1 /*
2  * Copyright (c) 2020 Omar Polo <op@omarpolo.com>
3  *
4  * Permission to use, copy, modify, and distribute this software for any
5  * purpose with or without fee is hereby granted, provided that the above
6  * copyright notice and this permission notice appear in all copies.
7  *
8  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15  */
16 
17 #include <sys/mman.h>
18 #include <sys/socket.h>
19 #include <sys/stat.h>
20 
21 #include <arpa/inet.h>
22 #include <netinet/in.h>
23 
24 #include <assert.h>
25 #include <err.h>
26 #include <errno.h>
27 #include <fcntl.h>
28 #include <poll.h>
29 #include <signal.h>
30 #include <stdio.h>
31 #include <stdlib.h>
32 #include <string.h>
33 #include <syslog.h>
34 #include <tls.h>
35 #include <unistd.h>
36 
37 #ifndef __OpenBSD__
38 # define pledge(a, b) 0
39 # define unveil(a, b) 0
40 #endif /* __OpenBSD__ */
41 
42 #ifndef INFTIM
43 # define INFTIM -1
44 #endif /* INFTIM */
45 
46 #define GEMINI_URL_LEN (1024+3)	/* URL max len + \r\n + \0 */
47 
48 /* large enough to hold a copy of a gemini URL and still have extra room */
49 #define PATHBUF		2048
50 
51 #define SUCCESS		20
52 #define TEMP_FAILURE	40
53 #define NOT_FOUND	51
54 #define BAD_REQUEST	59
55 
56 #ifndef MAX_USERS
57 #define MAX_USERS	64
58 #endif
59 
60 #define SAFE_SETENV(var, val) do {		\
61 		const char *_tmp = (val);	\
62 		if (_tmp == NULL)		\
63 			_tmp = "";		\
64 		setenv((var), _tmp, 1);		\
65 	} while(0)
66 
67 enum {
68 	S_OPEN,
69 	S_INITIALIZING,
70 	S_SENDING,
71 	S_CLOSING,
72 };
73 
74 struct client {
75 	struct tls	*ctx;
76 	int		 state;
77 	int		 code;
78 	const char	*meta;
79 	int		 fd, waiting_on_child;
80 	pid_t		 child;
81 	char		 sbuf[1024];	  /* static buffer */
82 	void		*buf, *i;	  /* mmap buffer */
83 	ssize_t		 len, off;	  /* mmap/static buffer  */
84 	int		 af;
85 	struct in_addr	 addr;
86 };
87 
88 enum {
89 	FILE_EXISTS,
90 	FILE_EXECUTABLE,
91 	FILE_DIRECTORY,
92 	FILE_MISSING,
93 };
94 
95 struct etm {			/* file extension to mime */
96 	const char	*mime;
97 	const char	*ext;
98 } filetypes[] = {
99 	{"application/pdf",	"pdf"},
100 
101 	{"image/gif",		"gif"},
102 	{"image/jpeg",		"jpg"},
103 	{"image/jpeg",		"jpeg"},
104 	{"image/png",		"png"},
105 	{"image/svg+xml",	"svg"},
106 
107 	{"text/gemini",		"gemini"},
108 	{"text/gemini",		"gmi"},
109 	{"text/markdown",	"markdown"},
110 	{"text/markdown",	"md"},
111 	{"text/plain",		"txt"},
112 	{"text/xml",		"xml"},
113 
114 	{NULL, NULL}
115 };
116 
117 #define LOG(priority, c, fmt, ...)					\
118 	do {								\
119 		char buf[INET_ADDRSTRLEN];				\
120 		if (inet_ntop((c)->af, &(c)->addr,			\
121 		    buf, sizeof(buf)) == NULL)				\
122 			FATAL("inet_ntop: %s", strerror(errno));	\
123 		if (foreground)						\
124 			fprintf(stderr,					\
125 			    "%s " fmt "\n", buf, __VA_ARGS__);		\
126 		else							\
127 			syslog((priority) | LOG_DAEMON,			\
128 			    "%s " fmt, buf, __VA_ARGS__);		\
129 	} while (0)
130 
131 #define LOGE(c, fmt, ...) LOG(LOG_ERR,    c, fmt, __VA_ARGS__)
132 #define LOGN(c, fmt, ...) LOG(LOG_NOTICE, c, fmt, __VA_ARGS__)
133 #define LOGI(c, fmt, ...) LOG(LOG_INFO,   c, fmt, __VA_ARGS__)
134 #define LOGD(c, fmt, ...) LOG(LOG_DEBUG,  c, fmt, __VA_ARGS__)
135 
136 #define FATAL(fmt, ...)							\
137 	do {								\
138 		if (foreground)						\
139 			fprintf(stderr, fmt "\n", __VA_ARGS__);		\
140 		else							\
141 			syslog(LOG_DAEMON | LOG_CRIT,			\
142 			    fmt, __VA_ARGS__);				\
143 		exit(1);						\
144 	} while (0)
145 
146 const char *dir, *cgi;
147 int dirfd;
148 int port;
149 int foreground;
150 int connected_clients;
151 
152 void		 siginfo_handler(int);
153 int		 starts_with(const char*, const char*);
154 
155 char		*url_after_proto(char*);
156 char		*url_start_of_request(char*);
157 int		 url_trim(struct client*, char*);
158 char		*adjust_path(char*);
159 ssize_t		 filesize(int);
160 
161 int		 start_reply(struct pollfd*, struct client*, int, const char*);
162 const char	*path_ext(const char*);
163 const char	*mime(const char*);
164 int		 check_path(struct client*, const char*, int*);
165 int		 check_for_cgi(char *, char*, struct pollfd*, struct client*);
166 int		 open_file(char*, char*, struct pollfd*, struct client*);
167 int		 start_cgi(const char*, const char*, const char*, struct pollfd*, struct client*);
168 void		 cgi_setpoll_on_child(struct pollfd*, struct client*);
169 void		 cgi_setpoll_on_client(struct pollfd*, struct client*);
170 void		 handle_cgi(struct pollfd*, struct client*);
171 void		 send_file(char*, char*, struct pollfd*, struct client*);
172 void		 send_dir(char*, struct pollfd*, struct client*);
173 void		 handle(struct pollfd*, struct client*);
174 
175 void		 mark_nonblock(int);
176 int		 make_soket(int);
177 void		 do_accept(int, struct tls*, struct pollfd*, struct client*);
178 void		 goodbye(struct pollfd*, struct client*);
179 void		 loop(struct tls*, int);
180 
181 void		 usage(const char*);
182 
183 void
184 siginfo_handler(int sig)
185 {
186 	(void)sig;
187 }
188 
189 int
190 starts_with(const char *str, const char *prefix)
191 {
192 	size_t i;
193 
194 	for (i = 0; prefix[i] != '\0'; ++i)
195 		if (str[i] != prefix[i])
196 			return 0;
197 	return 1;
198 }
199 
200 char *
201 url_after_proto(char *url)
202 {
203 	char *s;
204 	const char *proto = "gemini:";
205 	const char *marker = "//";
206 
207 	/* a relative URL */
208 	if ((s = strstr(url, marker)) == NULL)
209 		return url;
210 
211 	/*
212 	 * if a protocol is not specified, gemini should be implied:
213 	 * this handles the case of //example.com
214 	 */
215 	if (s == url)
216 		return s + strlen(marker);
217 
218 	if (s - strlen(proto) != url)
219 		return NULL;
220 
221 	if (!starts_with(url, proto))
222 		return NULL;
223 
224 	return s + strlen(marker);
225 }
226 
227 char *
228 url_start_of_request(char *url)
229 {
230 	char *s, *t;
231 
232 	if ((s = url_after_proto(url)) == NULL)
233 		return NULL;
234 
235 	/* non-absolute URL */
236 	if (s == url)
237 		return s;
238 
239 	if ((t = strstr(s, "/")) == NULL)
240 		return s + strlen(s);
241 	return t;
242 }
243 
244 int
245 url_trim(struct client *c, char *url)
246 {
247 	const char *e = "\r\n";
248 	char *s;
249 
250 	if ((s = strstr(url, e)) == NULL)
251 		return 0;
252 	s[0] = '\0';
253 	s[1] = '\0';
254 
255 	if (s[2] != '\0') {
256 		LOGE(c, "%s", "request longer than 1024 bytes");
257 		return 0;
258 	}
259 
260 	return 1;
261 }
262 
263 char *
264 adjust_path(char *path)
265 {
266 	char *s, *query;
267 	size_t len;
268 
269 	if ((query = strchr(path, '?')) != NULL) {
270 		*query = '\0';
271 		query++;
272 	}
273 
274 	/* /.. -> / */
275 	len = strlen(path);
276 	if (len >= 3) {
277 		if (!strcmp(&path[len-3], "/..")) {
278 			path[len-2] = '\0';
279 		}
280 	}
281 
282 	/* if the path is only `..` trim out and exit */
283 	if (!strcmp(path, "..")) {
284 		path[0] = '\0';
285 		return query;
286 	}
287 
288 	/* remove every ../ in the path */
289 	while (1) {
290 		if ((s = strstr(path, "../")) == NULL)
291 			return query;
292 		memmove(s, s+3, strlen(s)+1);	/* copy also the \0 */
293 	}
294 }
295 
296 int
297 start_reply(struct pollfd *pfd, struct client *client, int code, const char *reason)
298 {
299 	char buf[1030] = {0}; 	/* status + ' ' + max reply len + \r\n\0 */
300 	int len;
301 	int ret;
302 
303 	client->code = code;
304 	client->meta = reason;
305 	client->state = S_INITIALIZING;
306 
307 	len = snprintf(buf, sizeof(buf), "%d %s\r\n", code, reason);
308 	assert(len < (int)sizeof(buf));
309 	ret = tls_write(client->ctx, buf, len);
310 	if (ret == TLS_WANT_POLLIN) {
311 		pfd->events = POLLIN;
312 		return 0;
313 	}
314 
315 	if (ret == TLS_WANT_POLLOUT) {
316 		pfd->events = POLLOUT;
317 		return 0;
318 	}
319 
320 	return 1;
321 }
322 
323 ssize_t
324 filesize(int fd)
325 {
326 	ssize_t len;
327 
328 	if ((len = lseek(fd, 0, SEEK_END)) == -1)
329 		return -1;
330 	if (lseek(fd, 0, SEEK_SET) == -1)
331 		return -1;
332 	return len;
333 }
334 
335 const char *
336 path_ext(const char *path)
337 {
338 	const char *end;
339 
340 	end = path + strlen(path)-1; /* the last byte before the NUL */
341 	for (; end != path; --end) {
342 		if (*end == '.')
343 			return end+1;
344 		if (*end == '/')
345 			break;
346 	}
347 
348 	return NULL;
349 }
350 
351 const char *
352 mime(const char *path)
353 {
354 	const char *ext, *def = "application/octet-stream";
355 	struct etm *t;
356 
357 	if ((ext = path_ext(path)) == NULL)
358 		return def;
359 
360 	for (t = filetypes; t->mime != NULL; ++t)
361 		if (!strcmp(ext, t->ext))
362 			return t->mime;
363 
364 	return def;
365 }
366 
367 int
368 check_path(struct client *c, const char *path, int *fd)
369 {
370 	struct stat sb;
371 
372 	assert(path != NULL);
373 	if ((*fd = openat(dirfd, path,
374 		    O_RDONLY | O_NOFOLLOW | O_CLOEXEC)) == -1) {
375 		return FILE_MISSING;
376 	}
377 
378 	if (fstat(*fd, &sb) == -1) {
379 		LOGN(c, "failed stat for %s: %s", path, strerror(errno));
380 		return FILE_MISSING;
381 	}
382 
383 	if (S_ISDIR(sb.st_mode))
384 		return FILE_DIRECTORY;
385 
386 	if (sb.st_mode & S_IXUSR)
387 		return FILE_EXECUTABLE;
388 
389 	return FILE_EXISTS;
390 }
391 
392 /*
393  * the inverse of this algorithm, i.e. starting from the start of the
394  * path + strlen(cgi), and checking if each component, should be
395  * faster.  But it's tedious to write.  This does the opposite: starts
396  * from the end and strip one component at a time, until either an
397  * executable is found or we emptied the path.
398  */
399 int
400 check_for_cgi(char *path, char *query, struct pollfd *fds, struct client *c)
401 {
402 	char *end;
403 	end = strchr(path, '\0');
404 
405 	/* NB: assume CGI is enabled and path matches cgi */
406 
407 	while (end > path) {
408 		/* go up one level.  UNIX paths are simple and POSIX
409 		 * dirname, with its ambiguities on if the given path
410 		 * is changed or not, gives me headaches. */
411 		while (*end != '/')
412 			end--;
413 		*end = '\0';
414 
415 		switch (check_path(c, path, &c->fd)) {
416 		case FILE_EXECUTABLE:
417 			return start_cgi(path, end+1, query, fds,c);
418 		case FILE_MISSING:
419 			break;
420 		default:
421 			goto err;
422 		}
423 
424 		*end = '/';
425 		end--;
426 	}
427 
428 err:
429 	if (!start_reply(fds, c, NOT_FOUND, "not found"))
430 		return 0;
431 	goodbye(fds, c);
432 	return 0;
433 }
434 
435 
436 int
437 open_file(char *path, char *query, struct pollfd *fds, struct client *c)
438 {
439 	char fpath[PATHBUF];
440 
441 	bzero(fpath, sizeof(fpath));
442 
443 	if (*path != '.')
444 		fpath[0] = '.';
445 	strlcat(fpath, path, PATHBUF);
446 
447 	switch (check_path(c, fpath, &c->fd)) {
448 	case FILE_EXECUTABLE:
449 		/* +2 to skip the ./ */
450 		if (cgi != NULL && starts_with(fpath+2, cgi))
451 			return start_cgi(fpath, "", query, fds, c);
452 
453 		/* fallthrough */
454 
455 	case FILE_EXISTS:
456 		if ((c->len = filesize(c->fd)) == -1) {
457 			LOGE(c, "failed to get file size for %s", fpath);
458 			goodbye(fds, c);
459 			return 0;
460 		}
461 
462 		if ((c->buf = mmap(NULL, c->len, PROT_READ, MAP_PRIVATE,
463 			    c->fd, 0)) == MAP_FAILED) {
464 			warn("mmap: %s", fpath);
465 			goodbye(fds, c);
466 			return 0;
467 		}
468 		c->i = c->buf;
469 		return start_reply(fds, c, SUCCESS, mime(fpath));
470 
471 	case FILE_DIRECTORY:
472 		LOGD(c, "%s is a directory, trying %s/index.gmi", fpath, fpath);
473 		close(c->fd);
474 		c->fd = -1;
475 		send_dir(fpath, fds, c);
476 		return 0;
477 
478 	case FILE_MISSING:
479 		if (cgi != NULL && starts_with(fpath+2, cgi))
480 			return check_for_cgi(fpath, query, fds, c);
481 
482 		if (!start_reply(fds, c, NOT_FOUND, "not found"))
483 			return 0;
484 		goodbye(fds, c);
485 		return 0;
486 
487 	default:
488 		/* unreachable */
489 		abort();
490 	}
491 }
492 
493 int
494 start_cgi(const char *spath, const char *relpath, const char *query,
495     struct pollfd *fds, struct client *c)
496 {
497 	pid_t pid;
498 	int p[2]; 		/* read end, write end */
499 
500 	if (pipe(p) == -1)
501 		goto err;
502 
503 	switch (pid = fork()) {
504 	case -1:
505 		goto err;
506 
507 	case 0: { 		/* child */
508 		char *ex, *requri, *portno;
509 		char addr[INET_ADDRSTRLEN];
510 		char *argv[] = { NULL, NULL, NULL };
511 
512 		spath++;
513 
514 		close(p[0]);
515 		if (dup2(p[1], 1) == -1)
516 			goto childerr;
517 
518 		if (inet_ntop(c->af, &c->addr, addr, sizeof(addr)) == NULL)
519 			goto childerr;
520 
521 		if (asprintf(&portno, "%d", port) == -1)
522 			goto childerr;
523 
524 		if (asprintf(&ex, "%s%s", dir, spath+1) == -1)
525 			goto childerr;
526 
527 		if (asprintf(&requri, "%s%s%s", spath,
528 		    *relpath == '\0' ? "" : "/",
529 		    relpath) == -1)
530 			goto childerr;
531 
532 		argv[0] = argv[1] = ex;
533 
534 		/* fix the env */
535 		SAFE_SETENV("GATEWAY_INTERFACE", "CGI/1.1");
536 		SAFE_SETENV("SERVER_SOFTWARE", "gmid");
537 		SAFE_SETENV("SERVER_PORT", portno);
538 		/* setenv("SERVER_NAME", "", 1); */
539 		SAFE_SETENV("SCRIPT_NAME", spath);
540 		SAFE_SETENV("SCRIPT_EXECUTABLE", ex);
541 		SAFE_SETENV("REQUEST_URI", requri);
542 		SAFE_SETENV("REQUEST_RELATIVE", relpath);
543 		SAFE_SETENV("QUERY_STRING", query);
544 		SAFE_SETENV("REMOTE_HOST", addr);
545 		SAFE_SETENV("REMOTE_ADDR", addr);
546 		SAFE_SETENV("DOCUMENT_ROOT", dir);
547 
548 		if (tls_peer_cert_provided(c->ctx)) {
549 			SAFE_SETENV("AUTH_TYPE", "Certificate");
550 			SAFE_SETENV("REMOTE_USER", tls_peer_cert_subject(c->ctx));
551 			SAFE_SETENV("TLS_CLIENT_ISSUER", tls_peer_cert_issuer(c->ctx));
552 			SAFE_SETENV("TLS_CLIENT_HASH", tls_peer_cert_hash(c->ctx));
553 		}
554 
555 		execvp(ex, argv);
556 		goto childerr;
557 	}
558 
559 	default:		/* parent */
560 		close(p[1]);
561 		close(c->fd);
562 		c->fd = p[0];
563 		c->child = pid;
564 		mark_nonblock(c->fd);
565 		c->state = S_SENDING;
566 		handle_cgi(fds, c);
567 		return 0;
568 	}
569 
570 err:
571 	if (!start_reply(fds, c, TEMP_FAILURE, "internal server error"))
572 		return 0;
573 	goodbye(fds, c);
574 	return 0;
575 
576 childerr:
577 	dprintf(p[1], "%d internal server error\r\n", TEMP_FAILURE);
578 	close(p[1]);
579 	_exit(1);
580 }
581 
582 void
583 cgi_setpoll_on_child(struct pollfd *fds, struct client *c)
584 {
585 	int fd;
586 
587 	if (c->waiting_on_child)
588 		return;
589 	c->waiting_on_child = 1;
590 
591 	fds->events = POLLIN;
592 
593 	fd = fds->fd;
594 	fds->fd = c->fd;
595 	c->fd = fd;
596 }
597 
598 void
599 cgi_setpoll_on_client(struct pollfd *fds, struct client *c)
600 {
601 	int fd;
602 
603 	if (!c->waiting_on_child)
604 		return;
605 	c->waiting_on_child = 0;
606 
607 	fd = fds->fd;
608 	fds->fd = c->fd;
609 	c->fd = fd;
610 }
611 
612 void
613 handle_cgi(struct pollfd *fds, struct client *c)
614 {
615 	ssize_t r;
616 
617 	/* ensure c->fd is the child and fds->fd the client */
618 	cgi_setpoll_on_client(fds, c);
619 
620 	while (1) {
621 		if (c->len == 0) {
622 			if ((r = read(c->fd, c->sbuf, sizeof(c->sbuf))) == 0)
623 				goto end;
624 			if (r == -1) {
625 				if (errno == EAGAIN || errno == EWOULDBLOCK) {
626 					cgi_setpoll_on_child(fds, c);
627 					return;
628 				}
629                                 goto end;
630 			}
631 			c->len = r;
632 			c->off = 0;
633 		}
634 
635 		while (c->len > 0) {
636 			switch (r = tls_write(c->ctx, c->sbuf + c->off, c->len)) {
637 			case -1:
638 				goto end;
639 
640 			case TLS_WANT_POLLOUT:
641 				fds->events = POLLOUT;
642 				return;
643 
644 			case TLS_WANT_POLLIN:
645 				fds->events = POLLIN;
646 				return;
647 
648 			default:
649                                 c->off += r;
650 				c->len -= r;
651 				break;
652 			}
653 		}
654 	}
655 
656 end:
657 	goodbye(fds, c);
658 }
659 
660 void
661 send_file(char *path, char *query, struct pollfd *fds, struct client *c)
662 {
663 	ssize_t ret, len;
664 
665 	if (c->fd == -1) {
666 		if (!open_file(path, query, fds, c))
667 			return;
668 		c->state = S_SENDING;
669 	}
670 
671 	len = (c->buf + c->len) - c->i;
672 
673 	while (len > 0) {
674 		switch (ret = tls_write(c->ctx, c->i, len)) {
675 		case -1:
676 			LOGE(c, "tls_write: %s", tls_error(c->ctx));
677 			goodbye(fds, c);
678 			return;
679 
680 		case TLS_WANT_POLLIN:
681 			fds->events = POLLIN;
682 			return;
683 
684 		case TLS_WANT_POLLOUT:
685 			fds->events = POLLOUT;
686 			return;
687 
688 		default:
689 			c->i += ret;
690 			len -= ret;
691 			break;
692 		}
693 	}
694 
695 	goodbye(fds, c);
696 }
697 
698 void
699 send_dir(char *path, struct pollfd *fds, struct client *client)
700 {
701 	char fpath[PATHBUF];
702 	size_t len;
703 
704 	bzero(fpath, PATHBUF);
705 
706 	if (path[0] != '.')
707 		fpath[0] = '.';
708 
709 	/* this cannot fail since sizeof(fpath) > maxlen of path */
710 	strlcat(fpath, path, PATHBUF);
711 	len = strlen(fpath);
712 
713 	/* add a trailing / in case. */
714 	if (fpath[len-1] != '/') {
715 		fpath[len] = '/';
716 	}
717 
718 	strlcat(fpath, "index.gmi", sizeof(fpath));
719 
720 	send_file(fpath, NULL, fds, client);
721 }
722 
723 void
724 handle(struct pollfd *fds, struct client *client)
725 {
726 	char buf[GEMINI_URL_LEN];
727 	char *path;
728 	char *query;
729 
730 	switch (client->state) {
731 	case S_OPEN:
732 		bzero(buf, GEMINI_URL_LEN);
733 		switch (tls_read(client->ctx, buf, sizeof(buf)-1)) {
734 		case -1:
735 			LOGE(client, "tls_read: %s", tls_error(client->ctx));
736 			goodbye(fds, client);
737 			return;
738 
739 		case TLS_WANT_POLLIN:
740 			fds->events = POLLIN;
741 			return;
742 
743 		case TLS_WANT_POLLOUT:
744 			fds->events = POLLOUT;
745 			return;
746 		}
747 
748 		if (!url_trim(client, buf)) {
749 			if (!start_reply(fds, client, BAD_REQUEST, "bad request"))
750 				return;
751 			goodbye(fds, client);
752 			return;
753 		}
754 
755 		if ((path = url_start_of_request(buf)) == NULL) {
756 			if (!start_reply(fds, client, BAD_REQUEST, "bad request"))
757 				return;
758 			goodbye(fds, client);
759 			return;
760 		}
761 
762 		query = adjust_path(path);
763 		LOGI(client, "GET %s%s%s", path,
764 		    query ? "?" : "",
765 		    query ? query : "");
766 
767 		send_file(path, query, fds, client);
768 		break;
769 
770 	case S_INITIALIZING:
771 		if (!start_reply(fds, client, client->code, client->meta))
772 			return;
773 
774 		if (client->code != SUCCESS) {
775 			/* we don't need a body */
776 			goodbye(fds, client);
777 			return;
778 		}
779 
780 		client->state = S_SENDING;
781 
782 		/* fallthrough */
783 
784 	case S_SENDING:
785 		if (client->child != -1)
786 			handle_cgi(fds, client);
787 		else
788 			send_file(NULL, NULL, fds, client);
789 		break;
790 
791 	case S_CLOSING:
792 		goodbye(fds, client);
793 		break;
794 
795 	default:
796 		/* unreachable */
797 		abort();
798 	}
799 }
800 
801 void
802 mark_nonblock(int fd)
803 {
804 	int flags;
805 
806 	if ((flags = fcntl(fd, F_GETFL)) == -1)
807 		FATAL("fcntl(F_GETFL): %s", strerror(errno));
808 	if (fcntl(fd, F_SETFL, flags | O_NONBLOCK) == -1)
809 		FATAL("fcntl(F_SETFL): %s", strerror(errno));
810 }
811 
812 int
813 make_socket(int port, int family)
814 {
815 	int sock, v;
816 	struct sockaddr_in addr4;
817 	struct sockaddr_in6 addr6;
818 	struct sockaddr *addr;
819 	socklen_t len;
820 
821         switch (family) {
822 	case AF_INET:
823 		bzero(&addr4, sizeof(addr4));
824 		addr4.sin_family = family;
825 		addr4.sin_port = htons(port);
826 		addr4.sin_addr.s_addr = INADDR_ANY;
827 		addr = (struct sockaddr*)&addr4;
828 		len = sizeof(addr4);
829 		break;
830 
831 	case AF_INET6:
832 		bzero(&addr6, sizeof(addr6));
833 		addr6.sin6_family = AF_INET6;
834 		addr6.sin6_port = htons(port);
835 		addr6.sin6_addr = in6addr_any;
836 		addr = (struct sockaddr*)&addr6;
837 		len = sizeof(addr6);
838 		break;
839 
840 	default:
841 		/* unreachable */
842 		abort();
843 	}
844 
845 	if ((sock = socket(family, SOCK_STREAM, 0)) == -1)
846 		FATAL("socket: %s", strerror(errno));
847 
848 	v = 1;
849 	if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &v, sizeof(v)) == -1)
850 		FATAL("setsockopt(SO_REUSEADDR): %s", strerror(errno));
851 
852 	v = 1;
853 	if (setsockopt(sock, SOL_SOCKET, SO_REUSEPORT, &v, sizeof(v)) == -1)
854 		FATAL("setsockopt(SO_REUSEPORT): %s", strerror(errno));
855 
856 	mark_nonblock(sock);
857 
858 	if (bind(sock, addr, len) == -1)
859 		FATAL("bind: %s", strerror(errno));
860 
861 	if (listen(sock, 16) == -1)
862 		FATAL("listen: %s", strerror(errno));
863 
864 	return sock;
865 }
866 
867 void
868 do_accept(int sock, struct tls *ctx, struct pollfd *fds, struct client *clients)
869 {
870 	int i, fd;
871 	struct sockaddr_in addr;
872 	socklen_t len;
873 
874 	len = sizeof(addr);
875 	if ((fd = accept(sock, (struct sockaddr*)&addr, &len)) == -1) {
876 		if (errno == EWOULDBLOCK)
877 			return;
878 		FATAL("accept: %s", strerror(errno));
879 	}
880 
881 	mark_nonblock(fd);
882 
883 	for (i = 0; i < MAX_USERS; ++i) {
884 		if (fds[i].fd == -1) {
885 			bzero(&clients[i], sizeof(struct client));
886 			if (tls_accept_socket(ctx, &clients[i].ctx, fd) == -1)
887 				break; /* goodbye fd! */
888 
889 			fds[i].fd = fd;
890 			fds[i].events = POLLIN;
891 
892 			clients[i].state = S_OPEN;
893 			clients[i].fd = -1;
894 			clients[i].child = -1;
895 			clients[i].buf = MAP_FAILED;
896 			clients[i].af = AF_INET;
897 			clients[i].addr = addr.sin_addr;
898 
899 			connected_clients++;
900 			return;
901 		}
902 	}
903 
904 	close(fd);
905 }
906 
907 void
908 goodbye(struct pollfd *pfd, struct client *c)
909 {
910 	ssize_t ret;
911 
912 	c->state = S_CLOSING;
913 
914 	ret = tls_close(c->ctx);
915 	if (ret == TLS_WANT_POLLIN) {
916 		pfd->events = POLLIN;
917 		return;
918 	}
919 	if (ret == TLS_WANT_POLLOUT) {
920 		pfd->events = POLLOUT;
921 		return;
922 	}
923 
924 	connected_clients--;
925 
926 	tls_free(c->ctx);
927 	c->ctx = NULL;
928 
929 	if (c->buf != MAP_FAILED)
930 		munmap(c->buf, c->len);
931 
932 	if (c->fd != -1)
933 		close(c->fd);
934 
935 	close(pfd->fd);
936 	pfd->fd = -1;
937 }
938 
939 void
940 loop(struct tls *ctx, int sock)
941 {
942 	int i, todo;
943 	struct client clients[MAX_USERS];
944 	struct pollfd fds[MAX_USERS];
945 
946 	for (i = 0; i < MAX_USERS; ++i) {
947 		fds[i].fd = -1;
948 		fds[i].events = POLLIN;
949 		bzero(&clients[i], sizeof(struct client));
950 	}
951 
952 	fds[0].fd = sock;
953 
954 	for (;;) {
955 		if ((todo = poll(fds, MAX_USERS, INFTIM)) == -1) {
956 			if (errno == EINTR) {
957                                 warnx("connected clients: %d",
958 				    connected_clients);
959 				continue;
960 			}
961 			FATAL("poll: %s", strerror(errno));
962 		}
963 
964 		for (i = 0; i < MAX_USERS; i++) {
965 			assert(i < MAX_USERS);
966 
967 			if (fds[i].revents == 0)
968 				continue;
969 
970 			if (fds[i].revents & (POLLERR|POLLNVAL))
971 				FATAL("bad fd %d: %s", fds[i].fd,
972 				    strerror(errno));
973 
974 			if (fds[i].revents & POLLHUP) {
975 				/* fds[i] may be the fd of the stdin
976 				 * of a cgi script that has exited. */
977 				if (!clients[i].waiting_on_child) {
978 					goodbye(&fds[i], &clients[i]);
979 					continue;
980 				}
981 			}
982 
983 			todo--;
984 
985 			if (i == 0) { /* new client */
986 				do_accept(sock, ctx, fds, clients);
987 				continue;
988 			}
989 
990 			handle(&fds[i], &clients[i]);
991 		}
992 	}
993 }
994 
995 void
996 usage(const char *me)
997 {
998 	fprintf(stderr,
999 	    "USAGE: %s [-h] [-c cert.pem] [-d docs] [-k key.pem] "
1000 	    "[-l logfile] [-p port] [-x cgi-bin]\n",
1001 	    me);
1002 }
1003 
1004 int
1005 main(int argc, char **argv)
1006 {
1007 	const char *cert = "cert.pem", *key = "key.pem";
1008 	struct tls *ctx = NULL;
1009 	struct tls_config *conf;
1010 	int sock, ch;
1011 
1012 	signal(SIGPIPE, SIG_IGN);
1013 	signal(SIGCHLD, SIG_IGN);
1014 
1015 #ifdef SIGINFO
1016 	signal(SIGINFO, siginfo_handler);
1017 #endif
1018 	signal(SIGUSR2, siginfo_handler);
1019 
1020 	connected_clients = 0;
1021 
1022 	dir = "docs/";
1023 	cgi = NULL;
1024 	port = 1965;
1025 	foreground = 0;
1026 
1027 	while ((ch = getopt(argc, argv, "c:d:fhk:p:x:")) != -1) {
1028 		switch (ch) {
1029 		case 'c':
1030 			cert = optarg;
1031 			break;
1032 
1033 		case 'd':
1034 			dir = optarg;
1035 			break;
1036 
1037 		case 'f':
1038 			foreground = 1;
1039 			break;
1040 
1041 		case 'h':
1042 			usage(*argv);
1043 			return 0;
1044 
1045 		case 'k':
1046 			key = optarg;
1047 			break;
1048 
1049 		case 'p': {
1050 			char *ep;
1051 			long lval;
1052 
1053 			errno = 0;
1054 			lval = strtol(optarg, &ep, 10);
1055 			if (optarg[0] == '\0' || *ep != '\0')
1056 				err(1, "not a number: %s", optarg);
1057 			if (lval < 0 || lval > UINT16_MAX)
1058 				err(1, "port number out of range: %s", optarg);
1059 			port = lval;
1060 			break;
1061 		}
1062 
1063 		case 'x':
1064 			cgi = optarg;
1065 			break;
1066 
1067 		default:
1068 			usage(*argv);
1069 			return 1;
1070 		}
1071 	}
1072 
1073 	if ((conf = tls_config_new()) == NULL)
1074 		err(1, "tls_config_new");
1075 
1076 	/* optionally accept client certs, but don't try to verify them */
1077 	tls_config_verify_client_optional(conf);
1078 	tls_config_insecure_noverifycert(conf);
1079 
1080 	if (tls_config_set_protocols(conf,
1081 	    TLS_PROTOCOL_TLSv1_2 | TLS_PROTOCOL_TLSv1_3) == -1)
1082 		err(1, "tls_config_set_protocols");
1083 
1084 	if (tls_config_set_cert_file(conf, cert) == -1)
1085 		err(1, "tls_config_set_cert_file: %s", cert);
1086 
1087 	if (tls_config_set_key_file(conf, key) == -1)
1088 		err(1, "tls_config_set_key_file: %s", key);
1089 
1090 	if ((ctx = tls_server()) == NULL)
1091 		err(1, "tls_server");
1092 
1093 	if (tls_configure(ctx, conf) == -1)
1094 		errx(1, "tls_configure: %s", tls_error(ctx));
1095 
1096 	sock = make_socket(port, AF_INET);
1097 
1098 	if ((dirfd = open(dir, O_RDONLY | O_DIRECTORY)) == -1)
1099 		err(1, "open: %s", dir);
1100 
1101 	if (!foreground && daemon(0, 1) == -1)
1102 		exit(1);
1103 
1104 	if (cgi != NULL) {
1105 		if (unveil(dir, "rx") == -1)
1106 			err(1, "unveil");
1107 		if (pledge("stdio rpath inet proc exec", NULL) == -1)
1108 			err(1, "pledge");
1109 	} else {
1110 		if (unveil(dir, "r") == -1)
1111 			err(1, "unveil");
1112 		if (pledge("stdio rpath inet", NULL) == -1)
1113 			err(1, "pledge");
1114 	}
1115 
1116 	loop(ctx, sock);
1117 
1118 	close(sock);
1119 	tls_free(ctx);
1120 	tls_config_free(conf);
1121 }