diff --git a/Makefile b/Makefile index f3dd345..9a6a908 100644 --- a/Makefile +++ b/Makefile @@ -63,7 +63,7 @@ bin/sesimos: bin/server.o bin/logger.o bin/cache_handler.o bin/async.o bin/worke bin/lib/http_static.o bin/res/default.o bin/res/proxy.o bin/res/style.o \ bin/res/icon_error.o bin/res/icon_info.o bin/res/icon_success.o bin/res/icon_warning.o \ bin/res/globe.o \ - bin/lib/compress.o bin/lib/config.o bin/lib/fastcgi.o bin/lib/geoip.o \ + bin/lib/compress.o bin/lib/config.o bin/lib/fastcgi.o bin/lib/geoip.o bin/lib/error.o \ bin/lib/http.o bin/lib/proxy.o bin/lib/sock.o bin/lib/uri.o \ bin/lib/utils.o bin/lib/websocket.o bin/lib/mpmc.o bin/lib/list.o $(CC) -o $@ $^ $(CFLAGS) $(LDFLAGS) @@ -99,6 +99,8 @@ bin/lib/config.o: src/lib/config.h src/lib/utils.h src/lib/uri.h src/logger.h bin/lib/fastcgi.o: src/lib/fastcgi.h src/server.h src/lib/utils.h src/lib/compress.h src/lib/http.h \ src/lib/uri.h src/lib/include/fastcgi.h src/logger.h +bin/lib/error.o: src/lib/error.h + bin/lib/geoip.o: src/lib/geoip.h bin/lib/http.o: src/lib/http.h src/lib/utils.h src/lib/compress.h src/lib/sock.h src/logger.h diff --git a/src/lib/error.c b/src/lib/error.c new file mode 100644 index 0000000..4915d55 --- /dev/null +++ b/src/lib/error.c @@ -0,0 +1,103 @@ +/** + * sesimos - secure, simple, modern web server + * @brief Error interface + * @file src/lib/error.c + * @author Lorenz Stechauner + * @date 2023-01-08 + */ + +#include "error.h" +#include "http.h" + +#include +#include +#include +#include + +static const char *error_ssl_strerror(int err) { + switch (err) { + case SSL_ERROR_ZERO_RETURN: + return "closed"; + case SSL_ERROR_WANT_READ: + return "want read"; + case SSL_ERROR_WANT_WRITE: + return "want write"; + case SSL_ERROR_WANT_CONNECT: + return "want connect"; + case SSL_ERROR_WANT_ACCEPT: + return "want accept"; + case SSL_ERROR_WANT_X509_LOOKUP: + return "want x509 lookup"; + case SSL_ERROR_WANT_ASYNC: + return "want async"; + case SSL_ERROR_WANT_ASYNC_JOB: + return "want async job"; + case SSL_ERROR_WANT_CLIENT_HELLO_CB: + return "want client hello callback"; + case SSL_ERROR_WANT_RETRY_VERIFY: + return "want retry verify"; + case SSL_ERROR_SSL: + return ERR_reason_error_string(ERR_get_error()); + default: + return "unknown error"; + } +} + +static const char *error_http_strerror(int err) { + switch (err) { + default: + return "unknown error"; + } +} + +const char *error_str(int err_no, char *buf, int buf_len) { + buf[0] = 0; + unsigned char mode = (unsigned char) (err_no >> 24); + int e = err_no & 0x00FFFFFF; + if (mode == 0x00) { + // normal + strerror_r(e, buf, buf_len); + return buf; + } else if (mode == 0x01) { + // ssl + return error_ssl_strerror(e); + } else if (mode == 0x02) { + // mmdb + return MMDB_strerror(e); + } else if (mode == 0x03) { + // http + return error_http_strerror(e); + } + return buf; +} + +void error_ssl(int err) { + if (err == SSL_ERROR_NONE) { + errno = 0; + } else if (err == SSL_ERROR_SYSCALL) { + // errno already set + } else { + errno = 0x01000000 | err; + } +} + +void error_mmdb(int err) { + if (err == MMDB_SUCCESS) { + errno = 0; + } else if (err == MMDB_IO_ERROR) { + // errno already set + } else { + errno = 0x02000000 | err; + } +} + +int error_http(int err) { + if (err == 0) { + errno = 0; + } else if (err == HTTP_ERROR_SYSCALL) { + // errno already set + } else { + errno = 0x03000000 | err; + } + return -1; +} diff --git a/src/lib/error.h b/src/lib/error.h new file mode 100644 index 0000000..afa5fdf --- /dev/null +++ b/src/lib/error.h @@ -0,0 +1,20 @@ +/** + * sesimos - secure, simple, modern web server + * @brief Error interface (header fie) + * @file src/lib/error.h + * @author Lorenz Stechauner + * @date 2023-01-08 + */ + +#ifndef SESIMOS_ERROR_H +#define SESIMOS_ERROR_H + +const char *error_str(int err_no, char *buf, int buf_len); + +void error_ssl(int err); + +void error_mmdb(int err); + +int error_http(int err); + +#endif //SESIMOS_ERROR_H diff --git a/src/lib/fastcgi.c b/src/lib/fastcgi.c index 8e2406f..29d31e3 100644 --- a/src/lib/fastcgi.c +++ b/src/lib/fastcgi.c @@ -593,7 +593,7 @@ int fastcgi_receive(fastcgi_cnx_t *conn, sock *client, unsigned long len) { while (rcv_len < len) { ret = sock_recv(client, buf, sizeof(buf), 0); if (ret <= 0) { - error("Unable to receive: %s", sock_strerror(client)); + error("Unable to receive"); return -1; } diff --git a/src/lib/geoip.c b/src/lib/geoip.c index 58b509e..5a26c17 100644 --- a/src/lib/geoip.c +++ b/src/lib/geoip.c @@ -8,6 +8,7 @@ #include "geoip.h" #include "../logger.h" +#include "error.h" #include #include @@ -101,7 +102,8 @@ int geoip_init(const char *directory) { sprintf(buf, "%s/%s", directory, entry->d_name); if ((status = MMDB_open(buf, 0, &mmdbs[i])) != MMDB_SUCCESS) { - critical("Unable to initialize geoip: Unable to open .mmdb file: %s", MMDB_strerror(status)); + error_mmdb(status); + critical("Unable to initialize geoip: Unable to open .mmdb file"); closedir(geoip_dir); return 1; } @@ -164,7 +166,8 @@ int geoip_lookup_json(struct sockaddr *addr, char *json, long len) { int mmdb_res; MMDB_lookup_result_s result = MMDB_lookup_sockaddr(&mmdbs[i], addr, &mmdb_res); if (mmdb_res != MMDB_SUCCESS) { - error("Unable to lookup geoip info: %s", MMDB_strerror(mmdb_res)); + error_mmdb(mmdb_res); + error("Unable to lookup geoip info"); continue; } else if (!result.found_entry) { continue; @@ -172,7 +175,8 @@ int geoip_lookup_json(struct sockaddr *addr, char *json, long len) { MMDB_entry_data_list_s *list; if ((mmdb_res = MMDB_get_entry_data_list(&result.entry, &list)) != MMDB_SUCCESS) { - error("Unable to lookup geoip info: %s", MMDB_strerror(mmdb_res)); + error_mmdb(mmdb_res); + error("Unable to lookup geoip info"); continue; } diff --git a/src/lib/http.c b/src/lib/http.c index 87a9777..aa7e0e7 100644 --- a/src/lib/http.c +++ b/src/lib/http.c @@ -227,7 +227,7 @@ int http_receive_request(sock *client, http_req *req) { rcv_len = sock_recv(client, buf, CLIENT_MAX_HEADER_SIZE - 1, MSG_PEEK); if (rcv_len <= 0) { - error("Unable to receive http header: %s", sock_strerror(client)); + error("Unable to receive http header"); return -1; } buf[rcv_len] = 0; diff --git a/src/lib/http.h b/src/lib/http.h index 03761b5..d4db0e2 100644 --- a/src/lib/http.h +++ b/src/lib/http.h @@ -45,6 +45,10 @@ #define HTTP_TYPE_CLIENT_ERROR 4 #define HTTP_TYPE_SERVER_ERROR 5 +#define HTTP_ERROR_GENERAL 1 +#define HTTP_ERROR_SYSCALL 2 +#define HTTP_ERROR_TOO_MANY_HEADER_FIELDS 3 + #ifndef SERVER_STR # define SERVER_STR "sesimos" #endif diff --git a/src/lib/proxy.c b/src/lib/proxy.c index 53ccc60..1a5623a 100644 --- a/src/lib/proxy.c +++ b/src/lib/proxy.c @@ -13,6 +13,7 @@ #include "utils.h" #include "compress.h" #include "config.h" +#include "error.h" #include #include @@ -293,7 +294,7 @@ int proxy_response_header(http_req *req, http_res *res, host_config_t *conf) { } int proxy_init(proxy_ctx_t **proxy_ptr, http_req *req, http_res *res, http_status_ctx *ctx, host_config_t *conf, sock *client, http_status *custom_status, char *err_msg) { - char buffer[CHUNK_SIZE]; + char buffer[CHUNK_SIZE], err_buf[256]; const char *connection, *upgrade, *ws_version; long ret; int tries = 0, retry = 0; @@ -360,8 +361,8 @@ int proxy_init(proxy_ctx_t **proxy_ptr, http_req *req, http_res *res, http_statu res->status = http_get_status(500); ctx->origin = INTERNAL; } - error("Unable to connect to [%s]:%i: %s", buffer, conf->proxy.port, strerror(errno)); - sprintf(err_msg, "Unable to connect to server: %s.", strerror(errno)); + error("Unable to connect to [%s]:%i", buffer, conf->proxy.port); + sprintf(err_msg, "Unable to connect to server: %s.", error_str(errno, err_buf, sizeof(err_buf))); goto proxy_err; } @@ -370,7 +371,7 @@ int proxy_init(proxy_ctx_t **proxy_ptr, http_req *req, http_res *res, http_statu res->status = http_get_status(500); ctx->origin = INTERNAL; error("Unable to set timeout for reverse proxy socket"); - sprintf(err_msg, "Unable to set timeout for reverse proxy socket: %s", strerror(errno)); + sprintf(err_msg, "Unable to set timeout for reverse proxy socket: %s", error_str(errno, err_buf, sizeof(err_buf))); goto proxy_err; } @@ -380,17 +381,15 @@ int proxy_init(proxy_ctx_t **proxy_ptr, http_req *req, http_res *res, http_statu SSL_set_connect_state(proxy->proxy.ssl); ret = SSL_do_handshake(proxy->proxy.ssl); - proxy->proxy._last_ret = ret; - proxy->proxy._errno = errno; - proxy->proxy._ssl_error = ERR_get_error(); - proxy->proxy.enc = 1; - if (ret < 0) { + if (ret != 1) { + error_ssl(SSL_get_error(proxy->proxy.ssl, (int) ret)); res->status = http_get_status(502); ctx->origin = SERVER_REQ; - error("Unable to perform handshake: %s", sock_strerror(&proxy->proxy)); - sprintf(err_msg, "Unable to perform handshake: %s.", sock_strerror(&proxy->proxy)); + error("Unable to perform handshake"); + sprintf(err_msg, "Unable to perform handshake: %s.", error_str(errno, err_buf, sizeof(err_buf))); goto proxy_err; } + proxy->proxy.enc = 1; } proxy->initialized = 1; @@ -425,8 +424,8 @@ int proxy_init(proxy_ctx_t **proxy_ptr, http_req *req, http_res *res, http_statu if (ret < 0) { res->status = http_get_status(502); ctx->origin = SERVER_REQ; - error("Unable to send request to server (1): %s", sock_strerror(&proxy->proxy)); - sprintf(err_msg, "Unable to send request to server: %s.", sock_strerror(&proxy->proxy)); + error("Unable to send request to server (1)"); + sprintf(err_msg, "Unable to send request to server: %s.", error_str(errno, err_buf, sizeof(err_buf))); retry = tries < 4; goto proxy_err; } @@ -446,15 +445,15 @@ int proxy_init(proxy_ctx_t **proxy_ptr, http_req *req, http_res *res, http_statu if (ret == -1) { res->status = http_get_status(502); ctx->origin = SERVER_REQ; - error("Unable to send request to server (2): %s", sock_strerror(&proxy->proxy)); - sprintf(err_msg, "Unable to send request to server: %s.", sock_strerror(&proxy->proxy)); + error("Unable to send request to server (2)"); + sprintf(err_msg, "Unable to send request to server: %s.", error_str(errno, err_buf, sizeof(err_buf))); retry = tries < 4; goto proxy_err; } else if (ret == -2) { res->status = http_get_status(400); ctx->origin = CLIENT_REQ; - error("Unable to receive request from client: %s", sock_strerror(client)); - sprintf(err_msg, "Unable to receive request from client: %s.", sock_strerror(client)); + error("Unable to receive request from client"); + sprintf(err_msg, "Unable to receive request from client: %s.", error_str(errno, err_buf, sizeof(err_buf))); return -1; } res->status = http_get_status(500); @@ -465,18 +464,16 @@ int proxy_init(proxy_ctx_t **proxy_ptr, http_req *req, http_res *res, http_statu ret = sock_recv(&proxy->proxy, buffer, sizeof(buffer), MSG_PEEK); if (ret <= 0) { - int enc_err = sock_enc_error(&proxy->proxy); - if (errno == EAGAIN || errno == EINPROGRESS || enc_err == SSL_ERROR_WANT_READ || - enc_err == SSL_ERROR_WANT_WRITE) - { + int enc_err = errno & 0x00FFFFFFFF; + if (errno == EAGAIN || errno == EINPROGRESS || enc_err == SSL_ERROR_WANT_READ || enc_err == SSL_ERROR_WANT_WRITE) { res->status = http_get_status(504); ctx->origin = SERVER_RES; } else { res->status = http_get_status(502); ctx->origin = SERVER_RES; } - error("Unable to receive response from server: %s", sock_strerror(&proxy->proxy)); - sprintf(err_msg, "Unable to receive response from server: %s.", sock_strerror(&proxy->proxy)); + error("Unable to receive response from server"); + sprintf(err_msg, "Unable to receive response from server: %s.", error_str(errno, err_buf, sizeof(err_buf))); retry = tries < 4; goto proxy_err; } @@ -595,7 +592,7 @@ int proxy_send(proxy_ctx_t *proxy, sock *client, unsigned long len_to_send, int if (ret == -1) { error("Unable to receive from server: Malformed chunk header"); } else { - error("Unable to receive from server: %s", sock_strerror(&proxy->proxy)); + error("Unable to receive from server"); } break; } @@ -615,7 +612,7 @@ int proxy_send(proxy_ctx_t *proxy, sock *client, unsigned long len_to_send, int unsigned long avail_in, avail_out; ret = sock_recv(&proxy->proxy, buffer, CHUNK_SIZE < (len_to_send - snd_len) ? CHUNK_SIZE : len_to_send - snd_len, 0); if (ret <= 0) { - error("Unable to receive from server: %s", sock_strerror(&proxy->proxy)); + error("Unable to receive from server"); break; } len = ret; @@ -646,7 +643,7 @@ int proxy_send(proxy_ctx_t *proxy, sock *client, unsigned long len_to_send, int if (flags & PROXY_CHUNKED) ret = sock_send(client, "\r\n", 2, 0); if (ret <= 0) { err: - error("Unable to send: %s", sock_strerror(client)); + error("Unable to send"); break; } } @@ -663,7 +660,7 @@ int proxy_send(proxy_ctx_t *proxy, sock *client, unsigned long len_to_send, int if (flags & PROXY_CHUNKED) { ret = sock_send(client, "0\r\n\r\n", 5, 0); if (ret <= 0) { - error("Unable to send: %s", sock_strerror(client)); + error("Unable to send"); return -1; } } diff --git a/src/lib/sock.c b/src/lib/sock.c index 4643a58..de3e68d 100644 --- a/src/lib/sock.c +++ b/src/lib/sock.c @@ -8,57 +8,14 @@ #include "sock.h" #include "utils.h" +#include "error.h" -#include +#include #include #include #include #include - -int sock_enc_error(sock *s) { - return (int) s->enc ? SSL_get_error(s->ssl, (int) s->_last_ret) : 0; -} - -const char *sock_strerror(sock *s) { - // FIXME sock_strerror not Thread Safe! - // (and ugly) - errno = 0; - if (s->_last_ret == 0) { - return "closed"; - } else if (s->enc) { - if (s->_last_ret > 0) { - return NULL; - } - const char *err1 = ERR_reason_error_string(s->_ssl_error); - const char *err2 = strerror(s->_errno); - switch (sock_enc_error(s)) { - case SSL_ERROR_NONE: - return NULL; - case SSL_ERROR_ZERO_RETURN: - return "closed"; - case SSL_ERROR_WANT_READ: - return "want read"; - case SSL_ERROR_WANT_WRITE: - return "want write"; - case SSL_ERROR_WANT_CONNECT: - return "want connect"; - case SSL_ERROR_WANT_ACCEPT: - return "want accept"; - case SSL_ERROR_WANT_X509_LOOKUP: - return "want x509 lookup"; - case SSL_ERROR_SYSCALL: - return ((s->_ssl_error == 0) ? ((s->_last_ret == 0) ? "protocol violation" : err2) : err1); - case SSL_ERROR_SSL: - return err1; - default: - return "unknown error"; - } - } else { - return strerror(s->_errno); - } -} - int sock_set_socket_timeout_micros(sock *s, long recv_micros, long send_micros) { struct timeval recv_to = {.tv_sec = recv_micros / 1000000, .tv_usec = recv_micros % 1000000}, send_to = {.tv_sec = send_micros / 1000000, .tv_usec = send_micros % 1000000}; @@ -92,12 +49,11 @@ long sock_send(sock *s, void *buf, unsigned long len, int flags) { long ret; if (s->enc) { ret = SSL_write(s->ssl, buf, (int) len); - s->_ssl_error = ERR_get_error(); + if (ret <= 0) error_ssl(SSL_get_error(s->ssl, (int) ret)); } else { ret = send(s->socket, buf, len, flags); } - s->_last_ret = ret; - s->_errno = errno; + if (ret >= 0) { s->ts_last = clock_micros(); return ret; @@ -111,12 +67,11 @@ long sock_recv(sock *s, void *buf, unsigned long len, int flags) { if (s->enc) { int (*func)(SSL*, void*, int) = (flags & MSG_PEEK) ? SSL_peek : SSL_read; ret = func(s->ssl, buf, (int) len); - s->_ssl_error = ERR_get_error(); + if (ret <= 0) error_ssl(SSL_get_error(s->ssl, (int) ret)); } else { ret = recv(s->socket, buf, len, flags); } - s->_last_ret = ret; - s->_errno = errno; + if (ret >= 0) { s->ts_last = clock_micros(); return ret; @@ -164,7 +119,7 @@ long sock_splice_chunked(sock *dst, sock *src, void *buf, unsigned long buf_len) int sock_close(sock *s) { int e = errno; if (s->enc && s->ssl != NULL) { - if (s->_last_ret >= 0) SSL_shutdown(s->ssl); + SSL_shutdown(s->ssl); SSL_free(s->ssl); s->ssl = NULL; } diff --git a/src/lib/sock.h b/src/lib/sock.h index 37e7cc2..cf4bcb2 100644 --- a/src/lib/sock.h +++ b/src/lib/sock.h @@ -24,15 +24,8 @@ typedef struct { SSL_CTX *ctx; SSL *ssl; long ts_start, ts_last, timeout_us; - long _last_ret; - int _errno; - unsigned long _ssl_error; } sock; -int sock_enc_error(sock *s); - -const char *sock_strerror(sock *s); - int sock_set_socket_timeout_micros(sock *s, long recv_micros, long send_micros); int sock_set_socket_timeout(sock *s, double sec); diff --git a/src/logger.c b/src/logger.c index df3c6c6..813ec79 100644 --- a/src/logger.c +++ b/src/logger.c @@ -8,6 +8,7 @@ #include "logger.h" #include "lib/utils.h" +#include "lib/error.h" #include #include @@ -59,8 +60,8 @@ static const char *level_keywords[] = { static void err(const char *restrict msg) { char err_buf[64]; - strerror_r(errno, err_buf, sizeof(err_buf)); - fprintf(stderr, ERR_STR LOG_PREFIX " %s: %s" CLR_STR "\n", "logger", level_keywords[LOG_CRITICAL], msg, err_buf); + fprintf(stderr, ERR_STR LOG_PREFIX " %s: %s" CLR_STR "\n", "logger", + level_keywords[LOG_CRITICAL], msg, error_str(errno, err_buf, sizeof(err_buf))); } void logmsgf(log_lvl_t level, const char *restrict format, ...) { @@ -71,8 +72,7 @@ void logmsgf(log_lvl_t level, const char *restrict format, ...) { const char *color = (level <= LOG_ERROR) ? ERR_STR : ((level <= LOG_WARNING) ? WRN_STR : ""); if (errno != 0) { - strerror_r(errno, err_buf, sizeof(err_buf)); - snprintf(buf, sizeof(buf), "%s%s: %s" CLR_STR, color, format, err_buf); + snprintf(buf, sizeof(buf), "%s%s: %s" CLR_STR, color, format, error_str(errno, err_buf, sizeof(err_buf))); } else { snprintf(buf, sizeof(buf), "%s%s" CLR_STR, color, format); } diff --git a/src/worker/request_handler.c b/src/worker/request_handler.c index c42f5ec..21f598a 100644 --- a/src/worker/request_handler.c +++ b/src/worker/request_handler.c @@ -75,7 +75,6 @@ static int request_handler(client_ctx_t *ctx) { sock *client = &ctx->socket; char *err_msg = ctx->err_msg; http_res *res = &ctx->res; - http_status_ctx *status = &ctx->status; long ret; char buf0[1024], buf1[1024]; @@ -353,7 +352,7 @@ int respond(client_ctx_t *ctx) { if (ctx->msg_buf != NULL) { ret = sock_send(client, ctx->msg_buf, ctx->content_length, 0); if (ret <= 0) { - error("Unable to send: %s", sock_strerror(client)); + error("Unable to send"); } } else if (ctx->file != NULL) { unsigned long len, snd_len = 0; @@ -364,7 +363,7 @@ int respond(client_ctx_t *ctx) { } ret = sock_send(client, buffer, len, feof(ctx->file) ? 0 : MSG_MORE); if (ret <= 0) { - error("Unable to send: %s", sock_strerror(client)); + error("Unable to send"); break; } snd_len += ret; diff --git a/src/worker/tcp_acceptor.c b/src/worker/tcp_acceptor.c index 12d4b37..decd649 100644 --- a/src/worker/tcp_acceptor.c +++ b/src/worker/tcp_acceptor.c @@ -12,6 +12,7 @@ #include "../lib/geoip.h" #include "../workers.h" #include "../server.h" +#include "../lib/error.h" #include #include @@ -63,7 +64,7 @@ static int tcp_acceptor(client_ctx_t *ctx) { sprintf(buf, "dig @%s +short +time=1 -x %s", config.dns_server, ctx->socket.addr); FILE *dig = popen(buf, "r"); if (dig == NULL) { - error("Unable to start dig: %s", strerror(errno)); + error("Unable to start dig: %s"); goto dig_err; } unsigned long read = fread(buf, 1, sizeof(buf), dig); @@ -101,11 +102,9 @@ static int tcp_acceptor(client_ctx_t *ctx) { SSL_set_accept_state(client->ssl); ret = SSL_accept(client->ssl); - client->_last_ret = ret; - client->_errno = errno; - client->_ssl_error = ERR_get_error(); - if (ret <= 0) { - info("Unable to perform handshake: %s", sock_strerror(client)); + if (ret != 1) { + error_ssl(SSL_get_error(client->ssl, ret)); + info("Unable to perform handshake"); return - 1; } client->ts_last = clock_micros();