIT] = handle_imsg_quit,
83 [IMSG_CGI_RES] = handle_imsg_cgi_res,
84 [IMSG_FCGI_FD] = handle_imsg_fcgi_fd,
88 matches(const char *pattern, const char *path)
92 return !fnmatch(pattern, path, 0);
96 vhost_lang(struct vhost *v, const char *path)
100 if (v == NULL || path == NULL)
103 loc = TAILQ_FIRST(&v->locations);
104 while ((loc = TAILQ_NEXT(loc, locations)) != NULL) {
105 if (loc->lang != NULL) {
106 if (matches(loc->match, path))
111 return TAILQ_FIRST(&v->locations)->lang;
115 vhost_default_mime(struct vhost *v, const char *path)
117 struct location *loc;
118 const char *default_mime = "application/octet-stream";
120 if (v == NULL || path == NULL)
123 loc = TAILQ_FIRST(&v->locations);
124 while ((loc = TAILQ_NEXT(loc, locations)) != NULL) {
125 if (loc->default_mime != NULL) {
126 if (matches(loc->match, path))
127 return loc->default_mime;
131 loc = TAILQ_FIRST(&v->locations);
132 if (loc->default_mime != NULL)
133 return loc->default_mime;
138 vhost_index(struct vhost *v, const char *path)
140 struct location *loc;
141 const char *index = "index.gmi";
143 if (v == NULL || path == NULL)
146 loc = TAILQ_FIRST(&v->locations);
147 while ((loc = TAILQ_NEXT(loc, locations)) != NULL) {
148 if (loc->index != NULL) {
149 if (matches(loc->match, path))
154 loc = TAILQ_FIRST(&v->locations);
155 if (loc->index != NULL)
161 vhost_auto_index(struct vhost *v, const char *path)
163 struct location *loc;
165 if (v == NULL || path == NULL)
168 loc = TAILQ_FIRST(&v->locations);
169 while ((loc = TAILQ_NEXT(loc, locations)) != NULL) {
170 if (loc->auto_index != 0) {
171 if (matches(loc->match, path))
172 return loc->auto_index == 1;
176 loc = TAILQ_FIRST(&v->locations);
177 return loc->auto_index == 1;
181 vhost_block_return(struct vhost *v, const char *path, int *code, const char **fmt)
183 struct location *loc;
185 if (v == NULL || path == NULL)
188 loc = TAILQ_FIRST(&v->locations);
189 while ((loc = TAILQ_NEXT(loc, locations)) != NULL) {
190 if (loc->block_code != 0) {
191 if (matches(loc->match, path)) {
192 *code = loc->block_code;
193 *fmt = loc->block_fmt;
199 loc = TAILQ_FIRST(&v->locations);
200 *code = loc->block_code;
201 *fmt = loc->block_fmt;
202 return loc->block_code != 0;
206 vhost_fastcgi(struct vhost *v, const char *path)
208 struct location *loc;
210 if (v == NULL || path == NULL)
213 loc = TAILQ_FIRST(&v->locations);
214 while ((loc = TAILQ_NEXT(loc, locations)) != NULL) {
216 if (matches(loc->match, path))
220 loc = TAILQ_FIRST(&v->locations);
225 vhost_dirfd(struct vhost *v, const char *path, size_t *retloc)
227 struct location *loc;
230 if (v == NULL || path == NULL)
233 loc = TAILQ_FIRST(&v->locations);
234 while ((loc = TAILQ_NEXT(loc, locations)) != NULL) {
236 if (loc->dirfd != -1)
237 if (matches(loc->match, path)) {
244 loc = TAILQ_FIRST(&v->locations);
249 vhost_strip(struct vhost *v, const char *path)
251 struct location *loc;
253 if (v == NULL || path == NULL)
256 loc = TAILQ_FIRST(&v->locations);
257 while ((loc = TAILQ_NEXT(loc, locations)) != NULL) {
258 if (loc->strip != 0) {
259 if (matches(loc->match, path))
264 loc = TAILQ_FIRST(&v->locations);
269 vhost_require_ca(struct vhost *v, const char *path)
271 struct location *loc;
273 if (v == NULL || path == NULL)
276 loc = TAILQ_FIRST(&v->locations);
277 while ((loc = TAILQ_NEXT(loc, locations)) != NULL) {
278 if (loc->reqca != NULL) {
279 if (matches(loc->match, path))
284 loc = TAILQ_FIRST(&v->locations);
289 vhost_disable_log(struct vhost *v, const char *path)
291 struct location *loc;
293 if (v == NULL || path == NULL)
296 loc = TAILQ_FIRST(&v->locations);
297 while ((loc = TAILQ_NEXT(loc, locations)) != NULL) {
298 if (loc->disable_log && matches(loc->match, path))
302 loc = TAILQ_FIRST(&v->locations);
303 return loc->disable_log;
307 check_path(struct client *c, const char *path, int *fd)
313 assert(path != NULL);
316 * in send_dir we add an initial / (to be redirect-friendly),
317 * but here we want to skip it
322 strip = vhost_strip(c->host, path);
323 p = strip_path(path, strip);
330 dirfd = vhost_dirfd(c->host, path, &c->loc);
331 log_debug(c, "check_path: strip=%d path=%s original=%s",
333 if (*fd == -1 && (*fd = openat(dirfd, p, O_RDONLY)) == -1)
336 if (fstat(*fd, &sb) == -1) {
337 log_notice(c, "failed stat for %s: %s", path, strerror(errno));
341 if (S_ISDIR(sb.st_mode))
342 return FILE_DIRECTORY;
344 if (sb.st_mode & S_IXUSR)
345 return FILE_EXECUTABLE;
351 open_file(struct client *c)
353 switch (check_path(c, c->iri.path, &c->pfd)) {
354 case FILE_EXECUTABLE:
355 if (c->host->cgi != NULL && matches(c->host->cgi, c->iri.path)) {
356 start_cgi(c->iri.path, "", c);
363 c->type = REQUEST_FILE;
364 start_reply(c, SUCCESS, mime(c->host, c->iri.path));
372 if (c->host->cgi != NULL && matches(c->host->cgi, c->iri.path)) {
376 start_reply(c, NOT_FOUND, "not found");
386 * the inverse of this algorithm, i.e. starting from the start of the
387 * path + strlen(cgi), and checking if each component, should be
388 * faster. But it's tedious to write. This does the opposite: starts
389 * from the end and strip one component at a time, until either an
390 * executable is found or we emptied the path.
393 check_for_cgi(struct client *c)
398 strlcpy(path, c->iri.path, sizeof(path));
399 end = strchr(path, '\0');
403 * go up one level. UNIX paths are simple and POSIX
404 * dirname, with its ambiguities on if the given
405 * pointer is changed or not, gives me headaches.
407 while (*end != '/' && end > path)
415 switch (check_path(c, path, &c->pfd)) {
416 case FILE_EXECUTABLE:
417 start_cgi(path, end+1, c);
430 start_reply(c, NOT_FOUND, "not found");
435 mark_nonblock(int fd)
439 if ((flags = fcntl(fd, F_GETFL)) == -1)
440 fatal("fcntl(F_GETFL): %s", strerror(errno));
441 if (fcntl(fd, F_SETFL, flags | O_NONBLOCK) == -1)
442 fatal("fcntl(F_SETFL): %s", strerror(errno));
446 handle_handshake(int fd, short ev, void *d)
448 struct client *c = d;
451 const char *servname;
452 const char *parse_err = "unknown error";
454 switch (tls_handshake(c->ctx)) {
455 case 0: /* success */
456 case -1: /* already handshaked */
458 case TLS_WANT_POLLIN:
459 event_once(c->fd, EV_READ, handle_handshake, c, NULL);
461 case TLS_WANT_POLLOUT:
462 event_once(c->fd, EV_WRITE, handle_handshake, c, NULL);
469 if ((servname = tls_conn_servername(c->ctx)) == NULL) {
470 log_debug(c, "handshake: missing SNI");
474 if (!puny_decode(servname, c->domain, sizeof(c->domain), &parse_err)) {
475 log_info(c, "puny_decode: %s", parse_err);
479 TAILQ_FOREACH(h, &hosts, vhosts) {
480 if (matches(h->domain, c->domain))
482 TAILQ_FOREACH(a, &h->aliases, aliases) {
483 if (matches(a->alias, c->domain))
489 log_debug(c, "handshake: SNI: \"%s\"; decoded: \"%s\"; matched: \"%s\"",
490 servname != NULL ? servname : "(null)",
492 h != NULL ? h->domain : "(null)");
497 c->bev = bufferevent_new(fd, client_read, client_write,
500 fatal("%s: failed to allocate client buffer: %s",
501 __func__, strerror(errno));
503 event_set(&c->bev->ev_read, c->fd, EV_READ,
504 client_tls_readcb, c->bev);
505 event_set(&c->bev->ev_write, c->fd, EV_WRITE,
506 client_tls_writecb, c->bev);
509 evbuffer_unfreeze(c->bev->input, 0);
510 evbuffer_unfreeze(c->bev->output, 1);
513 bufferevent_enable(c->bev, EV_READ);
519 start_reply(c, BAD_REQUEST, "Wrong/malformed host or missing SNI");
523 strip_path(const char *path, int strip)
528 if ((t = strchr(path, '/')) == NULL) {
529 path = strchr(path, '\0');
540 fmt_sbuf(const char *fmt, struct client *c, const char *path)
545 memset(buf, 0, sizeof(buf));
546 for (i = 0; *fmt; ++fmt) {
547 if (i == sizeof(buf)-1 || *fmt == '%') {
548 strlcat(c->sbuf, buf, sizeof(c->sbuf));
549 memset(buf, 0, sizeof(buf));
560 strlcat(c->sbuf, "%", sizeof(c->sbuf));
564 strlcat(c->sbuf, "/", sizeof(c->sbuf));
565 strlcat(c->sbuf, path, sizeof(c->sbuf));
568 strlcat(c->sbuf, c->iri.query, sizeof(c->sbuf));
571 snprintf(buf, sizeof(buf), "%d", conf.port);
572 strlcat(c->sbuf, buf, sizeof(c->sbuf));
573 memset(buf, 0, sizeof(buf));
576 strlcat(c->sbuf, c->domain, sizeof(c->sbuf));
579 fatal("%s: unknown fmt specifier %c",
585 strlcat(c->sbuf, buf, sizeof(c->sbuf));
588 /* 1 if a matching `block return' (and apply it), 0 otherwise */
590 apply_block_return(struct client *c)
592 const char *fmt, *path;
595 if (!vhost_block_return(c->host, c->iri.path, &code, &fmt))
598 path = strip_path(c->iri.path, vhost_strip(c->host, c->iri.path));
599 fmt_sbuf(fmt, c, path);
601 start_reply(c, code, c->sbuf);
605 /* 1 if matching `fcgi' (and apply it), 0 otherwise */
607 apply_fastcgi(struct client *c)
612 if ((id = vhost_fastcgi(c->host, c->iri.path)) == -1)
615 switch ((f = &fcgi[id])->s) {
617 f->s = FCGI_INFLIGHT;
618 log_info(c, "opening fastcgi connection for (%s,%s,%s)",
619 f->path, f->port, f->prog);
620 imsg_compose(&exibuf, IMSG_FCGI_REQ, 0, 0, -1,
636 /* 1 if matching `require client ca' fails (and apply it), 0 otherwise */
638 apply_require_ca(struct client *c)
644 if ((store = vhost_require_ca(c->host, c->iri.path)) == NULL)
647 if (!tls_peer_cert_provided(c->ctx)) {
648 start_reply(c, CLIENT_CERT_REQ, "client certificate required");
652 cert = tls_peer_cert_chain_pem(c->ctx, &len);
653 if (!validate_against_ca(store, cert, len)) {
654 start_reply(c, CERT_NOT_AUTH, "certificate not authorised");
662 host_nth(struct vhost *h)
667 TAILQ_FOREACH(v, &hosts, vhosts) {
677 start_cgi(const char *spath, const char *relpath, struct client *c)
679 char addr[NI_MAXHOST];
684 c->type = REQUEST_CGI;
686 e = getnameinfo((struct sockaddr*)&c->addr, sizeof(c->addr),
691 fatal("getnameinfo failed");
693 memset(&req, 0, sizeof(req));
695 memcpy(req.buf, c->req, sizeof(req.buf));
697 req.iri_schema_off = c->iri.schema - c->req;
698 req.iri_host_off = c->iri.host - c->req;
699 req.iri_port_off = c->iri.port - c->req;
700 req.iri_path_off = c->iri.path - c->req;
701 req.iri_query_off = c->iri.query - c->req;
702 req.iri_fragment_off = c->iri.fragment - c->req;
704 req.iri_portno = c->iri.port_no;
706 strlcpy(req.spath, spath, sizeof(req.spath));
707 strlcpy(req.relpath, relpath, sizeof(req.relpath));
708 strlcpy(req.addr, addr, sizeof(req.addr));
710 if ((t = tls_peer_cert_subject(c->ctx)) != NULL)
711 strlcpy(req.subject, t, sizeof(req.subject));
712 if ((t = tls_peer_cert_issuer(c->ctx)) != NULL)
713 strlcpy(req.issuer, t, sizeof(req.issuer));
714 if ((t = tls_peer_cert_hash(c->ctx)) != NULL)
715 strlcpy(req.hash, t, sizeof(req.hash));
716 if ((t = tls_conn_version(c->ctx)) != NULL)
717 strlcpy(req.version, t, sizeof(req.version));
718 if ((t = tls_conn_cipher(c->ctx)) != NULL)
719 strlcpy(req.cipher, t, sizeof(req.cipher));
721 req.cipher_strength = tls_conn_cipher_strength(c->ctx);
722 req.notbefore = tls_peer_cert_notbefore(c->ctx);
723 req.notafter = tls_peer_cert_notafter(c->ctx);
725 req.host_off = host_nth(c->host);
726 req.loc_off = c->loc;
728 imsg_compose(&exibuf, IMSG_CGI_REQ, c->id, 0, -1, &req, sizeof(req));
735 open_dir(struct client *c)
741 root = !strcmp(c->iri.path, "/") || *c->iri.path == '\0';
743 len = strlen(c->iri.path);
744 if (len > 0 && !ends_with(c->iri.path, "/")) {
745 redirect_canonical_dir(c);
749 strlcpy(c->sbuf, "/", sizeof(c->sbuf));
750 strlcat(c->sbuf, c->iri.path, sizeof(c->sbuf));
751 if (!ends_with(c->sbuf, "/"))
752 strlcat(c->sbuf, "/", sizeof(c->sbuf));
753 before_file = strchr(c->sbuf, '\0');
754 len = strlcat(c->sbuf, vhost_index(c->host, c->iri.path),
756 if (len >= sizeof(c->sbuf)) {
757 start_reply(c, TEMP_FAILURE, "internal server error");
761 c->iri.path = c->sbuf;
763 /* close later unless we have to generate the dir listing */
767 switch (check_path(c, c->iri.path, &c->pfd)) {
768 case FILE_EXECUTABLE:
769 if (c->host->cgi != NULL && matches(c->host->cgi, c->iri.path)) {
770 start_cgi(c->iri.path, "", c);
777 c->type = REQUEST_FILE;
778 start_reply(c, SUCCESS, mime(c->host, c->iri.path));
782 start_reply(c, TEMP_REDIRECT, c->sbuf);
788 if (!vhost_auto_index(c->host, c->iri.path)) {
789 start_reply(c, NOT_FOUND, "not found");
793 c->type = REQUEST_DIR;
795 c->dirlen = scandir_fd(dirfd, &c->dir,
796 root ? select_non_dotdot : select_non_dot,
798 if (c->dirlen == -1) {
799 log_err(c, "scandir_fd(%d) (vhost:%s) %s: %s",
800 c->pfd, c->host->domain, c->iri.path, strerror(errno));
801 start_reply(c, TEMP_FAILURE, "internal server error");
807 start_reply(c, SUCCESS, "text/gemini");
808 evbuffer_add_printf(EVBUFFER_OUTPUT(c->bev),
809 "# Index of %s\n\n", c->iri.path);
821 redirect_canonical_dir(struct client *c)
825 strlcpy(c->sbuf, "/", sizeof(c->sbuf));
826 strlcat(c->sbuf, c->iri.path, sizeof(c->sbuf));
827 len = strlcat(c->sbuf, "/", sizeof(c->sbuf));
829 if (len >= sizeof(c->sbuf)) {
830 start_reply(c, TEMP_FAILURE, "internal server error");
834 start_reply(c, TEMP_REDIRECT, c->sbuf);
838 client_tls_readcb(int fd, short event, void *d)
840 struct bufferevent *bufev = d;
841 struct client *client = bufev->cbarg;
844 int what = EVBUFFER_READ;
845 int howmuch = IBUF_READ_SIZE;
846 char buf[IBUF_READ_SIZE];
848 if (event == EV_TIMEOUT) {
849 what |= EVBUFFER_TIMEOUT;
853 if (bufev->wm_read.high != 0)
854 howmuch = MIN(sizeof(buf), bufev->wm_read.high);
856 switch (ret = tls_read(client->ctx, buf, howmuch)) {
857 case TLS_WANT_POLLIN:
858 case TLS_WANT_POLLOUT:
861 what |= EVBUFFER_ERROR;
867 what |= EVBUFFER_EOF;
871 if (evbuffer_add(bufev->input, buf, len) == -1) {
872 what |= EVBUFFER_ERROR;
876 event_add(&bufev->ev_read, NULL);
877 if (bufev->wm_read.low != 0 && len < bufev->wm_read.low)
879 if (bufev->wm_read.high != 0 && len > bufev->wm_read.high) {
881 * here we could implement a read pressure policy.
885 if (bufev->readcb != NULL)
886 (*bufev->readcb)(bufev, bufev->cbarg);
891 event_add(&bufev->ev_read, NULL);
895 (*bufev->errorcb)(bufev, what, bufev->cbarg);
899 client_tls_writecb(int fd, short event, void *d)
901 struct bufferevent *bufev = d;
902 struct client *client = bufev->cbarg;
905 short what = EVBUFFER_WRITE;
907 if (event == EV_TIMEOUT) {
908 what |= EVBUFFER_TIMEOUT;
912 if (EVBUFFER_LENGTH(bufev->output) != 0) {
913 ret = tls_write(client->ctx,
914 EVBUFFER_DATA(bufev->output),
915 EVBUFFER_LENGTH(bufev->output));
917 case TLS_WANT_POLLIN:
918 case TLS_WANT_POLLOUT:
921 what |= EVBUFFER_ERROR;
925 evbuffer_drain(bufev->output, len);
928 if (EVBUFFER_LENGTH(bufev->output) != 0)
929 event_add(&bufev->ev_write, NULL);
931 if (bufev->writecb != NULL &&
932 EVBUFFER_LENGTH(bufev->output) <= bufev->wm_write.low)
933 (*bufev->writecb)(bufev, bufev->cbarg);
937 event_add(&bufev->ev_write, NULL);
940 log_err(client, "tls error: %s", tls_error(client->ctx));
941 (*bufev->errorcb)(bufev, what, bufev->cbarg);
945 client_read(struct bufferevent *bev, void *d)
947 struct client *c = d;
948 struct evbuffer *src = EVBUFFER_INPUT(bev);
949 const char *parse_err = "invalid request";
950 char decoded[DOMAIN_NAME_LEN];
953 bufferevent_disable(bev, EVBUFFER_READ);
955 /* max url len + \r\n */
956 if (EVBUFFER_LENGTH(src) > 1024 + 2) {
957 log_err(c, "too much data received");
958 start_reply(c, BAD_REQUEST, "bad request");
962 c->req = evbuffer_readln(src, &len, EVBUFFER_EOL_CRLF_STRICT);
963 if (c->req == NULL) {
964 /* not enough data yet. */
965 bufferevent_enable(bev, EVBUFFER_READ);
969 if (!parse_iri(c->req, &c->iri, &parse_err) ||
970 !puny_decode(c->iri.host, decoded, sizeof(decoded), &parse_err)) {
971 log_err(c, "IRI parse error: %s", parse_err);
972 start_reply(c, BAD_REQUEST, "bad request");
976 if (c->iri.port_no != conf.port ||
977 strcmp(c->iri.schema, "gemini") ||
978 strcmp(decoded, c->domain)) {
979 start_reply(c, PROXY_REFUSED, "won't proxy request");
983 if (apply_require_ca(c) ||
984 apply_block_return(c)||
988 if (c->host->entrypoint != NULL) {
990 start_cgi(c->host->entrypoint, c->iri.path, c);
998 client_write(struct bufferevent *bev, void *d)
1000 struct client *c = d;
1001 struct evbuffer *out = EVBUFFER_OUTPUT(bev);
1006 case REQUEST_UNDECIDED:
1008 * Ignore spurious calls when we still don't have idea
1009 * what to do with the request.
1014 if ((r = read(c->pfd, buf, sizeof(buf))) == -1) {
1015 log_warn(c, "read: %s", strerror(errno));
1016 client_error(bev, EVBUFFER_ERROR, c);
1018 } else if (r == 0) {
1021 } else if (r != sizeof(buf))
1022 c->type = REQUEST_DONE;
1023 bufferevent_write(bev, buf, r);
1027 /* TODO: handle big big directories better */
1028 for (c->diroff = 0; c->diroff < c->dirlen; ++c->diroff) {
1029 evbuffer_add_printf(out, "=> %s\n",
1030 c->dir[c->diroff]->d_name);
1031 free(c->dir[c->diroff]);
1036 c->type = REQUEST_DONE;
1038 event_add(&c->bev->ev_write, NULL);
1044 * Here we depend on on the cgi script or fastcgi
1045 * connection to provide data.
1050 if (EVBUFFER_LENGTH(out) == 0)
1057 client_error(struct bufferevent *bev, short error, void *d)
1059 struct client *c = d;
1061 if (c->type == REQUEST_FCGI)
1062 fcgi_abort_request(c);
1064 c->type = REQUEST_DONE;
1066 if (error & EVBUFFER_TIMEOUT) {
1067 log_warn(c, "timeout reached, "
1068 "forcefully closing the connection");
1070 start_reply(c, BAD_REQUEST, "timeout");
1076 if (error & EVBUFFER_EOF) {
1081 log_err(c, "unknown bufferevent error: %s", strerror(errno));
1086 start_reply(struct client *c, int code, const char *meta)
1088 struct evbuffer *evb = EVBUFFER_OUTPUT(c->bev);
1092 bufferevent_enable(c->bev, EVBUFFER_WRITE);
1097 r = evbuffer_add_printf(evb, "%d %s", code, meta);
1101 /* 2 digit status + space + 1024 max reply */
1105 if (c->type != REQUEST_CGI &&
1106 c->type != REQUEST_FCGI &&
1107 !strcmp(meta, "text/gemini") &&
1108 (lang = vhost_lang(c->host, c->iri.path)) != NULL) {
1109 rr = evbuffer_add_printf(evb, ";lang=%s", lang);
1116 bufferevent_write(c->bev, "\r\n", 2);
1118 if (!vhost_disable_log(c->host, c->iri.path))
1119 log_request(c, EVBUFFER_DATA(evb), EVBUFFER_LENGTH(evb));
1121 if (code != 20 && IS_INTERNAL_REQUEST(c->type))
1122 c->type = REQUEST_DONE;
1127 log_err(c, "evbuffer_add_printf error: no memory");
1128 evbuffer_drain(evb, EVBUFFER_LENGTH(evb));
1133 log_warn(c, "reply header overflow");
1134 evbuffer_drain(evb, EVBUFFER_LENGTH(evb));
1135 start_reply(c, TEMP_FAILURE, "internal error");
1139 client_close_ev(int fd, short event, void *d)
1141 struct client *c = d;
1143 switch (tls_close(c->ctx)) {
1144 case TLS_WANT_POLLIN:
1145 event_once(c->fd, EV_READ, client_close_ev, c, NULL);
1147 case TLS_WANT_POLLOUT:
1148 event_once(c->fd, EV_WRITE, client_close_ev, c, NULL);
1152 connected_clients--;
1170 client_close(struct client *c)
1173 * We may end up calling client_close in various situations
1174 * and for the most unexpected reasons. Therefore, we need to
1175 * ensure that everything is properly released once we reach
1179 if (c->type == REQUEST_FCGI)
1180 fcgi_abort_request(c);
1182 if (c->cgibev != NULL) {
1183 bufferevent_disable(c->cgibev, EVBUFFER_READ|EVBUFFER_WRITE);
1184 bufferevent_free(c->cgibev);
1190 bufferevent_disable(c->bev, EVBUFFER_READ|EVBUFFER_WRITE);
1191 bufferevent_free(c->bev);
1194 client_close_ev(c->fd, 0, c);
1198 cgi_read(struct bufferevent *bev, void *d)
1200 struct client *client = d;
1201 struct evbuffer *src = EVBUFFER_INPUT(bev);
1206 /* intercept the header */
1207 if (client->code == 0) {
1208 header = evbuffer_readln(src, &len, EVBUFFER_EOL_CRLF_STRICT);
1209 if (header == NULL) {
1210 /* max reply + \r\n */
1211 if (EVBUFFER_LENGTH(src) > 1026) {
1212 log_warn(client, "CGI script is trying to "
1213 "send a header too long.");
1214 cgi_error(bev, EVBUFFER_READ, client);
1221 if (len < 3 || len > 1029 ||
1222 !isdigit(header[0]) ||
1223 !isdigit(header[1]) ||
1224 !isspace(header[2])) {
1226 log_warn(client, "CGI script is trying to send a "
1227 "malformed header");
1228 cgi_error(bev, EVBUFFER_READ, client);
1232 client->header = header;
1233 code = (header[0] - '0') * 10 + (header[1] - '0');
1235 if (code < 10 || code >= 70) {
1236 log_warn(client, "CGI script is trying to send an "
1237 "invalid reply code (%d)", code);
1238 cgi_error(bev, EVBUFFER_READ, client);
1242 start_reply(client, code, header + 3);
1244 if (client->code < 20 || client->code > 29) {
1245 cgi_error(client->cgibev, EVBUFFER_EOF, client);
1250 bufferevent_write_buffer(client->bev, src);
1254 cgi_write(struct bufferevent *bev, void *d)
1257 * Never called. We don't send data to a CGI script.
1263 cgi_error(struct bufferevent *bev, short error, void *d)
1265 struct client *client = d;
1267 if (error & EVBUFFER_ERROR)
1268 log_err(client, "%s: evbuffer error (%x): %s",
1269 __func__, error, strerror(errno));
1271 bufferevent_disable(bev, EVBUFFER_READ|EVBUFFER_WRITE);
1272 bufferevent_free(bev);
1273 client->cgibev = NULL;
1278 client->type = REQUEST_DONE;
1279 if (client->code != 0)
1280 client_write(client->bev, client);
1282 start_reply(client, CGI_ERROR, "CGI error");
1286 do_accept(int sock, short et, void *d)
1289 struct sockaddr_storage addr;
1290 struct sockaddr *saddr;
1296 saddr = (struct sockaddr*)&addr;
1298 if ((fd = accept(sock, saddr, &len)) == -1) {
1299 if (errno == EWOULDBLOCK || errno == EAGAIN)
1301 fatal("accept: %s", strerror(errno));
1306 for (i = 0; i < MAX_USERS; ++i) {
1309 memset(c, 0, sizeof(*c));
1311 if (tls_accept_socket(ctx, &c->ctx, fd) == -1)
1312 break; /* goodbye fd! */
1320 event_once(c->fd, EV_READ|EV_WRITE, handle_handshake,
1323 connected_clients++;
1331 static struct client *
1332 client_by_id(int id)
1334 if ((size_t)id > sizeof(clients)/sizeof(clients[0]))
1335 fatal("in client_by_id: invalid id %d", id);
1336 return &clients[id];
1340 try_client_by_id(int id)
1342 if ((size_t)id > sizeof(clients)/sizeof(clients[0]))
1344 return &clients[id];
1348 handle_imsg_cgi_res(struct imsgbuf *ibuf, struct imsg *imsg, size_t len)
1352 c = client_by_id(imsg->hdr.peerid);
1354 if ((c->pfd = imsg->fd) == -1) {
1355 start_reply(c, TEMP_FAILURE, "internal server error");
1359 c->type = REQUEST_CGI;
1361 c->cgibev = bufferevent_new(c->pfd, cgi_read, cgi_write,
1364 bufferevent_enable(c->cgibev, EV_READ);
1368 handle_imsg_fcgi_fd(struct imsgbuf *ibuf, struct imsg *imsg, size_t len)
1374 id = imsg->hdr.peerid;
1377 if ((f->fd = imsg->fd) == -1)
1380 mark_nonblock(f->fd);
1384 f->bev = bufferevent_new(f->fd, fcgi_read, fcgi_write,
1386 if (f->bev == NULL) {
1388 log_err(NULL, "%s: failed to allocate client buffer",
1393 bufferevent_enable(f->bev, EV_READ|EV_WRITE);
1396 for (i = 0; i < MAX_USERS; ++i) {
1403 if (f->s == FCGI_OFF) {
1405 start_reply(c, TEMP_FAILURE, "internal server error");
1412 handle_imsg_quit(struct imsgbuf *ibuf, struct imsg *imsg, size_t len)
1420 * don't call event_loopbreak since we want to finish to
1421 * handle the ongoing connections.
1430 signal_del(&siginfo);
1432 signal_del(&sigusr2);
1434 for (i = 0; i < FCGI_MAX; ++i) {
1435 if (fcgi[i].path == NULL && fcgi[i].prog == NULL)
1438 if (fcgi[i].bev == NULL || fcgi[i].pending != 0)
1441 fcgi_close_backend(&fcgi[i]);
1446 handle_dispatch_imsg(int fd, short ev, void *d)
1448 struct imsgbuf *ibuf = d;
1449 dispatch_imsg(ibuf, handlers, sizeof(handlers));
1453 handle_siginfo(int fd, short ev, void *d)
1459 log_info(NULL, "%d connected clients", connected_clients);
1463 loop(struct tls *ctx_, int sock4, int sock6, struct imsgbuf *ibuf)
1471 memset(&clients, 0, sizeof(clients));
1472 for (i = 0; i < MAX_USERS; ++i)
1475 event_set(&e4, sock4, EV_READ | EV_PERSIST, &do_accept, NULL);
1476 event_add(&e4, NULL);
1480 event_set(&e6, sock6, EV_READ | EV_PERSIST, &do_accept, NULL);
1481 event_add(&e6, NULL);
1484 event_set(&imsgev, ibuf->fd, EV_READ | EV_PERSIST, handle_dispatch_imsg, ibuf);
1485 event_add(&imsgev, NULL);
1489 signal_set(&siginfo, SIGINFO, &handle_siginfo, NULL);
1490 signal_add(&siginfo, NULL);
1492 signal_set(&sigusr2, SIGUSR2, &handle_siginfo, NULL);
1493 signal_add(&sigusr2, NULL);
1495 sandbox_server_process();