Date:

Mon Jul 4 09:48:39 2022 UTC

Message:

copyright years

1/*
2 * Copyright (c) 2021, 2022 Omar Polo <op@omarpolo.com>
3 *
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
7 *
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 */
16
17#include "gmid.h"
18
19#include <ctype.h>
20#include <errno.h>
21#include <string.h>
22
23#define MIN(a, b)	((a) < (b) ? (a) : (b))
24
25static const struct timeval handshake_timeout = { 5, 0 };
26
27static void	proxy_tls_readcb(int, short, void *);
28static void	proxy_tls_writecb(int, short, void *);
29static void	proxy_read(struct bufferevent *, void *);
30static void	proxy_write(struct bufferevent *, void *);
31static void	proxy_error(struct bufferevent *, short, void *);
32
33static void
34proxy_tls_readcb(int fd, short event, void *d)
35{
36	struct bufferevent	*bufev = d;
37	struct client		*c = bufev->cbarg;
38	char			 buf[IBUF_READ_SIZE];
39	int			 what = EVBUFFER_READ;
40	int			 howmuch = IBUF_READ_SIZE;
41	int			 res;
42	ssize_t			 ret;
43	size_t			 len;
44
45	if (event == EV_TIMEOUT) {
46		what |= EVBUFFER_TIMEOUT;
47		goto err;
48	}
49
50	if (bufev->wm_read.high != 0)
51		howmuch = MIN(sizeof(buf), bufev->wm_read.high);
52
53	switch (ret = tls_read(c->proxyctx, buf, howmuch)) {
54	case TLS_WANT_POLLIN:
55	case TLS_WANT_POLLOUT:
56		goto retry;
57	case -1:
58		what |= EVBUFFER_ERROR;
59		goto err;
60	}
61	len = ret;
62
63	if (len == 0) {
64		what |= EVBUFFER_EOF;
65		goto err;
66	}
67
68	res = evbuffer_add(bufev->input, buf, len);
69	if (res == -1) {
70		what |= EVBUFFER_ERROR;
71		goto err;
72	}
73
74	event_add(&bufev->ev_read, NULL);
75
76	len = EVBUFFER_LENGTH(bufev->input);
77	if (bufev->wm_read.low != 0 && len < bufev->wm_read.low)
78		return;
79
80	if (bufev->readcb != NULL)
81		(*bufev->readcb)(bufev, bufev->cbarg);
82	return;
83
84retry:
85	event_add(&bufev->ev_read, NULL);
86	return;
87
88err:
89	(*bufev->errorcb)(bufev, what, bufev->cbarg);
90}
91
92static void
93proxy_tls_writecb(int fd, short event, void *d)
94{
95	struct bufferevent	*bufev = d;
96	struct client		*c = bufev->cbarg;
97	ssize_t			 ret;
98	size_t			 len;
99	short			 what = EVBUFFER_WRITE;
100
101	if (event & EV_TIMEOUT) {
102		what |= EVBUFFER_TIMEOUT;
103		goto err;
104	}
105
106	if (EVBUFFER_LENGTH(bufev->output) != 0) {
107		ret = tls_write(c->proxyctx, EVBUFFER_DATA(bufev->output),
108		    EVBUFFER_LENGTH(bufev->output));
109		switch (ret) {
110		case TLS_WANT_POLLIN:
111		case TLS_WANT_POLLOUT:
112			goto retry;
113		case -1:
114			what |= EVBUFFER_ERROR;
115			goto err;
116		}
117		len = ret;
118
119		evbuffer_drain(bufev->output, len);
120	}
121
122	if (EVBUFFER_LENGTH(bufev->output) != 0)
123		event_add(&bufev->ev_write, NULL);
124
125	if (bufev->writecb != NULL &&
126	    EVBUFFER_LENGTH(bufev->output) <= bufev->wm_write.low)
127		(*bufev->writecb)(bufev, bufev->cbarg);
128	return;
129
130retry:
131	event_add(&bufev->ev_write, NULL);
132	return;
133
134err:
135	(*bufev->errorcb)(bufev, what, bufev->cbarg);
136}
137
138static void
139proxy_read(struct bufferevent *bev, void *d)
140{
141	struct client	*c = d;
142	struct evbuffer	*src = EVBUFFER_INPUT(bev);
143	char		*hdr;
144	size_t		 len;
145	int		 code;
146
147	/* intercept the header */
148	if (c->code == 0) {
149		hdr = evbuffer_readln(src, &len, EVBUFFER_EOL_CRLF_STRICT);
150		if (hdr == NULL) {
151			/* max reply + \r\n */
152			if (EVBUFFER_LENGTH(src) > 1029) {
153				log_warn(c, "upstream server is trying to "
154				    "send a header that's too long.");
155				proxy_error(bev, EVBUFFER_READ, c);
156			}
157
158			/* wait a bit */
159			return;
160		}
161
162		if (len < 3 || len > 1029 ||
163		    !isdigit(hdr[0]) ||
164		    !isdigit(hdr[1]) ||
165		    !isspace(hdr[2])) {
166			free(hdr);
167			log_warn(c, "upstream server is trying to send a "
168			    "header that's too long.");
169			proxy_error(bev, EVBUFFER_READ, c);
170			return;
171		}
172
173		c->header = hdr;
174		code = (hdr[0] - '0') * 10 + (hdr[1] - '0');
175
176		if (code < 10 || code >= 70) {
177			log_warn(c, "upstream server is trying to send an "
178			    "invalid reply code: %d", code);
179			proxy_error(bev, EVBUFFER_READ, c);
180			return;
181		}
182
183		start_reply(c, code, hdr + 3);
184
185		if (c->code < 20 || c->code > 29) {
186			proxy_error(bev, EVBUFFER_EOF, c);
187			return;
188		}
189	}
190
191	bufferevent_write_buffer(c->bev, src);
192}
193
194static void
195proxy_write(struct bufferevent *bev, void *d)
196{
197	struct evbuffer	*dst = EVBUFFER_OUTPUT(bev);
198
199	/* request successfully sent */
200	if (EVBUFFER_LENGTH(dst) == 0)
201		bufferevent_disable(bev, EV_WRITE);
202}
203
204static void
205proxy_error(struct bufferevent *bev, short error, void *d)
206{
207	struct client	*c = d;
208
209	/*
210	 * If we're here it means that some kind of non-recoverable
211	 * error appened.
212	 */
213
214	bufferevent_free(bev);
215	c->proxybev = NULL;
216
217	tls_free(c->proxyctx);
218	c->proxyctx = NULL;
219
220	close(c->pfd);
221	c->pfd = -1;
222
223	/* EOF and no header */
224	if (c->code == 0) {
225		start_reply(c, PROXY_ERROR, "protocol error");
226		return;
227	}
228
229	c->type = REQUEST_DONE;
230	client_write(c->bev, c);
231}
232
233static void
234proxy_enqueue_req(struct client *c)
235{
236	struct proxy *p = c->proxy;
237	struct evbuffer	*evb;
238	char		 iribuf[GEMINI_URL_LEN];
239
240	c->proxybev = bufferevent_new(c->pfd, proxy_read, proxy_write,
241	    proxy_error, c);
242	if (c->proxybev == NULL)
243		fatal("can't allocate bufferevent: %s", strerror(errno));
244
245	if (!p->notls) {
246		event_set(&c->proxybev->ev_read, c->pfd, EV_READ,
247		    proxy_tls_readcb, c->proxybev);
248		event_set(&c->proxybev->ev_write, c->pfd, EV_WRITE,
249		    proxy_tls_writecb, c->proxybev);
250
251#if HAVE_LIBEVENT2
252		evbuffer_unfreeze(c->proxybev->input, 0);
253		evbuffer_unfreeze(c->proxybev->output, 1);
254#endif
255	}
256
257	serialize_iri(&c->iri, iribuf, sizeof(iribuf));
258
259	evb = EVBUFFER_OUTPUT(c->proxybev);
260	evbuffer_add_printf(evb, "%s\r\n", iribuf);
261
262	bufferevent_enable(c->proxybev, EV_READ|EV_WRITE);
263}
264
265static void
266proxy_handshake(int fd, short event, void *d)
267{
268	struct client	*c = d;
269
270	if (event == EV_TIMEOUT) {
271		start_reply(c, PROXY_ERROR, "timeout");
272		return;
273	}
274
275	switch (tls_handshake(c->proxyctx)) {
276	case TLS_WANT_POLLIN:
277		event_set(&c->proxyev, fd, EV_READ, proxy_handshake, c);
278		event_add(&c->proxyev, &handshake_timeout);
279		return;
280	case TLS_WANT_POLLOUT:
281		event_set(&c->proxyev, fd, EV_WRITE, proxy_handshake, c);
282		event_add(&c->proxyev, &handshake_timeout);
283		return;
284	case -1:
285		log_warn(c, "handshake with proxy failed: %s",
286		    tls_error(c->proxyctx));
287		start_reply(c, PROXY_ERROR, "handshake failed");
288		return;
289	}
290
291	c->proxyevset = 0;
292	proxy_enqueue_req(c);
293}
294
295static int
296proxy_setup_tls(struct client *c)
297{
298	struct proxy *p = c->proxy;
299	struct tls_config *conf = NULL;
300	const char *hn;
301
302	if ((conf = tls_config_new()) == NULL)
303		return -1;
304
305	if (p->noverifyname)
306		tls_config_insecure_noverifyname(conf);
307
308	tls_config_insecure_noverifycert(conf);
309	tls_config_set_protocols(conf, p->protocols);
310
311	if (p->cert != NULL) {
312		int r;
313
314		r = tls_config_set_cert_mem(conf, p->cert, p->certlen);
315		if (r == -1)
316			goto err;
317
318		r = tls_config_set_key_mem(conf, p->key, p->keylen);
319		if (r == -1)
320			goto err;
321	}
322
323	if ((c->proxyctx = tls_client()) == NULL)
324		goto err;
325
326	if (tls_configure(c->proxyctx, conf) == -1)
327		goto err;
328
329	if ((hn = p->sni) == NULL)
330		hn = p->host;
331	if (tls_connect_socket(c->proxyctx, c->pfd, hn) == -1)
332		goto err;
333
334	c->proxyevset = 1;
335	event_set(&c->proxyev, c->pfd, EV_READ|EV_WRITE, proxy_handshake, c);
336	event_add(&c->proxyev, &handshake_timeout);
337
338	tls_config_free(conf);
339	return 0;
340
341err:
342	tls_config_free(conf);
343	if (c->proxyctx != NULL) {
344		tls_free(c->proxyctx);
345		c->proxyctx = NULL;
346	}
347	return -1;
348}
349
350int
351proxy_init(struct client *c)
352{
353	struct proxy *p = c->proxy;
354
355	if (!p->notls && proxy_setup_tls(c) == -1)
356		return -1;
357	else if (p->notls)
358		proxy_enqueue_req(c);
359
360	c->type = REQUEST_PROXY;
361
362	return 0;
363}