lorenz.stechauner/sesimos
1
1
Fork 0
Code Issues Pull Requests Projects Releases Activity

Reverse proxy working

Browse Source
This commit is contained in:
Lorenz Stechauner
2021-01-07 21:58:45 +01:00
parent 785ab31890
commit 95946b1666
12 changed files with 515 additions and 387 deletions
Download Patch File Download Diff File Expand all files Collapse all files

340
src/client.c
View File

@ -18,10 +18,6 @@ char *client_addr_str, *client_addr_str_ptr, *server_addr_str, *server_addr_str_
*client_host_str, *client_geoip;
struct timeval client_timeout = {.tv_sec = CLIENT_TIMEOUT, .tv_usec = 0};
struct timeval server_timeout = {.tv_sec = SERVER_TIMEOUT, .tv_usec = 0};
int rev_proxy_sock = 0;
char *rev_proxy_host = NULL;
host_config *get_host_config(const char *host) {
for (int i = 0; i < MAX_HOST_CONFIG; i++) {
@ -43,7 +39,8 @@ int client_websocket_handler() {
int client_request_handler(sock *client, unsigned long client_num, unsigned int req_num) {
struct timespec begin, end;
int ret, client_keep_alive;
long ret;
int client_keep_alive;
char buf0[1024], buf1[1024];
char msg_buf[4096], msg_pre_buf[4096], err_msg[256];
char buffer[CHUNK_SIZE];
@ -106,7 +103,8 @@ int client_request_handler(sock *client, unsigned long client_num, unsigned int
}
hdr_connection = http_get_header_field(&req.hdr, "Connection");
client_keep_alive = hdr_connection != NULL && strcmp(hdr_connection, "keep-alive") == 0;
client_keep_alive = hdr_connection != NULL &&
(strcmp(hdr_connection, "keep-alive") == 0 || strcmp(hdr_connection, "Keep-Alive") == 0);
host_ptr = http_get_header_field(&req.hdr, "Host");
if (host_ptr != NULL && strlen(host_ptr) > 255) {
host[0] = 0;
@ -140,7 +138,8 @@ int client_request_handler(sock *client, unsigned long client_num, unsigned int
}
http_uri uri;
ret = uri_init(&uri, conf->local.webroot, req.uri, conf->local.dir_mode);
unsigned char dir_mode = conf->type == CONFIG_TYPE_LOCAL ? conf->local.dir_mode : URI_DIR_MODE_NO_VALIDATION;
ret = uri_init(&uri, conf->local.webroot, req.uri, dir_mode);
if (ret != 0) {
if (ret == 1) {
sprintf(err_msg, "Invalid URI: has to start with slash.");
@ -151,20 +150,22 @@ int client_request_handler(sock *client, unsigned long client_num, unsigned int
goto respond;
}
ssize_t size = sizeof(buf0);
url_decode(req.uri, buf0, &size);
int change_proto = strncmp(uri.uri, "/.well-known/", 13) != 0 && !client->enc;
if (strcmp(uri.uri, buf0) != 0 || change_proto) {
res.status = http_get_status(308);
size = sizeof(buf0);
encode_url(uri.uri, buf0, &size);
if (change_proto) {
sprintf(buf1, "https://%s%s", host, buf0);
http_add_header_field(&res.hdr, "Location", buf1);
} else {
http_add_header_field(&res.hdr, "Location", buf0);
if (dir_mode != URI_DIR_MODE_NO_VALIDATION) {
ssize_t size = sizeof(buf0);
url_decode(req.uri, buf0, &size);
int change_proto = strncmp(uri.uri, "/.well-known/", 13) != 0 && !client->enc;
if (strcmp(uri.uri, buf0) != 0 || change_proto) {
res.status = http_get_status(308);
size = sizeof(buf0);
encode_url(uri.uri, buf0, &size);
if (change_proto) {
sprintf(buf1, "https://%s%s", host, buf0);
http_add_header_field(&res.hdr, "Location", buf1);
} else {
http_add_header_field(&res.hdr, "Location", buf0);
}
goto respond;
}
goto respond;
}
if (conf->type == CONFIG_TYPE_LOCAL) {
@ -296,7 +297,7 @@ int client_request_handler(sock *client, unsigned long client_num, unsigned int
if (strcmp(req.method, "POST") == 0 || strcmp(req.method, "PUT") == 0) {
char *client_content_length = http_get_header_field(&req.hdr, "Content-Length");
unsigned long client_content_len = 0;
unsigned long client_content_len;
if (client_content_length == NULL) {
goto fastcgi_end;
}
@ -352,165 +353,8 @@ int client_request_handler(sock *client, unsigned long client_num, unsigned int
}
} else if (conf->type != CONFIG_TYPE_LOCAL) {
print("Reverse proxy for " BLD_STR "%s:%i" CLR_STR, conf->rev_proxy.hostname, conf->rev_proxy.port);
int tries = 0;
int off = 0;
if (rev_proxy_sock != 0 && rev_proxy_host == conf->name) {
goto rev_proxy;
} else if (rev_proxy_sock != 0) {
shutdown(rev_proxy_sock, SHUT_RDWR);
close(rev_proxy_sock);
rev_proxy_sock = 0;
}
rev_proxy_sock = socket(AF_INET6, SOCK_STREAM, 0);
if (rev_proxy_sock < 0) {
print(ERR_STR "Unable to create socket: %s" CLR_STR, strerror(errno));
res.status = http_get_status(500);
goto respond;
}
server_timeout.tv_sec = SERVER_TIMEOUT;
server_timeout.tv_usec = 0;
if (setsockopt(client->socket, SOL_SOCKET, SO_RCVTIMEO, &server_timeout, sizeof(server_timeout)) < 0)
goto rev_proxy_timeout_err;
if (setsockopt(client->socket, SOL_SOCKET, SO_SNDTIMEO, &server_timeout, sizeof(server_timeout)) < 0) {
rev_proxy_timeout_err:
res.status = http_get_status(502);
print(ERR_STR "Unable to set timeout for socket: %s" CLR_STR, strerror(errno));
sprintf(err_msg, "Unable to set timeout for socket: %s", strerror(errno));
goto proxy_err;
}
struct hostent *host_ent = gethostbyname(conf->rev_proxy.hostname);
if (host_ent == NULL) {
res.status = http_get_status(502);
print(ERR_STR "Unable to connect to server: Name or service not known" CLR_STR);
sprintf(err_msg, "Unable to connect to server: Name or service not known.");
goto proxy_err;
}
struct sockaddr_in6 address = {.sin6_family = AF_INET6, .sin6_port = htons(conf->rev_proxy.port)};
if (host_ent->h_addrtype == AF_INET6) {
memcpy(&address.sin6_addr, host_ent->h_addr_list[0], host_ent->h_length);
} else if (host_ent->h_addrtype == AF_INET) {
unsigned char addr[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF, 0, 0, 0, 0};
memcpy(addr + 12, host_ent->h_addr_list[0], host_ent->h_length);
memcpy(&address.sin6_addr, addr, 16);
}
if (connect(rev_proxy_sock, (struct sockaddr *) &address, sizeof(address)) < 0) {
res.status = http_get_status(502);
print(ERR_STR "Unable to connect to server: %s" CLR_STR, strerror(errno));
sprintf(err_msg, "Unable to connect to server: %s.", strerror(errno));
goto proxy_err;
}
rev_proxy_host = conf->name;
inet_ntop(address.sin6_family, (void *) &address.sin6_addr, buf0, sizeof(buf0));
print("Established new connection with " BLD_STR "[%s]:%i" CLR_STR, buf0, conf->rev_proxy.port);
rev_proxy:
off += sprintf(buffer + off, "%s %s HTTP/%s\r\n", req.method, req.uri, req.version);
for (int i = 0; i < req.hdr.field_num; i++) {
off += sprintf(buffer + off, "%s: %s\r\n", req.hdr.fields[i][0], req.hdr.fields[i][1]);
}
off += sprintf(buffer + off, "\r\n");
ret = send(rev_proxy_sock, buffer, off, 0);
if (ret < 0) {
res.status = http_get_status(502);
print(ERR_STR "Unable to send request to server: %s" CLR_STR, strerror(errno));
sprintf(err_msg, "Unable to send request to server: %s.", strerror(errno));
goto proxy_err;
} else if (ret != off) {
res.status = http_get_status(502);
print(ERR_STR "Unable to send request to server" CLR_STR);
sprintf(err_msg, "Unable to send response to server.");
goto proxy_err;
}
// TODO send request body
ret = recv(rev_proxy_sock, buffer, sizeof(buffer), MSG_PEEK);
if (ret < 0) {
res.status = http_get_status(502);
print(ERR_STR "Unable to receive response from server: %s" CLR_STR, strerror(errno));
sprintf(err_msg, "Unable to receive response from server: %s.", strerror(errno));
goto proxy_err;
}
char *buf = buffer;
unsigned short header_len = (unsigned short) (strstr(buffer, "\r\n\r\n") - buffer + 4);
if (header_len <= 0) {
res.status = http_get_status(502);
print(ERR_STR "Unable to parse header: End of header not found" CLR_STR);
sprintf(err_msg, "Unable to parser header: End of header not found.");
goto proxy_err;
}
for (int i = 0; i < header_len; i++) {
if ((buf[i] >= 0x00 && buf[i] <= 0x1F && buf[i] != '\r' && buf[i] != '\n') || buf[i] == 0x7F) {
res.status = http_get_status(502);
print(ERR_STR "Unable to parse header: Header contains illegal characters" CLR_STR);
sprintf(err_msg, "Unable to parse header: Header contains illegal characters.");
goto proxy_err;
}
}
char *ptr = buf;
while (header_len != (ptr - buf)) {
char *pos0 = strstr(ptr, "\r\n");
if (pos0 == NULL) {
res.status = http_get_status(502);
print(ERR_STR "Unable to parse header: Invalid header format" CLR_STR);
sprintf(err_msg, "Unable to parse header: Invalid header format.");
goto proxy_err;
}
if (ptr == buf) {
if (strncmp(ptr, "HTTP/", 5) != 0) {
res.status = http_get_status(502);
print(ERR_STR "Unable to parse header: Invalid header format" CLR_STR);
sprintf(err_msg, "Unable to parse header: Invalid header format.");
goto proxy_err;
}
int status_code = (int) strtol(ptr + 9, NULL, 10);
res.status = http_get_status(status_code);
if (res.status == NULL && status_code >= 100 && status_code <= 999) {
custom_status.code = status_code;
strcpy(custom_status.type, "");
strcpy(custom_status.msg, ptr + 13);
res.status = &custom_status;
} else if (res.status == NULL) {
res.status = http_get_status(502);
print(ERR_STR "Unable to parse header: Invalid or unknown status code" CLR_STR);
sprintf(err_msg, "Unable to parse header: Invalid or unknown status code.");
goto proxy_err;
}
} else {
ret = http_parse_header_field(&res.hdr, ptr, pos0);
if (ret != 0) {
res.status = http_get_status(502);
print(ERR_STR "Unable to parse header" CLR_STR);
sprintf(err_msg, "Unable to parse header.");
goto proxy_err;
}
}
if (pos0[2] == '\r' && pos0[3] == '\n') {
break;
}
ptr = pos0 + 2;
}
recv(rev_proxy_sock, buffer, header_len, 0);
use_rev_proxy = 1;
if (0) {
proxy_err:
print("Closing proxy connection");
shutdown(rev_proxy_sock, SHUT_RDWR);
close(rev_proxy_sock);
rev_proxy_sock = 0;
}
ret = rev_proxy_init(&req, &res, conf, client, &custom_status, err_msg);
use_rev_proxy = ret == 0;
} else {
print(ERR_STR "Unknown host type: %i" CLR_STR, conf->type);
res.status = http_get_status(501);
@ -544,7 +388,7 @@ int client_request_handler(sock *client, unsigned long client_num, unsigned int
http_add_header_field(&res.hdr, "Server", SERVER_STR);
}
char *conn = http_get_header_field(&res.hdr, "Connection");
int close_proxy = conn == NULL || strcmp(conn, "keep-alive") != 0;
int close_proxy = conn == NULL || (strcmp(conn, "keep-alive") != 0 && strcmp(conn, "Keep-Alive") != 0);
http_remove_header_field(&res.hdr, "Connection", HTTP_REMOVE_ALL);
http_remove_header_field(&res.hdr, "Keep-Alive", HTTP_REMOVE_ALL);
if (server_keep_alive && client_keep_alive) {
@ -559,46 +403,30 @@ int client_request_handler(sock *client, unsigned long client_num, unsigned int
clock_gettime(CLOCK_MONOTONIC, &end);
char *location = http_get_header_field(&res.hdr, "Location");
unsigned long micros = (end.tv_nsec - begin.tv_nsec) / 1000 + (end.tv_sec - begin.tv_sec) * 1000000;
print("%s%03i %s%s%s (%s)%s", http_get_status_color(res.status), res.status->code, res.status->msg,
location != NULL ? " -> " : "", location != NULL ? location : "", format_duration(micros, buf0), CLR_STR);
print("%s%s%03i %s%s%s (%s)%s", http_get_status_color(res.status), use_rev_proxy ? "-> " : "", res.status->code,
res.status->msg, location != NULL ? " -> " : "", location != NULL ? location : "",
format_duration(micros, buf0), CLR_STR);
if (strcmp(req.method, "HEAD") != 0) {
unsigned long snd_len = 0;
unsigned long len = 0;
unsigned long len;
if (msg_buf[0] != 0) {
while (snd_len < content_length) {
if (client->enc) {
ret = SSL_write(client->ssl, msg_buf, (int) (content_length - snd_len));
if (ret <= 0) {
print(ERR_STR "Unable to send: %s" CLR_STR, ssl_get_error(client->ssl, ret));
}
} else {
ret = send(client->socket, msg_buf, content_length - snd_len, 0);
if (ret <= 0) {
print(ERR_STR "Unable to send: %s" CLR_STR, strerror(errno));
}
}
if (ret <= 0) break;
snd_len += ret;
ret = sock_send(client, msg_buf, content_length, 0);
if (ret <= 0) {
print(ERR_STR "Unable to send: %s" CLR_STR, sock_strerror(client));
}
snd_len += ret;
} else if (file != NULL) {
while (snd_len < content_length) {
len = fread(buffer, 1, CHUNK_SIZE, file);
if (snd_len + len > content_length) {
len = content_length - snd_len;
}
if (client->enc) {
ret = SSL_write(client->ssl, buffer, (int) len);
if (ret <= 0) {
print(ERR_STR "Unable to send: %s" CLR_STR, ssl_get_error(client->ssl, ret));
}
} else {
ret = send(client->socket, buffer, len, 0);
if (ret <= 0) {
print(ERR_STR "Unable to send: %s" CLR_STR, strerror(errno));
}
sock_send(client, buffer, len, feof(file) ? 0 : MSG_MORE);
if (ret <= 0) {
print(ERR_STR "Unable to send: %s" CLR_STR, sock_strerror(client));
break;
}
if (ret <= 0) break;
snd_len += ret;
}
} else if (use_fastcgi) {
@ -616,80 +444,28 @@ int client_request_handler(sock *client, unsigned long client_num, unsigned int
if (content_len != NULL) {
len_to_send = strtol(content_len, NULL, 10);
}
do {
if (chunked) {
ret = recv(rev_proxy_sock, buf0, 16, MSG_PEEK);
if (ret < 0) {
print("Unable to receive: %s", strerror(errno));
break;
} else if (ret == 0) {
print("Unable to receive: closed");
break;
}
len_to_send = strtol(buf0, NULL, 16);
char *pos = strstr(buf0, "\r\n");
len = pos - buf0 + 2;
if (client->enc) {
ret = SSL_write(client->ssl, buf0, (int) len);
if (ret <= 0) goto snd_err_ssl;
} else {
ret = send(client->socket, buf0, len, 0);
if (ret <= 0) goto snd_err;
}
recv(rev_proxy_sock, buf1, len, 0);
if (ret <= 0) break;
}
snd_len = 0;
while (snd_len < len_to_send) {
len = recv(rev_proxy_sock, buffer, CHUNK_SIZE < (len_to_send - snd_len) ? CHUNK_SIZE : len_to_send - snd_len, 0);
if (client->enc) {
ret = SSL_write(client->ssl, buffer, (int) len);
if (ret <= 0) goto snd_err_ssl;
} else {
ret = send(client->socket, buffer, len, 0);
if (ret <= 0) goto snd_err;
}
if (ret <= 0) break;
snd_len += ret;
}
if (ret <= 0) break;
if (chunked) {
recv(rev_proxy_sock, buf0, 2, 0);
if (client->enc) {
ret = SSL_write(client->ssl, "\r\n", 2);
if (ret <= 0) {
snd_err_ssl:
print(ERR_STR "Unable to send: %s" CLR_STR, ssl_get_error(client->ssl, ret));
}
} else {
ret = send(client->socket, "\r\n", 2, 0);
if (ret <= 0) {
snd_err:
print(ERR_STR "Unable to send: %s" CLR_STR, strerror(errno));
}
}
if (ret <= 0) break;
}
} while (chunked && len_to_send > 0);
rev_proxy_send(client, chunked, len_to_send);
}
}
if (close_proxy && rev_proxy_sock != 0) {
print("Closing proxy connection");
shutdown(rev_proxy_sock, SHUT_RDWR);
close(rev_proxy_sock);
rev_proxy_sock = 0;
if (close_proxy && rev_proxy.socket != 0) {
print(BLUE_STR "Closing proxy connection" CLR_STR);
sock_close(&rev_proxy);
}
fflush(stdout);
clock_gettime(CLOCK_MONOTONIC, &end);
micros = (end.tv_nsec - begin.tv_nsec) / 1000 + (end.tv_sec - begin.tv_sec) * 1000000;
print("Transfer complete: %s", format_duration(micros, buf0));
uri_free(&uri);
abort:
if (php_fpm.socket != 0) close(php_fpm.socket);
if (php_fpm.socket != 0) {
shutdown(php_fpm.socket, SHUT_RDWR);
close(php_fpm.socket);
php_fpm.socket = 0;
}
http_free_req(&req);
http_free_res(&res);
if (client->buf != NULL) {
@ -802,8 +578,11 @@ int client_connection_handler(sock *client, unsigned long client_num) {
SSL_set_accept_state(client->ssl);
ret = SSL_accept(client->ssl);
client->_last_ret = ret;
client->_errno = errno;
client->_ssl_error = ERR_get_error();
if (ret <= 0) {
print(ERR_STR "Unable to perform handshake: %s" CLR_STR, ssl_get_error(client->ssl, ret));
print(ERR_STR "Unable to perform handshake: %s" CLR_STR, sock_strerror(client));
goto close;
}
}
@ -816,18 +595,11 @@ int client_connection_handler(sock *client, unsigned long client_num) {
}
close:
if (client->enc) {
SSL_shutdown(client->ssl);
SSL_free(client->ssl);
}
shutdown(client->socket, SHUT_RDWR);
close(client->socket);
sock_close(client);
if (rev_proxy_sock != 0) {
print("Closing proxy connection");
shutdown(rev_proxy_sock, SHUT_RDWR);
close(rev_proxy_sock);
rev_proxy_sock = 0;
if (rev_proxy.socket != 0) {
print(BLUE_STR "Closing proxy connection" CLR_STR);
sock_close(&rev_proxy);
}
clock_gettime(CLOCK_MONOTONIC, &end);