2 * Copyright (c) 2020 Omar Polo <op@omarpolo.com>
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22 #include <sys/socket.h>
23 #include <sys/types.h>
25 #include <arpa/inet.h>
26 #include <netinet/in.h>
39 #include <openssl/x509.h>
41 #define GEMINI_URL_LEN (1024+3) /* URL max len + \r\n + \0 */
44 #define TEMP_REDIRECT 30
45 #define TEMP_FAILURE 40
48 #define PROXY_REFUSED 53
49 #define BAD_REQUEST 59
50 #define CLIENT_CERT_REQ 60
51 #define CERT_NOT_AUTH 61
55 /* maximum hostname and label length, +1 for the NUL-terminator */
56 #define DOMAIN_NAME_LEN (253+1)
57 #define LABEL_LEN (63+1)
71 #define FCGI_INFLIGHT 1
75 extern struct fcgi fcgi[FCGI_MAX];
77 TAILQ_HEAD(lochead, location);
81 const char *default_mime;
83 int auto_index; /* 0 auto, -1 off, 1 on */
85 const char *block_fmt;
94 TAILQ_ENTRY(location) locations;
97 TAILQ_HEAD(envhead, envlist);
101 TAILQ_ENTRY(envlist) envs;
104 TAILQ_HEAD(aliashead, alist);
107 TAILQ_ENTRY(alist) aliases;
110 extern TAILQ_HEAD(vhosthead, vhost) hosts;
116 const char *entrypoint;
118 TAILQ_ENTRY(vhost) vhosts;
120 /* the first location rule is always '*' and holds the default
121 * settings for the vhost, then follows the "real" location
122 * rules as specified in the configuration. */
123 struct lochead locations;
126 struct aliashead aliases;
129 struct etm { /* extension to mime */
141 /* from command line */
155 extern const char *config_path;
156 extern struct conf conf;
158 extern struct imsgbuf logibuf, exibuf, servibuf[PROC_MAX];
160 extern int servpipes[PROC_MAX];
181 TAILQ_ENTRY(mbuf) mbufs;
184 TAILQ_HEAD(mbufhead, mbuf);
186 typedef void (imsg_handlerfn)(struct imsgbuf*, struct imsg*, size_t);
188 typedef void (*statefn)(int, short, void*);
191 * DFA: handle_handshake is the initial state, close_conn the final.
192 * Sometimes we have an enter_* function to handle the state switch.
194 * handle_handshake -> handle_open_conn
195 * handle_handshake -> close_conn // on err
197 * handle_open_conn -> handle_cgi_reply // via open_file/dir/...
198 * handle_open_conn -> send_fcgi_req // via apply_fastcgi, IMSG_FCGI_FD
199 * handle_open_conn -> handle_dirlist // ...same
200 * handle_open_conn -> send_file // ...same
201 * handle_open_conn -> start_reply // on error
203 * handle_cgi_reply -> handle_cgi // after logging the CGI reply
204 * handle_cgi_reply -> start_reply // on error
206 * handle_cgi -> close_conn
208 * send_fcgi_req -> copy_mbuf // via handle_fcgi
209 * handle_fcgi -> close_all // on error
210 * copy_mbuf -> close_conn // on success/error
212 * handle_dirlist -> send_directory_listing
213 * handle_dirlist -> close_conn // on error
215 * send_directory_listing -> close_conn
217 * send_file -> close_conn
222 char req[GEMINI_URL_LEN];
224 char domain[DOMAIN_NAME_LEN];
227 * start_reply uses this to know what function call after the
228 * reply. It's also used as sentinel value in fastcgi to know
229 * if the server has closed the request.
240 /* big enough to store STATUS + SPACE + META + CRLF */
244 struct mbufhead mbufhead;
246 struct sockaddr_storage addr;
247 struct vhost *host; /* host they're talking to */
248 size_t loc; /* location matched */
251 extern struct client clients[MAX_USERS];
254 char buf[GEMINI_URL_LEN];
256 size_t iri_schema_off;
260 size_t iri_query_off;
261 size_t iri_fragment_off;
264 char spath[PATH_MAX+1];
265 char relpath[PATH_MAX+1];
266 char addr[NI_MAXHOST+1];
268 /* AFAIK there isn't an upper limit for these two fields. */
300 char *data_dir(void);
301 void load_local_cert(const char*, const char*);
302 void load_vhosts(void);
303 int make_socket(int, int);
304 void setup_tls(void);
305 void init_config(void);
306 void free_config(void);
307 void drop_priv(void);
309 /* provided by lex/yacc */
312 extern int yyparse(void);
313 extern int yylex(void);
315 void yyerror(const char*, ...);
316 int parse_portno(const char*);
317 void parse_conf(const char*);
320 void fatal(const char*, ...)
321 __attribute__((format (printf, 1, 2)))
322 __attribute__((__noreturn__));
324 #define LOG_ATTR_FMT __attribute__((format (printf, 2, 3)))
325 void log_err(struct client*, const char*, ...) LOG_ATTR_FMT;
326 void log_warn(struct client*, const char*, ...) LOG_ATTR_FMT;
327 void log_notice(struct client*, const char*, ...) LOG_ATTR_FMT;
328 void log_info(struct client*, const char*, ...) LOG_ATTR_FMT;
329 void log_debug(struct client*, const char*, ...) LOG_ATTR_FMT;
330 void log_request(struct client*, char*, size_t);
331 int logger_main(int, struct imsgbuf*);
334 void init_mime(struct mime*);
335 void add_mime(struct mime*, const char*, const char*);
336 void load_default_mime(struct mime*);
337 const char *mime(struct vhost*, const char*);
340 const char *vhost_lang(struct vhost*, const char*);
341 const char *vhost_default_mime(struct vhost*, const char*);
342 const char *vhost_index(struct vhost*, const char*);
343 int vhost_auto_index(struct vhost*, const char*);
344 int vhost_block_return(struct vhost*, const char*, int*, const char**);
345 int vhost_fastcgi(struct vhost*, const char*);
346 int vhost_dirfd(struct vhost*, const char*, size_t*);
347 int vhost_strip(struct vhost*, const char*);
348 X509_STORE *vhost_require_ca(struct vhost*, const char*);
349 int vhost_disable_log(struct vhost*, const char*);
351 void mark_nonblock(int);
352 void start_reply(struct client*, int, const char*);
353 void close_conn(int, short, void*);
354 struct client *try_client_by_id(int);
355 void loop(struct tls*, int, int, struct imsgbuf*);
358 int scandir_fd(int, struct dirent***, int(*)(const struct dirent*),
359 int(*)(const struct dirent**, const struct dirent**));
360 int select_non_dot(const struct dirent*);
361 int select_non_dotdot(const struct dirent*);
364 int send_string(int, const char*);
365 int recv_string(int, char**);
366 int send_iri(int, struct iri*);
367 int recv_iri(int, struct iri*);
368 void free_recvd_iri(struct iri*);
369 int send_vhost(int, struct vhost*);
370 int recv_vhost(int, struct vhost**);
371 int send_time(int, time_t);
372 int recv_time(int, time_t*);
373 int send_fd(int, int);
375 int executor_main(struct imsgbuf*);
378 void handle_fcgi(int, short, void*);
379 void send_fcgi_req(struct fcgi*, struct client*);
382 void sandbox_server_process(void);
383 void sandbox_executor_process(void);
384 void sandbox_logger_process(void);
387 int valid_multibyte_utf8(struct parser*);
388 char *utf8_nth(char*, size_t);
391 int parse_iri(char*, struct iri*, const char**);
392 int trim_req_iri(char*, const char **);
393 int serialize_iri(struct iri*, char*, size_t);
394 char *pct_decode_str(char *);
397 int puny_decode(const char*, char*, size_t, const char**);
400 void block_signals(void);
401 void unblock_signals(void);
402 int starts_with(const char*, const char*);
403 int ends_with(const char*, const char*);
404 ssize_t filesize(int);
405 char *absolutify_path(const char*);
406 char *xstrdup(const char*);
407 void *xcalloc(size_t, size_t);
408 void gen_certificate(const char*, const char*, const char*);
409 X509_STORE *load_ca(const char*);
410 int validate_against_ca(X509_STORE*, const uint8_t*, size_t);
411 void dispatch_imsg(struct imsgbuf*, imsg_handlerfn**, size_t);