lorenz.stechauner/sesimos
1
1
Fork 0
Code Issues Pull Requests Projects Releases Activity

Compare commits

base: lorenz.stechauner:bd7306146287d5b7e9f7d83dddb2065a2cc4c1d7
Branches Tags
lorenz.stechauner:master lorenz.stechauner:stable-4 lorenz.stechauner:dev
lorenz.stechauner:v4.6 lorenz.stechauner:v4.5 lorenz.stechauner:v4.4 lorenz.stechauner:v4.3 lorenz.stechauner:v4.2 lorenz.stechauner:v4.1 lorenz.stechauner:v4.0 lorenz.stechauner:v3.0
..
compare: lorenz.stechauner:master
Branches Tags
lorenz.stechauner:master lorenz.stechauner:stable-4 lorenz.stechauner:dev
lorenz.stechauner:v4.6 lorenz.stechauner:v4.5 lorenz.stechauner:v4.4 lorenz.stechauner:v4.3 lorenz.stechauner:v4.2 lorenz.stechauner:v4.1 lorenz.stechauner:v4.0 lorenz.stechauner:v3.0

78 Commits
bd73061462 ... master

Author SHA1 Message Date
Lorenz Stechauner
c36ba8d3a5 logging: remove client host name 2025-09-28 17:59:09 +02:00
Lorenz Stechauner
3bc1faac39 request_handler: Initialize content_length and transferred_length 2025-09-28 17:52:55 +02:00
Lorenz Stechauner
151c4804fe Enhance logging 2025-09-28 17:48:11 +02:00
Lorenz Stechauner
e1a92729d2 async: Fix ASYNC_ERR overwrite 2025-09-26 15:11:38 +02:00
Lorenz Stechauner
72904c3ba9 Add log files 2025-09-26 15:07:21 +02:00
Lorenz Stechauner
be84c3048b Try to solve epoll critical errors 2025-09-26 11:36:54 +02:00
Lorenz Stechauner
73a469a7de Properly use Vary header 2025-08-17 20:45:00 +02:00
Lorenz Stechauner
a0d774c9a4 Fix caching behaviour 2025-08-17 20:15:14 +02:00
Lorenz Stechauner
28c6809768 server: Fix error handling in main loop 2025-08-14 21:35:14 +02:00
Lorenz Stechauner
e93c478cc3 uri: Change file priority to .xhtml, .html, .php 2024-06-24 14:08:21 +02:00
Lorenz Stechauner
1d0a545610 async: Check if SSL layer is ready 2024-06-07 11:54:50 +02:00
Lorenz Stechauner
fb67f7e9b0 proxy_handler: Honor Transfer-Encoding 2024-05-11 14:24:44 +02:00
Lorenz Stechauner
0dd9a9a843 Add XHTML support 2024-04-22 15:14:31 +02:00
Lorenz Stechauner
6eaf5f5776 local_handler: Only send 417 when value invalid 2024-02-07 15:37:53 +01:00
Lorenz Stechauner
75d36bb5bb Use correct color string 2024-02-07 15:34:21 +01:00
Lorenz Stechauner
c6da5413d4 Add logging for 100 Continue 2024-02-07 15:32:44 +01:00
Lorenz Stechauner
80d7626208 Implement Expect: 100-continue 2024-02-07 15:23:14 +01:00
Lorenz Stechauner
e97809253a local_handler: Return early when not static 2024-02-07 11:55:17 +01:00
Lorenz Stechauner
b26e80f18a sock: Add handling for want read/write 2024-02-06 23:33:24 +01:00
Lorenz Stechauner
90b20d40d8 Add SSL_MODE_ENABLE_PARTIAL_WRITE to ssl context 2024-02-06 23:08:10 +01:00
Lorenz Stechauner
34b860073c utils: Add application/sql as text 2024-01-05 18:24:04 +01:00
Lorenz Stechauner
5d6bd07cfd websocket: Fix WebSocket upgrade 2024-01-04 01:25:44 +01:00
Lorenz Stechauner
2a2c1ea442 socket: Honor EAGAIN for socket operations 2023-11-19 21:27:42 +01:00
Lorenz Stechauner
fee4cc808a fastcgi: Add FIXME 2023-09-28 22:49:33 +02:00
Lorenz Stechauner
0232331f99 Fix reverse proxy timeout issues 2023-09-08 02:51:57 +02:00
Lorenz Stechauner
62b631c862 Fix FastCGI Non-Chunked bug 2023-09-08 02:18:52 +02:00
Lorenz Stechauner
0f526d7b95 Fix FastCGI error handling 2023-07-13 23:18:10 +02:00
Lorenz Stechauner
642286a838 Async: lock queue and make volatile 2023-07-11 18:15:15 +02:00
Lorenz Stechauner
91a8959c8d Add FIXME for pipe overflow 2023-07-11 02:12:26 +02:00
Lorenz Stechauner
197756bf15 Fix typo 2023-07-11 02:12:12 +02:00
Lorenz Stechauner
f4697ce0f3 Fix typo 2023-07-11 01:57:48 +02:00
Lorenz Stechauner
72c2e24050 Small improvements in async 2023-07-11 01:51:47 +02:00
Lorenz Stechauner
745509cab1 Add debug message when joining mpmc workers 2023-07-11 01:50:36 +02:00
Lorenz Stechauner
35d3612d9b Cleanup on request timeout 2023-07-11 01:50:00 +02:00
Lorenz Stechauner
37671546ef Handle EBADF in async 2023-07-08 13:38:19 +02:00
Lorenz Stechauner
beec199192 Add debug messages to terminate_gracefully() 2023-07-08 01:10:07 +02:00
Lorenz Stechauner
afa0196277 Async: ignore ENOENT errors on remove 2023-07-08 01:05:18 +02:00
Lorenz Stechauner
29a0775bf5 Update proxy 504/502 error codes responses (3) 2023-07-07 22:30:03 +02:00
Lorenz Stechauner
46d661d5f3 Update proxy 504/502 error codes responses (2) 2023-07-07 22:24:40 +02:00
Lorenz Stechauner
9ec1c1c3a2 Update proxy 504/502 error codes responses 2023-07-07 22:23:15 +02:00
Lorenz Stechauner
d6b315c91c Update proxy closing behaviour 2023-07-07 22:13:47 +02:00
Lorenz Stechauner
fd2abf9804 Handle EEXIST in async 2023-07-07 22:04:33 +02:00
Lorenz Stechauner
ddb6623651 Handle connection closures from proxy peers in async 2023-07-07 21:56:38 +02:00
Lorenz Stechauner
ef3e8475fb Honor Connection: closed received from reverse proxy peers 2023-07-07 21:30:56 +02:00
Lorenz Stechauner
0cd63ff5e9 Fix typos 2023-07-07 21:28:07 +02:00
Lorenz Stechauner
de3fcf8fc3 Honor proxy server timeout with one second buffer 2023-07-06 17:15:53 +02:00
Lorenz Stechauner
0f40dcb5db Fix proxy_close to keep value of in_use 2023-07-06 14:57:06 +02:00
Lorenz Stechauner
b7c8db01ac Fix proxy locking by adding volatile keyword to in_use 2023-07-06 12:03:08 +02:00
Lorenz Stechauner
b6c9d7330d Free proxy connection slot when upgrading to WebSocket connection 2023-07-06 01:34:23 +02:00
Lorenz Stechauner
c59977dada Fix proxy unlocking 2023-07-06 00:29:12 +02:00
Lorenz Stechauner
77f0eeda6d Fix spacing 2023-07-06 00:20:27 +02:00
Lorenz Stechauner
371bff0d07 Fix async and FastCGI timeout issues 2023-07-05 23:19:40 +02:00
Lorenz Stechauner
2e3146f69a Fix FastCGI fds default value 2023-07-05 13:11:49 +02:00
Lorenz Stechauner
733b73760c Fix payload usage in first FastCGI frame 2023-07-05 12:52:53 +02:00
Lorenz Stechauner
a9fbd21f80 Add todo and fix comments 2023-07-05 00:42:06 +02:00
Lorenz Stechauner
52ebad201f Fix sock_had_pending for pipe 2023-07-04 22:00:09 +02:00
Lorenz Stechauner
7fe4abd379 Improve proxy error handling 2023-07-04 21:40:40 +02:00
Lorenz Stechauner
56427e3003 Close ssl also when enc is not set in socket 2023-07-04 21:16:27 +02:00
Lorenz Stechauner
914aa2d341 Fix socket.h sock_init() definition 2023-07-03 00:03:27 +02:00
Lorenz Stechauner
db4bca6f13 Enlarge log message buffer from 16 to 256 2023-07-02 22:54:54 +02:00
Lorenz Stechauner
f1ba02756a Output selected proxy slot 2023-07-02 22:52:12 +02:00
Lorenz Stechauner
0b68c67982 Fix proxy try-loop 2023-07-02 17:45:53 +02:00
Lorenz Stechauner
cb04af739c Fix nextcloud issues 2023-07-02 13:50:07 +02:00
Lorenz Stechauner
cd25120362 Update reverse proxy message 2023-07-02 12:42:12 +02:00
Lorenz Stechauner
13d6e30d01 Fix proxy loop 2023-07-02 12:21:26 +02:00
Lorenz Stechauner
04f13c49af Unset socket now is -1 instead of 0 2023-07-02 12:21:00 +02:00
Lorenz Stechauner
9aee302f6c Rename timeout to http_timeout 2023-07-02 00:14:39 +02:00
Lorenz Stechauner
44e3b1332f Add first steps to honor timeout from server as proxy 2023-07-01 21:50:33 +02:00
Lorenz Stechauner
808ebdb0a0 Add http_add_to_header_fiel() 2023-07-01 21:19:27 +02:00
Lorenz Stechauner
31cd2e7e73 Fix FastCGI segfault error 2023-07-01 20:21:21 +02:00
Lorenz Stechauner
bd8e71e83d Rename fcgi_cnx to fcgi_ctx in client struct 2023-07-01 20:13:51 +02:00
Lorenz Stechauner
9aaa28f1ca Update php-fpm version 2023-07-01 19:26:20 +02:00
Lorenz Stechauner
73e0cffa78 Hide .inc and .inc.php files 2023-01-30 23:00:56 +01:00
Lorenz Stechauner
6f0371c46f Use getaddrinfo/getnameinfo instead of deprecated methods 2023-01-29 20:31:27 +01:00
Lorenz Stechauner
ad6ffe5425 Use file descriptor in sock_set_socket_timeout_micros() 2023-01-29 11:57:37 +01:00
Lorenz Stechauner
ab7e5cc722 Remove dns_server directive 2023-01-29 11:55:32 +01:00
Lorenz Stechauner
40310faa4b Update error to support getaddrinfo 2023-01-29 11:38:48 +01:00
Lorenz Stechauner
7a3adc6ed3 Remove gotos from proxy.c 2023-01-26 18:06:53 +01:00
36 changed files with 945 additions and 425 deletions
Expand all files Collapse all files

5
Makefile
View File

@@ -3,7 +3,7 @@ CC=gcc
CFLAGS=-std=gnu11 -Wno-unused-but-set-variable -D_DEFAULT_SOURCE -D_GNU_SOURCE -D_BSD_SOURCE -D_SVID_SOURCE -D_POSIX_C_SOURCE=200809L
LDFLAGS=-pthread -lssl -lcrypto -lmagic -lz -lmaxminddb -lbrotlienc
DEBIAN_OPTS=-D CACHE_MAGIC_FILE="\"/usr/share/file/magic.mgc\"" -D PHP_FPM_SOCKET="\"/var/run/php/php7.4-fpm.sock\""
DEBIAN_OPTS=-D CACHE_MAGIC_FILE="\"/usr/share/file/magic.mgc\"" -D PHP_FPM_SOCKET="\"/var/run/php/php8.2-fpm.sock\""
.PHONY: all prod debug default debian permit clean test
all: prod
@@ -59,6 +59,7 @@ bin/res/%.txt: res/%.*
bin/sesimos: bin/server.o bin/logger.o bin/cache_handler.o bin/async.o bin/workers.o \
bin/worker/request_handler.o bin/worker/tcp_acceptor.o \
bin/worker/fastcgi_handler.o bin/worker/local_handler.o bin/worker/proxy_handler.o \
bin/worker/proxy_peer_handler.o \
bin/worker/ws_frame_handler.o bin/worker/chunk_handler.o bin/worker/fastcgi_frame_handler.o \
bin/lib/http_static.o bin/res/default.o bin/res/proxy.o bin/res/style.o \
bin/res/icon_error.o bin/res/icon_info.o bin/res/icon_success.o bin/res/icon_warning.o \
@@ -90,6 +91,8 @@ bin/worker/local_handler.o: src/worker/func.h
bin/worker/proxy_handler.o: src/worker/func.h
bin/worker/proxy_peer_handler.o: src/worker/func.h
bin/worker/ws_frame_handler.o: src/worker/func.h
bin/worker/fastcgi_frame_handler.o: src/worker/func.h

1
README.md
View File

@@ -27,7 +27,6 @@ See [doc/example.conf](doc/example.conf) for more details.
### Global directives
* `geoip_dir` (optional) - path to a directory containing GeoIP databases
* `dns_server` (optional) - address of a DNS server
### Configuration

91
src/async.c
View File

@@ -19,6 +19,7 @@
#include <pthread.h>
#include <semaphore.h>
#include <unistd.h>
#include <openssl/ssl.h>
#define ASYNC_MAX_EVENTS 16
@@ -38,7 +39,7 @@ typedef struct {
evt_listen_t *q[ASYNC_MAX_EVENTS];
} listen_queue_t;
static listen_queue_t listen1, listen2, *listen_q = &listen1;
static volatile listen_queue_t listen1, listen2, *listen_q = &listen1;
static volatile sig_atomic_t alive = 1;
static pthread_t thread = -1;
static sem_t lock;
@@ -49,6 +50,13 @@ static short async_a2p(async_evt_t events) {
if (events & ASYNC_IN) ret |= POLLIN;
if (events & ASYNC_PRI) ret |= POLLPRI;
if (events & ASYNC_OUT) ret |= POLLOUT;
if (events & ASYNC_ERR_) ret |= POLLERR;
if (events & ASYNC_HUP) ret |= POLLHUP;
if (events & ASYNC_RDNORM) ret |= POLLRDNORM;
if (events & ASYNC_RDBAND) ret |= POLLRDBAND;
if (events & ASYNC_WRNORM) ret |= POLLWRNORM;
if (events & ASYNC_WRBAND) ret |= POLLWRBAND;
if (events & ASYNC_MSG) ret |= POLLMSG;
return ret;
}
@@ -57,6 +65,13 @@ static unsigned int async_a2e(async_evt_t events) {
if (events & ASYNC_IN) ret |= EPOLLIN;
if (events & ASYNC_PRI) ret |= EPOLLPRI;
if (events & ASYNC_OUT) ret |= EPOLLOUT;
if (events & ASYNC_ERR_) ret |= EPOLLERR;
if (events & ASYNC_HUP) ret |= EPOLLHUP;
if (events & ASYNC_RDNORM) ret |= EPOLLRDNORM;
if (events & ASYNC_RDBAND) ret |= EPOLLRDBAND;
if (events & ASYNC_WRNORM) ret |= EPOLLWRNORM;
if (events & ASYNC_WRBAND) ret |= EPOLLWRBAND;
if (events & ASYNC_MSG) ret |= EPOLLMSG;
return ret;
}
@@ -65,8 +80,13 @@ static async_evt_t async_p2a(short events) {
if (events & POLLIN) ret |= ASYNC_IN;
if (events & POLLPRI) ret |= ASYNC_PRI;
if (events & POLLOUT) ret |= ASYNC_OUT;
if (events & POLLERR) ret |= ASYNC_ERR;
if (events & POLLERR) ret |= ASYNC_ERR_;
if (events & POLLHUP) ret |= ASYNC_HUP;
if (events & POLLRDNORM) ret |= ASYNC_RDNORM;
if (events & POLLRDBAND) ret |= ASYNC_RDBAND;
if (events & POLLWRNORM) ret |= ASYNC_WRNORM;
if (events & POLLWRBAND) ret |= ASYNC_WRBAND;
if (events & POLLMSG) ret |= ASYNC_MSG;
return ret;
}
@@ -75,11 +95,24 @@ static async_evt_t async_e2a(unsigned int events) {
if (events & EPOLLIN) ret |= ASYNC_IN;
if (events & EPOLLPRI) ret |= ASYNC_PRI;
if (events & EPOLLOUT) ret |= ASYNC_OUT;
if (events & EPOLLERR) ret |= ASYNC_ERR;
if (events & EPOLLERR) ret |= ASYNC_ERR_;
if (events & EPOLLHUP) ret |= ASYNC_HUP;
if (events & EPOLLRDNORM) ret |= ASYNC_RDNORM;
if (events & EPOLLRDBAND) ret |= ASYNC_RDBAND;
if (events & EPOLLWRNORM) ret |= ASYNC_WRNORM;
if (events & EPOLLWRBAND) ret |= ASYNC_WRBAND;
if (events & EPOLLMSG) ret |= ASYNC_MSG;
return ret;
}
static short async_e2p(unsigned int events) {
return async_a2p(async_e2a(events));
}
static unsigned int async_p2e(short events) {
return async_a2e(async_p2a(events));
}
static int async_add_to_queue(evt_listen_t *evt) {
while (sem_wait(&lock) != 0) {
if (errno == EINTR) {
@@ -108,7 +141,7 @@ static int async_exec(evt_listen_t *evt, async_evt_t r_events) {
int ret, e = errno;
if (r_events & evt->events) {
// specified event(s) occurred
if (evt->socket && !sock_has_pending(evt->socket)) {
if (!(evt->flags & ASYNC_IGNORE_PENDING) && evt->socket && !sock_has_pending(evt->socket, 0)) {
evt->err_cb(evt->arg);
ret = 0;
} else {
@@ -135,6 +168,11 @@ static int async_check(evt_listen_t *evt) {
}};
// check, if fd is already ready
if (evt->events & ASYNC_IN && evt->socket && evt->socket->enc && SSL_pending(evt->socket->ssl) > 0) {
// ssl layer already ready
if (async_exec(evt, ASYNC_IN) == 0)
return 1;
}
switch (poll(fds, 1, 0)) {
case 1:
// fd already ready
@@ -215,7 +253,7 @@ void async_thread(void) {
struct epoll_event ev, events[ASYNC_MAX_EVENTS];
int num_fds;
long ts, min_ts, cur_ts;
listen_queue_t *l;
volatile listen_queue_t *l;
evt_listen_t **local;
if ((local = list_create(sizeof(evt_listen_t *), 16)) == NULL) {
@@ -228,8 +266,18 @@ void async_thread(void) {
// main event loop
while (alive) {
// swap listen queue
while (sem_wait(&lock) != 0) {
if (errno == EINTR) {
errno = 0;
continue;
} else {
critical("Unable to lock async queue");
return;
}
}
l = listen_q;
listen_q = (listen_q == &listen1) ? &listen2 : &listen1;
sem_post(&lock);
// fill local list and epoll instance with previously added queue entries
for (int i = 0; i < l->n; i++) {
@@ -243,7 +291,25 @@ void async_thread(void) {
ev.events = async_a2e(evt->events);
ev.data.ptr = evt;
if (epoll_ctl(epoll_fd, EPOLL_CTL_ADD, evt->fd, &ev) == -1) {
while (epoll_ctl(epoll_fd, EPOLL_CTL_ADD, evt->fd, &ev) == -1) {
if (errno == EEXIST) {
// fd already exists, delete old one
warning("Unable to add file descriptor to epoll instance");
errno = 0;
if (epoll_ctl(epoll_fd, EPOLL_CTL_DEL, evt->fd, NULL) != -1)
continue;
} else if (errno == EBADF || errno == EPERM) {
// fd probably already closed or does not support epoll somehow
// FIXME should not happen
warning("Unable to add file descriptor to epoll instance");
errno = 0;
local = list_delete(local, &evt);
if (local == NULL) {
critical("Unable to resize async local list");
return;
}
break;
}
critical("Unable to add file descriptor to epoll instance");
return;
}
@@ -256,12 +322,13 @@ void async_thread(void) {
min_ts = -1000, cur_ts = clock_micros();
for (int i = 0; i < list_size(local); i++) {
evt_listen_t *evt = local[i];
if (!evt->socket) continue;
if (!evt->socket || evt->socket->timeout_us < 0) continue;
ts = evt->socket->ts_last + evt->socket->timeout_us - cur_ts;
if (min_ts == -1000 || ts < min_ts) min_ts = ts;
}
// epoll is used in level-triggered mode, so buffers are taken into account
if ((num_fds = epoll_wait(epoll_fd, events, ASYNC_MAX_EVENTS, (int) (min_ts / 1000))) == -1) {
if (errno == EINTR) {
// interrupt
@@ -281,8 +348,8 @@ void async_thread(void) {
if (async_exec(evt, async_e2a(events[i].events)) == 0) {
logger_set_prefix("");
if (epoll_ctl(epoll_fd, EPOLL_CTL_DEL, evt->fd, NULL) == -1) {
if (errno == EBADF) {
// already closed fd, do not die
if (errno == EBADF || errno == ENOENT || errno == EPERM) {
// already closed, fd not found, or fd does not support epoll, anyway do not die
errno = 0;
} else {
critical("Unable to remove file descriptor from epoll instance");
@@ -307,12 +374,12 @@ void async_thread(void) {
evt_listen_t *evt = local[i];
if (!evt->socket) continue;
if ((cur_ts - evt->socket->ts_last) >= evt->socket->timeout_us) {
if (evt->socket->timeout_us >= 0 && (cur_ts - evt->socket->ts_last) >= evt->socket->timeout_us) {
evt->to_cb(evt->arg);
if (epoll_ctl(epoll_fd, EPOLL_CTL_DEL, evt->fd, NULL) == -1) {
if (errno == EBADF) {
// already closed fd, do not die
if (errno == EBADF || errno == ENOENT || errno == EPERM) {
// already closed, fd not found, or fd does not support epoll, anyway do not die
errno = 0;
} else {
critical("Unable to remove file descriptor from epoll instance");

16
src/async.h
View File

@@ -12,12 +12,18 @@
#include "lib/sock.h"
#define ASYNC_KEEP 1
#define ASYNC_IGNORE_PENDING 2
#define ASYNC_IN 0x01
#define ASYNC_PRI 0x02
#define ASYNC_OUT 0x04
#define ASYNC_ERR 0x08
#define ASYNC_HUP 0x10
#define ASYNC_IN 0x001
#define ASYNC_PRI 0x002
#define ASYNC_OUT 0x004
#define ASYNC_ERR_ 0x008
#define ASYNC_HUP 0x010
#define ASYNC_RDNORM 0x040
#define ASYNC_RDBAND 0x080
#define ASYNC_WRNORM 0x100
#define ASYNC_WRBAND 0x200
#define ASYNC_MSG 0x400
#define ASYNC_WAIT_READ ASYNC_IN
#define ASYNC_WAIT_WRITE ASYNC_OUT

4
src/cache_handler.c
View File

@@ -75,6 +75,10 @@ static void magic_mime_type(const char *restrict filename, char *buf) {
strcpy(buf, "application/javascript");
sem_post(&sem_magic);
return;
} else if (strends(filename, ".xhtml")) {
strcpy(buf, "application/xhtml+xml");
sem_post(&sem_magic);
return;
}
}

3
src/lib/config.c
View File

@@ -61,9 +61,6 @@ static int config_parse_line(char *line, char *section, int *i, int *j) {
if (len > 10 && strncmp(ptr, "geoip_dir", 9) == 0 && (ptr[9] == ' ' || ptr[9] == '\t')) {
source = ptr + 9;
target = config.geoip_dir;
} else if (len > 11 && strncmp(ptr, "dns_server", 10) == 0 && (ptr[10] == ' ' || ptr[10] == '\t')) {
source = ptr + 10;
target = config.dns_server;
} else {
return -1;
}

1
src/lib/config.h
View File

@@ -53,7 +53,6 @@ typedef struct {
host_config_t hosts[CONFIG_MAX_HOST_CONFIG];
cert_config_t certs[CONFIG_MAX_CERT_CONFIG];
char geoip_dir[256];
char dns_server[256];
} config_t;
extern config_t config;

28
src/lib/error.c
View File

@@ -11,6 +11,7 @@
#include <errno.h>
#include <string.h>
#include <netdb.h>
extern const char *sock_error_str(unsigned long err);
extern const char *http_error_str(int err);
@@ -29,23 +30,14 @@ static unsigned long error_decompress(int err) {
const char *error_str(int err_no, char *buf, int buf_len) {
buf[0] = 0;
unsigned char mode = (unsigned char) (err_no >> 24);
int e = err_no & 0x00FFFFFF;
if (mode == 0x00) {
// normal
return strerror_r(e, buf, buf_len);
} else if (mode == 0x01) {
// ssl
return sock_error_str(error_decompress(e));
} else if (mode == 0x02) {
// ssl err
return ERR_reason_error_string(error_decompress(e));
} else if (mode == 0x03) {
// mmdb
return MMDB_strerror(e);
} else if (mode == 0x04) {
// http
return http_error_str(e);
switch (err_no >> 24) {
case 0x00: return strerror_r(e, buf, buf_len);
case 0x01: return sock_error_str(error_decompress(e));
case 0x02: return ERR_reason_error_string(error_decompress(e));
case 0x03: return MMDB_strerror(e);
case 0x04: return http_error_str(e);
case 0x05: return gai_strerror(e);
}
return buf;
}
@@ -66,6 +58,10 @@ void error_http(int err) {
errno = 0x04000000 | err;
}
void error_gai(int err) {
errno = 0x05000000 | err;
}
static int error_get(unsigned char prefix) {
return (errno >> 24 != prefix) ? 0 : errno & 0x00FFFFFF;
}

2
src/lib/error.h
View File

@@ -19,6 +19,8 @@ void error_mmdb(int err);
void error_http(int err);
void error_gai(int err);
int error_get_sys();
int error_get_ssl();

54
src/lib/fastcgi.c
View File

@@ -77,11 +77,14 @@ int fastcgi_send_data(fastcgi_cnx_t *cnx, unsigned char type, unsigned short len
int fastcgi_init(fastcgi_cnx_t *conn, int mode, unsigned int req_num, const sock *client, const http_req *req, const http_uri *uri) {
conn->mode = mode;
conn->header_sent = 0;
conn->req_id = (req_num + 1) & 0xFFFF;
conn->webroot = uri->webroot;
conn->err = NULL;
conn->fd_err_bytes = 0;
sock_init(&conn->out, 0, SOCK_PIPE);
conn->fd_out = -1;
conn->fd_err = -1;
sock_init(&conn->out, -1, SOCK_PIPE);
conn->socket.enc = 0;
if ((conn->socket.socket = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) {
@@ -95,7 +98,7 @@ int fastcgi_init(fastcgi_cnx_t *conn, int mode, unsigned int req_num, const sock
}
if (connect(conn->socket.socket, (struct sockaddr *) &sock_addr, sizeof(sock_addr)) != 0) {
error("Unable to connect to unix socket of FastCGI socket");
error("Unable to connect to FastCGI (unix) socket");
return -1;
}
@@ -192,6 +195,7 @@ int fastcgi_init(fastcgi_cnx_t *conn, int mode, unsigned int req_num, const sock
conn->fd_out = pipes[1][1];
conn->out.socket = pipes[1][0];
sock_set_timeout(&conn->out, FASTCGI_TIMEOUT);
conn->fd_err = pipes[0][1];
conn->err = fdopen(pipes[0][0], "r");
@@ -204,11 +208,13 @@ int fastcgi_close_cnx(fastcgi_cnx_t *cnx) {
if (cnx->err) fclose(cnx->err);
cnx->err = NULL;
if (cnx->socket.socket) sock_close(&cnx->socket);
sock_close(&cnx->socket);
sock_close(&cnx->out);
close(cnx->fd_err);
close(cnx->fd_out);
if (cnx->fd_err != -1) close(cnx->fd_err);
if (cnx->fd_out != -1) close(cnx->fd_out);
cnx->fd_err = -1;
cnx->fd_out = -1;
errno = e;
return 0;
@@ -225,6 +231,7 @@ int fastcgi_php_error(fastcgi_cnx_t *cnx, char *err_msg) {
log_lvl_t msg_type = LOG_INFO;
// FIXME php fastcgi sends multiple calls with '; ' as delimiter
for (long ret; cnx->fd_err_bytes > 0 && (ret = getline(&line, &line_len, cnx->err)) != -1; cnx->fd_err_bytes -= ret) {
if (ret > 0) line[ret - 1] = 0;
line_ptr = line;
@@ -274,7 +281,36 @@ int fastcgi_recv_frame(fastcgi_cnx_t *cnx) {
if (header.type == FCGI_STDOUT || header.type == FCGI_STDERR) {
char buf[256];
if (header.type == FCGI_STDOUT) {
if (header.type == FCGI_STDOUT && !cnx->header_sent) {
char content[256 * 256];
if (sock_recv_x(&cnx->socket, content, content_len + header.paddingLength, 0) == -1)
return -1;
char *h_pos = strstr(content, "\r\n\r\n");
long header_len = h_pos - content + 4;
if (h_pos != NULL) {
uint64_t len;
len = header_len;
if (write(cnx->fd_out, &len, sizeof(len)) == -1)
return -1;
if (write(cnx->fd_out, content, len) == -1)
return -1;
cnx->header_sent = 1;
len = content_len - header_len;
if (len > 0) {
if (write(cnx->fd_out, &len, sizeof(len)) == -1)
return -1;
if (write(cnx->fd_out, content + header_len, len) == -1)
return -1;
}
return header.type;
}
} else if (header.type == FCGI_STDOUT) {
uint64_t len = content_len;
if (write(cnx->fd_out, &len, sizeof(len)) == -1)
return -1;
@@ -286,6 +322,7 @@ int fastcgi_recv_frame(fastcgi_cnx_t *cnx) {
cnx->fd_err_bytes += content_len + 1;
}
for (long ret, sent = 0; sent < content_len; sent += ret) {
// FIXME if pipe is full thread gets stuck
if ((ret = splice(cnx->socket.socket, 0, fd, 0, content_len - sent, 0)) == -1) {
if (errno == EINTR) {
errno = 0, ret = 0;
@@ -320,11 +357,6 @@ int fastcgi_recv_frame(fastcgi_cnx_t *cnx) {
return header.type;
}
long fastcgi_send(fastcgi_cnx_t *cnx, sock *client) {
char buf[CHUNK_SIZE];
return sock_splice_all(client, &cnx->out, buf, sizeof(buf));
}
int fastcgi_header(fastcgi_cnx_t *cnx, http_res *res, char *err_msg) {
long ret, len;
char content[CLIENT_MAX_HEADER_SIZE];

2
src/lib/fastcgi.h
View File

@@ -13,6 +13,7 @@
#include "http.h"
#include "uri.h"
#define FASTCGI_SOCKET_TIMEOUT 1
#define FASTCGI_TIMEOUT 3600
#define FASTCGI_BACKEND_PHP 1
@@ -23,6 +24,7 @@
typedef struct {
int mode;
unsigned char header_sent:1;
sock socket, out;
int fd_err, fd_out;
long fd_err_bytes;

27
src/lib/http.c
View File

@@ -15,6 +15,8 @@
#include <string.h>
#include <errno.h>
void http_append_to_header_field(http_field *field, const char *value, unsigned long len);
static int http_error(int err) {
if (err == 0) {
errno = 0;
@@ -307,6 +309,15 @@ int http_add_header_field_len(http_hdr *hdr, const char *name, unsigned long nam
return 0;
}
int http_add_to_header_field(http_hdr *hdr, const char *field_name, const char *field_value) {
int field_num = http_get_header_field_num(hdr, field_name);
if (field_num == -1)
return http_add_header_field(hdr, field_name, field_value);
http_append_to_header_field(&hdr->fields[field_num], field_value, strlen(field_value));
return 0;
}
void http_append_to_header_field(http_field *field, const char *value, unsigned long len) {
if (field->type == HTTP_FIELD_NORMAL) {
unsigned long total_len = strlen(field->normal.value) + len + 1;
@@ -376,6 +387,14 @@ int http_send_request(sock *server, http_req *req) {
return 0;
}
int http_send_100_continue(sock *client) {
char buf[256];
char date_buf[64];
int size = sprintf(buf, "HTTP/1.1 100 Continue\r\nDate: %s\r\nServer: " SERVER_STR "\r\n\r\n",
http_get_date(date_buf, sizeof(date_buf)));
return sock_send_x(client, buf, size, 0) == -1 ? -1 : 0;
}
const http_status *http_get_status(status_code_t status_code) {
for (int i = 0; i < http_statuses_size; i++) {
if (http_statuses[i].code == status_code) {
@@ -449,3 +468,11 @@ int http_get_compression(const http_req *req, const http_res *res) {
}
return 0;
}
long http_get_keep_alive_timeout(http_hdr *hdr) {
const char *keep_alive = http_get_header_field(hdr, "Keep-Alive");
if (!keep_alive) return -1;
const char *timeout = strstr(keep_alive, "timeout=");
if (!timeout) return -1;
return strtol(timeout + 8, NULL, 10);
}

6
src/lib/http.h
View File

@@ -166,7 +166,7 @@ int http_add_header_field(http_hdr *hdr, const char *field_name, const char *fie
int http_add_header_field_len(http_hdr *hdr, const char *name, unsigned long name_len, const char *value, unsigned long value_len);
void http_append_to_header_field(http_field *field, const char *value, unsigned long len);
int http_add_to_header_field(http_hdr *hdr, const char *field_name, const char *field_value);
void http_remove_header_field(http_hdr *hdr, const char *field_name, int mode);
@@ -174,6 +174,8 @@ int http_send_response(sock *client, http_res *res);
int http_send_request(sock *server, http_req *req);
int http_send_100_continue(sock *client);
const http_status *http_get_status(status_code_t status_code);
const http_status_msg *http_get_error_msg(status_code_t status_code);
@@ -188,4 +190,6 @@ const http_doc_info *http_get_status_info(status_code_t status_code);
int http_get_compression(const http_req *req, const http_res *res);
long http_get_keep_alive_timeout(http_hdr *hdr);
#endif //SESIMOS_HTTP_H

1
src/lib/mpmc.c
View File

@@ -149,6 +149,7 @@ void mpmc_destroy(mpmc_t *ctx) {
mpmc_stop(ctx);
for (int i = 0; i < ctx->n_workers; i++) {
if (ctx->workers[i] == -1) break;
debug("Waiting for worker %s/%i to finish...", ctx->name, i);
pthread_kill(ctx->workers[i], SIGUSR1);
pthread_join(ctx->workers[i], NULL);
}

339
src/lib/proxy.c
View File

@@ -19,7 +19,6 @@
#include <errno.h>
#include <openssl/err.h>
#include <arpa/inet.h>
#include <netdb.h>
#include <semaphore.h>
static SSL_CTX *proxy_ctx = NULL;
@@ -138,11 +137,20 @@ proxy_ctx_t *proxy_get_by_conf(host_config_t *conf) {
return NULL;
}
void proxy_unlock_ctx(proxy_ctx_t *ctx) {
int proxy_unlock_ctx(proxy_ctx_t *ctx) {
int n = (int) ((ctx - proxies) / MAX_PROXY_CNX_PER_HOST);
if (ctx->close) proxy_close(ctx);
debug("Released proxy connection slot %i/%i", (ctx - proxies) % MAX_PROXY_CNX_PER_HOST, MAX_PROXY_CNX_PER_HOST);
ctx->in_use = 0;
ctx->client = NULL;
sem_post(&available[n]);
if (!ctx->close) {
return 1;
} else {
ctx->close = 0;
return 0;
}
}
int proxy_request_header(http_req *req, sock *sock) {
@@ -300,85 +308,39 @@ int proxy_response_header(http_req *req, http_res *res, host_config_t *conf) {
return 0;
}
int proxy_init(proxy_ctx_t **proxy_ptr, http_req *req, http_res *res, http_status_ctx *ctx, host_config_t *conf, sock *client, http_status *custom_status, char *err_msg) {
char buffer[CHUNK_SIZE], err_buf[256];
const char *connection, *upgrade, *ws_version;
long ret;
int tries = 0, retry = 0;
static int proxy_connect(proxy_ctx_t *proxy, host_config_t *conf, http_res *res, http_status_ctx *ctx, char *err_msg) {
char err_buf[256], addr_buf[1024];
*proxy_ptr = proxy_get_by_conf(conf);
proxy_ctx_t *proxy = *proxy_ptr;
proxy->client = NULL;
if (proxy->initialized && sock_has_pending(&proxy->proxy) == 0)
goto proxy;
retry:
if (proxy->initialized)
proxy_close(proxy);
retry = 0;
tries++;
info(BLUE_STR "Connecting to " BLD_STR "[%s]:%i" CLR_STR BLUE_STR "...", conf->proxy.hostname, conf->proxy.port);
int fd;
if ((fd = socket(AF_INET6, SOCK_STREAM, 0)) == -1) {
error("Unable to create socket");
res->status = http_get_status(500);
ctx->origin = INTERNAL;
return -1;
}
sock_init(&proxy->proxy, fd, 0);
if (sock_set_socket_timeout(&proxy->proxy, 1) != 0 || sock_set_timeout(&proxy->proxy, SERVER_TIMEOUT_INIT) != 0)
goto proxy_timeout_err;
struct hostent *host_ent = gethostbyname2(conf->proxy.hostname, AF_INET6);
if (host_ent == NULL) {
host_ent = gethostbyname2(conf->proxy.hostname, AF_INET);
if (host_ent == NULL) {
res->status = http_get_status(502);
ctx->origin = SERVER_REQ;
error("Unable to connect to server: Name or service not known");
sprintf(err_msg, "Unable to connect to server: Name or service not known.");
goto proxy_err;
}
}
struct sockaddr_in6 address = {.sin6_family = AF_INET6, .sin6_port = htons(conf->proxy.port)};
if (host_ent->h_addrtype == AF_INET6) {
memcpy(&address.sin6_addr, host_ent->h_addr_list[0], host_ent->h_length);
} else if (host_ent->h_addrtype == AF_INET) {
unsigned char addr[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF, 0, 0, 0, 0};
memcpy(addr + 12, host_ent->h_addr_list[0], host_ent->h_length);
memcpy(&address.sin6_addr, addr, 16);
}
inet_ntop(address.sin6_family, (void *) &address.sin6_addr, buffer, sizeof(buffer));
info(BLUE_STR "Connecting to " BLD_STR "[%s]:%i" CLR_STR BLUE_STR "...", buffer, conf->proxy.port);
if (connect(proxy->proxy.socket, (struct sockaddr *) &address, sizeof(address)) < 0) {
if (errno == ETIMEDOUT || errno == EINPROGRESS) {
if ((fd = sock_connect(conf->proxy.hostname, conf->proxy.port, SERVER_SOCKET_TIMEOUT_INIT, addr_buf, sizeof(addr_buf))) == -1) {
if (errno == ETIMEDOUT || errno == EINPROGRESS || errno == EHOSTDOWN || errno == EHOSTUNREACH) {
res->status = http_get_status(504);
ctx->origin = SERVER_REQ;
} else if (errno == ECONNREFUSED) {
res->status = http_get_status(502);
ctx->origin = SERVER_REQ;
} else if (errno == ECONNABORTED || errno == ECONNRESET) {
res->status = http_get_status(502);
ctx->origin = SERVER_RES;
} else {
res->status = http_get_status(500);
ctx->origin = INTERNAL;
}
error("Unable to connect to [%s]:%i", buffer, conf->proxy.port);
error("Unable to connect to [%s]:%i", addr_buf, conf->proxy.port);
sprintf(err_msg, "Unable to connect to server: %s.", error_str(errno, err_buf, sizeof(err_buf)));
goto proxy_err;
return -1;
}
sock_init(&proxy->proxy, fd, 0);
if (sock_set_timeout(&proxy->proxy, SERVER_TIMEOUT) != 0) {
proxy_timeout_err:
res->status = http_get_status(500);
ctx->origin = INTERNAL;
error("Unable to set timeout for reverse proxy socket");
sprintf(err_msg, "Unable to set timeout for reverse proxy socket: %s", error_str(errno, err_buf, sizeof(err_buf)));
goto proxy_err;
return -1;
}
if (conf->proxy.enc) {
@@ -386,14 +348,16 @@ int proxy_init(proxy_ctx_t **proxy_ptr, http_req *req, http_res *res, http_statu
SSL_set_fd(proxy->proxy.ssl, proxy->proxy.socket);
SSL_set_connect_state(proxy->proxy.ssl);
int ret;
if ((ret = SSL_do_handshake(proxy->proxy.ssl)) != 1) {
sock_error(&proxy->proxy, (int) ret);
SSL_free(proxy->proxy.ssl);
proxy->proxy.ssl = NULL;
res->status = http_get_status(502);
ctx->origin = SERVER_REQ;
error("Unable to perform handshake");
sprintf(err_msg, "Unable to perform handshake: %s.", error_str(errno, err_buf, sizeof(err_buf)));
goto proxy_err;
return -1;
}
proxy->proxy.enc = 1;
}
@@ -401,13 +365,27 @@ int proxy_init(proxy_ctx_t **proxy_ptr, http_req *req, http_res *res, http_statu
proxy->initialized = 1;
proxy->cnx_s = clock_micros();
proxy->host = conf->name;
info(BLUE_STR "Established new connection with " BLD_STR "[%s]:%i", buffer, conf->proxy.port);
proxy->http_timeout = 0;
proxy:
connection = http_get_header_field(&req->hdr, "Connection");
info(BLUE_STR "Established new connection with " BLD_STR "[%s]:%i" CLR_STR BLUE_STR " (slot %i/%i)",
addr_buf, conf->proxy.port, (proxy - proxies) % MAX_PROXY_CNX_PER_HOST, MAX_PROXY_CNX_PER_HOST);
return 0;
}
int proxy_init(proxy_ctx_t **proxy_ptr, http_req *req, http_res *res, http_status_ctx *ctx, host_config_t *conf, sock *client, http_status *custom_status, char *err_msg) {
char buffer[CHUNK_SIZE], err_buf[256];
long ret;
*proxy_ptr = proxy_get_by_conf(conf);
proxy_ctx_t *proxy = *proxy_ptr;
proxy->client = NULL;
debug("Selected proxy connection slot %i/%i", (proxy - proxies) % MAX_PROXY_CNX_PER_HOST, MAX_PROXY_CNX_PER_HOST);
const char *connection = http_get_header_field(&req->hdr, "Connection");
if (strcontains(connection, "upgrade") || strcontains(connection, "Upgrade")) {
upgrade = http_get_header_field(&req->hdr, "Upgrade");
ws_version = http_get_header_field(&req->hdr, "Sec-WebSocket-Version");
const char *upgrade = http_get_header_field(&req->hdr, "Upgrade");
const char *ws_version = http_get_header_field(&req->hdr, "Sec-WebSocket-Version");
if (streq(upgrade, "websocket") && streq(ws_version, "13")) {
ctx->ws_key = http_get_header_field(&req->hdr, "Sec-WebSocket-Key");
} else {
@@ -427,48 +405,163 @@ int proxy_init(proxy_ctx_t **proxy_ptr, http_req *req, http_res *res, http_statu
return -1;
}
ret = http_send_request(&proxy->proxy, req);
if (ret < 0) {
res->status = http_get_status(502);
ctx->origin = SERVER_REQ;
error("Unable to send request to server (1)");
sprintf(err_msg, "Unable to send request to server: %s.", error_str(errno, err_buf, sizeof(err_buf)));
retry = tries < 4;
goto proxy_err;
}
for (int retry = 1, srv_error = 0, tries = 0;; tries++) {
errno = 0;
if (!retry)
return -1;
const char *content_length = http_get_header_field(&req->hdr, "Content-Length");
unsigned long content_len = content_length != NULL ? strtoul(content_length, NULL, 10) : 0;
const char *transfer_encoding = http_get_header_field(&req->hdr, "Transfer-Encoding");
// honor server timeout with one second buffer
if (!proxy->initialized || srv_error ||
(proxy->http_timeout > 0 && (clock_micros() - proxy->proxy.ts_last_send) >= proxy->http_timeout) ||
sock_has_pending(&proxy->proxy, SOCK_DONTWAIT))
{
if (proxy->initialized)
proxy_close(proxy);
ret = 0;
if (content_len > 0) {
ret = sock_splice(&proxy->proxy, client, buffer, sizeof(buffer), content_len);
} else if (strcontains(transfer_encoding, "chunked")) {
ret = sock_splice_chunked(&proxy->proxy, client, buffer, sizeof(buffer), SOCK_CHUNKED);
}
retry = 0;
srv_error = 0;
tries++;
if (ret < 0 || (content_len != 0 && ret != content_len)) {
if (ret == -1 && errno != EPROTO) {
if (proxy_connect(proxy, conf, res, ctx, err_msg) != 0)
continue;
}
ret = http_send_request(&proxy->proxy, req);
if (ret < 0) {
res->status = http_get_status(502);
ctx->origin = SERVER_REQ;
error("Unable to send request to server (2)");
error("Unable to send request to server (1)");
sprintf(err_msg, "Unable to send request to server: %s.", error_str(errno, err_buf, sizeof(err_buf)));
retry = tries < 4;
goto proxy_err;
} else if (ret == -1) {
res->status = http_get_status(400);
ctx->origin = CLIENT_REQ;
error("Unable to receive request from client");
sprintf(err_msg, "Unable to receive request from client: %s.", error_str(errno, err_buf, sizeof(err_buf)));
srv_error = 1;
continue;
}
break;
}
const char *client_expect = http_get_header_field(&req->hdr, "Expect");
int expect_100_continue = (client_expect != NULL && strcasecmp(client_expect, "100-continue") == 0);
int ignore_content = 0;
if (expect_100_continue) {
http_res tmp_res = {
.version = "1.1",
.status = http_get_status(501),
};
if (http_init_hdr(&tmp_res.hdr) != 0) {
res->status = http_get_status(500);
ctx->origin = INTERNAL;
error("Unable to initialize http header");
return -1;
}
ret = proxy_peek_response(proxy, &tmp_res, ctx, custom_status, err_msg);
http_free_hdr(&tmp_res.hdr);
if (ret < 0)
return (int) ret;
if (tmp_res.status->code == 100) {
if (sock_recv_x(&proxy->proxy, buffer, ret, 0) == -1) {
res->status = http_get_status(502);
ctx->origin = SERVER_RES;
error("Unable to receive from server");
return -1;
}
info("%s -> %03i %s%s", http_get_status_color(tmp_res.status->code), tmp_res.status->code, tmp_res.status->msg, CLR_STR);
if (http_send_response(client, &tmp_res) != 0) {
res->status = http_get_status(400);
ctx->origin = CLIENT_RES;
error("Unable to send to client");
return -1;
}
} else {
ignore_content = 1;
}
}
if (!ignore_content) {
const char *content_length = http_get_header_field(&req->hdr, "Content-Length");
unsigned long content_len = content_length != NULL ? strtoul(content_length, NULL, 10) : 0;
const char *transfer_encoding = http_get_header_field(&req->hdr, "Transfer-Encoding");
ret = 0;
if (content_len > 0) {
ret = sock_splice(&proxy->proxy, client, buffer, sizeof(buffer), content_len);
} else if (strcontains(transfer_encoding, "chunked")) {
ret = sock_splice_chunked(&proxy->proxy, client, buffer, sizeof(buffer), SOCK_CHUNKED);
}
if (ret < 0 || (content_len != 0 && ret != content_len)) {
if (ret == -1 && errno != EPROTO) {
res->status = http_get_status(502);
ctx->origin = SERVER_REQ;
error("Unable to send request to server (2)");
sprintf(err_msg, "Unable to send request to server: %s.", error_str(errno, err_buf, sizeof(err_buf)));
return -1;
} else if (ret == -1) {
res->status = http_get_status(400);
ctx->origin = CLIENT_REQ;
error("Unable to receive request from client");
sprintf(err_msg, "Unable to receive request from client: %s.", error_str(errno, err_buf, sizeof(err_buf)));
return -1;
}
res->status = http_get_status(500);
ctx->origin = INTERNAL;
error("Unknown Error");
return -1;
}
}
if (sock_set_socket_timeout(&proxy->proxy, SERVER_SOCKET_TIMEOUT_RES) != 0) {
res->status = http_get_status(500);
ctx->origin = INTERNAL;
error("Unknown Error");
error("Unable to set timeout for reverse proxy socket");
return -1;
}
while (1) {
ret = proxy_peek_response(proxy, res, ctx, custom_status, err_msg);
if (ret < 0) {
return (int) ret;
} else if (sock_recv_x(&proxy->proxy, buffer, ret, 0) == -1) {
res->status = http_get_status(502);
ctx->origin = SERVER_RES;
error("Unable to receive from server");
return -1;
}
if (res->status->code == 100) {
info("%s -> %03i %s%s", http_get_status_color(res->status->code), res->status->code, res->status->msg, CLR_STR);
if (http_send_response(client, res) != 0) {
res->status = http_get_status(400);
ctx->origin = CLIENT_RES;
error("Unable to send to client");
return -1;
}
} else {
break;
}
}
long keep_alive_timeout = http_get_keep_alive_timeout(&res->hdr);
proxy->http_timeout = (keep_alive_timeout > 0) ? keep_alive_timeout * 1000000 : 0;
connection = http_get_header_field(&res->hdr, "Connection");
proxy->close = !streq(res->version, "1.1") || strcontains(connection, "close") || strcontains(connection, "Close");
ret = proxy_response_header(req, res, conf);
if (ret != 0) {
res->status = http_get_status(500);
ctx->origin = INTERNAL;
return -1;
}
return 0;
}
int proxy_peek_response(proxy_ctx_t *proxy, http_res *res, http_status_ctx *ctx, http_status *custom_status, char *err_msg) {
char buffer[CHUNK_SIZE], err_buf[256];
long ret;
ret = sock_recv(&proxy->proxy, buffer, sizeof(buffer) - 1, MSG_PEEK);
if (ret <= 0) {
int e_sys = error_get_sys(), e_ssl = error_get_ssl();
@@ -481,11 +574,17 @@ int proxy_init(proxy_ctx_t **proxy_ptr, http_req *req, http_res *res, http_statu
}
error("Unable to receive response from server");
sprintf(err_msg, "Unable to receive response from server: %s.", error_str(errno, err_buf, sizeof(err_buf)));
retry = tries < 4;
goto proxy_err;
return -1;
}
buffer[ret] = 0;
if (sock_set_socket_timeout(&proxy->proxy, SOCKET_TIMEOUT) != 0) {
res->status = http_get_status(500);
ctx->origin = INTERNAL;
error("Unable to set timeout for reverse proxy socket");
return -1;
}
char *buf = buffer;
unsigned short header_len = (unsigned short) (strstr(buffer, "\r\n\r\n") - buffer + 4);
@@ -494,7 +593,7 @@ int proxy_init(proxy_ctx_t **proxy_ptr, http_req *req, http_res *res, http_statu
ctx->origin = SERVER_RES;
error("Unable to parse header: End of header not found");
sprintf(err_msg, "Unable to parser header: End of header not found.");
goto proxy_err;
return -2;
}
for (int i = 0; i < header_len; i++) {
@@ -503,7 +602,7 @@ int proxy_init(proxy_ctx_t **proxy_ptr, http_req *req, http_res *res, http_statu
ctx->origin = SERVER_RES;
error("Unable to parse header: Header contains illegal characters");
sprintf(err_msg, "Unable to parse header: Header contains illegal characters.");
goto proxy_err;
return -2;
}
}
@@ -515,7 +614,7 @@ int proxy_init(proxy_ctx_t **proxy_ptr, http_req *req, http_res *res, http_statu
ctx->origin = SERVER_RES;
error("Unable to parse header: Invalid header format");
sprintf(err_msg, "Unable to parse header: Invalid header format.");
goto proxy_err;
return -2;
}
if (ptr == buf) {
if (!strstarts(ptr, "HTTP/")) {
@@ -523,7 +622,7 @@ int proxy_init(proxy_ctx_t **proxy_ptr, http_req *req, http_res *res, http_statu
ctx->origin = SERVER_RES;
error("Unable to parse header: Invalid header format");
sprintf(err_msg, "Unable to parse header: Invalid header format.");
goto proxy_err;
return -2;
}
int status_code = (int) strtol(ptr + 9, NULL, 10);
res->status = http_get_status(status_code);
@@ -538,7 +637,7 @@ int proxy_init(proxy_ctx_t **proxy_ptr, http_req *req, http_res *res, http_statu
ctx->origin = SERVER_RES;
error("Unable to parse header: Invalid or unknown status code");
sprintf(err_msg, "Unable to parse header: Invalid or unknown status code.");
goto proxy_err;
return -2;
}
} else {
if (http_parse_header_field(&res->hdr, ptr, pos0, 0) != 0) {
@@ -546,7 +645,7 @@ int proxy_init(proxy_ctx_t **proxy_ptr, http_req *req, http_res *res, http_statu
ctx->origin = SERVER_RES;
error("Unable to parse header");
sprintf(err_msg, "Unable to parse header.");
goto proxy_err;
return -2;
}
}
if (pos0[2] == '\r' && pos0[3] == '\n') {
@@ -554,28 +653,15 @@ int proxy_init(proxy_ctx_t **proxy_ptr, http_req *req, http_res *res, http_statu
}
ptr = pos0 + 2;
}
sock_recv_x(&proxy->proxy, buffer, header_len, 0);
ret = proxy_response_header(req, res, conf);
if (ret != 0) {
res->status = http_get_status(500);
ctx->origin = INTERNAL;
return -1;
}
return 0;
proxy_err:
errno = 0;
if (retry) goto retry;
return -1;
return header_len;
}
int proxy_send(proxy_ctx_t *proxy, sock *client, unsigned long len_to_send, int flags) {
long proxy_send(proxy_ctx_t *proxy, sock *client, unsigned long len_to_send, int flags) {
long ret;
char buffer[CHUNK_SIZE];
if (sock_splice(client, &proxy->proxy, buffer, sizeof(buffer), len_to_send) == -1)
if ((ret = sock_splice(client, &proxy->proxy, buffer, sizeof(buffer), len_to_send)) == -1)
return -1;
return 0;
return ret;
}
int proxy_dump(proxy_ctx_t *proxy, char *buf, long len) {
@@ -594,11 +680,16 @@ void proxy_close(proxy_ctx_t *ctx) {
if (ctx->initialized) {
ctx->cnx_e = clock_micros();
char buf[32];
info(BLUE_STR "Closing proxy connection (%s)", format_duration(ctx->cnx_e - ctx->cnx_s, buf));
info(BLUE_STR "Closing proxy connection %i/%i (%s)",
(ctx - proxies) % MAX_PROXY_CNX_PER_HOST, MAX_PROXY_CNX_PER_HOST,
format_duration(ctx->cnx_e - ctx->cnx_s, buf));
}
sock_close(&ctx->proxy);
memset(ctx, 0, sizeof(*ctx));
ctx->initialized = 0;
ctx->http_timeout = 0;
ctx->cnx_e = 0, ctx->cnx_s = 0;
ctx->client = NULL;
ctx->host = NULL;
errno = 0;
}

9
src/lib/proxy.h
View File

@@ -19,9 +19,10 @@
#include "config.h"
typedef struct {
unsigned char initialized:1, in_use:1;
volatile unsigned char initialized:1, in_use:1, close:1;
sock proxy;
long cnx_s, cnx_e;
long http_timeout;
char *host;
void *client;
} proxy_ctx_t;
@@ -34,7 +35,7 @@ void proxy_close_all(void);
proxy_ctx_t *proxy_get_by_conf(host_config_t *conf);
void proxy_unlock_ctx(proxy_ctx_t *ctx);
int proxy_unlock_ctx(proxy_ctx_t *ctx);
int proxy_request_header(http_req *req, sock *sock);
@@ -42,7 +43,9 @@ int proxy_response_header(http_req *req, http_res *res, host_config_t *conf);
int proxy_init(proxy_ctx_t **proxy, http_req *req, http_res *res, http_status_ctx *ctx, host_config_t *conf, sock *client, http_status *custom_status, char *err_msg);
int proxy_send(proxy_ctx_t *proxy, sock *client, unsigned long len_to_send, int flags);
int proxy_peek_response(proxy_ctx_t *proxy, http_res *res, http_status_ctx *ctx, http_status *custom_status, char *err_msg);
long proxy_send(proxy_ctx_t *proxy, sock *client, unsigned long len_to_send, int flags);
int proxy_dump(proxy_ctx_t *proxy, char *buf, long len);

141
src/lib/sock.c
View File

@@ -9,6 +9,7 @@
#include "sock.h"
#include "utils.h"
#include "error.h"
#include "../logger.h"
#include <errno.h>
#include <openssl/ssl.h>
@@ -18,8 +19,9 @@
#include <openssl/err.h>
#include <sys/ioctl.h>
#include <fcntl.h>
#include <netdb.h>
static void ssl_error(unsigned long err) {
static void sock_ssl_error(unsigned long err) {
if (err == SSL_ERROR_NONE) {
errno = 0;
} else if (err == SSL_ERROR_SYSCALL) {
@@ -32,7 +34,18 @@ static void ssl_error(unsigned long err) {
}
void sock_error(sock *s, int ret) {
ssl_error(SSL_get_error(s->ssl, ret));
sock_ssl_error(SSL_get_error(s->ssl, ret));
}
int sock_gai_error(int ret) {
if (ret == 0) {
errno = 0;
} else if (ret == EAI_SYSTEM) {
// errno already set
} else {
error_gai(ret);
}
return -1;
}
const char *sock_error_str(unsigned long err) {
@@ -73,26 +86,109 @@ int sock_init(sock *s, int fd, int flags) {
s->pipe = !!(flags & SOCK_PIPE);
s->ts_start = clock_micros();
s->ts_last = s->ts_start;
s->ts_last_send = s->ts_last;
s->timeout_us = -1;
s->ssl = NULL;
s->addr = NULL;
s->s_addr = NULL;
return 0;
}
int sock_set_socket_timeout_micros(sock *s, long recv_micros, long send_micros) {
int sock_connect(const char *hostname, unsigned short port, double timeout_sec, char *addr_buf, size_t addr_buf_size) {
char buf[INET6_ADDRSTRLEN + 1];
int ret, fd, e = 0;
long timeout_micros = (long) (timeout_sec * 1000000L);
struct addrinfo *result, *rp,
hints = {
.ai_family = AF_UNSPEC,
.ai_socktype = SOCK_STREAM,
.ai_protocol = 0,
.ai_flags = 0,
};
if (addr_buf && addr_buf_size > 1)
addr_buf[0] = 0;
if ((ret = getaddrinfo(hostname, NULL, &hints, &result)) != 0)
return sock_gai_error(ret);
for (rp = result; rp != NULL; rp = rp->ai_next) {
switch (rp->ai_family) {
case AF_INET:
((struct sockaddr_in *) rp->ai_addr)->sin_port = htons(port);
inet_ntop(rp->ai_family, &((struct sockaddr_in *) rp->ai_addr)->sin_addr, buf, addr_buf_size);
break;
case AF_INET6:
((struct sockaddr_in6 *) rp->ai_addr)->sin6_port = htons(port);
inet_ntop(rp->ai_family, &((struct sockaddr_in6 *) rp->ai_addr)->sin6_addr, buf, addr_buf_size);
break;
}
debug("Trying [%s]:%i", buf, port);
if ((fd = socket(rp->ai_family, rp->ai_socktype, rp->ai_protocol)) == -1) {
if (e == 0) {
e = errno;
} else if (e != errno) {
e = -1;
}
continue;
}
if (sock_set_socket_timeout_micros(fd, timeout_micros, timeout_micros) == -1) {
close(fd);
return -1;
}
if (connect(fd, rp->ai_addr, rp->ai_addrlen) == -1) {
e = errno;
close(fd);
continue;
}
break;
}
freeaddrinfo(result);
if (addr_buf && addr_buf_size > 1 && addr_buf[0] == 0)
strncpy(addr_buf, buf, addr_buf_size);
errno = e;
return (e == 0) ? fd : -1;
}
int sock_reverse_lookup(const sock *s, char *host, size_t host_size) {
memset(host, 0, host_size);
int ret;
if ((ret = getnameinfo(&s->_addr.sock, sizeof(s->_addr), host, host_size, NULL, 0, 0)) != 0) {
if (ret == EAI_NONAME) {
return 0;
} else {
return sock_gai_error(ret);
}
}
return 0;
}
int sock_set_socket_timeout_micros(int fd, long recv_micros, long send_micros) {
struct timeval recv_to = {.tv_sec = recv_micros / 1000000, .tv_usec = recv_micros % 1000000},
send_to = {.tv_sec = send_micros / 1000000, .tv_usec = send_micros % 1000000};
if (setsockopt(s->socket, SOL_SOCKET, SO_RCVTIMEO, &recv_to, sizeof(recv_to)) != 0)
if (setsockopt(fd, SOL_SOCKET, SO_RCVTIMEO, &recv_to, sizeof(recv_to)) != 0)
return -1;
if (setsockopt(s->socket, SOL_SOCKET, SO_SNDTIMEO, &send_to, sizeof(send_to)) != 0)
if (setsockopt(fd, SOL_SOCKET, SO_SNDTIMEO, &send_to, sizeof(send_to)) != 0)
return -1;
return 0;
}
int sock_set_socket_timeout(sock *s, double sec) {
return sock_set_socket_timeout_micros(s, (long) (sec * 1000000L), (long) (sec * 1000000L));
return sock_set_socket_timeout_micros(s->socket, (long) (sec * 1000000L), (long) (sec * 1000000L));
}
int sock_set_timeout_micros(sock *s, long micros) {
@@ -108,7 +204,7 @@ int sock_set_timeout(sock *s, double sec) {
}
long sock_send(sock *s, void *buf, unsigned long len, int flags) {
if (s->socket == 0) {
if (s->socket < 0) {
errno = ENOTCONN;
return -1;
}
@@ -129,6 +225,7 @@ long sock_send(sock *s, void *buf, unsigned long len, int flags) {
if (ret >= 0) {
s->ts_last = clock_micros();
s->ts_last_send = s->ts_last;
return ret;
} else {
return -1;
@@ -138,7 +235,7 @@ long sock_send(sock *s, void *buf, unsigned long len, int flags) {
long sock_send_x(sock *s, void *buf, unsigned long len, int flags) {
for (long ret, sent = 0; sent < len; sent += ret) {
if ((ret = sock_send(s, (unsigned char *) buf + sent, len - sent, flags)) <= 0) {
if (errno == EINTR) {
if (errno == EINTR || errno == EAGAIN) {
errno = 0, ret = 0;
continue;
} else {
@@ -150,7 +247,7 @@ long sock_send_x(sock *s, void *buf, unsigned long len, int flags) {
}
long sock_recv(sock *s, void *buf, unsigned long len, int flags) {
if (s->socket == 0) {
if (s->socket < 0) {
errno = ENOTCONN;
return -1;
}
@@ -181,7 +278,7 @@ long sock_recv(sock *s, void *buf, unsigned long len, int flags) {
long sock_recv_x(sock *s, void *buf, unsigned long len, int flags) {
for (long ret, rcv = 0; rcv < len; rcv += ret) {
if ((ret = sock_recv(s, (unsigned char *) buf + rcv, len - rcv, flags | MSG_WAITALL)) <= 0) {
if (errno == EINTR) {
if (errno == EINTR || errno == EAGAIN) {
errno = 0, ret = 0;
continue;
} else {
@@ -198,7 +295,7 @@ long sock_splice(sock *dst, sock *src, void *buf, unsigned long buf_len, unsigne
if ((src->pipe || dst->pipe) && !src->enc && !dst->enc) {
for (long ret; send_len < len; send_len += ret) {
if ((ret = splice(src->socket, 0, dst->socket, 0, len, 0)) == -1) {
if (errno == EINTR) {
if (errno == EINTR || errno == EAGAIN) {
errno = 0, ret = 0;
continue;
} else {
@@ -211,7 +308,7 @@ long sock_splice(sock *dst, sock *src, void *buf, unsigned long buf_len, unsigne
next_len = (long) ((buf_len < (len - send_len)) ? buf_len : (len - send_len));
if ((ret = sock_recv(src, buf, next_len, MSG_WAITALL)) <= 0) {
if (errno == EINTR) {
if (errno == EINTR || errno == EAGAIN) {
errno = 0, ret = 0;
continue;
} else {
@@ -231,7 +328,7 @@ long sock_splice_all(sock *dst, sock *src, void *buf, unsigned long buf_len) {
long send_len = 0;
for (long ret;; send_len += ret) {
if ((ret = sock_recv(src, buf, buf_len, 0)) <= 0) {
if (errno == EINTR) {
if (errno == EINTR || errno == EAGAIN) {
errno = 0, ret = 0;
continue;
} else if (ret == 0) {
@@ -279,26 +376,30 @@ long sock_splice_chunked(sock *dst, sock *src, void *buf, unsigned long buf_len,
int sock_close(sock *s) {
int e = errno;
if (s->enc && s->ssl != NULL) {
if (s->ssl != NULL) {
SSL_shutdown(s->ssl);
SSL_free(s->ssl);
s->ssl = NULL;
}
close(s->socket);
s->socket = 0;
if (s->socket != -1) close(s->socket);
s->socket = -1;
s->enc = 0, s->pipe = 0;
errno = e;
return 0;
}
int sock_has_pending(sock *s) {
int sock_has_pending(sock *s, int flags) {
int e = errno;
long ret;
if (s->pipe) {
ioctl(s->socket, FIONREAD, &ret);
int arg;
ioctl(s->socket, FIONREAD, &arg);
ret = arg;
} else if (s->enc && (flags & SOCK_DONTWAIT)) {
ret = SSL_pending(s->ssl);
} else {
char buf[1];
ret = sock_recv(s, &buf, sizeof(buf), MSG_PEEK | MSG_DONTWAIT);
ret = sock_recv(s, &buf, sizeof(buf), MSG_PEEK | ((flags & SOCK_DONTWAIT) ? MSG_DONTWAIT : 0));
}
errno = e;
return ret > 0;
@@ -318,7 +419,7 @@ long sock_recv_chunk_header(sock *s) {
do {
if ((ret = sock_recv(s, buf, sizeof(buf) - 1, MSG_PEEK)) <= 0) {
if (errno == EINTR) {
if (errno == EINTR || errno == EAGAIN) {
errno = 0;
continue;
} else {

16
src/lib/sock.h
View File

@@ -19,6 +19,8 @@
#define SOCK_ENCRYPTED 1
#define SOCK_PIPE 2
#define SOCK_DONTWAIT 1
typedef struct {
unsigned int enc:1, pipe:1;
int socket;
@@ -29,16 +31,22 @@ typedef struct {
char *addr, *s_addr;
SSL_CTX *ctx;
SSL *ssl;
long ts_start, ts_last, timeout_us;
long ts_start, ts_last, ts_last_send, timeout_us;
} sock;
void sock_error(sock *s, int ret);
const char *sock_error_str(unsigned long err);
int sock_init(sock *s, int fd, int enc);
int sock_init(sock *s, int fd, int flags);
int sock_set_socket_timeout_micros(sock *s, long recv_micros, long send_micros);
int sock_connect(const char *hostname, unsigned short port, double timeout_sec, char *addr_buf, size_t addr_buf_size);
int sock_reverse_lookup(const sock *s, char *host, size_t host_size);
int sock_init_addr_str(const sock *s, char *c_addr, size_t c_addr_size, char *s_addr, size_t s_addr_size);
int sock_set_socket_timeout_micros(int fd, long recv_micros, long send_micros);
int sock_set_socket_timeout(sock *s, double sec);
@@ -62,7 +70,7 @@ long sock_splice_chunked(sock *dst, sock *src, void *buf, unsigned long buf_len,
int sock_close(sock *s);
int sock_has_pending(sock *s);
int sock_has_pending(sock *s, int flags);
long sock_recv_chunk_header(sock *s);

54
src/lib/uri.c
View File

@@ -39,7 +39,7 @@ int path_exists(const char *path) {
}
int uri_init(http_uri *uri, const char *webroot, const char *uri_str, int dir_mode) {
char buf0[1024], buf1[1024], buf2[1024], buf3[1024];
char buf0[1024], buf1[1024], buf2[1024], buf3[1024], buf4[1024];
int p_len;
uri->webroot = NULL;
@@ -107,57 +107,71 @@ int uri_init(http_uri *uri, const char *webroot, const char *uri_str, int dir_mo
while (1) {
sprintf(buf0, "%s%s", uri->webroot, uri->path);
p_len = snprintf(buf1, sizeof(buf1), "%s.php", buf0);
p_len = snprintf(buf1, sizeof(buf1), "%s.xhtml", buf0);
if (p_len < 0 || p_len >= sizeof(buf1)) return -1;
p_len = snprintf(buf2, sizeof(buf2), "%s.html", buf0);
if (p_len < 0 || p_len >= sizeof(buf2)) return -1;
p_len = snprintf(buf3, sizeof(buf3), "%s.php", buf0);
if (p_len < 0 || p_len >= sizeof(buf3)) return -1;
if (strlen(uri->path) <= 1 || path_exists(buf0) || path_is_file(buf1) || path_is_file(buf2))
if (strlen(uri->path) <= 1 || path_exists(buf0) || path_is_file(buf1) || path_is_file(buf2) || path_is_file(buf3))
break;
char *ptr;
parent_dir:
ptr = strrchr(uri->path, '/');
size = (long) strlen(ptr);
sprintf(buf3, "%.*s%s", (int) size, ptr, uri->pathinfo);
strcpy(uri->pathinfo, buf3);
sprintf(buf4, "%.*s%s", (int) size, ptr, uri->pathinfo);
strcpy(uri->pathinfo, buf4);
ptr[0] = 0;
}
if (uri->pathinfo[0] != 0) {
sprintf(buf3, "%s", uri->pathinfo + 1);
strcpy(uri->pathinfo, buf3);
sprintf(buf4, "%s", uri->pathinfo + 1);
strcpy(uri->pathinfo, buf4);
}
if (path_is_file(buf0)) {
uri->filename = malloc(strlen(buf0) + 1);
strcpy(uri->filename, buf0);
long len = (long) strlen(uri->path);
if (strends(uri->path, ".php")) {
uri->path[len - 4] = 0;
uri->is_static = 0;
if (strends(uri->path, ".xhtml")) {
uri->path[len - 6] = 0;
} else if (strends(uri->path, ".html")) {
uri->path[len - 5] = 0;
} else if (strends(uri->path, ".php")) {
uri->path[len - 4] = 0;
uri->is_static = 0;
}
} else if (path_is_file(buf1)) {
uri->is_static = 0;
uri->filename = malloc(strlen(buf1) + 1);
strcpy(uri->filename, buf1);
} else if (path_is_file(buf2)) {
uri->is_static = 0;
uri->filename = malloc(strlen(buf2) + 1);
strcpy(uri->filename, buf2);
} else if (path_is_file(buf3)) {
uri->filename = malloc(strlen(buf3) + 1);
strcpy(uri->filename, buf3);
uri->is_static = 0;
} else {
uri->is_dir = 1;
strcpy(uri->path + strlen(uri->path), "/");
sprintf(buf1, "%s%s" "index.php", uri->webroot, uri->path);
sprintf(buf1, "%s%s" "index.xhtml", uri->webroot, uri->path);
sprintf(buf2, "%s%s" "index.html", uri->webroot, uri->path);
if (path_is_file(buf1)) {
sprintf(buf3, "%s%s" "index.php", uri->webroot, uri->path);
if (path_is_file(buf3) && uri->pathinfo[0] != 0) {
uri->filename = malloc(strlen(buf3) + 1);
strcpy(uri->filename, buf3);
uri->is_static = 0;
} else if (path_is_file(buf1)) {
uri->filename = malloc(strlen(buf1) + 1);
strcpy(uri->filename, buf1);
uri->is_static = 0;
} else if (path_is_file(buf2)) {
uri->filename = malloc(strlen(buf2) + 1);
strcpy(uri->filename, buf2);
} else if (path_is_file(buf3)) {
uri->filename = malloc(strlen(buf3) + 1);
strcpy(uri->filename, buf3);
uri->is_static = 0;
} else {
if (dir_mode == URI_DIR_MODE_FORBIDDEN) {
uri->is_static = 1;
@@ -174,17 +188,17 @@ int uri_init(http_uri *uri, const char *webroot, const char *uri_str, int dir_mo
}
}
if (strends(uri->path + strlen(uri->path), "index"))
if (strends(uri->path, "/index"))
uri->path[strlen(uri->path) - 5] = 0;
if (streq(uri->pathinfo, "index.php") || streq(uri->pathinfo, "index.html"))
if (streq(uri->pathinfo, "index.php") || streq(uri->pathinfo, "index.html") || streq(uri->pathinfo, "index.xhtml"))
uri->pathinfo[0] = 0;
sprintf(buf0, "%s%s%s%s%s", uri->path,
sprintf(buf4, "%s%s%s%s%s", uri->path,
(strlen(uri->pathinfo) == 0 || uri->path[strlen(uri->path) - 1] == '/') ? "" : "/",
uri->pathinfo, uri->query != NULL ? "?" : "", uri->query != NULL ? uri->query : "");
uri->uri = malloc(strlen(buf0) + 1);
strcpy(uri->uri, buf0);
uri->uri = malloc(strlen(buf4) + 1);
strcpy(uri->uri, buf4);
return 0;
}

55
src/lib/utils.c
View File

@@ -20,6 +20,24 @@
static const char base64_encode_table[64] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
static const int base64_mod_table[3] = {0, 2, 1};
static const char base64_decode_table[256] = {
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 62, -1, -1, -1, 63,
52, 53, 54, 55, 56, 57, 58, 59, 60, 61, -1, -1, -1, 0, -1, -1,
-1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14,
15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, -1, -1, -1, -1, -1,
-1, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40,
41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
};
char *format_duration(unsigned long micros, char *buf) {
@@ -150,6 +168,7 @@ int mime_is_text(const char *restrict type) {
streq(type_parsed, "application/javascript") ||
streq(type_parsed, "application/json") ||
streq(type_parsed, "application/xml") ||
streq(type_parsed, "application/sql") ||
streq(type_parsed, "application/x-www-form-urlencoded") ||
streq(type_parsed, "application/x-tex") ||
streq(type_parsed, "application/x-httpd-php") ||
@@ -206,25 +225,25 @@ int strcontains(const char *restrict haystack, const char *restrict needle) {
int strstarts(const char *restrict str, const char *restrict prefix) {
if (str == NULL || prefix == NULL) return 0;
unsigned long l1 = strlen(str), l2 = strlen(prefix);
const unsigned long l1 = strlen(str), l2 = strlen(prefix);
return l2 <= l1 && strncmp(str, prefix, l2) == 0;
}
int strends(const char *restrict str, const char *restrict suffix) {
if (str == NULL || suffix == NULL) return 0;
unsigned long l1 = strlen(str), l2 = strlen(suffix);
const unsigned long l1 = strlen(str), l2 = strlen(suffix);
return l2 <= l1 && strcmp(str + l1 - l2, suffix) == 0;
}
int base64_encode(void *data, unsigned long data_len, char *output, unsigned long *output_len) {
unsigned long out_len = 4 * ((data_len + 2) / 3);
const unsigned long out_len = 4 * ((data_len + 2) / 3);
if (output_len != NULL) *output_len = out_len;
for (int i = 0, j = 0; i < data_len;) {
unsigned int octet_a = (i < data_len) ? ((unsigned char *) data)[i++] : 0;
unsigned int octet_b = (i < data_len) ? ((unsigned char *) data)[i++] : 0;
unsigned int octet_c = (i < data_len) ? ((unsigned char *) data)[i++] : 0;
unsigned int triple = (octet_a << 0x10) + (octet_b << 0x08) + octet_c;
const unsigned int octet_a = (i < data_len) ? ((unsigned char *) data)[i++] : 0;
const unsigned int octet_b = (i < data_len) ? ((unsigned char *) data)[i++] : 0;
const unsigned int octet_c = (i < data_len) ? ((unsigned char *) data)[i++] : 0;
const unsigned int triple = (octet_a << 16) | (octet_b << 8) | octet_c;
output[j++] = base64_encode_table[(triple >> 3 * 6) & 0x3F];
output[j++] = base64_encode_table[(triple >> 2 * 6) & 0x3F];
output[j++] = base64_encode_table[(triple >> 1 * 6) & 0x3F];
@@ -238,6 +257,28 @@ int base64_encode(void *data, unsigned long data_len, char *output, unsigned lon
return 0;
}
int base64_decode(const char *data, unsigned long data_len, void *output, unsigned long *output_len) {
const unsigned long out_len = 3 * ((data_len + 2) / 4);
if (output_len != NULL) *output_len = out_len;
char *out = output;
for (int i = 0, j = 0; i < data_len;) {
const int octet_a = (i < data_len) ? base64_decode_table[((unsigned char *) data)[i++]] : 0;
const int octet_b = (i < data_len) ? base64_decode_table[((unsigned char *) data)[i++]] : 0;
const int octet_c = (i < data_len) ? base64_decode_table[((unsigned char *) data)[i++]] : 0;
const int octet_d = (i < data_len) ? base64_decode_table[((unsigned char *) data)[i++]] : 0;
if (octet_a < 0 || octet_b < 0 || octet_c < 0 || octet_d < 0) return -1;
const unsigned int triple = (octet_a << 3 * 6) | (octet_b << 2 * 6) | (octet_c << 6) | octet_d;
out[j++] = (char) (triple >> 16);
out[j++] = (char) ((triple >> 8) & 0xFF);
out[j++] = (char) (triple & 0xFF);
}
out[out_len] = 0;
return 0;
}
long clock_micros(void) {
struct timespec time;
clock_gettime(CLOCK_MONOTONIC, &time);

2
src/lib/utils.h
View File

@@ -47,6 +47,8 @@ int strends(const char *restrict str, const char *restrict suffix);
int base64_encode(void *data, unsigned long data_len, char *output, unsigned long *output_len);
int base64_decode(const char *data, unsigned long data_len, void *output, unsigned long *output_len);
long clock_micros(void);
long clock_cpu(void);

2
src/logger.c
View File

@@ -20,7 +20,7 @@
#include <malloc.h>
#define LOG_MAX_MSG_SIZE 2048
#define LOG_BUF_SIZE 16
#define LOG_BUF_SIZE 256
#define LOG_NAME_LEN 12
#define LOG_PREFIX_LEN 256

17
src/server.c
View File

@@ -40,6 +40,8 @@ static SSL_CTX *contexts[CONFIG_MAX_CERT_CONFIG];
static client_ctx_t **clients;
static sem_t sem_clients_lock;
static void terminate_gracefully(int sig);
static void clean(void) {
notice("Cleaning sesimos cache and metadata files...");
@@ -121,7 +123,7 @@ static void accept_cb(void *arg) {
client_ctx_t *client_ctx = malloc(sizeof(client_ctx_t));
if (client_ctx == NULL) {
critical("Unable to allocate memory for client context");
errno = 0;
terminate_gracefully(0);
return;
}
sock *client = &client_ctx->socket;
@@ -132,6 +134,7 @@ static void accept_cb(void *arg) {
if (client_fd < 0) {
critical("Unable to accept connection");
free(client_ctx);
terminate_gracefully(0);
return;
}
@@ -146,6 +149,7 @@ static void accept_cb(void *arg) {
continue;
} else {
critical("Unable to lock clients list");
terminate_gracefully(0);
return;
}
}
@@ -154,8 +158,9 @@ static void accept_cb(void *arg) {
clients = list_append(clients, &client_ctx);
if (clients == NULL) {
critical("Unable to add client context to list");
sem_post(&sem_clients_lock);
free(client_ctx);
errno = 0;
terminate_gracefully(0);
return;
}
@@ -190,21 +195,27 @@ static void terminate_gracefully(int sig) {
sigaction(SIGINT, &act, NULL);
sigaction(SIGTERM, &act, NULL);
debug("Closing listening sockets...");
for (int i = 0; i < NUM_SOCKETS; i++) {
close(sockets[i]);
}
debug("Stopping workers...");
cache_stop();
workers_stop();
debug("Destroying workers...");
workers_destroy();
logger_set_prefix("");
debug("Closing proxy connections...");
proxy_close_all();
debug("Closing client connections...");
while (list_size(clients) > 0)
tcp_close(clients[0]);
logger_set_prefix("");
debug("Stopping async loop...");
async_stop();
}
@@ -320,7 +331,7 @@ int main(int argc, char *const argv[]) {
SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE);
SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);
SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION);
SSL_CTX_set_mode(ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
SSL_CTX_set_mode(ctx, SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_AUTO_RETRY);
SSL_CTX_set_cipher_list(ctx, "HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4");
SSL_CTX_set_ecdh_auto(ctx, 1);
SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);

5
src/server.h
View File

@@ -14,8 +14,11 @@
#define NUM_SOCKETS 2
#define LISTEN_BACKLOG 16
#define REQ_PER_CONNECTION 200
#define SOCKET_TIMEOUT 1
#define CLIENT_TIMEOUT 3600
#define SERVER_TIMEOUT_INIT 4
#define SERVER_SOCKET_TIMEOUT_INIT 5
#define SERVER_SOCKET_TIMEOUT_RES 60
#define SERVER_TIMEOUT 3600
#define CNX_HANDLER_WORKERS 8

5
src/worker/chunk_handler.c
View File

@@ -1,7 +1,7 @@
/**
* sesimos - secure, simple, modern web server
* @brief FastCGI frame handler
* @file src/worker/fcti_frame_handler.c
* @file src/worker/fcgi_frame_handler.c
* @author Lorenz Stechauner
* @date 2023-01-22
*/
@@ -16,7 +16,7 @@ void chunk_handler_func(chunk_ctx_t *ctx) {
logger_set_prefix("[%*s]%s", ADDRSTRLEN, ctx->client->socket.s_addr, ctx->client->log_prefix);
char buf[CHUNK_SIZE];
long sent = sock_splice_chunked(&ctx->client->socket, ctx->socket, buf, sizeof(buf), ctx->flags | SOCK_SINGLE_CHUNK);
const long sent = sock_splice_chunked(&ctx->client->socket, ctx->socket, buf, sizeof(buf), ctx->flags | SOCK_SINGLE_CHUNK);
if (sent < 0) {
// error
error("Unable to splice chunk");
@@ -28,6 +28,7 @@ void chunk_handler_func(chunk_ctx_t *ctx) {
ctx->next_cb(ctx);
} else {
// next chunk
ctx->client->transferred_length += sent;
handle_chunk(ctx);
return;
}

18
src/worker/fastcgi_frame_handler.c
View File

@@ -1,7 +1,7 @@
/**
* sesimos - secure, simple, modern web server
* @brief FastCGI frame handler
* @file src/worker/fcti_frame_handler.c
* @file src/worker/fastcgi_frame_handler.c
* @author Lorenz Stechauner
* @date 2023-01-22
*/
@@ -37,13 +37,13 @@ void fastcgi_frame_handler_func(fastcgi_ctx_t *ctx) {
int fastcgi_handle_connection(client_ctx_t *ctx, fastcgi_cnx_t **cnx) {
sock_set_timeout(&(*cnx)->socket, FASTCGI_TIMEOUT);
sock_set_socket_timeout(&(*cnx)->socket, 1);
sock_set_socket_timeout(&(*cnx)->socket, FASTCGI_SOCKET_TIMEOUT);
fastcgi_ctx_t *a = malloc(sizeof(fastcgi_ctx_t));
a->closed = 0;
a->client = ctx;
memcpy(&a->cnx, *cnx, sizeof(fastcgi_cnx_t));
ctx->fcgi_cnx = a;
ctx->fcgi_ctx = a;
fastcgi_handle_frame(a);
*cnx = &a->cnx;
@@ -51,10 +51,9 @@ int fastcgi_handle_connection(client_ctx_t *ctx, fastcgi_cnx_t **cnx) {
}
void fastcgi_close(fastcgi_ctx_t *ctx) {
if (ctx->closed == 0) {
ctx->closed++;
ctx->closed++;
if (ctx->closed != 2)
return;
}
logger_set_prefix("[%*s]%s", ADDRSTRLEN, ctx->client->socket.s_addr, ctx->client->log_prefix);
@@ -66,7 +65,12 @@ void fastcgi_close(fastcgi_ctx_t *ctx) {
debug("Closing FastCGI connection");
fastcgi_close_cnx(&ctx->cnx);
ctx->client->fcgi_cnx = NULL;
ctx->client->fcgi_ctx = NULL;
free(ctx);
errno = 0;
}
void fastcgi_close_error(fastcgi_ctx_t *ctx) {
logger_set_prefix("[%*s]%s", ADDRSTRLEN, ctx->client->socket.s_addr, ctx->client->log_prefix);
fastcgi_close_cnx(&ctx->cnx);
}

82
src/worker/fastcgi_handler.c
View File

@@ -27,12 +27,10 @@ void fastcgi_handler_func(client_ctx_t *ctx) {
int ret = fastcgi_handler_1(ctx, &fcgi_cnx);
respond(ctx);
if (ret == 0) {
switch (fastcgi_handler_2(ctx, fcgi_cnx)) {
case 1: return;
case 2: break;
}
} else {
fastcgi_close(ctx->fcgi_cnx);
fastcgi_handler_2(ctx, fcgi_cnx);
return;
} else if (ctx->fcgi_ctx != NULL) {
fastcgi_close(ctx->fcgi_ctx);
}
}
@@ -46,14 +44,6 @@ static int fastcgi_handler_1(client_ctx_t *ctx, fastcgi_cnx_t **fcgi_cnx) {
http_uri *uri = &ctx->uri;
sock *client = &ctx->socket;
char *err_msg = ctx->err_msg;
fastcgi_cnx_t fcgi_cnx_buf;
(*fcgi_cnx) = &fcgi_cnx_buf;
sock_init(&(*fcgi_cnx)->socket, 0, 0);
(*fcgi_cnx)->req_id = 0;
(*fcgi_cnx)->r_addr = ctx->socket.addr;
(*fcgi_cnx)->r_host = (ctx->host[0] != 0) ? ctx->host : NULL;
char buf[1024];
int mode, ret;
@@ -62,30 +52,54 @@ static int fastcgi_handler_1(client_ctx_t *ctx, fastcgi_cnx_t **fcgi_cnx) {
} else {
res->status = http_get_status(500);
error("Invalid FastCGI extension: %s", uri->filename);
return 0;
return 3;
}
struct stat statbuf;
stat(uri->filename, &statbuf);
char *last_modified = http_format_date(statbuf.st_mtime, buf, sizeof(buf));
http_add_header_field(&res->hdr, "Last-Modified", last_modified);
fastcgi_cnx_t fcgi_cnx_buf;
sock_init(&fcgi_cnx_buf.socket, -1, 0);
fcgi_cnx_buf.req_id = 0;
fcgi_cnx_buf.r_addr = ctx->socket.addr;
fcgi_cnx_buf.r_host = (ctx->host[0] != 0) ? ctx->host : NULL;
res->status = http_get_status(200);
if (fastcgi_init(*fcgi_cnx, mode, ctx->req_num, client, req, uri) != 0) {
if (fastcgi_init(&fcgi_cnx_buf, mode, ctx->req_num, client, req, uri) != 0) {
fastcgi_close_cnx(&fcgi_cnx_buf);
res->status = http_get_status(503);
sprintf(err_msg, "Unable to communicate with FastCGI socket.");
return 2;
return 3;
}
(*fcgi_cnx) = &fcgi_cnx_buf;
fastcgi_handle_connection(ctx, fcgi_cnx);
int expect_100_continue = 0;
const char *client_expect = http_get_header_field(&req->hdr, "Expect");
if (client_expect != NULL && strcasecmp(client_expect, "100-continue") == 0) {
expect_100_continue = 1;
} else if (client_expect != NULL) {
fastcgi_close_cnx((&fcgi_cnx_buf));
res->status = http_get_status(417);
return 3;
}
const char *client_content_length = http_get_header_field(&req->hdr, "Content-Length");
const char *client_transfer_encoding = http_get_header_field(&req->hdr, "Transfer-Encoding");
if (client_content_length != NULL) {
if (expect_100_continue) {
info(HTTP_1XX_STR "100 Continue" CLR_STR);
http_send_100_continue(client);
}
unsigned long client_content_len = strtoul(client_content_length, NULL, 10);
ret = fastcgi_receive(*fcgi_cnx, client, client_content_len);
} else if (strcontains(client_transfer_encoding, "chunked")) {
if (expect_100_continue) {
info(HTTP_1XX_STR "100 Continue" CLR_STR);
http_send_100_continue(client);
}
ret = fastcgi_receive_chunked(*fcgi_cnx, client);
} else if (expect_100_continue) {
fastcgi_close_cnx((&fcgi_cnx_buf));
res->status = http_get_status(417);
return 3;
} else {
ret = 0;
}
@@ -148,9 +162,9 @@ static int fastcgi_handler_1(client_ctx_t *ctx, fastcgi_cnx_t **fcgi_cnx) {
}
static void fastcgi_next_cb(chunk_ctx_t *ctx) {
if(ctx->client->fcgi_cnx) {
fastcgi_close(ctx->client->fcgi_cnx);
ctx->client->fcgi_cnx = NULL;
if (ctx->client->fcgi_ctx) {
fastcgi_close(ctx->client->fcgi_ctx);
ctx->client->fcgi_ctx = NULL;
}
fastcgi_handle(ctx->client);
@@ -162,10 +176,11 @@ static void fastcgi_error_cb(chunk_ctx_t *ctx) {
logger_set_prefix("[%s%*s%s]%s", BLD_STR, ADDRSTRLEN, ctx->client->req_host, CLR_STR, ctx->client->log_prefix);
// FIXME segfault on error_cb
warning("Closing connection due to FastCGI error");
if(ctx->client->fcgi_cnx) {
fastcgi_close(ctx->client->fcgi_cnx);
ctx->client->fcgi_cnx = NULL;
if(ctx->client->fcgi_ctx) {
fastcgi_close_error(ctx->client->fcgi_ctx);
ctx->client->fcgi_ctx = NULL;
}
tcp_close(ctx->client);
@@ -175,15 +190,6 @@ static void fastcgi_error_cb(chunk_ctx_t *ctx) {
static int fastcgi_handler_2(client_ctx_t *ctx, fastcgi_cnx_t *fcgi_cnx) {
int chunked = strcontains(http_get_header_field(&ctx->res.hdr, "Transfer-Encoding"), "chunked");
if (chunked) {
handle_chunks(ctx, &fcgi_cnx->out, SOCK_CHUNKED, fastcgi_next_cb, fastcgi_error_cb);
return 1;
} else {
fastcgi_send(fcgi_cnx, &ctx->socket);
fastcgi_close(ctx->fcgi_cnx);
ctx->fcgi_cnx = NULL;
fastcgi_handle(ctx);
return 2;
}
handle_chunks(ctx, &fcgi_cnx->out, chunked ? SOCK_CHUNKED : 0, fastcgi_next_cb, fastcgi_error_cb);
return 1;
}

10
src/worker/func.h
View File

@@ -33,10 +33,10 @@ typedef struct {
http_status custom_status;
host_config_t *conf;
FILE *file;
long content_length;
long content_length, transferred_length;
char *msg_buf, *msg_buf_ptr, msg_content[1024];
proxy_ctx_t *proxy;
void *fcgi_cnx;
void *fcgi_ctx;
} client_ctx_t;
typedef struct {
@@ -46,7 +46,7 @@ typedef struct {
} ws_ctx_t;
typedef struct {
int closed:2;
unsigned char closed:4;
client_ctx_t *client;
fastcgi_cnx_t cnx;
} fastcgi_ctx_t;
@@ -71,6 +71,8 @@ void fastcgi_frame_handler_func(fastcgi_ctx_t *ctx);
void proxy_handler_func(client_ctx_t *ctx);
void proxy_peer_handler_func(proxy_ctx_t *ctx);
void ws_frame_handler_func(ws_ctx_t *ctx);
void chunk_handler_func(chunk_ctx_t *ctx);
@@ -93,4 +95,6 @@ int fastcgi_handle_connection(client_ctx_t *ctx, fastcgi_cnx_t **cnx);
void fastcgi_close(fastcgi_ctx_t *ctx);
void fastcgi_close_error(fastcgi_ctx_t *ctx);
#endif //SESIMOS_FUNC_H

190
src/worker/local_handler.c
View File

@@ -134,7 +134,7 @@ static int local_handler(client_ctx_t *ctx) {
http_add_header_field(&res->hdr, "Access-Control-Allow-Origin", "*");
}
if (!strstarts(uri->req_path, "/.well-known/") && strcontains(uri->path, "/.")) {
if ((!strstarts(uri->req_path, "/.well-known/") && strcontains(uri->path, "/.")) || strends(uri->filename, ".inc") || strends(uri->filename, ".inc.php")) {
res->status = http_get_status(403);
sprintf(err_msg, "Parts of this URI are hidden.");
return 0;
@@ -155,97 +155,107 @@ static int local_handler(client_ctx_t *ctx) {
return 0;
}
if (uri->is_static) {
res->status = http_get_status(200);
cache_init_uri(ctx->conf->cache, uri);
http_add_header_field(&res->hdr, "Accept-Ranges", mime_is_text(uri->meta->type) ? "bytes, lines" : "bytes");
if (!streq(req->method, "GET") && !streq(req->method, "HEAD")) {
res->status = http_get_status(405);
return 0;
}
if (http_get_header_field(&req->hdr, "Content-Length") != NULL || http_get_header_field(&req->hdr, "Transfer-Encoding") != NULL) {
res->status = http_get_status(400);
sprintf(err_msg, "A GET request must not contain a payload");
return 0;
}
const char *last_modified = http_format_date(uri->meta->mtime, buf1, sizeof(buf1));
http_add_header_field(&res->hdr, "Last-Modified", last_modified);
sprintf(buf2, "%s; charset=%s", uri->meta->type, uri->meta->charset);
http_add_header_field(&res->hdr, "Content-Type", buf2);
const char *accept_encoding = http_get_header_field(&req->hdr, "Accept-Encoding");
int enc = 0;
if (accept_encoding != NULL) {
if (uri->meta->filename_comp_br[0] != 0 && strcontains(accept_encoding, "br")) {
ctx->file = fopen(uri->meta->filename_comp_br, "rb");
if (ctx->file == NULL) {
cache_mark_dirty(ctx->conf->cache, uri->filename);
errno = 0;
} else {
http_add_header_field(&res->hdr, "Content-Encoding", "br");
enc = COMPRESS_BR;
}
} else if (uri->meta->filename_comp_gz[0] != 0 && strcontains(accept_encoding, "gzip")) {
ctx->file = fopen(uri->meta->filename_comp_gz, "rb");
if (ctx->file == NULL) {
cache_mark_dirty(ctx->conf->cache, uri->filename);
errno = 0;
} else {
http_add_header_field(&res->hdr, "Content-Encoding", "gzip");
enc = COMPRESS_GZ;
}
}
if (enc != 0) {
http_add_header_field(&res->hdr, "Vary", "Accept-Encoding");
}
}
if (uri->meta->etag[0] != 0) {
strcpy(buf1, uri->meta->etag);
if (enc) {
strcat(buf1, "-");
strcat(buf1, (enc & COMPRESS_BR) ? "br" : (enc & COMPRESS_GZ) ? "gzip" : "");
}
http_add_header_field(&res->hdr, "ETag", buf1);
}
http_add_header_field(&res->hdr, "Cache-Control", mime_is_text(uri->meta->type) ? "public, max-age=3600" : "public, max-age=86400");
const char *if_modified_since = http_get_header_field(&req->hdr, "If-Modified-Since");
const char *if_none_match = http_get_header_field(&req->hdr, "If-None-Match");
if ((if_none_match != NULL && !strcontains(if_none_match, uri->meta->etag)) ||
(accept_if_modified_since && streq(if_modified_since, last_modified)))
{
res->status = http_get_status(304);
return 0;
}
if (http_get_header_field(&req->hdr, "Range") != NULL) {
if (range_handler(ctx) == 0) {
res->status = http_get_status(206);
} else {
if (ctx->file) {
fclose(ctx->file);
ctx->file = NULL;
}
http_remove_header_field(&res->hdr, "Content-Type", HTTP_REMOVE_ALL);
http_remove_header_field(&res->hdr, "Last-Modified", HTTP_REMOVE_ALL);
http_remove_header_field(&res->hdr, "ETag", HTTP_REMOVE_ALL);
http_remove_header_field(&res->hdr, "Cache-Control", HTTP_REMOVE_ALL);
res->status = http_get_status(416);
}
return 0;
}
if (ctx->file == NULL) ctx->file = fopen(uri->filename, "rb");
ctx->content_length = fsize(ctx->file);
} else {
if (!uri->is_static) {
return 1;
}
const char *client_expect = http_get_header_field(&req->hdr, "Expect");
if (client_expect != NULL && strcasecmp(client_expect, "100-continue") != 0) {
res->status = http_get_status(417);
return 0;
}
res->status = http_get_status(200);
cache_init_uri(ctx->conf->cache, uri);
http_add_header_field(&res->hdr, "Accept-Ranges", mime_is_text(uri->meta->type) ? "bytes, lines" : "bytes");
if (!streq(req->method, "GET") && !streq(req->method, "HEAD")) {
res->status = http_get_status(405);
return 0;
}
if (http_get_header_field(&req->hdr, "Content-Length") != NULL || http_get_header_field(&req->hdr, "Transfer-Encoding") != NULL) {
res->status = http_get_status(400);
sprintf(err_msg, "A GET request must not contain a payload");
return 0;
}
const char *last_modified = http_format_date(uri->meta->mtime, buf1, sizeof(buf1));
http_add_header_field(&res->hdr, "Last-Modified", last_modified);
sprintf(buf2, "%s; charset=%s", uri->meta->type, uri->meta->charset);
http_add_header_field(&res->hdr, "Content-Type", buf2);
const char *accept_encoding = http_get_header_field(&req->hdr, "Accept-Encoding");
int enc = 0;
if (accept_encoding != NULL) {
if (uri->meta->filename_comp_br[0] != 0 && strcontains(accept_encoding, "br")) {
ctx->file = fopen(uri->meta->filename_comp_br, "rb");
if (ctx->file == NULL) {
cache_mark_dirty(ctx->conf->cache, uri->filename);
errno = 0;
} else {
http_add_header_field(&res->hdr, "Content-Encoding", "br");
enc = COMPRESS_BR;
}
} else if (uri->meta->filename_comp_gz[0] != 0 && strcontains(accept_encoding, "gzip")) {
ctx->file = fopen(uri->meta->filename_comp_gz, "rb");
if (ctx->file == NULL) {
cache_mark_dirty(ctx->conf->cache, uri->filename);
errno = 0;
} else {
http_add_header_field(&res->hdr, "Content-Encoding", "gzip");
enc = COMPRESS_GZ;
}
}
}
if (uri->meta->filename_comp_br[0] != 0 || uri->meta->filename_comp_gz[0] != 0) {
http_add_header_field(&res->hdr, "Vary", "Accept-Encoding");
}
buf1[0] = 0;
if (uri->meta->etag[0] != 0) {
buf1[0] = '"';
strcpy(buf1 + 1, uri->meta->etag);
if (enc) {
strcat(buf1, "-");
strcat(buf1, (enc & COMPRESS_BR) ? "br" : (enc & COMPRESS_GZ) ? "gzip" : "");
}
strcat(buf1, "\"");
http_add_header_field(&res->hdr, "ETag", buf1);
}
http_add_header_field(&res->hdr, "Cache-Control", mime_is_text(uri->meta->type) ? "public, must-revalidate, max-age=3600" : "public, must-revalidate, max-age=86400");
const char *if_modified_since = http_get_header_field(&req->hdr, "If-Modified-Since");
const char *if_none_match = http_get_header_field(&req->hdr, "If-None-Match");
if ((if_none_match != NULL && strcontains(if_none_match, buf1)) ||
(accept_if_modified_since && streq(if_modified_since, last_modified)))
{
res->status = http_get_status(304);
ctx->content_length = 0;
return 0;
}
if (http_get_header_field(&req->hdr, "Range") != NULL) {
if (range_handler(ctx) == 0) {
res->status = http_get_status(206);
} else {
if (ctx->file) {
fclose(ctx->file);
ctx->file = NULL;
}
http_remove_header_field(&res->hdr, "Content-Type", HTTP_REMOVE_ALL);
http_remove_header_field(&res->hdr, "Last-Modified", HTTP_REMOVE_ALL);
http_remove_header_field(&res->hdr, "ETag", HTTP_REMOVE_ALL);
http_remove_header_field(&res->hdr, "Cache-Control", HTTP_REMOVE_ALL);
res->status = http_get_status(416);
}
return 0;
}
if (ctx->file == NULL) ctx->file = fopen(uri->filename, "rb");
ctx->content_length = fsize(ctx->file);
return 0;
}

43
src/worker/proxy_handler.c
View File

@@ -1,7 +1,7 @@
/**
* sesimos - secure, simple, modern web server
* @brief Proxy handler
* @file src/worker/proxy_handler_1.c
* @file src/worker/proxy_handler.c
* @author Lorenz Stechauner
* @date 2022-12-29
*/
@@ -27,23 +27,28 @@ void proxy_handler_func(client_ctx_t *ctx) {
respond(ctx);
if (ret == 1) {
proxy_unlock_ctx(ctx->proxy);
ctx->proxy = NULL;
// error status code
if (proxy_unlock_ctx(ctx->proxy) == 1)
proxy_peer_handle(ctx->proxy);
} else if (ctx->use_proxy == 0) {
// proxy not used
proxy_close(ctx->proxy);
proxy_unlock_ctx(ctx->proxy);
} else if (ctx->use_proxy == 1) {
// proxy is used
if (proxy_handler_2(ctx) == 1) {
// chunked
return;
}
proxy_unlock_ctx(ctx->proxy);
ctx->proxy = NULL;
if (proxy_unlock_ctx(ctx->proxy) == 1)
proxy_peer_handle(ctx->proxy);
} else if (ctx->use_proxy == 2) {
// WebSocket
ws_handle_connection(ctx);
return;
}
ctx->proxy = NULL;
request_complete(ctx);
handle_request(ctx);
}
@@ -54,13 +59,16 @@ static int proxy_handler_1(client_ctx_t *ctx) {
char buf[1024];
info("Reverse proxy for " BLD_STR "%s:%i" CLR_STR, ctx->conf->proxy.hostname, ctx->conf->proxy.port);
info("Reverse proxy for " BLD_STR "[%s]:%i" CLR_STR, ctx->conf->proxy.hostname, ctx->conf->proxy.port);
http_remove_header_field(&res->hdr, "Date", HTTP_REMOVE_ALL);
http_remove_header_field(&res->hdr, "Server", HTTP_REMOVE_ALL);
ctx->use_proxy = proxy_init(&ctx->proxy, &ctx->req, res, status, ctx->conf, &ctx->socket, &ctx->custom_status, ctx->err_msg) == 0;
ctx->proxy->client = ctx;
if (ctx->use_proxy == 0)
return 0;
if (res->status->code == 101) {
const char *connection = http_get_header_field(&res->hdr, "Connection");
const char *upgrade = http_get_header_field(&res->hdr, "Upgrade");
@@ -84,7 +92,8 @@ static int proxy_handler_1(client_ctx_t *ctx) {
const char *content_type = http_get_header_field(&res->hdr, "Content-Type");
const char *content_length_f = http_get_header_field(&res->hdr, "Content-Length");
const char *content_encoding = http_get_header_field(&res->hdr, "Content-Encoding");
if (content_encoding == NULL && (
const char *transfer_encoding = http_get_header_field(&res->hdr, "Transfer-Encoding");
if (transfer_encoding == NULL && content_encoding == NULL && (
content_length_f == NULL ||
streq(content_length_f, "0") ||
(content_length_f != NULL && strstarts(content_type, "text/html"))))
@@ -109,33 +118,41 @@ static int proxy_handler_1(client_ctx_t *ctx) {
}
static void proxy_chunk_next_cb(chunk_ctx_t *ctx) {
proxy_unlock_ctx(ctx->client->proxy);
ctx->client->proxy = NULL;
if (proxy_unlock_ctx(ctx->client->proxy) == 1)
proxy_peer_handle(ctx->client->proxy);
ctx->client->proxy = NULL;
request_complete(ctx->client);
handle_request(ctx->client);
}
static void proxy_chunk_err_cb(chunk_ctx_t *ctx) {
ctx->client->c_keep_alive = 0;
proxy_chunk_next_cb(ctx);
proxy_close(ctx->client->proxy);
proxy_unlock_ctx(ctx->client->proxy);
ctx->client->proxy = NULL;
request_complete(ctx->client);
handle_request(ctx->client);
}
static int proxy_handler_2(client_ctx_t *ctx) {
const char *transfer_encoding = http_get_header_field(&ctx->res.hdr, "Transfer-Encoding");
int chunked = strcontains(transfer_encoding, "chunked");
const int chunked = strcontains(transfer_encoding, "chunked");
const char *content_len = http_get_header_field(&ctx->res.hdr, "Content-Length");
unsigned long len_to_send = (content_len != NULL) ? strtol(content_len, NULL, 10) : 0;
const unsigned long len_to_send = (content_len != NULL) ? strtol(content_len, NULL, 10) : 0;
if (chunked) {
handle_chunks(ctx, &ctx->proxy->proxy, SOCK_CHUNKED, proxy_chunk_next_cb, proxy_chunk_err_cb);
return 1;
}
int ret;
long ret;
if ((ret = proxy_send(ctx->proxy, &ctx->socket, len_to_send, 0)) == -1) {
ctx->c_keep_alive = 0;
} else if (ret > 0) {
ctx->transferred_length += ret;
}
return ret;

17
src/worker/proxy_peer_handler.c Normal file
View File

@@ -0,0 +1,17 @@
/**
* sesimos - secure, simple, modern web server
* @brief Proxy peer handler
* @file src/worker/proxy_peer_handler.c
* @author Lorenz Stechauner
* @date 2023-07-07
*/
#include "func.h"
#include "../logger.h"
#include "../lib/utils.h"
void proxy_peer_handler_func(proxy_ctx_t *ctx) {
if (!ctx->initialized || ctx->in_use) return;
logger_set_prefix("[%s%*s%s]", BLD_STR, ADDRSTRLEN, ctx->host, CLR_STR);
proxy_close(ctx);
}

47
src/worker/request_handler.c
View File

@@ -49,7 +49,7 @@ static void init_ctx(client_ctx_t *ctx) {
ctx->proxy = NULL;
ctx->use_fastcgi = 0;
ctx->chunks_transferred = 0;
ctx->fcgi_cnx = NULL;
ctx->fcgi_ctx = NULL;
ctx->use_proxy = 0;
ctx->ws_close = 0;
ctx->proxy = NULL;
@@ -59,6 +59,8 @@ static void init_ctx(client_ctx_t *ctx) {
ctx->req_host[0] = 0;
ctx->err_msg[0] = 0;
ctx->req_s = ctx->socket.ts_last;
ctx->transferred_length = 0;
ctx->content_length = 0;
memset(&ctx->uri, 0, sizeof(ctx->uri));
memset(&ctx->req, 0, sizeof(ctx->req));
@@ -249,7 +251,7 @@ int respond(client_ctx_t *ctx) {
if (http_get_header_field(&res->hdr, "Accept-Ranges") == NULL) {
http_add_header_field(&res->hdr, "Accept-Ranges", "none");
}
if (!ctx->use_fastcgi && ctx->file == NULL && ctx->msg_buf == NULL) {
if (!ctx->use_fastcgi && ctx->file == NULL && ctx->msg_buf == NULL && res->status->code != 304) {
http_remove_header_field(&res->hdr, "Date", HTTP_REMOVE_ALL);
http_remove_header_field(&res->hdr, "Server", HTTP_REMOVE_ALL);
http_remove_header_field(&res->hdr, "Cache-Control", HTTP_REMOVE_ALL);
@@ -373,10 +375,48 @@ int respond(client_ctx_t *ctx) {
}
void request_complete(client_ctx_t *ctx) {
char buf[32];
char buf[64];
ctx->req_e = clock_micros();
info("Transfer complete: %s", format_duration(ctx->req_e - ctx->req_s, buf));
if (ctx->conf) {
char path[256];
sprintf(path, "/var/log/sesimos/%s.access.log", ctx->req_host);
FILE *log = fopen(path, "a");
if (log) {
struct timespec time1, time2;
clock_gettime(CLOCK_MONOTONIC, &time1);
clock_gettime(CLOCK_REALTIME, &time2);
const long diff = (time2.tv_sec - time1.tv_sec) * 1000000 + (time2.tv_nsec - time1.tv_nsec) / 1000;
struct tm time_info;
const long ts = (ctx->req_s + diff) / 1000000;
strftime(buf, sizeof(buf), "%Y-%m-%dT%H:%M:%S%z", localtime_r(&ts, &time_info));
const char *auth = http_get_header_field(&ctx->req.hdr, "Authorization");
char user[256] = {0};
if (auth != NULL && strstarts(auth, "Basic ")) {
base64_decode(auth + 6, strlen(auth) - 6, user, NULL);
char *col = strchr(user, ':');
if (col != NULL) col[0] = 0;
}
const char *ref = http_get_header_field(&ctx->req.hdr, "Referer");
const char *ua = http_get_header_field(&ctx->req.hdr, "User-Agent");
const char *loc = http_get_header_field(&ctx->res.hdr, "Location");
const char *type = http_get_header_field(&ctx->res.hdr, "Content-Type");
const long len = ctx->content_length <= 0 ? ctx->transferred_length : ctx->content_length;
fprintf(log, "%s %s %s [%s] \"%s %s HTTP/%s\" %i %li %s%s%s %s%s%s %s%s%s %s%s%s\n",
ctx->socket.addr, "-", user[0] != 0 ? user : "-", buf,
ctx->req.method, ctx->req.uri, ctx->req.version, ctx->res.status->code, len,
loc != NULL ? "\"" : "", loc != NULL ? loc : "-", loc != NULL ? "\"" : "",
type != NULL ? "\"" : "", type != NULL ? type : "-", type != NULL ? "\"" : "",
ref != NULL ? "\"" : "", ref != NULL ? ref : "-", ref != NULL ? "\"" : "",
ua != NULL ? "\"" : "", ua != NULL ? ua : "-", ua != NULL ? "\"" : "");
fclose(log);
}
errno = 0;
}
if (ctx->file) fclose(ctx->file);
free(ctx->msg_buf_ptr);
uri_free(&ctx->uri);
@@ -392,5 +432,6 @@ void timeout_request(client_ctx_t *ctx) {
ctx->res.status = http_get_status(408);
respond(ctx);
request_complete(ctx);
tcp_close(ctx);
}

33
src/worker/tcp_acceptor.c
View File

@@ -28,32 +28,6 @@ void tcp_acceptor_func(client_ctx_t *ctx) {
}
}
static int dig(const char *addr, char *host, size_t host_size) {
char buf[1024];
FILE *out;
int ret;
sprintf(buf, "dig @%s +short +time=1 -x %s", config.dns_server, addr);
if ((out = popen(buf, "r")) == NULL) {
error("Unable to start dig: %s");
return -1;
}
unsigned long read = fread(buf, 1, sizeof(buf), out);
if ((ret = pclose(out)) != 0) {
error("Dig terminated with exit code %i", ret);
return -1;
}
char *ptr = memchr(buf, '\n', read);
if (ptr == buf || ptr == NULL) return -1;
ptr[-1] = 0;
strncpy(host, buf, host_size);
return 0;
}
static int tcp_acceptor(client_ctx_t *ctx) {
struct sockaddr_in6 server_addr;
@@ -84,9 +58,7 @@ static int tcp_acceptor(client_ctx_t *ctx) {
sock *client = &ctx->socket;
ctx->cnx_s = clock_micros();
ctx->host[0] = 0;
if (config.dns_server[0] != 0)
dig(ctx->socket.addr, ctx->host, sizeof(ctx->host));
sock_reverse_lookup(&ctx->socket, ctx->host, sizeof(ctx->host));
ctx->cc[0] = 0;
geoip_lookup_country(&client->_addr.sock, ctx->cc);
@@ -95,7 +67,7 @@ static int tcp_acceptor(client_ctx_t *ctx) {
ctx->host[0] != 0 ? ctx->host : "", ctx->host[0] != 0 ? ") " : "",
ctx->cc[0] != 0 ? ctx->cc : "N/A");
if (sock_set_socket_timeout(client, 1) != 0 || sock_set_timeout(client, CLIENT_TIMEOUT) != 0) {
if (sock_set_socket_timeout(client, SOCKET_TIMEOUT) != 0 || sock_set_timeout(client, CLIENT_TIMEOUT) != 0) {
error("Unable to set timeout for socket");
return -1;
}
@@ -112,6 +84,7 @@ static int tcp_acceptor(client_ctx_t *ctx) {
return -1;
}
client->ts_last = clock_micros();
client->ts_last_send = client->ts_last;
}
ctx->req_num = 0;

26
src/worker/ws_frame_handler.c
View File

@@ -11,8 +11,10 @@
#include "../logger.h"
#include "../lib/websocket.h"
#include "../workers.h"
#include "../lib/utils.h"
#include <errno.h>
#include <string.h>
static int ws_frame_handler(ws_ctx_t *ctx);
@@ -32,15 +34,25 @@ void ws_frame_handler_func(ws_ctx_t *ctx) {
int ws_handle_connection(client_ctx_t *ctx) {
info("Upgrading to WebSocket connection");
// copy proxy connection details
proxy_ctx_t *proxy = malloc(sizeof(proxy_ctx_t));
memcpy(proxy, ctx->proxy, sizeof(proxy_ctx_t));
// free proxy connection slot
ctx->proxy->initialized = 0;
proxy_unlock_ctx(ctx->proxy);
ctx->proxy = proxy;
sock_set_timeout(&ctx->socket, WS_TIMEOUT);
sock_set_timeout(&ctx->proxy->proxy, WS_TIMEOUT);
sock_set_timeout(&proxy->proxy, WS_TIMEOUT);
ws_ctx_t *a = malloc(sizeof(ws_ctx_t));
ws_ctx_t *b = malloc(sizeof(ws_ctx_t));
a->other = b, b->other = a;
a->client = ctx, b->client = ctx;
a->socket = &ctx->socket, b->socket = &ctx->proxy->proxy;
a->socket = &ctx->socket, b->socket = &proxy->proxy;
ws_handle_frame(a);
ws_handle_frame(b);
@@ -84,10 +96,16 @@ static int ws_frame_handler(ws_ctx_t *ctx) {
void ws_close(ws_ctx_t *ctx) {
ws_ctx_t *other = ctx->other;
if (other) {
proxy_ctx_t *proxy = ctx->client->proxy;
other->other = NULL;
logger_set_prefix("[%*s]%s", ADDRSTRLEN, ctx->client->socket.s_addr, ctx->client->log_prefix);
info("Closing WebSocket connection");
proxy_close(ctx->client->proxy);
proxy->cnx_e = clock_micros();
char buf[32];
info("Closing WebSocket connection (%s)", format_duration(proxy->cnx_e - proxy->cnx_s, buf));
sock_close(&proxy->proxy);
free(ctx->client->proxy);
tcp_close(ctx->client);
}
free(ctx);

16
src/workers.c
View File

@@ -13,7 +13,7 @@
#include "async.h"
static mpmc_t tcp_acceptor_ctx, request_handler_ctx, local_handler_ctx, fastcgi_handler_ctx, proxy_handler_ctx,
ws_frame_handler_ctx, chunk_handler_ctx, fastcgi_frame_handler_ctx;
proxy_peer_handler_ctx, ws_frame_handler_ctx, chunk_handler_ctx, fastcgi_frame_handler_ctx;
int workers_init(void) {
mpmc_init(&tcp_acceptor_ctx, 8, 64, (void (*)(void *)) tcp_acceptor_func, "tcp");
@@ -21,6 +21,7 @@ int workers_init(void) {
mpmc_init(&local_handler_ctx, 8, 64, (void (*)(void *)) local_handler_func, "local");
mpmc_init(&fastcgi_handler_ctx, 8, 64, (void (*)(void *)) fastcgi_handler_func, "fcgi");
mpmc_init(&proxy_handler_ctx, 8, 64, (void (*)(void *)) proxy_handler_func, "proxy");
mpmc_init(&proxy_peer_handler_ctx, 1, 8, (void (*)(void *)) proxy_peer_handler_func, "prxy_p");
mpmc_init(&ws_frame_handler_ctx, 8, 64, (void (*)(void *)) ws_frame_handler_func, "ws");
mpmc_init(&chunk_handler_ctx, 8, 64, (void (*)(void *)) chunk_handler_func, "chunk");
mpmc_init(&fastcgi_frame_handler_ctx, 8, 64, (void (*)(void *)) fastcgi_frame_handler_func, "fcgi_f");
@@ -32,6 +33,7 @@ void workers_stop(void) {
mpmc_stop(&local_handler_ctx);
mpmc_stop(&fastcgi_handler_ctx);
mpmc_stop(&proxy_handler_ctx);
mpmc_stop(&proxy_peer_handler_ctx);
mpmc_stop(&request_handler_ctx);
mpmc_stop(&ws_frame_handler_ctx);
mpmc_stop(&chunk_handler_ctx);
@@ -43,6 +45,7 @@ void workers_destroy(void) {
mpmc_destroy(&local_handler_ctx);
mpmc_destroy(&fastcgi_handler_ctx);
mpmc_destroy(&proxy_handler_ctx);
mpmc_destroy(&proxy_peer_handler_ctx);
mpmc_destroy(&request_handler_ctx);
mpmc_destroy(&ws_frame_handler_ctx);
mpmc_destroy(&chunk_handler_ctx);
@@ -92,6 +95,17 @@ int proxy_handle(client_ctx_t *ctx) {
return mpmc_queue(&proxy_handler_ctx, ctx);
}
static int proxy_peer_handle_cb(proxy_ctx_t *ctx) {
return mpmc_queue(&proxy_peer_handler_ctx, ctx);
}
int proxy_peer_handle(proxy_ctx_t *ctx) {
return async(&ctx->proxy, ASYNC_WAIT_READ, ASYNC_IGNORE_PENDING, ctx,
(void (*)(void *)) proxy_peer_handle_cb,
(void (*)(void *)) proxy_peer_handle_cb,
(void (*)(void *)) proxy_peer_handle_cb);
}
static int ws_handle_frame_cb(ws_ctx_t *ctx) {
return mpmc_queue(&ws_frame_handler_ctx, ctx);
}

2
src/workers.h
View File

@@ -29,6 +29,8 @@ int fastcgi_handle_frame(fastcgi_ctx_t *ctx);
int proxy_handle(client_ctx_t *ctx);
int proxy_peer_handle(proxy_ctx_t *ctx);
int ws_handle_frame(ws_ctx_t *ctx);
int handle_chunk(chunk_ctx_t *ctx);