218 Commits

Author SHA1 Message Date
cf3cff0746 Reset errno after EINTR 2022-12-29 10:14:14 +01:00
b90ed61e03 Async working with connection handlers 2022-12-29 01:49:00 +01:00
dfc659dec0 Renamed logger_alive to alive 2022-12-29 00:02:33 +01:00
096aeae23b Async working (in concept) 2022-12-28 16:40:31 +01:00
cd97eca7d3 Add client_ctx_t in client_handler 2022-12-28 15:17:19 +01:00
ce658ac965 move lib/cache to cache_handler 2022-12-19 15:27:38 +01:00
dd4f768cc4 Logger and config refactor 2022-12-19 14:36:00 +01:00
45514f90ca Multi processing -> multi threading 2022-12-18 22:18:11 +01:00
44913c1e0e Refactor 2022-12-15 19:55:52 +01:00
b244f86c72 Remove unneccessary malloc in compress 2022-12-15 19:49:59 +01:00
a3c1ecc0bf Refactor uri.h 2022-12-15 17:53:49 +01:00
3227e615fe Use getopt_long 2022-12-15 11:26:40 +01:00
3ce72975b8 Remove shm from config 2022-12-15 10:43:43 +01:00
1f20c70772 Add union for sock addr 2022-12-15 10:26:28 +01:00
fabb55d94b Cleanup 2022-12-13 23:49:12 +01:00
6d473bfa49 small changes 2022-12-13 23:43:22 +01:00
8e83d6aa5f Outsource geoip 2022-12-13 23:41:29 +01:00
b422b37806 Renamed rev_proxy -> proxy 2022-12-13 20:36:21 +01:00
74c97a512f Rename logger() 2022-12-13 19:49:20 +01:00
7653c3117e Add architecture.md 2022-12-10 23:39:36 +01:00
483b386100 Remove some global variables 2022-12-10 22:44:26 +01:00
bfa9cf4fcd Add client_ctx_t 2022-12-10 22:33:30 +01:00
9ac67dbfd3 Clean up logger 2022-12-10 21:56:25 +01:00
2efe65fc74 Cleanup code 2022-12-10 21:40:41 +01:00
2937bdaded Add logger 2022-12-10 20:48:47 +01:00
782c7440b0 Websocket uuid as char array 2022-12-10 02:21:02 +01:00
88346fe722 Do not use shard object file anymore 2022-12-10 01:49:16 +01:00
0f75aeea7a Add tests for some utils 2022-12-10 01:33:16 +01:00
933aac0f09 Use OpenSSL EVP api for hashing 2022-12-09 14:27:06 +01:00
7f1299feb4 Fix rev proxy ret bug 2022-11-11 03:05:33 +01:00
8435048150 Handle fastcgit chunk return 2022-11-11 02:23:12 +01:00
206ae3264d Hopefully fix bug 2022-11-11 02:18:01 +01:00
5e050512ad Fix sock_recv return handling 2022-11-10 23:51:57 +01:00
db053121f2 Refactor Makefile 2022-11-10 20:42:24 +01:00
89a9d4b9d6 Fix chunked splicing 2022-11-10 20:21:25 +01:00
bc7c3591a2 Renamed docs/ to doc/ 2022-11-01 11:10:29 +01:00
1859c432c8 Fix chunked 2022-10-21 00:01:11 +02:00
33ec943e8b Fix Makefile 2022-10-20 23:51:06 +02:00
b30f9fa56d Implement Transfer-Encoding chunked for requests 2022-10-20 23:10:07 +02:00
90e324cf87 Remove client buffer 2022-10-20 23:00:11 +02:00
e7e1e7b18f Add debian target to Makefile 2022-10-20 22:07:51 +02:00
63b1ca5d6a Update file header comments 2022-10-20 22:03:46 +02:00
54313551fc Use (void) instead of void 2022-10-20 22:03:46 +02:00
92779e5dba Use volatile sig_atomic_t instead of int 2022-10-20 22:03:46 +02:00
100eb1597d Update Makefile to be a real Makefile 2022-10-20 22:03:46 +02:00
f4c3345445 Fix spacing 2022-10-20 22:03:16 +02:00
893316ebfa Remove debug message 2022-10-20 21:32:50 +02:00
6a511732af Add debug print for websocket 2022-08-27 17:37:54 +02:00
bb895c5bca Fix WebSocket connection close handling 2022-08-27 14:01:33 +02:00
a2f4bf57e0 Bump version to 4.6 2022-08-18 14:49:49 +02:00
635271ec50 Change default config file name 2022-08-18 14:36:31 +02:00
2b4569aabe Rename Necronda server to Sesimos 2022-08-18 14:17:12 +02:00
f361fce561 Remove second trailing new-line in websocket.c 2022-08-18 12:31:56 +02:00
c92742275a Implement WebSocket reverse proxy 2022-08-18 03:07:54 +02:00
041e4d43a7 Code style 2022-08-17 22:35:51 +02:00
170337d4d5 Do not use select() anymore 2022-08-17 22:34:01 +02:00
f0b27b3b37 Fix revproxy and fastcgi http header field merging 2022-08-17 19:11:20 +02:00
ee8aedce91 Add base64_encode() to utils 2022-08-17 12:57:07 +02:00
0648c75baa Refactor code a bit 2022-08-16 22:06:50 +02:00
b6ba58d406 Fix memory leak on location rewrite in rev_proxy 2022-08-16 21:03:50 +02:00
abe0e326cb Remove redundant compressable-mime-type 2022-08-16 20:40:55 +02:00
4fe067ed7d Remove strncpy 2022-08-16 20:16:46 +02:00
41e12d6293 Fix http_get_header_field(_len) 2022-08-16 20:08:00 +02:00
a738f1abfe Fix http parser bugs 2022-08-16 20:04:08 +02:00
b6309eec39 Update readme 2022-08-16 19:20:01 +02:00
9923a76ba7 Update readme 2022-08-16 19:15:59 +02:00
ea4cdff233 Update example.conf 2022-08-16 19:08:02 +02:00
6526b5cbcb Rename necronda-server.* to server.* 2022-08-16 19:02:28 +02:00
0119945e03 Fix header in client.h 2022-08-16 18:58:38 +02:00
3fe1fe023a Fix shared memory management on error 2022-08-16 18:52:10 +02:00
bc1c6d3498 Update http header parser 2022-08-16 18:35:03 +02:00
50bb537074 Refactor code style 2022-08-15 22:06:10 +02:00
c060ee5bb6 Add TODO 2022-07-10 21:28:00 +02:00
4062883cb3 Update rev proxy error document handling 2022-07-10 21:26:01 +02:00
e0e44e9c26 Fix reverse proxy retry issue 2022-07-08 11:37:07 +02:00
f0d8a3db4c Fix array out of bounds for reverse proxy location 2022-07-07 20:01:30 +02:00
557e176d3d Add redirection fix for reverse proxy 2022-07-07 19:36:54 +02:00
cd3bc9aa90 Implement * notation for hosts 2022-01-13 18:07:24 +01:00
6ab65abec9 Fix parsing error 2022-01-13 17:53:00 +01:00
7d6fa4682d Update version to 4.5 2022-01-13 15:39:04 +01:00
6f4cbb6e24 Update readme 2021-12-27 18:34:28 +01:00
174865b71c Fix malloc/alloca 2021-12-27 18:25:28 +01:00
4a002d6c31 Fix config file parsing 2021-12-27 17:17:17 +01:00
2a3f74e825 Increase stat_str size to 8 2021-12-27 17:16:42 +01:00
9eaa644fa1 Add SNI 2021-12-27 16:16:41 +01:00
ce91fecc80 Add image/gif to compressible mime types 2021-12-27 13:08:51 +01:00
15c160a60a Add image/vnd.microsoft.iconbinary 2021-12-06 23:33:40 +01:00
fd5e2302d4 Fix conf seg fault 2021-11-25 23:14:42 +01:00
8c13eecc51 Shorten margin statement in error doc 2021-11-25 10:08:09 +01:00
ae751925fa Fix FastCGI error code 502 -> 500 2021-11-24 23:27:27 +01:00
a1fee3d2ec Fix FastCGI compression 2021-11-21 16:31:26 +01:00
8721f07d00 Add <pre> formatting 2021-11-20 18:16:33 +01:00
81ad3fea3c Fix cache mkdir error handling 2021-11-20 16:46:47 +01:00
877ee12351 Fix msg_content 2021-11-20 14:27:19 +01:00
dfbe3bbb95 Updated warning document icon 2021-11-20 14:16:35 +01:00
6c13922f2f Add redirect document 2021-11-20 14:10:00 +01:00
171bca55fa Fixed reverse proxy timeout 2021-11-12 15:16:09 +01:00
fe0cdc9b1a rev_proxy_void working 2021-11-07 20:46:37 +01:00
930d4db2a2 EINPROGRESS also leads to 504 in rev proxy 2021-11-07 20:15:18 +01:00
b37757fc73 Add reverse proxy error documents 2021-11-07 19:48:09 +01:00
61c645eca8 Fix reverse proxy timeout 2021-10-23 16:31:54 +02:00
2fd71116ec Fix big FastCGI frames 2021-09-29 18:16:15 +02:00
495a3a6aaf Remove webroot from error documents 2021-09-29 17:45:07 +02:00
69dfc562af using return value from fastcgi_send and rev_proxy_send 2021-09-29 17:01:33 +02:00
a2383825ed Replace Script with FastCGI app 2021-09-29 16:58:38 +02:00
55f2318b57 Always use CLR_STR on end of PHP messages 2021-09-17 22:43:16 +02:00
eeb0ce7035 Changed config and cache directory from necronda-server to necronda/server 2021-09-17 22:43:08 +02:00
b5749ae991 Adjust logging width for IPv6 2021-09-17 22:43:05 +02:00
9adb4791df Added basic support for Necronda backend 2021-09-17 22:43:02 +02:00
eba916fad4 Fixed Error string in rev_proxy.c 2021-09-17 22:42:51 +02:00
ac2d17f23a Updated Makefile 2021-09-17 22:33:46 +02:00
433cc7861f Reverse proxy IPv6 and IPv4 2021-09-12 19:25:57 +02:00
52ea670d36 Better reverse proxy error messages 2021-09-12 19:24:26 +02:00
b4b5d77985 Updated PHP-FPM to 7.4 2021-09-12 18:58:05 +02:00
aebc731c4e fixed error status codes 2021-08-03 23:09:57 +02:00
4994b4375b Replace strncpy with snprintf where necessary 2021-05-11 22:10:02 +02:00
43c512dc5a Add gcc opimization 2021-05-10 18:12:08 +02:00
3f5eee236d Fix mime javascript types 2021-05-10 18:05:30 +02:00
0b157bcb74 Add Access-Control-Allow-Origin header for /.well-known/ directory 2021-05-09 12:25:39 +02:00
30b163c6fa Small fixes 2021-05-07 19:57:40 +02:00
cf2c0de697 Added Vary header 2021-05-06 20:55:44 +02:00
7aa47cac61 Fix includes 2021-05-06 20:46:17 +02:00
456deeae20 Bump version to 4.4 2021-05-05 21:58:14 +02:00
b08481818c Updated readme 2021-05-05 21:57:31 +02:00
49ad349775 Fix Content-Encoding header for FastCGI 2021-05-05 21:45:10 +02:00
2b823cabd6 ETag Content-Encoding bugfix 2021-05-05 21:37:36 +02:00
ecd4f16afe Transfer-Encoding implemented 2021-05-05 21:30:44 +02:00
45c5f20345 Preparing for transfer encoding compression 2021-05-05 20:40:23 +02:00
c42f27e961 Fix compression 2021-05-05 19:00:01 +02:00
de8ab406f6 Main executable cleanup 2021-05-05 18:46:24 +02:00
22d50ed4bd compression mode init fix 2021-05-05 18:22:50 +02:00
de44f4a3fe Cache dynamic mem 2021-05-05 18:17:57 +02:00
cc29250d76 FastCGI cleanup 2021-05-05 18:15:20 +02:00
c2f8f4c962 Unified compression interfaces 2021-05-05 18:07:12 +02:00
ff708230bd Fix FastCGI encoding (really really) 2021-05-04 23:14:35 +02:00
52ea541833 Fix FastCGI encoding (really) 2021-05-04 23:07:09 +02:00
f4bd426f3c Fix FastCGI compression 2021-05-04 22:57:44 +02:00
ffbbcc6490 Fix makefile 2021-05-04 22:47:37 +02:00
80986325ce Added brotli compression 2021-05-04 22:32:21 +02:00
10d405e745 Cache PID refactor 2021-05-03 21:04:52 +02:00
28f163f97a Added DEBIAN_OPTS 2021-05-03 20:48:16 +02:00
a8914aa981 Fixed tabs in docs/example.conf 2021-05-03 20:41:19 +02:00
2ada22481d Added docs/ 2021-05-03 20:40:17 +02:00
17b25a3596 Added description 2021-05-03 20:39:01 +02:00
d130474989 Refactor for shared library use 2021-05-03 20:10:23 +02:00
8dea0cd3fc Fixed if indents 2021-05-02 18:12:16 +02:00
0406cad0d8 Added mime_is_compressible 2021-05-02 18:08:57 +02:00
21b7ab585a Allow header only on 405 response 2021-05-02 16:05:02 +02:00
7587e15749 Added support for TRACE method 2021-04-29 22:21:53 +02:00
1b44752f91 Changed icon order in default document 2021-03-19 18:13:00 +01:00
5eeb9ef3c1 Http document alternate icon 2021-03-19 18:10:18 +01:00
dd15b9d906 Http and proxy refactor 2021-03-19 17:55:52 +01:00
12922a0661 Updated version string to 4.3 2021-03-18 20:37:07 +01:00
c0799101b1 Removed TODO escape IPv6 addresses 2021-03-18 20:32:09 +01:00
c1d076db04 Refactor code to avoid warnings 2021-03-18 20:27:45 +01:00
10464f3f30 Added Reverse Proxy Header Support 2021-03-18 19:56:50 +01:00
63781472fa Bugfix for config post processing 2021-03-16 22:07:19 +01:00
81931d287d Cache debug messages improvements 2021-03-16 21:57:33 +01:00
531ddb4880 Caching debug messages 2021-03-16 21:54:49 +01:00
e0d8ab31d5 Improved cache idle performance 2021-03-16 20:22:36 +01:00
3a36d54e9d Added standard favicon /favicon.ico to error document 2021-03-16 19:27:03 +01:00
33d9aa3a5d Date header field fix 2021-03-16 19:15:26 +01:00
f4d30206b0 Fix hidden paths 2021-03-11 22:09:32 +01:00
5b094ba98d Hidden paths -> 403 2021-03-11 22:05:38 +01:00
f60cdc8228 Added TODO for 3xx Redirects 2021-03-11 20:30:03 +01:00
ab1c4d6fd4 Changed 203 -> 404 2021-03-11 20:25:07 +01:00
26d54e9968 Added error documents and 203 response if webroot does not exist 2021-03-11 20:19:14 +01:00
b6c7d8f58e URL UTF-8 Bugfix 2021-01-24 21:20:48 +01:00
53fcceeafb Add FIXME 2021-01-17 18:10:50 +01:00
96567909db FastCGI error bugfix 2021-01-17 18:06:03 +01:00
4b3c067a75 Fix includes 2021-01-17 17:56:16 +01:00
77b80ca67b Bugfix splice 2021-01-13 21:21:24 +01:00
70e76d8783 Error doc update 2 2021-01-10 12:22:48 +01:00
6b1bc54cf3 Error doc update 2021-01-10 12:18:44 +01:00
e1edb48a3c Redirect to https even on reverse proxy 2021-01-09 12:57:24 +01:00
dc5d1bebcc Add TODO for access/error log file 2021-01-09 12:39:55 +01:00
7b562c4b78 Reverse proxy printing debug message always 2021-01-09 11:50:44 +01:00
413ab2aa5b Reverse proxy bugfix 2021-01-08 21:43:39 +01:00
68315b9765 Update version string to 4.2 2021-01-08 20:16:25 +01:00
820a232a96 Sending X-Forwarded-For 2021-01-08 19:59:18 +01:00
b676388018 Bugfix for proxy 2021-01-08 19:45:41 +01:00
debac11f90 Trying proxy more often 2021-01-08 17:52:35 +01:00
9297788cdf Added TODOs 2021-01-07 22:51:02 +01:00
e61d16fb41 Hopefully bugfix 2021-01-07 22:35:49 +01:00
ebf3258092 Bugfix? 2021-01-07 22:26:01 +01:00
59d0c485fd Add version in welcome string 2021-01-07 22:13:15 +01:00
c90df2397f Removed debug message 2021-01-07 22:12:27 +01:00
c4eb6709cf Changed buffer mode for stdout 2021-01-07 22:11:27 +01:00
a73cbac7a1 Bugfix for sending files 2021-01-07 22:03:11 +01:00
95946b1666 Reverse proxy working 2021-01-07 21:58:45 +01:00
785ab31890 Added custom status 2021-01-07 18:28:51 +01:00
5481d314c9 Error document update 2 2021-01-07 18:00:32 +01:00
5986f39802 Error document update 2021-01-07 17:58:08 +01:00
a972340209 Add custom status todos 2021-01-07 17:53:55 +01:00
e6dd8b84f9 Error document style update 2021-01-07 17:53:38 +01:00
c3942b3382 Bugfix 2 2021-01-06 23:38:28 +01:00
fde2b7aabb Bugfix reverse proxy 2021-01-06 23:34:18 +01:00
d0be587a36 Bugfix 2021-01-06 23:29:45 +01:00
351568004f Add reverse proxy 2021-01-06 23:24:47 +01:00
be757add02 Bugfix URI 2021-01-06 19:19:06 +01:00
037c150868 enhanced reverse proxy message 2021-01-06 19:17:25 +01:00
576d0a0dba Dig error as print 2021-01-06 19:15:20 +01:00
ee6f9115a8 client refactor 2021-01-06 19:10:06 +01:00
6bbf79245b Report status on not local mode 2021-01-06 18:45:38 +01:00
080d729f31 Add config file 2021-01-06 15:49:52 +01:00
2f6ba62715 Small http err doc fix 2021-01-05 23:14:36 +01:00
4d4d94fc81 Add config.c and config.h 2021-01-05 23:01:38 +01:00
55028bd9cd HTTP error document update 2021-01-05 23:01:04 +01:00
8b0eb45854 Handling IPv6 addresses as Host field 2021-01-05 19:45:00 +01:00
df49236130 Preventing double slashes 2021-01-04 20:56:05 +01:00
c7ca62a7e9 Add TODO for double slashes 2021-01-03 22:18:30 +01:00
5d01f7e219 Error document style update 2021-01-03 16:21:42 +01:00
ceb0167742 Small Code Refactor 2021-01-01 22:40:01 +01:00
8fa9f2528f Bugfix dir mode 3 2021-01-01 22:36:31 +01:00
2e16fdee96 Bugfix dir mode 2 2021-01-01 22:32:59 +01:00
f9b7e83ac8 Bugfix dir mode 2021-01-01 22:28:53 +01:00
9b9ddbb913 Add get_dir_mode 2021-01-01 22:17:30 +01:00
566ac0ca93 Update of Default error doc 2021-01-01 21:44:34 +01:00
61 changed files with 6016 additions and 2235 deletions

7
.gitignore vendored
View File

@@ -1,7 +1,10 @@
*
!src
!src/**
!run.sh
!doc
!doc/**
!test
!test/**
!Makefile
!.gitignore
!README.md
!*.md

114
Makefile
View File

@@ -1,19 +1,103 @@
.DEFAULT_GOAL := install
packages:
@echo "Installing packages..."
sudo apt-get install gcc libmagic-dev libssl-dev php-fpm
@echo "Finished downloading!"
CC=gcc
CFLAGS=-std=gnu11 -Wno-unused-but-set-variable -D_DEFAULT_SOURCE -D_BSD_SOURCE -D_SVID_SOURCE -D_POSIX_C_SOURCE=200809L
LDFLAGS=-lssl -lcrypto -lmagic -lz -lmaxminddb -lbrotlienc
compile:
@mkdir -p bin
gcc src/necronda-server.c -o bin/necronda-server -std=c11 -lssl -lcrypto -lmagic -lz -lmaxminddb
DEBIAN_OPTS=-D CACHE_MAGIC_FILE="\"/usr/share/file/magic.mgc\"" -D PHP_FPM_SOCKET="\"/var/run/php/php7.4-fpm.sock\""
compile-debian:
@mkdir -p bin
gcc src/necronda-server.c -o bin/necronda-server -std=c11 -lssl -lcrypto -lmagic -lz -lmaxminddb \
-D MAGIC_FILE="\"/usr/share/file/magic.mgc\"" \
-D PHP_FPM_SOCKET="\"/var/run/php/php7.3-fpm.sock\""
.PHONY: all prod debug default debian permit clean test
all: prod
default: bin bin/lib bin/worker bin/sesimos
install: | packages compile
@echo "Finished!"
prod: CFLAGS += -O3
prod: default
debug: CFLAGS += -Wall -pedantic
debug: default
debian: CFLAGS += $(DEBIAN_OPTS)
debian: prod
test: CFLAGS += -include test/mock_*.h
test: bin bin/test
bin/test
bin:
mkdir -p bin
bin/lib:
mkdir -p bin/lib
bin/worker:
mkdir -p bin/worker
bin/test: test/mock_*.c test/test_*.c src/lib/utils.c src/lib/sock.c
$(CC) -o $@ $(CFLAGS) $^ -lcriterion
bin/%.o: src/%.c
$(CC) -c -o $@ $(CFLAGS) $<
bin/lib/%.o: src/lib/%.c
$(CC) -c -o $@ $(CFLAGS) $<
bin/worker/%.o: src/worker/%.c
$(CC) -c -o $@ $(CFLAGS) $<
bin/sesimos: bin/server.o bin/client.o bin/logger.o bin/cache_handler.o bin/async.o \
bin/worker/request_handler.o bin/worker/tcp_acceptor.o bin/worker/tcp_closer.o \
bin/lib/compress.o bin/lib/config.o bin/lib/fastcgi.o bin/lib/geoip.o \
bin/lib/http.o bin/lib/http_static.o bin/lib/proxy.o bin/lib/sock.o bin/lib/uri.o \
bin/lib/utils.o bin/lib/websocket.o bin/lib/mpmc.o
$(CC) -o $@ $^ $(CFLAGS) $(LDFLAGS)
bin/server.o: src/server.h src/defs.h src/client.h src/cache_handler.h src/lib/config.h src/lib/sock.h \
src/lib/proxy.h src/lib/geoip.h src/lib/utils.h src/logger.h
bin/client.o: src/client.h src/defs.h src/server.h src/lib/utils.h src/lib/config.h src/lib/sock.h \
src/lib/http.h src/lib/proxy.h src/lib/fastcgi.h src/cache_handler.h src/lib/geoip.h src/lib/compress.h \
src/lib/websocket.h src/logger.h
bin/logger.o: src/logger.h
bin/cache_handler.o: src/cache_handler.h src/lib/utils.h src/lib/uri.h src/lib/compress.h src/logger.h
bin/async.o: src/async.h src/logger.h
bin/worker/request_handler.o: src/worker/request_handler.h
bin/worker/tcp_acceptor.o: src/worker/tcp_acceptor.h
bin/worker/tcp_closer.o: src/worker/tcp_closer.h
bin/lib/compress.o: src/lib/compress.h
bin/lib/config.o: src/lib/config.h src/lib/utils.h src/lib/uri.h src/logger.h
bin/lib/fastcgi.o: src/lib/fastcgi.h src/server.h src/lib/utils.h src/lib/compress.h src/lib/http.h \
src/lib/uri.h src/lib/include/fastcgi.h src/logger.h
bin/lib/geoip.o: src/lib/geoip.h
bin/lib/http.o: src/lib/http.h src/lib/utils.h src/lib/compress.h src/lib/sock.h src/logger.h
bin/lib/mpmc.o: src/lib/mpmc.h src/logger.h
bin/lib/proxy.o: src/lib/proxy.h src/defs.h src/server.h src/lib/compress.h src/logger.h
bin/lib/sock.o: src/lib/sock.h
bin/lib/uri.o: src/lib/uri.h src/lib/utils.h
bin/lib/utils.o: src/lib/utils.h
bin/lib/websocket.o: src/lib/websocket.h src/defs.h src/lib/utils.h src/lib/sock.h src/logger.h
permit:
sudo setcap 'cap_net_bind_service=+ep' "$(shell pwd)/bin/sesimos"
clean:
rm -rf bin/*

View File

@@ -1,2 +1,50 @@
# Necronda web server
Sesimos Secure, simple, modern web server
===========================================
## Features
* Full IPv4 and IPv6 support
* TLS Server Name Inspection (SNI)
* Serving local files via HTTP and HTTPS
* File compression ([gzip](https://www.gzip.org/), [Brotli](https://www.brotli.org/))
* Disk cache for compressed files
* Reverse proxy for other HTTP and HTTPS servers
* Transparent WebSocket reverse proxy
* FastCGI support (e.g. [PHP-FPM](https://php-fpm.org/))
* Automatic path info detection (e.g. `/my/file/extra/path` -> script: `/my/file.php`, path info: `extra/path`)
* Support for [MaxMind's GeoIP Database](https://www.maxmind.com/en/geoip2-services-and-databases)
* Optional DNS reverse lookup for connecting hosts
* Automatic URL rewrite (e.g. `/index.html` -> `/`, `/test.php` -> `/test`)
* Modern looking and responsive error documents
## Configuration
See [doc/example.conf](doc/example.conf) for more details.
### Global directives
* `geoip_dir` (optional) - path to a directory containing GeoIP databases
* `dns_server` (optional) - address of a DNS server
### Configuration
* `[cert <cert-name>]` - begins section for a certificate
* `certificate` - path to SSL certificate (or certificate chain)
* `private_key` - path to SSL private key
* `[host <host>]` - begins section for the virtual host `<host>`
* `cert` - the name of the certificate to use
* Local
* `webroot` - path to the root directory
* `dir_mode` - specify the behaviour for directories without an `index.html` or `index.php`
* `forbidden` - the server will respond with `403 Forbidden`
* `info` - try passing *path info* to an upper `.php` file.
* `list` - list contents of directory (**not implemented yet**)
* Reverse proxy
* `hostname` - hostname of server to be reverse proxy of
* `port` - port to be used
* `http` - use HTTP to communicate with server
* `https` - use HTTPS to communicate with server

22
architecture.md Normal file
View File

@@ -0,0 +1,22 @@
# Architecture
* logger (1)
* listener (2) - 80, 443
* cache_handler (1)
* connection_initializer
* request_handler
* local_handler
* proxy_handler
* ws_handler
* fastcgi_handler
* -> logger
* main -> listener
* listener -> connection_handler
* connection_initializer -> request_handler
* request_handler -> local_handler -> request_handler
* local_handler -> fastcgi_handler -> request_handler
* request_handler -> rp_handler -> request_handler
* proxy_handler -> ws_handler -> request_handler

24
doc/example.conf Normal file
View File

@@ -0,0 +1,24 @@
#geoip_dir /var/dir
#dns_server 192.168.0.1
[cert cert1]
certificate /var/cert/cert.pem
private_key /var/cert/cert.key
[host localhost]
webroot /var/www/localhost
dir_mode forbidden
cert cert1
[host me.local]
hostname www.example.com
port 80
cert cert1
http
[host secure.local]
hostname www.example.com
port 443
cert cert1
https

6
run.sh
View File

@@ -1,6 +0,0 @@
#!/bin/bash
echo "-- Building and starting Necronda Server..."
make compile && \
echo "-- Successfully finished compiling!" && \
echo "-- Starting Server..." && \
./bin/necronda-server $@

113
src/async.c Normal file
View File

@@ -0,0 +1,113 @@
/**
* Sesimos - secure, simple, modern web server
* @brief Async handler
* @file src/async.c
* @author Lorenz Stechauner
* @date 2022-12-28
*/
#include "async.h"
#include "logger.h"
#include <poll.h>
#include <signal.h>
#include <errno.h>
#include <memory.h>
#include <pthread.h>
typedef struct {
int fd;
short events;
int flags;
void (*cb)(void *);
void *arg;
void (*err_cb)(void *);
void *err_arg;
} evt_listen_t;
typedef struct {
int n;
evt_listen_t q[256];
} listen_queue_t;
static listen_queue_t listen1, listen2, *listen = &listen1;
static volatile sig_atomic_t alive = 1;
static pthread_t thread = -1;
static int async_add_to_queue(evt_listen_t *evt) {
// TODO locking
memcpy(&listen->q[listen->n++], evt, sizeof(*evt));
if (thread != -1) pthread_kill(thread, SIGUSR1);
return 0;
}
int async(int fd, short events, int flags, void cb(void *), void *arg, void err_cb(void *), void *err_arg) {
evt_listen_t evt = {
.fd = fd,
.events = events,
.flags = flags,
.cb = cb,
.arg = arg,
.err_cb = err_cb,
.err_arg = err_arg,
};
return async_add_to_queue(&evt);
}
void async_thread(void) {
int num_fds;
struct pollfd fds[256]; // TODO dynamic
thread = pthread_self();
// main event loop
while (alive) {
// swap listen queue
listen_queue_t *l = listen;
listen = (listen == &listen1) ? &listen2 : &listen1;
// fill fds with newly added queue entries
for (num_fds = 0; num_fds < l->n; num_fds++) {
fds[num_fds].fd = l->q[num_fds].fd;
fds[num_fds].events = l->q[num_fds].events;
}
if (poll(fds, num_fds, -1) < 0) {
if (errno == EINTR) {
// interrupt
errno = 0;
} else {
// other error
critical("Unable to poll for events");
return;
}
}
for (int i = 0; i < num_fds; i++) {
evt_listen_t *e = &l->q[i];
if (fds[i].revents & e->events) {
// specified event(s) occurred
e->cb(e->arg);
if (e->flags & ASYNC_KEEP)
async_add_to_queue(e);
} else if (fds[i].revents & (POLLERR | POLLHUP | POLLNVAL)) {
// error occurred
e->err_cb(e->err_arg);
} else {
// no event occurred
async_add_to_queue(e);
}
// reset errno to prevent strange behaviour
errno = 0;
}
// reset size of queue
l->n = 0;
}
}
void async_stop(void) {
alive = 0;
}

22
src/async.h Normal file
View File

@@ -0,0 +1,22 @@
/**
* Sesimos - secure, simple, modern web server
* @brief Async handler (header file)
* @file src/async.h
* @author Lorenz Stechauner
* @date 2022-12-28
*/
#ifndef SESIMOS_ASYNC_H
#define SESIMOS_ASYNC_H
#include <poll.h>
#define ASYNC_KEEP 1
int async(int fd, short events, int flags, void cb(void *), void *arg, void err_cb(void *), void *err_arg);
void async_thread(void);
void async_stop(void);
#endif //SESIMOS_ASYNC_H

View File

@@ -1,327 +0,0 @@
/**
* Necronda Web Server
* File cache implementation
* src/cache.c
* Lorenz Stechauner, 2020-12-19
*/
#include <zlib.h>
#include "cache.h"
#include "uri.h"
int magic_init() {
magic = magic_open(MAGIC_MIME);
if (magic == NULL) {
fprintf(stderr, ERR_STR "Unable to open magic cookie: %s" CLR_STR "\n", strerror(errno));
return -1;
}
if (magic_load(magic, MAGIC_FILE) != 0) {
fprintf(stderr, ERR_STR "Unable to load magic cookie: %s" CLR_STR "\n", magic_error(magic));
return -2;
}
return 0;
}
void cache_process_term() {
cache_continue = 0;
}
int cache_process() {
signal(SIGINT, cache_process_term);
signal(SIGTERM, cache_process_term);
int shm_id = shmget(SHM_KEY, FILE_CACHE_SIZE * sizeof(cache_entry), 0);
if (shm_id < 0) {
fprintf(stderr, ERR_STR "Unable to create shared memory: %s" CLR_STR "\n", strerror(errno));
return -1;
}
shmdt(cache);
void *shm_rw = shmat(shm_id, NULL, 0);
if (shm_rw == (void *) -1) {
fprintf(stderr, ERR_STR "Unable to attach shared memory (rw): %s" CLR_STR "\n", strerror(errno));
return -2;
}
cache = shm_rw;
if (mkdir("/var/necronda-server/", 0755) < 0) {
if (errno != EEXIST) {
fprintf(stderr, ERR_STR "Unable to create directory '/var/necronda-server/': %s" CLR_STR "\n", strerror(errno));
return -3;
}
}
FILE *cache_file = fopen("/var/necronda-server/cache", "rb");
if (cache_file != NULL) {
fread(cache, sizeof(cache_entry), FILE_CACHE_SIZE, cache_file);
fclose(cache_file);
}
for (int i = 0; i < FILE_CACHE_SIZE; i++) {
cache[i].is_updating = 0;
}
FILE *file;
char buf[16384];
char comp_buf[16384];
char filename_comp[256];
unsigned long read;
int compress;
SHA_CTX ctx;
unsigned char hash[SHA_DIGEST_LENGTH];
while (cache_continue) {
for (int i = 0; i < FILE_CACHE_SIZE; i++) {
if (cache[i].filename[0] != 0 && cache[i].meta.etag[0] == 0 && !cache[i].is_updating) {
cache[i].is_updating = 1;
SHA1_Init(&ctx);
file = fopen(cache[i].filename, "rb");
compress = strncmp(cache[i].meta.type, "text/", 5) == 0 ||
(strncmp(cache[i].meta.type, "application/", 12) == 0 &&
strstr(cache[i].meta.type, "+xml") != NULL);
int level = NECRONDA_ZLIB_LEVEL;
z_stream strm;
FILE *comp_file = NULL;
if (compress) {
sprintf(buf, "%.*s/.necronda-server", cache[i].webroot_len, cache[i].filename);
mkdir(buf, 0755);
sprintf(buf, "%.*s/.necronda-server/cache", cache[i].webroot_len, cache[i].filename);
mkdir(buf, 0700);
char *rel_path = cache[i].filename + cache[i].webroot_len + 1;
for (int j = 0; j < strlen(rel_path); j++) {
char ch = rel_path[j];
if (ch == '/') {
ch = '_';
}
buf[j] = ch;
}
buf[strlen(rel_path)] = 0;
sprintf(filename_comp, "%.*s/.necronda-server/cache/%s.z", cache[i].webroot_len, cache[i].filename, buf);
comp_file = fopen(filename_comp, "wb");
if (comp_file == NULL) {
compress = 0;
fprintf(stderr, ERR_STR "Unable to open cache file: %s" CLR_STR "\n", strerror(errno));
} else {
strm.zalloc = Z_NULL;
strm.zfree = Z_NULL;
strm.opaque = Z_NULL;
if (deflateInit(&strm, level) != Z_OK) {
fprintf(stderr, ERR_STR "Unable to init deflate: %s" CLR_STR "\n", strerror(errno));
compress = 0;
fclose(comp_file);
}
}
}
while ((read = fread(buf, 1, sizeof(buf), file)) > 0) {
SHA1_Update(&ctx, buf, read);
if (compress) {
strm.avail_in = read;
strm.next_in = (unsigned char *) buf;
do {
strm.avail_out = sizeof(comp_buf);
strm.next_out = (unsigned char *) comp_buf;
deflate(&strm, feof(file) ? Z_FINISH : Z_NO_FLUSH);
fwrite(comp_buf, 1, sizeof(comp_buf) - strm.avail_out, comp_file);
strm.avail_in = 0;
} while (strm.avail_out == 0);
}
}
if (compress) {
deflateEnd(&strm);
fclose(comp_file);
strcpy(cache[i].meta.filename_comp, filename_comp);
} else {
memset(cache[i].meta.filename_comp, 0, sizeof(cache[i].meta.filename_comp));
}
SHA1_Final(hash, &ctx);
memset(cache[i].meta.etag, 0, sizeof(cache[i].meta.etag));
for (int j = 0; j < SHA_DIGEST_LENGTH; j++) {
sprintf(cache[i].meta.etag + j * 2, "%02x", hash[j]);
}
fclose(file);
cache[i].is_updating = 0;
}
}
cache_file = fopen("/var/necronda-server/cache", "wb");
fwrite(cache, sizeof(cache_entry), FILE_CACHE_SIZE , cache_file);
fclose(cache_file);
sleep(1);
}
return 0;
}
int cache_init() {
if (magic_init() != 0) {
return -1;
}
int shm_id = shmget(SHM_KEY, FILE_CACHE_SIZE * sizeof(cache_entry), IPC_CREAT | IPC_EXCL | 0600);
if (shm_id < 0) {
fprintf(stderr, ERR_STR "Unable to create shared memory: %s" CLR_STR "\n", strerror(errno));
return -2;
}
void *shm = shmat(shm_id, NULL, SHM_RDONLY);
if (shm == (void *) -1) {
fprintf(stderr, ERR_STR "Unable to attach shared memory (ro): %s" CLR_STR "\n", strerror(errno));
return -3;
}
cache = shm;
void *shm_rw = shmat(shm_id, NULL, 0);
if (shm_rw == (void *) -1) {
fprintf(stderr, ERR_STR "Unable to attach shared memory (rw): %s" CLR_STR "\n", strerror(errno));
return -4;
}
cache = shm_rw;
memset(cache, 0, FILE_CACHE_SIZE * sizeof(cache_entry));
shmdt(shm_rw);
cache = shm;
pid_t pid = fork();
if (pid == 0) {
// child
if (cache_process() == 0) {
return 1;
} else {
return -6;
}
} else if (pid > 0) {
// parent
fprintf(stderr, "Started child process with PID %i as cache-updater\n", pid);
children[0] = pid;
} else {
fprintf(stderr, ERR_STR "Unable to create child process: %s" CLR_STR "\n", strerror(errno));
return -5;
}
return 0;
}
int cache_unload() {
int shm_id = shmget(SHM_KEY, 0, 0);
if (shm_id < 0) {
fprintf(stderr, ERR_STR "Unable to create shared memory: %s" CLR_STR "\n", strerror(errno));
} else if (shmctl(shm_id, IPC_RMID, NULL) < 0) {
fprintf(stderr, ERR_STR "Unable to configure shared memory: %s" CLR_STR "\n", strerror(errno));
}
shmdt(cache);
return 0;
}
int cache_update_entry(int entry_num, const char *filename, const char *webroot) {
void *cache_ro = cache;
int shm_id = shmget(SHM_KEY, 0, 0);
void *shm_rw = shmat(shm_id, NULL, 0);
if (shm_rw == (void *) -1) {
print(ERR_STR "Unable to attach shared memory (rw): %s" CLR_STR, strerror(errno));
return -1;
}
cache = shm_rw;
struct stat statbuf;
stat(filename, &statbuf);
memcpy(&cache[entry_num].meta.stat, &statbuf, sizeof(statbuf));
cache[entry_num].webroot_len = (unsigned char) strlen(webroot);
strcpy(cache[entry_num].filename, filename);
magic_setflags(magic, MAGIC_MIME_TYPE);
const char *type = magic_file(magic, filename);
char type_new[24];
sprintf(type_new, "%s", type);
if (strcmp(type, "text/plain") == 0) {
if (strcmp(filename + strlen(filename) - 4, ".css") == 0) {
sprintf(type_new, "text/css");
} else if (strcmp(filename + strlen(filename) - 3, ".js") == 0) {
sprintf(type_new, "text/javascript");
}
}
strcpy(cache[entry_num].meta.type, type_new);
magic_setflags(magic, MAGIC_MIME_ENCODING);
strcpy(cache[entry_num].meta.charset, magic_file(magic, filename));
memset(cache[entry_num].meta.etag, 0, sizeof(cache[entry_num].meta.etag));
memset(cache[entry_num].meta.filename_comp, 0, sizeof(cache[entry_num].meta.filename_comp));
cache[entry_num].is_updating = 0;
shmdt(shm_rw);
cache = cache_ro;
return 0;
}
int cache_filename_comp_invalid(const char *filename) {
void *cache_ro = cache;
int shm_id = shmget(SHM_KEY, 0, 0);
void *shm_rw = shmat(shm_id, NULL, 0);
if (shm_rw == (void *) -1) {
print(ERR_STR "Unable to attach shared memory (rw): %s" CLR_STR, strerror(errno));
return -1;
}
cache = shm_rw;
int i;
for (i = 0; i < FILE_CACHE_SIZE; i++) {
if (cache[i].filename[0] != 0 && strlen(cache[i].filename) == strlen(filename) &&
strcmp(cache[i].filename, filename) == 0) {
if (cache[i].is_updating) {
return 0;
} else {
break;
}
}
}
memset(cache[i].meta.etag, 0, sizeof(cache[i].meta.etag));
memset(cache[i].meta.filename_comp, 0, sizeof(cache[i].meta.filename_comp));
cache[i].is_updating = 0;
shmdt(shm_rw);
cache = cache_ro;
return 0;
}
int uri_cache_init(http_uri *uri) {
if (uri->filename == NULL) {
return 0;
}
int i;
for (i = 0; i < FILE_CACHE_SIZE; i++) {
if (cache[i].filename[0] != 0 && strlen(cache[i].filename) == strlen(uri->filename) &&
strcmp(cache[i].filename, uri->filename) == 0) {
uri->meta = &cache[i].meta;
if (cache[i].is_updating) {
return 0;
} else {
break;
}
}
}
if (uri->meta == NULL) {
for (i = 0; i < FILE_CACHE_SIZE; i++) {
if (cache[i].filename[0] == 0) {
if (cache_update_entry(i, uri->filename, uri->webroot) != 0) {
return -1;
}
uri->meta = &cache[i].meta;
break;
}
}
} else {
struct stat statbuf;
stat(uri->filename, &statbuf);
if (memcmp(&uri->meta->stat.st_mtime, &statbuf.st_mtime, sizeof(statbuf.st_mtime)) != 0) {
if (cache_update_entry(i, uri->filename, uri->webroot) != 0) {
return -1;
}
}
}
return 0;
}

View File

@@ -1,45 +0,0 @@
/**
* Necronda Web Server
* File cache implementation (header file)
* src/cache.h
* Lorenz Stechauner, 2020-12-19
*/
#ifndef NECRONDA_SERVER_CACHE_H
#define NECRONDA_SERVER_CACHE_H
#include <magic.h>
#include <sys/ipc.h>
#include <sys/shm.h>
#include "uri.h"
magic_t magic;
typedef struct {
char filename[256];
unsigned char webroot_len;
unsigned char is_updating:1;
meta_data meta;
} cache_entry;
cache_entry *cache;
int cache_continue = 1;
int magic_init();
void cache_process_term();
int cache_process();
int cache_init();
int cache_unload();
int cache_update_entry(int entry_num, const char *filename, const char *webroot);
int cache_filename_comp_invalid(const char *filename);
int uri_cache_init(http_uri *uri);
#endif //NECRONDA_SERVER_CACHE_H

390
src/cache_handler.c Normal file
View File

@@ -0,0 +1,390 @@
/**
* sesimos - secure, simple, modern web server
* @brief File cache implementation
* @file src/cache_handler.c
* @author Lorenz Stechauner
* @date 2020-12-19
*/
#include "server.h"
#include "logger.h"
#include "cache_handler.h"
#include "lib/utils.h"
#include "lib/compress.h"
#include "lib/config.h"
#include <stdio.h>
#include <magic.h>
#include <string.h>
#include <errno.h>
#include <openssl/evp.h>
#include <sys/mman.h>
#include <fcntl.h>
#include <semaphore.h>
#define CACHE_BUF_SIZE 16
static magic_t magic;
static pthread_t thread;
static sem_t sem_free, sem_used, sem_lock;
typedef struct {
int rd;
int wr;
cache_entry_t *msgs[CACHE_BUF_SIZE];
} buf_t;
static buf_t buffer;
static int magic_init(void) {
if ((magic = magic_open(MAGIC_MIME)) == NULL) {
critical("Unable to open magic cookie");
return 1;
}
if (magic_load(magic, CACHE_MAGIC_FILE) != 0) {
critical("Unable to load magic cookie: %s", magic_error(magic));
return 1;
}
return 0;
}
static void cache_free(void) {
for (int i = 0; i < CONFIG_MAX_HOST_CONFIG; i++) {
host_config_t *hc = &config.hosts[i];
if (hc->type == CONFIG_TYPE_UNSET) break;
if (hc->type != CONFIG_TYPE_LOCAL) continue;
munmap(hc->cache, sizeof(cache_t));
}
}
static cache_entry_t *cache_get_entry(cache_t *cache, const char *filename) {
// search entry
cache_entry_t *entry;
for (int i = 0; i < CACHE_ENTRIES; i++) {
entry = &cache->entries[i];
if (entry->filename[0] == 0) break;
if (strcmp(entry->filename, filename) == 0) {
// found
return entry;
}
}
// not found
return NULL;
}
static cache_entry_t *cache_get_new_entry(cache_t *cache) {
// search empty slot
cache_entry_t *entry;
for (int i = 0; i < CACHE_ENTRIES; i++) {
entry = &cache->entries[i];
if (entry->filename[0] == 0)
return entry;
}
// not found
return NULL;
}
static void cache_process_entry(cache_entry_t *entry) {
char buf[16384], comp_buf[16384], filename_comp_gz[256], filename_comp_br[256];
info("Hashing file %s", entry->filename);
EVP_MD_CTX *ctx = EVP_MD_CTX_new();
EVP_DigestInit(ctx, EVP_sha1());
FILE *file = fopen(entry->filename, "rb");
int compress = mime_is_compressible(entry->meta.type);
compress_ctx comp_ctx;
FILE *comp_file_gz = NULL, *comp_file_br = NULL;
if (compress) {
sprintf(buf, "%.*s/.sesimos", entry->webroot_len, entry->filename);
if (mkdir(buf, 0755) != 0 && errno != EEXIST) {
error("Unable to create directory %s", buf);
goto comp_err;
}
sprintf(buf, "%.*s/.sesimos/cache", entry->webroot_len, entry->filename);
if (mkdir(buf, 0700) != 0 && errno != EEXIST) {
error("Unable to create directory %s", buf);
goto comp_err;
}
errno = 0;
char *rel_path = entry->filename + entry->webroot_len + 1;
for (int j = 0; j < strlen(rel_path); j++) {
char ch = rel_path[j];
if (ch == '/') ch = '_';
buf[j] = ch;
}
buf[strlen(rel_path)] = 0;
int p_len_gz = snprintf(filename_comp_gz, sizeof(filename_comp_gz),
"%.*s/.sesimos/cache/%s.gz",
entry->webroot_len, entry->filename, buf);
int p_len_br = snprintf(filename_comp_br, sizeof(filename_comp_br),
"%.*s/.sesimos/cache/%s.br",
entry->webroot_len, entry->filename, buf);
if (p_len_gz < 0 || p_len_gz >= sizeof(filename_comp_gz) || p_len_br < 0 || p_len_br >= sizeof(filename_comp_br)) {
error("Unable to open cached file: File name for compressed file too long");
goto comp_err;
}
info("Compressing file %s", entry->filename);
comp_file_gz = fopen(filename_comp_gz, "wb");
comp_file_br = fopen(filename_comp_br, "wb");
if (comp_file_gz == NULL || comp_file_br == NULL) {
error("Unable to open cached file");
comp_err:
compress = 0;
} else {
if ((compress_init(&comp_ctx, COMPRESS_GZ | COMPRESS_BR)) != 0) {
error("Unable to init compression");
compress = 0;
fclose(comp_file_gz);
fclose(comp_file_br);
}
}
}
unsigned long read;
while ((read = fread(buf, 1, sizeof(buf), file)) > 0) {
EVP_DigestUpdate(ctx, buf, read);
if (compress) {
unsigned long avail_in, avail_out;
avail_in = read;
do {
avail_out = sizeof(comp_buf);
compress_compress_mode(&comp_ctx, COMPRESS_GZ, buf + read - avail_in, &avail_in, comp_buf, &avail_out, feof(file));
fwrite(comp_buf, 1, sizeof(comp_buf) - avail_out, comp_file_gz);
} while (avail_in != 0 || avail_out != sizeof(comp_buf));
avail_in = read;
do {
avail_out = sizeof(comp_buf);
compress_compress_mode(&comp_ctx, COMPRESS_BR, buf + read - avail_in, &avail_in, comp_buf, &avail_out, feof(file));
fwrite(comp_buf, 1, sizeof(comp_buf) - avail_out, comp_file_br);
} while (avail_in != 0 || avail_out != sizeof(comp_buf));
}
}
if (compress) {
compress_free(&comp_ctx);
fclose(comp_file_gz);
fclose(comp_file_br);
info("Finished compressing file %s", entry->filename);
strcpy(entry->meta.filename_comp_gz, filename_comp_gz);
strcpy(entry->meta.filename_comp_br, filename_comp_br);
} else {
memset(entry->meta.filename_comp_gz, 0, sizeof(entry->meta.filename_comp_gz));
memset(entry->meta.filename_comp_br, 0, sizeof(entry->meta.filename_comp_br));
}
unsigned int md_len;
unsigned char hash[EVP_MAX_MD_SIZE];
EVP_DigestFinal(ctx, hash, &md_len);
EVP_MD_CTX_free(ctx);
memset(entry->meta.etag, 0, sizeof(entry->meta.etag));
for (int j = 0; j < md_len; j++) {
sprintf(entry->meta.etag + j * 2, "%02x", hash[j]);
}
fclose(file);
entry->flags &= !CACHE_DIRTY;
info("Finished hashing file %s", entry->filename);
}
static void *cache_thread(void *arg) {
logger_set_name("cache");
while (server_alive) {
pthread_testcancel();
if (sem_wait(&sem_used) != 0) {
if (errno == EINTR) {
errno = 0;
continue;
} else {
error("Unable to lock semaphore");
errno = 0;
break;
}
}
cache_entry_t *entry = buffer.msgs[buffer.wr];
buffer.wr = (buffer.wr + 1) % CACHE_BUF_SIZE;
cache_process_entry(entry);
// unlock slot in buffer
sem_post(&sem_free);
}
cache_free();
return NULL;
}
int cache_init(void) {
char buf[512];
int ret, fd;
if ((ret = magic_init()) != 0)
return ret;
for (int i = 0; i < CONFIG_MAX_HOST_CONFIG; i++) {
host_config_t *hc = &config.hosts[i];
if (hc->type == CONFIG_TYPE_UNSET) break;
if (hc->type != CONFIG_TYPE_LOCAL) continue;
sprintf(buf, "%s/.sesimos/metadata", hc->local.webroot);
if ((fd = open(buf, O_CREAT | O_RDWR, 0600)) == -1) {
critical("Unable to open file %s", buf);
return 1;
}
if (ftruncate(fd, sizeof(cache_t)) == -1) {
critical("Unable to truncate file %s", buf);
return 1;
}
if ((hc->cache = mmap(NULL, sizeof(cache_t), PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0)) == NULL) {
critical("Unable to map file %s", buf);
close(fd);
return 1;
}
close(fd);
errno = 0;
}
// try to initialize all three semaphores
if (sem_init(&sem_lock, 0, 1) != 0 ||
sem_init(&sem_free, 0, 1) != 0 ||
sem_init(&sem_used, 0, 0) != 0)
{
critical("Unable to initialize semaphore");
return -1;
}
// initialize read/write heads
buffer.rd = 0;
buffer.wr = 0;
pthread_create(&thread, NULL, cache_thread, NULL);
return 0;
}
int cache_join(void) {
return pthread_join(thread, NULL);
}
static void cache_mark_entry_dirty(cache_entry_t *entry) {
if (entry->flags & CACHE_DIRTY)
return;
memset(entry->meta.etag, 0, sizeof(entry->meta.etag));
memset(entry->meta.filename_comp_gz, 0, sizeof(entry->meta.filename_comp_gz));
memset(entry->meta.filename_comp_br, 0, sizeof(entry->meta.filename_comp_br));
entry->flags |= CACHE_DIRTY;
try_again_free:
if (sem_wait(&sem_free) != 0) {
if (errno == EINTR) {
errno = 0;
goto try_again_free;
} else {
error("Unable to lock semaphore");
errno = 0;
}
return;
}
// try to lock buffer
try_again_lock:
if (sem_wait(&sem_lock) != 0) {
if (errno == EINTR) {
errno = 0;
goto try_again_lock;
} else {
error("Unable to lock semaphore");
errno = 0;
}
return;
}
// write to buffer
buffer.msgs[buffer.rd] = entry;
buffer.rd = (buffer.rd + 1) % CACHE_BUF_SIZE;
// unlock buffer
sem_post(&sem_lock);
// unlock slot in buffer for logger
sem_post(&sem_used);
}
static void cache_update_entry(cache_entry_t *entry, const char *filename, const char *webroot) {
struct stat statbuf;
stat(filename, &statbuf);
memcpy(&entry->meta.stat, &statbuf, sizeof(statbuf));
entry->webroot_len = (unsigned char) strlen(webroot);
strcpy(entry->filename, filename);
magic_setflags(magic, MAGIC_MIME_TYPE);
const char *type = magic_file(magic, filename);
char type_new[URI_TYPE_SIZE];
sprintf(type_new, "%s", type);
if (strncmp(type, "text/", 5) == 0) {
if (strcmp(filename + strlen(filename) - 4, ".css") == 0) {
sprintf(type_new, "text/css");
} else if (strcmp(filename + strlen(filename) - 3, ".js") == 0) {
sprintf(type_new, "application/javascript");
}
}
strcpy(entry->meta.type, type_new);
magic_setflags(magic, MAGIC_MIME_ENCODING);
strcpy(entry->meta.charset, magic_file(magic, filename));
cache_mark_entry_dirty(entry);
}
void cache_mark_dirty(cache_t *cache, const char *filename) {
cache_entry_t *entry = cache_get_entry(cache, filename);
if (entry) cache_mark_entry_dirty(entry);
}
void cache_init_uri(cache_t *cache, http_uri *uri) {
if (!uri->filename)
return;
cache_entry_t *entry = cache_get_entry(cache, uri->filename);
if (!entry) {
// no entry found -> create new entry
if ((entry = cache_get_new_entry(cache))) {
cache_update_entry(entry, uri->filename, uri->webroot);
uri->meta = &entry->meta;
} else {
warning("No empty cache entry slot found");
}
} else {
uri->meta = &entry->meta;
if (entry->flags & CACHE_DIRTY)
return;
// check, if file has changed
struct stat statbuf;
stat(uri->filename, &statbuf);
if (memcmp(&uri->meta->stat.st_mtime, &statbuf.st_mtime, sizeof(statbuf.st_mtime)) != 0) {
// modify time has changed
cache_update_entry(entry, uri->filename, uri->webroot);
}
}
}

44
src/cache_handler.h Normal file
View File

@@ -0,0 +1,44 @@
/**
* sesimos - secure, simple, modern web server
* @brief File cache implementation (header file)
* @file src/cache_handler.h
* @author Lorenz Stechauner
* @date 2020-12-19
*/
#ifndef SESIMOS_CACHE_HANDLER_H
#define SESIMOS_CACHE_HANDLER_H
#include "lib/uri.h"
#define CACHE_ENTRIES 1024
#define CACHE_DIRTY 1
#ifndef CACHE_MAGIC_FILE
# define CACHE_MAGIC_FILE "/usr/share/file/misc/magic.mgc"
#endif
typedef struct {
char filename[256];
unsigned char webroot_len;
unsigned char flags;
metadata_t meta;
} cache_entry_t;
typedef struct {
char sig[6];
unsigned char ver;
cache_entry_t entries[CACHE_ENTRIES];
} cache_t;
int cache_init(void);
int cache_join(void);
void cache_mark_dirty(cache_t *cache, const char *filename);
void cache_init_uri(cache_t *cache, http_uri *uri);
#endif //SESIMOS_CACHE_HANDLER_H

File diff suppressed because it is too large Load Diff

32
src/client.h Normal file
View File

@@ -0,0 +1,32 @@
/**
* sesimos - secure, simple, modern web server
* @brief Client connection and request handlers (header file)
* @file src/client.h
* @author Lorenz Stechauner
* @date 2022-08-16
*/
#ifndef SESIMOS_CLIENT_H
#define SESIMOS_CLIENT_H
#include "lib/config.h"
#include "lib/sock.h"
#include <arpa/inet.h>
typedef struct {
sock socket;
int req_num;
char *addr, *s_addr;
unsigned char in_use: 1, s_keep_alive:1, c_keep_alive:1;
char cc[3], host[256];
char log_prefix[512];
char _c_addr[INET6_ADDRSTRLEN + 1], _s_addr[INET6_ADDRSTRLEN + 1];
struct timespec begin, end;
} client_ctx_t;
host_config_t *get_host_config(const char *host);
void *client_handler(client_ctx_t *client);
#endif //SESIMOS_CLIENT_H

26
src/defs.h Normal file
View File

@@ -0,0 +1,26 @@
/**
* sesimos - secure, simple, modern web server
* @brief Definitions
* @file src/defs.h
* @author Lorenz Stechauner
* @date 2021-05-04
*/
#ifndef SESIMOS_DEF_H
#define SESIMOS_DEF_H
#define SERVER_VERSION "4.6"
#define SERVER_STR "Sesimos/" SERVER_VERSION
#define SERVER_STR_HTML "Sesimos&nbsp;web&nbsp;server&nbsp;" SERVER_VERSION
#define CHUNK_SIZE 8192
#ifndef DEFAULT_HOST
# define DEFAULT_HOST "www.necronda.net"
#endif
#ifndef SERVER_NAME
# define SERVER_NAME DEFAULT_HOST
#endif
#endif //SESIMOS_DEF_H

View File

@@ -1,291 +0,0 @@
/**
* Necronda Web Server
* HTTP implementation
* src/net/http.c
* Lorenz Stechauner, 2020-12-09
*/
#include "http.h"
#include "utils.h"
void http_to_camel_case(char *str, int mode) {
char last = '-';
char ch;
for (int i = 0; i < strlen(str); i++) {
ch = str[i];
if (mode == HTTP_CAMEL && last == '-' && ch >= 'a' && ch <= 'z') {
str[i] = (char) ((int) ch & 0x5F);
} else if (mode == HTTP_LOWER && ch >= 'A' && ch <= 'Z') {
str[i] = (char) ((int) ch | 0x20);
}
last = str[i];
}
}
void http_free_hdr(http_hdr *hdr) {
for (int i = 0; i < hdr->field_num; i++) {
free(hdr->fields[i][0]);
free(hdr->fields[i][1]);
}
hdr->field_num = 0;
}
void http_free_req(http_req *req) {
if (req->uri == NULL) free(req->uri);
req->uri = NULL;
http_free_hdr(&req->hdr);
}
void http_free_res(http_res *res) {
http_free_hdr(&res->hdr);
}
int http_parse_header_field(http_hdr *hdr, const char *buf, const char *end_ptr) {
char *pos1 = memchr(buf, ':', end_ptr - buf);
char *pos2;
if (pos1 == NULL) {
print(ERR_STR "Unable to parse header" CLR_STR);
return 3;
}
long len = pos1 - buf;
hdr->fields[hdr->field_num][0] = malloc(len + 1);
sprintf(hdr->fields[hdr->field_num][0], "%.*s", (int) len, buf);
http_to_camel_case(hdr->fields[hdr->field_num][0], HTTP_CAMEL);
pos1++;
pos2 = (char *) end_ptr - 1;
while (pos1[0] == ' ') pos1++;
while (pos2[0] == ' ') pos2--;
len = pos2 - pos1 + 1;
if (len <= 0) {
hdr->fields[hdr->field_num][1] = malloc(1);
hdr->fields[hdr->field_num][1][0] = 0;
} else {
hdr->fields[hdr->field_num][1] = malloc(len + 1);
sprintf(hdr->fields[hdr->field_num][1], "%.*s", (int) len, pos1);
}
hdr->field_num++;
return 0;
}
int http_receive_request(sock *client, http_req *req) {
unsigned long rcv_len, len;
char *ptr, *pos0, *pos1, *pos2;
char buf[CLIENT_MAX_HEADER_SIZE];
memset(buf, 0, sizeof(buf));
memset(req->method, 0, sizeof(req->method));
memset(req->version, 0, sizeof(req->version));
req->uri = NULL;
req->hdr.field_num = 0;
while (1) {
if (client->enc) {
rcv_len = SSL_read(client->ssl, buf, CLIENT_MAX_HEADER_SIZE);
if (rcv_len < 0) {
print(ERR_STR "Unable to receive: %s" CLR_STR, ssl_get_error(client->ssl, rcv_len));
return -1;
}
} else {
rcv_len = recv(client->socket, buf, CLIENT_MAX_HEADER_SIZE, 0);
if (rcv_len < 0) {
print(ERR_STR "Unable to receive: %s" CLR_STR, strerror(errno));
return -1;
}
}
if (rcv_len == 0) {
print("Unable to receive: closed");
return -1;
}
unsigned long header_len = strstr(buf, "\r\n\r\n") - buf + 4;
if (header_len <= 0) {
print(ERR_STR "Unable to parse header: End of header not found" CLR_STR);
return 5;
}
for (int i = 0; i < header_len; i++) {
if ((buf[i] >= 0x00 && buf[i] <= 0x1F && buf[i] != '\r' && buf[i] != '\n') || buf[i] == 0x7F) {
print(ERR_STR "Unable to parse header: Header contains illegal characters" CLR_STR);
return 4;
}
}
ptr = buf;
while (header_len > (ptr - buf + 2)) {
pos0 = strstr(ptr, "\r\n");
if (pos0 == NULL) {
print(ERR_STR "Unable to parse header: Invalid header format" CLR_STR);
return 1;
}
if (req->version[0] == 0) {
pos1 = memchr(ptr, ' ', rcv_len - (ptr - buf)) + 1;
if (pos1 == NULL) goto err_hdr_fmt;
if (pos1 - ptr - 1 >= sizeof(req->method)) {
print(ERR_STR "Unable to parse header: Method name too long" CLR_STR);
return 2;
}
for (int i = 0; i < (pos1 - ptr - 1); i++) {
if (ptr[i] < 'A' || ptr[i] > 'Z') {
print(ERR_STR "Unable to parse header: Invalid method" CLR_STR);
return 2;
}
}
strncpy(req->method, ptr, pos1 - ptr - 1);
pos2 = memchr(pos1, ' ', rcv_len - (pos1 - buf)) + 1;
if (pos2 == NULL) {
err_hdr_fmt:
print(ERR_STR "Unable to parse header: Invalid header format" CLR_STR);
return 1;
}
if (memcmp(pos2, "HTTP/", 5) != 0 || memcmp(pos2 + 8, "\r\n", 2) != 0) {
print(ERR_STR "Unable to parse header: Invalid version" CLR_STR);
return 3;
}
len = pos2 - pos1 - 1;
req->uri = malloc(len + 1);
sprintf(req->uri, "%.*s", (int) len, pos1);
sprintf(req->version, "%.3s", pos2 + 5);
} else {
int ret = http_parse_header_field(&req->hdr, ptr, pos0);
if (ret != 0) return ret;
}
ptr = pos0 + 2;
}
if (pos0[2] == '\r' && pos0[3] == '\n') {
break;
}
}
client->buf_len = rcv_len - (pos0 - buf + 4);
if (client->buf_len > 0) {
client->buf = malloc(client->buf_len);
client->buf_off = 0;
memcpy(client->buf, pos0 + 4, client->buf_len);
}
return 0;
}
char *http_get_header_field(const http_hdr *hdr, const char *field_name) {
char field_name_1[256], field_name_2[256];
strcpy(field_name_1, field_name);
http_to_camel_case(field_name_1, HTTP_LOWER);
for (int i = 0; i < hdr->field_num; i++) {
strcpy(field_name_2, hdr->fields[i][0]);
http_to_camel_case(field_name_2, HTTP_LOWER);
if (strcmp(field_name_1, field_name_2) == 0) {
return hdr->fields[i][1];
}
}
return NULL;
}
void http_add_header_field(http_hdr *hdr, const char *field_name, const char *field_value) {
size_t len_name = strlen(field_name);
size_t len_value = strlen(field_value);
char *_field_name = malloc(len_name + 1);
char *_field_value = malloc(len_value + 1);
strcpy(_field_name, field_name);
strcpy(_field_value, field_value);
http_to_camel_case(_field_name, HTTP_PRESERVE);
hdr->fields[hdr->field_num][0] = _field_name;
hdr->fields[hdr->field_num][1] = _field_value;
hdr->field_num++;
}
void http_remove_header_field(http_hdr *hdr, const char *field_name, int mode) {
char field_name_1[256], field_name_2[256];
strcpy(field_name_1, field_name);
http_to_camel_case(field_name_1, HTTP_LOWER);
for (int i = 0; i < hdr->field_num; i++) {
strcpy(field_name_2, hdr->fields[i][0]);
http_to_camel_case(field_name_2, HTTP_LOWER);
if (strcmp(field_name_1, field_name_2) == 0) {
for (int j = i; j < hdr->field_num - 1; j++) {
memcpy(hdr->fields[j], hdr->fields[j + 1], sizeof(hdr->fields[0]));
}
hdr->field_num--;
if (mode == HTTP_REMOVE_ONE) {
return;
} else if (mode == HTTP_REMOVE_ALL) {
i--;
}
}
}
}
int http_send_response(sock *client, http_res *res) {
char buf[CLIENT_MAX_HEADER_SIZE];
int len = 0;
int snd_len = 0;
len += sprintf(buf + len, "HTTP/%s %03i %s\r\n", res->version, res->status->code, res->status->msg);
for (int i = 0; i < res->hdr.field_num; i++) {
len += sprintf(buf + len, "%s: %s\r\n", res->hdr.fields[i][0], res->hdr.fields[i][1]);
}
len += sprintf(buf + len, "\r\n");
if (client->enc) {
snd_len = SSL_write(client->ssl, buf, len);
} else {
snd_len = send(client->socket, buf, len, 0);
}
return 0;
}
http_status *http_get_status(unsigned short status_code) {
for (int i = 0; i < sizeof(http_statuses) / sizeof(http_status); i++) {
if (http_statuses[i].code == status_code) {
return &http_statuses[i];
}
}
return NULL;
}
http_error_msg *http_get_error_msg(unsigned short status_code) {
for (int i = 0; i < sizeof(http_error_messages) / sizeof(http_error_msg); i++) {
if (http_error_messages[i].code == status_code) {
return &http_error_messages[i];
}
}
return NULL;
}
const char *http_get_status_color(http_status *status) {
unsigned short code = status->code;
if (code >= 100 && code < 200) {
return HTTP_1XX_STR;
} else if (code >= 200 && code < 300 || code == 304) {
return HTTP_2XX_STR;
} else if (code >= 300 && code < 400) {
return HTTP_3XX_STR;
} else if (code >= 400 && code < 500) {
return HTTP_4XX_STR;
} else if (code >= 500 && code < 600) {
return HTTP_5XX_STR;
}
return "";
}
char *http_format_date(time_t time, char *buf, size_t size) {
struct tm *timeinfo = gmtime(&time);
strftime(buf, size, "%a, %d %b %Y %H:%M:%S GMT", timeinfo);
return buf;
}
char *http_get_date(char *buf, size_t size) {
time_t rawtime;
time(&rawtime);
return http_format_date(rawtime, buf, size);
}

View File

@@ -1,192 +0,0 @@
/**
* Necronda Web Server
* HTTP implementation (header file)
* src/net/http.h
* Lorenz Stechauner, 2020-12-09
*/
#ifndef NECRONDA_SERVER_HTTP_H
#define NECRONDA_SERVER_HTTP_H
#define HTTP_PRESERVE 0
#define HTTP_LOWER 1
#define HTTP_CAMEL 2
#define HTTP_REMOVE_ONE 0
#define HTTP_REMOVE_ALL 1
typedef struct {
unsigned short code;
char type[16];
char msg[32];
} http_status;
typedef struct {
unsigned short code;
char *err_msg;
} http_error_msg;
typedef struct {
char field_num;
char *fields[64][2];
} http_hdr;
typedef struct {
char method[16];
char *uri;
char version[3];
http_hdr hdr;
} http_req;
typedef struct {
http_status *status;
char version[3];
http_hdr hdr;
} http_res;
http_status http_statuses[] = {
{100, "Informational", "Continue"},
{101, "Informational", "Switching Protocols"},
{200, "Success", "OK"},
{201, "Success", "Created"},
{202, "Success", "Accepted"},
{203, "Success", "Non-Authoritative Information"},
{204, "Success", "No Content"},
{205, "Success", "Reset Content"},
{206, "Success", "Partial Content"},
{300, "Redirection", "Multiple Choices"},
{301, "Redirection", "Moved Permanently"},
{302, "Redirection", "Found"},
{303, "Redirection", "See Other"},
{304, "Redirection", "Not Modified"},
{305, "Redirection", "Use Proxy"},
{307, "Redirection", "Temporary Redirect"},
{308, "Redirection", "Permanent Redirect"},
{400, "Client Error", "Bad Request"},
{401, "Client Error", "Unauthorized"},
{402, "Client Error", "Payment Required"},
{403, "Client Error", "Forbidden"},
{404, "Client Error", "Not Found"},
{405, "Client Error", "Method Not Allowed"},
{406, "Client Error", "Not Acceptable"},
{407, "Client Error", "Proxy Authentication Required"},
{408, "Client Error", "Request Timeout"},
{409, "Client Error", "Conflict"},
{410, "Client Error", "Gone"},
{411, "Client Error", "Length Required"},
{412, "Client Error", "Precondition Failed"},
{413, "Client Error", "Request Entity Too Large"},
{414, "Client Error", "Request-URI Too Long"},
{415, "Client Error", "Unsupported Media Type"},
{416, "Client Error", "Range Not Satisfiable"},
{417, "Client Error", "Expectation Failed"},
{500, "Server Error", "Internal Server Error"},
{501, "Server Error", "Not Implemented"},
{502, "Server Error", "Bad Gateway"},
{503, "Server Error", "Service Unavailable"},
{504, "Server Error", "Gateway Timeout"},
{505, "Server Error", "HTTP Version Not Supported"},
};
http_error_msg http_error_messages[] = {
{400, "The request could not be understood by the server due to malformed syntax."},
{401, "The request requires user authentication."},
{403, "The server understood the request, but is refusing to fulfill it."},
{404, "The server has not found anything matching the Request-URI."},
{405, "The method specified in the Request-Line is not allowed for the resource identified by the Request-URI."},
{406, "The resource identified by the request is only capable of generating response entities which have content characteristics not acceptable according to the accept headers sent in the request."},
{407, "The request requires user authentication on the proxy."},
{408, "The client did not produce a request within the time that the server was prepared to wait."},
{409, "The request could not be completed due to a conflict with the current state of the resource."},
{410, "The requested resource is no longer available at the server and no forwarding address is known."},
{411, "The server refuses to accept the request without a defined Content-Length."},
{412, "The precondition given in one or more of the request-header fields evaluated to false when it was tested on the server."},
{413, "The server is refusing to process a request because the request entity is larger than the server is willing or able to process."},
{414, "The server is refusing to service the request because the Request-URI is longer than the server is willing to interpret."},
{415, "The server is refusing to service the request because the entity of the request is in a format not supported by the requested resource for the requested method."},
{416, "None of the ranges in the request's Range header field overlap the current extent of the selected resource or that the set of ranges requested has been rejected due to invalid ranges or an excessive request of small or overlapping ranges."},
{417, "The expectation given in an Expect request-header field could not be met by this server, or, if the server is a proxy, the server has unambiguous evidence that the request could not be met by the next-hop server."},
{500, "The server encountered an unexpected condition which prevented it from fulfilling the request."},
{501, "The server does not support the functionality required to fulfill the request."},
{502, "The server, while acting as a gateway or proxy, received an invalid response from the upstream server it accessed in attempting to fulfill the request."},
{503, "The server is currently unable to handle the request due to a temporary overloading or maintenance of the server."},
{504, "The server, while acting as a gateway or proxy, did not receive a timely response from the upstream server specified by the URI or some other auxiliary server it needed to access in attempting to complete the request."},
{505, "The server does not support, or refuses to support, the HTTP protocol version that was used in the request message."}
};
const char *http_default_document =
"<!DOCTYPE html>\n"
"<html lang=\"en\">\n"
"<head>\n"
" <title>%1$i %2$s</title>\n"
" <meta charset=\"UTF-8\"/>\n"
" <meta name=\"theme-color\" content=\"%6$s\"/>\n"
" <meta name=\"apple-mobile-web-app-status-bar-style\" content=\"black-translucent\"/>\n"
" <meta name=\"viewport\" content=\"width=device-width,initial-scale=1.0\"/>\n"
"%5$s"
" <style>\n"
" html{font-family:\"Arial\",sans-serif;--error:#C00000;--info:#E0C000;--color:var(--%4$s);}\n"
" body{background-color:#F0F0F0;margin:0.5em;}\n"
" main{max-width:600px;margin:2em auto;background-color:#FFFFFF;border: 1px solid var(--color);border-radius:4px;padding:1em 2em;}\n"
" h1,h2,h3,h4,h5,h6,h7{text-align:center;color:var(--color);}\n"
" h1{margin:0.5em 0;font-size:1.5em;}\n"
" p{text-align:center;}\n"
" div.footer{color:#808080;font-size:0.75em;text-align:center;margin:0.5em 0;}\n"
" </style>\n"
"</head>\n"
"<body>\n"
" <main>\n"
"%3$s"
" <div class=\"footer\">Necronda web server " NECRONDA_VERSION "</div>\n"
" </main>\n"
"</body>\n"
"</html>\n";
const char *http_error_document =
" <h1>%1$i %2$s :&#xFEFF;(</h1>\n"
" <p>%3$s</p>\n"
" <p>%4$s</p>\n";
const char *http_error_icon =
" <link rel=\"shortcut icon\" type=\"image/svg+xml\" sizes=\"any\" href=\"data:image/svg+xml;base64,"
"PHN2ZyB3aWR0aD0iMTYiIGhlaWdodD0iMTYiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAw"
"L3N2ZyI+PHRleHQgeD0iNCIgeT0iMTIiIGZpbGw9IiNDMDAwMDAiIHN0eWxlPSJmb250LWZhbWls"
"eTonQXJpYWwnLHNhbnMtc2VyaWYiPjooPC90ZXh0Pjwvc3ZnPgo=\"/>\n";
void http_to_camel_case(char *str, int mode);
void http_free_hdr(http_hdr *hdr);
void http_free_req(http_req *req);
void http_free_res(http_res *res);
int http_receive_request(sock *client, http_req *req);
int http_parse_header_field(http_hdr *hdr, const char *buf, const char *end_ptr) ;
char *http_get_header_field(const http_hdr *hdr, const char *field_name);
void http_add_header_field(http_hdr *hdr, const char *field_name, const char *field_value);
void http_remove_header_field(http_hdr *hdr, const char *field_name, int mode);
int http_send_response(sock *client, http_res *res);
http_status *http_get_status(unsigned short status_code);
http_error_msg *http_get_error_msg(unsigned short status_code);
const char *http_get_status_color(http_status *status);
char *http_format_date(time_t time, char *buf, size_t size);
char *http_get_date(char *buf, size_t size);
#endif //NECRONDA_SERVER_HTTP_H

74
src/lib/compress.c Normal file
View File

@@ -0,0 +1,74 @@
/**
* sesimos - secure, simple, modern web server
* @brief Compression interface
* @file src/lib/compress.c
* @author Lorenz Stechauner
* @date 2021-05-05
*/
#include "compress.h"
#include <errno.h>
int compress_init(compress_ctx *ctx, int mode) {
ctx->brotli = NULL;
ctx->mode = 0;
int ret;
if (mode & COMPRESS_GZ) {
ctx->mode |= COMPRESS_GZ;
ctx->gzip.zalloc = Z_NULL;
ctx->gzip.zfree = Z_NULL;
ctx->gzip.opaque = Z_NULL;
ret = deflateInit2(&ctx->gzip, COMPRESS_LEVEL_GZIP, Z_DEFLATED, 15 + 16, 9, Z_DEFAULT_STRATEGY);
if (ret != Z_OK) return -1;
}
if (mode & COMPRESS_BR) {
ctx->mode |= COMPRESS_BR;
ctx->brotli = BrotliEncoderCreateInstance(NULL, NULL, NULL);
if (ctx->brotli == NULL) return -1;
BrotliEncoderSetParameter(ctx->brotli, BROTLI_PARAM_MODE, BROTLI_MODE_GENERIC);
BrotliEncoderSetParameter(ctx->brotli, BROTLI_PARAM_QUALITY, COMPRESS_LEVEL_BROTLI);
}
return 0;
}
int compress_compress(compress_ctx *ctx, const char *in, unsigned long *in_len, char *out, unsigned long *out_len, int finish) {
if ((ctx->mode & COMPRESS_GZ) && (ctx->mode & COMPRESS_BR)) {
errno = EINVAL;
return -1;
}
return compress_compress_mode(ctx, ctx->mode, in, in_len, out, out_len, finish);
}
int compress_compress_mode(compress_ctx *ctx, int mode, const char *in, unsigned long *in_len, char *out, unsigned long *out_len, int finish) {
if ((mode & COMPRESS_GZ) && (mode & COMPRESS_BR)) {
errno = EINVAL;
return -1;
} else if (mode & COMPRESS_GZ) {
ctx->gzip.next_in = (unsigned char*) in;
ctx->gzip.avail_in = *in_len;
ctx->gzip.next_out = (unsigned char*) out;
ctx->gzip.avail_out = *out_len;
int ret = deflate(&ctx->gzip, finish ? Z_FINISH : Z_NO_FLUSH);
*in_len = ctx->gzip.avail_in;
*out_len = ctx->gzip.avail_out;
return ret;
} else if (mode & COMPRESS_BR) {
int ret = BrotliEncoderCompressStream(ctx->brotli, finish ? BROTLI_OPERATION_FINISH : BROTLI_OPERATION_PROCESS,
in_len, (const unsigned char**) &in, out_len, (unsigned char **) &out, NULL);
return (ret == BROTLI_TRUE) ? 0 : -1;
} else {
errno = EINVAL;
return -2;
}
}
int compress_free(compress_ctx *ctx) {
if (ctx->brotli != NULL) {
BrotliEncoderDestroyInstance(ctx->brotli);
ctx->brotli = NULL;
}
ctx->mode = 0;
return 0;
}

36
src/lib/compress.h Normal file
View File

@@ -0,0 +1,36 @@
/**
* sesimos - secure, simple, modern web server
* @brief Compression interface (header file)
* @file src/lib/compress.h
* @author Lorenz Stechauner
* @date 2021-05-05
*/
#ifndef SESIMOS_COMPRESS_H
#define SESIMOS_COMPRESS_H
#include <zlib.h>
#include <brotli/encode.h>
#define COMPRESS_LEVEL_GZIP 9
#define COMPRESS_LEVEL_BROTLI BROTLI_MAX_QUALITY
#define COMPRESS_GZ 1
#define COMPRESS_BR 2
#define COMPRESS 3
typedef struct {
int mode;
z_stream gzip;
BrotliEncoderState *brotli;
} compress_ctx;
int compress_init(compress_ctx *ctx, int mode);
int compress_compress(compress_ctx *ctx, const char *in, unsigned long *in_len, char *out, unsigned long *out_len, int finish);
int compress_compress_mode(compress_ctx *ctx, int mode, const char *in, unsigned long *in_len, char *out, unsigned long *out_len, int finish);
int compress_free(compress_ctx *ctx);
#endif //SESIMOS_COMPRESS_H

210
src/lib/config.c Normal file
View File

@@ -0,0 +1,210 @@
/**
* sesimos - secure, simple, modern web server
* @brief Configuration file loader
* @file src/lib/config.c
* @author Lorenz Stechauner
* @date 2021-01-05
*/
#include "../logger.h"
#include "config.h"
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
config_t config;
int config_load(const char *filename) {
FILE *file = fopen(filename, "r");
if (file == NULL) {
critical("Unable to open config file");
return -1;
}
memset(&config, 0, sizeof(config));
int i = 0;
int j = 0;
int line_num = 0;
int mode = 0;
char section = 0;
char *source, *target;
char *line = NULL;
ssize_t read;
size_t line_len = 0;
while ((read = getline(&line, &line_len, file)) != -1) {
line_num++;
char *ptr = line;
char *comment = strpbrk(ptr, "#\r\n");
if (comment != NULL) comment[0] = 0;
unsigned long len = strlen(ptr);
char *end_ptr = ptr + len - 1;
while (end_ptr[0] == ' ' || end_ptr[0] == '\t') {
end_ptr[0] = 0;
end_ptr--;
}
len = strlen(ptr);
if (len == 0) continue;
if (ptr[0] == '[') {
if (ptr[len - 1] != ']') goto err;
ptr++;
int l = 0;
if (strncmp(ptr, "host", 4) == 0 && (ptr[4] == ' ' || ptr[4] == '\t')) {
ptr += 4;
while (ptr[0] == ' ' || ptr[0] == '\t' || ptr[0] == ']') ptr++;
while (ptr[l] != ' ' && ptr[l] != '\t' && ptr[l] != ']') l++;
if (l == 0) goto err;
snprintf(config.hosts[i].name, sizeof(config.hosts[i].name), "%.*s", l, ptr);
i++;
section = 'h';
} else if (strncmp(ptr, "cert", 4) == 0 && (ptr[4] == ' ' || ptr[4] == '\t')) {
ptr += 4;
while (ptr[0] == ' ' || ptr[0] == '\t' || ptr[0] == ']') ptr++;
while (ptr[l] != ' ' && ptr[l] != '\t' && ptr[l] != ']') l++;
if (l == 0) goto err;
snprintf(config.certs[j].name, sizeof(config.certs[j].name), "%.*s", l, ptr);
j++;
section = 'c';
} else {
goto err;
}
continue;
} else if (section == 0) {
if (len > 10 && strncmp(ptr, "geoip_dir", 9) == 0 && (ptr[9] == ' ' || ptr[9] == '\t')) {
source = ptr + 9;
target = config.geoip_dir;
} else if (len > 11 && strncmp(ptr, "dns_server", 10) == 0 && (ptr[10] == ' ' || ptr[10] == '\t')) {
source = ptr + 10;
target = config.dns_server;
} else {
goto err;
}
} else if (section == 'c') {
cert_config_t *cc = &config.certs[j - 1];
if (len > 12 && strncmp(ptr, "certificate", 11) == 0 && (ptr[11] == ' ' || ptr[11] == '\t')) {
source = ptr + 11;
target = cc->full_chain;
} else if (len > 12 && strncmp(ptr, "private_key", 11) == 0 && (ptr[11] == ' ' || ptr[11] == '\t')) {
source = ptr + 11;
target = cc->priv_key;
} else {
goto err;
}
} else if (section == 'h') {
host_config_t *hc = &config.hosts[i - 1];
if (len > 8 && strncmp(ptr, "webroot", 7) == 0 && (ptr[7] == ' ' || ptr[7] == '\t')) {
source = ptr + 7;
target = hc->local.webroot;
if (hc->type != 0 && hc->type != CONFIG_TYPE_LOCAL) {
goto err;
} else {
hc->type = CONFIG_TYPE_LOCAL;
}
} else if (len > 5 && strncmp(ptr, "cert", 4) == 0 && (ptr[4] == ' ' || ptr[4] == '\t')) {
source = ptr + 4;
target = hc->cert_name;
} else if (len > 9 && strncmp(ptr, "dir_mode", 8) == 0 && (ptr[8] == ' ' || ptr[8] == '\t')) {
source = ptr + 8;
target = NULL;
mode = 1;
if (hc->type != 0 && hc->type != CONFIG_TYPE_LOCAL) {
goto err;
} else {
hc->type = CONFIG_TYPE_LOCAL;
}
} else if (len > 9 && strncmp(ptr, "hostname", 8) == 0 && (ptr[8] == ' ' || ptr[8] == '\t')) {
source = ptr + 8;
target = hc->proxy.hostname;
if (hc->type != 0 && hc->type != CONFIG_TYPE_REVERSE_PROXY) {
goto err;
} else {
hc->type = CONFIG_TYPE_REVERSE_PROXY;
}
} else if (len > 5 && strncmp(ptr, "port", 4) == 0 && (ptr[4] == ' ' || ptr[4] == '\t')) {
source = ptr + 4;
target = NULL;
mode = 2;
if (hc->type != 0 && hc->type != CONFIG_TYPE_REVERSE_PROXY) {
goto err;
} else {
hc->type = CONFIG_TYPE_REVERSE_PROXY;
}
} else if (strcmp(ptr, "http") == 0) {
if (hc->type != 0 && hc->type != CONFIG_TYPE_REVERSE_PROXY) {
goto err;
} else {
hc->type = CONFIG_TYPE_REVERSE_PROXY;
hc->proxy.enc = 0;
}
continue;
} else if (strcmp(ptr, "https") == 0) {
if (hc->type != 0 && hc->type != CONFIG_TYPE_REVERSE_PROXY) {
goto err;
} else {
hc->type = CONFIG_TYPE_REVERSE_PROXY;
hc->proxy.enc = 1;
}
continue;
} else {
goto err;
}
} else {
goto err;
}
while (source[0] == ' ' || source[0] == '\t') source++;
if (strlen(source) == 0) {
err:
critical("Unable to parse config file (line %i)", line);
return -2;
}
if (target != NULL) {
strcpy(target, source);
} else if (mode == 1) {
if (strcmp(source, "forbidden") == 0) {
config.hosts[i - 1].local.dir_mode = URI_DIR_MODE_FORBIDDEN;
} else if (strcmp(source, "info") == 0) {
config.hosts[i - 1].local.dir_mode = URI_DIR_MODE_INFO;
} else if (strcmp(source, "list") == 0) {
config.hosts[i - 1].local.dir_mode = URI_DIR_MODE_LIST;
} else {
goto err;
}
} else if (mode == 2) {
config.hosts[i - 1].proxy.port = (unsigned short) strtoul(source, NULL, 10);
}
}
free(line);
for (int k = 0; k < i; k++) {
host_config_t *hc = &config.hosts[k];
if (hc->type == CONFIG_TYPE_LOCAL) {
char *webroot = config.hosts[k].local.webroot;
if (webroot[strlen(webroot) - 1] == '/') {
webroot[strlen(webroot) - 1] = 0;
}
}
if (hc->cert_name[0] == 0) goto err2;
int found = 0;
for (int m = 0; m < j; m++) {
if (strcmp(config.certs[m].name, hc->cert_name) == 0) {
hc->cert = m;
found = 1;
break;
}
}
if (!found) {
err2:
critical("Unable to parse config file");
return -2;
}
}
return 0;
}

63
src/lib/config.h Normal file
View File

@@ -0,0 +1,63 @@
/**
* sesimos - secure, simple, modern web server
* @brief Configuration file loader (header file)
* @file src/lib/config.h
* @author Lorenz Stechauner
* @date 2021-01-05
*/
#ifndef SESIMOS_CONFIG_H
#define SESIMOS_CONFIG_H
#include "uri.h"
#include "../cache_handler.h"
#define CONFIG_MAX_HOST_CONFIG 64
#define CONFIG_MAX_CERT_CONFIG 64
#define CONFIG_TYPE_UNSET 0
#define CONFIG_TYPE_LOCAL 1
#define CONFIG_TYPE_REVERSE_PROXY 2
#ifndef DEFAULT_CONFIG_FILE
# define DEFAULT_CONFIG_FILE "/etc/sesimos/server.conf"
#endif
typedef struct {
int type;
char name[256];
char cert_name[256];
int cert;
cache_t *cache;
union {
struct {
char hostname[256];
unsigned short port;
unsigned char enc:1;
} proxy;
struct {
char webroot[256];
unsigned char dir_mode:2;
} local;
};
} host_config_t;
typedef struct {
char name[256];
char full_chain[256];
char priv_key[256];
} cert_config_t;
typedef struct {
host_config_t hosts[CONFIG_MAX_HOST_CONFIG];
cert_config_t certs[CONFIG_MAX_CERT_CONFIG];
char geoip_dir[256];
char dns_server[256];
} config_t;
extern config_t config;
int config_load(const char *filename);
#endif //SESIMOS_CONFIG_H

View File

@@ -1,14 +1,21 @@
/**
* Necronda Web Server
* FastCGI interface implementation
* src/fastcgi.c
* Lorenz Stechauner, 2020-12-26
* sesimos - secure, simple, modern web server
* @brief FastCGI interface implementation
* @file src/lib/fastcgi.c
* @author Lorenz Stechauner
* @date 2020-12-26
*/
#include "fastcgi.h"
#include "necronda-server.h"
#include "utils.h"
#include "compress.h"
#include "../server.h"
#include "../logger.h"
#include <sys/un.h>
#include <sys/socket.h>
#include <errno.h>
#include <string.h>
char *fastcgi_add_param(char *buf, const char *key, const char *value) {
@@ -38,36 +45,43 @@ char *fastcgi_add_param(char *buf, const char *key, const char *value) {
ptr += 4;
}
memcpy(ptr, key, key_len);
strcpy(ptr, key);
ptr += key_len;
memcpy(ptr, value, val_len);
strcpy(ptr, value);
ptr += val_len;
return ptr;
}
int fastcgi_init(fastcgi_conn *conn, unsigned int client_num, unsigned int req_num, const sock *client,
const http_req *req, const http_uri *uri) {
int fastcgi_init(fastcgi_conn *conn, int mode, unsigned int client_num, unsigned int req_num, const sock *client, const http_req *req, const http_uri *uri) {
unsigned short req_id = (client_num & 0xFFF) << 4;
if (client_num == 0) {
req_id |= (req_num + 1) & 0xF;
} else {
req_id |= req_num & 0xF;
}
conn->mode = mode;
conn->req_id = req_id;
conn->out_buf = NULL;
conn->out_off = 0;
conn->webroot = uri->webroot;
int php_fpm = socket(AF_UNIX, SOCK_STREAM, 0);
if (php_fpm < 0) {
print(ERR_STR "Unable to create unix socket: %s" CLR_STR, strerror(errno));
int fcgi_sock = socket(AF_UNIX, SOCK_STREAM, 0);
if (fcgi_sock < 0) {
error("Unable to create unix socket");
return -1;
}
conn->socket = php_fpm;
conn->socket = fcgi_sock;
struct sockaddr_un php_fpm_addr = {AF_UNIX, PHP_FPM_SOCKET};
if (connect(conn->socket, (struct sockaddr *) &php_fpm_addr, sizeof(php_fpm_addr)) < 0) {
print(ERR_STR "Unable to connect to unix socket of PHP-FPM: %s" CLR_STR, strerror(errno));
struct sockaddr_un sock_addr = {AF_UNIX};
if (conn->mode == FASTCGI_SESIMOS) {
snprintf(sock_addr.sun_path, sizeof(sock_addr.sun_path) - 1, "%s", SESIMOS_BACKEND_SOCKET);
} else if (conn->mode == FASTCGI_PHP) {
snprintf(sock_addr.sun_path, sizeof(sock_addr.sun_path) - 1, "%s", PHP_FPM_SOCKET);
}
if (connect(conn->socket, (struct sockaddr *) &sock_addr, sizeof(sock_addr)) < 0) {
error("Unable to connect to unix socket of FastCGI socket");
return -1;
}
@@ -87,7 +101,7 @@ int fastcgi_init(fastcgi_conn *conn, unsigned int client_num, unsigned int req_n
{.roleB1 = (FCGI_RESPONDER >> 8) & 0xFF, .roleB0 = FCGI_RESPONDER & 0xFF, .flags = 0}
};
if (send(conn->socket, &begin, sizeof(begin), 0) != sizeof(begin)) {
print(ERR_STR "Unable to send to PHP-FPM: %s" CLR_STR, strerror(errno));
error("Unable to send to FastCGI socket");
return -2;
}
@@ -118,8 +132,8 @@ int fastcgi_init(fastcgi_conn *conn, unsigned int client_num, unsigned int req_n
addr = (struct sockaddr_in6 *) &addr_storage;
sprintf(buf0, "%i", addr->sin6_port);
param_ptr = fastcgi_add_param(param_ptr, "REMOTE_PORT", buf0);
param_ptr = fastcgi_add_param(param_ptr, "REMOTE_ADDR", client_addr_str);
param_ptr = fastcgi_add_param(param_ptr, "REMOTE_HOST", client_host_str != NULL ? client_host_str : client_addr_str);
param_ptr = fastcgi_add_param(param_ptr, "REMOTE_ADDR", conn->ctx->addr);
param_ptr = fastcgi_add_param(param_ptr, "REMOTE_HOST", conn->ctx->host[0] != 0 ? conn->ctx->host : conn->ctx->addr);
//param_ptr = fastcgi_add_param(param_ptr, "REMOTE_IDENT", "");
//param_ptr = fastcgi_add_param(param_ptr, "REMOTE_USER", "");
@@ -133,24 +147,26 @@ int fastcgi_init(fastcgi_conn *conn, unsigned int client_num, unsigned int req_n
if (uri->pathinfo != NULL && strlen(uri->pathinfo) > 0) {
sprintf(buf0, "/%s", uri->pathinfo);
} else {
sprintf(buf0, "");
buf0[0] = 0;
}
param_ptr = fastcgi_add_param(param_ptr, "PATH_INFO", buf0);
//param_ptr = fastcgi_add_param(param_ptr, "AUTH_TYPE", "");
char *content_length = http_get_header_field(&req->hdr, "Content-Length");
const char *content_length = http_get_header_field(&req->hdr, "Content-Length");
param_ptr = fastcgi_add_param(param_ptr, "CONTENT_LENGTH", content_length != NULL ? content_length : "");
char *content_type = http_get_header_field(&req->hdr, "Content-Type");
const char *content_type = http_get_header_field(&req->hdr, "Content-Type");
param_ptr = fastcgi_add_param(param_ptr, "CONTENT_TYPE", content_type != NULL ? content_type : "");
if (client_geoip != NULL) {
param_ptr = fastcgi_add_param(param_ptr, "REMOTE_INFO", client_geoip);
}
//if (conn->ctx->geoip[0] != 0) {
// param_ptr = fastcgi_add_param(param_ptr, "REMOTE_INFO", conn->ctx->geoip);
//}
for (int i = 0; i < req->hdr.field_num; i++) {
const http_field *f = &req->hdr.fields[i];
const char *name = http_field_get_name(f);
char *ptr = buf0;
ptr += sprintf(ptr, "HTTP_");
for (int j = 0; j < strlen(req->hdr.fields[i][0]); j++, ptr++) {
char ch = req->hdr.fields[i][0][j];
for (int j = 0; j < strlen(name); j++, ptr++) {
char ch = name[j];
if ((ch >= 'A' && ch <= 'Z') || (ch >= '0' && ch <= '9')) {
ch = ch;
} else if (ch >= 'a' && ch <= 'z') {
@@ -161,7 +177,7 @@ int fastcgi_init(fastcgi_conn *conn, unsigned int client_num, unsigned int req_n
ptr[0] = ch;
ptr[1] = 0;
}
param_ptr = fastcgi_add_param(param_ptr, buf0, req->hdr.fields[i][1]);
param_ptr = fastcgi_add_param(param_ptr, buf0, http_field_get_value(f));
}
unsigned short param_len = param_ptr - param_buf - sizeof(header);
@@ -170,7 +186,7 @@ int fastcgi_init(fastcgi_conn *conn, unsigned int client_num, unsigned int req_n
header.contentLengthB0 = param_len & 0xFF;
memcpy(param_buf, &header, sizeof(header));
if (send(conn->socket, param_buf, param_len + sizeof(header), 0) != param_len + sizeof(header)) {
print(ERR_STR "Unable to send to PHP-FPM: %s" CLR_STR, strerror(errno));
error("Unable to send to FastCGI socket");
return -2;
}
@@ -178,7 +194,7 @@ int fastcgi_init(fastcgi_conn *conn, unsigned int client_num, unsigned int req_n
header.contentLengthB1 = 0;
header.contentLengthB0 = 0;
if (send(conn->socket, &header, sizeof(header), 0) != sizeof(header)) {
print(ERR_STR "Unable to send to PHP-FPM: %s" CLR_STR, strerror(errno));
error("Unable to send to FastCGI socket");
return -2;
}
@@ -198,24 +214,29 @@ int fastcgi_close_stdin(fastcgi_conn *conn) {
};
if (send(conn->socket, &header, sizeof(header), 0) != sizeof(header)) {
print(ERR_STR "Unable to send to PHP-FPM: %s" CLR_STR, strerror(errno));
error("Unable to send to FastCGI socket");
return -2;
}
return 0;
}
int fastcgi_php_error(char *msg, int msg_len, char *err_msg) {
int fastcgi_php_error(const fastcgi_conn *conn, const char *msg, int msg_len, char *err_msg) {
char *msg_str = malloc(msg_len + 1);
char *ptr0 = msg_str;
strncpy(msg_str, msg, msg_len);
memcpy(msg_str, msg, msg_len);
msg_str[msg_len] = 0;
char *ptr1 = NULL;
int len;
int err = 0;
// FIXME *msg is part of a stream, handle fragmented lines
while (1) {
log_lvl_t msg_type = LOG_INFO;
int msg_pre_len = 0;
ptr1 = strstr(ptr0, "PHP message: ");
if (ptr1 == NULL) {
len = (int) (msg_len - (ptr0 - msg_str));
if (ptr0 == msg_str) msg_type = 2;
} else {
len = (int) (ptr1 - ptr0);
}
@@ -223,19 +244,17 @@ int fastcgi_php_error(char *msg, int msg_len, char *err_msg) {
goto next;
}
int msg_type = 0;
int msg_pre_len = 0;
if (len >= 14 && strncmp(ptr0, "PHP Warning: ", 14) == 0) {
msg_type = 1;
msg_type = LOG_WARNING;
msg_pre_len = 14;
} else if (len >= 18 && strncmp(ptr0, "PHP Fatal error: ", 18) == 0) {
msg_type = 2;
msg_type = LOG_ERROR;
msg_pre_len = 18;
} else if (len >= 18 && strncmp(ptr0, "PHP Parse error: ", 18) == 0) {
msg_type = 2;
msg_type = LOG_ERROR;
msg_pre_len = 18;
} else if (len >= 18 && strncmp(ptr0, "PHP Notice: ", 13) == 0) {
msg_type = 1;
msg_type = LOG_NOTICE;
msg_pre_len = 13;
}
@@ -248,9 +267,9 @@ int fastcgi_php_error(char *msg, int msg_len, char *err_msg) {
if (ptr3 != NULL && (ptr3 - ptr2) < len2) {
len2 = (int) (ptr3 - ptr2);
}
print("%s%.*s%s", msg_type == 1 ? WRN_STR : msg_type == 2 ? ERR_STR: "", len2, ptr2, msg_type != 0 ? CLR_STR : "");
logmsgf(msg_type, "%.*s", len2, ptr2);
if (msg_type == 2 && ptr2 == ptr0) {
sprintf(err_msg, "%.*s", len2, ptr2);
strcpy_rem_webroot(err_msg, ptr2, len2, conn->webroot);
err = 1;
}
if (ptr3 == NULL) {
@@ -265,6 +284,7 @@ int fastcgi_php_error(char *msg, int msg_len, char *err_msg) {
}
ptr0 = ptr1 + 13;
}
free(msg_str);
return err;
}
@@ -272,20 +292,20 @@ int fastcgi_header(fastcgi_conn *conn, http_res *res, char *err_msg) {
FCGI_Header header;
char *content;
unsigned short content_len, req_id;
int ret;
long ret;
int err = 0;
while (1) {
ret = recv(conn->socket, &header, sizeof(header), 0);
if (ret < 0) {
res->status = http_get_status(502);
sprintf(err_msg, "Unable to communicate with PHP-FPM.");
print(ERR_STR "Unable to receive from PHP-FPM: %s" CLR_STR, strerror(errno));
res->status = http_get_status(500);
sprintf(err_msg, "Unable to communicate with FastCGI socket.");
error("Unable to receive from FastCGI socket");
return 1;
} else if (ret != sizeof(header)) {
res->status = http_get_status(502);
sprintf(err_msg, "Unable to communicate with PHP-FPM.");
print(ERR_STR "Unable to receive from PHP-FPM" CLR_STR);
res->status = http_get_status(500);
sprintf(err_msg, "Unable to communicate with FastCGI socket.");
error("Unable to receive from FastCGI socket");
return 1;
}
req_id = (header.requestIdB1 << 8) | header.requestIdB0;
@@ -293,15 +313,15 @@ int fastcgi_header(fastcgi_conn *conn, http_res *res, char *err_msg) {
content = malloc(content_len + header.paddingLength);
ret = recv(conn->socket, content, content_len + header.paddingLength, 0);
if (ret < 0) {
res->status = http_get_status(502);
sprintf(err_msg, "Unable to communicate with PHP-FPM.");
print(ERR_STR "Unable to receive from PHP-FPM: %s" CLR_STR, strerror(errno));
res->status = http_get_status(500);
sprintf(err_msg, "Unable to communicate with FastCGI socket.");
error("Unable to receive from FastCGI socket");
free(content);
return 1;
} else if (ret != (content_len + header.paddingLength)) {
res->status = http_get_status(502);
sprintf(err_msg, "Unable to communicate with PHP-FPM.");
print(ERR_STR "Unable to receive from PHP-FPM" CLR_STR);
res->status = http_get_status(500);
sprintf(err_msg, "Unable to communicate with FastCGI socket.");
error("Unable to receive from FastCGI socket");
free(content);
return 1;
}
@@ -315,21 +335,24 @@ int fastcgi_header(fastcgi_conn *conn, http_res *res, char *err_msg) {
int app_status = (body->appStatusB3 << 24) | (body->appStatusB2 << 16) | (body->appStatusB1 << 8) |
body->appStatusB0;
if (body->protocolStatus != FCGI_REQUEST_COMPLETE) {
print(ERR_STR "FastCGI protocol error: %i" CLR_STR, body->protocolStatus);
error("FastCGI protocol error: %i", body->protocolStatus);
}
if (app_status != 0) {
print(ERR_STR "Script terminated with exit code %i" CLR_STR, app_status);
error("FastCGI app terminated with exit code %i", app_status);
}
close(conn->socket);
conn->socket = 0;
free(content);
return 1;
} else if (header.type == FCGI_STDERR) {
err = err || fastcgi_php_error(content, content_len, err_msg);
// TODO implement Sesimos backend error handling
if (conn->mode == FASTCGI_PHP) {
err = err || fastcgi_php_error(conn, content, content_len, err_msg);
}
} else if (header.type == FCGI_STDOUT) {
break;
} else {
print(ERR_STR "Unknown FastCGI type: %i" CLR_STR, header.type);
error("Unknown FastCGI type: %i", header.type);
}
free(content);
@@ -346,13 +369,13 @@ int fastcgi_header(fastcgi_conn *conn, http_res *res, char *err_msg) {
char *buf = content;
unsigned short header_len = conn->out_off;
if (header_len <= 0) {
print(ERR_STR "Unable to parse header: End of header not found" CLR_STR);
error("Unable to parse header: End of header not found");
return 1;
}
for (int i = 0; i < header_len; i++) {
if ((buf[i] >= 0x00 && buf[i] <= 0x1F && buf[i] != '\r' && buf[i] != '\n') || buf[i] == 0x7F) {
print(ERR_STR "Unable to parse header: Header contains illegal characters" CLR_STR);
error("Unable to parse header: Header contains illegal characters");
return 2;
}
}
@@ -361,12 +384,12 @@ int fastcgi_header(fastcgi_conn *conn, http_res *res, char *err_msg) {
while (header_len != (ptr - buf)) {
char *pos0 = strstr(ptr, "\r\n");
if (pos0 == NULL) {
print(ERR_STR "Unable to parse header: Invalid header format" CLR_STR);
error("Unable to parse header: Invalid header format");
return 1;
}
ret = http_parse_header_field(&res->hdr, ptr, pos0);
if (ret != 0) return ret;
ret = http_parse_header_field(&res->hdr, ptr, pos0, 0);
if (ret != 0) return (int) ret;
if (pos0[2] == '\r' && pos0[3] == '\n') {
return 0;
}
@@ -378,7 +401,7 @@ int fastcgi_header(fastcgi_conn *conn, http_res *res, char *err_msg) {
int fastcgi_send(fastcgi_conn *conn, sock *client, int flags) {
FCGI_Header header;
int ret;
long ret;
char buf0[256];
int len;
char *content, *ptr;
@@ -386,15 +409,18 @@ int fastcgi_send(fastcgi_conn *conn, sock *client, int flags) {
char comp_out[4096];
int finish_comp = 0;
z_stream strm;
if (flags & FASTCGI_COMPRESS) {
int level = NECRONDA_ZLIB_LEVEL;
strm.zalloc = Z_NULL;
strm.zfree = Z_NULL;
strm.opaque = Z_NULL;
if (deflateInit(&strm, level) != Z_OK) {
print(ERR_STR "Unable to init deflate: %s" CLR_STR, strerror(errno));
flags &= !FASTCGI_COMPRESS;
compress_ctx comp_ctx;
if (flags & FASTCGI_COMPRESS_BR) {
flags &= ~FASTCGI_COMPRESS_GZ;
if (compress_init(&comp_ctx, COMPRESS_BR) != 0) {
error("Unable to init brotli");
flags &= ~FASTCGI_COMPRESS_BR;
}
} else if (flags & FASTCGI_COMPRESS_GZ) {
flags &= ~FASTCGI_COMPRESS_BR;
if (compress_init(&comp_ctx, COMPRESS_GZ) != 0) {
error("Unable to init gzip");
flags &= ~FASTCGI_COMPRESS_GZ;
}
}
@@ -408,36 +434,38 @@ int fastcgi_send(fastcgi_conn *conn, sock *client, int flags) {
while (1) {
ret = recv(conn->socket, &header, sizeof(header), 0);
if (ret < 0) {
print(ERR_STR "Unable to receive from PHP-FPM: %s" CLR_STR, strerror(errno));
error("Unable to receive from FastCGI socket");
return -1;
} else if (ret != sizeof(header)) {
print(ERR_STR "Unable to receive from PHP-FPM" CLR_STR);
error("Unable to receive from FastCGI socket: received len (%li) != header len (%li)", ret, sizeof(header));
return -1;
}
req_id = (header.requestIdB1 << 8) | header.requestIdB0;
content_len = (header.contentLengthB1 << 8) | header.contentLengthB0;
content = malloc(content_len + header.paddingLength);
ptr = content;
ret = recv(conn->socket, content, content_len + header.paddingLength, 0);
long rcv_len = 0;
while (rcv_len < content_len + header.paddingLength) {
ret = recv(conn->socket, content + rcv_len, content_len + header.paddingLength - rcv_len, 0);
if (ret < 0) {
print(ERR_STR "Unable to receive from PHP-FPM: %s" CLR_STR, strerror(errno));
free(content);
return -1;
} else if (ret != (content_len + header.paddingLength)) {
print(ERR_STR "Unable to receive from PHP-FPM" CLR_STR);
error("Unable to receive from FastCGI socket");
free(content);
return -1;
}
rcv_len += ret;
}
if (header.type == FCGI_END_REQUEST) {
FCGI_EndRequestBody *body = (FCGI_EndRequestBody *) content;
int app_status = (body->appStatusB3 << 24) | (body->appStatusB2 << 16) | (body->appStatusB1 << 8) |
body->appStatusB0;
if (body->protocolStatus != FCGI_REQUEST_COMPLETE) {
print(ERR_STR "FastCGI protocol error: %i" CLR_STR, body->protocolStatus);
error("FastCGI protocol error: %i", body->protocolStatus);
}
if (app_status != 0) {
print(ERR_STR "Script terminated with exit code %i" CLR_STR, app_status);
error("FastCGI app terminated with exit code %i", app_status);
}
close(conn->socket);
conn->socket = 0;
@@ -448,52 +476,107 @@ int fastcgi_send(fastcgi_conn *conn, sock *client, int flags) {
content_len = 0;
goto out;
finish:
deflateEnd(&strm);
compress_free(&comp_ctx);
}
if (flags & FASTCGI_CHUNKED) {
if (client->enc) {
SSL_write(client->ssl, "0\r\n\r\n", 5);
} else {
send(client->socket, "0\r\n\r\n", 5, 0);
}
sock_send(client, "0\r\n\r\n", 5, 0);
}
return 0;
} else if (header.type == FCGI_STDERR) {
print(ERR_STR "%.*s" CLR_STR, content_len, content);
} else if (header.type == FCGI_STDOUT) {
out:
if (flags & FASTCGI_COMPRESS) {
strm.avail_in = content_len;
strm.next_in = (unsigned char *) ptr;
// TODO implement Sesimos backend error handling
if (conn->mode == FASTCGI_PHP) {
fastcgi_php_error(conn, content, content_len, buf0);
}
} else if (header.type == FCGI_STDOUT) {
unsigned long avail_in, avail_out;
out:
avail_in = content_len;
char *next_in = ptr;
do {
int buf_len = content_len;
if (flags & FASTCGI_COMPRESS) {
strm.avail_out = sizeof(comp_out);
strm.next_out = (unsigned char *) comp_out;
deflate(&strm, finish_comp ? Z_FINISH : Z_NO_FLUSH);
strm.avail_in = 0;
avail_out = sizeof(comp_out);
compress_compress(&comp_ctx, next_in + content_len - avail_in, &avail_in, comp_out, &avail_out, finish_comp);
ptr = comp_out;
buf_len = (int) (sizeof(comp_out) - strm.avail_out);
buf_len = (int) (sizeof(comp_out) - avail_out);
}
if (buf_len != 0) {
len = sprintf(buf0, "%X\r\n", buf_len);
if (client->enc) {
if (flags & FASTCGI_CHUNKED) SSL_write(client->ssl, buf0, len);
SSL_write(client->ssl, ptr, buf_len);
if (flags & FASTCGI_CHUNKED) SSL_write(client->ssl, "\r\n", 2);
} else {
if (flags & FASTCGI_CHUNKED) send(client->socket, buf0, len, 0);
send(client->socket, ptr, buf_len, 0);
if (flags & FASTCGI_CHUNKED) send(client->socket, "\r\n", 2, 0);
if (flags & FASTCGI_CHUNKED) sock_send(client, buf0, len, 0);
sock_send(client, ptr, buf_len, 0);
if (flags & FASTCGI_CHUNKED) sock_send(client, "\r\n", 2, 0);
}
}
} while ((flags & FASTCGI_COMPRESS) && strm.avail_out == 0);
} while ((flags & FASTCGI_COMPRESS) && (avail_in != 0 || avail_out != sizeof(comp_out)));
if (finish_comp) goto finish;
} else {
print(ERR_STR "Unknown FastCGI type: %i" CLR_STR, header.type);
error("Unknown FastCGI type: %i", header.type);
}
free(content);
}
}
int fastcgi_dump(fastcgi_conn *conn, char *buf, long len) {
FCGI_Header header;
long ret;
char buf0[256];
char *content, *ptr = buf;
unsigned short req_id, content_len;
if (conn->out_buf != NULL && conn->out_len > conn->out_off) {
ptr += snprintf(ptr, len, "%.*s", conn->out_len - conn->out_off, conn->out_buf + conn->out_off);
}
while (1) {
ret = recv(conn->socket, &header, sizeof(header), 0);
if (ret < 0) {
error("Unable to receive from FastCGI socket");
return -1;
} else if (ret != sizeof(header)) {
error("Unable to receive from FastCGI socket: received len (%li) != header len (%li)", ret, sizeof(header));
return -1;
}
req_id = (header.requestIdB1 << 8) | header.requestIdB0;
content_len = (header.contentLengthB1 << 8) | header.contentLengthB0;
content = malloc(content_len + header.paddingLength);
long rcv_len = 0;
while (rcv_len < content_len + header.paddingLength) {
ret = recv(conn->socket, content + rcv_len, content_len + header.paddingLength - rcv_len, 0);
if (ret < 0) {
error("Unable to receive from FastCGI socket");
free(content);
return -1;
}
rcv_len += ret;
}
if (header.type == FCGI_END_REQUEST) {
FCGI_EndRequestBody *body = (FCGI_EndRequestBody *) content;
int app_status = (body->appStatusB3 << 24) | (body->appStatusB2 << 16) | (body->appStatusB1 << 8) |
body->appStatusB0;
if (body->protocolStatus != FCGI_REQUEST_COMPLETE) {
error("FastCGI protocol error: %i", body->protocolStatus);
}
if (app_status != 0) {
error("FastCGI app terminated with exit code %i", app_status);
}
close(conn->socket);
conn->socket = 0;
free(content);
return 0;
} else if (header.type == FCGI_STDERR) {
// TODO implement Sesimos backend error handling
if (conn->mode == FASTCGI_PHP) {
fastcgi_php_error(conn, content, content_len, buf0);
}
} else if (header.type == FCGI_STDOUT) {
ptr += snprintf(ptr, len - (ptr - buf), "%.*s", content_len, content);
} else {
error("Unknown FastCGI type: %i", header.type);
}
free(content);
}
@@ -502,7 +585,7 @@ int fastcgi_send(fastcgi_conn *conn, sock *client, int flags) {
int fastcgi_receive(fastcgi_conn *conn, sock *client, unsigned long len) {
unsigned long rcv_len = 0;
char *buf[16384];
int ret;
long ret;
FCGI_Header header = {
.version = FCGI_VERSION_1,
.type = FCGI_STDIN,
@@ -514,36 +597,40 @@ int fastcgi_receive(fastcgi_conn *conn, sock *client, unsigned long len) {
.reserved = 0
};
if (client->buf != NULL && client->buf_len - client->buf_off > 0) {
ret = (int) (client->buf_len - client->buf_off);
memcpy(buf, client->buf + client->buf_off, ret);
goto send;
while (rcv_len < len) {
ret = sock_recv(client, buf, sizeof(buf), 0);
if (ret <= 0) {
error("Unable to receive: %s", sock_strerror(client));
return -1;
}
while (rcv_len < len) {
if (client->enc) {
ret = SSL_read(client->ssl, buf, sizeof(buf));
if (ret <= 0) {
print(ERR_STR "Unable to receive: %s" CLR_STR, ssl_get_error(client->ssl, rcv_len));
return -1;
}
} else {
ret = recv(client->socket, buf, sizeof(buf), 0);
if (ret <= 0) {
print(ERR_STR "Unable to receive: %s" CLR_STR, strerror(errno));
return -1;
}
}
send:
rcv_len += ret;
header.contentLengthB1 = (ret >> 8) & 0xFF;
header.contentLengthB0 = ret & 0xFF;
if (send(conn->socket, &header, sizeof(header), 0) != sizeof(header)) goto err;
if (send(conn->socket, buf, ret, 0) != ret) {
err:
print(ERR_STR "Unable to send to PHP-FPM: %s" CLR_STR, strerror(errno));
error("Unable to send to FastCGI socket");
return -2;
}
}
return 0;
}
int fastcgi_receive_chunked(fastcgi_conn *conn, sock *client) {
long ret;
unsigned long next_len;
while (1) {
ret = sock_get_chunk_header(client);
if (ret < 0) return (int) ret;
next_len = ret;
if (next_len <= 0) break;
ret = fastcgi_receive(conn, client, next_len);
if (ret < 0) return (int) ret;
}
return 0;
}

62
src/lib/fastcgi.h Normal file
View File

@@ -0,0 +1,62 @@
/**
* sesimos - secure, simple, modern web server
* @brief FastCGI interface implementation (header file)
* @file src/lib/fastcgi.h
* @author Lorenz Stechauner
* @date 2020-12-26
*/
#ifndef SESIMOS_FASTCGI_H
#define SESIMOS_FASTCGI_H
#include "include/fastcgi.h"
#include "http.h"
#include "uri.h"
#include "../client.h"
#define FASTCGI_CHUNKED 1
#define FASTCGI_COMPRESS_GZ 2
#define FASTCGI_COMPRESS_BR 4
#define FASTCGI_COMPRESS 6
#define FASTCGI_COMPRESS_HOLD 8
#define FASTCGI_PHP 1
#define FASTCGI_SESIMOS 2
#ifndef PHP_FPM_SOCKET
# define PHP_FPM_SOCKET "/var/run/php-fpm/php-fpm.sock"
#endif
#define SESIMOS_BACKEND_SOCKET "/var/run/sesimos/backend.sock"
typedef struct {
int mode;
int socket;
unsigned short req_id;
char *out_buf;
const char *webroot;
unsigned short out_len;
unsigned short out_off;
client_ctx_t *ctx;
} fastcgi_conn;
char *fastcgi_add_param(char *buf, const char *key, const char *value);
int fastcgi_init(fastcgi_conn *conn, int mode, unsigned int client_num, unsigned int req_num, const sock *client,
const http_req *req, const http_uri *uri);
int fastcgi_close_stdin(fastcgi_conn *conn);
int fastcgi_php_error(const fastcgi_conn *conn, const char *msg, int msg_len, char *err_msg);
int fastcgi_header(fastcgi_conn *conn, http_res *res, char *err_msg);
int fastcgi_send(fastcgi_conn *conn, sock *client, int flags);
int fastcgi_dump(fastcgi_conn *conn, char *buf, long len);
int fastcgi_receive(fastcgi_conn *conn, sock *client, unsigned long len);
int fastcgi_receive_chunked(fastcgi_conn *conn, sock *client);
#endif //SESIMOS_FASTCGI_H

192
src/lib/geoip.c Normal file
View File

@@ -0,0 +1,192 @@
/**
* sesimos - secure, simple, modern web server
* @brief MaxMind GeoIP Database interface
* @file src/lib/geoip.c
* @author Lorenz Stechauner
* @date 2021-05-04
*/
#include "geoip.h"
#include "../logger.h"
#include <memory.h>
#include <dirent.h>
static MMDB_s mmdbs[GEOIP_MAX_MMDB];
static MMDB_entry_data_list_s *geoip_json(MMDB_entry_data_list_s *list, char *str, long *str_off, long str_len) {
switch (list->entry_data.type) {
case MMDB_DATA_TYPE_MAP:
*str_off += sprintf(str + *str_off, "{");
break;
case MMDB_DATA_TYPE_ARRAY:
*str_off += sprintf(str + *str_off, "[");
break;
case MMDB_DATA_TYPE_UTF8_STRING:
*str_off += sprintf(str + *str_off, "\"%.*s\"", list->entry_data.data_size, list->entry_data.utf8_string);
break;
case MMDB_DATA_TYPE_UINT16:
*str_off += sprintf(str + *str_off, "%u", list->entry_data.uint16);
break;
case MMDB_DATA_TYPE_UINT32:
*str_off += sprintf(str + *str_off, "%u", list->entry_data.uint32);
break;
case MMDB_DATA_TYPE_UINT64:
*str_off += sprintf(str + *str_off, "%lu", list->entry_data.uint64);
break;
case MMDB_DATA_TYPE_UINT128:
*str_off += sprintf(str + *str_off, "%llu", (unsigned long long) list->entry_data.uint128);
break;
case MMDB_DATA_TYPE_INT32:
*str_off += sprintf(str + *str_off, "%i", list->entry_data.int32);
break;
case MMDB_DATA_TYPE_BOOLEAN:
*str_off += sprintf(str + *str_off, "%s", list->entry_data.boolean ? "true" : "false");
break;
case MMDB_DATA_TYPE_FLOAT:
*str_off += sprintf(str + *str_off, "%f", list->entry_data.float_value);
break;
case MMDB_DATA_TYPE_DOUBLE:
*str_off += sprintf(str + *str_off, "%f", list->entry_data.double_value);
break;
}
if (list->entry_data.type != MMDB_DATA_TYPE_MAP && list->entry_data.type != MMDB_DATA_TYPE_ARRAY)
return list->next;
MMDB_entry_data_list_s *next = list->next;
int stat = 0;
for (int i = 0; i < list->entry_data.data_size; i++) {
next = geoip_json(next, str, str_off, str_len);
if (list->entry_data.type == MMDB_DATA_TYPE_MAP) {
stat = !stat;
if (stat) {
i--;
*str_off += sprintf(str + *str_off, ":");
continue;
}
}
if (i != list->entry_data.data_size - 1)
*str_off += sprintf(str + *str_off, ",");
}
*str_off += sprintf(str + *str_off, (list->entry_data.type == MMDB_DATA_TYPE_MAP) ? "}" : "]");
return next;
}
int geoip_init(const char *directory) {
char buf[512];
memset(mmdbs, 0, sizeof(mmdbs));
if (directory[0] == 0)
return 0;
DIR *geoip_dir;
if ((geoip_dir = opendir(directory)) == NULL)
return -1;
struct dirent *entry;
int i = 0, status;
while ((entry = readdir(geoip_dir)) != NULL) {
if (strcmp(entry->d_name + strlen(entry->d_name) - 5, ".mmdb") != 0)
continue;
if (i >= GEOIP_MAX_MMDB) {
critical("Unable to initialize geoip: Too many .mmdb files");
closedir(geoip_dir);
return 1;
}
sprintf(buf, "%s/%s", directory, entry->d_name);
if ((status = MMDB_open(buf, 0, &mmdbs[i])) != MMDB_SUCCESS) {
critical("Unable to initialize geoip: Unable to open .mmdb file: %s", MMDB_strerror(status));
closedir(geoip_dir);
return 1;
}
i++;
}
closedir(geoip_dir);
if (i == 0) {
critical("Unable to initialize geoip: No .mmdb files found in %s", directory);
return 1;
}
return 0;
}
void geoip_free() {
for (int i = 0; i < GEOIP_MAX_MMDB && mmdbs[i].file_content != NULL; i++) {
MMDB_close(&mmdbs[i]);
}
}
int geoip_lookup_country(struct sockaddr *addr, char *str) {
for (int i = 0; i < GEOIP_MAX_MMDB && mmdbs[i].file_content != NULL; i++) {
// lookup
int mmdb_res;
MMDB_lookup_result_s result = MMDB_lookup_sockaddr(&mmdbs[i], addr, &mmdb_res);
if (mmdb_res != MMDB_SUCCESS) {
return -1;
} else if (!result.found_entry) {
continue;
}
// get country iso code
MMDB_entry_data_s data;
int status;
if ((status = MMDB_get_value(&result.entry, &data, "country", "iso_code", NULL)) != MMDB_SUCCESS) {
if (status == MMDB_IO_ERROR) {
}
return -1;
}
// no, or invalid data
if (!data.has_data || data.type != MMDB_DATA_TYPE_UTF8_STRING)
continue;
// return country code
sprintf(str, "%.2s", data.utf8_string);
return 0;
}
// not found
return 1;
}
int geoip_lookup_json(struct sockaddr *addr, char *json, long len) {
long str_off = 0;
for (int i = 0; i < GEOIP_MAX_MMDB && mmdbs[i].filename != NULL; i++) {
int mmdb_res;
MMDB_lookup_result_s result = MMDB_lookup_sockaddr(&mmdbs[i], addr, &mmdb_res);
if (mmdb_res != MMDB_SUCCESS) {
error("Unable to lookup geoip info: %s", MMDB_strerror(mmdb_res));
continue;
} else if (!result.found_entry) {
continue;
}
MMDB_entry_data_list_s *list;
if ((mmdb_res = MMDB_get_entry_data_list(&result.entry, &list)) != MMDB_SUCCESS) {
error("Unable to lookup geoip info: %s", MMDB_strerror(mmdb_res));
continue;
}
long prev = str_off;
if (str_off != 0) {
str_off--;
}
geoip_json(list, json, &str_off, len);
if (prev != 0) {
json[prev - 1] = ',';
}
MMDB_free_entry_data_list(list);
}
return 0;
}

24
src/lib/geoip.h Normal file
View File

@@ -0,0 +1,24 @@
/**
* sesimos - secure, simple, modern web server
* @brief MaxMind GeoIP Database interface (header file)
* @file src/lib/geoip.h
* @author Lorenz Stechauner
* @date 2021-05-04
*/
#ifndef SESIMOS_GEOIP_H
#define SESIMOS_GEOIP_H
#include <maxminddb.h>
#define GEOIP_MAX_JSON_SIZE 8192
#define GEOIP_MAX_MMDB 3
int geoip_init(const char *directory);
void geoip_free();
int geoip_lookup_country(struct sockaddr *addr, char *str);
#endif //SESIMOS_GEOIP_H

451
src/lib/http.c Normal file
View File

@@ -0,0 +1,451 @@
/**
* sesimos - secure, simple, modern web server
* @brief HTTP implementation
* @file src/lib/http.c
* @author Lorenz Stechauner
* @date 2020-12-09
*/
#include "../logger.h"
#include "http.h"
#include "utils.h"
#include "compress.h"
#include <string.h>
void http_to_camel_case(char *str, int mode) {
if (mode == HTTP_PRESERVE)
return;
char ch, last = '-';
for (int i = 0; i < strlen(str); i++) {
ch = str[i];
if (mode == HTTP_CAMEL && last == '-' && ch >= 'a' && ch <= 'z') {
str[i] = (char) ((int) ch & 0x5F);
} else if (mode == HTTP_LOWER && ch >= 'A' && ch <= 'Z') {
str[i] = (char) ((int) ch | 0x20);
}
last = str[i];
}
}
const char *http_field_get_name(const http_field *field) {
if (field->type == HTTP_FIELD_NORMAL) {
return field->normal.name;
} else if (field->type == HTTP_FIELD_EX_VALUE) {
return field->ex_value.name;
} else if (field->type == HTTP_FIELD_EX_NAME) {
return field->ex_name.name;
}
return NULL;
}
const char *http_field_get_value(const http_field *field) {
if (field->type == HTTP_FIELD_NORMAL) {
return field->normal.value;
} else if (field->type == HTTP_FIELD_EX_VALUE) {
return field->ex_value.value;
} else if (field->type == HTTP_FIELD_EX_NAME) {
return field->ex_name.value;
}
return NULL;
}
void http_free_field(http_field *f) {
if (f->type == HTTP_FIELD_NORMAL) {
f->normal.name[0] = 0;
f->normal.value[0] = 0;
} else if (f->type == HTTP_FIELD_EX_VALUE) {
f->ex_value.name[0] = 0;
free(f->ex_value.value);
f->ex_value.value = NULL;
} else if (f->type == HTTP_FIELD_EX_NAME) {
free(f->ex_name.name);
free(f->ex_name.value);
f->ex_name.name = NULL;
f->ex_name.value = NULL;
}
}
void http_free_hdr(http_hdr *hdr) {
for (int i = 0; i < hdr->field_num; i++) {
http_free_field(&hdr->fields[i]);
}
hdr->field_num = 0;
hdr->last_field_num = -1;
}
void http_free_req(http_req *req) {
if (req->uri != NULL) free(req->uri);
req->uri = NULL;
http_free_hdr(&req->hdr);
}
void http_free_res(http_res *res) {
http_free_hdr(&res->hdr);
}
int http_parse_header_field(http_hdr *hdr, const char *buf, const char *end_ptr, int flags) {
if (hdr->last_field_num > hdr->field_num) {
error("Unable to parse header: Invalid state");
return 3;
}
char *pos1 = (char *) buf, *pos2 = (char *) end_ptr;
if (buf[0] == ' ' || buf[0] == '\t') {
if (hdr->last_field_num == -1) {
error("Unable to parse header");
return 3;
}
http_field *f = &hdr->fields[(int) hdr->last_field_num];
str_trim_lws(&pos1, &pos2);
http_append_to_header_field(f, pos1, pos2 - pos1);
return 0;
}
pos1 = memchr(buf, ':', end_ptr - buf);
if (pos1 == NULL) {
error("Unable to parse header");
return 3;
}
long len1 = pos1 - buf;
pos1++;
str_trim_lws(&pos1, &pos2);
long len2 = pos2 - pos1;
char field_num = hdr->field_num;
int found = http_get_header_field_num_len(hdr, buf, len1);
if (!(flags & HTTP_MERGE_FIELDS) || found == -1) {
if (http_add_header_field_len(hdr, buf, len1, pos1, len2 < 0 ? 0 : len2) != 0) {
error("Unable to parse header: Too many header fields");
return 3;
}
} else {
field_num = (char) found;
http_append_to_header_field(&hdr->fields[found], ", ", 2);
http_append_to_header_field(&hdr->fields[found], pos1, len2);
}
hdr->last_field_num = (char) field_num;
return 0;
}
int http_receive_request(sock *client, http_req *req) {
long rcv_len, len;
char buf[CLIENT_MAX_HEADER_SIZE];
char *ptr, *pos0 = buf, *pos1, *pos2;
memset(buf, 0, sizeof(buf));
memset(req->method, 0, sizeof(req->method));
memset(req->version, 0, sizeof(req->version));
req->uri = NULL;
req->hdr.field_num = 0;
req->hdr.last_field_num = -1;
while (1) {
rcv_len = sock_recv(client, buf, CLIENT_MAX_HEADER_SIZE, MSG_PEEK);
if (rcv_len <= 0) {
error("Unable to receive http header: %s", sock_strerror(client));
return -1;
}
unsigned long header_len = strstr(buf, "\r\n\r\n") - buf + 4;
if (header_len <= 0) {
error("Unable to parse http header: End of header not found");
return 5;
} else {
rcv_len = sock_recv(client, buf, header_len, 0);
}
for (int i = 0; i < header_len; i++) {
if ((buf[i] >= 0x00 && buf[i] <= 0x1F && buf[i] != '\r' && buf[i] != '\n') || buf[i] == 0x7F) {
error("Unable to parse http header: Header contains illegal characters");
return 4;
}
}
ptr = buf;
while (header_len > (ptr - buf + 2)) {
pos0 = strstr(ptr, "\r\n");
if (pos0 == NULL) {
error("Unable to parse http header: Invalid header format");
return 1;
}
if (req->version[0] == 0) {
pos1 = (char *) memchr(ptr, ' ', rcv_len - (ptr - buf)) + 1;
if (pos1 == NULL) goto err_hdr_fmt;
if (pos1 - ptr - 1 >= sizeof(req->method)) {
error("Unable to parse http header: Method name too long");
return 2;
}
for (int i = 0; i < (pos1 - ptr - 1); i++) {
if (ptr[i] < 'A' || ptr[i] > 'Z') {
error("Unable to parse http header: Invalid method");
return 2;
}
}
snprintf(req->method, sizeof(req->method), "%.*s", (int) (pos1 - ptr - 1), ptr);
pos2 = (char *) memchr(pos1, ' ', rcv_len - (pos1 - buf)) + 1;
if (pos2 == NULL) {
err_hdr_fmt:
error("Unable to parse http header: Invalid header format");
return 1;
}
if (memcmp(pos2, "HTTP/", 5) != 0 || memcmp(pos2 + 8, "\r\n", 2) != 0) {
error("Unable to parse http header: Invalid version");
return 3;
}
len = pos2 - pos1 - 1;
req->uri = malloc(len + 1);
sprintf(req->uri, "%.*s", (int) len, pos1);
sprintf(req->version, "%.3s", pos2 + 5);
} else {
int ret = http_parse_header_field(&req->hdr, ptr, pos0, HTTP_MERGE_FIELDS);
if (ret != 0) return ret;
}
ptr = pos0 + 2;
}
if (pos0[2] == '\r' && pos0[3] == '\n') {
break;
}
}
return 0;
}
const char *http_get_header_field(const http_hdr *hdr, const char *field_name) {
return http_get_header_field_len(hdr, field_name, strlen(field_name));
}
const char *http_get_header_field_len(const http_hdr *hdr, const char *field_name, unsigned long len) {
int num = http_get_header_field_num_len(hdr, field_name, len);
return (num >= 0 && num < HTTP_MAX_HEADER_FIELD_NUM) ? http_field_get_value(&hdr->fields[num]) : NULL;
}
int http_get_header_field_num(const http_hdr *hdr, const char *field_name) {
return http_get_header_field_num_len(hdr, field_name, strlen(field_name));
}
int http_get_header_field_num_len(const http_hdr *hdr, const char *field_name, unsigned long len) {
char field_name_1[256], field_name_2[256];
memcpy(field_name_1, field_name, len);
field_name_1[len] = 0;
http_to_camel_case(field_name_1, HTTP_LOWER);
for (int i = 0; i < hdr->field_num; i++) {
strcpy(field_name_2, http_field_get_name(&hdr->fields[i]));
http_to_camel_case(field_name_2, HTTP_LOWER);
if (strcmp(field_name_1, field_name_2) == 0)
return i;
}
return -1;
}
int http_add_header_field(http_hdr *hdr, const char *field_name, const char *field_value) {
return http_add_header_field_len(hdr, field_name, strlen(field_name), field_value, strlen(field_value));
}
int http_add_header_field_len(http_hdr *hdr, const char *name, unsigned long name_len, const char *value, unsigned long value_len) {
if (hdr->field_num >= HTTP_MAX_HEADER_FIELD_NUM)
return -1;
http_field *f = &hdr->fields[(int) hdr->field_num];
if (name_len < sizeof(f->normal.name) && value_len < sizeof(f->normal.value)) {
f->type = HTTP_FIELD_NORMAL;
memcpy(f->normal.name, name, name_len);
memcpy(f->normal.value, value, value_len);
f->normal.name[name_len] = 0;
f->normal.value[value_len] = 0;
http_to_camel_case(f->normal.name, HTTP_PRESERVE);
} else if (name_len < sizeof(f->ex_value.name)) {
f->type = HTTP_FIELD_EX_VALUE;
f->ex_value.value = malloc(value_len + 1);
memcpy(f->ex_value.name, name, name_len);
memcpy(f->ex_value.value, value, value_len);
f->ex_value.name[name_len] = 0;
f->ex_value.value[value_len] = 0;
http_to_camel_case(f->ex_value.name, HTTP_PRESERVE);
} else {
f->type = HTTP_FIELD_EX_NAME;
f->ex_name.name = malloc(name_len + 1);
f->ex_name.value = malloc(value_len + 1);
memcpy(f->ex_name.name, name, name_len);
memcpy(f->ex_name.value, value, value_len);
f->ex_name.name[name_len] = 0;
f->ex_name.value[value_len] = 0;
http_to_camel_case(f->ex_name.name, HTTP_PRESERVE);
}
hdr->field_num++;
return 0;
}
void http_append_to_header_field(http_field *field, const char *value, unsigned long len) {
if (field->type == HTTP_FIELD_NORMAL) {
unsigned long total_len = strlen(field->normal.value) + len + 1;
if (total_len < sizeof(field->normal.value)) {
strncat(field->normal.value, value, len);
} else {
field->type = HTTP_FIELD_EX_VALUE;
char *new = malloc(total_len);
strcpy(new, field->normal.value);
strncat(new, value, len);
field->ex_value.value = new;
}
} else if (field->type == HTTP_FIELD_EX_VALUE) {
field->ex_value.value = realloc(field->ex_value.value, strlen(field->ex_value.value) + len + 1);
strncat(field->ex_value.value, value, len);
} else if (field->type == HTTP_FIELD_EX_NAME) {
field->ex_name.value = realloc(field->ex_name.value, strlen(field->ex_name.value) + len + 1);
strncat(field->ex_name.value, value, len);
}
}
void http_remove_header_field(http_hdr *hdr, const char *field_name, int mode) {
char field_name_1[256], field_name_2[256];
strcpy(field_name_1, field_name);
http_to_camel_case(field_name_1, HTTP_LOWER);
int i = 0;
int diff = 1;
if (mode == HTTP_REMOVE_LAST) {
i = hdr->field_num - 1;
diff = -1;
}
for (; i < hdr->field_num && i >= 0; i += diff) {
strcpy(field_name_2, http_field_get_name(&hdr->fields[i]));
http_to_camel_case(field_name_2, HTTP_LOWER);
if (strcmp(field_name_1, field_name_2) == 0) {
http_free_field(&hdr->fields[i]);
memmove(&hdr->fields[i], &hdr->fields[i + 1], sizeof(hdr->fields[0]) * (hdr->field_num - i));
hdr->field_num--;
if (mode == HTTP_REMOVE_ALL) {
i -= diff;
} else {
return;
}
}
}
}
int http_send_response(sock *client, http_res *res) {
char buf[CLIENT_MAX_HEADER_SIZE];
long off = sprintf(buf, "HTTP/%s %03i %s\r\n", res->version, res->status->code, res->status->msg);
for (int i = 0; i < res->hdr.field_num; i++) {
const http_field *f = &res->hdr.fields[i];
off += sprintf(buf + off, "%s: %s\r\n", http_field_get_name(f), http_field_get_value(f));
}
off += sprintf(buf + off, "\r\n");
if (sock_send(client, buf, off, 0) < 0) {
return -1;
}
return 0;
}
int http_send_request(sock *server, http_req *req) {
char buf[CLIENT_MAX_HEADER_SIZE];
long off = sprintf(buf, "%s %s HTTP/%s\r\n", req->method, req->uri, req->version);
for (int i = 0; i < req->hdr.field_num; i++) {
const http_field *f = &req->hdr.fields[i];
off += sprintf(buf + off, "%s: %s\r\n", http_field_get_name(f), http_field_get_value(f));
}
off += sprintf(buf + off, "\r\n");
long ret = sock_send(server, buf, off, 0);
if (ret <= 0) {
return -1;
}
return 0;
}
const http_status *http_get_status(unsigned short status_code) {
for (int i = 0; i < http_statuses_size / sizeof(http_status); i++) {
if (http_statuses[i].code == status_code) {
return &http_statuses[i];
}
}
return NULL;
}
const http_status_msg *http_get_error_msg(const http_status *status) {
unsigned short code = status->code;
for (int i = 0; i < http_status_messages_size / sizeof(http_status_msg); i++) {
if (http_status_messages[i].code == code) {
return &http_status_messages[i];
}
}
return NULL;
}
const char *http_get_status_color(const http_status *status) {
unsigned short code = status->code;
if (code >= 100 && code < 200) {
return HTTP_1XX_STR;
} else if ((code >= 200 && code < 300) || code == 304) {
return HTTP_2XX_STR;
} else if (code >= 300 && code < 400) {
return HTTP_3XX_STR;
} else if (code >= 400 && code < 500) {
return HTTP_4XX_STR;
} else if (code >= 500 && code < 600) {
return HTTP_5XX_STR;
}
return "";
}
char *http_format_date(time_t time, char *buf, size_t size) {
struct tm timeinfo;
strftime(buf, size, "%a, %d %b %Y %H:%M:%S GMT", gmtime_r(&time, &timeinfo));
return buf;
}
char *http_get_date(char *buf, size_t size) {
time_t rawtime;
time(&rawtime);
return http_format_date(rawtime, buf, size);
}
const http_doc_info *http_get_status_info(const http_status *status) {
unsigned short code = status->code;
static http_doc_info info[] = {
{"info", HTTP_COLOR_INFO, http_info_icon, http_info_document},
{"success", HTTP_COLOR_SUCCESS, http_success_icon, http_success_document},
{"warning", HTTP_COLOR_WARNING, http_warning_icon, http_warning_document},
{"error", HTTP_COLOR_ERROR, http_error_icon, http_error_document}
};
if (code >= 100 && code < 200) {
return &info[0];
} else if ((code >= 200 && code < 300) || code == 304) {
return &info[1];
} else if (code >= 300 && code < 400) {
return &info[2];
} else if (code >= 400 && code < 600) {
return &info[3];
}
return NULL;
}
int http_get_compression(const http_req *req, const http_res *res) {
const char *accept_encoding = http_get_header_field(&req->hdr, "Accept-Encoding");
const char *content_type = http_get_header_field(&res->hdr, "Content-Type");
const char *content_encoding = http_get_header_field(&res->hdr, "Content-Encoding");
if (mime_is_compressible(content_type) && content_encoding == NULL && accept_encoding != NULL) {
if (strstr(accept_encoding, "br") != NULL) {
return COMPRESS_BR;
} else if (strstr(accept_encoding, "gzip") != NULL) {
return COMPRESS_GZ;
}
}
return 0;
}

183
src/lib/http.h Normal file
View File

@@ -0,0 +1,183 @@
/**
* sesimos - secure, simple, modern web server
* @brief HTTP implementation (header file)
* @file src/lib/http.h
* @author Lorenz Stechauner
* @date 2020-12-09
*/
#ifndef SESIMOS_HTTP_H
#define SESIMOS_HTTP_H
#include "sock.h"
#define HTTP_PRESERVE 0
#define HTTP_LOWER 1
#define HTTP_CAMEL 2
#define HTTP_REMOVE_ONE 0
#define HTTP_REMOVE_ALL 1
#define HTTP_REMOVE_LAST 2
#define HTTP_FIELD_NORMAL 0
#define HTTP_FIELD_EX_VALUE 1
#define HTTP_FIELD_EX_NAME 2
#define HTTP_MERGE_FIELDS 1
#define HTTP_1XX_STR "\x1B[1;32m"
#define HTTP_2XX_STR "\x1B[1;32m"
#define HTTP_3XX_STR "\x1B[1;33m"
#define HTTP_4XX_STR "\x1B[1;31m"
#define HTTP_5XX_STR "\x1B[1;31m"
#define HTTP_COLOR_SUCCESS "#008000"
#define HTTP_COLOR_INFO "#606060"
#define HTTP_COLOR_WARNING "#E0C000"
#define HTTP_COLOR_ERROR "#C00000"
#define CLIENT_MAX_HEADER_SIZE 8192
#define HTTP_MAX_HEADER_FIELD_NUM 64
#ifndef SERVER_STR
# define SERVER_STR "Sesimos"
#endif
#ifndef SERVER_STR_HTML
# define SERVER_STR_HTML "Sesimos&nbsp;web&nbsp;server"
#endif
typedef struct {
unsigned short code;
char type[16];
char msg[64];
} http_status;
typedef struct {
unsigned short code;
const char *msg;
} http_status_msg;
typedef struct {
char mode[8];
char color[8];
const char *icon;
const char *doc;
} http_doc_info;
typedef struct {
char type;
union {
struct {
char name[64];
char value[192];
} normal;
struct {
char name[192];
char *value;
} ex_value;
struct {
char *name;
char *value;
} ex_name;
};
} http_field;
typedef struct {
char field_num;
char last_field_num;
http_field fields[HTTP_MAX_HEADER_FIELD_NUM];
} http_hdr;
typedef struct {
char method[16];
char *uri;
char version[4];
http_hdr hdr;
} http_req;
typedef struct {
const http_status *status;
char version[4];
http_hdr hdr;
} http_res;
typedef enum {
NONE, INTERNAL, CLIENT_REQ, SERVER_REQ, SERVER, SERVER_RES, CLIENT_RES
} http_error_origin;
typedef struct {
unsigned short status;
http_error_origin origin;
const char* ws_key;
} http_status_ctx;
extern const http_status http_statuses[];
extern const http_status_msg http_status_messages[];
extern const int http_statuses_size;
extern const int http_status_messages_size;
extern const char http_default_document[];
extern const char http_proxy_document[];
extern const char http_error_document[];
extern const char http_error_icon[];
extern const char http_warning_document[];
extern const char http_warning_icon[];
extern const char http_success_document[];
extern const char http_success_icon[];
extern const char http_info_document[];
extern const char http_info_icon[];
void http_to_camel_case(char *str, int mode);
const char *http_field_get_name(const http_field *field);
const char *http_field_get_value(const http_field *field);
void http_free_field(http_field *f);
void http_free_hdr(http_hdr *hdr);
void http_free_req(http_req *req);
void http_free_res(http_res *res);
int http_receive_request(sock *client, http_req *req);
int http_parse_header_field(http_hdr *hdr, const char *buf, const char *end_ptr, int flags);
const char *http_get_header_field(const http_hdr *hdr, const char *field_name);
const char *http_get_header_field_len(const http_hdr *hdr, const char *field_name, unsigned long len);
int http_get_header_field_num(const http_hdr *hdr, const char *field_name);
int http_get_header_field_num_len(const http_hdr *hdr, const char *field_name, unsigned long len);
int http_add_header_field(http_hdr *hdr, const char *field_name, const char *field_value);
int http_add_header_field_len(http_hdr *hdr, const char *name, unsigned long name_len, const char *value, unsigned long value_len);
void http_append_to_header_field(http_field *field, const char *value, unsigned long len);
void http_remove_header_field(http_hdr *hdr, const char *field_name, int mode);
int http_send_response(sock *client, http_res *res);
int http_send_request(sock *server, http_req *req);
const http_status *http_get_status(unsigned short status_code);
const http_status_msg *http_get_error_msg(const http_status *status);
const char *http_get_status_color(const http_status *status);
char *http_format_date(time_t time, char *buf, size_t size);
char *http_get_date(char *buf, size_t size);
const http_doc_info *http_get_status_info(const http_status *status);
int http_get_compression(const http_req *req, const http_res *res);
#endif //SESIMOS_HTTP_H

305
src/lib/http_static.c Normal file
View File

@@ -0,0 +1,305 @@
/**
* sesimos - secure, simple, modern web server
* @brief HTTP static implementation
* @file src/lib/http_static.c
* @author Lorenz Stechauner
* @date 2021-05-03
*/
#include "../defs.h"
#include "http.h"
const http_status http_statuses[] = {
{100, "Informational", "Continue"},
{101, "Informational", "Switching Protocols"},
{200, "Success", "OK"},
{201, "Success", "Created"},
{202, "Success", "Accepted"},
{203, "Success", "Non-Authoritative Information"},
{204, "Success", "No Content"},
{205, "Success", "Reset Content"},
{206, "Success", "Partial Content"},
{300, "Redirection", "Multiple Choices"},
{301, "Redirection", "Moved Permanently"},
{302, "Redirection", "Found"},
{303, "Redirection", "See Other"},
{304, "Success", "Not Modified"},
{305, "Redirection", "Use Proxy"},
{307, "Redirection", "Temporary Redirect"},
{308, "Redirection", "Permanent Redirect"},
{400, "Client Error", "Bad Request"},
{401, "Client Error", "Unauthorized"},
{402, "Client Error", "Payment Required"},
{403, "Client Error", "Forbidden"},
{404, "Client Error", "Not Found"},
{405, "Client Error", "Method Not Allowed"},
{406, "Client Error", "Not Acceptable"},
{407, "Client Error", "Proxy Authentication Required"},
{408, "Client Error", "Request Timeout"},
{409, "Client Error", "Conflict"},
{410, "Client Error", "Gone"},
{411, "Client Error", "Length Required"},
{412, "Client Error", "Precondition Failed"},
{413, "Client Error", "Request Entity Too Large"},
{414, "Client Error", "Request-URI Too Long"},
{415, "Client Error", "Unsupported Media Type"},
{416, "Client Error", "Range Not Satisfiable"},
{417, "Client Error", "Expectation Failed"},
{500, "Server Error", "Internal Server Error"},
{501, "Server Error", "Not Implemented"},
{502, "Server Error", "Bad Gateway"},
{503, "Server Error", "Service Unavailable"},
{504, "Server Error", "Gateway Timeout"},
{505, "Server Error", "HTTP Version Not Supported"},
};
const http_status_msg http_status_messages[] = {
{100, "The client SHOULD continue with its request."},
{101, "The server understands and is willing to comply with the clients request, via the Upgrade message header field, for a change in the application protocol being used on this connection."},
{200, "The request has succeeded."},
{201, "The request has been fulfilled and resulted in a new resource being created."},
{202, "The request has been accepted for processing, but the processing has not been completed."},
{203, "The returned meta information in the entity-header is not the definitive set as available from the origin server, but is gathered from a local or a third-party copy."},
{204, "The server has fulfilled the request but does not need to return an entity-body, and might want to return updated meta information."},
{205, "The server has fulfilled the request and the user agent SHOULD reset the document view which caused the request to be sent."},
{206, "The server has fulfilled the partial GET request for the resource."},
{300, "The requested resource corresponds to any one of a set of representations, each with its own specific location, and agent-driven negotiation information is being provided so that the user (or user agent) can select a preferred representation and redirect its request to that location."},
{301, "The requested resource has been assigned a new permanent URI and any future references to this resource SHOULD use one of the returned URIs."},
{302, "The requested resource resides temporarily under a different URI."},
{303, "The response to the request can be found under a different URI and SHOULD be retrieved using a GET method on that resource."},
{304, "The request has been fulfilled and the requested resource has not been modified."},
{305, "The requested resource MUST be accessed through the proxy given by the Location field."},
{307, "The requested resource resides temporarily under a different URI."},
{308, "The requested resource has been assigned a new permanent URI and any future references to this resource ought to use one of the enclosed URIs."},
{400, "The request could not be understood by the server due to malformed syntax."},
{401, "The request requires user authentication."},
{403, "The server understood the request, but is refusing to fulfill it."},
{404, "The server has not found anything matching the Request-URI."},
{405, "The method specified in the Request-Line is not allowed for the resource identified by the Request-URI."},
{406, "The resource identified by the request is only capable of generating response entities which have content characteristics not acceptable according to the accept headers sent in the request."},
{407, "The request requires user authentication on the proxy."},
{408, "The client did not produce a request within the time that the server was prepared to wait."},
{409, "The request could not be completed due to a conflict with the current state of the resource."},
{410, "The requested resource is no longer available at the server and no forwarding address is known."},
{411, "The server refuses to accept the request without a defined Content-Length."},
{412, "The precondition given in one or more of the request-header fields evaluated to false when it was tested on the server."},
{413, "The server is refusing to process a request because the request entity is larger than the server is willing or able to process."},
{414, "The server is refusing to service the request because the Request-URI is longer than the server is willing to interpret."},
{415, "The server is refusing to service the request because the entity of the request is in a format not supported by the requested resource for the requested method."},
{416, "None of the ranges in the requests Range header field overlap the current extent of the selected resource or that the set of ranges requested has been rejected due to invalid ranges or an excessive request of small or overlapping ranges."},
{417, "The expectation given in an Expect request-header field could not be met by this server, or, if the server is a proxy, the server has unambiguous evidence that the request could not be met by the next-hop server."},
{500, "The server encountered an unexpected condition which prevented it from fulfilling the request."},
{501, "The server does not support the functionality required to fulfill the request."},
{502, "The server, while acting as a gateway or proxy, received an invalid response from the upstream server it accessed in attempting to fulfill the request."},
{503, "The server is currently unable to handle the request due to a temporary overloading or maintenance of the server."},
{504, "The server, while acting as a gateway or proxy, did not receive a timely response from the upstream server specified by the URI or some other auxiliary server it needed to access in attempting to complete the request."},
{505, "The server does not support, or refuses to support, the HTTP protocol version that was used in the request message."}
};
const char http_default_document[] =
"<!DOCTYPE html>\n"
"<html lang=\"en\">\n"
"<head>\n"
"\t<title>%1$i %2$s - %7$s</title>\n"
"\t<meta charset=\"UTF-8\"/>\n"
"\t<meta name=\"theme-color\" content=\"%6$s\"/>\n"
"\t<meta name=\"color-scheme\" content=\"light dark\"/>\n"
"\t<meta name=\"apple-mobile-web-app-status-bar-style\" content=\"black-translucent\"/>\n"
"\t<meta name=\"viewport\" content=\"width=device-width,initial-scale=1.0\"/>\n"
"\t<link rel=\"shortcut icon\" type=\"image/x-icon\" href=\"/favicon.ico\"/>\n"
"%5$s"
"\t<style>\n"
"\t\thtml{font-family:\"Arial\",sans-serif;--error:" HTTP_COLOR_ERROR ";--warning:" HTTP_COLOR_WARNING ";--success:" HTTP_COLOR_SUCCESS ";--info:" HTTP_COLOR_INFO ";--soft:#808080;--color:var(--%4$s);}\n"
"\t\tbody{background-color:#F0F0F0;margin:0;}\n"
"\t\tmain{max-width:650px;margin:2em auto;}\n"
"\t\tsection{margin:2em 1em;background-color:#FFFFFF;border: 1px solid var(--color);border-radius:4px;padding:1em;}\n"
"\t\th1,h2,h3,h4,h5,h6{text-align:center;color:var(--color);font-weight:normal;}\n"
"\t\th1{font-size:3em;margin:0.125em 0;}\n"
"\t\th2{font-size:1.5em;margin:0.25em 0 1em 0;}\n"
"\t\tp{text-align:center;font-size:0.875em;}\n"
"\t\tdiv.footer{color:var(--soft);font-size:0.75em;text-align:center;margin:2em 0 0.5em 0;}\n"
"\t\tdiv.footer a{color:var(--soft);}\n"
"\t\tul,ol{width:fit-content;margin:auto;}\n"
"\t\tpre{width:fit-content;margin:2em auto 0 auto;}\n"
"\n"
"\t\tsection.error-ctx{display:flex;padding:0;border:none;}\n"
"\t\tdiv.box{flex:100%% 1 1;border:1px solid var(--info);color:var(--info);position:relative;padding:1em;box-sizing:border-box;text-align:center;}\n"
"\t\tdiv.box.error{border-color:var(--error);color:var(--error);}\n"
"\t\tdiv.box.success{border-color:var(--success);color:var(--success);}\n"
"\t\tdiv.arrow{position:absolute;height:20px;width:30px;z-index:10;background-repeat:no-repeat;background-size:contain;}\n"
"\t\tdiv.arrow.response{left:-17.5px;bottom:calc(33.3333%% - 10px);}\n"
"\t\tdiv.arrow.request{right:-17.5px;top:calc(33.3333%% - 10px);}\n"
"\t\tdiv.border{flex:1px 0 0;background-color:var(--info);}\n"
"\t\tdiv.border.error{background-color:var(--error);}\n"
"\t\tdiv.border.success{background-color:var(--success);}\n"
"\t\tdiv.content>span{display:block;color:var(--soft);font-size:0.75em;}\n"
"\t\tdiv.content>img{height:3.75rem;margin:0.75rem auto;display:block;}\n"
"\t\th3{font-size:2.25em;margin:0.75rem 0 0 0;color:unset;height:2.5rem;}\n"
"\t\th4{font-size:1em;margin:0 0 0.75rem 0;color:unset;height:1.25rem;}\n"
"\n"
"\t\tdiv.arrow.request.success{background-image:url('data:image/svg+xml;base64,"
"PHN2ZyB3aWR0aD0iMzAiIGhlaWdodD0iMjAiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAw"
"L3N2ZyI+PHBhdGggZD0iTTEsMSBMMjUsMSBMMjksMTAgTDI1LDE5IEwxLDE5IiBmaWxsPSIjRkZG"
"RkZGIiBzdHJva2U9IiMwMDgwMDAiIHN0cm9rZS13aWR0aD0iMiIvPjwvc3ZnPgo=');}\n"
"\t\tdiv.arrow.request.error{background-image:url('data:image/svg+xml;base64,"
"PHN2ZyB3aWR0aD0iMzAiIGhlaWdodD0iMjAiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAw"
"L3N2ZyI+PHBhdGggZD0iTTEsMSBMMjUsMSBMMjksMTAgTDI1LDE5IEwxLDE5IiBmaWxsPSIjRkZG"
"RkZGIiBzdHJva2U9IiNDMDAwMDAiIHN0cm9rZS13aWR0aD0iMiIvPjwvc3ZnPgo=');}\n"
"\t\tdiv.arrow.response.success{background-image:url('data:image/svg+xml;base64,"
"PHN2ZyB3aWR0aD0iMzAiIGhlaWdodD0iMjAiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAw"
"L3N2ZyI+PHBhdGggZD0iTTI5LDE5IEw1LDE5IEwxLDEwIEw1LDEgTDI5LDEiIGZpbGw9IiNGRkZG"
"RkYiIHN0cm9rZT0iIzAwODAwMCIgc3Ryb2tlLXdpZHRoPSIyIi8+PC9zdmc+Cg==');}\n"
"\t\tdiv.arrow.response.error{background-image:url('data:image/svg+xml;base64,"
"PHN2ZyB3aWR0aD0iMzAiIGhlaWdodD0iMjAiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAw"
"L3N2ZyI+PHBhdGggZD0iTTI5LDE5IEw1LDE5IEwxLDEwIEw1LDEgTDI5LDEiIGZpbGw9IiNGRkZG"
"RkYiIHN0cm9rZT0iI0MwMDAwMCIgc3Ryb2tlLXdpZHRoPSIyIi8+PC9zdmc+Cg==');}\n"
"\n"
"\t\t@media(prefers-color-scheme:dark){\n"
"\t\t\thtml{color:#FFFFFF;--soft:#404040;}\n"
"\t\t\tbody{background-color:#101010;}\n"
"\t\t\tsection{background-color:#181818;}\n"
"\n"
"\t\t\tdiv.arrow.request.success{background-image:url('data:image/svg+xml;base64,"
"PHN2ZyB3aWR0aD0iMzAiIGhlaWdodD0iMjAiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAw"
"L3N2ZyI+PHBhdGggZD0iTTEsMSBMMjUsMSBMMjksMTAgTDI1LDE5IEwxLDE5IiBmaWxsPSIjMTgx"
"ODE4IiBzdHJva2U9IiMwMDgwMDAiIHN0cm9rZS13aWR0aD0iMiIvPjwvc3ZnPgo=');}\n"
"\t\t\tdiv.arrow.request.error{background-image:url('data:image/svg+xml;base64,"
"PHN2ZyB3aWR0aD0iMzAiIGhlaWdodD0iMjAiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAw"
"L3N2ZyI+PHBhdGggZD0iTTEsMSBMMjUsMSBMMjksMTAgTDI1LDE5IEwxLDE5IiBmaWxsPSIjMTgx"
"ODE4IiBzdHJva2U9IiNDMDAwMDAiIHN0cm9rZS13aWR0aD0iMiIvPjwvc3ZnPgo=');}\n"
"\t\t\tdiv.arrow.response.success{background-image:url('data:image/svg+xml;base64,"
"PHN2ZyB3aWR0aD0iMzAiIGhlaWdodD0iMjAiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAw"
"L3N2ZyI+PHBhdGggZD0iTTI5LDE5IEw1LDE5IEwxLDEwIEw1LDEgTDI5LDEiIGZpbGw9IiMxODE4"
"MTgiIHN0cm9rZT0iIzAwODAwMCIgc3Ryb2tlLXdpZHRoPSIyIi8+PC9zdmc+Cg==');}\n"
"\t\t\tdiv.arrow.response.error{background-image:url('data:image/svg+xml;base64,"
"PHN2ZyB3aWR0aD0iMzAiIGhlaWdodD0iMjAiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAw"
"L3N2ZyI+PHBhdGggZD0iTTI5LDE5IEw1LDE5IEwxLDEwIEw1LDEgTDI5LDEiIGZpbGw9IiMxODE4"
"MTgiIHN0cm9rZT0iI0MwMDAwMCIgc3Ryb2tlLXdpZHRoPSIyIi8+PC9zdmc+Cg==');}\n"
"\t\t}\n"
"\t\t@media(min-width:650px){\n"
"\t\t\tdiv.box:first-child{border-top-left-radius:4px;border-bottom-left-radius:4px;border-right:none;}\n"
"\t\t\tdiv.box:last-child{border-top-right-radius:4px;border-bottom-right-radius:4px;border-left:none;}\n"
"\t\t\tdiv.box:not(:last-child):not(:first-child){border-left:none;border-right:none;}\n"
"\t\t}\n"
"\t\t@media(max-width:650px){\n"
"\t\t\tsection.error-ctx{flex-direction:column;height:unset;}\n"
"\t\t\tdiv.box:first-child{border-top-left-radius:4px;border-top-right-radius:4px;border-bottom:none;padding-top:1em;}\n"
"\t\t\tdiv.box:last-child{border-bottom-right-radius:4px;border-bottom-left-radius:4px;border-top:none;padding-bottom:1em;}\n"
"\t\t\tdiv.box:not(:last-child):not(:first-child){border-top:none;border-bottom:none;}\n"
"\t\t\tdiv.arrow.response{transform:rotate(90deg);top:-10px;left:calc(33.3333%% - 22.5px);right:unset;}\n"
"\t\t\tdiv.arrow.request{transform:rotate(90deg);bottom:-10px;right:calc(33.3333%% - 22.5px);top:unset;}\n"
"\t\t}\n"
"\t</style>\n"
"</head>\n"
"<body>\n"
"\t<main>\n"
"\t\t<section>\n"
"%3$s"
"%9$s"
"\t\t\t<div class=\"footer\"><a href=\"https://%7$s/\">%7$s</a> - " SERVER_STR_HTML "</div>\n"
"\t\t</section>\n"
"%8$s"
"\t</main>\n"
"</body>\n"
"</html>\n";
const char http_proxy_document[] =
"\t\t<section class=\"error-ctx\">\n"
"\t\t\t<div class=\"box%1$s\">\n"
"\t\t\t\t<div class=\"content\">\n"
"\t\t\t\t\t<span>Client</span>\n"
"\t\t\t\t\t<img src=\"data:image/svg+xml;base64,"
"PHN2ZyB3aWR0aD0iNjQiIGhlaWdodD0iNjQiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAw"
"L3N2ZyI+PHBhdGggZD0iTTIsMzIgYTMwLDMwLDAsMSwwLDYwLDAgYTMwLDMwLDAsMSwwLC02MCww"
"IEw2MiwzMiBNNiwxNiBMNTgsMTYgTTYsNDggTDU4LDQ4IE0zMiwyIEwzMiw2MiBhMTUsMzAsMCwx"
"LDAsMCwtNjAgYTE1LDMwLDAsMSwwLDAsNjAgWiIgc3Ryb2tlPSIjMDA4MDAwIiBzdHJva2Utd2lk"
"dGg9IjIiIGZpbGw9IiMwMDAwMDAwMCIvPjwvc3ZnPgo=\"/>\n"
"\t\t\t\t\t<span>Your Browser</span>\n"
"\t\t\t\t</div>\n"
"\t\t\t\t<div class=\"arrow request%2$s\"></div>\n"
"\t\t\t</div>\n"
"\t\t\t<div class=\"border%8$s\"></div>\n"
"\t\t\t<div class=\"box%3$s\">\n"
"\t\t\t\t<div class=\"content\">\n"
"\t\t\t\t\t<span>Reverse Proxy</span>\n"
"\t\t\t\t\t<h3>%10$03i</h3>\n"
"\t\t\t\t\t<h4>%11$s</h4>\n"
"\t\t\t\t\t<span>" SERVER_NAME "</span>\n"
"\t\t\t\t</div>\n"
"\t\t\t\t<div class=\"arrow request%4$s\"></div>\n"
"\t\t\t\t<div class=\"arrow response%5$s\"></div>\n"
"\t\t\t</div>\n"
"\t\t\t<div class=\"border%9$s\"></div>\n"
"\t\t\t<div class=\"box%6$s\">\n"
"\t\t\t\t<div class=\"content\">\n"
"\t\t\t\t\t<span>Server</span>\n"
"\t\t\t\t\t<h3>%12$s</h3>\n"
"\t\t\t\t\t<h4>%13$s</h4>\n"
"\t\t\t\t\t<span>%14$s</span>\n"
"\t\t\t\t</div>\n"
"\t\t\t\t<div class=\"arrow response%7$s\"></div>\n"
"\t\t\t</div>\n"
"\t\t</section>\n";
const char http_error_document[] =
"\t\t\t<h1>%1$i</h1>\n"
"\t\t\t<h2>%2$s :&#xFEFF;(</h2>\n"
"\t\t\t<p>%3$s</p>\n"
"\t\t\t<p>%4$s</p>\n";
const char http_error_icon[] =
"\t<link rel=\"alternate icon\" type=\"image/svg+xml\" sizes=\"any\" href=\"data:image/svg+xml;base64,"
"PHN2ZyB3aWR0aD0iMTYiIGhlaWdodD0iMTYiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAw"
"L3N2ZyI+PHRleHQgeD0iNCIgeT0iMTIiIGZpbGw9IiNDMDAwMDAiIHN0eWxlPSJmb250LWZhbWls"
"eTonQXJpYWwnLHNhbnMtc2VyaWYiPjooPC90ZXh0Pjwvc3ZnPgo=\"/>\n";
const char http_warning_document[] =
"\t\t\t<h1>%1$i</h1>\n"
"\t\t\t<h2>%2$s :&#xFEFF;)</h2>\n"
"\t\t\t<p>%3$s</p>\n"
"\t\t\t<p>%4$s</p>\n";
const char http_warning_icon[] =
"\t<link rel=\"alternate icon\" type=\"image/svg+xml\" sizes=\"any\" href=\"data:image/svg+xml;base64,"
"PHN2ZyB3aWR0aD0iMTYiIGhlaWdodD0iMTYiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAw"
"L3N2ZyI+PHRleHQgeD0iNCIgeT0iMTIiIGZpbGw9IiNFMEMwMDAiIHN0eWxlPSJmb250LWZhbWls"
"eTonQXJpYWwnLHNhbnMtc2VyaWYiPjopPC90ZXh0Pjwvc3ZnPgo=\"/>\n";
const char http_success_document[] =
"\t\t\t<h1>%1$i</h1>\n"
"\t\t\t<h2>%2$s :&#xFEFF;)</h2>\n"
"\t\t\t<p>%3$s</p>\n"
"\t\t\t<p>%4$s</p>\n";
const char http_success_icon[] =
"\t<link rel=\"alternate icon\" type=\"image/svg+xml\" sizes=\"any\" href=\"data:image/svg+xml;base64,"
"PHN2ZyB3aWR0aD0iMTYiIGhlaWdodD0iMTYiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAw"
"L3N2ZyI+PHRleHQgeD0iNCIgeT0iMTIiIGZpbGw9IiMwMDgwMDAiIHN0eWxlPSJmb250LWZhbWls"
"eTonQXJpYWwnLHNhbnMtc2VyaWYiPjopPC90ZXh0Pjwvc3ZnPgo=\"/>\n";
const char http_info_document[] =
"\t\t\t<h1>%1$i</h1>\n"
"\t\t\t<h2>%2$s :&#xFEFF;)</h2>\n"
"\t\t\t<p>%3$s</p>\n"
"\t\t\t<p>%4$s</p>\n";
const char http_info_icon[] =
"\t<link rel=\"alternate icon\" type=\"image/svg+xml\" sizes=\"any\" href=\"data:image/svg+xml;base64,"
"PHN2ZyB3aWR0aD0iMTYiIGhlaWdodD0iMTYiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAw"
"L3N2ZyI+PHRleHQgeD0iNCIgeT0iMTIiIGZpbGw9IiM2MDYwNjAiIHN0eWxlPSJmb250LWZhbWls"
"eTonQXJpYWwnLHNhbnMtc2VyaWYiPjopPC90ZXh0Pjwvc3ZnPgo=\"/>\n";
const int http_statuses_size = sizeof(http_statuses);
const int http_status_messages_size = sizeof(http_status_messages);

View File

@@ -1,37 +1,11 @@
/**
* Necronda Web Server
* FastCGI interface implementation (header file)
* src/fastcgi.h
* Lorenz Stechauner, 2020-12-26
* sesimos - secure, simple, modern web server
* @brief FastCGI header file
* @file src/lib/include/fastcgi.h
*/
#ifndef NECRONDA_SERVER_FASTCGI_H
#define NECRONDA_SERVER_FASTCGI_H
#define FASTCGI_CHUNKED 1
#define FASTCGI_COMPRESS 2
typedef struct {
int socket;
unsigned short req_id;
char *out_buf;
unsigned short out_len;
unsigned short out_off;
} fastcgi_conn;
char *fastcgi_add_param(char *buf, const char *key, const char *value);
int fastcgi_init(fastcgi_conn *conn, unsigned int client_num, unsigned int req_num, const sock *client,
const http_req *req, const http_uri *uri);
int fastcgi_close_stdin(fastcgi_conn *conn);
int fastcgi_header(fastcgi_conn *conn, http_res *res, char *err_msg);
int fastcgi_send(fastcgi_conn *conn, sock *client, int flags);
int fastcgi_receive(fastcgi_conn *conn, sock *client, unsigned long len);
#ifndef SESIMOS_EXTERN_FASTCGI_H
#define SESIMOS_EXTERN_FASTCGI_H
/*
* Listening socket file number
@@ -144,4 +118,4 @@ typedef struct {
FCGI_UnknownTypeBody body;
} FCGI_UnknownTypeRecord;
#endif //NECRONDA_SERVER_FASTCGI_H
#endif //SESIMOS_EXTERN_FASTCGI_H

164
src/lib/mpmc.c Normal file
View File

@@ -0,0 +1,164 @@
#include "mpmc.h"
#include "../logger.h"
#include <errno.h>
#include <malloc.h>
#include <memory.h>
#include <pthread.h>
#include <signal.h>
static void *mpmc_worker(void *arg);
int mpmc_init(mpmc_t *ctx, int n_workers, int buf_size, void (*consumer)(void *obj), const char *prefix) {
ctx->alive = 1;
ctx->n_workers = n_workers;
ctx->size = buf_size, ctx->max_size = buf_size;
ctx->rd = 0, ctx->wr = 0;
ctx->buffer = NULL, ctx->workers = NULL;
ctx->consumer = consumer;
if (sem_init(&ctx->free, 0, ctx->size) != 0 ||
sem_init(&ctx->used, 0, 0) != 0 ||
sem_init(&ctx->lck_rd, 0, 1) != 0 ||
sem_init(&ctx->lck_wr, 0, 1) != 0)
{
mpmc_destroy(ctx);
return -1;
}
if ((ctx->buffer = malloc(ctx->size * sizeof(void *))) == NULL ||
(ctx->workers = malloc(ctx->n_workers * sizeof(pthread_t))) == NULL)
{
mpmc_destroy(ctx);
return -1;
}
memset(ctx->buffer, 0, ctx->size * sizeof(void *));
memset(ctx->workers, 0, ctx->n_workers * sizeof(pthread_t));
for (int i = 0; i < ctx->n_workers; i++) {
int ret;
if ((ret = pthread_create(&ctx->workers[i], NULL, mpmc_worker, ctx)) != 0) {
mpmc_destroy(ctx);
errno = ret;
return -1;
}
}
return 0;
}
int mpmc_queue(mpmc_t *ctx, void *obj) {
// wait for buffer to be emptied
try_again_1:
if (sem_wait(&ctx->free) != 0) {
if (errno == EINTR) {
errno = 0;
goto try_again_1;
} else {
return -1;
}
}
// lock rd field
try_again_2:
if (sem_wait(&ctx->lck_rd) != 0) {
if (errno == EINTR) {
errno = 0;
goto try_again_2;
} else {
sem_post(&ctx->free);
return -1;
}
}
int p = ctx->rd;
ctx->rd = (ctx->rd + 1) % ctx->size;
// unlock rd field
sem_post(&ctx->lck_rd);
// fill buffer with object
ctx->buffer[p] = obj;
// inform worker
sem_post(&ctx->used);
return 0;
}
static void *mpmc_worker(void *arg) {
mpmc_t *ctx = arg;
while (ctx->alive) {
// wait for buffer to be filled
if (sem_wait(&ctx->used) != 0) {
if (errno == EINTR) {
errno = 0;
continue;
} else {
critical("Unable to lock semaphore");
errno = 0;
break;
}
}
// lock wr field
if (sem_wait(&ctx->lck_wr) != 0) {
if (errno == EINTR) {
errno = 0;
sem_post(&ctx->used);
continue;
} else {
critical("Unable to lock semaphore");
errno = 0;
sem_post(&ctx->used);
break;
}
}
int p = ctx->wr;
ctx->wr = (ctx->wr + 1) % ctx->size;
// unlock wr field
sem_post(&ctx->lck_wr);
// consume object
ctx->consumer(ctx->buffer[p]);
logger_set_prefix("");
// unlock slot in buffer
sem_post(&ctx->free);
}
return NULL;
}
void mpmc_stop(mpmc_t *ctx) {
ctx->alive = 0;
}
void mpmc_destroy(mpmc_t *ctx) {
int e = errno;
// stop threads, if running
mpmc_stop(ctx);
for (int i = 0; i < ctx->n_workers; i++) {
if (ctx->workers[i] == 0) break;
// FIXME
pthread_kill(ctx->workers[i], SIGUSR1);
//pthread_join(ctx->workers[i], NULL);
pthread_cancel(ctx->workers[i]);
}
sem_destroy(&ctx->free);
sem_destroy(&ctx->used);
sem_destroy(&ctx->lck_rd);
sem_destroy(&ctx->lck_wr);
free(ctx->buffer);
free(ctx->workers);
// reset errno
errno = e;
}

26
src/lib/mpmc.h Normal file
View File

@@ -0,0 +1,26 @@
#ifndef SESIMOS_MPMC_H
#define SESIMOS_MPMC_H
#include <semaphore.h>
typedef struct {
unsigned char alive;
int n_workers;
int rd, wr;
sem_t free, used, lck_rd, lck_wr;
int size, max_size;
void **buffer;
pthread_t *workers;
void (*consumer)(void *obj);
} mpmc_t;
int mpmc_init(mpmc_t *ctx, int n_workers, int buf_size, void (*consumer)(void *obj), const char *prefix);
int mpmc_queue(mpmc_t *ctx, void *obj);
void mpmc_stop(mpmc_t *ctx);
void mpmc_destroy(mpmc_t *ctx);
#endif //SESIMOS_MPMC_H

567
src/lib/proxy.c Normal file
View File

@@ -0,0 +1,567 @@
/**
* sesimos - secure, simple, modern web server
* @brief Reverse proxy
* @file src/lib/proxy.c
* @author Lorenz Stechauner
* @date 2021-01-07
*/
#include "../defs.h"
#include "../server.h"
#include "../logger.h"
#include "proxy.h"
#include "utils.h"
#include "compress.h"
#include <openssl/ssl.h>
#include <string.h>
#include <errno.h>
#include <openssl/err.h>
#include <arpa/inet.h>
#include <sys/time.h>
sock proxy;
char *proxy_host = NULL;
struct timeval server_timeout = {.tv_sec = SERVER_TIMEOUT, .tv_usec = 0};
int proxy_preload(void) {
proxy.ctx = SSL_CTX_new(TLS_client_method());
return 0;
}
int proxy_request_header(http_req *req, int enc, client_ctx_t *ctx) {
char buf1[256], buf2[256];
int p_len;
const char *via = http_get_header_field(&req->hdr, "Via");
sprintf(buf1, "HTTP/%s %s", req->version, SERVER_NAME);
if (via == NULL) {
http_add_header_field(&req->hdr, "Via", buf1);
} else {
p_len = snprintf(buf2, sizeof(buf2), "%s, %s", via, buf1);
if (p_len < 0 || p_len >= sizeof(buf2)) {
error("Header field 'Via' too long");
return -1;
}
http_remove_header_field(&req->hdr, "Via", HTTP_REMOVE_ALL);
http_add_header_field(&req->hdr, "Via", buf2);
}
const char *host = http_get_header_field(&req->hdr, "Host");
const char *forwarded = http_get_header_field(&req->hdr, "Forwarded");
int client_ipv6 = strchr(ctx->addr, ':') != NULL;
int server_ipv6 = strchr(ctx->s_addr, ':') != NULL;
p_len = snprintf(buf1, sizeof(buf1), "by=%s%s%s;for=%s%s%s;host=%s;proto=%s",
server_ipv6 ? "\"[" : "", ctx->s_addr, server_ipv6 ? "]\"" : "",
client_ipv6 ? "\"[" : "", ctx->addr, client_ipv6 ? "]\"" : "",
host, enc ? "https" : "http");
if (p_len < 0 || p_len >= sizeof(buf1)) {
error("Appended part of header field 'Forwarded' too long");
return -1;
}
if (forwarded == NULL) {
http_add_header_field(&req->hdr, "Forwarded", buf1);
} else {
p_len = snprintf(buf2, sizeof(buf2), "%s, %s", forwarded, buf1);
if (p_len < 0 || p_len >= sizeof(buf2)) {
error("Header field 'Forwarded' too long");
return -1;
}
http_remove_header_field(&req->hdr, "Forwarded", HTTP_REMOVE_ALL);
http_add_header_field(&req->hdr, "Forwarded", buf2);
}
const char *xff = http_get_header_field(&req->hdr, "X-Forwarded-For");
if (xff == NULL) {
http_add_header_field(&req->hdr, "X-Forwarded-For", ctx->addr);
} else {
sprintf(buf1, "%s, %s", xff, ctx->addr);
http_remove_header_field(&req->hdr, "X-Forwarded-For", HTTP_REMOVE_ALL);
http_add_header_field(&req->hdr, "X-Forwarded-For", buf1);
}
const char *xfh = http_get_header_field(&req->hdr, "X-Forwarded-Host");
if (xfh == NULL) {
if (forwarded == NULL) {
http_add_header_field(&req->hdr, "X-Forwarded-Host", host);
} else {
char *ptr = strchr(forwarded, ',');
unsigned long len;
if (ptr != NULL) len = ptr - forwarded;
else len = strlen(forwarded);
ptr = strstr(forwarded, "host=");
if ((ptr - forwarded) < len) {
char *end = strchr(ptr, ';');
if (end == NULL) len -= (ptr - forwarded);
else len = (end - ptr);
len -= 5;
sprintf(buf1, "%.*s", (int) len, ptr + 5);
http_add_header_field(&req->hdr, "X-Forwarded-Host", buf1);
}
}
}
const char *xfp = http_get_header_field(&req->hdr, "X-Forwarded-Proto");
if (xfp == NULL) {
if (forwarded == NULL) {
http_add_header_field(&req->hdr, "X-Forwarded-Proto", enc ? "https" : "http");
} else {
char *ptr = strchr(forwarded, ',');
unsigned long len;
if (ptr != NULL) len = ptr - forwarded;
else len = strlen(forwarded);
ptr = strstr(forwarded, "proto=");
if ((ptr - forwarded) < len) {
char *end = strchr(ptr, ';');
if (end == NULL) len -= (ptr - forwarded);
else len = (end - ptr);
len -= 6;
sprintf(buf1, "%.*s", (int) len, ptr + 6);
http_add_header_field(&req->hdr, "X-Forwarded-Proto", buf1);
}
}
}
return 0;
}
int proxy_response_header(http_req *req, http_res *res, host_config_t *conf) {
char buf1[256], buf2[256];
int p_len;
const char *via = http_get_header_field(&res->hdr, "Via");
p_len = snprintf(buf1, sizeof(buf1), "HTTP/%s %s", req->version, SERVER_NAME);
if (p_len < 0 || p_len >= sizeof(buf1)) {
error("Appended part of header field 'Via' too long");
return -1;
}
if (via == NULL) {
http_add_header_field(&res->hdr, "Via", buf1);
} else {
p_len = snprintf(buf2, sizeof(buf2), "%s, %s", via, buf1);
if (p_len < 0 || p_len >= sizeof(buf2)) {
error("Header field 'Via' too long");
return -1;
}
http_remove_header_field(&res->hdr, "Via", HTTP_REMOVE_ALL);
http_add_header_field(&res->hdr, "Via", buf2);
}
const char *location = http_get_header_field(&res->hdr, "Location");
if (location != NULL) {
char *hostnames[] = {conf->name, conf->proxy.hostname};
for (int i = 0; i < sizeof(hostnames) / sizeof(hostnames[0]); i++) {
char *hostname = hostnames[i];
p_len = snprintf(buf1, sizeof(buf1), "http://%s/", hostname);
if (strncmp(location, buf1, p_len) == 0) goto match;
p_len = snprintf(buf1, sizeof(buf1), "https://%s/", hostname);
if (strncmp(location, buf1, p_len) == 0) goto match;
p_len = snprintf(buf1, sizeof(buf1), "http://%s:%i/", hostname, conf->proxy.port);
if (strncmp(location, buf1, p_len) == 0) goto match;
p_len = snprintf(buf1, sizeof(buf1), "https://%s:%i/", hostname, conf->proxy.port);
if (strncmp(location, buf1, p_len) == 0) goto match;
}
if (0) {
match:
strcpy(buf1, location + p_len - 1);
http_remove_header_field(&res->hdr, "Location", HTTP_REMOVE_ALL);
http_add_header_field(&res->hdr, "Location", buf1);
}
}
return 0;
}
int proxy_init(http_req *req, http_res *res, http_status_ctx *ctx, host_config_t *conf, sock *client, client_ctx_t *cctx, http_status *custom_status, char *err_msg) {
char buffer[CHUNK_SIZE];
const char *connection, *upgrade, *ws_version;
long ret;
int tries = 0, retry = 0;
if (proxy.socket != 0 && strcmp(proxy_host, conf->name) == 0 && sock_check(&proxy) == 0)
goto proxy;
retry:
if (proxy.socket != 0) {
info(BLUE_STR "Closing proxy connection");
sock_close(&proxy);
}
retry = 0;
tries++;
proxy.socket = socket(AF_INET6, SOCK_STREAM, 0);
if (proxy.socket < 0) {
error("Unable to create socket");
res->status = http_get_status(500);
ctx->origin = INTERNAL;
return -1;
}
server_timeout.tv_sec = SERVER_TIMEOUT_INIT;
server_timeout.tv_usec = 0;
if (setsockopt(proxy.socket, SOL_SOCKET, SO_RCVTIMEO, &server_timeout, sizeof(server_timeout)) < 0)
goto proxy_timeout_err;
if (setsockopt(proxy.socket, SOL_SOCKET, SO_SNDTIMEO, &server_timeout, sizeof(server_timeout)) < 0)
goto proxy_timeout_err;
struct hostent *host_ent = gethostbyname2(conf->proxy.hostname, AF_INET6);
if (host_ent == NULL) {
host_ent = gethostbyname2(conf->proxy.hostname, AF_INET);
if (host_ent == NULL) {
res->status = http_get_status(503);
ctx->origin = SERVER_REQ;
error("Unable to connect to server: Name or service not known");
sprintf(err_msg, "Unable to connect to server: Name or service not known.");
goto proxy_err;
}
}
struct sockaddr_in6 address = {.sin6_family = AF_INET6, .sin6_port = htons(conf->proxy.port)};
if (host_ent->h_addrtype == AF_INET6) {
memcpy(&address.sin6_addr, host_ent->h_addr_list[0], host_ent->h_length);
} else if (host_ent->h_addrtype == AF_INET) {
unsigned char addr[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF, 0, 0, 0, 0};
memcpy(addr + 12, host_ent->h_addr_list[0], host_ent->h_length);
memcpy(&address.sin6_addr, addr, 16);
}
inet_ntop(address.sin6_family, (void *) &address.sin6_addr, buffer, sizeof(buffer));
info(BLUE_STR "Connecting to " BLD_STR "[%s]:%i" CLR_STR BLUE_STR "...", buffer, conf->proxy.port);
if (connect(proxy.socket, (struct sockaddr *) &address, sizeof(address)) < 0) {
if (errno == ETIMEDOUT || errno == EINPROGRESS) {
res->status = http_get_status(504);
ctx->origin = SERVER_REQ;
} else if (errno == ECONNREFUSED) {
res->status = http_get_status(503);
ctx->origin = SERVER_REQ;
} else {
res->status = http_get_status(500);
ctx->origin = INTERNAL;
}
error("Unable to connect to [%s]:%i: %s", buffer, conf->proxy.port, strerror(errno));
sprintf(err_msg, "Unable to connect to server: %s.", strerror(errno));
goto proxy_err;
}
server_timeout.tv_sec = SERVER_TIMEOUT;
server_timeout.tv_usec = 0;
if (setsockopt(proxy.socket, SOL_SOCKET, SO_RCVTIMEO, &server_timeout, sizeof(server_timeout)) < 0)
goto proxy_timeout_err;
if (setsockopt(proxy.socket, SOL_SOCKET, SO_SNDTIMEO, &server_timeout, sizeof(server_timeout)) < 0) {
proxy_timeout_err:
res->status = http_get_status(500);
ctx->origin = INTERNAL;
error("Unable to set timeout for reverse proxy socket");
sprintf(err_msg, "Unable to set timeout for reverse proxy socket: %s", strerror(errno));
goto proxy_err;
}
if (conf->proxy.enc) {
proxy.ssl = SSL_new(proxy.ctx);
SSL_set_fd(proxy.ssl, proxy.socket);
SSL_set_connect_state(proxy.ssl);
ret = SSL_do_handshake(proxy.ssl);
proxy._last_ret = ret;
proxy._errno = errno;
proxy._ssl_error = ERR_get_error();
proxy.enc = 1;
if (ret < 0) {
res->status = http_get_status(502);
ctx->origin = SERVER_REQ;
error("Unable to perform handshake: %s", sock_strerror(&proxy));
sprintf(err_msg, "Unable to perform handshake: %s.", sock_strerror(&proxy));
goto proxy_err;
}
}
proxy_host = conf->name;
info(BLUE_STR "Established new connection with " BLD_STR "[%s]:%i", buffer, conf->proxy.port);
proxy:
connection = http_get_header_field(&req->hdr, "Connection");
if (connection != NULL && (strstr(connection, "upgrade") != NULL || strstr(connection, "Upgrade") != NULL)) {
upgrade = http_get_header_field(&req->hdr, "Upgrade");
ws_version = http_get_header_field(&req->hdr, "Sec-WebSocket-Version");
if (upgrade != NULL && ws_version != NULL && strcmp(upgrade, "websocket") == 0 && strcmp(ws_version, "13") == 0) {
ctx->ws_key = http_get_header_field(&req->hdr, "Sec-WebSocket-Key");
} else {
res->status = http_get_status(501);
ctx->origin = INTERNAL;
return -1;
}
} else {
http_remove_header_field(&req->hdr, "Connection", HTTP_REMOVE_ALL);
http_add_header_field(&req->hdr, "Connection", "keep-alive");
}
ret = proxy_request_header(req, (int) client->enc, cctx);
if (ret != 0) {
res->status = http_get_status(500);
ctx->origin = INTERNAL;
return -1;
}
ret = http_send_request(&proxy, req);
if (ret < 0) {
res->status = http_get_status(502);
ctx->origin = SERVER_REQ;
error("Unable to send request to server (1): %s", sock_strerror(&proxy));
sprintf(err_msg, "Unable to send request to server: %s.", sock_strerror(&proxy));
retry = tries < 4;
goto proxy_err;
}
const char *content_length = http_get_header_field(&req->hdr, "Content-Length");
unsigned long content_len = content_length != NULL ? strtoul(content_length, NULL, 10) : 0;
const char *transfer_encoding = http_get_header_field(&req->hdr, "Transfer-Encoding");
ret = 0;
if (content_len > 0) {
ret = sock_splice(&proxy, client, buffer, sizeof(buffer), content_len);
} else if (transfer_encoding != NULL && strstr(transfer_encoding, "chunked") != NULL) {
ret = sock_splice_chunked(&proxy, client, buffer, sizeof(buffer));
}
if (ret < 0 || (content_len != 0 && ret != content_len)) {
if (ret == -1) {
res->status = http_get_status(502);
ctx->origin = SERVER_REQ;
error("Unable to send request to server (2): %s", sock_strerror(&proxy));
sprintf(err_msg, "Unable to send request to server: %s.", sock_strerror(&proxy));
retry = tries < 4;
goto proxy_err;
} else if (ret == -2) {
res->status = http_get_status(400);
ctx->origin = CLIENT_REQ;
error("Unable to receive request from client: %s", sock_strerror(client));
sprintf(err_msg, "Unable to receive request from client: %s.", sock_strerror(client));
return -1;
}
res->status = http_get_status(500);
ctx->origin = INTERNAL;
error("Unknown Error");
return -1;
}
ret = sock_recv(&proxy, buffer, sizeof(buffer), MSG_PEEK);
if (ret <= 0) {
int enc_err = sock_enc_error(&proxy);
if (errno == EAGAIN || errno == EINPROGRESS || enc_err == SSL_ERROR_WANT_READ ||
enc_err == SSL_ERROR_WANT_WRITE)
{
res->status = http_get_status(504);
ctx->origin = SERVER_RES;
} else {
res->status = http_get_status(502);
ctx->origin = SERVER_RES;
}
error("Unable to receive response from server: %s", sock_strerror(&proxy));
sprintf(err_msg, "Unable to receive response from server: %s.", sock_strerror(&proxy));
retry = tries < 4;
goto proxy_err;
}
char *buf = buffer;
unsigned short header_len = (unsigned short) (strstr(buffer, "\r\n\r\n") - buffer + 4);
if (header_len <= 0) {
res->status = http_get_status(502);
ctx->origin = SERVER_RES;
error("Unable to parse header: End of header not found");
sprintf(err_msg, "Unable to parser header: End of header not found.");
goto proxy_err;
}
for (int i = 0; i < header_len; i++) {
if ((buf[i] >= 0x00 && buf[i] <= 0x1F && buf[i] != '\r' && buf[i] != '\n') || buf[i] == 0x7F) {
res->status = http_get_status(502);
ctx->origin = SERVER_RES;
error("Unable to parse header: Header contains illegal characters");
sprintf(err_msg, "Unable to parse header: Header contains illegal characters.");
goto proxy_err;
}
}
char *ptr = buf;
while (header_len != (ptr - buf)) {
char *pos0 = strstr(ptr, "\r\n");
if (pos0 == NULL) {
res->status = http_get_status(502);
ctx->origin = SERVER_RES;
error("Unable to parse header: Invalid header format");
sprintf(err_msg, "Unable to parse header: Invalid header format.");
goto proxy_err;
}
if (ptr == buf) {
if (strncmp(ptr, "HTTP/", 5) != 0) {
res->status = http_get_status(502);
ctx->origin = SERVER_RES;
error("Unable to parse header: Invalid header format");
sprintf(err_msg, "Unable to parse header: Invalid header format.");
goto proxy_err;
}
int status_code = (int) strtol(ptr + 9, NULL, 10);
res->status = http_get_status(status_code);
if (res->status == NULL && status_code >= 100 && status_code <= 999) {
custom_status->code = status_code;
strcpy(custom_status->type, "");
snprintf(custom_status->msg, sizeof(custom_status->msg), "%.*s",
(int) (strchr(ptr, '\r') - ptr - 13), ptr + 13);
res->status = custom_status;
} else if (res->status == NULL) {
res->status = http_get_status(502);
ctx->origin = SERVER_RES;
error("Unable to parse header: Invalid or unknown status code");
sprintf(err_msg, "Unable to parse header: Invalid or unknown status code.");
goto proxy_err;
}
} else {
ret = http_parse_header_field(&res->hdr, ptr, pos0, 0);
if (ret != 0) {
res->status = http_get_status(502);
ctx->origin = SERVER_RES;
error("Unable to parse header");
sprintf(err_msg, "Unable to parse header.");
goto proxy_err;
}
}
if (pos0[2] == '\r' && pos0[3] == '\n') {
break;
}
ptr = pos0 + 2;
}
sock_recv(&proxy, buffer, header_len, 0);
ret = proxy_response_header(req, res, conf);
if (ret != 0) {
res->status = http_get_status(500);
ctx->origin = INTERNAL;
return -1;
}
return 0;
proxy_err:
if (retry) goto retry;
return -1;
}
int proxy_send(sock *client, unsigned long len_to_send, int flags) {
char buffer[CHUNK_SIZE], comp_out[CHUNK_SIZE], buf[256], *ptr;
long ret = 0, len, snd_len;
int finish_comp = 0;
compress_ctx comp_ctx;
if (flags & PROXY_COMPRESS_BR) {
flags &= ~PROXY_COMPRESS_GZ;
if (compress_init(&comp_ctx, COMPRESS_BR) != 0) {
error("Unable to init brotli");
flags &= ~PROXY_COMPRESS_BR;
}
} else if (flags & PROXY_COMPRESS_GZ) {
flags &= ~PROXY_COMPRESS_BR;
if (compress_init(&comp_ctx, COMPRESS_GZ) != 0) {
error("Unable to init gzip");
flags &= ~PROXY_COMPRESS_GZ;
}
}
do {
snd_len = 0;
if (flags & PROXY_CHUNKED) {
ret = sock_get_chunk_header(&proxy);
if (ret < 0) {
if (ret == -1) {
error("Unable to receive from server: Malformed chunk header");
} else {
error("Unable to receive from server: %s", sock_strerror(&proxy));
}
break;
}
len_to_send = ret;
ret = 1;
if (len_to_send == 0 && (flags & PROXY_COMPRESS)) {
finish_comp = 1;
len = 0;
ptr = NULL;
goto out;
finish:
compress_free(&comp_ctx);
}
}
while (snd_len < len_to_send) {
unsigned long avail_in, avail_out;
ret = sock_recv(&proxy, buffer, CHUNK_SIZE < (len_to_send - snd_len) ? CHUNK_SIZE : len_to_send - snd_len, 0);
if (ret <= 0) {
error("Unable to receive from server: %s", sock_strerror(&proxy));
break;
}
len = ret;
ptr = buffer;
out:
avail_in = len;
char *next_in = ptr;
do {
long buf_len = len;
if (flags & PROXY_COMPRESS) {
avail_out = sizeof(comp_out);
compress_compress(&comp_ctx, next_in + len - avail_in, &avail_in, comp_out, &avail_out, finish_comp);
ptr = comp_out;
buf_len = (int) (sizeof(comp_out) - avail_out);
snd_len += (long) (len - avail_in);
}
if (buf_len != 0) {
len = sprintf(buf, "%lX\r\n", buf_len);
ret = 1;
if (flags & PROXY_CHUNKED) ret = sock_send(client, buf, len, 0);
if (ret <= 0) goto err;
ret = sock_send(client, ptr, buf_len, 0);
if (ret <= 0) goto err;
if (!(flags & PROXY_COMPRESS)) snd_len += ret;
if (flags & PROXY_CHUNKED) ret = sock_send(client, "\r\n", 2, 0);
if (ret <= 0) {
err:
error("Unable to send: %s", sock_strerror(client));
break;
}
}
} while ((flags & PROXY_COMPRESS) && (avail_in != 0 || avail_out != sizeof(comp_out)));
if (ret <= 0) break;
if (finish_comp) goto finish;
}
if (ret <= 0) break;
if (flags & PROXY_CHUNKED) sock_recv(&proxy, buffer, 2, 0);
} while ((flags & PROXY_CHUNKED) && len_to_send > 0);
if (ret <= 0) return -1;
if (flags & PROXY_CHUNKED) {
ret = sock_send(client, "0\r\n\r\n", 5, 0);
if (ret <= 0) {
error("Unable to send: %s", sock_strerror(client));
return -1;
}
}
return 0;
}
int proxy_dump(char *buf, long len) {
sock_recv(&proxy, buf, len, 0);
sock_close(&proxy);
return 0;
}

39
src/lib/proxy.h Normal file
View File

@@ -0,0 +1,39 @@
/**
* sesimos - secure, simple, modern web server
* @brief Reverse proxy (header file)
* @file src/lib/proxy.h
* @author Lorenz Stechauner
* @date 2021-01-07
*/
#ifndef SESIMOS_PROXY_H
#define SESIMOS_PROXY_H
#define PROXY_CHUNKED 1
#define PROXY_COMPRESS_GZ 2
#define PROXY_COMPRESS_BR 4
#define PROXY_COMPRESS 6
#ifndef SERVER_NAME
# define SERVER_NAME "reverse proxy"
#endif
#include "http.h"
#include "config.h"
#include "../client.h"
extern sock proxy;
int proxy_preload(void);
int proxy_request_header(http_req *req, int enc, client_ctx_t *ctx);
int proxy_response_header(http_req *req, http_res *res, host_config_t *conf);
int proxy_init(http_req *req, http_res *res, http_status_ctx *ctx, host_config_t *conf, sock *client, client_ctx_t *cctx, http_status *custom_status, char *err_msg);
int proxy_send(sock *client, unsigned long len_to_send, int flags);
int proxy_dump(char *buf, long len);
#endif //SESIMOS_PROXY_H

203
src/lib/sock.c Normal file
View File

@@ -0,0 +1,203 @@
/**
* sesimos - secure, simple, modern web server
* @brief Basic TCP and TLS socket
* @file src/lib/sock.c
* @author Lorenz Stechauner
* @date 2021-01-07
*/
#include "sock.h"
#include "utils.h"
#include <openssl/err.h>
#include <openssl/ssl.h>
#include <string.h>
#include <sys/socket.h>
#include <unistd.h>
#include <poll.h>
int sock_enc_error(sock *s) {
return (int) s->enc ? SSL_get_error(s->ssl, (int) s->_last_ret) : 0;
}
const char *sock_strerror(sock *s) {
if (s->_last_ret == 0) {
return "closed";
} else if (s->enc) {
if (s->_last_ret > 0) {
return NULL;
}
const char *err1 = ERR_reason_error_string(s->_ssl_error);
const char *err2 = strerror(errno);
switch (sock_enc_error(s)) {
case SSL_ERROR_NONE:
return NULL;
case SSL_ERROR_ZERO_RETURN:
return "closed";
case SSL_ERROR_WANT_READ:
return "want read";
case SSL_ERROR_WANT_WRITE:
return "want write";
case SSL_ERROR_WANT_CONNECT:
return "want connect";
case SSL_ERROR_WANT_ACCEPT:
return "want accept";
case SSL_ERROR_WANT_X509_LOOKUP:
return "want x509 lookup";
case SSL_ERROR_SYSCALL:
return ((s->_ssl_error == 0) ? ((s->_last_ret == 0) ? "protocol violation" : err2) : err1);
case SSL_ERROR_SSL:
return err1;
default:
return "unknown error";
}
} else {
return strerror(s->_errno);
}
}
long sock_send(sock *s, void *buf, unsigned long len, int flags) {
long ret;
if (s->enc) {
ret = SSL_write(s->ssl, buf, (int) len);
s->_ssl_error = ERR_get_error();
} else {
ret = send(s->socket, buf, len, flags);
}
s->_last_ret = ret;
s->_errno = errno;
return ret >= 0 ? ret : -1;
}
long sock_recv(sock *s, void *buf, unsigned long len, int flags) {
long ret;
if (s->enc) {
int (*func)(SSL*, void*, int) = (flags & MSG_PEEK) ? SSL_peek : SSL_read;
ret = func(s->ssl, buf, (int) len);
s->_ssl_error = ERR_get_error();
} else {
ret = recv(s->socket, buf, len, flags);
}
s->_last_ret = ret;
s->_errno = errno;
return ret >= 0 ? ret : -1;
}
long sock_splice(sock *dst, sock *src, void *buf, unsigned long buf_len, unsigned long len) {
long ret;
unsigned long send_len = 0;
unsigned long next_len;
while (send_len < len) {
next_len = (buf_len < (len - send_len)) ? buf_len : (len - send_len);
ret = sock_recv(src, buf, next_len, 0);
if (ret <= 0) return -2;
next_len = ret;
ret = sock_send(dst, buf, next_len, send_len + next_len < len ? MSG_MORE : 0);
if (ret < 0) return -1;
if (ret != next_len) return -3;
send_len += next_len;
}
return (long) send_len;
}
long sock_splice_chunked(sock *dst, sock *src, void *buf, unsigned long buf_len) {
long ret;
unsigned long send_len = 0;
unsigned long next_len;
while (1) {
ret = sock_get_chunk_header(src);
if (ret < 0) return -2;
next_len = ret;
if (next_len <= 0) break;
ret = sock_splice(dst, src, buf, buf_len, next_len);
if (ret < 0) return ret;
}
return (long) send_len;
}
int sock_close(sock *s) {
if ((int) s->enc && s->ssl != NULL) {
if (s->_last_ret >= 0) SSL_shutdown(s->ssl);
SSL_free(s->ssl);
s->ssl = NULL;
}
shutdown(s->socket, SHUT_RDWR);
close(s->socket);
s->socket = 0;
s->enc = 0;
return 0;
}
int sock_check(sock *s) {
char buf;
return recv(s->socket, &buf, 1, MSG_PEEK | MSG_DONTWAIT) == 1;
}
int sock_poll(sock *sockets[], sock *ready[], sock *error[], int n_sock, int *n_ready, int *n_error, short events, int timeout_ms) {
struct pollfd fds[n_sock];
for (int i = 0; i < n_sock; i++) {
fds[i].fd = sockets[i]->socket;
fds[i].events = events;
}
int ret = poll(fds, n_sock, timeout_ms);
if (ret < 0 || ready == NULL || error == NULL) return ret;
*n_ready = 0, *n_error = 0;
for (int i = 0; i < n_sock; i++) {
if (fds[i].revents & events)
ready[(*n_ready)++] = sockets[i];
if (fds[i].revents & (POLLERR | POLLHUP | POLLNVAL))
error[(*n_error)++] = sockets[i];
}
return ret;
}
int sock_poll_read(sock *sockets[], sock *readable[], sock *error[], int n_sock, int *n_readable, int *n_error, int timeout_ms) {
return sock_poll(sockets, readable, error, n_sock, n_readable, n_error, POLLIN, timeout_ms);
}
int sock_poll_write(sock *sockets[], sock *writable[], sock *error[], int n_sock, int *n_writable, int *n_error, int timeout_ms) {
return sock_poll(sockets, writable, error, n_sock, n_writable, n_error, POLLOUT, timeout_ms);
}
long sock_parse_chunk_header(const char *buf, long len, long *ret_len) {
for (int i = 0; i < len; i++) {
char ch = buf[i];
if (ch == '\r') {
continue;
} else if (ch == '\n') {
if (ret_len != NULL) *ret_len = i + 1;
return strtol(buf, NULL, 16);
} else if (!((ch >= '0' && ch <= '9') || (ch >= 'a' && ch <= 'f') || (ch >= 'A' && ch <= 'F'))) {
return -2;
}
}
return -1;
}
long sock_get_chunk_header(sock *s) {
long ret, len;
char buf[16];
do {
ret = sock_recv(s, buf, sizeof(buf), MSG_PEEK);
if (ret <= 0) return -2;
else if (ret < 2) continue;
ret = sock_parse_chunk_header(buf, ret, &len);
if (ret == -2) return -1;
} while (ret < 0);
if (sock_recv(s, buf, len, 0) != len)
return -2;
return ret;
}

56
src/lib/sock.h Normal file
View File

@@ -0,0 +1,56 @@
/**
* sesimos - secure, simple, modern web server
* @brief Basic TCP and TLS socket (header file)
* @file src/lib/sock.h
* @author Lorenz Stechauner
* @date 2021-01-07
*/
#ifndef SESIMOS_SOCK_H
#define SESIMOS_SOCK_H
#include <openssl/crypto.h>
#include <sys/socket.h>
#include <arpa/inet.h>
typedef struct {
unsigned int enc:1;
int socket;
union {
struct sockaddr sock;
struct sockaddr_in6 ipv6;
} addr;
SSL_CTX *ctx;
SSL *ssl;
long _last_ret;
int _errno;
unsigned long _ssl_error;
} sock;
int sock_enc_error(sock *s);
const char *sock_strerror(sock *s);
long sock_send(sock *s, void *buf, unsigned long len, int flags);
long sock_recv(sock *s, void *buf, unsigned long len, int flags);
long sock_splice(sock *dst, sock *src, void *buf, unsigned long buf_len, unsigned long len);
long sock_splice_chunked(sock *dst, sock *src, void *buf, unsigned long buf_len);
int sock_close(sock *s);
int sock_check(sock *s);
int sock_poll(sock *sockets[], sock *ready[], sock *error[], int n_sock, int *n_ready, int *n_error, short events, int timeout_ms);
int sock_poll_read(sock *sockets[], sock *readable[], sock *error[], int n_sock, int *n_readable, int *n_error, int timeout_ms);
int sock_poll_write(sock *sockets[], sock *writable[], sock *error[], int n_sock, int *n_writable, int *n_error, int timeout_ms);
long sock_parse_chunk_header(const char *buf, long len, long *ret_len);
long sock_get_chunk_header(sock *s);
#endif //SESIMOS_SOCK_H

View File

@@ -1,11 +1,17 @@
/**
* Necronda Web Server
* URI and path handlers
* src/uri.c
* Lorenz Stechauner, 2020-12-13
* sesimos - secure, simple, modern web server
* @brief URI and path handlers
* @file src/lib/uri.c
* @author Lorenz Stechauner
* @date 2020-12-13
*/
#include "uri.h"
#include "utils.h"
#include <errno.h>
#include <stdlib.h>
#include <string.h>
int path_is_directory(const char *path) {
@@ -15,12 +21,16 @@ int path_is_directory(const char *path) {
int path_is_file(const char *path) {
struct stat statbuf;
return stat(path, &statbuf) == 0 && S_ISDIR(statbuf.st_mode) == 0;
int ret = stat(path, &statbuf);
errno = 0;
return ret == 0 && S_ISDIR(statbuf.st_mode) == 0;
}
int path_exists(const char *path) {
struct stat statbuf;
return stat(path, &statbuf) == 0;
int ret = stat(path, &statbuf);
errno = 0;
return ret == 0;
}
int uri_init(http_uri *uri, const char *webroot, const char *uri_str, int dir_mode) {
@@ -28,6 +38,8 @@ int uri_init(http_uri *uri, const char *webroot, const char *uri_str, int dir_mo
char buf1[1024];
char buf2[1024];
char buf3[1024];
char buf4[1024];
int p_len;
uri->webroot = NULL;
uri->req_path = NULL;
uri->path = NULL;
@@ -50,12 +62,12 @@ int uri_init(http_uri *uri, const char *webroot, const char *uri_str, int dir_mo
} else {
query[0] = 0;
query++;
ssize_t size = strlen(query) + 1;
long size = (long) strlen(query) + 1;
uri->query = malloc(size);
strcpy(uri->query, query);
}
ssize_t size = strlen(uri_str) + 1;
long size = (long) strlen(uri_str) + 1;
uri->req_path = malloc(size);
url_decode(uri_str, uri->req_path, &size);
if (query != NULL) {
@@ -65,60 +77,92 @@ int uri_init(http_uri *uri, const char *webroot, const char *uri_str, int dir_mo
return 2;
}
size = strlen(uri->req_path) + 1;
size = (long) strlen(uri->req_path) + 1;
uri->path = malloc(size);
uri->pathinfo = malloc(size);
strcpy(uri->path, uri->req_path);
char last = 0;
for (int i = 0, j = 0; i < size - 1; i++) {
char ch = uri->req_path[i];
if (last != '/' || ch != '/') {
uri->path[j++] = ch;
uri->path[j] = 0;
}
last = ch;
}
if (dir_mode == URI_DIR_MODE_NO_VALIDATION) {
return 0;
}
if (uri->path[strlen(uri->path) - 1] == '/') {
uri->path[strlen(uri->path) - 1] = 0;
strcpy(uri->pathinfo, "/");
} else {
strcpy(uri->pathinfo, "");
}
if (!path_exists(uri->webroot)) {
return 3;
}
while (1) {
sprintf(buf0, "%s%s", uri->webroot, uri->path);
sprintf(buf1, "%s.php", buf0);
sprintf(buf2, "%s.html", buf0);
p_len = snprintf(buf1, sizeof(buf1), "%s.ncr", buf0);
if (p_len < 0 || p_len >= sizeof(buf1)) return -1;
p_len = snprintf(buf2, sizeof(buf2), "%s.php", buf0);
if (p_len < 0 || p_len >= sizeof(buf2)) return -1;
p_len = snprintf(buf3, sizeof(buf3), "%s.html", buf0);
if (p_len < 0 || p_len >= sizeof(buf3)) return -1;
if (strlen(uri->path) <= 1 || path_exists(buf0) || path_is_file(buf1) || path_is_file(buf2)) {
if (strlen(uri->path) <= 1 ||
path_exists(buf0) ||
path_is_file(buf1) ||
path_is_file(buf2) ||
path_is_file(buf3)) {
break;
}
char *ptr;
parent_dir:
ptr = strrchr(uri->path, '/');
size = strlen(ptr);
sprintf(buf3, "%.*s%s", (int) size, ptr, uri->pathinfo);
strcpy(uri->pathinfo, buf3);
size = (long) strlen(ptr);
sprintf(buf4, "%.*s%s", (int) size, ptr, uri->pathinfo);
strcpy(uri->pathinfo, buf4);
ptr[0] = 0;
}
if (uri->pathinfo[0] != 0) {
sprintf(buf3, "%s", uri->pathinfo + 1);
strcpy(uri->pathinfo, buf3);
sprintf(buf4, "%s", uri->pathinfo + 1);
strcpy(uri->pathinfo, buf4);
}
if (path_is_file(buf0)) {
uri->filename = malloc(strlen(buf0) + 1);
strcpy(uri->filename, buf0);
ssize_t len = strlen(uri->path);
if (strcmp(uri->path + len - 5, ".html") == 0) {
uri->path[len - 5] = 0;
} else if (strcmp(uri->path + len - 4, ".php") == 0) {
long len = (long) strlen(uri->path);
if (strcmp(uri->path + len - 4, ".ncr") == 0 || strcmp(uri->path + len - 4, ".php") == 0) {
uri->path[len - 4] = 0;
uri->is_static = 0;
} else if (strcmp(uri->path + len - 5, ".html") == 0) {
uri->path[len - 5] = 0;
}
} else if (path_is_file(buf1)) {
uri->is_static = 0;
uri->filename = malloc(strlen(buf1) + 1);
strcpy(uri->filename, buf1);
} else if (path_is_file(buf2)) {
uri->is_static = 0;
uri->filename = malloc(strlen(buf2) + 1);
strcpy(uri->filename, buf2);
} else if (path_is_file(buf3)) {
uri->filename = malloc(strlen(buf3) + 1);
strcpy(uri->filename, buf3);
} else {
uri->is_dir = 1;
strcpy(uri->path + strlen(uri->path), "/");
sprintf(buf1, "%s%sindex.php", uri->webroot, uri->path);
sprintf(buf2, "%s%sindex.html", uri->webroot, uri->path);
sprintf(buf1, "%s%sindex.ncr", uri->webroot, uri->path);
sprintf(buf2, "%s%sindex.php", uri->webroot, uri->path);
sprintf(buf3, "%s%sindex.html", uri->webroot, uri->path);
if (path_is_file(buf1)) {
uri->filename = malloc(strlen(buf1) + 1);
strcpy(uri->filename, buf1);
@@ -126,6 +170,10 @@ int uri_init(http_uri *uri, const char *webroot, const char *uri_str, int dir_mo
} else if (path_is_file(buf2)) {
uri->filename = malloc(strlen(buf2) + 1);
strcpy(uri->filename, buf2);
uri->is_static = 0;
} else if (path_is_file(buf3)) {
uri->filename = malloc(strlen(buf3) + 1);
strcpy(uri->filename, buf3);
} else {
if (dir_mode == URI_DIR_MODE_FORBIDDEN) {
uri->is_static = 1;
@@ -145,7 +193,9 @@ int uri_init(http_uri *uri, const char *webroot, const char *uri_str, int dir_mo
if (strcmp(uri->path + strlen(uri->path) - 5, "index") == 0) {
uri->path[strlen(uri->path) - 5] = 0;
}
if (strcmp(uri->pathinfo, "index.php") == 0 || strcmp(uri->pathinfo, "index.html") == 0) {
if (strcmp(uri->pathinfo, "index.ncr") == 0 ||
strcmp(uri->pathinfo, "index.php") == 0 ||
strcmp(uri->pathinfo, "index.html") == 0) {
uri->pathinfo[0] = 0;
}

52
src/lib/uri.h Normal file
View File

@@ -0,0 +1,52 @@
/**
* sesimos - secure, simple, modern web server
* @brief URI and path handlers (header file)
* @file src/lib/uri.h
* @author Lorenz Stechauner
* @date 2020-12-13
*/
#ifndef SESIMOS_URI_H
#define SESIMOS_URI_H
#include <sys/stat.h>
#define URI_DIR_MODE_NO_VALIDATION 0
#define URI_DIR_MODE_FORBIDDEN 1
#define URI_DIR_MODE_LIST 2
#define URI_DIR_MODE_INFO 3
#define URI_ETAG_SIZE 65 // SHA256 size (hex)
#define URI_TYPE_SIZE 64
#define URI_CHARSET_SIZE 16
typedef struct {
char etag[URI_ETAG_SIZE];
char type[URI_TYPE_SIZE];
char charset[URI_CHARSET_SIZE];
char filename_comp_gz[256];
char filename_comp_br[256];
struct stat stat;
} metadata_t;
typedef struct {
char *webroot; // "/srv/www/www.test.org"
char *req_path; // "/account/login"
char *path; // "/account/"
char *pathinfo; // "login"
char *query; // "username=test"
char *filename; // "/account/index.php"
char *uri; // "/account/login?username=test"
metadata_t *meta;
unsigned int is_static:1;
unsigned int is_dir:1;
} http_uri;
int uri_init(http_uri *uri, const char *webroot, const char *uri_str, int dir_mode);
int uri_init_cache(http_uri *uri);
void uri_free(http_uri *uri);
#endif //SESIMOS_URI_H

205
src/lib/utils.c Normal file
View File

@@ -0,0 +1,205 @@
/**
* sesimos - secure, simple, modern web server
* @brief Utilities
* @file src/lib/utils.c
* @author Lorenz Stechauner
* @date 2020-12-03
*/
#include "utils.h"
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
static const char base64_encode_table[64] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
static const int base64_mod_table[3] = {0, 2, 1};
char *format_duration(unsigned long micros, char *buf) {
if (micros < 10000) {
sprintf(buf, "%.1f ms", (double) micros / 1000);
} else if (micros < 1000000 - 1000) {
sprintf(buf, "%.0f ms", (double) micros / 1000);
} else if (micros < 60000000 - 1000000) {
sprintf(buf, "%.1f s", (double) micros / 1000000);
} else if (micros < 6000000000) {
sprintf(buf, "%.1f min", (double) micros / 1000000 / 60);
} else {
sprintf(buf, "%.0f min", (double) micros / 1000000 / 60);
}
return buf;
}
int url_encode_component(const void *in, size_t size_in, char *out, size_t size_out) {
int size = 0;
// Encode control characters
for (int i = 0; i < size_in; i++) {
unsigned char ch = ((unsigned char *) in)[i];
if (ch == ' ') {
ch = '+';
} else if (
ch <= 0x20 || ch >= 0x7F ||
!((ch >= 'A' && ch <= 'Z') || (ch >= 'a' && ch <= 'z') || (ch >= '0' && ch <= '9') ||
ch == '-' || ch == '_' || ch == '.' || ch == '!' || ch == '~' || ch == '*' || ch == '\'' ||
ch == '(' || ch == ')')
) {
size += 3;
if (size < size_out) sprintf(out + size - 3, "%%%02X", ch);
ch = 0;
}
if (ch != 0) {
size++;
if (size < size_out) out[size - 1] = (char) ch;
}
}
// Set terminating null byte
if (size_out > 0) out[size < size_out ? size : size_out - 1] = 0;
// Return theoretical size
return size;
}
int url_encode(const void *in, size_t size_in, char *out, size_t size_out) {
int size = 0;
// Encode control characters
for (int i = 0; i < size_in; i++) {
unsigned char ch = ((unsigned char *) in)[i];
if (ch <= 0x20 || ch >= 0x7F) {
size += 3;
if (size < size_out) sprintf(out + size - 3, "%%%02X", ch);
} else {
size++;
if (size < size_out) out[size - 1] = (char) ch;
}
}
// Set terminating null byte
if (size_out > 0) out[size < size_out ? size : size_out - 1] = 0;
// Return theoretical size
return size;
}
int url_decode(const char *str, char *dec, long *size) {
char *ptr = dec;
char ch, buf[3];
memset(dec, 0, *size);
for (int i = 0; i < strlen(str); i++, ptr++) {
if ((ptr - dec) >= *size) {
return -1;
}
ch = str[i];
if (ch == '+') {
ch = ' ';
} else if (ch == '%') {
memcpy(buf, str + i + 1, 2);
buf[2] = 0;
ch = (char) strtol(buf, NULL, 16);
i += 2;
} else if (ch == '?') {
strcpy(ptr, str + i);
break;
}
ptr[0] = ch;
}
*size = ptr - dec;
return 0;
}
int mime_is_compressible(const char *type) {
if (type == NULL) return 0;
char type_parsed[64];
snprintf(type_parsed, sizeof(type_parsed), "%s", type);
char *pos = strchr(type_parsed, ';');
if (pos != NULL) pos[0] = 0;
return
strncmp(type_parsed, "text/", 5) == 0 ||
strncmp(type_parsed, "message/", 7) == 0 ||
strstr(type_parsed, "+xml") != NULL ||
strstr(type_parsed, "+json") != NULL ||
strcmp(type_parsed, "application/javascript") == 0 ||
strcmp(type_parsed, "application/json") == 0 ||
strcmp(type_parsed, "application/xml") == 0 ||
strcmp(type_parsed, "application/x-www-form-urlencoded") == 0 ||
strcmp(type_parsed, "application/x-tex") == 0 ||
strcmp(type_parsed, "application/x-httpd-php") == 0 ||
strcmp(type_parsed, "application/x-latex") == 0 ||
strcmp(type_parsed, "application/vnd.ms-fontobject") == 0 ||
strcmp(type_parsed, "application/x-font-ttf") == 0 ||
strcmp(type_parsed, "application/x-javascript") == 0 ||
strcmp(type_parsed, "font/eot") == 0 ||
strcmp(type_parsed, "font/opentype") == 0 ||
strcmp(type_parsed, "image/bmp") == 0 ||
strcmp(type_parsed, "image/gif") == 0 ||
strcmp(type_parsed, "image/vnd.microsoft.icon") == 0 ||
strcmp(type_parsed, "image/vnd.microsoft.iconbinary") == 0 ||
strcmp(type_parsed, "image/x-icon") == 0;
}
int strcpy_rem_webroot(char *dst, const char *src, long len, const char *webroot) {
memcpy(dst, src, len);
dst[len] = 0;
if (webroot == NULL)
return 0;
char *pos;
const unsigned long webroot_len = strlen(webroot);
if (webroot_len == 0)
return 0;
while ((pos = strstr(dst, webroot)) != NULL) {
strcpy(pos, pos + webroot_len);
}
return 0;
}
int str_trim(char **start, char **end) {
if (start == NULL || end == NULL || *start == NULL || *end == NULL)
return -1;
(*end)--;
while (*start[0] == ' ' || *start[0] == '\t' || *start[0] == '\r' || *start[0] == '\n') (*start)++;
while (*end[0] == ' ' || *end[0] == '\t' || *end[0] == '\r' || *end[0] == '\n') (*end)--;
(*end)++;
return 0;
}
int str_trim_lws(char **start, char **end) {
if (start == NULL || end == NULL || *start == NULL || *end == NULL)
return -1;
(*end)--;
while (*start[0] == ' ' || *start[0] == '\t') (*start)++;
while (*end[0] == ' ' || *end[0] == '\t') (*end)--;
(*end)++;
return 0;
}
int base64_encode(void *data, unsigned long data_len, char *output, unsigned long *output_len) {
unsigned long out_len = 4 * ((data_len + 2) / 3);
if (output_len != NULL) *output_len = out_len;
for (int i = 0, j = 0; i < data_len;) {
unsigned int octet_a = (i < data_len) ? ((unsigned char *) data)[i++] : 0;
unsigned int octet_b = (i < data_len) ? ((unsigned char *) data)[i++] : 0;
unsigned int octet_c = (i < data_len) ? ((unsigned char *) data)[i++] : 0;
unsigned int triple = (octet_a << 0x10) + (octet_b << 0x08) + octet_c;
output[j++] = base64_encode_table[(triple >> 3 * 6) & 0x3F];
output[j++] = base64_encode_table[(triple >> 2 * 6) & 0x3F];
output[j++] = base64_encode_table[(triple >> 1 * 6) & 0x3F];
output[j++] = base64_encode_table[(triple >> 0 * 6) & 0x3F];
}
for (int i = 0; i < base64_mod_table[data_len % 3]; i++)
output[out_len - 1 - i] = '=';
output[out_len] = 0;
return 0;
}

40
src/lib/utils.h Normal file
View File

@@ -0,0 +1,40 @@
/**
* sesimos - secure, simple, modern web server
* @brief Utilities (header file)
* @file src/lib/utils.h
* @author Lorenz Stechauner
* @date 2020-12-03
*/
#ifndef SESIMOS_UTILS_H
#define SESIMOS_UTILS_H
#include <stdio.h>
#define ERR_STR "\x1B[1;31m"
#define CLR_STR "\x1B[0m"
#define BLD_STR "\x1B[1m"
#define WRN_STR "\x1B[1;33m"
#define BLUE_STR "\x1B[34m"
#define HTTP_STR "\x1B[1;31m"
#define HTTPS_STR "\x1B[1;32m"
char *format_duration(unsigned long micros, char *buf);
int url_encode_component(const void *in, size_t size_in, char *out, size_t size_out);
int url_encode(const void *in, size_t size_in, char *out, size_t size_out);
int url_decode(const char *str, char *dec, long *size);
int mime_is_compressible(const char *type);
int strcpy_rem_webroot(char *dst, const char *str, long len, const char *webroot);
int str_trim(char **start, char **end);
int str_trim_lws(char **start, char **end);
int base64_encode(void *data, unsigned long data_len, char *output, unsigned long *output_len);
#endif //SESIMOS_UTILS_H

208
src/lib/websocket.c Normal file
View File

@@ -0,0 +1,208 @@
/**
* sesimos - secure, simple, modern web server
* @brief WebSocket reverse proxy
* @file src/lib/websocket.c
* @author Lorenz Stechauner
* @date 2022-08-16
*/
#include "../defs.h"
#include "../logger.h"
#include "websocket.h"
#include "utils.h"
#include <string.h>
#include <openssl/sha.h>
#include <errno.h>
#include <signal.h>
static const char ws_key_uuid[] = "258EAFA5-E914-47DA-95CA-C5AB0DC85B11";
static volatile sig_atomic_t terminate = 0;
void ws_terminate(int _) {
terminate = 1;
}
int ws_calc_accept_key(const char *key, char *accept_key) {
if (key == NULL || accept_key == NULL)
return -1;
char input[256] = "";
unsigned char output[SHA_DIGEST_LENGTH];
strcat(input, key);
strcat(input, ws_key_uuid);
if (SHA1((unsigned char *) input, strlen(input), output) == NULL) {
return -2;
}
base64_encode(output, sizeof(output), accept_key, NULL);
return 0;
}
int ws_recv_frame_header(sock *s, ws_frame *frame) {
unsigned char buf[12];
long ret = sock_recv(s, buf, 2, 0);
if (ret < 0) {
error("Unable to receive from socket");
return -1;
} else if (ret != 2) {
error("Unable to receive 2 bytes from socket");
return -2;
}
unsigned short bits = (buf[0] << 8) | buf[1];
frame->f_fin = (bits >> 15) & 1;
frame->f_rsv1 = (bits >> 14) & 1;
frame->f_rsv2 = (bits >> 13) & 1;
frame->f_rsv3 = (bits >> 12) & 1;
frame->opcode = (bits >> 8) & 0xF;
frame->f_mask = (bits >> 7) & 1;
unsigned short len = (bits & 0x7F);
int remaining = frame->f_mask ? 4 : 0;
if (len == 126) {
remaining += 2;
} else if (len == 127) {
remaining += 8;
}
ret = sock_recv(s, buf, remaining, 0);
if (ret < 0) {
error("Unable to receive from socket");
return -1;
} else if (ret != remaining) {
error("Unable to receive correct number of bytes from socket");
return -2;
}
if (len == 126) {
frame->len = (((unsigned long) buf[0]) << 8) | ((unsigned long) buf[1]);
} else if (len == 127) {
frame->len =
(((unsigned long) buf[0]) << 56) |
(((unsigned long) buf[1]) << 48) |
(((unsigned long) buf[2]) << 40) |
(((unsigned long) buf[3]) << 32) |
(((unsigned long) buf[4]) << 24) |
(((unsigned long) buf[5]) << 16) |
(((unsigned long) buf[6]) << 8) |
(((unsigned long) buf[7]) << 0);
} else {
frame->len = len;
}
if (frame->f_mask) memcpy(frame->masking_key, buf + (remaining - 4), 4);
return 0;
}
int ws_send_frame_header(sock *s, ws_frame *frame) {
unsigned char buf[14], *ptr = buf;
unsigned short len;
if (frame->len > 0x7FFF) {
len = 127;
} else if (frame->len > 125) {
len = 126;
} else {
len = frame->len;
}
unsigned short bits =
(frame->f_fin << 15) |
(frame->f_rsv1 << 14) |
(frame->f_rsv2 << 13) |
(frame->f_rsv3 << 12) |
(frame->opcode << 8) |
(frame->f_mask << 7) |
len;
ptr++[0] = bits >> 8;
ptr++[0] = bits & 0xFF;
if (len >= 126) {
for (int i = (len == 126 ? 2 : 8) - 1; i >= 0; i--)
ptr++[0] = (unsigned char) ((frame->len >> (i * 8)) & 0xFF);
}
if (frame->f_mask) {
memcpy(ptr, frame->masking_key, 4);
ptr += 4;
}
long ret = sock_send(s, buf, ptr - buf, frame->len != 0 ? MSG_MORE : 0);
if (ret < 0) {
error("Unable to send to socket");
return -1;
} else if (ret != ptr - buf) {
error("Unable to send to socket");
return -2;
}
return 0;
}
int ws_handle_connection(sock *s1, sock *s2) {
sock *poll_socks[2] = {s1, s2};
sock *readable[2], *error[2];
int n_sock = 2, n_readable = 0, n_error = 0;
ws_frame frame;
char buf[CHUNK_SIZE];
int closes = 0;
long ret;
signal(SIGINT, ws_terminate);
signal(SIGTERM, ws_terminate);
while (!terminate && closes != 3) {
ret = sock_poll_read(poll_socks, readable, error, n_sock, &n_readable, &n_error, WS_TIMEOUT * 1000);
if (terminate) {
break;
} else if (ret < 0) {
error("Unable to poll sockets");
return -1;
} else if (n_readable == 0) {
error("Connection timed out");
return -2;
} else if (n_error > 0) {
error("Peer closed connection");
return -3;
}
for (int i = 0; i < n_readable; i++) {
sock *s = readable[i];
sock *o = (s == s1) ? s2 : s1;
if (ws_recv_frame_header(s, &frame) != 0) return -3;
// debug("WebSocket: Peer %s, Opcode=0x%X, Len=%li", (s == s1) ? "1" : "2", frame.opcode, frame.len);
if (frame.opcode == 0x8) {
n_sock--;
if (s == s1) {
poll_socks[0] = s2;
closes |= 1;
} else {
closes |= 2;
}
}
if (ws_send_frame_header(o, &frame) != 0) return -3;
if (frame.len > 0) {
ret = sock_splice(o, s, buf, sizeof(buf), frame.len);
if (ret < 0) {
error("Unable to forward data in WebSocket");
return -4;
} else if (ret != frame.len) {
error("Unable to forward correct number of bytes in WebSocket");
return -4;
}
}
}
}
return 0;
}

35
src/lib/websocket.h Normal file
View File

@@ -0,0 +1,35 @@
/**
* sesimos - secure, simple, modern web server
* @brief WebSocket reverse proxy (header file)
* @file src/lib/websocket.h
* @author Lorenz Stechauner
* @date 2022-08-16
*/
#ifndef SESIMOS_WEBSOCKET_H
#define SESIMOS_WEBSOCKET_H
#include "sock.h"
#define WS_TIMEOUT 3600
typedef struct {
unsigned char f_fin:1;
unsigned char f_rsv1:1;
unsigned char f_rsv2:1;
unsigned char f_rsv3:1;
unsigned char opcode:4;
unsigned char f_mask:1;
unsigned long len;
char masking_key[4];
} ws_frame;
int ws_calc_accept_key(const char *key, char *accept_key);
int ws_recv_frame_header(sock *s, ws_frame *frame);
int ws_send_frame_header(sock *s, ws_frame *frame);
int ws_handle_connection(sock *s1, sock *s2);
#endif //SESIMOS_WEBSOCKET_H

266
src/logger.c Normal file
View File

@@ -0,0 +1,266 @@
/**
* sesimos - secure, simple, modern web server
* @brief Logger
* @file src/logger.h
* @author Lorenz Stechauner
* @date 2022-12-10
*/
#include "logger.h"
#include "lib/utils.h"
#include <stdio.h>
#include <pthread.h>
#include <semaphore.h>
#include <errno.h>
#include <string.h>
#include <stdarg.h>
#include <signal.h>
#include <malloc.h>
#define LOG_MAX_MSG_SIZE 2048
#define LOG_BUF_SIZE 16
#define LOG_NAME_LEN 12
#define LOG_PREFIX_LEN 256
#define LOG_PREFIX "[%-8s][%-6s]"
typedef struct {
log_lvl_t lvl;
char name[LOG_NAME_LEN];
char prefix[LOG_PREFIX_LEN];
char txt[LOG_MAX_MSG_SIZE];
} log_msg_t;
typedef struct {
int rd;
int wr;
log_msg_t msgs[LOG_BUF_SIZE];
} buf_t;
static pthread_t thread;
static volatile sig_atomic_t alive = 0;
static sem_t sem_buf, sem_buf_free, sem_buf_used;
static buf_t buffer;
static pthread_key_t key_name = -1, key_prefix = -1;
static char global_name[LOG_NAME_LEN] = "", global_prefix[LOG_PREFIX_LEN] = "";
static const char *level_keywords[] = {
"EMERG",
"ALERT",
"CRIT",
"ERROR",
"WARN",
"NOTICE",
"INFO",
"DEBUG"
};
static void err(const char *restrict msg) {
char err_buf[64];
strerror_r(errno, err_buf, sizeof(err_buf));
fprintf(stderr, ERR_STR LOG_PREFIX " %s: %s" CLR_STR "\n", "logger", level_keywords[LOG_CRITICAL], msg, err_buf);
}
void logmsgf(log_lvl_t level, const char *restrict format, ...) {
char buf[256];
char err_buf[64];
va_list args;
va_start(args, format);
const char *color = (level <= LOG_ERROR) ? ERR_STR : ((level <= LOG_WARNING) ? WRN_STR : "");
if (errno != 0) {
strerror_r(errno, err_buf, sizeof(err_buf));
snprintf(buf, sizeof(buf), "%s%s: %s" CLR_STR, color, format, err_buf);
} else {
snprintf(buf, sizeof(buf), "%s%s" CLR_STR, color, format);
}
void *name = pthread_getspecific(key_name);
if (name == NULL && global_name[0] != 0) name = global_name;
void *prefix = pthread_getspecific(key_prefix);
if (prefix == NULL && global_prefix[0] != 0) prefix = global_prefix;
if (!alive) {
// no logger thread running
// simply write to stdout without synchronization
printf("%s" LOG_PREFIX "%s%s ", color, (name != NULL) ? (char *) name : "", level_keywords[level], CLR_STR, (prefix != NULL) ? (char *) prefix : "");
vprintf(buf, args);
printf("\n");
} else {
// wait for free slot in buffer
try_again_free:
if (sem_wait(&sem_buf_free) != 0) {
if (errno == EINTR) {
errno = 0;
goto try_again_free;
} else {
err("Unable to lock semaphore");
errno = 0;
}
// cleanup
va_end(args);
return;
}
// try to lock buffer
try_again_buf:
if (sem_wait(&sem_buf) != 0) {
if (errno == EINTR) {
errno = 0;
goto try_again_buf;
} else {
err("Unable to lock semaphore");
errno = 0;
}
// cleanup
sem_post(&sem_buf_free);
va_end(args);
return;
}
// write message to buffer
log_msg_t *msg = &buffer.msgs[buffer.rd];
buffer.rd = (buffer.rd + 1) % LOG_BUF_SIZE;
vsnprintf(msg->txt, sizeof(msg->txt), buf, args);
msg->lvl = level;
if (name != NULL) {
snprintf(msg->name, sizeof(msg->name), "%s", (char *) name);
} else {
msg->name[0] = 0;
}
if (prefix != NULL) {
snprintf(msg->prefix, sizeof(msg->prefix), "%s", (char *) prefix);
} else {
msg->prefix[0] = 0;
}
// unlock buffer
sem_post(&sem_buf);
// unlock slot in buffer for logger
sem_post(&sem_buf_used);
}
// cleanup
va_end(args);
}
static void logger_destroy(void) {
sem_destroy(&sem_buf);
sem_destroy(&sem_buf_free);
sem_destroy(&sem_buf_used);
}
static int logger_remaining(void) {
int val = 0;
sem_getvalue(&sem_buf_used, &val);
return val;
}
void logger_set_name(const char *restrict name) {
if (key_name == -1) {
// not initialized
strncpy(global_name, name, sizeof(global_name));
} else {
int ret;
void *ptr = pthread_getspecific(key_name);
if (!ptr) {
ptr = malloc(LOG_NAME_LEN);
if ((ret = pthread_setspecific(key_name, ptr)) != 0) {
errno = ret;
err("Unable to set thread specific values");
return;
}
}
strncpy(ptr, name, LOG_NAME_LEN);
}
}
void logger_set_prefix(const char *restrict prefix) {
if (key_prefix == -1) {
// not initialized
strncpy(global_prefix, prefix, sizeof(global_prefix));
} else {
int ret;
void *ptr = pthread_getspecific(key_prefix);
if (!ptr) {
ptr = malloc(LOG_PREFIX_LEN);
if ((ret = pthread_setspecific(key_prefix, ptr)) != 0) {
errno = ret;
err("Unable to set thread specific values");
return;
}
}
strncpy(ptr, prefix, LOG_PREFIX_LEN);
}
}
static void *logger_thread(void *arg) {
logger_set_name("logger");
alive = 1;
while (alive || logger_remaining() > 0) {
// wait for buffer to be filled
if (sem_wait(&sem_buf_used) != 0) {
if (errno == EINTR) {
errno = 0;
continue;
} else {
err("Unable to lock semaphore");
errno = 0;
break;
}
}
log_msg_t *msg = &buffer.msgs[buffer.wr];
buffer.wr = (buffer.wr + 1) % LOG_BUF_SIZE;
printf("%s" LOG_PREFIX "%s%s %s\n",
(msg->lvl <= LOG_ERROR) ? ERR_STR : ((msg->lvl <= LOG_WARNING) ? WRN_STR : ""),
(msg->name[0] != 0) ? (char *) msg->name : "", level_keywords[msg->lvl], CLR_STR,
(msg->prefix[0] != 0) ? (char *) msg->prefix : "", msg->txt);
// unlock slot in buffer
sem_post(&sem_buf_free);
}
logger_destroy();
return NULL;
}
int logger_init(void) {
int ret;
// try to initialize all three semaphores
if (sem_init(&sem_buf, 0, 1) != 0 || sem_init(&sem_buf_free, 0, LOG_BUF_SIZE) != 0 || sem_init(&sem_buf_used, 0, 0) != 0) {
err("Unable to initialize semaphore");
logger_destroy();
return -1;
}
// initialize read/write heads
buffer.rd = 0;
buffer.wr = 0;
// initialize thread specific values (keys)
if ((ret = pthread_key_create(&key_name, free)) != 0 || (ret = pthread_key_create(&key_prefix, free)) != 0) {
errno = ret;
err("Unable to initialize thread specific values");
logger_destroy();
return -1;
}
pthread_create(&thread, NULL, logger_thread, NULL);
return 0;
}
void logger_stop(void) {
alive = 0;
}

40
src/logger.h Normal file
View File

@@ -0,0 +1,40 @@
/**
* sesimos - secure, simple, modern web server
* @brief Logger (header file)
* @file src/logger.h
* @author Lorenz Stechauner
* @date 2022-12-10
*/
#ifndef SESIMOS_LOGGER_H
#define SESIMOS_LOGGER_H
#define LOG_DEBUG 7
#define LOG_INFO 6
#define LOG_NOTICE 5
#define LOG_WARNING 4
#define LOG_ERROR 3
#define LOG_CRITICAL 2
#define LOG_ALERT 1
typedef unsigned char log_lvl_t;
#define debug(...) logmsgf(LOG_DEBUG, __VA_ARGS__)
#define info(...) logmsgf(LOG_INFO, __VA_ARGS__)
#define notice(...) logmsgf(LOG_NOTICE, __VA_ARGS__)
#define warning(...) logmsgf(LOG_WARNING, __VA_ARGS__)
#define error(...) logmsgf(LOG_ERROR, __VA_ARGS__)
#define critical(...) logmsgf(LOG_CRITICAL, __VA_ARGS__)
#define alert(...) logmsgf(LOG_ALERT, __VA_ARGS__)
void logmsgf(log_lvl_t level, const char *restrict format, ...);
void logger_set_name(const char *restrict name);
void logger_set_prefix(const char *restrict prefix);
int logger_init(void);
void logger_stop(void);
#endif //SESIMOS_LOGGER_H

View File

@@ -1,420 +0,0 @@
/**
* Necronda Web Server
* Main executable
* src/necronda-server.c
* Lorenz Stechauner, 2020-12-03
*/
#define _POSIX_C_SOURCE 199309L
#include "necronda-server.h"
#include "utils.c"
#include "uri.c"
#include "cache.c"
#include "http.c"
#include "client.c"
#include "fastcgi.c"
int active = 1;
void openssl_init() {
SSL_library_init();
SSL_load_error_strings();
ERR_load_BIO_strings();
OpenSSL_add_all_algorithms();
}
char *ssl_get_error(SSL *ssl, int ret) {
if (ret > 0) {
return NULL;
}
unsigned long ret2 = ERR_get_error();
char *err2 = strerror(errno);
char *err1 = (char *) ERR_reason_error_string(ret2);
switch (SSL_get_error(ssl, ret)) {
case SSL_ERROR_NONE:
return "none";
case SSL_ERROR_ZERO_RETURN:
return "closed";
case SSL_ERROR_WANT_READ:
return "want read";
case SSL_ERROR_WANT_WRITE:
return "want write";
case SSL_ERROR_WANT_CONNECT:
return "want connect";
case SSL_ERROR_WANT_ACCEPT:
return "want accept";
case SSL_ERROR_WANT_X509_LOOKUP:
return "want x509 lookup";
case SSL_ERROR_SYSCALL:
return ((ret2 == 0) ? ((ret == 0) ? "protocol violation" : err2) : err1);
case SSL_ERROR_SSL:
return err1;
default:
return "unknown error";
}
}
void destroy() {
fprintf(stderr, "\n" ERR_STR "Terminating forcefully!" CLR_STR "\n");
int status = 0;
int ret;
int kills = 0;
for (int i = 0; i < MAX_CHILDREN; i++) {
if (children[i] != 0) {
ret = waitpid(children[i], &status, WNOHANG);
if (ret < 0) {
fprintf(stderr, ERR_STR "Unable to wait for child process (PID %i): %s" CLR_STR "\n",
children[i], strerror(errno));
} else if (ret == children[i]) {
children[i] = 0;
if (status != 0) {
fprintf(stderr, ERR_STR "Child process with PID %i terminated with exit code %i" CLR_STR "\n",
ret, status);
}
} else {
kill(children[i], SIGKILL);
kills++;
}
}
}
if (kills > 0) {
fprintf(stderr, ERR_STR "Killed %i child process(es)" CLR_STR "\n", kills);
}
cache_unload();
exit(2);
}
void terminate() {
fprintf(stderr, "\nTerminating gracefully...\n");
active = 0;
signal(SIGINT, destroy);
signal(SIGTERM, destroy);
for (int i = 0; i < NUM_SOCKETS; i++) {
shutdown(sockets[i], SHUT_RDWR);
close(sockets[i]);
}
int status = 0;
int wait_num = 0;
int ret;
for (int i = 0; i < MAX_CHILDREN; i++) {
if (children[i] != 0) {
ret = waitpid(children[i], &status, WNOHANG);
if (ret < 0) {
fprintf(stderr, ERR_STR "Unable to wait for child process (PID %i): %s" CLR_STR "\n",
children[i], strerror(errno));
} else if (ret == children[i]) {
children[i] = 0;
if (status != 0) {
fprintf(stderr, ERR_STR "Child process with PID %i terminated with exit code %i" CLR_STR "\n",
ret, status);
}
} else {
kill(children[i], SIGTERM);
wait_num++;
}
}
}
if (wait_num > 0) {
fprintf(stderr, "Waiting for %i child process(es)...\n", wait_num);
}
for (int i = 0; i < MAX_CHILDREN; i++) {
if (children[i] != 0) {
ret = waitpid(children[i], &status, 0);
if (ret < 0) {
fprintf(stderr, ERR_STR "Unable to wait for child process (PID %i): %s" CLR_STR "\n",
children[i], strerror(errno));
} else if (ret == children[i]) {
children[i] = 0;
if (status != 0) {
fprintf(stderr, ERR_STR "Child process with PID %i terminated with exit code %i" CLR_STR "\n",
ret, status);
}
}
}
}
if (wait_num > 0) {
// Wait another 50 ms to let child processes write to stdout/stderr
signal(SIGINT, SIG_IGN);
signal(SIGTERM, SIG_IGN);
struct timespec ts = {.tv_sec = 0, .tv_nsec = 50000000};
nanosleep(&ts, &ts);
fprintf(stderr, "\nGoodbye\n");
} else {
fprintf(stderr, "Goodbye\n");
}
cache_unload();
exit(0);
}
int main(int argc, const char *argv[]) {
const int YES = 1;
fd_set socket_fds, read_socket_fds;
int max_socket_fd = 0;
int ready_sockets_num;
long client_num = 0;
char buf[1024];
int ret;
int client_fd;
sock client;
struct sockaddr_in6 client_addr;
unsigned int client_addr_len = sizeof(client_addr);
memset(sockets, 0, sizeof(sockets));
memset(children, 0, sizeof(children));
memset(mmdbs, 0, sizeof(mmdbs));
struct timeval timeout;
const struct sockaddr_in6 addresses[2] = {
{.sin6_family = AF_INET6, .sin6_addr = IN6ADDR_ANY_INIT, .sin6_port = htons(80)},
{.sin6_family = AF_INET6, .sin6_addr = IN6ADDR_ANY_INIT, .sin6_port = htons(443)}
};
if (setvbuf(stdout, NULL, _IONBF, 0) != 0) {
fprintf(stderr, ERR_STR "Unable to set stdout to unbuffered mode: %s" CLR_STR, strerror(errno));
return 1;
}
printf("Necronda Web Server\n");
for (int i = 1; i < argc; i++) {
const char *arg = argv[i];
unsigned long len = strlen(arg);
if (strcmp(arg, "-h") == 0 || strcmp(arg, "--help") == 0) {
printf("Usage: necronda-server [-h] -w <PATH> -c <CERT-FILE> -p <KEY-FILE> [-g <DB-DIR>] [-d <DNS-SERVER>]\n"
"\n"
"Options:\n"
" -c, --cert <CERT-FILE> path to the full chain certificate file\n"
" -d, --dns <DNS-SERVER> ip address or hostname of a DNS server for dig\n"
" -g, --geoip <DB-DIR> path to a Maxmind GeoIP Database file\n"
" -h, --help print this dialogue\n"
" -p, --privkey <KEY-FILE> path to the private key file\n"
" -w, --webroot <PATH> path to the web root directory\n");
return 0;
} else if (strcmp(arg, "-w") == 0 || strcmp(arg, "--webroot") == 0) {
if (i == argc - 1) {
fprintf(stderr, ERR_STR "Unable to parse argument %s, usage: --webroot <WEBROOT>" CLR_STR "\n", arg);
return 1;
}
webroot_base = argv[++i];
} else if (strcmp(arg, "-c") == 0 || strcmp(arg, "--cert") == 0) {
if (i == argc - 1) {
fprintf(stderr, ERR_STR "Unable to parse argument %s, usage: --cert <CERT-FILE>" CLR_STR "\n", arg);
return 1;
}
cert_file = argv[++i];
} else if (strcmp(arg, "-p") == 0 || strcmp(arg, "--privkey") == 0) {
if (i == argc - 1) {
fprintf(stderr, ERR_STR "Unable to parse argument %s, usage: --privkey <KEY-FILE>" CLR_STR "\n", arg);
return 1;
}
key_file = argv[++i];
} else if (strcmp(arg, "-g") == 0 || strcmp(arg, "--geoip") == 0) {
if (i == argc - 1) {
fprintf(stderr, ERR_STR "Unable to parse argument %s, usage: --geoip <DB-DIR>" CLR_STR "\n", arg);
return 1;
}
geoip_dir = argv[++i];
} else if (strcmp(arg, "-d") == 0 || strcmp(arg, "--dns") == 0) {
if (i == argc - 1) {
fprintf(stderr, ERR_STR "Unable to parse argument %s, usage: --dns <DNS-SERVER>" CLR_STR "\n", arg);
return 1;
}
dns_server = argv[++i];
} else {
fprintf(stderr, ERR_STR "Unable to parse argument '%s'" CLR_STR "\n", arg);
return 1;
}
}
if (webroot_base == NULL) {
fprintf(stderr, ERR_STR "Error: --webroot is missing" CLR_STR "\n");
return 1;
}
if (cert_file == NULL) {
fprintf(stderr, ERR_STR "Error: --cert is missing" CLR_STR "\n");
return 1;
}
if (key_file == NULL) {
fprintf(stderr, ERR_STR "Error: --privkey is missing" CLR_STR "\n");
return 1;
}
sockets[0] = socket(AF_INET6, SOCK_STREAM, 0);
if (sockets[0] < 0) goto socket_err;
sockets[1] = socket(AF_INET6, SOCK_STREAM, 0);
if (sockets[1] < 0) {
socket_err:
fprintf(stderr, ERR_STR "Unable to create socket: %s" CLR_STR "\n", strerror(errno));
return 1;
}
for (int i = 0; i < NUM_SOCKETS; i++) {
if (setsockopt(sockets[i], SOL_SOCKET, SO_REUSEADDR, &YES, sizeof(YES)) < 0) {
fprintf(stderr, ERR_STR "Unable to set options for socket %i: %s" CLR_STR "\n", i, strerror(errno));
return 1;
}
}
if (bind(sockets[0], (struct sockaddr *) &addresses[0], sizeof(addresses[0])) < 0) goto bind_err;
if (bind(sockets[1], (struct sockaddr *) &addresses[1], sizeof(addresses[1])) < 0) {
bind_err:
fprintf(stderr, ERR_STR "Unable to bind socket to address: %s" CLR_STR "\n", strerror(errno));
return 1;
}
signal(SIGINT, terminate);
signal(SIGTERM, terminate);
if (geoip_dir != NULL) {
DIR *geoip = opendir(geoip_dir);
if (geoip == NULL) {
fprintf(stderr, ERR_STR "Unable to open GeoIP dir: %s" CLR_STR "\n", strerror(errno));
return 1;
}
struct dirent *dir;
int i = 0;
while ((dir = readdir(geoip)) != NULL) {
if (strcmp(dir->d_name + strlen(dir->d_name) - 5, ".mmdb") != 0) continue;
if (i >= MAX_MMDB) {
fprintf(stderr, ERR_STR "Too many .mmdb files" CLR_STR "\n");
return 1;
}
sprintf(buf, "%s/%s", geoip_dir, dir->d_name);
ret = MMDB_open(buf, 0, &mmdbs[i]);
if (ret != MMDB_SUCCESS) {
fprintf(stderr, ERR_STR "Unable to open .mmdb file: %s" CLR_STR "\n", MMDB_strerror(ret));
return 1;
}
i++;
}
if (i == 0) {
fprintf(stderr, ERR_STR "No .mmdb files found in %s" CLR_STR "\n", geoip_dir);
return 1;
}
closedir(geoip);
}
openssl_init();
client.buf = NULL;
client.buf_len = 0;
client.buf_off = 0;
client.ctx = SSL_CTX_new(TLS_server_method());
SSL_CTX_set_options(client.ctx, SSL_OP_SINGLE_DH_USE);
SSL_CTX_set_verify(client.ctx, SSL_VERIFY_NONE, NULL);
SSL_CTX_set_min_proto_version(client.ctx, TLS1_VERSION);
SSL_CTX_set_mode(client.ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
SSL_CTX_set_cipher_list(client.ctx, "HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4");
SSL_CTX_set_ecdh_auto(client.ctx, 1);
if (SSL_CTX_use_certificate_chain_file(client.ctx, cert_file) != 1) {
fprintf(stderr, ERR_STR "Unable to load certificate chain file: %s: %s" CLR_STR "\n",
ERR_reason_error_string(ERR_get_error()), cert_file);
return 1;
}
if (SSL_CTX_use_PrivateKey_file(client.ctx, key_file, SSL_FILETYPE_PEM) != 1) {
fprintf(stderr, ERR_STR "Unable to load private key file: %s: %s" CLR_STR "\n",
ERR_reason_error_string(ERR_get_error()), key_file);
return 1;
}
for (int i = 0; i < NUM_SOCKETS; i++) {
if (listen(sockets[i], LISTEN_BACKLOG) < 0) {
fprintf(stderr, ERR_STR "Unable to listen on socket %i: %s" CLR_STR "\n", i, strerror(errno));
return 1;
}
}
FD_ZERO(&socket_fds);
for (int i = 0; i < NUM_SOCKETS; i++) {
FD_SET(sockets[i], &socket_fds);
if (sockets[i] > max_socket_fd) {
max_socket_fd = sockets[i];
}
}
ret = cache_init();
if (ret < 0) {
return 1;
} else if (ret != 0) {
return 0;
}
fprintf(stderr, "Ready to accept connections\n");
while (active) {
timeout.tv_sec = 1;
timeout.tv_usec = 0;
read_socket_fds = socket_fds;
ready_sockets_num = select(max_socket_fd + 1, &read_socket_fds, NULL, NULL, &timeout);
if (ready_sockets_num < 0) {
fprintf(stderr, ERR_STR "Unable to select sockets: %s" CLR_STR "\n", strerror(errno));
return 1;
}
for (int i = 0; i < NUM_SOCKETS; i++) {
if (FD_ISSET(sockets[i], &read_socket_fds)) {
client_fd = accept(sockets[i], (struct sockaddr *) &client_addr, &client_addr_len);
if (client_fd < 0) {
fprintf(stderr, ERR_STR "Unable to accept connection: %s" CLR_STR "\n", strerror(errno));
continue;
}
pid_t pid = fork();
if (pid == 0) {
// child
signal(SIGINT, SIG_IGN);
signal(SIGTERM, SIG_IGN);
client.socket = client_fd;
client.enc = i == 1;
return client_handler(&client, client_num, &client_addr);
} else if (pid > 0) {
// parent
client_num++;
close(client_fd);
for (int j = 0; j < MAX_CHILDREN; j++) {
if (children[j] == 0) {
children[j] = pid;
break;
}
}
} else {
fprintf(stderr, ERR_STR "Unable to create child process: %s" CLR_STR "\n", strerror(errno));
}
}
}
int status = 0;
for (int i = 0; i < MAX_CHILDREN; i++) {
if (children[i] != 0) {
ret = waitpid(children[i], &status, WNOHANG);
if (ret < 0) {
fprintf(stderr, ERR_STR "Unable to wait for child process (PID %i): %s" CLR_STR "\n",
children[i], strerror(errno));
} else if (ret == children[i]) {
children[i] = 0;
if (status != 0) {
fprintf(stderr, ERR_STR "Child process with PID %i terminated with exit code %i" CLR_STR "\n",
ret, status);
}
}
}
}
}
return 0;
}

View File

@@ -1,90 +0,0 @@
/**
* Necronda Web Server
* Main executable (header file)
* src/necronda-server.c
* Lorenz Stechauner, 2020-12-03
*/
#ifndef NECRONDA_SERVER_NECRONDA_SERVER_H
#define NECRONDA_SERVER_NECRONDA_SERVER_H
#include <stdio.h>
#include <sys/socket.h>
#include <signal.h>
#include <unistd.h>
#include <sys/select.h>
#include <string.h>
#include <errno.h>
#include <arpa/inet.h>
#include <wait.h>
#include <sys/types.h>
#include <stdio.h>
#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/ssl.h>
#include <openssl/conf.h>
#include <openssl/engine.h>
#include <openssl/dh.h>
#include <maxminddb.h>
#include <dirent.h>
#define NUM_SOCKETS 2
#define MAX_CHILDREN 1024
#define MAX_MMDB 3
#define LISTEN_BACKLOG 16
#define REQ_PER_CONNECTION 100
#define CLIENT_TIMEOUT 3600
#define CHUNK_SIZE 4096
#define CLIENT_MAX_HEADER_SIZE 8192
#define FILE_CACHE_SIZE 1024
#define SHM_KEY 255641
#define GEOIP_MAX_SIZE 8192
#define ERR_STR "\x1B[1;31m"
#define CLR_STR "\x1B[0m"
#define BLD_STR "\x1B[1m"
#define WRN_STR "\x1B[1;33m"
#define HTTP_STR "\x1B[1;31m"
#define HTTPS_STR "\x1B[1;32m"
#define HTTP_1XX_STR "\x1B[1;32m"
#define HTTP_2XX_STR "\x1B[1;32m"
#define HTTP_3XX_STR "\x1B[1;33m"
#define HTTP_4XX_STR "\x1B[1;31m"
#define HTTP_5XX_STR "\x1B[1;31m"
#define NECRONDA_VERSION "4.1"
#define SERVER_STR "Necronda/" NECRONDA_VERSION
#define NECRONDA_ZLIB_LEVEL 9
#ifndef DEFAULT_HOST
#define DEFAULT_HOST "www.necronda.net"
#endif
#ifndef MAGIC_FILE
#define MAGIC_FILE "/usr/share/file/misc/magic.mgc"
#endif
#ifndef PHP_FPM_SOCKET
#define PHP_FPM_SOCKET "/var/run/php-fpm/php-fpm.sock"
#endif
int sockets[NUM_SOCKETS];
pid_t children[MAX_CHILDREN];
MMDB_s mmdbs[MAX_MMDB];
const char *cert_file, *key_file, *webroot_base, *geoip_dir, *dns_server;
typedef struct {
unsigned int enc:1;
int socket;
SSL_CTX *ctx;
SSL *ssl;
char *buf;
unsigned long buf_len;
unsigned long buf_off;
} sock;
char *ssl_get_error(SSL *ssl, int ret);
#endif //NECRONDA_SERVER_NECRONDA_SERVER_H

280
src/server.c Normal file
View File

@@ -0,0 +1,280 @@
/**
* Sesimos - secure, simple, modern web server
* @brief Main executable
* @file src/server.c
* @author Lorenz Stechauner
* @date 2020-12-03
*/
#include "defs.h"
#include "server.h"
#include "client.h"
#include "logger.h"
#include "async.h"
#include "worker/tcp_acceptor.h"
#include "cache_handler.h"
#include "lib/config.h"
#include "lib/proxy.h"
#include "lib/geoip.h"
#include "worker/tcp_closer.h"
#include "worker/request_handler.h"
#include <stdio.h>
#include <getopt.h>
#include <sys/socket.h>
#include <signal.h>
#include <unistd.h>
#include <poll.h>
#include <string.h>
#include <errno.h>
#include <arpa/inet.h>
#include <sys/types.h>
#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/ssl.h>
#include <openssl/conf.h>
volatile sig_atomic_t server_alive = 1;
const char *config_file;
static int sockets[NUM_SOCKETS];
static SSL_CTX *contexts[CONFIG_MAX_CERT_CONFIG];
static client_ctx_t clients[MAX_CLIENTS]; // TODO dynamic
static int clean() {
remove("/var/sesimos/server/cache");
rmdir("/var/sesimos/server/");
return 0;
}
static int ssl_servername_cb(SSL *ssl, int *ad, void *arg) {
const char *servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
if (servername != NULL) {
const host_config_t *conf = get_host_config(servername);
if (conf != NULL) SSL_set_SSL_CTX(ssl, contexts[conf->cert]);
}
return SSL_TLSEXT_ERR_OK;
}
static void accept_cb(void *arg) {
int i = (int) (((int *) arg) - sockets);
int fd = sockets[i];
int j;
for (j = 0; j < MAX_CLIENTS; j++) {
if (clients[j].in_use == 0) break;
}
client_ctx_t *client_ctx = &clients[j];
client_ctx->in_use = 1;
sock *client = &client_ctx->socket;
client->ctx = contexts[0];
socklen_t addr_len = sizeof(client->addr);
int client_fd = accept(fd, &client->addr.sock, &addr_len);
if (client_fd < 0) {
critical("Unable to accept connection");
return;
}
client->socket = client_fd;
client->enc = (i == 1);
tcp_accept(client_ctx);
}
static void accept_err_cb(void *arg) {
int i = (int) (((int *) arg) - sockets);
int fd = sockets[i];
// TODO accept error callback
}
static void terminate_forcefully(int sig) {
fprintf(stderr, "\n");
notice("Terminating forcefully!");
geoip_free();
notice("Goodbye");
exit(2);
}
static void terminate_gracefully(int sig) {
fprintf(stderr, "\n");
notice("Terminating gracefully...");
server_alive = 0;
signal(SIGINT, terminate_forcefully);
signal(SIGTERM, terminate_forcefully);
tcp_acceptor_stop();
request_handler_stop();
tcp_closer_stop();
tcp_acceptor_destroy();
request_handler_destroy();
tcp_closer_destroy();
for (int i = 0; i < NUM_SOCKETS; i++) {
shutdown(sockets[i], SHUT_RDWR);
close(sockets[i]);
}
notice("Goodbye");
geoip_free();
exit(0);
}
static void nothing(int sig) {}
int main(int argc, char *const argv[]) {
const int YES = 1;
int ret;
memset(sockets, 0, sizeof(sockets));
memset(clients, 0, sizeof(clients));
const struct sockaddr_in6 addresses[2] = {
{.sin6_family = AF_INET6, .sin6_addr = IN6ADDR_ANY_INIT, .sin6_port = htons(80)},
{.sin6_family = AF_INET6, .sin6_addr = IN6ADDR_ANY_INIT, .sin6_port = htons(443)}
};
logger_init();
logger_set_name("server");
if (setvbuf(stdout, NULL, _IOLBF, 0) != 0 || setvbuf(stderr, NULL, _IOLBF, 0) != 0) {
critical("Unable to set stdout/stderr to line-buffered mode");
return 1;
}
printf("Sesimos web server " SERVER_VERSION "\n");
static const struct option long_opts[] = {
{"help", no_argument, 0, 'h'},
{"config", required_argument, 0, 'c'},
{ 0, 0, 0, 0 }
};
config_file = NULL;
int c, opt_idx;
while ((c = getopt_long(argc, argv, "hc:", long_opts, &opt_idx)) != -1) {
switch (c) {
case 'h':
fprintf(stderr,
"Usage: sesimos [-h] [-c <CONFIG FILE>]\n"
"\n"
"Options:\n"
" -c, --config <CONFIG-FILE> path to the config file. If not provided, default will be used\n"
" -h, --help print this dialogue\n");
return 0;
case 'c':
config_file = optarg;
break;
case '?':
default:
critical("Unable to parse arguments");
return 1;
}
}
if (optind != argc) {
critical("No positional arguments expected");
return 1;
}
if (config_load(config_file == NULL ? DEFAULT_CONFIG_FILE : config_file) != 0)
return 1;
if ((sockets[0] = socket(AF_INET6, SOCK_STREAM, 0)) == -1 ||
(sockets[1] = socket(AF_INET6, SOCK_STREAM, 0)) == -1)
{
critical("Unable to create socket");
return 1;
}
for (int i = 0; i < NUM_SOCKETS; i++) {
if (setsockopt(sockets[i], SOL_SOCKET, SO_REUSEADDR, &YES, sizeof(YES)) < 0) {
critical("Unable to set options for socket %i", i);
return 1;
}
}
if (bind(sockets[0], (struct sockaddr *) &addresses[0], sizeof(addresses[0])) == -1 ||
bind(sockets[1], (struct sockaddr *) &addresses[1], sizeof(addresses[1])) == -1)
{
critical("Unable to bind socket to address");
return 1;
}
signal(SIGINT, terminate_gracefully);
signal(SIGTERM, terminate_gracefully);
signal(SIGUSR1, nothing);
if ((ret = geoip_init(config.geoip_dir)) != 0) {
if (ret == -1) {
critical("Unable to initialize geoip");
}
return 1;
}
if ((ret = cache_init()) != 0) {
geoip_free();
if (ret == -1) critical("Unable to initialize cache");
return 1;
}
for (int i = 0; i < CONFIG_MAX_CERT_CONFIG; i++) {
const cert_config_t *conf = &config.certs[i];
if (conf->name[0] == 0) break;
contexts[i] = SSL_CTX_new(TLS_server_method());
SSL_CTX *ctx = contexts[i];
SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE);
SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);
SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION);
SSL_CTX_set_mode(ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
SSL_CTX_set_cipher_list(ctx, "HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4");
SSL_CTX_set_ecdh_auto(ctx, 1);
SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);
if (SSL_CTX_use_certificate_chain_file(ctx, conf->full_chain) != 1) {
critical("Unable to load certificate chain file: %s: %s", ERR_reason_error_string(ERR_get_error()), conf->full_chain);
geoip_free();
return 1;
}
if (SSL_CTX_use_PrivateKey_file(ctx, conf->priv_key, SSL_FILETYPE_PEM) != 1) {
critical("Unable to load private key file: %s: %s", ERR_reason_error_string(ERR_get_error()), conf->priv_key);
geoip_free();
return 1;
}
}
proxy_preload();
for (int i = 0; i < NUM_SOCKETS; i++) {
if (listen(sockets[i], LISTEN_BACKLOG) < 0) {
critical("Unable to listen on socket %i", i);
geoip_free();
return 1;
}
}
tcp_acceptor_init(CNX_HANDLER_WORKERS, 64);
tcp_closer_init(CNX_HANDLER_WORKERS, 64);
request_handler_init(REQ_HANDLER_WORKERS, 64);
for (int i = 0; i < NUM_SOCKETS; i++) {
async(sockets[i], POLLIN, ASYNC_KEEP, accept_cb, &sockets[i], accept_err_cb, &sockets[i]);
}
notice("Ready to accept connections");
async_thread();
// cleanup
geoip_free();
return 0;
}

29
src/server.h Normal file
View File

@@ -0,0 +1,29 @@
/**
* sesimos - secure, simple, modern web server
* @brief Main executable (header file)
* @file src/server.h
* @author Lorenz Stechauner
* @date 2020-12-03
*/
#ifndef SESIMOS_SERVER_H
#define SESIMOS_SERVER_H
#include <sys/time.h>
#include <maxminddb.h>
#include <signal.h>
#define NUM_SOCKETS 2
#define LISTEN_BACKLOG 16
#define REQ_PER_CONNECTION 200
#define CLIENT_TIMEOUT 3600
#define SERVER_TIMEOUT_INIT 4
#define SERVER_TIMEOUT 3600
#define MAX_CLIENTS 4096
#define CNX_HANDLER_WORKERS 8
#define REQ_HANDLER_WORKERS 16
extern volatile sig_atomic_t server_alive;
#endif //SESIMOS_SERVER_H

View File

@@ -1,45 +0,0 @@
/**
* Necronda Web Server
* URI and path handlers (header file)
* src/uri.h
* Lorenz Stechauner, 2020-12-13
*/
#ifndef NECRONDA_SERVER_URI_H
#define NECRONDA_SERVER_URI_H
#include <sys/stat.h>
#define URI_DIR_MODE_FORBIDDEN 0
#define URI_DIR_MODE_LIST 1
#define URI_DIR_MODE_INFO 2
typedef struct {
char etag[64];
char type[24];
char charset[16];
char filename_comp[256];
struct stat stat;
} meta_data;
typedef struct {
char *webroot; // "/srv/www/www.test.org"
char *req_path; // "/account/login"
char *path; // "/account/"
char *pathinfo; // "login"
char *query; // "username=test"
char *filename; // "/account/index.php"
char *uri; // "/account/login?username=test"
meta_data *meta;
unsigned char is_static:1;
unsigned char is_dir:1;
} http_uri;
int uri_init(http_uri *uri, const char *webroot, const char *uri_str, int dir_mode);
int uri_init_cache(http_uri *uri);
void uri_free(http_uri *uri);
#endif //NECRONDA_SERVER_URI_H

View File

@@ -1,157 +0,0 @@
/**
* Necronda Web Server
* Utilities
* src/utils.c
* Lorenz Stechauner, 2020-12-03
*/
#include "utils.h"
char *format_duration(unsigned long micros, char *buf) {
if (micros < 10000) {
sprintf(buf, "%.1f ms", (double) micros / 1000);
} else if (micros < 1000000) {
sprintf(buf, "%li ms", micros / 1000);
} else if (micros < 60000000) {
sprintf(buf, "%.1f s", (double) micros / 1000000);
} else if (micros < 6000000000) {
sprintf(buf, "%.1f min", (double) micros / 1000000 / 60);
} else {
sprintf(buf, "%li min", micros / 1000000 / 60);
}
return buf;
}
int url_encode(const char *str, char *enc, ssize_t *size) {
char *ptr = enc;
char ch;
memset(enc, 0, *size);
for (int i = 0; i < strlen(str); i++, ptr++) {
if ((ptr - enc) >= *size) {
return -1;
}
ch = str[i];
if (ch == ':' || ch == '/' || ch == '?' || ch == '#' || ch == '[' || ch == ']' || ch == '@' || ch == '!' ||
ch == '$' || ch == '&' || ch == '\'' || ch == '(' || ch == ')' || ch == '*' || ch == '+' || ch == ',' ||
ch == ';' || ch == '=' || ch < ' ' || ch > '~') {
if ((ptr - enc + 2) >= *size) {
return -1;
}
sprintf(ptr, "%%%02X", ch);
ptr += 2;
} else if (ch == ' ') {
ptr[0] = '+';
} else {
ptr[0] = ch;
}
}
*size = ptr - enc;
return 0;
}
int encode_url(const char *str, char *enc, ssize_t *size) {
char *ptr = enc;
unsigned char ch;
memset(enc, 0, *size);
for (int i = 0; i < strlen(str); i++, ptr++) {
if ((ptr - enc) >= *size) {
return -1;
}
ch = str[i];
if (ch > 0x7F || ch == ' ') {
if ((ptr - enc + 2) >= *size) {
return -1;
}
sprintf(ptr, "%%%02X", ch);
ptr += 2;
} else {
ptr[0] = (char) ch;
}
}
*size = ptr - enc;
return 0;
}
int url_decode(const char *str, char *dec, ssize_t *size) {
char *ptr = dec;
char ch, buf[3];
memset(dec, 0, *size);
for (int i = 0; i < strlen(str); i++, ptr++) {
if ((ptr - dec) >= *size) {
return -1;
}
ch = str[i];
if (ch == '+') {
ch = ' ';
} else if (ch == '%') {
memcpy(buf, str + i + 1, 2);
buf[2] = 0;
ch = (char) strtol(buf, NULL, 16);
i += 2;
}
ptr[0] = ch;
}
*size = ptr - dec;
return 0;
}
MMDB_entry_data_list_s *mmdb_json(MMDB_entry_data_list_s *list, char *str, long *str_off, long str_len) {
switch (list->entry_data.type) {
case MMDB_DATA_TYPE_MAP:
*str_off += sprintf(str + *str_off, "{");
break;
case MMDB_DATA_TYPE_ARRAY:
*str_off += sprintf(str + *str_off, "[");
break;
case MMDB_DATA_TYPE_UTF8_STRING:
*str_off += sprintf(str + *str_off, "\"%.*s\"", list->entry_data.data_size, list->entry_data.utf8_string);
break;
case MMDB_DATA_TYPE_UINT16:
*str_off += sprintf(str + *str_off, "%u", list->entry_data.uint16);
break;
case MMDB_DATA_TYPE_UINT32:
*str_off += sprintf(str + *str_off, "%u", list->entry_data.uint32);
break;
case MMDB_DATA_TYPE_UINT64:
*str_off += sprintf(str + *str_off, "%lu", list->entry_data.uint64);
break;
case MMDB_DATA_TYPE_UINT128:
*str_off += sprintf(str + *str_off, "%llu", list->entry_data.uint128);
break;
case MMDB_DATA_TYPE_INT32:
*str_off += sprintf(str + *str_off, "%i", list->entry_data.uint32);
break;
case MMDB_DATA_TYPE_BOOLEAN:
*str_off += sprintf(str + *str_off, "%s", list->entry_data.boolean ? "true" : "false");
break;
case MMDB_DATA_TYPE_FLOAT:
*str_off += sprintf(str + *str_off, "%f", list->entry_data.float_value);
break;
case MMDB_DATA_TYPE_DOUBLE:
*str_off += sprintf(str + *str_off, "%f", list->entry_data.double_value);
break;
}
if (list->entry_data.type != MMDB_DATA_TYPE_MAP && list->entry_data.type != MMDB_DATA_TYPE_ARRAY) {
return list->next;
}
MMDB_entry_data_list_s *next = list->next;
int stat = 0;
for (int i = 0; i < list->entry_data.data_size; i++) {
next = mmdb_json(next, str, str_off, str_len);
if (list->entry_data.type == MMDB_DATA_TYPE_MAP) {
stat = !stat;
if (stat) {
i--;
*str_off += sprintf(str + *str_off, ":");
continue;
}
}
if (i != list->entry_data.data_size - 1) *str_off += sprintf(str + *str_off, ",");
}
if (list->entry_data.type == MMDB_DATA_TYPE_MAP) {
*str_off += sprintf(str + *str_off, "}");
} else {
*str_off += sprintf(str + *str_off, "]");
}
return next;
}

View File

@@ -1,31 +0,0 @@
/**
* Necronda Web Server
* Utilities (header file)
* src/utils.h
* Lorenz Stechauner, 2020-12-03
*/
#ifndef NECRONDA_SERVER_UTILS_H
#define NECRONDA_SERVER_UTILS_H
char *log_prefix;
#define out_1(fmt) fprintf(stdout, "%s" fmt "\n", log_prefix)
#define out_2(fmt, args...) fprintf(stdout, "%s" fmt "\n", log_prefix, args)
#define out_x(x, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9, FUNC, ...) FUNC
#define print(...) out_x(, ##__VA_ARGS__, out_2(__VA_ARGS__), out_2(__VA_ARGS__), out_2(__VA_ARGS__), \
out_2(__VA_ARGS__), out_2(__VA_ARGS__), out_2(__VA_ARGS__), out_2(__VA_ARGS__), \
out_2(__VA_ARGS__), out_1(__VA_ARGS__))
char *format_duration(unsigned long micros, char *buf);
int url_encode(const char *str, char *enc, ssize_t *size);
int encode_url(const char *str, char *enc, ssize_t *size);
int url_decode(const char *str, char *dec, ssize_t *size);
#endif //NECRONDA_SERVER_UTILS_H

View File

@@ -0,0 +1,31 @@
#include "request_handler.h"
#include "../logger.h"
#include "../lib/mpmc.h"
#include "../lib/utils.h"
#include "tcp_closer.h"
static mpmc_t mpmc_ctx;
static void request_handler_func(client_ctx_t *ctx);
int request_handler_init(int n_workers, int buf_size) {
return mpmc_init(&mpmc_ctx, n_workers, buf_size, (void (*)(void *)) request_handler_func, "req");
}
int handle_request(client_ctx_t *ctx) {
return mpmc_queue(&mpmc_ctx, ctx);
}
void request_handler_stop(void) {
mpmc_stop(&mpmc_ctx);
}
void request_handler_destroy(void) {
mpmc_destroy(&mpmc_ctx);
}
static void request_handler_func(client_ctx_t *ctx) {
// TODO
tcp_close(ctx);
}

View File

@@ -0,0 +1,15 @@
#ifndef SESIMOS_REQUEST_HANDLER_H
#define SESIMOS_REQUEST_HANDLER_H
#include "../client.h"
int request_handler_init(int n_workers, int buf_size);
int handle_request(client_ctx_t *ctx);
void request_handler_stop(void);
void request_handler_destroy(void);
#endif //SESIMOS_REQUEST_HANDLER_H

131
src/worker/tcp_acceptor.c Normal file
View File

@@ -0,0 +1,131 @@
#include "tcp_acceptor.h"
#include "../logger.h"
#include "../lib/mpmc.h"
#include "../lib/utils.h"
#include "../server.h"
#include "../lib/geoip.h"
#include "../async.h"
#include "tcp_closer.h"
#include "request_handler.h"
#include <string.h>
#include <errno.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
static mpmc_t mpmc_ctx;
static void tcp_acceptor_func(client_ctx_t *ctx);
int tcp_acceptor_init(int n_workers, int buf_size) {
return mpmc_init(&mpmc_ctx, n_workers, buf_size, (void (*)(void *)) tcp_acceptor_func, "tcp/a");
}
int tcp_accept(client_ctx_t *ctx) {
return mpmc_queue(&mpmc_ctx, ctx);
}
void tcp_acceptor_stop(void) {
mpmc_stop(&mpmc_ctx);
}
void tcp_acceptor_destroy(void) {
mpmc_destroy(&mpmc_ctx);
}
static void tcp_acceptor_func(client_ctx_t *ctx) {
struct sockaddr_in6 server_addr;
char log_client_prefix[256];
inet_ntop(ctx->socket.addr.ipv6.sin6_family, &ctx->socket.addr.ipv6.sin6_addr, ctx->_c_addr, sizeof(ctx->_c_addr));
if (strncmp(ctx->_c_addr, "::ffff:", 7) == 0) {
ctx->addr = ctx->_c_addr + 7;
} else {
ctx->addr = ctx->_c_addr;
}
socklen_t len = sizeof(server_addr);
getsockname(ctx->socket.socket, (struct sockaddr *) &server_addr, &len);
inet_ntop(server_addr.sin6_family, (void *) &server_addr.sin6_addr, ctx->_s_addr, sizeof(ctx->_s_addr));
if (strncmp(ctx->_s_addr, "::ffff:", 7) == 0) {
ctx->s_addr = ctx->_s_addr + 7;
} else {
ctx->s_addr = ctx->_s_addr;
}
sprintf(log_client_prefix, "[%s%4i%s]%s[%*s][%5i]%s", (int) ctx->socket.enc ? HTTPS_STR : HTTP_STR,
ntohs(server_addr.sin6_port), CLR_STR, /*color_table[0]*/ "", INET6_ADDRSTRLEN, ctx->addr,
ntohs(ctx->socket.addr.ipv6.sin6_port), CLR_STR);
sprintf(ctx->log_prefix, "[%*s]%s", INET6_ADDRSTRLEN, ctx->s_addr, log_client_prefix);
logger_set_prefix(ctx->log_prefix);
int ret;
char buf[1024];
sock *client = &ctx->socket;
clock_gettime(CLOCK_MONOTONIC, &ctx->begin);
if (config.dns_server[0] != 0) {
sprintf(buf, "dig @%s +short +time=1 -x %s", config.dns_server, ctx->addr);
FILE *dig = popen(buf, "r");
if (dig == NULL) {
error("Unable to start dig: %s", strerror(errno));
goto dig_err;
}
unsigned long read = fread(buf, 1, sizeof(buf), dig);
ret = pclose(dig);
if (ret != 0) {
error("Dig terminated with exit code %i", ret);
goto dig_err;
}
char *ptr = memchr(buf, '\n', read);
if (ptr == buf || ptr == NULL) {
goto dig_err;
}
ptr[-1] = 0;
strncpy(ctx->host, buf, sizeof(ctx->host));
} else {
dig_err:
ctx->host[0] = 0;
}
ctx->cc[0] = 0;
geoip_lookup_country(&client->addr.sock, ctx->cc);
info("Connection accepted from %s %s%s%s[%s]", ctx->addr, ctx->host[0] != 0 ? "(" : "",
ctx->host[0] != 0 ? ctx->host : "", ctx->host[0] != 0 ? ") " : "",
ctx->cc[0] != 0 ? ctx->cc : "N/A");
struct timeval client_timeout = {.tv_sec = CLIENT_TIMEOUT, .tv_usec = 0};
if (setsockopt(client->socket, SOL_SOCKET, SO_RCVTIMEO, &client_timeout, sizeof(client_timeout)) == -1 ||
setsockopt(client->socket, SOL_SOCKET, SO_SNDTIMEO, &client_timeout, sizeof(client_timeout)) == -1)
{
error("Unable to set timeout for socket");
tcp_close(ctx);
return;
}
if (client->enc) {
client->ssl = SSL_new(client->ctx);
SSL_set_fd(client->ssl, client->socket);
SSL_set_accept_state(client->ssl);
ret = SSL_accept(client->ssl);
client->_last_ret = ret;
client->_errno = errno;
client->_ssl_error = ERR_get_error();
if (ret <= 0) {
error("Unable to perform handshake: %s", sock_strerror(client));
tcp_close(ctx);
return;
}
}
ctx->req_num = 0;
ctx->s_keep_alive = 1;
ctx->c_keep_alive = 1;
async(ctx->socket.socket, POLLIN, 0, (void (*)(void *)) handle_request, ctx, (void (*)(void *)) tcp_close, ctx);
}

15
src/worker/tcp_acceptor.h Normal file
View File

@@ -0,0 +1,15 @@
#ifndef SESIMOS_TCP_ACCEPTOR_H
#define SESIMOS_TCP_ACCEPTOR_H
#include "../client.h"
int tcp_acceptor_init(int n_workers, int buf_size);
int tcp_accept(client_ctx_t *ctx);
void tcp_acceptor_stop(void);
void tcp_acceptor_destroy(void);
#endif //SESIMOS_TCP_ACCEPTOR_H

40
src/worker/tcp_closer.c Normal file
View File

@@ -0,0 +1,40 @@
#include "tcp_closer.h"
#include "../logger.h"
#include "../lib/mpmc.h"
#include "../lib/utils.h"
#include <memory.h>
static mpmc_t mpmc_ctx;
static void tcp_closer_func(client_ctx_t *ctx);
int tcp_closer_init(int n_workers, int buf_size) {
return mpmc_init(&mpmc_ctx, n_workers, buf_size, (void (*)(void *)) tcp_closer_func, "tcp/c");
}
int tcp_close(client_ctx_t *ctx) {
return mpmc_queue(&mpmc_ctx, ctx);
}
void tcp_closer_stop(void) {
mpmc_stop(&mpmc_ctx);
}
void tcp_closer_destroy(void) {
mpmc_destroy(&mpmc_ctx);
}
static void tcp_closer_func(client_ctx_t *ctx) {
logger_set_prefix(ctx->log_prefix);
sock_close(&ctx->socket);
char buf[32];
clock_gettime(CLOCK_MONOTONIC, &ctx->end);
unsigned long micros = (ctx->end.tv_nsec - ctx->begin.tv_nsec) / 1000 + (ctx->end.tv_sec - ctx->begin.tv_sec) * 1000000;
info("Connection closed (%s)", format_duration(micros, buf));
memset(ctx, 0, sizeof(*ctx));
}

15
src/worker/tcp_closer.h Normal file
View File

@@ -0,0 +1,15 @@
#ifndef SESIMOS_TCP_CLOSER_H
#define SESIMOS_TCP_CLOSER_H
#include "../client.h"
int tcp_closer_init(int n_workers, int buf_size);
int tcp_close(client_ctx_t *ctx);
void tcp_closer_stop(void);
void tcp_closer_destroy(void);
#endif //SESIMOS_TCP_CLOSER_H

28
test/mock_socket.c Normal file
View File

@@ -0,0 +1,28 @@
#include <stdio.h>
#include <errno.h>
#include "mock_socket.h"
int mock_socket_send_mode;
static int sockets[256] = {0};
static int n_sockets = 0;
int mock_socket(int domain, int type, int protocol) {
printf("SOCKET\n");
return (n_sockets++) + 100;
}
ssize_t mock_send(int fd, const void *buf, size_t n, int flags) {
printf("SEND\n");
if (mock_socket_send_mode == MOCK_SOCKET_MODE_EINTR) {
errno = EINTR;
return rand() % ((ssize_t) n) - 1;
} else if (mock_socket_send_mode == MOCK_SOCKET_MODE_CLOSED) {
errno = 0; // TODO
return -1;
}
return (ssize_t) n;
}

20
test/mock_socket.h Normal file
View File

@@ -0,0 +1,20 @@
#ifndef SESIMOS_MOCK_SOCKET_H
#define SESIMOS_MOCK_SOCKET_H
#include <stdlib.h>
#define MOCK_SOCKET_MODE_SUCCESS 0
#define MOCK_SOCKET_MODE_EINTR 1
#define MOCK_SOCKET_MODE_CLOSED 2
#define socket(args...) mock_socket(args)
#define send(args...) mock_send(args)
extern int mock_socket_send_mode;
int mock_socket(int domain, int type, int protocol);
ssize_t mock_send(int fd, const void *buf, size_t n, int flags);
#endif //SESIMOS_MOCK_SOCKET_H

33
test/mock_ssl.c Normal file
View File

@@ -0,0 +1,33 @@
#include <openssl/crypto.h>
int SSL_write(SSL *ssl, const void *buf, int num) {
return num;
}
int SSL_read(SSL *ssl, void *buf, int num) {
return num;
}
int SSL_peek(SSL *ssl, void *buf, int num) {
return num;
}
int SSL_get_error(const SSL *s, int ret_code) {
return 0;
}
const char *ERR_reason_error_string(unsigned long e) {
return "";
}
int SSL_shutdown(SSL *s) {
return 0;
}
void SSL_free(SSL *ssl) {}
unsigned long ERR_get_error(void) {
return 0;
}

15
test/test_sock.c Normal file
View File

@@ -0,0 +1,15 @@
#include <criterion/criterion.h>
#include "mock_socket.h"
#include "../src/lib/sock.h"
Test(sock, sock_send_1) {
int fd = socket(AF_INET6, SOCK_STREAM, 0);
sock s;
s.enc = 0;
s.socket = fd;
long ret = sock_send(&s, "Hello", 5, 0);
cr_assert_eq(ret, 5);
}

86
test/test_utils.c Normal file
View File

@@ -0,0 +1,86 @@
#include <criterion/criterion.h>
#include <criterion/parameterized.h>
#include "../src/lib/utils.h"
struct url_encode_t {
long in_size;
char in[256];
long exp_size;
char exp[256];
};
struct format_duration_t {
unsigned long micros;
char exp[16];
};
ParameterizedTestParameters(utils, url_encode) {
static struct url_encode_t params[] = {
{0, "", 0, ""},
{9, "Test Text", 11, "Test%20Text"},
{21, "Text\0with\0null\0bytes\0", 29, "Text%00with%00null%00bytes%00"},
{59, "Text&with+some/strange_symbols-or#something?I%don't|know...", 59, "Text&with+some/strange_symbols-or#something?I%don't|know..."},
{33, "Data\x12With\x13Some" "\xFF" "Control" "\xFE" "Characters", 41, "Data%12With%13Some%FFControl%FECharacters"}
};
return cr_make_param_array(struct url_encode_t, params, sizeof(params) / sizeof(struct url_encode_t));
}
ParameterizedTest(struct url_encode_t *param, utils, url_encode) {
char out[256];
cr_assert_eq(url_encode(param->in, param->in_size, out, sizeof(out)), param->exp_size);
cr_assert_arr_eq(out, param->exp, param->exp_size + 1);
}
Test(utils, url_encode_bytes) {
char out[4];
char exp[4];
for (int i = 0; i < 256; i++) {
unsigned char ch = i;
if (ch <= 0x20 || ch >= 0x7F) {
cr_assert_eq(url_encode(&ch, 1, out, sizeof(out)), 3);
sprintf(exp, "%%%02X", ch);
cr_assert_str_eq(out, exp);
} else {
cr_assert_eq(url_encode(&ch, 1, out, sizeof(out)), 1);
sprintf(exp, "%c", ch);
cr_assert_str_eq(out, exp);
}
}
}
Test(utils, url_encode_invalid) {
cr_assert_eq(url_encode("Hello", 5, NULL, 0), 5);
}
ParameterizedTestParameters(utils, format_duration) {
static struct format_duration_t params[] = {
{0, "0.0 ms"},
{1, "0.0 ms"},
{90, "0.1 ms"},
{100, "0.1 ms"},
{110, "0.1 ms"},
{900, "0.9 ms"},
{1000, "1.0 ms"},
{9000, "9.0 ms"},
{9899, "9.9 ms"},
{9999, "10.0 ms"},
{10000, "10 ms"},
{11999, "12 ms"},
{999999, "1.0 s"},
{1000000, "1.0 s"},
{3000000, "3.0 s"},
{1000000 * 60, "1.0 min"},
{1000000 * 60 * 30L - 30000000, "29.5 min"},
{1000000 * 60 * 60L, "60.0 min"},
{1000000 * 60 * 120L, "120 min"},
};
return cr_make_param_array(struct format_duration_t, params, sizeof(params) / sizeof(struct format_duration_t));
}
ParameterizedTest(struct format_duration_t *param, utils, format_duration) {
char buf[16];
cr_assert_str_eq(format_duration(param->micros, buf), param->exp);
}