lorenz.stechauner/sesimos
1
1
Fork 0
Code Issues Pull Requests Projects Releases Activity

Compare commits

base: lorenz.stechauner:v4.5
Branches Tags
lorenz.stechauner:master lorenz.stechauner:stable-4 lorenz.stechauner:dev
lorenz.stechauner:v4.6 lorenz.stechauner:v4.5 lorenz.stechauner:v4.4 lorenz.stechauner:v4.3 lorenz.stechauner:v4.2 lorenz.stechauner:v4.1 lorenz.stechauner:v4.0 lorenz.stechauner:v3.0
...
compare: lorenz.stechauner:f92c26c350fe19a15e66e11eb9c1b37026bcae99
Branches Tags
lorenz.stechauner:master lorenz.stechauner:stable-4 lorenz.stechauner:dev
lorenz.stechauner:v4.6 lorenz.stechauner:v4.5 lorenz.stechauner:v4.4 lorenz.stechauner:v4.3 lorenz.stechauner:v4.2 lorenz.stechauner:v4.1 lorenz.stechauner:v4.0 lorenz.stechauner:v3.0

80 Commits
v4.5 ... f92c26c350

Author SHA1 Message Date
Lorenz Stechauner
f92c26c350 async - check if fd is already ready 2022-12-29 11:31:52 +01:00
Lorenz Stechauner
f9b3cc29ab Update logger to use format 2022-12-29 11:09:45 +01:00
Lorenz Stechauner
5c72a0cb60 Request handler 2022-12-29 10:27:54 +01:00
Lorenz Stechauner
cf3cff0746 Reset errno after EINTR 2022-12-29 10:14:14 +01:00
Lorenz Stechauner
b90ed61e03 Async working with connection handlers 2022-12-29 01:49:00 +01:00
Lorenz Stechauner
dfc659dec0 Renamed logger_alive to alive 2022-12-29 00:02:33 +01:00
Lorenz Stechauner
096aeae23b Async working (in concept) 2022-12-28 16:40:31 +01:00
Lorenz Stechauner
cd97eca7d3 Add client_ctx_t in client_handler 2022-12-28 15:17:19 +01:00
Lorenz Stechauner
ce658ac965 move lib/cache to cache_handler 2022-12-19 15:27:38 +01:00
Lorenz Stechauner
dd4f768cc4 Logger and config refactor 2022-12-19 14:36:00 +01:00
Lorenz Stechauner
45514f90ca Multi processing -> multi threading 2022-12-18 22:18:11 +01:00
Lorenz Stechauner
44913c1e0e Refactor 2022-12-15 19:55:52 +01:00
Lorenz Stechauner
b244f86c72 Remove unneccessary malloc in compress 2022-12-15 19:49:59 +01:00
Lorenz Stechauner
a3c1ecc0bf Refactor uri.h 2022-12-15 17:53:49 +01:00
Lorenz Stechauner
3227e615fe Use getopt_long 2022-12-15 11:26:40 +01:00
Lorenz Stechauner
3ce72975b8 Remove shm from config 2022-12-15 10:43:43 +01:00
Lorenz Stechauner
1f20c70772 Add union for sock addr 2022-12-15 10:26:28 +01:00
Lorenz Stechauner
fabb55d94b Cleanup 2022-12-13 23:49:12 +01:00
Lorenz Stechauner
6d473bfa49 small changes 2022-12-13 23:43:22 +01:00
Lorenz Stechauner
8e83d6aa5f Outsource geoip 2022-12-13 23:41:29 +01:00
Lorenz Stechauner
b422b37806 Renamed rev_proxy -> proxy 2022-12-13 20:36:21 +01:00
Lorenz Stechauner
74c97a512f Rename logger() 2022-12-13 19:49:20 +01:00
Lorenz Stechauner
7653c3117e Add architecture.md 2022-12-10 23:39:36 +01:00
Lorenz Stechauner
483b386100 Remove some global variables 2022-12-10 22:44:26 +01:00
Lorenz Stechauner
bfa9cf4fcd Add client_ctx_t 2022-12-10 22:33:30 +01:00
Lorenz Stechauner
9ac67dbfd3 Clean up logger 2022-12-10 21:56:25 +01:00
Lorenz Stechauner
2efe65fc74 Cleanup code 2022-12-10 21:40:41 +01:00
Lorenz Stechauner
2937bdaded Add logger 2022-12-10 20:48:47 +01:00
Lorenz Stechauner
782c7440b0 Websocket uuid as char array 2022-12-10 02:21:02 +01:00
Lorenz Stechauner
88346fe722 Do not use shard object file anymore 2022-12-10 01:49:16 +01:00
Lorenz Stechauner
0f75aeea7a Add tests for some utils 2022-12-10 01:33:16 +01:00
Lorenz Stechauner
933aac0f09 Use OpenSSL EVP api for hashing 2022-12-09 14:27:06 +01:00
Lorenz Stechauner
7f1299feb4 Fix rev proxy ret bug 2022-11-11 03:05:33 +01:00
Lorenz Stechauner
8435048150 Handle fastcgit chunk return 2022-11-11 02:23:12 +01:00
Lorenz Stechauner
206ae3264d Hopefully fix bug 2022-11-11 02:18:01 +01:00
Lorenz Stechauner
5e050512ad Fix sock_recv return handling 2022-11-10 23:51:57 +01:00
Lorenz Stechauner
db053121f2 Refactor Makefile 2022-11-10 20:42:24 +01:00
Lorenz Stechauner
89a9d4b9d6 Fix chunked splicing 2022-11-10 20:21:25 +01:00
Lorenz Stechauner
bc7c3591a2 Renamed docs/ to doc/ 2022-11-01 11:10:29 +01:00
Lorenz Stechauner
1859c432c8 Fix chunked 2022-10-21 00:01:11 +02:00
Lorenz Stechauner
33ec943e8b Fix Makefile 2022-10-20 23:51:06 +02:00
Lorenz Stechauner
b30f9fa56d Implement Transfer-Encoding chunked for requests 2022-10-20 23:10:07 +02:00
Lorenz Stechauner
90e324cf87 Remove client buffer 2022-10-20 23:00:11 +02:00
Lorenz Stechauner
e7e1e7b18f Add debian target to Makefile 2022-10-20 22:07:51 +02:00
Lorenz Stechauner
63b1ca5d6a Update file header comments 2022-10-20 22:03:46 +02:00
Lorenz Stechauner
54313551fc Use (void) instead of void 2022-10-20 22:03:46 +02:00
Lorenz Stechauner
92779e5dba Use volatile sig_atomic_t instead of int 2022-10-20 22:03:46 +02:00
Lorenz Stechauner
100eb1597d Update Makefile to be a real Makefile 2022-10-20 22:03:46 +02:00
Lorenz Stechauner
f4c3345445 Fix spacing 2022-10-20 22:03:16 +02:00
Lorenz Stechauner
893316ebfa Remove debug message 2022-10-20 21:32:50 +02:00
Lorenz Stechauner
6a511732af Add debug print for websocket 2022-08-27 17:37:54 +02:00
Lorenz Stechauner
bb895c5bca Fix WebSocket connection close handling 2022-08-27 14:01:33 +02:00
Lorenz Stechauner
a2f4bf57e0 Bump version to 4.6 2022-08-18 14:49:49 +02:00
Lorenz Stechauner
635271ec50 Change default config file name 2022-08-18 14:36:31 +02:00
Lorenz Stechauner
2b4569aabe Rename Necronda server to Sesimos 2022-08-18 14:17:12 +02:00
Lorenz Stechauner
f361fce561 Remove second trailing new-line in websocket.c 2022-08-18 12:31:56 +02:00
Lorenz Stechauner
c92742275a Implement WebSocket reverse proxy 2022-08-18 03:07:54 +02:00
Lorenz Stechauner
041e4d43a7 Code style 2022-08-17 22:35:51 +02:00
Lorenz Stechauner
170337d4d5 Do not use select() anymore 2022-08-17 22:34:01 +02:00
Lorenz Stechauner
f0b27b3b37 Fix revproxy and fastcgi http header field merging 2022-08-17 19:11:20 +02:00
Lorenz Stechauner
ee8aedce91 Add base64_encode() to utils 2022-08-17 12:57:07 +02:00
Lorenz Stechauner
0648c75baa Refactor code a bit 2022-08-16 22:06:50 +02:00
Lorenz Stechauner
b6ba58d406 Fix memory leak on location rewrite in rev_proxy 2022-08-16 21:03:50 +02:00
Lorenz Stechauner
abe0e326cb Remove redundant compressable-mime-type 2022-08-16 20:40:55 +02:00
Lorenz Stechauner
4fe067ed7d Remove strncpy 2022-08-16 20:16:46 +02:00
Lorenz Stechauner
41e12d6293 Fix http_get_header_field(_len) 2022-08-16 20:08:00 +02:00
Lorenz Stechauner
a738f1abfe Fix http parser bugs 2022-08-16 20:04:08 +02:00
Lorenz Stechauner
b6309eec39 Update readme 2022-08-16 19:20:01 +02:00
Lorenz Stechauner
9923a76ba7 Update readme 2022-08-16 19:15:59 +02:00
Lorenz Stechauner
ea4cdff233 Update example.conf 2022-08-16 19:08:02 +02:00
Lorenz Stechauner
6526b5cbcb Rename necronda-server.* to server.* 2022-08-16 19:02:28 +02:00
Lorenz Stechauner
0119945e03 Fix header in client.h 2022-08-16 18:58:38 +02:00
Lorenz Stechauner
3fe1fe023a Fix shared memory management on error 2022-08-16 18:52:10 +02:00
Lorenz Stechauner
bc1c6d3498 Update http header parser 2022-08-16 18:35:03 +02:00
Lorenz Stechauner
50bb537074 Refactor code style 2022-08-15 22:06:10 +02:00
Lorenz Stechauner
c060ee5bb6 Add TODO 2022-07-10 21:28:00 +02:00
Lorenz Stechauner
4062883cb3 Update rev proxy error document handling 2022-07-10 21:26:01 +02:00
Lorenz Stechauner
e0e44e9c26 Fix reverse proxy retry issue 2022-07-08 11:37:07 +02:00
Lorenz Stechauner
f0d8a3db4c Fix array out of bounds for reverse proxy location 2022-07-07 20:01:30 +02:00
Lorenz Stechauner
557e176d3d Add redirection fix for reverse proxy 2022-07-07 19:36:54 +02:00
57 changed files with 3682 additions and 1949 deletions
Expand all files Collapse all files

8
.gitignore vendored
View File

@@ -1,8 +1,10 @@
*
!src
!src/**
!docs
!docs/**
!doc
!doc/**
!test
!test/**
!Makefile
!.gitignore
!README.md
!*.md

113
Makefile
View File

@@ -1,26 +1,103 @@
CC=gcc
CFLAGS=-std=gnu11 -Wall
LIBS=-lssl -lcrypto -lmagic -lz -lmaxminddb -lbrotlienc
CFLAGS=-std=gnu11 -Wno-unused-but-set-variable -D_DEFAULT_SOURCE -D_BSD_SOURCE -D_SVID_SOURCE -D_POSIX_C_SOURCE=200809L
LDFLAGS=-lssl -lcrypto -lmagic -lz -lmaxminddb -lbrotlienc
DEBIAN_OPTS=-D CACHE_MAGIC_FILE="\"/usr/share/file/magic.mgc\"" -D PHP_FPM_SOCKET="\"/var/run/php/php7.4-fpm.sock\""
packages:
@echo "Installing packages..."
sudo apt install gcc php-fpm libmagic-dev libssl-dev libmaxminddb-dev
@echo "Finished downloading!"
.PHONY: all prod debug default debian permit clean test
all: prod
default: bin bin/lib bin/worker bin/sesimos
prod: CFLAGS += -O3
prod: default
debug: CFLAGS += -Wall -pedantic
debug: default
debian: CFLAGS += $(DEBIAN_OPTS)
debian: prod
test: CFLAGS += -include test/mock_*.h
test: bin bin/test
bin/test
bin:
mkdir -p bin
bin/lib:
mkdir -p bin/lib
bin/worker:
mkdir -p bin/worker
bin/test: test/mock_*.c test/test_*.c src/lib/utils.c src/lib/sock.c
$(CC) -o $@ $(CFLAGS) $^ -lcriterion
bin/%.o: src/%.c
$(CC) -c -o $@ $(CFLAGS) $<
bin/lib/%.o: src/lib/%.c
$(CC) -c -o $@ $(CFLAGS) $<
bin/worker/%.o: src/worker/%.c
$(CC) -c -o $@ $(CFLAGS) $<
bin/sesimos: bin/server.o bin/client.o bin/logger.o bin/cache_handler.o bin/async.o \
bin/worker/request_handler.o bin/worker/tcp_acceptor.o bin/worker/tcp_closer.o \
bin/lib/compress.o bin/lib/config.o bin/lib/fastcgi.o bin/lib/geoip.o \
bin/lib/http.o bin/lib/http_static.o bin/lib/proxy.o bin/lib/sock.o bin/lib/uri.o \
bin/lib/utils.o bin/lib/websocket.o bin/lib/mpmc.o
$(CC) -o $@ $^ $(CFLAGS) $(LDFLAGS)
bin/server.o: src/server.h src/defs.h src/client.h src/cache_handler.h src/lib/config.h src/lib/sock.h \
src/lib/proxy.h src/lib/geoip.h src/lib/utils.h src/logger.h
bin/client.o: src/client.h src/defs.h src/server.h src/lib/utils.h src/lib/config.h src/lib/sock.h \
src/lib/http.h src/lib/proxy.h src/lib/fastcgi.h src/cache_handler.h src/lib/geoip.h src/lib/compress.h \
src/lib/websocket.h src/logger.h
bin/logger.o: src/logger.h
bin/cache_handler.o: src/cache_handler.h src/lib/utils.h src/lib/uri.h src/lib/compress.h src/logger.h
bin/async.o: src/async.h src/logger.h
bin/worker/request_handler.o: src/worker/request_handler.h
bin/worker/tcp_acceptor.o: src/worker/tcp_acceptor.h
bin/worker/tcp_closer.o: src/worker/tcp_closer.h
bin/lib/compress.o: src/lib/compress.h
bin/lib/config.o: src/lib/config.h src/lib/utils.h src/lib/uri.h src/logger.h
bin/lib/fastcgi.o: src/lib/fastcgi.h src/server.h src/lib/utils.h src/lib/compress.h src/lib/http.h \
src/lib/uri.h src/lib/include/fastcgi.h src/logger.h
bin/lib/geoip.o: src/lib/geoip.h
bin/lib/http.o: src/lib/http.h src/lib/utils.h src/lib/compress.h src/lib/sock.h src/logger.h
bin/lib/mpmc.o: src/lib/mpmc.h src/logger.h
bin/lib/proxy.o: src/lib/proxy.h src/defs.h src/server.h src/lib/compress.h src/logger.h
bin/lib/sock.o: src/lib/sock.h
bin/lib/uri.o: src/lib/uri.h src/lib/utils.h
bin/lib/utils.o: src/lib/utils.h
bin/lib/websocket.o: src/lib/websocket.h src/defs.h src/lib/utils.h src/lib/sock.h src/logger.h
permit:
sudo setcap 'cap_net_bind_service=+ep' "$(shell pwd)/bin/necronda-server"
sudo setcap 'cap_net_bind_service=+ep' "$(shell pwd)/bin/sesimos"
compile:
@mkdir -p bin
$(CC) src/lib/*.c -o bin/libnecrondaserver.so --shared -fPIC $(CFLAGS) $(LIBS)
$(CC) src/necronda-server.c -o bin/necronda-server $(CFLAGS) $(LIBS) \
-Lbin -lnecrondaserver -Wl,-rpath=$(shell pwd)/bin
compile-prod:
@mkdir -p bin
$(CC) src/lib/*.c -o bin/libnecrondaserver.so --shared -fPIC $(CFLAGS) $(LIBS) $(DEBIAN_OPTS) -O3
$(CC) src/necronda-server.c -o bin/necronda-server $(CFLAGS) $(LIBS) $(DEBIAN_OPTS) -O3 \
-Lbin -lnecrondaserver -Wl,-rpath=$(shell pwd)/bin
clean:
rm -rf bin/*

13
README.md
View File

@@ -1,15 +1,18 @@
Necronda web server
===================
Sesimos Secure, simple, modern web server
===========================================
## Features
* Full IPv4 and IPv6 support
* TLS Server Name Inspection (SNI)
* Serving local files via HTTP and HTTPS
* File compression ([gzip](https://www.gzip.org/), [Brotli](https://www.brotli.org/)) and disk cache for compressed files
* File compression ([gzip](https://www.gzip.org/), [Brotli](https://www.brotli.org/))
* Disk cache for compressed files
* Reverse proxy for other HTTP and HTTPS servers
* Transparent WebSocket reverse proxy
* FastCGI support (e.g. [PHP-FPM](https://php-fpm.org/))
* Automatic path info detection (e.g. `/my/file/extra/path` -> script: `/my/file.php`, path info: `extra/path`)
* Support for [MaxMind's GeoIP Database](https://www.maxmind.com/en/geoip2-services-and-databases)
* Optional DNS reverse lookup for connecting hosts
* Automatic URL rewrite (e.g. `/index.html` -> `/`, `/test.php` -> `/test`)
@@ -18,7 +21,7 @@ Necronda web server
## Configuration
See [docs/example.conf](docs/example.conf) for more details.
See [doc/example.conf](doc/example.conf) for more details.
### Global directives
@@ -29,7 +32,7 @@ See [docs/example.conf](docs/example.conf) for more details.
### Configuration
* `[cert <cert-name]` - begins section for a certificate
* `[cert <cert-name>]` - begins section for a certificate
* `certificate` - path to SSL certificate (or certificate chain)
* `private_key` - path to SSL private key
* `[host <host>]` - begins section for the virtual host `<host>`

22
architecture.md Normal file
View File

@@ -0,0 +1,22 @@
# Architecture
* logger (1)
* listener (2) - 80, 443
* cache_handler (1)
* connection_initializer
* request_handler
* local_handler
* proxy_handler
* ws_handler
* fastcgi_handler
* -> logger
* main -> listener
* listener -> connection_handler
* connection_initializer -> request_handler
* request_handler -> local_handler -> request_handler
* local_handler -> fastcgi_handler -> request_handler
* request_handler -> rp_handler -> request_handler
* proxy_handler -> ws_handler -> request_handler

15
docs/example.conf → doc/example.conf
View File

@@ -1,19 +1,24 @@
certificate /var/cert/cert.pem
private_key /var/cert/cert.key
#geoip_dir /var/dir
#dns_server 192.168.0.1
[localhost]
[cert cert1]
certificate /var/cert/cert.pem
private_key /var/cert/cert.key
[host localhost]
webroot /var/www/localhost
dir_mode forbidden
cert cert1
[me.local]
[host me.local]
hostname www.example.com
port 80
cert cert1
http
[secure.local]
[host secure.local]
hostname www.example.com
port 443
cert cert1
https

134
src/async.c Normal file
View File

@@ -0,0 +1,134 @@
/**
* Sesimos - secure, simple, modern web server
* @brief Async handler
* @file src/async.c
* @author Lorenz Stechauner
* @date 2022-12-28
*/
#include "async.h"
#include "logger.h"
#include <poll.h>
#include <signal.h>
#include <errno.h>
#include <memory.h>
#include <pthread.h>
typedef struct {
int fd;
short events;
int flags;
void (*cb)(void *);
void *arg;
void (*err_cb)(void *);
void *err_arg;
} evt_listen_t;
typedef struct {
int n;
evt_listen_t q[256];
} listen_queue_t;
static listen_queue_t listen1, listen2, *listen = &listen1;
static volatile sig_atomic_t alive = 1;
static pthread_t thread = -1;
static int async_add_to_queue(evt_listen_t *evt) {
// TODO locking
memcpy(&listen->q[listen->n++], evt, sizeof(*evt));
return 0;
}
int async(int fd, short events, int flags, void cb(void *), void *arg, void err_cb(void *), void *err_arg) {
struct pollfd fds[1] = {{.fd = fd, .events = events}};
evt_listen_t evt = {
.fd = fd,
.events = events,
.flags = flags,
.cb = cb,
.arg = arg,
.err_cb = err_cb,
.err_arg = err_arg,
};
// check, if fd is already ready
if (poll(fds, 1, 0) == 1) {
// fd already read
if (fds[0].revents & events) {
// specified event(s) occurred
cb(arg);
if (!(flags & ASYNC_KEEP))
return 0;
} else if (fds[0].revents & (POLLERR | POLLHUP | POLLNVAL)) {
// error occurred
err_cb(err_arg);
return 0;
}
}
int ret = async_add_to_queue(&evt);
if (ret == 0 && thread != -1)
pthread_kill(thread, SIGUSR1);
return ret;
}
void async_thread(void) {
int num_fds;
struct pollfd fds[256]; // TODO dynamic
thread = pthread_self();
// main event loop
while (alive) {
// swap listen queue
listen_queue_t *l = listen;
listen = (listen == &listen1) ? &listen2 : &listen1;
// fill fds with newly added queue entries
for (num_fds = 0; num_fds < l->n; num_fds++) {
fds[num_fds].fd = l->q[num_fds].fd;
fds[num_fds].events = l->q[num_fds].events;
}
if (poll(fds, num_fds, -1) < 0) {
if (errno == EINTR) {
// interrupt
errno = 0;
} else {
// other error
critical("Unable to poll for events");
return;
}
}
for (int i = 0; i < num_fds; i++) {
evt_listen_t *e = &l->q[i];
if (fds[i].revents & e->events) {
// specified event(s) occurred
e->cb(e->arg);
if (e->flags & ASYNC_KEEP)
async_add_to_queue(e);
} else if (fds[i].revents & (POLLERR | POLLHUP | POLLNVAL)) {
// error occurred
e->err_cb(e->err_arg);
} else {
// no event occurred
async_add_to_queue(e);
}
// reset errno to prevent strange behaviour
errno = 0;
}
// reset size of queue
l->n = 0;
}
}
void async_stop(void) {
alive = 0;
}

22
src/async.h Normal file
View File

@@ -0,0 +1,22 @@
/**
* Sesimos - secure, simple, modern web server
* @brief Async handler (header file)
* @file src/async.h
* @author Lorenz Stechauner
* @date 2022-12-28
*/
#ifndef SESIMOS_ASYNC_H
#define SESIMOS_ASYNC_H
#include <poll.h>
#define ASYNC_KEEP 1
int async(int fd, short events, int flags, void cb(void *), void *arg, void err_cb(void *), void *err_arg);
void async_thread(void);
void async_stop(void);
#endif //SESIMOS_ASYNC_H

390
src/cache_handler.c Normal file
View File

@@ -0,0 +1,390 @@
/**
* sesimos - secure, simple, modern web server
* @brief File cache implementation
* @file src/cache_handler.c
* @author Lorenz Stechauner
* @date 2020-12-19
*/
#include "server.h"
#include "logger.h"
#include "cache_handler.h"
#include "lib/utils.h"
#include "lib/compress.h"
#include "lib/config.h"
#include <stdio.h>
#include <magic.h>
#include <string.h>
#include <errno.h>
#include <openssl/evp.h>
#include <sys/mman.h>
#include <fcntl.h>
#include <semaphore.h>
#define CACHE_BUF_SIZE 16
static magic_t magic;
static pthread_t thread;
static sem_t sem_free, sem_used, sem_lock;
typedef struct {
int rd;
int wr;
cache_entry_t *msgs[CACHE_BUF_SIZE];
} buf_t;
static buf_t buffer;
static int magic_init(void) {
if ((magic = magic_open(MAGIC_MIME)) == NULL) {
critical("Unable to open magic cookie");
return 1;
}
if (magic_load(magic, CACHE_MAGIC_FILE) != 0) {
critical("Unable to load magic cookie: %s", magic_error(magic));
return 1;
}
return 0;
}
static void cache_free(void) {
for (int i = 0; i < CONFIG_MAX_HOST_CONFIG; i++) {
host_config_t *hc = &config.hosts[i];
if (hc->type == CONFIG_TYPE_UNSET) break;
if (hc->type != CONFIG_TYPE_LOCAL) continue;
munmap(hc->cache, sizeof(cache_t));
}
}
static cache_entry_t *cache_get_entry(cache_t *cache, const char *filename) {
// search entry
cache_entry_t *entry;
for (int i = 0; i < CACHE_ENTRIES; i++) {
entry = &cache->entries[i];
if (entry->filename[0] == 0) break;
if (strcmp(entry->filename, filename) == 0) {
// found
return entry;
}
}
// not found
return NULL;
}
static cache_entry_t *cache_get_new_entry(cache_t *cache) {
// search empty slot
cache_entry_t *entry;
for (int i = 0; i < CACHE_ENTRIES; i++) {
entry = &cache->entries[i];
if (entry->filename[0] == 0)
return entry;
}
// not found
return NULL;
}
static void cache_process_entry(cache_entry_t *entry) {
char buf[16384], comp_buf[16384], filename_comp_gz[256], filename_comp_br[256];
info("Hashing file %s", entry->filename);
EVP_MD_CTX *ctx = EVP_MD_CTX_new();
EVP_DigestInit(ctx, EVP_sha1());
FILE *file = fopen(entry->filename, "rb");
int compress = mime_is_compressible(entry->meta.type);
compress_ctx comp_ctx;
FILE *comp_file_gz = NULL, *comp_file_br = NULL;
if (compress) {
sprintf(buf, "%.*s/.sesimos", entry->webroot_len, entry->filename);
if (mkdir(buf, 0755) != 0 && errno != EEXIST) {
error("Unable to create directory %s", buf);
goto comp_err;
}
sprintf(buf, "%.*s/.sesimos/cache", entry->webroot_len, entry->filename);
if (mkdir(buf, 0700) != 0 && errno != EEXIST) {
error("Unable to create directory %s", buf);
goto comp_err;
}
errno = 0;
char *rel_path = entry->filename + entry->webroot_len + 1;
for (int j = 0; j < strlen(rel_path); j++) {
char ch = rel_path[j];
if (ch == '/') ch = '_';
buf[j] = ch;
}
buf[strlen(rel_path)] = 0;
int p_len_gz = snprintf(filename_comp_gz, sizeof(filename_comp_gz),
"%.*s/.sesimos/cache/%s.gz",
entry->webroot_len, entry->filename, buf);
int p_len_br = snprintf(filename_comp_br, sizeof(filename_comp_br),
"%.*s/.sesimos/cache/%s.br",
entry->webroot_len, entry->filename, buf);
if (p_len_gz < 0 || p_len_gz >= sizeof(filename_comp_gz) || p_len_br < 0 || p_len_br >= sizeof(filename_comp_br)) {
error("Unable to open cached file: File name for compressed file too long");
goto comp_err;
}
info("Compressing file %s", entry->filename);
comp_file_gz = fopen(filename_comp_gz, "wb");
comp_file_br = fopen(filename_comp_br, "wb");
if (comp_file_gz == NULL || comp_file_br == NULL) {
error("Unable to open cached file");
comp_err:
compress = 0;
} else {
if ((compress_init(&comp_ctx, COMPRESS_GZ | COMPRESS_BR)) != 0) {
error("Unable to init compression");
compress = 0;
fclose(comp_file_gz);
fclose(comp_file_br);
}
}
}
unsigned long read;
while ((read = fread(buf, 1, sizeof(buf), file)) > 0) {
EVP_DigestUpdate(ctx, buf, read);
if (compress) {
unsigned long avail_in, avail_out;
avail_in = read;
do {
avail_out = sizeof(comp_buf);
compress_compress_mode(&comp_ctx, COMPRESS_GZ, buf + read - avail_in, &avail_in, comp_buf, &avail_out, feof(file));
fwrite(comp_buf, 1, sizeof(comp_buf) - avail_out, comp_file_gz);
} while (avail_in != 0 || avail_out != sizeof(comp_buf));
avail_in = read;
do {
avail_out = sizeof(comp_buf);
compress_compress_mode(&comp_ctx, COMPRESS_BR, buf + read - avail_in, &avail_in, comp_buf, &avail_out, feof(file));
fwrite(comp_buf, 1, sizeof(comp_buf) - avail_out, comp_file_br);
} while (avail_in != 0 || avail_out != sizeof(comp_buf));
}
}
if (compress) {
compress_free(&comp_ctx);
fclose(comp_file_gz);
fclose(comp_file_br);
info("Finished compressing file %s", entry->filename);
strcpy(entry->meta.filename_comp_gz, filename_comp_gz);
strcpy(entry->meta.filename_comp_br, filename_comp_br);
} else {
memset(entry->meta.filename_comp_gz, 0, sizeof(entry->meta.filename_comp_gz));
memset(entry->meta.filename_comp_br, 0, sizeof(entry->meta.filename_comp_br));
}
unsigned int md_len;
unsigned char hash[EVP_MAX_MD_SIZE];
EVP_DigestFinal(ctx, hash, &md_len);
EVP_MD_CTX_free(ctx);
memset(entry->meta.etag, 0, sizeof(entry->meta.etag));
for (int j = 0; j < md_len; j++) {
sprintf(entry->meta.etag + j * 2, "%02x", hash[j]);
}
fclose(file);
entry->flags &= !CACHE_DIRTY;
info("Finished hashing file %s", entry->filename);
}
static void *cache_thread(void *arg) {
logger_set_name("cache");
while (server_alive) {
pthread_testcancel();
if (sem_wait(&sem_used) != 0) {
if (errno == EINTR) {
errno = 0;
continue;
} else {
error("Unable to lock semaphore");
errno = 0;
break;
}
}
cache_entry_t *entry = buffer.msgs[buffer.wr];
buffer.wr = (buffer.wr + 1) % CACHE_BUF_SIZE;
cache_process_entry(entry);
// unlock slot in buffer
sem_post(&sem_free);
}
cache_free();
return NULL;
}
int cache_init(void) {
char buf[512];
int ret, fd;
if ((ret = magic_init()) != 0)
return ret;
for (int i = 0; i < CONFIG_MAX_HOST_CONFIG; i++) {
host_config_t *hc = &config.hosts[i];
if (hc->type == CONFIG_TYPE_UNSET) break;
if (hc->type != CONFIG_TYPE_LOCAL) continue;
sprintf(buf, "%s/.sesimos/metadata", hc->local.webroot);
if ((fd = open(buf, O_CREAT | O_RDWR, 0600)) == -1) {
critical("Unable to open file %s", buf);
return 1;
}
if (ftruncate(fd, sizeof(cache_t)) == -1) {
critical("Unable to truncate file %s", buf);
return 1;
}
if ((hc->cache = mmap(NULL, sizeof(cache_t), PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0)) == NULL) {
critical("Unable to map file %s", buf);
close(fd);
return 1;
}
close(fd);
errno = 0;
}
// try to initialize all three semaphores
if (sem_init(&sem_lock, 0, 1) != 0 ||
sem_init(&sem_free, 0, 1) != 0 ||
sem_init(&sem_used, 0, 0) != 0)
{
critical("Unable to initialize semaphore");
return -1;
}
// initialize read/write heads
buffer.rd = 0;
buffer.wr = 0;
pthread_create(&thread, NULL, cache_thread, NULL);
return 0;
}
int cache_join(void) {
return pthread_join(thread, NULL);
}
static void cache_mark_entry_dirty(cache_entry_t *entry) {
if (entry->flags & CACHE_DIRTY)
return;
memset(entry->meta.etag, 0, sizeof(entry->meta.etag));
memset(entry->meta.filename_comp_gz, 0, sizeof(entry->meta.filename_comp_gz));
memset(entry->meta.filename_comp_br, 0, sizeof(entry->meta.filename_comp_br));
entry->flags |= CACHE_DIRTY;
try_again_free:
if (sem_wait(&sem_free) != 0) {
if (errno == EINTR) {
errno = 0;
goto try_again_free;
} else {
error("Unable to lock semaphore");
errno = 0;
}
return;
}
// try to lock buffer
try_again_lock:
if (sem_wait(&sem_lock) != 0) {
if (errno == EINTR) {
errno = 0;
goto try_again_lock;
} else {
error("Unable to lock semaphore");
errno = 0;
}
return;
}
// write to buffer
buffer.msgs[buffer.rd] = entry;
buffer.rd = (buffer.rd + 1) % CACHE_BUF_SIZE;
// unlock buffer
sem_post(&sem_lock);
// unlock slot in buffer for logger
sem_post(&sem_used);
}
static void cache_update_entry(cache_entry_t *entry, const char *filename, const char *webroot) {
struct stat statbuf;
stat(filename, &statbuf);
memcpy(&entry->meta.stat, &statbuf, sizeof(statbuf));
entry->webroot_len = (unsigned char) strlen(webroot);
strcpy(entry->filename, filename);
magic_setflags(magic, MAGIC_MIME_TYPE);
const char *type = magic_file(magic, filename);
char type_new[URI_TYPE_SIZE];
sprintf(type_new, "%s", type);
if (strncmp(type, "text/", 5) == 0) {
if (strcmp(filename + strlen(filename) - 4, ".css") == 0) {
sprintf(type_new, "text/css");
} else if (strcmp(filename + strlen(filename) - 3, ".js") == 0) {
sprintf(type_new, "application/javascript");
}
}
strcpy(entry->meta.type, type_new);
magic_setflags(magic, MAGIC_MIME_ENCODING);
strcpy(entry->meta.charset, magic_file(magic, filename));
cache_mark_entry_dirty(entry);
}
void cache_mark_dirty(cache_t *cache, const char *filename) {
cache_entry_t *entry = cache_get_entry(cache, filename);
if (entry) cache_mark_entry_dirty(entry);
}
void cache_init_uri(cache_t *cache, http_uri *uri) {
if (!uri->filename)
return;
cache_entry_t *entry = cache_get_entry(cache, uri->filename);
if (!entry) {
// no entry found -> create new entry
if ((entry = cache_get_new_entry(cache))) {
cache_update_entry(entry, uri->filename, uri->webroot);
uri->meta = &entry->meta;
} else {
warning("No empty cache entry slot found");
}
} else {
uri->meta = &entry->meta;
if (entry->flags & CACHE_DIRTY)
return;
// check, if file has changed
struct stat statbuf;
stat(uri->filename, &statbuf);
if (memcmp(&uri->meta->stat.st_mtime, &statbuf.st_mtime, sizeof(statbuf.st_mtime)) != 0) {
// modify time has changed
cache_update_entry(entry, uri->filename, uri->webroot);
}
}
}

44
src/cache_handler.h Normal file
View File

@@ -0,0 +1,44 @@
/**
* sesimos - secure, simple, modern web server
* @brief File cache implementation (header file)
* @file src/cache_handler.h
* @author Lorenz Stechauner
* @date 2020-12-19
*/
#ifndef SESIMOS_CACHE_HANDLER_H
#define SESIMOS_CACHE_HANDLER_H
#include "lib/uri.h"
#define CACHE_ENTRIES 1024
#define CACHE_DIRTY 1
#ifndef CACHE_MAGIC_FILE
# define CACHE_MAGIC_FILE "/usr/share/file/misc/magic.mgc"
#endif
typedef struct {
char filename[256];
unsigned char webroot_len;
unsigned char flags;
metadata_t meta;
} cache_entry_t;
typedef struct {
char sig[6];
unsigned char ver;
cache_entry_t entries[CACHE_ENTRIES];
} cache_t;
int cache_init(void);
int cache_join(void);
void cache_mark_dirty(cache_t *cache, const char *filename);
void cache_init_uri(cache_t *cache, http_uri *uri);
#endif //SESIMOS_CACHE_HANDLER_H

506
src/client.c
View File

@@ -1,22 +1,28 @@
/**
* Necronda Web Server
* Client connection and request handlers
* src/client.c
* Lorenz Stechauner, 2020-12-03
* sesimos - secure, simple, modern web server
* @brief Client connection and request handlers
* @file src/client.c
* @author Lorenz Stechauner
* @date 2020-12-03
*/
#include "defs.h"
#include "client.h"
#include "server.h"
#include "logger.h"
#include "lib/utils.h"
#include "lib/config.h"
#include "lib/sock.h"
#include "lib/http.h"
#include "lib/rev_proxy.h"
#include "lib/proxy.h"
#include "lib/fastcgi.h"
#include "lib/cache.h"
#include "cache_handler.h"
#include "lib/geoip.h"
#include "lib/compress.h"
#include "lib/websocket.h"
#include <string.h>
#include <sys/select.h>
#include <errno.h>
#include <unistd.h>
#include <openssl/ssl.h>
@@ -24,17 +30,12 @@
#include <signal.h>
#include <arpa/inet.h>
int server_keep_alive = 1;
struct timeval client_timeout = {.tv_sec = CLIENT_TIMEOUT, .tv_usec = 0};
int server_keep_alive;
char *log_client_prefix, *log_conn_prefix, *log_req_prefix, *client_geoip;
char *client_addr_str, *client_addr_str_ptr, *server_addr_str, *server_addr_str_ptr, *client_host_str;
struct timeval client_timeout;
static const char *color_table[] = {"\x1B[31m", "\x1B[32m", "\x1B[33m", "\x1B[34m", "\x1B[35m", "\x1B[36m"};
host_config *get_host_config(const char *host) {
host_config_t *get_host_config(const char *host) {
for (int i = 0; i < CONFIG_MAX_HOST_CONFIG; i++) {
host_config *hc = &config->hosts[i];
host_config_t *hc = &config.hosts[i];
if (hc->type == CONFIG_TYPE_UNSET) break;
if (strcmp(hc->name, host) == 0) return hc;
if (hc->name[0] == '*' && hc->name[1] == '.') {
@@ -45,60 +46,54 @@ host_config *get_host_config(const char *host) {
return NULL;
}
void client_terminate() {
/*
void client_terminate(int _) {
server_keep_alive = 0;
}
*/
int client_websocket_handler() {
// TODO implement client_websocket_handler
return 0;
}
int client_request_handler(sock *client, unsigned long client_num, unsigned int req_num) {
int client_request_handler(client_ctx_t *cctx) {
sock *client = &cctx->socket;
struct timespec begin, end;
long ret;
int client_keep_alive;
char buf0[1024], buf1[1024];
char msg_buf[8192], msg_pre_buf_1[4096], msg_pre_buf_2[4096], err_msg[256];
char msg_content[1024];
char buffer[CHUNK_SIZE];
char host[256], *host_ptr, *hdr_connection;
char host[256];
const char *host_ptr, *hdr_connection;
char log_req_prefix[512];
msg_buf[0] = 0;
err_msg[0] = 0;
msg_content[0] = 0;
host_config *conf = NULL;
host_config_t *conf = NULL;
FILE *file = NULL;
long content_length = 0;
int accept_if_modified_since = 0;
int use_fastcgi = 0;
int use_rev_proxy = 0;
int use_proxy = 0;
int p_len;
fastcgi_conn fcgi_conn = {.socket = 0, .req_id = 0};
fastcgi_conn fcgi_conn = {.socket = 0, .req_id = 0, .ctx = cctx};
http_status custom_status;
http_res res = {.version = "1.1", .status = http_get_status(501), .hdr.field_num = 0};
http_status_ctx ctx = {.status = 0, .origin = NONE};
http_res res = {.version = "1.1", .status = http_get_status(501), .hdr.field_num = 0, .hdr.last_field_num = -1};
http_status_ctx ctx = {.status = 0, .origin = NONE, .ws_key = NULL};
clock_gettime(CLOCK_MONOTONIC, &begin);
fd_set socket_fds;
FD_ZERO(&socket_fds);
FD_SET(client->socket, &socket_fds);
client_timeout.tv_sec = CLIENT_TIMEOUT;
client_timeout.tv_usec = 0;
ret = select(client->socket + 1, &socket_fds, NULL, NULL, &client_timeout);
ret = sock_poll_read(&client, NULL, NULL, 1, NULL, NULL, CLIENT_TIMEOUT * 1000);
http_add_header_field(&res.hdr, "Date", http_get_date(buf0, sizeof(buf0)));
http_add_header_field(&res.hdr, "Server", SERVER_STR);
if (ret <= 0) {
if (errno != 0) {
return 1;
}
client_keep_alive = 0;
if (errno != 0) return 1;
cctx->c_keep_alive = 0;
res.status = http_get_status(408);
goto respond;
}
@@ -107,7 +102,7 @@ int client_request_handler(sock *client, unsigned long client_num, unsigned int
http_req req;
ret = http_receive_request(client, &req);
if (ret != 0) {
client_keep_alive = 0;
cctx->c_keep_alive = 0;
if (ret < 0) {
goto abort;
} else if (ret == 1) {
@@ -126,8 +121,7 @@ int client_request_handler(sock *client, unsigned long client_num, unsigned int
}
hdr_connection = http_get_header_field(&req.hdr, "Connection");
client_keep_alive = hdr_connection != NULL &&
(strcmp(hdr_connection, "keep-alive") == 0 || strcmp(hdr_connection, "Keep-Alive") == 0);
cctx->c_keep_alive = (hdr_connection != NULL && (strstr(hdr_connection, "keep-alive") != NULL || strstr(hdr_connection, "Keep-Alive") != NULL));
host_ptr = http_get_header_field(&req.hdr, "Host");
if (host_ptr != NULL && strlen(host_ptr) > 255) {
host[0] = 0;
@@ -135,10 +129,10 @@ int client_request_handler(sock *client, unsigned long client_num, unsigned int
sprintf(err_msg, "Host header field is too long.");
goto respond;
} else if (host_ptr == NULL || strchr(host_ptr, '/') != NULL) {
if (strchr(client_addr_str, ':') == NULL) {
strcpy(host, client_addr_str);
if (strchr(cctx->addr, ':') == NULL) {
strcpy(host, cctx->addr);
} else {
sprintf(host, "[%s]", client_addr_str);
sprintf(host, "[%s]", cctx->addr);
}
res.status = http_get_status(400);
sprintf(err_msg, "The client provided no or an invalid Host header field.");
@@ -147,13 +141,12 @@ int client_request_handler(sock *client, unsigned long client_num, unsigned int
strcpy(host, host_ptr);
}
sprintf(log_req_prefix, "[%6i][%s%*s%s]%s ", getpid(), BLD_STR, INET6_ADDRSTRLEN, host, CLR_STR, log_client_prefix);
log_prefix = log_req_prefix;
print(BLD_STR "%s %s" CLR_STR, req.method, req.uri);
logger_set_prefix("[%s%*s%s]%s", BLD_STR, INET6_ADDRSTRLEN, host, CLR_STR, cctx->log_prefix);
info(BLD_STR "%s %s", req.method, req.uri);
conf = get_host_config(host);
if (conf == NULL) {
print("Host unknown, redirecting to default");
info("Unknown host, redirecting to default");
res.status = http_get_status(307);
sprintf(buf0, "https://%s%s", DEFAULT_HOST, req.uri);
http_add_header_field(&res.hdr, "Location", buf0);
@@ -161,7 +154,7 @@ int client_request_handler(sock *client, unsigned long client_num, unsigned int
}
http_uri uri;
unsigned char dir_mode = conf->type == CONFIG_TYPE_LOCAL ? conf->local.dir_mode : URI_DIR_MODE_NO_VALIDATION;
unsigned char dir_mode = (conf->type == CONFIG_TYPE_LOCAL ? conf->local.dir_mode : URI_DIR_MODE_NO_VALIDATION);
ret = uri_init(&uri, conf->local.webroot, req.uri, dir_mode);
if (ret != 0) {
if (ret == 1) {
@@ -185,13 +178,12 @@ int client_request_handler(sock *client, unsigned long client_num, unsigned int
int change_proto = strncmp(uri.uri, "/.well-known/", 13) != 0 && !client->enc;
if (strcmp(uri.uri, buf0) != 0 || change_proto) {
res.status = http_get_status(308);
size = sizeof(buf0);
url_encode(uri.uri, buf0, &size);
size = url_encode(uri.uri, strlen(uri.uri), buf0, sizeof(buf0));
if (change_proto) {
p_len = snprintf(buf1, sizeof(buf1), "https://%s%s", host, buf0);
if (p_len < 0 || p_len >= sizeof(buf1)) {
res.status = http_get_status(500);
print(ERR_STR "Header field 'Location' too long" CLR_STR);
error("Header field 'Location' too long");
goto respond;
}
http_add_header_field(&res.hdr, "Location", buf1);
@@ -207,22 +199,15 @@ int client_request_handler(sock *client, unsigned long client_num, unsigned int
goto respond;
}
if (http_get_header_field(&req.hdr, "Transfer-Encoding") != NULL) {
sprintf(err_msg, "This server is unable to process requests with the Transfer-Encoding header field.");
res.status = http_get_status(501);
goto respond;
}
if (conf->type == CONFIG_TYPE_LOCAL) {
if (strcmp(req.method, "TRACE") == 0) {
res.status = http_get_status(200);
http_add_header_field(&res.hdr, "Content-Type", "message/http");
content_length = snprintf(msg_buf, sizeof(msg_buf) - content_length, "%s %s HTTP/%s\r\n",
req.method, req.uri, req.version);
content_length = snprintf(msg_buf, sizeof(msg_buf) - content_length, "%s %s HTTP/%s\r\n", req.method, req.uri, req.version);
for (int i = 0; i < req.hdr.field_num; i++) {
content_length += snprintf(msg_buf + content_length, sizeof(msg_buf) - content_length, "%s: %s\r\n",
req.hdr.fields[i][0], req.hdr.fields[i][1]);
const http_field *f = &req.hdr.fields[i];
content_length += snprintf(msg_buf + content_length, sizeof(msg_buf) - content_length, "%s: %s\r\n", http_field_get_name(f), http_field_get_value(f));
}
goto respond;
@@ -261,31 +246,27 @@ int client_request_handler(sock *client, unsigned long client_num, unsigned int
goto respond;
}
if (http_get_header_field(&req.hdr, "Content-Length") != NULL) {
if (http_get_header_field(&req.hdr, "Content-Length") != NULL || http_get_header_field(&req.hdr, "Transfer-Encoding") != NULL) {
res.status = http_get_status(400);
sprintf(err_msg, "A GET request must not contain a payload");
goto respond;
}
ret = uri_cache_init(&uri);
if (ret != 0) {
res.status = http_get_status(500);
sprintf(err_msg, "Unable to communicate with internal file cache.");
goto respond;
}
char *last_modified = http_format_date(uri.meta->stat.st_mtime, buf0, sizeof(buf0));
cache_init_uri(conf->cache, &uri);
const char *last_modified = http_format_date(uri.meta->stat.st_mtime, buf0, sizeof(buf0));
http_add_header_field(&res.hdr, "Last-Modified", last_modified);
sprintf(buf1, "%s; charset=%s", uri.meta->type, uri.meta->charset);
http_add_header_field(&res.hdr, "Content-Type", buf1);
char *accept_encoding = http_get_header_field(&req.hdr, "Accept-Encoding");
const char *accept_encoding = http_get_header_field(&req.hdr, "Accept-Encoding");
int enc = 0;
if (accept_encoding != NULL) {
if (uri.meta->filename_comp_br[0] != 0 && strstr(accept_encoding, "br") != NULL) {
file = fopen(uri.meta->filename_comp_br, "rb");
if (file == NULL) {
cache_filename_comp_invalid(uri.filename);
cache_mark_dirty(conf->cache, uri.filename);
} else {
http_add_header_field(&res.hdr, "Content-Encoding", "br");
enc = COMPRESS_BR;
@@ -293,7 +274,7 @@ int client_request_handler(sock *client, unsigned long client_num, unsigned int
} else if (uri.meta->filename_comp_gz[0] != 0 && strstr(accept_encoding, "gzip") != NULL) {
file = fopen(uri.meta->filename_comp_gz, "rb");
if (file == NULL) {
cache_filename_comp_invalid(uri.filename);
cache_mark_dirty(conf->cache, uri.filename);
} else {
http_add_header_field(&res.hdr, "Content-Encoding", "gzip");
enc = COMPRESS_GZ;
@@ -306,8 +287,7 @@ int client_request_handler(sock *client, unsigned long client_num, unsigned int
if (uri.meta->etag[0] != 0) {
if (enc) {
sprintf(buf0, "%s-%s", uri.meta->etag,
(enc & COMPRESS_BR) ? "br" : (enc & COMPRESS_GZ) ? "gzip" : "");
sprintf(buf0, "%s-%s", uri.meta->etag, (enc & COMPRESS_BR) ? "br" : (enc & COMPRESS_GZ) ? "gzip" : "");
http_add_header_field(&res.hdr, "ETag", buf0);
} else {
http_add_header_field(&res.hdr, "ETag", uri.meta->etag);
@@ -320,16 +300,16 @@ int client_request_handler(sock *client, unsigned long client_num, unsigned int
http_add_header_field(&res.hdr, "Cache-Control", "public, max-age=86400");
}
char *if_modified_since = http_get_header_field(&req.hdr, "If-Modified-Since");
char *if_none_match = http_get_header_field(&req.hdr, "If-None-Match");
const char *if_modified_since = http_get_header_field(&req.hdr, "If-Modified-Since");
const char *if_none_match = http_get_header_field(&req.hdr, "If-None-Match");
if ((if_none_match != NULL && strstr(if_none_match, uri.meta->etag) == NULL) ||
(accept_if_modified_since && if_modified_since != NULL &&
strcmp(if_modified_since, last_modified) == 0)) {
(accept_if_modified_since && if_modified_since != NULL && strcmp(if_modified_since, last_modified) == 0))
{
res.status = http_get_status(304);
goto respond;
}
char *range = http_get_header_field(&req.hdr, "Range");
const char *range = http_get_header_field(&req.hdr, "Range");
if (range != NULL) {
if (strlen(range) <= 6 || strncmp(range, "bytes=", 6) != 0) {
res.status = http_get_status(416);
@@ -383,12 +363,12 @@ int client_request_handler(sock *client, unsigned long client_num, unsigned int
} else {
int mode;
if (strcmp(uri.filename + strlen(uri.filename) - 4, ".ncr") == 0) {
mode = FASTCGI_NECRONDA;
mode = FASTCGI_SESIMOS;
} else if (strcmp(uri.filename + strlen(uri.filename) - 4, ".php") == 0) {
mode = FASTCGI_PHP;
} else {
res.status = http_get_status(500);
print(ERR_STR "Invalid FastCGI extension: %s" CLR_STR, uri.filename);
error("Invalid FastCGI extension: %s", uri.filename);
goto respond;
}
@@ -398,25 +378,30 @@ int client_request_handler(sock *client, unsigned long client_num, unsigned int
http_add_header_field(&res.hdr, "Last-Modified", last_modified);
res.status = http_get_status(200);
if (fastcgi_init(&fcgi_conn, mode, client_num, req_num, client, &req, &uri) != 0) {
if (fastcgi_init(&fcgi_conn, mode, 0 /* TODO */, cctx->req_num, client, &req, &uri) != 0) {
res.status = http_get_status(503);
sprintf(err_msg, "Unable to communicate with FastCGI socket.");
goto respond;
}
char *client_content_length = http_get_header_field(&req.hdr, "Content-Length");
const char *client_content_length = http_get_header_field(&req.hdr, "Content-Length");
const char *client_transfer_encoding = http_get_header_field(&req.hdr, "Transfer-Encoding");
if (client_content_length != NULL) {
unsigned long client_content_len = strtoul(client_content_length, NULL, 10);
ret = fastcgi_receive(&fcgi_conn, client, client_content_len);
if (ret != 0) {
if (ret < 0) {
goto abort;
} else {
sprintf(err_msg, "Unable to communicate with FastCGI socket.");
}
res.status = http_get_status(502);
goto respond;
} else if (client_transfer_encoding != NULL && strstr(client_transfer_encoding, "chunked") != NULL) {
ret = fastcgi_receive_chunked(&fcgi_conn, client);
} else {
ret = 0;
}
if (ret != 0) {
if (ret < 0) {
goto abort;
} else {
sprintf(err_msg, "Unable to communicate with FastCGI socket.");
}
res.status = http_get_status(502);
goto respond;
}
fastcgi_close_stdin(&fcgi_conn);
@@ -426,7 +411,7 @@ int client_request_handler(sock *client, unsigned long client_num, unsigned int
goto respond;
}
char *status = http_get_header_field(&res.hdr, "Status");
const char *status = http_get_header_field(&res.hdr, "Status");
if (status != NULL) {
int status_code = (int) strtoul(status, NULL, 10);
res.status = http_get_status(status_code);
@@ -485,39 +470,57 @@ int client_request_handler(sock *client, unsigned long client_num, unsigned int
}
}
} else if (conf->type == CONFIG_TYPE_REVERSE_PROXY) {
print("Reverse proxy for " BLD_STR "%s:%i" CLR_STR, conf->rev_proxy.hostname, conf->rev_proxy.port);
info("Reverse proxy for " BLD_STR "%s:%i" CLR_STR, conf->proxy.hostname, conf->proxy.port);
http_remove_header_field(&res.hdr, "Date", HTTP_REMOVE_ALL);
http_remove_header_field(&res.hdr, "Server", HTTP_REMOVE_ALL);
ret = rev_proxy_init(&req, &res, &ctx, conf, client, &custom_status, err_msg);
use_rev_proxy = (ret == 0);
ret = proxy_init(&req, &res, &ctx, conf, client, cctx, &custom_status, err_msg);
use_proxy = (ret == 0);
if (res.status->code == 101) {
const char *connection = http_get_header_field(&res.hdr, "Connection");
const char *upgrade = http_get_header_field(&res.hdr, "Upgrade");
if (connection != NULL && upgrade != NULL &&
(strstr(connection, "upgrade") != NULL || strstr(connection, "Upgrade") != NULL) &&
strcmp(upgrade, "websocket") == 0)
{
const char *ws_accept = http_get_header_field(&res.hdr, "Sec-WebSocket-Accept");
if (ws_calc_accept_key(ctx.ws_key, buf0) == 0) {
use_proxy = (strcmp(buf0, ws_accept) == 0) ? 2 : 1;
}
} else {
ctx.status = 101;
ctx.origin = INTERNAL;
res.status = http_get_status(501);
}
}
// Let 300 be formatted by origin server
if (use_rev_proxy && res.status->code >= 301 && res.status->code < 600) {
if (use_proxy && res.status->code >= 301 && res.status->code < 600) {
const char *content_type = http_get_header_field(&res.hdr, "Content-Type");
const char *content_length_f = http_get_header_field(&res.hdr, "Content-Length");
const char *content_encoding = http_get_header_field(&res.hdr, "Content-Encoding");
if (content_encoding == NULL && content_type != NULL && content_length_f != NULL &&
strncmp(content_type, "text/html", 9) == 0)
{
if (content_encoding == NULL && content_type != NULL && content_length_f != NULL && strncmp(content_type, "text/html", 9) == 0) {
long content_len = strtol(content_length_f, NULL, 10);
if (content_len <= sizeof(msg_content) - 1) {
ctx.status = res.status->code;
ctx.origin = res.status->code >= 400 ? SERVER : NONE;
use_rev_proxy = 0;
rev_proxy_dump(msg_content, content_len);
if (ctx.status != 101) {
ctx.status = res.status->code;
ctx.origin = res.status->code >= 400 ? SERVER : NONE;
}
use_proxy = 0;
proxy_dump(msg_content, content_len);
}
}
}
/*
char *content_encoding = http_get_header_field(&res.hdr, "Content-Encoding");
if (use_rev_proxy && content_encoding == NULL) {
if (use_proxy && content_encoding == NULL) {
int http_comp = http_get_compression(&req, &res);
if (http_comp & COMPRESS_BR) {
use_rev_proxy |= REV_PROXY_COMPRESS_BR;
use_proxy |= PROXY_COMPRESS_BR;
} else if (http_comp & COMPRESS_GZ) {
use_rev_proxy |= REV_PROXY_COMPRESS_GZ;
use_proxy |= PROXY_COMPRESS_GZ;
}
}
@@ -525,21 +528,21 @@ int client_request_handler(sock *client, unsigned long client_num, unsigned int
int chunked = transfer_encoding != NULL && strcmp(transfer_encoding, "chunked") == 0;
http_remove_header_field(&res.hdr, "Transfer-Encoding", HTTP_REMOVE_ALL);
ret = sprintf(buf0, "%s%s%s",
(use_rev_proxy & REV_PROXY_COMPRESS_BR) ? "br" :
((use_rev_proxy & REV_PROXY_COMPRESS_GZ) ? "gzip" : ""),
((use_rev_proxy & REV_PROXY_COMPRESS) && chunked) ? ", " : "",
(use_proxy & PROXY_COMPRESS_BR) ? "br" :
((use_proxy & PROXY_COMPRESS_GZ) ? "gzip" : ""),
((use_proxy & PROXY_COMPRESS) && chunked) ? ", " : "",
chunked ? "chunked" : "");
if (ret > 0) {
http_add_header_field(&res.hdr, "Transfer-Encoding", buf0);
}
*/
} else {
print(ERR_STR "Unknown host type: %i" CLR_STR, conf->type);
error("Unknown host type: %i", conf->type);
res.status = http_get_status(501);
}
respond:
if (!use_rev_proxy) {
if (!use_proxy) {
if (conf != NULL && conf->type == CONFIG_TYPE_LOCAL && uri.is_static && res.status->code == 405) {
http_add_header_field(&res.hdr, "Allow", "GET, HEAD, TRACE");
}
@@ -561,20 +564,24 @@ int client_request_handler(sock *client, unsigned long client_num, unsigned int
const http_doc_info *info = http_get_status_info(res.status);
const http_status_msg *http_msg = http_get_error_msg(res.status);
if (res.status->code >= 300 && res.status->code < 400 && msg_content[0] == 0) {
const char *location = http_get_header_field(&res.hdr, "Location");
if (location != NULL) {
snprintf(msg_content, sizeof(msg_content),
"<ul>\n\t<li><a href=\"%1$s\">%1$s</a></li>\n</ul>\n", location);
if (msg_content[0] == 0) {
if (res.status->code >= 300 && res.status->code < 400) {
const char *location = http_get_header_field(&res.hdr, "Location");
if (location != NULL) {
snprintf(msg_content, sizeof(msg_content), "<ul>\n\t<li><a href=\"%s\">%s</a></li>\n</ul>\n", location, location);
}
}
} else if (strncmp(msg_content, "<!DOCTYPE html>", 15) == 0 || strncmp(msg_content, "<html", 5) == 0) {
msg_content[0] = 0;
// TODO let relevant information pass?
}
char *rev_proxy_doc = "";
char *proxy_doc = "";
if (conf != NULL && conf->type == CONFIG_TYPE_REVERSE_PROXY) {
const http_status *status = http_get_status(ctx.status);
char stat_str[8];
sprintf(stat_str, "%03i", ctx.status);
sprintf(msg_pre_buf_2, http_rev_proxy_document,
sprintf(msg_pre_buf_2, http_proxy_document,
" success",
(ctx.origin == CLIENT_REQ) ? " error" : " success",
(ctx.origin == INTERNAL) ? " error" : " success",
@@ -589,53 +596,65 @@ int client_request_handler(sock *client, unsigned long client_num, unsigned int
(ctx.status == 0) ? "???" : stat_str,
(status != NULL) ? status->msg : "",
host);
rev_proxy_doc = msg_pre_buf_2;
proxy_doc = msg_pre_buf_2;
}
sprintf(msg_pre_buf_1, info->doc, res.status->code, res.status->msg,
http_msg != NULL ? http_msg->msg : "", err_msg[0] != 0 ? err_msg : "");
sprintf(msg_pre_buf_1, info->doc, res.status->code, res.status->msg, http_msg != NULL ? http_msg->msg : "", err_msg[0] != 0 ? err_msg : "");
content_length = snprintf(msg_buf, sizeof(msg_buf), http_default_document, res.status->code,
res.status->msg, msg_pre_buf_1, info->mode, info->icon, info->color, host,
rev_proxy_doc, msg_content[0] != 0 ? msg_content : "");
proxy_doc, msg_content[0] != 0 ? msg_content : "");
}
if (content_length >= 0) {
sprintf(buf0, "%li", content_length);
http_remove_header_field(&res.hdr, "Content-Length", HTTP_REMOVE_ALL);
http_add_header_field(&res.hdr, "Content-Length", buf0);
} else if (http_get_header_field(&res.hdr, "Transfer-Encoding") == NULL) {
server_keep_alive = 0;
cctx->s_keep_alive = 0;
}
}
char *conn = http_get_header_field(&res.hdr, "Connection");
int close_proxy = conn == NULL || (strcmp(conn, "keep-alive") != 0 && strcmp(conn, "Keep-Alive") != 0);
http_remove_header_field(&res.hdr, "Connection", HTTP_REMOVE_ALL);
http_remove_header_field(&res.hdr, "Keep-Alive", HTTP_REMOVE_ALL);
if (server_keep_alive && client_keep_alive) {
http_add_header_field(&res.hdr, "Connection", "keep-alive");
sprintf(buf0, "timeout=%i, max=%i", CLIENT_TIMEOUT, REQ_PER_CONNECTION);
http_add_header_field(&res.hdr, "Keep-Alive", buf0);
} else {
http_add_header_field(&res.hdr, "Connection", "close");
int close_proxy = 0;
if (use_proxy != 2) {
const char *conn = http_get_header_field(&res.hdr, "Connection");
close_proxy = (conn == NULL || (strstr(conn, "keep-alive") == NULL && strstr(conn, "Keep-Alive") == NULL));
http_remove_header_field(&res.hdr, "Connection", HTTP_REMOVE_ALL);
http_remove_header_field(&res.hdr, "Keep-Alive", HTTP_REMOVE_ALL);
if (cctx->s_keep_alive && cctx->c_keep_alive) {
http_add_header_field(&res.hdr, "Connection", "keep-alive");
sprintf(buf0, "timeout=%i, max=%i", CLIENT_TIMEOUT, REQ_PER_CONNECTION);
http_add_header_field(&res.hdr, "Keep-Alive", buf0);
} else {
http_add_header_field(&res.hdr, "Connection", "close");
}
}
http_send_response(client, &res);
clock_gettime(CLOCK_MONOTONIC, &end);
char *location = http_get_header_field(&res.hdr, "Location");
const char *location = http_get_header_field(&res.hdr, "Location");
unsigned long micros = (end.tv_nsec - begin.tv_nsec) / 1000 + (end.tv_sec - begin.tv_sec) * 1000000;
print("%s%s%03i %s%s%s (%s)%s", http_get_status_color(res.status), use_rev_proxy ? "-> " : "", res.status->code,
res.status->msg, location != NULL ? " -> " : "", location != NULL ? location : "",
format_duration(micros, buf0), CLR_STR);
info("%s%s%03i %s%s%s (%s)%s", http_get_status_color(res.status), use_proxy ? "-> " : "", res.status->code,
res.status->msg, location != NULL ? " -> " : "", location != NULL ? location : "",
format_duration(micros, buf0), CLR_STR);
// TODO access/error log file
if (strcmp(req.method, "HEAD") != 0) {
if (use_proxy == 2) {
// WebSocket
info("Upgrading connection to WebSocket connection");
ret = ws_handle_connection(client, &proxy);
if (ret != 0) {
cctx->c_keep_alive = 0;
close_proxy = 1;
}
info("WebSocket connection closed");
} else if (strcmp(req.method, "HEAD") != 0) {
// default response
unsigned long snd_len = 0;
unsigned long len;
if (msg_buf[0] != 0) {
ret = sock_send(client, msg_buf, content_length, 0);
if (ret <= 0) {
print(ERR_STR "Unable to send: %s" CLR_STR, sock_strerror(client));
error("Unable to send: %s", sock_strerror(client));
}
snd_len += ret;
} else if (file != NULL) {
@@ -646,44 +665,44 @@ int client_request_handler(sock *client, unsigned long client_num, unsigned int
}
ret = sock_send(client, buffer, len, feof(file) ? 0 : MSG_MORE);
if (ret <= 0) {
print(ERR_STR "Unable to send: %s" CLR_STR, sock_strerror(client));
error("Unable to send: %s", sock_strerror(client));
break;
}
snd_len += ret;
}
} else if (use_fastcgi) {
char *transfer_encoding = http_get_header_field(&res.hdr, "Transfer-Encoding");
int chunked = transfer_encoding != NULL && strcmp(transfer_encoding, "chunked") == 0;
const char *transfer_encoding = http_get_header_field(&res.hdr, "Transfer-Encoding");
int chunked = (transfer_encoding != NULL && strstr(transfer_encoding, "chunked") != NULL);
int flags = (chunked ? FASTCGI_CHUNKED : 0) | (use_fastcgi & (FASTCGI_COMPRESS | FASTCGI_COMPRESS_HOLD));
ret = fastcgi_send(&fcgi_conn, client, flags);
} else if (use_rev_proxy) {
char *transfer_encoding = http_get_header_field(&res.hdr, "Transfer-Encoding");
} else if (use_proxy) {
const char *transfer_encoding = http_get_header_field(&res.hdr, "Transfer-Encoding");
int chunked = transfer_encoding != NULL && strstr(transfer_encoding, "chunked") != NULL;
char *content_len = http_get_header_field(&res.hdr, "Content-Length");
const char *content_len = http_get_header_field(&res.hdr, "Content-Length");
unsigned long len_to_send = 0;
if (content_len != NULL) {
len_to_send = strtol(content_len, NULL, 10);
}
int flags = (chunked ? REV_PROXY_CHUNKED : 0) | (use_rev_proxy & REV_PROXY_COMPRESS);
ret = rev_proxy_send(client, len_to_send, flags);
int flags = (chunked ? PROXY_CHUNKED : 0) | (use_proxy & PROXY_COMPRESS);
ret = proxy_send(client, len_to_send, flags);
}
if (ret < 0) {
client_keep_alive = 0;
cctx->c_keep_alive = 0;
}
}
if (close_proxy && rev_proxy.socket != 0) {
print(BLUE_STR "Closing proxy connection" CLR_STR);
sock_close(&rev_proxy);
if (close_proxy && proxy.socket != 0) {
info(BLUE_STR "Closing proxy connection");
sock_close(&proxy);
}
clock_gettime(CLOCK_MONOTONIC, &end);
micros = (end.tv_nsec - begin.tv_nsec) / 1000 + (end.tv_sec - begin.tv_sec) * 1000000;
print("Transfer complete: %s", format_duration(micros, buf0));
info("Transfer complete: %s", format_duration(micros, buf0));
uri_free(&uri);
abort:
@@ -694,33 +713,28 @@ int client_request_handler(sock *client, unsigned long client_num, unsigned int
}
http_free_req(&req);
http_free_res(&res);
if (client->buf != NULL) {
free(client->buf);
client->buf = NULL;
client->buf_off = 0;
client->buf_len = 0;
}
return !client_keep_alive;
return 0;
}
int client_connection_handler(sock *client, unsigned long client_num) {
int client_connection_handler(client_ctx_t *ctx, unsigned long client_num, const char *restrict log_conn_prefix, const char *restrict log_client_prefix) {
struct timespec begin, end;
int ret, req_num;
int ret;
char buf[1024];
sock *client = &ctx->socket;
clock_gettime(CLOCK_MONOTONIC, &begin);
if (dns_server[0] != 0) {
sprintf(buf, "dig @%s +short +time=1 -x %s", dns_server, client_addr_str);
if (config.dns_server[0] != 0) {
sprintf(buf, "dig @%s +short +time=1 -x %s", config.dns_server, ctx->addr);
FILE *dig = popen(buf, "r");
if (dig == NULL) {
print(ERR_STR "Unable to start dig: %s" CLR_STR "\n", strerror(errno));
error("Unable to start dig: %s", strerror(errno));
goto dig_err;
}
unsigned long read = fread(buf, 1, sizeof(buf), dig);
ret = pclose(dig);
if (ret != 0) {
print(ERR_STR "Dig terminated with exit code %i" CLR_STR "\n", ret);
error("Dig terminated with exit code %i", ret);
goto dig_err;
}
char *ptr = memchr(buf, '\n', read);
@@ -728,73 +742,24 @@ int client_connection_handler(sock *client, unsigned long client_num) {
goto dig_err;
}
ptr[-1] = 0;
client_host_str = malloc(strlen(buf) + 1);
strcpy(client_host_str, buf);
strncpy(ctx->host, buf, sizeof(ctx->host));
} else {
dig_err:
client_host_str = NULL;
ctx->host[0] = 0;
}
client_geoip = malloc(GEOIP_MAX_SIZE);
long str_off = 0;
for (int i = 0; i < MAX_MMDB && mmdbs[i].filename != NULL; i++) {
int gai_error, mmdb_res;
MMDB_lookup_result_s result = MMDB_lookup_string(&mmdbs[i], client_addr_str, &gai_error, &mmdb_res);
if (mmdb_res != MMDB_SUCCESS) {
print(ERR_STR "Unable to lookup geoip info: %s" CLR_STR "\n", MMDB_strerror(mmdb_res));
continue;
} else if (gai_error != 0) {
print(ERR_STR "Unable to lookup geoip info" CLR_STR "\n");
continue;
} else if (!result.found_entry) {
continue;
}
ctx->cc[0] = 0;
geoip_lookup_country(&client->addr.sock, ctx->cc);
MMDB_entry_data_list_s *list;
mmdb_res = MMDB_get_entry_data_list(&result.entry, &list);
if (mmdb_res != MMDB_SUCCESS) {
print(ERR_STR "Unable to lookup geoip info: %s" CLR_STR "\n", MMDB_strerror(mmdb_res));
continue;
}
info("Connection accepted from %s %s%s%s[%s]", ctx->addr, ctx->host[0] != 0 ? "(" : "",
ctx->host[0] != 0 ? ctx->host : "", ctx->host[0] != 0 ? ") " : "",
ctx->cc[0] != 0 ? ctx->cc : "N/A");
long prev = str_off;
if (str_off != 0) {
str_off--;
}
mmdb_json(list, client_geoip, &str_off, GEOIP_MAX_SIZE);
if (prev != 0) {
client_geoip[prev - 1] = ',';
}
MMDB_free_entry_data_list(list);
}
char client_cc[3];
client_cc[0] = 0;
if (str_off == 0) {
free(client_geoip);
client_geoip = NULL;
} else {
char *pos = client_geoip;
pos = strstr(pos, "\"country\":");
if (pos != NULL) {
pos = strstr(pos, "\"iso_code\":");
pos += 12;
snprintf(client_cc, sizeof(client_cc), "%s", pos);
}
}
print("Connection accepted from %s %s%s%s[%s]", client_addr_str, client_host_str != NULL ? "(" : "",
client_host_str != NULL ? client_host_str : "", client_host_str != NULL ? ") " : "",
client_cc[0] != 0 ? client_cc : "N/A");
client_timeout.tv_sec = CLIENT_TIMEOUT;
client_timeout.tv_usec = 0;
if (setsockopt(client->socket, SOL_SOCKET, SO_RCVTIMEO, &client_timeout, sizeof(client_timeout)) < 0)
goto set_timeout_err;
if (setsockopt(client->socket, SOL_SOCKET, SO_SNDTIMEO, &client_timeout, sizeof(client_timeout)) < 0) {
set_timeout_err:
print(ERR_STR "Unable to set timeout for socket: %s" CLR_STR, strerror(errno));
struct timeval client_timeout = {.tv_sec = CLIENT_TIMEOUT, .tv_usec = 0};
if (setsockopt(client->socket, SOL_SOCKET, SO_RCVTIMEO, &client_timeout, sizeof(client_timeout)) == -1 ||
setsockopt(client->socket, SOL_SOCKET, SO_SNDTIMEO, &client_timeout, sizeof(client_timeout)) == -1)
{
error("Unable to set timeout for socket");
return 1;
}
@@ -808,91 +773,72 @@ int client_connection_handler(sock *client, unsigned long client_num) {
client->_errno = errno;
client->_ssl_error = ERR_get_error();
if (ret <= 0) {
print(ERR_STR "Unable to perform handshake: %s" CLR_STR, sock_strerror(client));
error("Unable to perform handshake: %s", sock_strerror(client));
ret = -1;
goto close;
}
}
req_num = 0;
ret = 0;
while (ret == 0 && server_keep_alive && req_num < REQ_PER_CONNECTION) {
ret = client_request_handler(client, client_num, req_num++);
log_prefix = log_conn_prefix;
int req_num = 0;
ctx->s_keep_alive = 1;
ctx->c_keep_alive = 1;
while (ctx->c_keep_alive && ctx->s_keep_alive && req_num < REQ_PER_CONNECTION) {
ret = client_request_handler(ctx);
logger_set_prefix(log_conn_prefix);
}
close:
sock_close(client);
if (rev_proxy.socket != 0) {
print(BLUE_STR "Closing proxy connection" CLR_STR);
sock_close(&rev_proxy);
if (proxy.socket != 0) {
info(BLUE_STR "Closing proxy connection");
sock_close(&proxy);
}
clock_gettime(CLOCK_MONOTONIC, &end);
unsigned long micros = (end.tv_nsec - begin.tv_nsec) / 1000 + (end.tv_sec - begin.tv_sec) * 1000000;
print("Connection closed (%s)", format_duration(micros, buf));
info("Connection closed (%s)", format_duration(micros, buf));
return 0;
}
int client_handler(sock *client, unsigned long client_num, struct sockaddr_in6 *client_addr) {
int ret;
void *client_handler(client_ctx_t *ctx) {
struct sockaddr_in6 *server_addr;
struct sockaddr_storage server_addr_storage;
char log_client_prefix[256], log_conn_prefix[512];
char *color_table[] = {"\x1B[31m", "\x1B[32m", "\x1B[33m", "\x1B[34m", "\x1B[35m", "\x1B[36m"};
logger_set_name("client");
signal(SIGINT, client_terminate);
signal(SIGTERM, client_terminate);
//signal(SIGINT, client_terminate);
//signal(SIGTERM, client_terminate);
client_addr_str_ptr = malloc(INET6_ADDRSTRLEN);
inet_ntop(client_addr->sin6_family, (void *) &client_addr->sin6_addr, client_addr_str_ptr, INET6_ADDRSTRLEN);
if (strncmp(client_addr_str_ptr, "::ffff:", 7) == 0) {
client_addr_str = client_addr_str_ptr + 7;
inet_ntop(ctx->socket.addr.ipv6.sin6_family, &ctx->socket.addr.ipv6.sin6_addr, ctx->_c_addr, sizeof(ctx->_c_addr));
if (strncmp(ctx->_c_addr, "::ffff:", 7) == 0) {
ctx->addr = ctx->_c_addr + 7;
} else {
client_addr_str = client_addr_str_ptr;
ctx->addr = ctx->_c_addr;
}
socklen_t len = sizeof(server_addr_storage);
getsockname(client->socket, (struct sockaddr *) &server_addr_storage, &len);
getsockname(ctx->socket.socket, (struct sockaddr *) &server_addr_storage, &len);
server_addr = (struct sockaddr_in6 *) &server_addr_storage;
server_addr_str_ptr = malloc(INET6_ADDRSTRLEN);
inet_ntop(server_addr->sin6_family, (void *) &server_addr->sin6_addr, server_addr_str_ptr, INET6_ADDRSTRLEN);
if (strncmp(server_addr_str_ptr, "::ffff:", 7) == 0) {
server_addr_str = server_addr_str_ptr + 7;
inet_ntop(server_addr->sin6_family, (void *) &server_addr->sin6_addr, ctx->_s_addr, sizeof(ctx->_s_addr));
if (strncmp(ctx->_s_addr, "::ffff:", 7) == 0) {
ctx->s_addr = ctx->_s_addr + 7;
} else {
server_addr_str = server_addr_str_ptr;
ctx->s_addr = ctx->_s_addr;
}
log_req_prefix = malloc(256);
log_client_prefix = malloc(256);
sprintf(log_client_prefix, "[%s%4i%s]%s[%*s][%5i]%s", (int) client->enc ? HTTPS_STR : HTTP_STR,
ntohs(server_addr->sin6_port), CLR_STR, color_table[client_num % 6], INET6_ADDRSTRLEN, client_addr_str,
ntohs(client_addr->sin6_port), CLR_STR);
sprintf(log_client_prefix, "[%s%4i%s]%s[%*s][%5i]%s", (int) ctx->socket.enc ? HTTPS_STR : HTTP_STR,
ntohs(server_addr->sin6_port), CLR_STR, color_table[0], INET6_ADDRSTRLEN, ctx->addr,
ntohs(ctx->socket.addr.ipv6.sin6_port), CLR_STR);
log_conn_prefix = malloc(256);
sprintf(log_conn_prefix, "[%6i][%*s]%s ", getpid(), INET6_ADDRSTRLEN, server_addr_str, log_client_prefix);
log_prefix = log_conn_prefix;
sprintf(log_conn_prefix, "[%*s]%s", INET6_ADDRSTRLEN, ctx->s_addr, log_client_prefix);
logger_set_prefix(log_conn_prefix);
print("Started child process with PID %i", getpid());
info("Started thread");
ret = client_connection_handler(client, client_num);
client_connection_handler(ctx, 0, log_conn_prefix, log_client_prefix);
free(client_addr_str_ptr);
client_addr_str_ptr = NULL;
free(server_addr_str_ptr);
server_addr_str_ptr = NULL;
if (client_host_str != NULL) {
free(client_host_str);
client_host_str = NULL;
}
free(log_conn_prefix);
log_conn_prefix = NULL;
free(log_req_prefix);
log_req_prefix = NULL;
free(log_client_prefix);
log_client_prefix = NULL;
return ret;
return NULL;
}

32
src/client.h Normal file
View File

@@ -0,0 +1,32 @@
/**
* sesimos - secure, simple, modern web server
* @brief Client connection and request handlers (header file)
* @file src/client.h
* @author Lorenz Stechauner
* @date 2022-08-16
*/
#ifndef SESIMOS_CLIENT_H
#define SESIMOS_CLIENT_H
#include "lib/config.h"
#include "lib/sock.h"
#include <arpa/inet.h>
typedef struct {
sock socket;
int req_num;
char *addr, *s_addr;
unsigned char in_use: 1, s_keep_alive:1, c_keep_alive:1;
char cc[3], host[256];
char log_prefix[512];
char _c_addr[INET6_ADDRSTRLEN + 1], _s_addr[INET6_ADDRSTRLEN + 1];
struct timespec begin, end;
} client_ctx_t;
host_config_t *get_host_config(const char *host);
int client_request_handler(client_ctx_t *cctx);
#endif //SESIMOS_CLIENT_H

26
src/defs.h Normal file
View File

@@ -0,0 +1,26 @@
/**
* sesimos - secure, simple, modern web server
* @brief Definitions
* @file src/defs.h
* @author Lorenz Stechauner
* @date 2021-05-04
*/
#ifndef SESIMOS_DEF_H
#define SESIMOS_DEF_H
#define SERVER_VERSION "4.6"
#define SERVER_STR "Sesimos/" SERVER_VERSION
#define SERVER_STR_HTML "Sesimos&nbsp;web&nbsp;server&nbsp;" SERVER_VERSION
#define CHUNK_SIZE 8192
#ifndef DEFAULT_HOST
# define DEFAULT_HOST "www.necronda.net"
#endif
#ifndef SERVER_NAME
# define SERVER_NAME DEFAULT_HOST
#endif
#endif //SESIMOS_DEF_H

397
src/lib/cache.c
View File

@@ -1,397 +0,0 @@
/**
* Necronda Web Server
* File cache implementation
* src/lib/cache.c
* Lorenz Stechauner, 2020-12-19
*/
#include "cache.h"
#include "utils.h"
#include "compress.h"
#include <stdio.h>
#include <magic.h>
#include <sys/ipc.h>
#include <sys/shm.h>
#include <string.h>
#include <errno.h>
#include <signal.h>
#include <openssl/sha.h>
#include <malloc.h>
int cache_continue = 1;
magic_t magic;
cache_entry *cache;
int magic_init() {
magic = magic_open(MAGIC_MIME);
if (magic == NULL) {
fprintf(stderr, ERR_STR "Unable to open magic cookie: %s" CLR_STR "\n", strerror(errno));
return -1;
}
if (magic_load(magic, CACHE_MAGIC_FILE) != 0) {
fprintf(stderr, ERR_STR "Unable to load magic cookie: %s" CLR_STR "\n", magic_error(magic));
return -2;
}
return 0;
}
void cache_process_term() {
cache_continue = 0;
}
int cache_process() {
signal(SIGINT, cache_process_term);
signal(SIGTERM, cache_process_term);
int shm_id = shmget(CACHE_SHM_KEY, CACHE_ENTRIES * sizeof(cache_entry), 0);
if (shm_id < 0) {
fprintf(stderr, ERR_STR "Unable to create shared memory: %s" CLR_STR "\n", strerror(errno));
return -1;
}
shmdt(cache);
void *shm_rw = shmat(shm_id, NULL, 0);
if (shm_rw == (void *) -1) {
fprintf(stderr, ERR_STR "Unable to attach shared memory (rw): %s" CLR_STR "\n", strerror(errno));
return -2;
}
cache = shm_rw;
if (mkdir("/var/necronda/", 0755) < 0 && errno != EEXIST) {
fprintf(stderr, ERR_STR "Unable to create directory '/var/necronda/': %s" CLR_STR "\n", strerror(errno));
return -3;
}
if (mkdir("/var/necronda/server/", 0755) < 0 && errno != EEXIST) {
fprintf(stderr, ERR_STR "Unable to create directory '/var/necronda/server/': %s" CLR_STR "\n", strerror(errno));
return -3;
}
FILE *cache_file = fopen("/var/necronda/server/cache", "rb");
if (cache_file != NULL) {
fread(cache, sizeof(cache_entry), CACHE_ENTRIES, cache_file);
fclose(cache_file);
}
for (int i = 0; i < CACHE_ENTRIES; i++) {
cache[i].is_updating = 0;
}
FILE *file;
char *buf = malloc(CACHE_BUF_SIZE);
char *comp_buf = malloc(CACHE_BUF_SIZE);
char filename_comp_gz[256];
char filename_comp_br[256];
unsigned long read;
int compress;
SHA_CTX ctx;
unsigned char hash[SHA_DIGEST_LENGTH];
int cache_changed = 0;
int p_len_gz, p_len_br;
int ret;
while (cache_continue) {
for (int i = 0; i < CACHE_ENTRIES; i++) {
if (cache[i].filename[0] != 0 && cache[i].meta.etag[0] == 0 && !cache[i].is_updating) {
cache[i].is_updating = 1;
fprintf(stdout, "[cache] Hashing file %s\n", cache[i].filename);
SHA1_Init(&ctx);
file = fopen(cache[i].filename, "rb");
compress = mime_is_compressible(cache[i].meta.type);
compress_ctx comp_ctx;
FILE *comp_file_gz = NULL;
FILE *comp_file_br = NULL;
if (compress) {
sprintf(buf, "%.*s/.necronda-server", cache[i].webroot_len, cache[i].filename);
if (mkdir(buf, 0755) != 0 && errno != EEXIST) {
fprintf(stderr, ERR_STR "Unable to create directory %s: %s" CLR_STR "\n", buf, strerror(errno));
goto comp_err;
}
sprintf(buf, "%.*s/.necronda-server/cache", cache[i].webroot_len, cache[i].filename);
if (mkdir(buf, 0700) != 0 && errno != EEXIST) {
fprintf(stderr, ERR_STR "Unable to create directory %s: %s" CLR_STR "\n", buf, strerror(errno));
goto comp_err;
}
char *rel_path = cache[i].filename + cache[i].webroot_len + 1;
for (int j = 0; j < strlen(rel_path); j++) {
char ch = rel_path[j];
if (ch == '/') ch = '_';
buf[j] = ch;
}
buf[strlen(rel_path)] = 0;
p_len_gz = snprintf(filename_comp_gz, sizeof(filename_comp_gz),
"%.*s/.necronda-server/cache/%s.gz",
cache[i].webroot_len, cache[i].filename, buf);
p_len_br = snprintf(filename_comp_br, sizeof(filename_comp_br),
"%.*s/.necronda-server/cache/%s.br",
cache[i].webroot_len, cache[i].filename, buf);
if (p_len_gz < 0 || p_len_gz >= sizeof(filename_comp_gz) ||
p_len_br < 0 || p_len_br >= sizeof(filename_comp_br))
{
fprintf(stderr, ERR_STR "Unable to open cached file: "
"File name for compressed file too long" CLR_STR "\n");
goto comp_err;
}
fprintf(stdout, "[cache] Compressing file %s\n", cache[i].filename);
comp_file_gz = fopen(filename_comp_gz, "wb");
comp_file_br = fopen(filename_comp_br, "wb");
if (comp_file_gz == NULL || comp_file_br == NULL) {
fprintf(stderr, ERR_STR "Unable to open cached file: %s" CLR_STR "\n", strerror(errno));
comp_err:
compress = 0;
} else {
ret = compress_init(&comp_ctx, COMPRESS_GZ | COMPRESS_BR);
if (ret != 0) {
fprintf(stderr, ERR_STR "Unable to init compression: %s" CLR_STR "\n", strerror(errno));
compress = 0;
fclose(comp_file_gz);
fclose(comp_file_br);
}
}
}
while ((read = fread(buf, 1, CACHE_BUF_SIZE, file)) > 0) {
SHA1_Update(&ctx, buf, read);
if (compress) {
unsigned long avail_in, avail_out;
avail_in = read;
do {
avail_out = CACHE_BUF_SIZE;
compress_compress_mode(&comp_ctx, COMPRESS_GZ,buf + read - avail_in, &avail_in,
comp_buf, &avail_out, feof(file));
fwrite(comp_buf, 1, CACHE_BUF_SIZE - avail_out, comp_file_gz);
} while (avail_in != 0 || avail_out != CACHE_BUF_SIZE);
avail_in = read;
do {
avail_out = CACHE_BUF_SIZE;
compress_compress_mode(&comp_ctx, COMPRESS_BR, buf + read - avail_in, &avail_in,
comp_buf, &avail_out, feof(file));
fwrite(comp_buf, 1, CACHE_BUF_SIZE - avail_out, comp_file_br);
} while (avail_in != 0 || avail_out != CACHE_BUF_SIZE);
}
}
if (compress) {
compress_free(&comp_ctx);
fclose(comp_file_gz);
fclose(comp_file_br);
fprintf(stdout, "[cache] Finished compressing file %s\n", cache[i].filename);
strcpy(cache[i].meta.filename_comp_gz, filename_comp_gz);
strcpy(cache[i].meta.filename_comp_br, filename_comp_br);
} else {
memset(cache[i].meta.filename_comp_gz, 0, sizeof(cache[i].meta.filename_comp_gz));
memset(cache[i].meta.filename_comp_br, 0, sizeof(cache[i].meta.filename_comp_br));
}
SHA1_Final(hash, &ctx);
memset(cache[i].meta.etag, 0, sizeof(cache[i].meta.etag));
for (int j = 0; j < SHA_DIGEST_LENGTH; j++) {
sprintf(cache[i].meta.etag + j * 2, "%02x", hash[j]);
}
fclose(file);
fprintf(stdout, "[cache] Finished hashing file %s\n", cache[i].filename);
cache[i].is_updating = 0;
cache_changed = 1;
}
}
if (cache_changed) {
cache_changed = 0;
cache_file = fopen("/var/necronda/server/cache", "wb");
if (cache_file == NULL) {
fprintf(stderr, ERR_STR "Unable to open cache file: %s" CLR_STR "\n", strerror(errno));
free(buf);
free(comp_buf);
return -1;
}
fwrite(cache, sizeof(cache_entry), CACHE_ENTRIES, cache_file);
fclose(cache_file);
} else {
sleep(1);
}
}
free(buf);
free(comp_buf);
return 0;
}
int cache_init() {
if (magic_init() != 0) {
return -1;
}
int shm_id = shmget(CACHE_SHM_KEY, CACHE_ENTRIES * sizeof(cache_entry), IPC_CREAT | IPC_EXCL | 0600);
if (shm_id < 0) {
fprintf(stderr, ERR_STR "Unable to create shared memory: %s" CLR_STR "\n", strerror(errno));
return -2;
}
void *shm = shmat(shm_id, NULL, SHM_RDONLY);
if (shm == (void *) -1) {
fprintf(stderr, ERR_STR "Unable to attach shared memory (ro): %s" CLR_STR "\n", strerror(errno));
return -3;
}
cache = shm;
void *shm_rw = shmat(shm_id, NULL, 0);
if (shm_rw == (void *) -1) {
fprintf(stderr, ERR_STR "Unable to attach shared memory (rw): %s" CLR_STR "\n", strerror(errno));
return -4;
}
cache = shm_rw;
memset(cache, 0, CACHE_ENTRIES * sizeof(cache_entry));
shmdt(shm_rw);
cache = shm;
pid_t pid = fork();
if (pid == 0) {
// child
if (cache_process() == 0) {
return 0;
} else {
return -6;
}
} else if (pid > 0) {
// parent
fprintf(stderr, "Started child process with PID %i as cache-updater\n", pid);
return pid;
} else {
fprintf(stderr, ERR_STR "Unable to create child process: %s" CLR_STR "\n", strerror(errno));
return -5;
}
}
int cache_unload() {
int shm_id = shmget(CACHE_SHM_KEY, 0, 0);
if (shm_id < 0) {
fprintf(stderr, ERR_STR "Unable to get shared memory id: %s" CLR_STR "\n", strerror(errno));
shmdt(cache);
return -1;
} else if (shmctl(shm_id, IPC_RMID, NULL) < 0) {
fprintf(stderr, ERR_STR "Unable to configure shared memory: %s" CLR_STR "\n", strerror(errno));
shmdt(cache);
return -1;
}
shmdt(cache);
return 0;
}
int cache_update_entry(int entry_num, const char *filename, const char *webroot) {
void *cache_ro = cache;
int shm_id = shmget(CACHE_SHM_KEY, 0, 0);
void *shm_rw = shmat(shm_id, NULL, 0);
if (shm_rw == (void *) -1) {
print(ERR_STR "Unable to attach shared memory (rw): %s" CLR_STR, strerror(errno));
return -1;
}
cache = shm_rw;
struct stat statbuf;
stat(filename, &statbuf);
memcpy(&cache[entry_num].meta.stat, &statbuf, sizeof(statbuf));
cache[entry_num].webroot_len = (unsigned char) strlen(webroot);
strcpy(cache[entry_num].filename, filename);
magic_setflags(magic, MAGIC_MIME_TYPE);
const char *type = magic_file(magic, filename);
char type_new[24];
sprintf(type_new, "%s", type);
if (strncmp(type, "text/", 5) == 0) {
if (strcmp(filename + strlen(filename) - 4, ".css") == 0) {
sprintf(type_new, "text/css");
} else if (strcmp(filename + strlen(filename) - 3, ".js") == 0) {
sprintf(type_new, "application/javascript");
}
}
strcpy(cache[entry_num].meta.type, type_new);
magic_setflags(magic, MAGIC_MIME_ENCODING);
strcpy(cache[entry_num].meta.charset, magic_file(magic, filename));
memset(cache[entry_num].meta.etag, 0, sizeof(cache[entry_num].meta.etag));
memset(cache[entry_num].meta.filename_comp_gz, 0, sizeof(cache[entry_num].meta.filename_comp_gz));
memset(cache[entry_num].meta.filename_comp_br, 0, sizeof(cache[entry_num].meta.filename_comp_br));
cache[entry_num].is_updating = 0;
shmdt(shm_rw);
cache = cache_ro;
return 0;
}
int cache_filename_comp_invalid(const char *filename) {
void *cache_ro = cache;
int shm_id = shmget(CACHE_SHM_KEY, 0, 0);
void *shm_rw = shmat(shm_id, NULL, 0);
if (shm_rw == (void *) -1) {
print(ERR_STR "Unable to attach shared memory (rw): %s" CLR_STR, strerror(errno));
return -1;
}
cache = shm_rw;
int i;
for (i = 0; i < CACHE_ENTRIES; i++) {
if (cache[i].filename[0] != 0 && strlen(cache[i].filename) == strlen(filename) &&
strcmp(cache[i].filename, filename) == 0) {
if (cache[i].is_updating) {
return 0;
} else {
break;
}
}
}
memset(cache[i].meta.etag, 0, sizeof(cache[i].meta.etag));
memset(cache[i].meta.filename_comp_gz, 0, sizeof(cache[i].meta.filename_comp_gz));
memset(cache[i].meta.filename_comp_br, 0, sizeof(cache[i].meta.filename_comp_br));
cache[i].is_updating = 0;
shmdt(shm_rw);
cache = cache_ro;
return 0;
}
int uri_cache_init(http_uri *uri) {
if (uri->filename == NULL) {
return 0;
}
int i;
for (i = 0; i < CACHE_ENTRIES; i++) {
if (cache[i].filename[0] != 0 && strlen(cache[i].filename) == strlen(uri->filename) &&
strcmp(cache[i].filename, uri->filename) == 0) {
uri->meta = &cache[i].meta;
if (cache[i].is_updating) {
return 0;
} else {
break;
}
}
}
if (uri->meta == NULL) {
for (i = 0; i < CACHE_ENTRIES; i++) {
if (cache[i].filename[0] == 0) {
if (cache_update_entry(i, uri->filename, uri->webroot) != 0) {
return -1;
}
uri->meta = &cache[i].meta;
break;
}
}
} else {
struct stat statbuf;
stat(uri->filename, &statbuf);
if (memcmp(&uri->meta->stat.st_mtime, &statbuf.st_mtime, sizeof(statbuf.st_mtime)) != 0) {
if (cache_update_entry(i, uri->filename, uri->webroot) != 0) {
return -1;
}
}
}
return 0;
}

49
src/lib/cache.h
View File

@@ -1,49 +0,0 @@
/**
* Necronda Web Server
* File cache implementation (header file)
* src/lib/cache.h
* Lorenz Stechauner, 2020-12-19
*/
#ifndef NECRONDA_SERVER_CACHE_H
#define NECRONDA_SERVER_CACHE_H
#include "uri.h"
#define CACHE_SHM_KEY 255641
#define CACHE_ENTRIES 1024
#define CACHE_BUF_SIZE 16384
#ifndef CACHE_MAGIC_FILE
# define CACHE_MAGIC_FILE "/usr/share/file/misc/magic.mgc"
#endif
typedef struct {
char filename[256];
unsigned char webroot_len;
unsigned char is_updating:1;
meta_data meta;
} cache_entry;
extern cache_entry *cache;
extern int cache_continue;
int magic_init();
void cache_process_term();
int cache_process();
int cache_init();
int cache_unload();
int cache_update_entry(int entry_num, const char *filename, const char *webroot);
int cache_filename_comp_invalid(const char *filename);
int uri_cache_init(http_uri *uri);
#endif //NECRONDA_SERVER_CACHE_H

41
src/lib/compress.c
View File

@@ -1,26 +1,26 @@
/**
* Necronda Web Server
* Compression interface
* src/lib/compress.c
* Lorenz Stechauner, 2021-05-05
* sesimos - secure, simple, modern web server
* @brief Compression interface
* @file src/lib/compress.c
* @author Lorenz Stechauner
* @date 2021-05-05
*/
#include "compress.h"
#include <malloc.h>
#include <errno.h>
int compress_init(compress_ctx *ctx, int mode) {
ctx->gzip = NULL;
ctx->brotli = NULL;
ctx->mode = 0;
int ret;
if (mode & COMPRESS_GZ) {
ctx->mode |= COMPRESS_GZ;
ctx->gzip = malloc(sizeof(z_stream));
ctx->gzip->zalloc = Z_NULL;
ctx->gzip->zfree = Z_NULL;
ctx->gzip->opaque = Z_NULL;
ret = deflateInit2(ctx->gzip, COMPRESS_LEVEL_GZIP, Z_DEFLATED, 15 + 16, 9, Z_DEFAULT_STRATEGY);
ctx->gzip.zalloc = Z_NULL;
ctx->gzip.zfree = Z_NULL;
ctx->gzip.opaque = Z_NULL;
ret = deflateInit2(&ctx->gzip, COMPRESS_LEVEL_GZIP, Z_DEFLATED, 15 + 16, 9, Z_DEFAULT_STRATEGY);
if (ret != Z_OK) return -1;
}
if (mode & COMPRESS_BR) {
@@ -46,13 +46,13 @@ int compress_compress_mode(compress_ctx *ctx, int mode, const char *in, unsigned
errno = EINVAL;
return -1;
} else if (mode & COMPRESS_GZ) {
ctx->gzip->next_in = (unsigned char*) in;
ctx->gzip->avail_in = *in_len;
ctx->gzip->next_out = (unsigned char*) out;
ctx->gzip->avail_out = *out_len;
int ret = deflate(ctx->gzip, finish ? Z_FINISH : Z_NO_FLUSH);
*in_len = ctx->gzip->avail_in;
*out_len = ctx->gzip->avail_out;
ctx->gzip.next_in = (unsigned char*) in;
ctx->gzip.avail_in = *in_len;
ctx->gzip.next_out = (unsigned char*) out;
ctx->gzip.avail_out = *out_len;
int ret = deflate(&ctx->gzip, finish ? Z_FINISH : Z_NO_FLUSH);
*in_len = ctx->gzip.avail_in;
*out_len = ctx->gzip.avail_out;
return ret;
} else if (mode & COMPRESS_BR) {
int ret = BrotliEncoderCompressStream(ctx->brotli, finish ? BROTLI_OPERATION_FINISH : BROTLI_OPERATION_PROCESS,
@@ -65,11 +65,6 @@ int compress_compress_mode(compress_ctx *ctx, int mode, const char *in, unsigned
}
int compress_free(compress_ctx *ctx) {
if (ctx->gzip != NULL) {
deflateEnd(ctx->gzip);
free(ctx->gzip);
ctx->gzip = NULL;
}
if (ctx->brotli != NULL) {
BrotliEncoderDestroyInstance(ctx->brotli);
ctx->brotli = NULL;

23
src/lib/compress.h
View File

@@ -1,12 +1,13 @@
/**
* Necronda Web Server
* Compression interface (header file)
* src/lib/compress.h
* Lorenz Stechauner, 2021-05-05
* sesimos - secure, simple, modern web server
* @brief Compression interface (header file)
* @file src/lib/compress.h
* @author Lorenz Stechauner
* @date 2021-05-05
*/
#ifndef NECRONDA_SERVER_COMPRESS_H
#define NECRONDA_SERVER_COMPRESS_H
#ifndef SESIMOS_COMPRESS_H
#define SESIMOS_COMPRESS_H
#include <zlib.h>
#include <brotli/encode.h>
@@ -20,18 +21,16 @@
typedef struct {
int mode;
z_stream *gzip;
z_stream gzip;
BrotliEncoderState *brotli;
} compress_ctx;
int compress_init(compress_ctx *ctx, int mode);
int compress_compress(compress_ctx *ctx, const char *in, unsigned long *in_len, char *out, unsigned long *out_len,
int finish);
int compress_compress(compress_ctx *ctx, const char *in, unsigned long *in_len, char *out, unsigned long *out_len, int finish);
int compress_compress_mode(compress_ctx *ctx, int mode, const char *in, unsigned long *in_len, char *out,
unsigned long *out_len, int finish);
int compress_compress_mode(compress_ctx *ctx, int mode, const char *in, unsigned long *in_len, char *out, unsigned long *out_len, int finish);
int compress_free(compress_ctx *ctx);
#endif //NECRONDA_SERVER_COMPRESS_H
#endif //SESIMOS_COMPRESS_H

144
src/lib/config.c
View File

@@ -1,94 +1,46 @@
/**
* Necronda Web Server
* Configuration file loader
* src/lib/config.c
* Lorenz Stechauner, 2021-01-05
* sesimos - secure, simple, modern web server
* @brief Configuration file loader
* @file src/lib/config.c
* @author Lorenz Stechauner
* @date 2021-01-05
*/
#include "../logger.h"
#include "config.h"
#include "utils.h"
#include <stdio.h>
#include <sys/ipc.h>
#include <sys/shm.h>
#include <string.h>
#include <errno.h>
#include <stdlib.h>
t_config *config;
char geoip_dir[256], dns_server[256];
int config_init() {
int shm_id = shmget(CONFIG_SHM_KEY, sizeof(t_config), IPC_CREAT | IPC_EXCL | 0640);
if (shm_id < 0) {
fprintf(stderr, ERR_STR "Unable to create shared memory: %s" CLR_STR "\n", strerror(errno));
return -1;
}
void *shm = shmat(shm_id, NULL, SHM_RDONLY);
if (shm == (void *) -1) {
fprintf(stderr, ERR_STR "Unable to attach shared memory (ro): %s" CLR_STR "\n", strerror(errno));
return -2;
}
config = shm;
void *shm_rw = shmat(shm_id, NULL, 0);
if (shm_rw == (void *) -1) {
fprintf(stderr, ERR_STR "Unable to attach shared memory (rw): %s" CLR_STR "\n", strerror(errno));
return -3;
}
config = shm_rw;
memset(config, 0, sizeof(t_config));
shmdt(shm_rw);
config = shm;
return 0;
}
int config_unload() {
int shm_id = shmget(CONFIG_SHM_KEY, 0, 0);
if (shm_id < 0) {
fprintf(stderr, ERR_STR "Unable to get shared memory id: %s" CLR_STR "\n", strerror(errno));
shmdt(config);
return -1;
} else if (shmctl(shm_id, IPC_RMID, NULL) < 0) {
fprintf(stderr, ERR_STR "Unable to configure shared memory: %s" CLR_STR "\n", strerror(errno));
shmdt(config);
return -1;
}
shmdt(config);
return 0;
}
config_t config;
int config_load(const char *filename) {
FILE *file = fopen(filename, "r");
if (file == NULL) {
fprintf(stderr, ERR_STR "Unable to open config file: %s" CLR_STR "\n", strerror(errno));
critical("Unable to open config file");
return -1;
}
fseek(file, 0, SEEK_END);
unsigned long len = ftell(file);
fseek(file, 0, SEEK_SET);
char *conf = alloca(len + 1);
fread(conf, 1, len, file);
conf[len] = 0;
fclose(file);
t_config *tmp_config = malloc(sizeof(t_config));
memset(tmp_config, 0, sizeof(t_config));
memset(&config, 0, sizeof(config));
int i = 0;
int j = 0;
int line = 0;
int line_num = 0;
int mode = 0;
char section = 0;
char *ptr = NULL;
char *source, *target;
while ((ptr = strsep(&conf, "\r\n")) != NULL) {
line++;
char *comment = strchr(ptr, '#');
char *line = NULL;
ssize_t read;
size_t line_len = 0;
while ((read = getline(&line, &line_len, file)) != -1) {
line_num++;
char *ptr = line;
char *comment = strpbrk(ptr, "#\r\n");
if (comment != NULL) comment[0] = 0;
len = strlen(ptr);
unsigned long len = strlen(ptr);
char *end_ptr = ptr + len - 1;
while (end_ptr[0] == ' ' || end_ptr[0] == '\t') {
end_ptr[0] = 0;
@@ -106,7 +58,7 @@ int config_load(const char *filename) {
while (ptr[0] == ' ' || ptr[0] == '\t' || ptr[0] == ']') ptr++;
while (ptr[l] != ' ' && ptr[l] != '\t' && ptr[l] != ']') l++;
if (l == 0) goto err;
snprintf(tmp_config->hosts[i].name, sizeof(tmp_config->hosts[i].name), "%.*s", l, ptr);
snprintf(config.hosts[i].name, sizeof(config.hosts[i].name), "%.*s", l, ptr);
i++;
section = 'h';
} else if (strncmp(ptr, "cert", 4) == 0 && (ptr[4] == ' ' || ptr[4] == '\t')) {
@@ -114,7 +66,7 @@ int config_load(const char *filename) {
while (ptr[0] == ' ' || ptr[0] == '\t' || ptr[0] == ']') ptr++;
while (ptr[l] != ' ' && ptr[l] != '\t' && ptr[l] != ']') l++;
if (l == 0) goto err;
snprintf(tmp_config->certs[j].name, sizeof(tmp_config->certs[j].name), "%.*s", l, ptr);
snprintf(config.certs[j].name, sizeof(config.certs[j].name), "%.*s", l, ptr);
j++;
section = 'c';
} else {
@@ -124,15 +76,15 @@ int config_load(const char *filename) {
} else if (section == 0) {
if (len > 10 && strncmp(ptr, "geoip_dir", 9) == 0 && (ptr[9] == ' ' || ptr[9] == '\t')) {
source = ptr + 9;
target = geoip_dir;
target = config.geoip_dir;
} else if (len > 11 && strncmp(ptr, "dns_server", 10) == 0 && (ptr[10] == ' ' || ptr[10] == '\t')) {
source = ptr + 10;
target = dns_server;
target = config.dns_server;
} else {
goto err;
}
} else if (section == 'c') {
cert_config *cc = &tmp_config->certs[j - 1];
cert_config_t *cc = &config.certs[j - 1];
if (len > 12 && strncmp(ptr, "certificate", 11) == 0 && (ptr[11] == ' ' || ptr[11] == '\t')) {
source = ptr + 11;
target = cc->full_chain;
@@ -143,7 +95,7 @@ int config_load(const char *filename) {
goto err;
}
} else if (section == 'h') {
host_config *hc = &tmp_config->hosts[i - 1];
host_config_t *hc = &config.hosts[i - 1];
if (len > 8 && strncmp(ptr, "webroot", 7) == 0 && (ptr[7] == ' ' || ptr[7] == '\t')) {
source = ptr + 7;
target = hc->local.webroot;
@@ -166,7 +118,7 @@ int config_load(const char *filename) {
}
} else if (len > 9 && strncmp(ptr, "hostname", 8) == 0 && (ptr[8] == ' ' || ptr[8] == '\t')) {
source = ptr + 8;
target = hc->rev_proxy.hostname;
target = hc->proxy.hostname;
if (hc->type != 0 && hc->type != CONFIG_TYPE_REVERSE_PROXY) {
goto err;
} else {
@@ -186,7 +138,7 @@ int config_load(const char *filename) {
goto err;
} else {
hc->type = CONFIG_TYPE_REVERSE_PROXY;
hc->rev_proxy.enc = 0;
hc->proxy.enc = 0;
}
continue;
} else if (strcmp(ptr, "https") == 0) {
@@ -194,7 +146,7 @@ int config_load(const char *filename) {
goto err;
} else {
hc->type = CONFIG_TYPE_REVERSE_PROXY;
hc->rev_proxy.enc = 1;
hc->proxy.enc = 1;
}
continue;
} else {
@@ -207,8 +159,7 @@ int config_load(const char *filename) {
while (source[0] == ' ' || source[0] == '\t') source++;
if (strlen(source) == 0) {
err:
free(tmp_config);
fprintf(stderr, ERR_STR "Unable to parse config file (line %i)" CLR_STR "\n", line);
critical("Unable to parse config file (line %i)", line);
return -2;
}
@@ -216,23 +167,25 @@ int config_load(const char *filename) {
strcpy(target, source);
} else if (mode == 1) {
if (strcmp(source, "forbidden") == 0) {
tmp_config->hosts[i - 1].local.dir_mode = URI_DIR_MODE_FORBIDDEN;
config.hosts[i - 1].local.dir_mode = URI_DIR_MODE_FORBIDDEN;
} else if (strcmp(source, "info") == 0) {
tmp_config->hosts[i - 1].local.dir_mode = URI_DIR_MODE_INFO;
config.hosts[i - 1].local.dir_mode = URI_DIR_MODE_INFO;
} else if (strcmp(source, "list") == 0) {
tmp_config->hosts[i - 1].local.dir_mode = URI_DIR_MODE_LIST;
config.hosts[i - 1].local.dir_mode = URI_DIR_MODE_LIST;
} else {
goto err;
}
} else if (mode == 2) {
tmp_config->hosts[i - 1].rev_proxy.port = (unsigned short) strtoul(source, NULL, 10);
config.hosts[i - 1].proxy.port = (unsigned short) strtoul(source, NULL, 10);
}
}
free(line);
for (int k = 0; k < i; k++) {
host_config *hc = &tmp_config->hosts[k];
host_config_t *hc = &config.hosts[k];
if (hc->type == CONFIG_TYPE_LOCAL) {
char *webroot = tmp_config->hosts[k].local.webroot;
char *webroot = config.hosts[k].local.webroot;
if (webroot[strlen(webroot) - 1] == '/') {
webroot[strlen(webroot) - 1] = 0;
}
@@ -240,7 +193,7 @@ int config_load(const char *filename) {
if (hc->cert_name[0] == 0) goto err2;
int found = 0;
for (int m = 0; m < j; m++) {
if (strcmp(tmp_config->certs[m].name, hc->cert_name) == 0) {
if (strcmp(config.certs[m].name, hc->cert_name) == 0) {
hc->cert = m;
found = 1;
break;
@@ -248,27 +201,10 @@ int config_load(const char *filename) {
}
if (!found) {
err2:
free(tmp_config);
fprintf(stderr, ERR_STR "Unable to parse config file" CLR_STR "\n");
critical("Unable to parse config file");
return -2;
}
}
int shm_id = shmget(CONFIG_SHM_KEY, 0, 0);
if (shm_id < 0) {
fprintf(stderr, ERR_STR "Unable to get shared memory id: %s" CLR_STR "\n", strerror(errno));
shmdt(config);
return -3;
}
void *shm_rw = shmat(shm_id, NULL, 0);
if (shm_rw == (void *) -1) {
free(tmp_config);
fprintf(stderr, ERR_STR "Unable to attach shared memory (rw): %s" CLR_STR "\n", strerror(errno));
return -4;
}
memcpy(shm_rw, tmp_config, sizeof(t_config));
free(tmp_config);
shmdt(shm_rw);
return 0;
}

41
src/lib/config.h
View File

@@ -1,16 +1,17 @@
/**
* Necronda Web Server
* Configuration file loader (header file)
* src/lib/config.h
* Lorenz Stechauner, 2021-01-05
* sesimos - secure, simple, modern web server
* @brief Configuration file loader (header file)
* @file src/lib/config.h
* @author Lorenz Stechauner
* @date 2021-01-05
*/
#ifndef NECRONDA_SERVER_CONFIG_H
#define NECRONDA_SERVER_CONFIG_H
#ifndef SESIMOS_CONFIG_H
#define SESIMOS_CONFIG_H
#include "uri.h"
#include "../cache_handler.h"
#define CONFIG_SHM_KEY 255642
#define CONFIG_MAX_HOST_CONFIG 64
#define CONFIG_MAX_CERT_CONFIG 64
@@ -19,7 +20,7 @@
#define CONFIG_TYPE_REVERSE_PROXY 2
#ifndef DEFAULT_CONFIG_FILE
# define DEFAULT_CONFIG_FILE "/etc/necronda/server.conf"
# define DEFAULT_CONFIG_FILE "/etc/sesimos/server.conf"
#endif
@@ -28,37 +29,35 @@ typedef struct {
char name[256];
char cert_name[256];
int cert;
cache_t *cache;
union {
struct {
char hostname[256];
unsigned short port;
unsigned char enc:1;
} rev_proxy;
} proxy;
struct {
char webroot[256];
unsigned char dir_mode:2;
} local;
};
} host_config;
} host_config_t;
typedef struct {
char name[256];
char full_chain[256];
char priv_key[256];
} cert_config;
} cert_config_t;
typedef struct {
host_config hosts[CONFIG_MAX_HOST_CONFIG];
cert_config certs[CONFIG_MAX_CERT_CONFIG];
} t_config;
host_config_t hosts[CONFIG_MAX_HOST_CONFIG];
cert_config_t certs[CONFIG_MAX_CERT_CONFIG];
char geoip_dir[256];
char dns_server[256];
} config_t;
extern t_config *config;
extern char geoip_dir[256], dns_server[256];
int config_init();
extern config_t config;
int config_load(const char *filename);
int config_unload();
#endif //NECRONDA_SERVER_CONFIG_H
#endif //SESIMOS_CONFIG_H

166
src/lib/fastcgi.c
View File

@@ -1,19 +1,23 @@
/**
* Necronda Web Server
* FastCGI interface implementation
* src/lib/fastcgi.c
* Lorenz Stechauner, 2020-12-26
* sesimos - secure, simple, modern web server
* @brief FastCGI interface implementation
* @file src/lib/fastcgi.c
* @author Lorenz Stechauner
* @date 2020-12-26
*/
#include "fastcgi.h"
#include "utils.h"
#include "compress.h"
#include "../necronda-server.h"
#include "../server.h"
#include "../logger.h"
#include <sys/un.h>
#include <sys/socket.h>
#include <errno.h>
#include <string.h>
char *fastcgi_add_param(char *buf, const char *key, const char *value) {
char *ptr = buf;
unsigned long key_len = strlen(key);
@@ -41,16 +45,15 @@ char *fastcgi_add_param(char *buf, const char *key, const char *value) {
ptr += 4;
}
memcpy(ptr, key, key_len);
strcpy(ptr, key);
ptr += key_len;
memcpy(ptr, value, val_len);
strcpy(ptr, value);
ptr += val_len;
return ptr;
}
int fastcgi_init(fastcgi_conn *conn, int mode, unsigned int client_num, unsigned int req_num, const sock *client,
const http_req *req, const http_uri *uri) {
int fastcgi_init(fastcgi_conn *conn, int mode, unsigned int client_num, unsigned int req_num, const sock *client, const http_req *req, const http_uri *uri) {
unsigned short req_id = (client_num & 0xFFF) << 4;
if (client_num == 0) {
req_id |= (req_num + 1) & 0xF;
@@ -65,20 +68,20 @@ int fastcgi_init(fastcgi_conn *conn, int mode, unsigned int client_num, unsigned
int fcgi_sock = socket(AF_UNIX, SOCK_STREAM, 0);
if (fcgi_sock < 0) {
print(ERR_STR "Unable to create unix socket: %s" CLR_STR, strerror(errno));
error("Unable to create unix socket");
return -1;
}
conn->socket = fcgi_sock;
struct sockaddr_un sock_addr = {AF_UNIX};
if (conn->mode == FASTCGI_NECRONDA) {
snprintf(sock_addr.sun_path, sizeof(sock_addr.sun_path) - 1, "%s", NECRONDA_BACKEND_SOCKET);
if (conn->mode == FASTCGI_SESIMOS) {
snprintf(sock_addr.sun_path, sizeof(sock_addr.sun_path) - 1, "%s", SESIMOS_BACKEND_SOCKET);
} else if (conn->mode == FASTCGI_PHP) {
snprintf(sock_addr.sun_path, sizeof(sock_addr.sun_path) - 1, "%s", PHP_FPM_SOCKET);
}
if (connect(conn->socket, (struct sockaddr *) &sock_addr, sizeof(sock_addr)) < 0) {
print(ERR_STR "Unable to connect to unix socket of FastCGI socket: %s" CLR_STR, strerror(errno));
error("Unable to connect to unix socket of FastCGI socket");
return -1;
}
@@ -98,7 +101,7 @@ int fastcgi_init(fastcgi_conn *conn, int mode, unsigned int client_num, unsigned
{.roleB1 = (FCGI_RESPONDER >> 8) & 0xFF, .roleB0 = FCGI_RESPONDER & 0xFF, .flags = 0}
};
if (send(conn->socket, &begin, sizeof(begin), 0) != sizeof(begin)) {
print(ERR_STR "Unable to send to FastCGI socket: %s" CLR_STR, strerror(errno));
error("Unable to send to FastCGI socket");
return -2;
}
@@ -129,8 +132,8 @@ int fastcgi_init(fastcgi_conn *conn, int mode, unsigned int client_num, unsigned
addr = (struct sockaddr_in6 *) &addr_storage;
sprintf(buf0, "%i", addr->sin6_port);
param_ptr = fastcgi_add_param(param_ptr, "REMOTE_PORT", buf0);
param_ptr = fastcgi_add_param(param_ptr, "REMOTE_ADDR", client_addr_str);
param_ptr = fastcgi_add_param(param_ptr, "REMOTE_HOST", client_host_str != NULL ? client_host_str : client_addr_str);
param_ptr = fastcgi_add_param(param_ptr, "REMOTE_ADDR", conn->ctx->addr);
param_ptr = fastcgi_add_param(param_ptr, "REMOTE_HOST", conn->ctx->host[0] != 0 ? conn->ctx->host : conn->ctx->addr);
//param_ptr = fastcgi_add_param(param_ptr, "REMOTE_IDENT", "");
//param_ptr = fastcgi_add_param(param_ptr, "REMOTE_USER", "");
@@ -149,19 +152,21 @@ int fastcgi_init(fastcgi_conn *conn, int mode, unsigned int client_num, unsigned
param_ptr = fastcgi_add_param(param_ptr, "PATH_INFO", buf0);
//param_ptr = fastcgi_add_param(param_ptr, "AUTH_TYPE", "");
char *content_length = http_get_header_field(&req->hdr, "Content-Length");
const char *content_length = http_get_header_field(&req->hdr, "Content-Length");
param_ptr = fastcgi_add_param(param_ptr, "CONTENT_LENGTH", content_length != NULL ? content_length : "");
char *content_type = http_get_header_field(&req->hdr, "Content-Type");
const char *content_type = http_get_header_field(&req->hdr, "Content-Type");
param_ptr = fastcgi_add_param(param_ptr, "CONTENT_TYPE", content_type != NULL ? content_type : "");
if (client_geoip != NULL) {
param_ptr = fastcgi_add_param(param_ptr, "REMOTE_INFO", client_geoip);
}
//if (conn->ctx->geoip[0] != 0) {
// param_ptr = fastcgi_add_param(param_ptr, "REMOTE_INFO", conn->ctx->geoip);
//}
for (int i = 0; i < req->hdr.field_num; i++) {
const http_field *f = &req->hdr.fields[i];
const char *name = http_field_get_name(f);
char *ptr = buf0;
ptr += sprintf(ptr, "HTTP_");
for (int j = 0; j < strlen(req->hdr.fields[i][0]); j++, ptr++) {
char ch = req->hdr.fields[i][0][j];
for (int j = 0; j < strlen(name); j++, ptr++) {
char ch = name[j];
if ((ch >= 'A' && ch <= 'Z') || (ch >= '0' && ch <= '9')) {
ch = ch;
} else if (ch >= 'a' && ch <= 'z') {
@@ -172,7 +177,7 @@ int fastcgi_init(fastcgi_conn *conn, int mode, unsigned int client_num, unsigned
ptr[0] = ch;
ptr[1] = 0;
}
param_ptr = fastcgi_add_param(param_ptr, buf0, req->hdr.fields[i][1]);
param_ptr = fastcgi_add_param(param_ptr, buf0, http_field_get_value(f));
}
unsigned short param_len = param_ptr - param_buf - sizeof(header);
@@ -181,7 +186,7 @@ int fastcgi_init(fastcgi_conn *conn, int mode, unsigned int client_num, unsigned
header.contentLengthB0 = param_len & 0xFF;
memcpy(param_buf, &header, sizeof(header));
if (send(conn->socket, param_buf, param_len + sizeof(header), 0) != param_len + sizeof(header)) {
print(ERR_STR "Unable to send to FastCGI socket: %s" CLR_STR, strerror(errno));
error("Unable to send to FastCGI socket");
return -2;
}
@@ -189,7 +194,7 @@ int fastcgi_init(fastcgi_conn *conn, int mode, unsigned int client_num, unsigned
header.contentLengthB1 = 0;
header.contentLengthB0 = 0;
if (send(conn->socket, &header, sizeof(header), 0) != sizeof(header)) {
print(ERR_STR "Unable to send to FastCGI socket: %s" CLR_STR, strerror(errno));
error("Unable to send to FastCGI socket");
return -2;
}
@@ -209,7 +214,7 @@ int fastcgi_close_stdin(fastcgi_conn *conn) {
};
if (send(conn->socket, &header, sizeof(header), 0) != sizeof(header)) {
print(ERR_STR "Unable to send to FastCGI socket: %s" CLR_STR, strerror(errno));
error("Unable to send to FastCGI socket");
return -2;
}
@@ -219,13 +224,14 @@ int fastcgi_close_stdin(fastcgi_conn *conn) {
int fastcgi_php_error(const fastcgi_conn *conn, const char *msg, int msg_len, char *err_msg) {
char *msg_str = malloc(msg_len + 1);
char *ptr0 = msg_str;
strncpy(msg_str, msg, msg_len);
memcpy(msg_str, msg, msg_len);
msg_str[msg_len] = 0;
char *ptr1 = NULL;
int len;
int err = 0;
// FIXME *msg is part of a stream, handle fragmented lines
while (1) {
int msg_type = 0;
log_lvl_t msg_type = LOG_INFO;
int msg_pre_len = 0;
ptr1 = strstr(ptr0, "PHP message: ");
if (ptr1 == NULL) {
@@ -239,16 +245,16 @@ int fastcgi_php_error(const fastcgi_conn *conn, const char *msg, int msg_len, ch
}
if (len >= 14 && strncmp(ptr0, "PHP Warning: ", 14) == 0) {
msg_type = 1;
msg_type = LOG_WARNING;
msg_pre_len = 14;
} else if (len >= 18 && strncmp(ptr0, "PHP Fatal error: ", 18) == 0) {
msg_type = 2;
msg_type = LOG_ERROR;
msg_pre_len = 18;
} else if (len >= 18 && strncmp(ptr0, "PHP Parse error: ", 18) == 0) {
msg_type = 2;
msg_type = LOG_ERROR;
msg_pre_len = 18;
} else if (len >= 18 && strncmp(ptr0, "PHP Notice: ", 13) == 0) {
msg_type = 1;
msg_type = LOG_NOTICE;
msg_pre_len = 13;
}
@@ -261,7 +267,7 @@ int fastcgi_php_error(const fastcgi_conn *conn, const char *msg, int msg_len, ch
if (ptr3 != NULL && (ptr3 - ptr2) < len2) {
len2 = (int) (ptr3 - ptr2);
}
print("%s%.*s%s", msg_type == 1 ? WRN_STR : msg_type == 2 ? ERR_STR : "", len2, ptr2, CLR_STR);
logmsgf(msg_type, "%.*s", len2, ptr2);
if (msg_type == 2 && ptr2 == ptr0) {
strcpy_rem_webroot(err_msg, ptr2, len2, conn->webroot);
err = 1;
@@ -294,12 +300,12 @@ int fastcgi_header(fastcgi_conn *conn, http_res *res, char *err_msg) {
if (ret < 0) {
res->status = http_get_status(500);
sprintf(err_msg, "Unable to communicate with FastCGI socket.");
print(ERR_STR "Unable to receive from FastCGI socket: %s" CLR_STR, strerror(errno));
error("Unable to receive from FastCGI socket");
return 1;
} else if (ret != sizeof(header)) {
res->status = http_get_status(500);
sprintf(err_msg, "Unable to communicate with FastCGI socket.");
print(ERR_STR "Unable to receive from FastCGI socket" CLR_STR);
error("Unable to receive from FastCGI socket");
return 1;
}
req_id = (header.requestIdB1 << 8) | header.requestIdB0;
@@ -309,13 +315,13 @@ int fastcgi_header(fastcgi_conn *conn, http_res *res, char *err_msg) {
if (ret < 0) {
res->status = http_get_status(500);
sprintf(err_msg, "Unable to communicate with FastCGI socket.");
print(ERR_STR "Unable to receive from FastCGI socket: %s" CLR_STR, strerror(errno));
error("Unable to receive from FastCGI socket");
free(content);
return 1;
} else if (ret != (content_len + header.paddingLength)) {
res->status = http_get_status(500);
sprintf(err_msg, "Unable to communicate with FastCGI socket.");
print(ERR_STR "Unable to receive from FastCGI socket" CLR_STR);
error("Unable to receive from FastCGI socket");
free(content);
return 1;
}
@@ -329,24 +335,24 @@ int fastcgi_header(fastcgi_conn *conn, http_res *res, char *err_msg) {
int app_status = (body->appStatusB3 << 24) | (body->appStatusB2 << 16) | (body->appStatusB1 << 8) |
body->appStatusB0;
if (body->protocolStatus != FCGI_REQUEST_COMPLETE) {
print(ERR_STR "FastCGI protocol error: %i" CLR_STR, body->protocolStatus);
error("FastCGI protocol error: %i", body->protocolStatus);
}
if (app_status != 0) {
print(ERR_STR "FastCGI app terminated with exit code %i" CLR_STR, app_status);
error("FastCGI app terminated with exit code %i", app_status);
}
close(conn->socket);
conn->socket = 0;
free(content);
return 1;
} else if (header.type == FCGI_STDERR) {
// TODO implement Necronda backend error handling
// TODO implement Sesimos backend error handling
if (conn->mode == FASTCGI_PHP) {
err = err || fastcgi_php_error(conn, content, content_len, err_msg);
}
} else if (header.type == FCGI_STDOUT) {
break;
} else {
print(ERR_STR "Unknown FastCGI type: %i" CLR_STR, header.type);
error("Unknown FastCGI type: %i", header.type);
}
free(content);
@@ -363,13 +369,13 @@ int fastcgi_header(fastcgi_conn *conn, http_res *res, char *err_msg) {
char *buf = content;
unsigned short header_len = conn->out_off;
if (header_len <= 0) {
print(ERR_STR "Unable to parse header: End of header not found" CLR_STR);
error("Unable to parse header: End of header not found");
return 1;
}
for (int i = 0; i < header_len; i++) {
if ((buf[i] >= 0x00 && buf[i] <= 0x1F && buf[i] != '\r' && buf[i] != '\n') || buf[i] == 0x7F) {
print(ERR_STR "Unable to parse header: Header contains illegal characters" CLR_STR);
error("Unable to parse header: Header contains illegal characters");
return 2;
}
}
@@ -378,11 +384,11 @@ int fastcgi_header(fastcgi_conn *conn, http_res *res, char *err_msg) {
while (header_len != (ptr - buf)) {
char *pos0 = strstr(ptr, "\r\n");
if (pos0 == NULL) {
print(ERR_STR "Unable to parse header: Invalid header format" CLR_STR);
error("Unable to parse header: Invalid header format");
return 1;
}
ret = http_parse_header_field(&res->hdr, ptr, pos0);
ret = http_parse_header_field(&res->hdr, ptr, pos0, 0);
if (ret != 0) return (int) ret;
if (pos0[2] == '\r' && pos0[3] == '\n') {
return 0;
@@ -407,13 +413,13 @@ int fastcgi_send(fastcgi_conn *conn, sock *client, int flags) {
if (flags & FASTCGI_COMPRESS_BR) {
flags &= ~FASTCGI_COMPRESS_GZ;
if (compress_init(&comp_ctx, COMPRESS_BR) != 0) {
print(ERR_STR "Unable to init brotli: %s" CLR_STR, strerror(errno));
error("Unable to init brotli");
flags &= ~FASTCGI_COMPRESS_BR;
}
} else if (flags & FASTCGI_COMPRESS_GZ) {
flags &= ~FASTCGI_COMPRESS_BR;
if (compress_init(&comp_ctx, COMPRESS_GZ) != 0) {
print(ERR_STR "Unable to init gzip: %s" CLR_STR, strerror(errno));
error("Unable to init gzip");
flags &= ~FASTCGI_COMPRESS_GZ;
}
}
@@ -428,11 +434,10 @@ int fastcgi_send(fastcgi_conn *conn, sock *client, int flags) {
while (1) {
ret = recv(conn->socket, &header, sizeof(header), 0);
if (ret < 0) {
print(ERR_STR "Unable to receive from FastCGI socket: %s" CLR_STR, strerror(errno));
error("Unable to receive from FastCGI socket");
return -1;
} else if (ret != sizeof(header)) {
print(ERR_STR "Unable to receive from FastCGI socket: received len (%li) != header len (%li)" CLR_STR,
ret, sizeof(header));
error("Unable to receive from FastCGI socket: received len (%li) != header len (%li)", ret, sizeof(header));
return -1;
}
@@ -445,7 +450,7 @@ int fastcgi_send(fastcgi_conn *conn, sock *client, int flags) {
while (rcv_len < content_len + header.paddingLength) {
ret = recv(conn->socket, content + rcv_len, content_len + header.paddingLength - rcv_len, 0);
if (ret < 0) {
print(ERR_STR "Unable to receive from FastCGI socket: %s" CLR_STR, strerror(errno));
error("Unable to receive from FastCGI socket");
free(content);
return -1;
}
@@ -457,10 +462,10 @@ int fastcgi_send(fastcgi_conn *conn, sock *client, int flags) {
int app_status = (body->appStatusB3 << 24) | (body->appStatusB2 << 16) | (body->appStatusB1 << 8) |
body->appStatusB0;
if (body->protocolStatus != FCGI_REQUEST_COMPLETE) {
print(ERR_STR "FastCGI protocol error: %i" CLR_STR, body->protocolStatus);
error("FastCGI protocol error: %i", body->protocolStatus);
}
if (app_status != 0) {
print(ERR_STR "FastCGI app terminated with exit code %i" CLR_STR, app_status);
error("FastCGI app terminated with exit code %i", app_status);
}
close(conn->socket);
conn->socket = 0;
@@ -480,7 +485,7 @@ int fastcgi_send(fastcgi_conn *conn, sock *client, int flags) {
return 0;
} else if (header.type == FCGI_STDERR) {
// TODO implement Necronda backend error handling
// TODO implement Sesimos backend error handling
if (conn->mode == FASTCGI_PHP) {
fastcgi_php_error(conn, content, content_len, buf0);
}
@@ -488,13 +493,12 @@ int fastcgi_send(fastcgi_conn *conn, sock *client, int flags) {
unsigned long avail_in, avail_out;
out:
avail_in = content_len;
void *next_in = ptr;
char *next_in = ptr;
do {
int buf_len = content_len;
if (flags & FASTCGI_COMPRESS) {
avail_out = sizeof(comp_out);
compress_compress(&comp_ctx, next_in + content_len - avail_in, &avail_in, comp_out, &avail_out,
finish_comp);
compress_compress(&comp_ctx, next_in + content_len - avail_in, &avail_in, comp_out, &avail_out, finish_comp);
ptr = comp_out;
buf_len = (int) (sizeof(comp_out) - avail_out);
}
@@ -507,7 +511,7 @@ int fastcgi_send(fastcgi_conn *conn, sock *client, int flags) {
} while ((flags & FASTCGI_COMPRESS) && (avail_in != 0 || avail_out != sizeof(comp_out)));
if (finish_comp) goto finish;
} else {
print(ERR_STR "Unknown FastCGI type: %i" CLR_STR, header.type);
error("Unknown FastCGI type: %i", header.type);
}
free(content);
}
@@ -527,11 +531,10 @@ int fastcgi_dump(fastcgi_conn *conn, char *buf, long len) {
while (1) {
ret = recv(conn->socket, &header, sizeof(header), 0);
if (ret < 0) {
print(ERR_STR "Unable to receive from FastCGI socket: %s" CLR_STR, strerror(errno));
error("Unable to receive from FastCGI socket");
return -1;
} else if (ret != sizeof(header)) {
print(ERR_STR "Unable to receive from FastCGI socket: received len (%li) != header len (%li)" CLR_STR,
ret, sizeof(header));
error("Unable to receive from FastCGI socket: received len (%li) != header len (%li)", ret, sizeof(header));
return -1;
}
@@ -543,7 +546,7 @@ int fastcgi_dump(fastcgi_conn *conn, char *buf, long len) {
while (rcv_len < content_len + header.paddingLength) {
ret = recv(conn->socket, content + rcv_len, content_len + header.paddingLength - rcv_len, 0);
if (ret < 0) {
print(ERR_STR "Unable to receive from FastCGI socket: %s" CLR_STR, strerror(errno));
error("Unable to receive from FastCGI socket");
free(content);
return -1;
}
@@ -555,10 +558,10 @@ int fastcgi_dump(fastcgi_conn *conn, char *buf, long len) {
int app_status = (body->appStatusB3 << 24) | (body->appStatusB2 << 16) | (body->appStatusB1 << 8) |
body->appStatusB0;
if (body->protocolStatus != FCGI_REQUEST_COMPLETE) {
print(ERR_STR "FastCGI protocol error: %i" CLR_STR, body->protocolStatus);
error("FastCGI protocol error: %i", body->protocolStatus);
}
if (app_status != 0) {
print(ERR_STR "FastCGI app terminated with exit code %i" CLR_STR, app_status);
error("FastCGI app terminated with exit code %i", app_status);
}
close(conn->socket);
conn->socket = 0;
@@ -566,14 +569,14 @@ int fastcgi_dump(fastcgi_conn *conn, char *buf, long len) {
return 0;
} else if (header.type == FCGI_STDERR) {
// TODO implement Necronda backend error handling
// TODO implement Sesimos backend error handling
if (conn->mode == FASTCGI_PHP) {
fastcgi_php_error(conn, content, content_len, buf0);
}
} else if (header.type == FCGI_STDOUT) {
ptr += snprintf(ptr, len - (ptr - buf), "%.*s", content_len, content);
} else {
print(ERR_STR "Unknown FastCGI type: %i" CLR_STR, header.type);
error("Unknown FastCGI type: %i", header.type);
}
free(content);
}
@@ -594,29 +597,40 @@ int fastcgi_receive(fastcgi_conn *conn, sock *client, unsigned long len) {
.reserved = 0
};
if (client->buf != NULL && client->buf_len - client->buf_off > 0) {
ret = (int) (client->buf_len - client->buf_off);
memcpy(buf, client->buf + client->buf_off, ret);
goto send;
}
while (rcv_len < len) {
ret = sock_recv(client, buf, sizeof(buf), 0);
if (ret <= 0) {
print(ERR_STR "Unable to receive: %s" CLR_STR, sock_strerror(client));
error("Unable to receive: %s", sock_strerror(client));
return -1;
}
send:
rcv_len += ret;
header.contentLengthB1 = (ret >> 8) & 0xFF;
header.contentLengthB0 = ret & 0xFF;
if (send(conn->socket, &header, sizeof(header), 0) != sizeof(header)) goto err;
if (send(conn->socket, buf, ret, 0) != ret) {
err:
print(ERR_STR "Unable to send to FastCGI socket: %s" CLR_STR, strerror(errno));
error("Unable to send to FastCGI socket");
return -2;
}
}
return 0;
}
int fastcgi_receive_chunked(fastcgi_conn *conn, sock *client) {
long ret;
unsigned long next_len;
while (1) {
ret = sock_get_chunk_header(client);
if (ret < 0) return (int) ret;
next_len = ret;
if (next_len <= 0) break;
ret = fastcgi_receive(conn, client, next_len);
if (ret < 0) return (int) ret;
}
return 0;
}

23
src/lib/fastcgi.h
View File

@@ -1,16 +1,18 @@
/**
* Necronda Web Server
* FastCGI interface implementation (header file)
* src/lib/fastcgi.h
* Lorenz Stechauner, 2020-12-26
* sesimos - secure, simple, modern web server
* @brief FastCGI interface implementation (header file)
* @file src/lib/fastcgi.h
* @author Lorenz Stechauner
* @date 2020-12-26
*/
#ifndef NECRONDA_SERVER_FASTCGI_H
#define NECRONDA_SERVER_FASTCGI_H
#ifndef SESIMOS_FASTCGI_H
#define SESIMOS_FASTCGI_H
#include "include/fastcgi.h"
#include "http.h"
#include "uri.h"
#include "../client.h"
#define FASTCGI_CHUNKED 1
#define FASTCGI_COMPRESS_GZ 2
@@ -19,13 +21,13 @@
#define FASTCGI_COMPRESS_HOLD 8
#define FASTCGI_PHP 1
#define FASTCGI_NECRONDA 2
#define FASTCGI_SESIMOS 2
#ifndef PHP_FPM_SOCKET
# define PHP_FPM_SOCKET "/var/run/php-fpm/php-fpm.sock"
#endif
#define NECRONDA_BACKEND_SOCKET "/var/run/necronda/necronda-backend.sock"
#define SESIMOS_BACKEND_SOCKET "/var/run/sesimos/backend.sock"
typedef struct {
int mode;
@@ -35,6 +37,7 @@ typedef struct {
const char *webroot;
unsigned short out_len;
unsigned short out_off;
client_ctx_t *ctx;
} fastcgi_conn;
char *fastcgi_add_param(char *buf, const char *key, const char *value);
@@ -54,4 +57,6 @@ int fastcgi_dump(fastcgi_conn *conn, char *buf, long len);
int fastcgi_receive(fastcgi_conn *conn, sock *client, unsigned long len);
#endif //NECRONDA_SERVER_FASTCGI_H
int fastcgi_receive_chunked(fastcgi_conn *conn, sock *client);
#endif //SESIMOS_FASTCGI_H

153
src/lib/geoip.c
View File

@@ -1,13 +1,20 @@
/**
* Necronda Web Server
* MaxMind GeoIP Database interface
* src/lib/geoip.c
* Lorenz Stechauner, 2021-05-04
* sesimos - secure, simple, modern web server
* @brief MaxMind GeoIP Database interface
* @file src/lib/geoip.c
* @author Lorenz Stechauner
* @date 2021-05-04
*/
#include "geoip.h"
#include "../logger.h"
#include <memory.h>
#include <dirent.h>
MMDB_entry_data_list_s *mmdb_json(MMDB_entry_data_list_s *list, char *str, long *str_off, long str_len) {
static MMDB_s mmdbs[GEOIP_MAX_MMDB];
static MMDB_entry_data_list_s *geoip_json(MMDB_entry_data_list_s *list, char *str, long *str_off, long str_len) {
switch (list->entry_data.type) {
case MMDB_DATA_TYPE_MAP:
*str_off += sprintf(str + *str_off, "{");
@@ -31,7 +38,7 @@ MMDB_entry_data_list_s *mmdb_json(MMDB_entry_data_list_s *list, char *str, long
*str_off += sprintf(str + *str_off, "%llu", (unsigned long long) list->entry_data.uint128);
break;
case MMDB_DATA_TYPE_INT32:
*str_off += sprintf(str + *str_off, "%i", list->entry_data.uint32);
*str_off += sprintf(str + *str_off, "%i", list->entry_data.int32);
break;
case MMDB_DATA_TYPE_BOOLEAN:
*str_off += sprintf(str + *str_off, "%s", list->entry_data.boolean ? "true" : "false");
@@ -43,13 +50,14 @@ MMDB_entry_data_list_s *mmdb_json(MMDB_entry_data_list_s *list, char *str, long
*str_off += sprintf(str + *str_off, "%f", list->entry_data.double_value);
break;
}
if (list->entry_data.type != MMDB_DATA_TYPE_MAP && list->entry_data.type != MMDB_DATA_TYPE_ARRAY) {
if (list->entry_data.type != MMDB_DATA_TYPE_MAP && list->entry_data.type != MMDB_DATA_TYPE_ARRAY)
return list->next;
}
MMDB_entry_data_list_s *next = list->next;
int stat = 0;
for (int i = 0; i < list->entry_data.data_size; i++) {
next = mmdb_json(next, str, str_off, str_len);
next = geoip_json(next, str, str_off, str_len);
if (list->entry_data.type == MMDB_DATA_TYPE_MAP) {
stat = !stat;
if (stat) {
@@ -58,12 +66,127 @@ MMDB_entry_data_list_s *mmdb_json(MMDB_entry_data_list_s *list, char *str, long
continue;
}
}
if (i != list->entry_data.data_size - 1) *str_off += sprintf(str + *str_off, ",");
}
if (list->entry_data.type == MMDB_DATA_TYPE_MAP) {
*str_off += sprintf(str + *str_off, "}");
} else {
*str_off += sprintf(str + *str_off, "]");
if (i != list->entry_data.data_size - 1)
*str_off += sprintf(str + *str_off, ",");
}
*str_off += sprintf(str + *str_off, (list->entry_data.type == MMDB_DATA_TYPE_MAP) ? "}" : "]");
return next;
}
int geoip_init(const char *directory) {
char buf[512];
memset(mmdbs, 0, sizeof(mmdbs));
if (directory[0] == 0)
return 0;
DIR *geoip_dir;
if ((geoip_dir = opendir(directory)) == NULL)
return -1;
struct dirent *entry;
int i = 0, status;
while ((entry = readdir(geoip_dir)) != NULL) {
if (strcmp(entry->d_name + strlen(entry->d_name) - 5, ".mmdb") != 0)
continue;
if (i >= GEOIP_MAX_MMDB) {
critical("Unable to initialize geoip: Too many .mmdb files");
closedir(geoip_dir);
return 1;
}
sprintf(buf, "%s/%s", directory, entry->d_name);
if ((status = MMDB_open(buf, 0, &mmdbs[i])) != MMDB_SUCCESS) {
critical("Unable to initialize geoip: Unable to open .mmdb file: %s", MMDB_strerror(status));
closedir(geoip_dir);
return 1;
}
i++;
}
closedir(geoip_dir);
if (i == 0) {
critical("Unable to initialize geoip: No .mmdb files found in %s", directory);
return 1;
}
return 0;
}
void geoip_free() {
for (int i = 0; i < GEOIP_MAX_MMDB && mmdbs[i].file_content != NULL; i++) {
MMDB_close(&mmdbs[i]);
}
}
int geoip_lookup_country(struct sockaddr *addr, char *str) {
for (int i = 0; i < GEOIP_MAX_MMDB && mmdbs[i].file_content != NULL; i++) {
// lookup
int mmdb_res;
MMDB_lookup_result_s result = MMDB_lookup_sockaddr(&mmdbs[i], addr, &mmdb_res);
if (mmdb_res != MMDB_SUCCESS) {
return -1;
} else if (!result.found_entry) {
continue;
}
// get country iso code
MMDB_entry_data_s data;
int status;
if ((status = MMDB_get_value(&result.entry, &data, "country", "iso_code", NULL)) != MMDB_SUCCESS) {
if (status == MMDB_IO_ERROR) {
}
return -1;
}
// no, or invalid data
if (!data.has_data || data.type != MMDB_DATA_TYPE_UTF8_STRING)
continue;
// return country code
sprintf(str, "%.2s", data.utf8_string);
return 0;
}
// not found
return 1;
}
int geoip_lookup_json(struct sockaddr *addr, char *json, long len) {
long str_off = 0;
for (int i = 0; i < GEOIP_MAX_MMDB && mmdbs[i].filename != NULL; i++) {
int mmdb_res;
MMDB_lookup_result_s result = MMDB_lookup_sockaddr(&mmdbs[i], addr, &mmdb_res);
if (mmdb_res != MMDB_SUCCESS) {
error("Unable to lookup geoip info: %s", MMDB_strerror(mmdb_res));
continue;
} else if (!result.found_entry) {
continue;
}
MMDB_entry_data_list_s *list;
if ((mmdb_res = MMDB_get_entry_data_list(&result.entry, &list)) != MMDB_SUCCESS) {
error("Unable to lookup geoip info: %s", MMDB_strerror(mmdb_res));
continue;
}
long prev = str_off;
if (str_off != 0) {
str_off--;
}
geoip_json(list, json, &str_off, len);
if (prev != 0) {
json[prev - 1] = ',';
}
MMDB_free_entry_data_list(list);
}
return 0;
}

24
src/lib/geoip.h
View File

@@ -1,18 +1,24 @@
/**
* Necronda Web Server
* MaxMind GeoIP Database interface (header file)
* src/lib/geoip.h
* Lorenz Stechauner, 2021-05-04
* sesimos - secure, simple, modern web server
* @brief MaxMind GeoIP Database interface (header file)
* @file src/lib/geoip.h
* @author Lorenz Stechauner
* @date 2021-05-04
*/
#ifndef NECRONDA_SERVER_GEOIP_H
#define NECRONDA_SERVER_GEOIP_H
#ifndef SESIMOS_GEOIP_H
#define SESIMOS_GEOIP_H
#include <maxminddb.h>
#define GEOIP_MAX_SIZE 8192
#define GEOIP_MAX_JSON_SIZE 8192
#define GEOIP_MAX_MMDB 3
MMDB_entry_data_list_s *mmdb_json(MMDB_entry_data_list_s *list, char *str, long *str_off, long str_len);
int geoip_init(const char *directory);
#endif //NECRONDA_SERVER_GEOIP_H
void geoip_free();
int geoip_lookup_country(struct sockaddr *addr, char *str);
#endif //SESIMOS_GEOIP_H

283
src/lib/http.c
View File

@@ -1,18 +1,24 @@
/**
* Necronda Web Server
* HTTP implementation
* src/lib/http.c
* Lorenz Stechauner, 2020-12-09
* sesimos - secure, simple, modern web server
* @brief HTTP implementation
* @file src/lib/http.c
* @author Lorenz Stechauner
* @date 2020-12-09
*/
#include "../logger.h"
#include "http.h"
#include "utils.h"
#include "compress.h"
#include <string.h>
void http_to_camel_case(char *str, int mode) {
char last = '-';
char ch;
if (mode == HTTP_PRESERVE)
return;
char ch, last = '-';
for (int i = 0; i < strlen(str); i++) {
ch = str[i];
if (mode == HTTP_CAMEL && last == '-' && ch >= 'a' && ch <= 'z') {
@@ -24,12 +30,50 @@ void http_to_camel_case(char *str, int mode) {
}
}
const char *http_field_get_name(const http_field *field) {
if (field->type == HTTP_FIELD_NORMAL) {
return field->normal.name;
} else if (field->type == HTTP_FIELD_EX_VALUE) {
return field->ex_value.name;
} else if (field->type == HTTP_FIELD_EX_NAME) {
return field->ex_name.name;
}
return NULL;
}
const char *http_field_get_value(const http_field *field) {
if (field->type == HTTP_FIELD_NORMAL) {
return field->normal.value;
} else if (field->type == HTTP_FIELD_EX_VALUE) {
return field->ex_value.value;
} else if (field->type == HTTP_FIELD_EX_NAME) {
return field->ex_name.value;
}
return NULL;
}
void http_free_field(http_field *f) {
if (f->type == HTTP_FIELD_NORMAL) {
f->normal.name[0] = 0;
f->normal.value[0] = 0;
} else if (f->type == HTTP_FIELD_EX_VALUE) {
f->ex_value.name[0] = 0;
free(f->ex_value.value);
f->ex_value.value = NULL;
} else if (f->type == HTTP_FIELD_EX_NAME) {
free(f->ex_name.name);
free(f->ex_name.value);
f->ex_name.name = NULL;
f->ex_name.value = NULL;
}
}
void http_free_hdr(http_hdr *hdr) {
for (int i = 0; i < hdr->field_num; i++) {
free(hdr->fields[i][0]);
free(hdr->fields[i][1]);
http_free_field(&hdr->fields[i]);
}
hdr->field_num = 0;
hdr->last_field_num = -1;
}
void http_free_req(http_req *req) {
@@ -42,62 +86,83 @@ void http_free_res(http_res *res) {
http_free_hdr(&res->hdr);
}
int http_parse_header_field(http_hdr *hdr, const char *buf, const char *end_ptr) {
char *pos1 = memchr(buf, ':', end_ptr - buf);
char *pos2;
if (pos1 == NULL) {
print(ERR_STR "Unable to parse header" CLR_STR);
int http_parse_header_field(http_hdr *hdr, const char *buf, const char *end_ptr, int flags) {
if (hdr->last_field_num > hdr->field_num) {
error("Unable to parse header: Invalid state");
return 3;
}
long len = pos1 - buf;
hdr->fields[(int) hdr->field_num][0] = malloc(len + 1);
sprintf(hdr->fields[(int) hdr->field_num][0], "%.*s", (int) len, buf);
http_to_camel_case(hdr->fields[(int) hdr->field_num][0], HTTP_CAMEL);
char *pos1 = (char *) buf, *pos2 = (char *) end_ptr;
if (buf[0] == ' ' || buf[0] == '\t') {
if (hdr->last_field_num == -1) {
error("Unable to parse header");
return 3;
}
http_field *f = &hdr->fields[(int) hdr->last_field_num];
str_trim_lws(&pos1, &pos2);
http_append_to_header_field(f, pos1, pos2 - pos1);
return 0;
}
pos1 = memchr(buf, ':', end_ptr - buf);
if (pos1 == NULL) {
error("Unable to parse header");
return 3;
}
long len1 = pos1 - buf;
pos1++;
pos2 = (char *) end_ptr - 1;
while (pos1[0] == ' ') pos1++;
while (pos2[0] == ' ') pos2--;
len = pos2 - pos1 + 1;
str_trim_lws(&pos1, &pos2);
long len2 = pos2 - pos1;
if (len <= 0) {
hdr->fields[(int) hdr->field_num][1] = malloc(1);
hdr->fields[(int) hdr->field_num][1][0] = 0;
char field_num = hdr->field_num;
int found = http_get_header_field_num_len(hdr, buf, len1);
if (!(flags & HTTP_MERGE_FIELDS) || found == -1) {
if (http_add_header_field_len(hdr, buf, len1, pos1, len2 < 0 ? 0 : len2) != 0) {
error("Unable to parse header: Too many header fields");
return 3;
}
} else {
hdr->fields[(int) hdr->field_num][1] = malloc(len + 1);
sprintf(hdr->fields[(int) hdr->field_num][1], "%.*s", (int) len, pos1);
field_num = (char) found;
http_append_to_header_field(&hdr->fields[found], ", ", 2);
http_append_to_header_field(&hdr->fields[found], pos1, len2);
}
hdr->field_num++;
hdr->last_field_num = (char) field_num;
return 0;
}
int http_receive_request(sock *client, http_req *req) {
long rcv_len, len;
char *ptr, *pos0, *pos1, *pos2;
char buf[CLIENT_MAX_HEADER_SIZE];
char *ptr, *pos0 = buf, *pos1, *pos2;
memset(buf, 0, sizeof(buf));
memset(req->method, 0, sizeof(req->method));
memset(req->version, 0, sizeof(req->version));
req->uri = NULL;
req->hdr.field_num = 0;
req->hdr.last_field_num = -1;
while (1) {
rcv_len = sock_recv(client, buf, CLIENT_MAX_HEADER_SIZE, 0);
rcv_len = sock_recv(client, buf, CLIENT_MAX_HEADER_SIZE, MSG_PEEK);
if (rcv_len <= 0) {
print("Unable to receive http header: %s", sock_strerror(client));
error("Unable to receive http header: %s", sock_strerror(client));
return -1;
}
unsigned long header_len = strstr(buf, "\r\n\r\n") - buf + 4;
if (header_len <= 0) {
print(ERR_STR "Unable to parse http header: End of header not found" CLR_STR);
error("Unable to parse http header: End of header not found");
return 5;
} else {
rcv_len = sock_recv(client, buf, header_len, 0);
}
for (int i = 0; i < header_len; i++) {
if ((buf[i] >= 0x00 && buf[i] <= 0x1F && buf[i] != '\r' && buf[i] != '\n') || buf[i] == 0x7F) {
print(ERR_STR "Unable to parse http header: Header contains illegal characters" CLR_STR);
error("Unable to parse http header: Header contains illegal characters");
return 4;
}
}
@@ -106,36 +171,36 @@ int http_receive_request(sock *client, http_req *req) {
while (header_len > (ptr - buf + 2)) {
pos0 = strstr(ptr, "\r\n");
if (pos0 == NULL) {
print(ERR_STR "Unable to parse http header: Invalid header format" CLR_STR);
error("Unable to parse http header: Invalid header format");
return 1;
}
if (req->version[0] == 0) {
pos1 = memchr(ptr, ' ', rcv_len - (ptr - buf)) + 1;
pos1 = (char *) memchr(ptr, ' ', rcv_len - (ptr - buf)) + 1;
if (pos1 == NULL) goto err_hdr_fmt;
if (pos1 - ptr - 1 >= sizeof(req->method)) {
print(ERR_STR "Unable to parse http header: Method name too long" CLR_STR);
error("Unable to parse http header: Method name too long");
return 2;
}
for (int i = 0; i < (pos1 - ptr - 1); i++) {
if (ptr[i] < 'A' || ptr[i] > 'Z') {
print(ERR_STR "Unable to parse http header: Invalid method" CLR_STR);
error("Unable to parse http header: Invalid method");
return 2;
}
}
snprintf(req->method, sizeof(req->method), "%.*s", (int) (pos1 - ptr - 1), ptr);
pos2 = memchr(pos1, ' ', rcv_len - (pos1 - buf)) + 1;
pos2 = (char *) memchr(pos1, ' ', rcv_len - (pos1 - buf)) + 1;
if (pos2 == NULL) {
err_hdr_fmt:
print(ERR_STR "Unable to parse http header: Invalid header format" CLR_STR);
error("Unable to parse http header: Invalid header format");
return 1;
}
if (memcmp(pos2, "HTTP/", 5) != 0 || memcmp(pos2 + 8, "\r\n", 2) != 0) {
print(ERR_STR "Unable to parse http header: Invalid version" CLR_STR);
error("Unable to parse http header: Invalid version");
return 3;
}
@@ -144,7 +209,7 @@ int http_receive_request(sock *client, http_req *req) {
sprintf(req->uri, "%.*s", (int) len, pos1);
sprintf(req->version, "%.3s", pos2 + 5);
} else {
int ret = http_parse_header_field(&req->hdr, ptr, pos0);
int ret = http_parse_header_field(&req->hdr, ptr, pos0, HTTP_MERGE_FIELDS);
if (ret != 0) return ret;
}
ptr = pos0 + 2;
@@ -154,41 +219,98 @@ int http_receive_request(sock *client, http_req *req) {
}
}
client->buf_len = rcv_len - (pos0 - buf + 4);
if (client->buf_len > 0) {
client->buf = malloc(client->buf_len);
client->buf_off = 0;
memcpy(client->buf, pos0 + 4, client->buf_len);
}
return 0;
}
char *http_get_header_field(const http_hdr *hdr, const char *field_name) {
char field_name_1[256], field_name_2[256];
strcpy(field_name_1, field_name);
http_to_camel_case(field_name_1, HTTP_LOWER);
for (int i = 0; i < hdr->field_num; i++) {
strcpy(field_name_2, hdr->fields[i][0]);
http_to_camel_case(field_name_2, HTTP_LOWER);
if (strcmp(field_name_1, field_name_2) == 0) {
return hdr->fields[i][1];
}
}
return NULL;
const char *http_get_header_field(const http_hdr *hdr, const char *field_name) {
return http_get_header_field_len(hdr, field_name, strlen(field_name));
}
void http_add_header_field(http_hdr *hdr, const char *field_name, const char *field_value) {
size_t len_name = strlen(field_name);
size_t len_value = strlen(field_value);
char *_field_name = malloc(len_name + 1);
char *_field_value = malloc(len_value + 1);
strcpy(_field_name, field_name);
strcpy(_field_value, field_value);
http_to_camel_case(_field_name, HTTP_PRESERVE);
hdr->fields[(int) hdr->field_num][0] = _field_name;
hdr->fields[(int) hdr->field_num][1] = _field_value;
const char *http_get_header_field_len(const http_hdr *hdr, const char *field_name, unsigned long len) {
int num = http_get_header_field_num_len(hdr, field_name, len);
return (num >= 0 && num < HTTP_MAX_HEADER_FIELD_NUM) ? http_field_get_value(&hdr->fields[num]) : NULL;
}
int http_get_header_field_num(const http_hdr *hdr, const char *field_name) {
return http_get_header_field_num_len(hdr, field_name, strlen(field_name));
}
int http_get_header_field_num_len(const http_hdr *hdr, const char *field_name, unsigned long len) {
char field_name_1[256], field_name_2[256];
memcpy(field_name_1, field_name, len);
field_name_1[len] = 0;
http_to_camel_case(field_name_1, HTTP_LOWER);
for (int i = 0; i < hdr->field_num; i++) {
strcpy(field_name_2, http_field_get_name(&hdr->fields[i]));
http_to_camel_case(field_name_2, HTTP_LOWER);
if (strcmp(field_name_1, field_name_2) == 0)
return i;
}
return -1;
}
int http_add_header_field(http_hdr *hdr, const char *field_name, const char *field_value) {
return http_add_header_field_len(hdr, field_name, strlen(field_name), field_value, strlen(field_value));
}
int http_add_header_field_len(http_hdr *hdr, const char *name, unsigned long name_len, const char *value, unsigned long value_len) {
if (hdr->field_num >= HTTP_MAX_HEADER_FIELD_NUM)
return -1;
http_field *f = &hdr->fields[(int) hdr->field_num];
if (name_len < sizeof(f->normal.name) && value_len < sizeof(f->normal.value)) {
f->type = HTTP_FIELD_NORMAL;
memcpy(f->normal.name, name, name_len);
memcpy(f->normal.value, value, value_len);
f->normal.name[name_len] = 0;
f->normal.value[value_len] = 0;
http_to_camel_case(f->normal.name, HTTP_PRESERVE);
} else if (name_len < sizeof(f->ex_value.name)) {
f->type = HTTP_FIELD_EX_VALUE;
f->ex_value.value = malloc(value_len + 1);
memcpy(f->ex_value.name, name, name_len);
memcpy(f->ex_value.value, value, value_len);
f->ex_value.name[name_len] = 0;
f->ex_value.value[value_len] = 0;
http_to_camel_case(f->ex_value.name, HTTP_PRESERVE);
} else {
f->type = HTTP_FIELD_EX_NAME;
f->ex_name.name = malloc(name_len + 1);
f->ex_name.value = malloc(value_len + 1);
memcpy(f->ex_name.name, name, name_len);
memcpy(f->ex_name.value, value, value_len);
f->ex_name.name[name_len] = 0;
f->ex_name.value[value_len] = 0;
http_to_camel_case(f->ex_name.name, HTTP_PRESERVE);
}
hdr->field_num++;
return 0;
}
void http_append_to_header_field(http_field *field, const char *value, unsigned long len) {
if (field->type == HTTP_FIELD_NORMAL) {
unsigned long total_len = strlen(field->normal.value) + len + 1;
if (total_len < sizeof(field->normal.value)) {
strncat(field->normal.value, value, len);
} else {
field->type = HTTP_FIELD_EX_VALUE;
char *new = malloc(total_len);
strcpy(new, field->normal.value);
strncat(new, value, len);
field->ex_value.value = new;
}
} else if (field->type == HTTP_FIELD_EX_VALUE) {
field->ex_value.value = realloc(field->ex_value.value, strlen(field->ex_value.value) + len + 1);
strncat(field->ex_value.value, value, len);
} else if (field->type == HTTP_FIELD_EX_NAME) {
field->ex_name.value = realloc(field->ex_name.value, strlen(field->ex_name.value) + len + 1);
strncat(field->ex_name.value, value, len);
}
}
void http_remove_header_field(http_hdr *hdr, const char *field_name, int mode) {
@@ -203,12 +325,11 @@ void http_remove_header_field(http_hdr *hdr, const char *field_name, int mode) {
diff = -1;
}
for (; i < hdr->field_num && i >= 0; i += diff) {
strcpy(field_name_2, hdr->fields[i][0]);
strcpy(field_name_2, http_field_get_name(&hdr->fields[i]));
http_to_camel_case(field_name_2, HTTP_LOWER);
if (strcmp(field_name_1, field_name_2) == 0) {
for (int j = i; j < hdr->field_num - 1; j++) {
memcpy(hdr->fields[j], hdr->fields[j + 1], sizeof(hdr->fields[0]));
}
http_free_field(&hdr->fields[i]);
memmove(&hdr->fields[i], &hdr->fields[i + 1], sizeof(hdr->fields[0]) * (hdr->field_num - i));
hdr->field_num--;
if (mode == HTTP_REMOVE_ALL) {
i -= diff;
@@ -223,7 +344,8 @@ int http_send_response(sock *client, http_res *res) {
char buf[CLIENT_MAX_HEADER_SIZE];
long off = sprintf(buf, "HTTP/%s %03i %s\r\n", res->version, res->status->code, res->status->msg);
for (int i = 0; i < res->hdr.field_num; i++) {
off += sprintf(buf + off, "%s: %s\r\n", res->hdr.fields[i][0], res->hdr.fields[i][1]);
const http_field *f = &res->hdr.fields[i];
off += sprintf(buf + off, "%s: %s\r\n", http_field_get_name(f), http_field_get_value(f));
}
off += sprintf(buf + off, "\r\n");
if (sock_send(client, buf, off, 0) < 0) {
@@ -236,7 +358,8 @@ int http_send_request(sock *server, http_req *req) {
char buf[CLIENT_MAX_HEADER_SIZE];
long off = sprintf(buf, "%s %s HTTP/%s\r\n", req->method, req->uri, req->version);
for (int i = 0; i < req->hdr.field_num; i++) {
off += sprintf(buf + off, "%s: %s\r\n", req->hdr.fields[i][0], req->hdr.fields[i][1]);
const http_field *f = &req->hdr.fields[i];
off += sprintf(buf + off, "%s: %s\r\n", http_field_get_name(f), http_field_get_value(f));
}
off += sprintf(buf + off, "\r\n");
long ret = sock_send(server, buf, off, 0);
@@ -282,8 +405,8 @@ const char *http_get_status_color(const http_status *status) {
}
char *http_format_date(time_t time, char *buf, size_t size) {
struct tm *timeinfo = gmtime(&time);
strftime(buf, size, "%a, %d %b %Y %H:%M:%S GMT", timeinfo);
struct tm timeinfo;
strftime(buf, size, "%a, %d %b %Y %H:%M:%S GMT", gmtime_r(&time, &timeinfo));
return buf;
}
@@ -314,9 +437,9 @@ const http_doc_info *http_get_status_info(const http_status *status) {
}
int http_get_compression(const http_req *req, const http_res *res) {
char *accept_encoding = http_get_header_field(&req->hdr, "Accept-Encoding");
char *content_type = http_get_header_field(&res->hdr, "Content-Type");
char *content_encoding = http_get_header_field(&res->hdr, "Content-Encoding");
const char *accept_encoding = http_get_header_field(&req->hdr, "Accept-Encoding");
const char *content_type = http_get_header_field(&res->hdr, "Content-Type");
const char *content_encoding = http_get_header_field(&res->hdr, "Content-Encoding");
if (mime_is_compressible(content_type) && content_encoding == NULL && accept_encoding != NULL) {
if (strstr(accept_encoding, "br") != NULL) {
return COMPRESS_BR;

72
src/lib/http.h
View File

@@ -1,12 +1,13 @@
/**
* Necronda Web Server
* HTTP implementation (header file)
* src/lib/http.h
* Lorenz Stechauner, 2020-12-09
* sesimos - secure, simple, modern web server
* @brief HTTP implementation (header file)
* @file src/lib/http.h
* @author Lorenz Stechauner
* @date 2020-12-09
*/
#ifndef NECRONDA_SERVER_HTTP_H
#define NECRONDA_SERVER_HTTP_H
#ifndef SESIMOS_HTTP_H
#define SESIMOS_HTTP_H
#include "sock.h"
@@ -18,6 +19,12 @@
#define HTTP_REMOVE_ALL 1
#define HTTP_REMOVE_LAST 2
#define HTTP_FIELD_NORMAL 0
#define HTTP_FIELD_EX_VALUE 1
#define HTTP_FIELD_EX_NAME 2
#define HTTP_MERGE_FIELDS 1
#define HTTP_1XX_STR "\x1B[1;32m"
#define HTTP_2XX_STR "\x1B[1;32m"
#define HTTP_3XX_STR "\x1B[1;33m"
@@ -30,13 +37,14 @@
#define HTTP_COLOR_ERROR "#C00000"
#define CLIENT_MAX_HEADER_SIZE 8192
#define HTTP_MAX_HEADER_FIELD_NUM 64
#ifndef SERVER_STR
# define SERVER_STR "Necronda"
# define SERVER_STR "Sesimos"
#endif
#ifndef SERVER_STR_HTML
# define SERVER_STR_HTML "Necronda&nbsp;web&nbsp;server"
# define SERVER_STR_HTML "Sesimos&nbsp;web&nbsp;server"
#endif
typedef struct {
@@ -57,9 +65,28 @@ typedef struct {
const char *doc;
} http_doc_info;
typedef struct {
char type;
union {
struct {
char name[64];
char value[192];
} normal;
struct {
char name[192];
char *value;
} ex_value;
struct {
char *name;
char *value;
} ex_name;
};
} http_field;
typedef struct {
char field_num;
char *fields[64][2];
char last_field_num;
http_field fields[HTTP_MAX_HEADER_FIELD_NUM];
} http_hdr;
typedef struct {
@@ -82,6 +109,7 @@ typedef enum {
typedef struct {
unsigned short status;
http_error_origin origin;
const char* ws_key;
} http_status_ctx;
extern const http_status http_statuses[];
@@ -90,7 +118,7 @@ extern const int http_statuses_size;
extern const int http_status_messages_size;
extern const char http_default_document[];
extern const char http_rev_proxy_document[];
extern const char http_proxy_document[];
extern const char http_error_document[];
extern const char http_error_icon[];
extern const char http_warning_document[];
@@ -102,6 +130,12 @@ extern const char http_info_icon[];
void http_to_camel_case(char *str, int mode);
const char *http_field_get_name(const http_field *field);
const char *http_field_get_value(const http_field *field);
void http_free_field(http_field *f);
void http_free_hdr(http_hdr *hdr);
void http_free_req(http_req *req);
@@ -110,11 +144,21 @@ void http_free_res(http_res *res);
int http_receive_request(sock *client, http_req *req);
int http_parse_header_field(http_hdr *hdr, const char *buf, const char *end_ptr) ;
int http_parse_header_field(http_hdr *hdr, const char *buf, const char *end_ptr, int flags);
char *http_get_header_field(const http_hdr *hdr, const char *field_name);
const char *http_get_header_field(const http_hdr *hdr, const char *field_name);
void http_add_header_field(http_hdr *hdr, const char *field_name, const char *field_value);
const char *http_get_header_field_len(const http_hdr *hdr, const char *field_name, unsigned long len);
int http_get_header_field_num(const http_hdr *hdr, const char *field_name);
int http_get_header_field_num_len(const http_hdr *hdr, const char *field_name, unsigned long len);
int http_add_header_field(http_hdr *hdr, const char *field_name, const char *field_value);
int http_add_header_field_len(http_hdr *hdr, const char *name, unsigned long name_len, const char *value, unsigned long value_len);
void http_append_to_header_field(http_field *field, const char *value, unsigned long len);
void http_remove_header_field(http_hdr *hdr, const char *field_name, int mode);
@@ -136,4 +180,4 @@ const http_doc_info *http_get_status_info(const http_status *status);
int http_get_compression(const http_req *req, const http_res *res);
#endif //NECRONDA_SERVER_HTTP_H
#endif //SESIMOS_HTTP_H

14
src/lib/http_static.c
View File

@@ -1,13 +1,15 @@
/**
* Necronda Web Server
* HTTP static implementation
* src/lib/http_static.c
* Lorenz Stechauner, 2021-05-03
* sesimos - secure, simple, modern web server
* @brief HTTP static implementation
* @file src/lib/http_static.c
* @author Lorenz Stechauner
* @date 2021-05-03
*/
#include "../necronda.h"
#include "../defs.h"
#include "http.h"
const http_status http_statuses[] = {
{100, "Informational", "Continue"},
{101, "Informational", "Switching Protocols"},
@@ -210,7 +212,7 @@ const char http_default_document[] =
"</body>\n"
"</html>\n";
const char http_rev_proxy_document[] =
const char http_proxy_document[] =
"\t\t<section class=\"error-ctx\">\n"
"\t\t\t<div class=\"box%1$s\">\n"
"\t\t\t\t<div class=\"content\">\n"

13
src/lib/include/fastcgi.h
View File

@@ -1,12 +1,11 @@
/**
* Necronda Web Server
* FastCGI header file
* src/lib/include/fastcgi.h
* Lorenz Stechauner, 2021-05-03
* sesimos - secure, simple, modern web server
* @brief FastCGI header file
* @file src/lib/include/fastcgi.h
*/
#ifndef NECRONDA_SERVER_EXTERN_FASTCGI_H
#define NECRONDA_SERVER_EXTERN_FASTCGI_H
#ifndef SESIMOS_EXTERN_FASTCGI_H
#define SESIMOS_EXTERN_FASTCGI_H
/*
* Listening socket file number
@@ -119,4 +118,4 @@ typedef struct {
FCGI_UnknownTypeBody body;
} FCGI_UnknownTypeRecord;
#endif //NECRONDA_SERVER_EXTERN_FASTCGI_H
#endif //SESIMOS_EXTERN_FASTCGI_H

175
src/lib/mpmc.c Normal file
View File

@@ -0,0 +1,175 @@
#include "mpmc.h"
#include "../logger.h"
#include <errno.h>
#include <malloc.h>
#include <memory.h>
#include <pthread.h>
#include <signal.h>
typedef struct {
mpmc_t *ctx;
int worker_id;
} mpmc_arg_t;
static void *mpmc_worker(void *arg);
int mpmc_init(mpmc_t *ctx, int n_workers, int buf_size, void (*consumer)(void *obj), const char *name) {
ctx->alive = 1;
ctx->n_workers = n_workers;
ctx->size = buf_size, ctx->max_size = buf_size;
ctx->rd = 0, ctx->wr = 0;
ctx->buffer = NULL, ctx->workers = NULL;
ctx->consumer = consumer;
ctx->name = name;
if (sem_init(&ctx->free, 0, ctx->size) != 0 ||
sem_init(&ctx->used, 0, 0) != 0 ||
sem_init(&ctx->lck_rd, 0, 1) != 0 ||
sem_init(&ctx->lck_wr, 0, 1) != 0)
{
mpmc_destroy(ctx);
return -1;
}
if ((ctx->buffer = malloc(ctx->size * sizeof(void *))) == NULL ||
(ctx->workers = malloc(ctx->n_workers * sizeof(pthread_t))) == NULL)
{
mpmc_destroy(ctx);
return -1;
}
memset(ctx->buffer, 0, ctx->size * sizeof(void *));
memset(ctx->workers, 0, ctx->n_workers * sizeof(pthread_t));
for (int i = 0; i < ctx->n_workers; i++) {
int ret;
if ((ret = pthread_create(&ctx->workers[i], NULL, mpmc_worker, ctx)) != 0) {
mpmc_destroy(ctx);
errno = ret;
return -1;
}
}
return 0;
}
int mpmc_queue(mpmc_t *ctx, void *obj) {
// wait for buffer to be emptied
try_again_1:
if (sem_wait(&ctx->free) != 0) {
if (errno == EINTR) {
errno = 0;
goto try_again_1;
} else {
return -1;
}
}
// lock wr field
try_again_2:
if (sem_wait(&ctx->lck_wr) != 0) {
if (errno == EINTR) {
errno = 0;
goto try_again_2;
} else {
sem_post(&ctx->free);
return -1;
}
}
int p = ctx->wr;
ctx->wr = (ctx->wr + 1) % ctx->size;
// unlock wr field
sem_post(&ctx->lck_wr);
// fill buffer with object
ctx->buffer[p] = obj;
// inform worker
sem_post(&ctx->used);
return 0;
}
static void *mpmc_worker(void *arg) {
mpmc_t *ctx = arg;
int id;
for (id = 0; id < ctx->n_workers && ctx->workers[id] != pthread_self(); id++);
logger_set_name("%s/%i", ctx->name, id);
while (ctx->alive) {
// wait for buffer to be filled
if (sem_wait(&ctx->used) != 0) {
if (errno == EINTR) {
errno = 0;
continue;
} else {
critical("Unable to lock semaphore");
errno = 0;
break;
}
}
// lock rd field
if (sem_wait(&ctx->lck_rd) != 0) {
if (errno == EINTR) {
errno = 0;
sem_post(&ctx->used);
continue;
} else {
critical("Unable to lock semaphore");
errno = 0;
sem_post(&ctx->used);
break;
}
}
int p = ctx->rd;
ctx->rd = (ctx->rd + 1) % ctx->size;
// unlock rd field
sem_post(&ctx->lck_rd);
// consume object
ctx->consumer(ctx->buffer[p]);
logger_set_prefix("");
// unlock slot in buffer
sem_post(&ctx->free);
}
return NULL;
}
void mpmc_stop(mpmc_t *ctx) {
ctx->alive = 0;
}
void mpmc_destroy(mpmc_t *ctx) {
int e = errno;
// stop threads, if running
mpmc_stop(ctx);
for (int i = 0; i < ctx->n_workers; i++) {
if (ctx->workers[i] == 0) break;
// FIXME
pthread_kill(ctx->workers[i], SIGUSR1);
//pthread_join(ctx->workers[i], NULL);
pthread_cancel(ctx->workers[i]);
}
sem_destroy(&ctx->free);
sem_destroy(&ctx->used);
sem_destroy(&ctx->lck_rd);
sem_destroy(&ctx->lck_wr);
free(ctx->buffer);
free(ctx->workers);
// reset errno
errno = e;
}

27
src/lib/mpmc.h Normal file
View File

@@ -0,0 +1,27 @@
#ifndef SESIMOS_MPMC_H
#define SESIMOS_MPMC_H
#include <semaphore.h>
typedef struct {
unsigned char alive;
int n_workers;
int rd, wr;
sem_t free, used, lck_rd, lck_wr;
int size, max_size;
void **buffer;
pthread_t *workers;
void (*consumer)(void *obj);
const char* name;
} mpmc_t;
int mpmc_init(mpmc_t *ctx, int n_workers, int buf_size, void (*consumer)(void *obj), const char *name);
int mpmc_queue(mpmc_t *ctx, void *obj);
void mpmc_stop(mpmc_t *ctx);
void mpmc_destroy(mpmc_t *ctx);
#endif //SESIMOS_MPMC_H

402
src/lib/rev_proxy.c → src/lib/proxy.c
View File

@@ -1,14 +1,18 @@
/**
* Necronda Web Server
* Reverse proxy
* src/lib/rev_proxy.c
* Lorenz Stechauner, 2021-01-07
* sesimos - secure, simple, modern web server
* @brief Reverse proxy
* @file src/lib/proxy.c
* @author Lorenz Stechauner
* @date 2021-01-07
*/
#include "rev_proxy.h"
#include "../defs.h"
#include "../server.h"
#include "../logger.h"
#include "proxy.h"
#include "utils.h"
#include "compress.h"
#include "../necronda-server.h"
#include <openssl/ssl.h>
#include <string.h>
#include <errno.h>
@@ -16,74 +20,70 @@
#include <arpa/inet.h>
#include <sys/time.h>
sock rev_proxy;
char *rev_proxy_host = NULL;
sock proxy;
char *proxy_host = NULL;
struct timeval server_timeout = {.tv_sec = SERVER_TIMEOUT, .tv_usec = 0};
int rev_proxy_preload() {
rev_proxy.buf = NULL;
rev_proxy.buf_len = 0;
rev_proxy.buf_off = 0;
rev_proxy.ctx = SSL_CTX_new(TLS_client_method());
int proxy_preload(void) {
proxy.ctx = SSL_CTX_new(TLS_client_method());
return 0;
}
int rev_proxy_request_header(http_req *req, int enc) {
char buf1[256];
char buf2[256];
int proxy_request_header(http_req *req, int enc, client_ctx_t *ctx) {
char buf1[256], buf2[256];
int p_len;
http_remove_header_field(&req->hdr, "Connection", HTTP_REMOVE_ALL);
http_add_header_field(&req->hdr, "Connection", "keep-alive");
char *via = http_get_header_field(&req->hdr, "Via");
const char *via = http_get_header_field(&req->hdr, "Via");
sprintf(buf1, "HTTP/%s %s", req->version, SERVER_NAME);
if (via == NULL) {
http_add_header_field(&req->hdr, "Via", buf1);
} else {
p_len = snprintf(buf2, sizeof(buf2), "%s, %s", via, buf1);
if (p_len < 0 || p_len >= sizeof(buf2)) {
print(ERR_STR "Header field 'Via' too long" CLR_STR);
error("Header field 'Via' too long");
return -1;
}
http_remove_header_field(&req->hdr, "Via", HTTP_REMOVE_ALL);
http_add_header_field(&req->hdr, "Via", buf2);
}
char *host = http_get_header_field(&req->hdr, "Host");
char *forwarded = http_get_header_field(&req->hdr, "Forwarded");
int client_ipv6 = strchr(client_addr_str, ':') != NULL;
int server_ipv6 = strchr(server_addr_str, ':') != NULL;
const char *host = http_get_header_field(&req->hdr, "Host");
const char *forwarded = http_get_header_field(&req->hdr, "Forwarded");
int client_ipv6 = strchr(ctx->addr, ':') != NULL;
int server_ipv6 = strchr(ctx->s_addr, ':') != NULL;
p_len = snprintf(buf1, sizeof(buf1), "by=%s%s%s;for=%s%s%s;host=%s;proto=%s",
server_ipv6 ? "\"[" : "", server_addr_str, server_ipv6 ? "]\"" : "",
client_ipv6 ? "\"[" : "", client_addr_str, client_ipv6 ? "]\"" : "",
server_ipv6 ? "\"[" : "", ctx->s_addr, server_ipv6 ? "]\"" : "",
client_ipv6 ? "\"[" : "", ctx->addr, client_ipv6 ? "]\"" : "",
host, enc ? "https" : "http");
if (p_len < 0 || p_len >= sizeof(buf1)) {
print(ERR_STR "Appended part of header field 'Forwarded' too long" CLR_STR);
error("Appended part of header field 'Forwarded' too long");
return -1;
}
if (forwarded == NULL) {
http_add_header_field(&req->hdr, "Forwarded", buf1);
} else {
p_len = snprintf(buf2, sizeof(buf2), "%s, %s", forwarded, buf1);
if (p_len < 0 || p_len >= sizeof(buf2)) {
print(ERR_STR "Header field 'Forwarded' too long" CLR_STR);
error("Header field 'Forwarded' too long");
return -1;
}
http_remove_header_field(&req->hdr, "Forwarded", HTTP_REMOVE_ALL);
http_add_header_field(&req->hdr, "Forwarded", buf2);
}
char *xff = http_get_header_field(&req->hdr, "X-Forwarded-For");
const char *xff = http_get_header_field(&req->hdr, "X-Forwarded-For");
if (xff == NULL) {
http_add_header_field(&req->hdr, "X-Forwarded-For", client_addr_str);
http_add_header_field(&req->hdr, "X-Forwarded-For", ctx->addr);
} else {
sprintf(buf1, "%s, %s", xff, client_addr_str);
sprintf(buf1, "%s, %s", xff, ctx->addr);
http_remove_header_field(&req->hdr, "X-Forwarded-For", HTTP_REMOVE_ALL);
http_add_header_field(&req->hdr, "X-Forwarded-For", buf1);
}
char *xfh = http_get_header_field(&req->hdr, "X-Forwarded-Host");
const char *xfh = http_get_header_field(&req->hdr, "X-Forwarded-Host");
if (xfh == NULL) {
if (forwarded == NULL) {
http_add_header_field(&req->hdr, "X-Forwarded-Host", host);
@@ -104,7 +104,7 @@ int rev_proxy_request_header(http_req *req, int enc) {
}
}
char *xfp = http_get_header_field(&req->hdr, "X-Forwarded-Proto");
const char *xfp = http_get_header_field(&req->hdr, "X-Forwarded-Proto");
if (xfp == NULL) {
if (forwarded == NULL) {
http_add_header_field(&req->hdr, "X-Forwarded-Proto", enc ? "https" : "http");
@@ -128,15 +128,14 @@ int rev_proxy_request_header(http_req *req, int enc) {
return 0;
}
int rev_proxy_response_header(http_req *req, http_res *res) {
char buf1[256];
char buf2[256];
int proxy_response_header(http_req *req, http_res *res, host_config_t *conf) {
char buf1[256], buf2[256];
int p_len;
char *via = http_get_header_field(&res->hdr, "Via");
const char *via = http_get_header_field(&res->hdr, "Via");
p_len = snprintf(buf1, sizeof(buf1), "HTTP/%s %s", req->version, SERVER_NAME);
if (p_len < 0 || p_len >= sizeof(buf1)) {
print(ERR_STR "Appended part of header field 'Via' too long" CLR_STR);
error("Appended part of header field 'Via' too long");
return -1;
}
if (via == NULL) {
@@ -144,38 +143,63 @@ int rev_proxy_response_header(http_req *req, http_res *res) {
} else {
p_len = snprintf(buf2, sizeof(buf2), "%s, %s", via, buf1);
if (p_len < 0 || p_len >= sizeof(buf2)) {
print(ERR_STR "Header field 'Via' too long" CLR_STR);
error("Header field 'Via' too long");
return -1;
}
http_remove_header_field(&res->hdr, "Via", HTTP_REMOVE_ALL);
http_add_header_field(&res->hdr, "Via", buf2);
}
const char *location = http_get_header_field(&res->hdr, "Location");
if (location != NULL) {
char *hostnames[] = {conf->name, conf->proxy.hostname};
for (int i = 0; i < sizeof(hostnames) / sizeof(hostnames[0]); i++) {
char *hostname = hostnames[i];
p_len = snprintf(buf1, sizeof(buf1), "http://%s/", hostname);
if (strncmp(location, buf1, p_len) == 0) goto match;
p_len = snprintf(buf1, sizeof(buf1), "https://%s/", hostname);
if (strncmp(location, buf1, p_len) == 0) goto match;
p_len = snprintf(buf1, sizeof(buf1), "http://%s:%i/", hostname, conf->proxy.port);
if (strncmp(location, buf1, p_len) == 0) goto match;
p_len = snprintf(buf1, sizeof(buf1), "https://%s:%i/", hostname, conf->proxy.port);
if (strncmp(location, buf1, p_len) == 0) goto match;
}
if (0) {
match:
strcpy(buf1, location + p_len - 1);
http_remove_header_field(&res->hdr, "Location", HTTP_REMOVE_ALL);
http_add_header_field(&res->hdr, "Location", buf1);
}
}
return 0;
}
int rev_proxy_init(http_req *req, http_res *res, http_status_ctx *ctx, host_config *conf, sock *client,
http_status *custom_status, char *err_msg) {
int proxy_init(http_req *req, http_res *res, http_status_ctx *ctx, host_config_t *conf, sock *client, client_ctx_t *cctx, http_status *custom_status, char *err_msg) {
char buffer[CHUNK_SIZE];
const char *connection, *upgrade, *ws_version;
long ret;
int tries = 0;
int retry = 0;
int tries = 0, retry = 0;
if (rev_proxy.socket != 0 && strcmp(rev_proxy_host, conf->name) == 0 && sock_check(&rev_proxy) == 0) {
goto rev_proxy;
}
if (proxy.socket != 0 && strcmp(proxy_host, conf->name) == 0 && sock_check(&proxy) == 0)
goto proxy;
retry:
if (rev_proxy.socket != 0) {
print(BLUE_STR "Closing proxy connection" CLR_STR);
sock_close(&rev_proxy);
if (proxy.socket != 0) {
info(BLUE_STR "Closing proxy connection");
sock_close(&proxy);
}
retry = 0;
tries++;
rev_proxy.socket = socket(AF_INET6, SOCK_STREAM, 0);
if (rev_proxy.socket < 0) {
print(ERR_STR "Unable to create socket: %s" CLR_STR, strerror(errno));
proxy.socket = socket(AF_INET6, SOCK_STREAM, 0);
if (proxy.socket < 0) {
error("Unable to create socket");
res->status = http_get_status(500);
ctx->origin = INTERNAL;
return -1;
@@ -183,24 +207,24 @@ int rev_proxy_init(http_req *req, http_res *res, http_status_ctx *ctx, host_conf
server_timeout.tv_sec = SERVER_TIMEOUT_INIT;
server_timeout.tv_usec = 0;
if (setsockopt(rev_proxy.socket, SOL_SOCKET, SO_RCVTIMEO, &server_timeout, sizeof(server_timeout)) < 0)
goto rev_proxy_timeout_err;
if (setsockopt(rev_proxy.socket, SOL_SOCKET, SO_SNDTIMEO, &server_timeout, sizeof(server_timeout)) < 0)
goto rev_proxy_timeout_err;
if (setsockopt(proxy.socket, SOL_SOCKET, SO_RCVTIMEO, &server_timeout, sizeof(server_timeout)) < 0)
goto proxy_timeout_err;
if (setsockopt(proxy.socket, SOL_SOCKET, SO_SNDTIMEO, &server_timeout, sizeof(server_timeout)) < 0)
goto proxy_timeout_err;
struct hostent *host_ent = gethostbyname2(conf->rev_proxy.hostname, AF_INET6);
struct hostent *host_ent = gethostbyname2(conf->proxy.hostname, AF_INET6);
if (host_ent == NULL) {
host_ent = gethostbyname2(conf->rev_proxy.hostname, AF_INET);
host_ent = gethostbyname2(conf->proxy.hostname, AF_INET);
if (host_ent == NULL) {
res->status = http_get_status(503);
ctx->origin = SERVER_REQ;
print(ERR_STR "Unable to connect to server: Name or service not known" CLR_STR);
error("Unable to connect to server: Name or service not known");
sprintf(err_msg, "Unable to connect to server: Name or service not known.");
goto proxy_err;
}
}
struct sockaddr_in6 address = {.sin6_family = AF_INET6, .sin6_port = htons(conf->rev_proxy.port)};
struct sockaddr_in6 address = {.sin6_family = AF_INET6, .sin6_port = htons(conf->proxy.port)};
if (host_ent->h_addrtype == AF_INET6) {
memcpy(&address.sin6_addr, host_ent->h_addr_list[0], host_ent->h_length);
} else if (host_ent->h_addrtype == AF_INET) {
@@ -211,8 +235,8 @@ int rev_proxy_init(http_req *req, http_res *res, http_status_ctx *ctx, host_conf
inet_ntop(address.sin6_family, (void *) &address.sin6_addr, buffer, sizeof(buffer));
print(BLUE_STR "Connecting to " BLD_STR "[%s]:%i" CLR_STR BLUE_STR "..." CLR_STR, buffer, conf->rev_proxy.port);
if (connect(rev_proxy.socket, (struct sockaddr *) &address, sizeof(address)) < 0) {
info(BLUE_STR "Connecting to " BLD_STR "[%s]:%i" CLR_STR BLUE_STR "...", buffer, conf->proxy.port);
if (connect(proxy.socket, (struct sockaddr *) &address, sizeof(address)) < 0) {
if (errno == ETIMEDOUT || errno == EINPROGRESS) {
res->status = http_get_status(504);
ctx->origin = SERVER_REQ;
@@ -223,110 +247,115 @@ int rev_proxy_init(http_req *req, http_res *res, http_status_ctx *ctx, host_conf
res->status = http_get_status(500);
ctx->origin = INTERNAL;
}
print(ERR_STR "Unable to connect to [%s]:%i: %s" CLR_STR, buffer, conf->rev_proxy.port, strerror(errno));
error("Unable to connect to [%s]:%i: %s", buffer, conf->proxy.port, strerror(errno));
sprintf(err_msg, "Unable to connect to server: %s.", strerror(errno));
goto proxy_err;
}
server_timeout.tv_sec = SERVER_TIMEOUT;
server_timeout.tv_usec = 0;
if (setsockopt(rev_proxy.socket, SOL_SOCKET, SO_RCVTIMEO, &server_timeout, sizeof(server_timeout)) < 0)
goto rev_proxy_timeout_err;
if (setsockopt(rev_proxy.socket, SOL_SOCKET, SO_SNDTIMEO, &server_timeout, sizeof(server_timeout)) < 0) {
rev_proxy_timeout_err:
if (setsockopt(proxy.socket, SOL_SOCKET, SO_RCVTIMEO, &server_timeout, sizeof(server_timeout)) < 0)
goto proxy_timeout_err;
if (setsockopt(proxy.socket, SOL_SOCKET, SO_SNDTIMEO, &server_timeout, sizeof(server_timeout)) < 0) {
proxy_timeout_err:
res->status = http_get_status(500);
ctx->origin = INTERNAL;
print(ERR_STR "Unable to set timeout for reverse proxy socket: %s" CLR_STR, strerror(errno));
error("Unable to set timeout for reverse proxy socket");
sprintf(err_msg, "Unable to set timeout for reverse proxy socket: %s", strerror(errno));
goto proxy_err;
}
if (conf->rev_proxy.enc) {
rev_proxy.ssl = SSL_new(rev_proxy.ctx);
SSL_set_fd(rev_proxy.ssl, rev_proxy.socket);
SSL_set_connect_state(rev_proxy.ssl);
if (conf->proxy.enc) {
proxy.ssl = SSL_new(proxy.ctx);
SSL_set_fd(proxy.ssl, proxy.socket);
SSL_set_connect_state(proxy.ssl);
ret = SSL_do_handshake(rev_proxy.ssl);
rev_proxy._last_ret = ret;
rev_proxy._errno = errno;
rev_proxy._ssl_error = ERR_get_error();
rev_proxy.enc = 1;
ret = SSL_do_handshake(proxy.ssl);
proxy._last_ret = ret;
proxy._errno = errno;
proxy._ssl_error = ERR_get_error();
proxy.enc = 1;
if (ret < 0) {
res->status = http_get_status(502);
ctx->origin = SERVER_REQ;
print(ERR_STR "Unable to perform handshake: %s" CLR_STR, sock_strerror(&rev_proxy));
sprintf(err_msg, "Unable to perform handshake: %s.", sock_strerror(&rev_proxy));
error("Unable to perform handshake: %s", sock_strerror(&proxy));
sprintf(err_msg, "Unable to perform handshake: %s.", sock_strerror(&proxy));
goto proxy_err;
}
}
rev_proxy_host = conf->name;
print(BLUE_STR "Established new connection with " BLD_STR "[%s]:%i" CLR_STR, buffer, conf->rev_proxy.port);
proxy_host = conf->name;
info(BLUE_STR "Established new connection with " BLD_STR "[%s]:%i", buffer, conf->proxy.port);
rev_proxy:
ret = rev_proxy_request_header(req, (int) client->enc);
proxy:
connection = http_get_header_field(&req->hdr, "Connection");
if (connection != NULL && (strstr(connection, "upgrade") != NULL || strstr(connection, "Upgrade") != NULL)) {
upgrade = http_get_header_field(&req->hdr, "Upgrade");
ws_version = http_get_header_field(&req->hdr, "Sec-WebSocket-Version");
if (upgrade != NULL && ws_version != NULL && strcmp(upgrade, "websocket") == 0 && strcmp(ws_version, "13") == 0) {
ctx->ws_key = http_get_header_field(&req->hdr, "Sec-WebSocket-Key");
} else {
res->status = http_get_status(501);
ctx->origin = INTERNAL;
return -1;
}
} else {
http_remove_header_field(&req->hdr, "Connection", HTTP_REMOVE_ALL);
http_add_header_field(&req->hdr, "Connection", "keep-alive");
}
ret = proxy_request_header(req, (int) client->enc, cctx);
if (ret != 0) {
res->status = http_get_status(500);
ctx->origin = INTERNAL;
return -1;
}
ret = http_send_request(&rev_proxy, req);
ret = http_send_request(&proxy, req);
if (ret < 0) {
res->status = http_get_status(502);
ctx->origin = SERVER_REQ;
print(ERR_STR "Unable to send request to server (1): %s" CLR_STR, sock_strerror(&rev_proxy));
sprintf(err_msg, "Unable to send request to server: %s.", sock_strerror(&rev_proxy));
error("Unable to send request to server (1): %s", sock_strerror(&proxy));
sprintf(err_msg, "Unable to send request to server: %s.", sock_strerror(&proxy));
retry = tries < 4;
goto proxy_err;
}
char *content_length = http_get_header_field(&req->hdr, "Content-Length");
if (content_length != NULL) {
unsigned long content_len = strtoul(content_length, NULL, 10);
if (client->buf_len - client->buf_off > 0) {
unsigned long len = client->buf_len - client->buf_off;
if (len > content_len) {
len = content_len;
}
ret = sock_send(&rev_proxy, client->buf, len, 0);
if (ret <= 0) {
res->status = http_get_status(502);
ctx->origin = SERVER_REQ;
print(ERR_STR "Unable to send request to server (2): %s" CLR_STR, sock_strerror(&rev_proxy));
sprintf(err_msg, "Unable to send request to server: %s.", sock_strerror(&rev_proxy));
retry = tries < 4;
goto proxy_err;
}
content_len -= len;
}
if (content_len > 0) {
ret = sock_splice(&rev_proxy, client, buffer, sizeof(buffer), content_len);
if (ret <= 0) {
if (ret == -1) {
res->status = http_get_status(502);
ctx->origin = SERVER_REQ;
print(ERR_STR "Unable to send request to server (3): %s" CLR_STR, sock_strerror(&rev_proxy));
sprintf(err_msg, "Unable to send request to server: %s.", sock_strerror(&rev_proxy));
goto proxy_err;
} else if (ret == -2) {
res->status = http_get_status(400);
ctx->origin = CLIENT_REQ;
print(ERR_STR "Unable to receive request from client: %s" CLR_STR, sock_strerror(client));
sprintf(err_msg, "Unable to receive request from client: %s.", sock_strerror(client));
return -1;
}
res->status = http_get_status(500);
ctx->origin = INTERNAL;
print(ERR_STR "Unknown Error" CLR_STR);
return -1;
}
}
const char *content_length = http_get_header_field(&req->hdr, "Content-Length");
unsigned long content_len = content_length != NULL ? strtoul(content_length, NULL, 10) : 0;
const char *transfer_encoding = http_get_header_field(&req->hdr, "Transfer-Encoding");
ret = 0;
if (content_len > 0) {
ret = sock_splice(&proxy, client, buffer, sizeof(buffer), content_len);
} else if (transfer_encoding != NULL && strstr(transfer_encoding, "chunked") != NULL) {
ret = sock_splice_chunked(&proxy, client, buffer, sizeof(buffer));
}
ret = sock_recv(&rev_proxy, buffer, sizeof(buffer), MSG_PEEK);
if (ret < 0 || (content_len != 0 && ret != content_len)) {
if (ret == -1) {
res->status = http_get_status(502);
ctx->origin = SERVER_REQ;
error("Unable to send request to server (2): %s", sock_strerror(&proxy));
sprintf(err_msg, "Unable to send request to server: %s.", sock_strerror(&proxy));
retry = tries < 4;
goto proxy_err;
} else if (ret == -2) {
res->status = http_get_status(400);
ctx->origin = CLIENT_REQ;
error("Unable to receive request from client: %s", sock_strerror(client));
sprintf(err_msg, "Unable to receive request from client: %s.", sock_strerror(client));
return -1;
}
res->status = http_get_status(500);
ctx->origin = INTERNAL;
error("Unknown Error");
return -1;
}
ret = sock_recv(&proxy, buffer, sizeof(buffer), MSG_PEEK);
if (ret <= 0) {
int enc_err = sock_enc_error(&rev_proxy);
int enc_err = sock_enc_error(&proxy);
if (errno == EAGAIN || errno == EINPROGRESS || enc_err == SSL_ERROR_WANT_READ ||
enc_err == SSL_ERROR_WANT_WRITE)
{
@@ -336,8 +365,9 @@ int rev_proxy_init(http_req *req, http_res *res, http_status_ctx *ctx, host_conf
res->status = http_get_status(502);
ctx->origin = SERVER_RES;
}
print(ERR_STR "Unable to receive response from server: %s" CLR_STR, sock_strerror(&rev_proxy));
sprintf(err_msg, "Unable to receive response from server: %s.", sock_strerror(&rev_proxy));
error("Unable to receive response from server: %s", sock_strerror(&proxy));
sprintf(err_msg, "Unable to receive response from server: %s.", sock_strerror(&proxy));
retry = tries < 4;
goto proxy_err;
}
@@ -347,7 +377,7 @@ int rev_proxy_init(http_req *req, http_res *res, http_status_ctx *ctx, host_conf
if (header_len <= 0) {
res->status = http_get_status(502);
ctx->origin = SERVER_RES;
print(ERR_STR "Unable to parse header: End of header not found" CLR_STR);
error("Unable to parse header: End of header not found");
sprintf(err_msg, "Unable to parser header: End of header not found.");
goto proxy_err;
}
@@ -356,7 +386,7 @@ int rev_proxy_init(http_req *req, http_res *res, http_status_ctx *ctx, host_conf
if ((buf[i] >= 0x00 && buf[i] <= 0x1F && buf[i] != '\r' && buf[i] != '\n') || buf[i] == 0x7F) {
res->status = http_get_status(502);
ctx->origin = SERVER_RES;
print(ERR_STR "Unable to parse header: Header contains illegal characters" CLR_STR);
error("Unable to parse header: Header contains illegal characters");
sprintf(err_msg, "Unable to parse header: Header contains illegal characters.");
goto proxy_err;
}
@@ -368,7 +398,7 @@ int rev_proxy_init(http_req *req, http_res *res, http_status_ctx *ctx, host_conf
if (pos0 == NULL) {
res->status = http_get_status(502);
ctx->origin = SERVER_RES;
print(ERR_STR "Unable to parse header: Invalid header format" CLR_STR);
error("Unable to parse header: Invalid header format");
sprintf(err_msg, "Unable to parse header: Invalid header format.");
goto proxy_err;
}
@@ -376,7 +406,7 @@ int rev_proxy_init(http_req *req, http_res *res, http_status_ctx *ctx, host_conf
if (strncmp(ptr, "HTTP/", 5) != 0) {
res->status = http_get_status(502);
ctx->origin = SERVER_RES;
print(ERR_STR "Unable to parse header: Invalid header format" CLR_STR);
error("Unable to parse header: Invalid header format");
sprintf(err_msg, "Unable to parse header: Invalid header format.");
goto proxy_err;
}
@@ -391,16 +421,16 @@ int rev_proxy_init(http_req *req, http_res *res, http_status_ctx *ctx, host_conf
} else if (res->status == NULL) {
res->status = http_get_status(502);
ctx->origin = SERVER_RES;
print(ERR_STR "Unable to parse header: Invalid or unknown status code" CLR_STR);
error("Unable to parse header: Invalid or unknown status code");
sprintf(err_msg, "Unable to parse header: Invalid or unknown status code.");
goto proxy_err;
}
} else {
ret = http_parse_header_field(&res->hdr, ptr, pos0);
ret = http_parse_header_field(&res->hdr, ptr, pos0, 0);
if (ret != 0) {
res->status = http_get_status(502);
ctx->origin = SERVER_RES;
print(ERR_STR "Unable to parse header" CLR_STR);
error("Unable to parse header");
sprintf(err_msg, "Unable to parse header.");
goto proxy_err;
}
@@ -410,9 +440,9 @@ int rev_proxy_init(http_req *req, http_res *res, http_status_ctx *ctx, host_conf
}
ptr = pos0 + 2;
}
sock_recv(&rev_proxy, buffer, header_len, 0);
sock_recv(&proxy, buffer, header_len, 0);
ret = rev_proxy_response_header(req, res);
ret = proxy_response_header(req, res, conf);
if (ret != 0) {
res->status = http_get_status(500);
ctx->origin = INTERNAL;
@@ -426,51 +456,45 @@ int rev_proxy_init(http_req *req, http_res *res, http_status_ctx *ctx, host_conf
return -1;
}
int rev_proxy_send(sock *client, unsigned long len_to_send, int flags) {
// TODO handle websockets
long ret;
char buffer[CHUNK_SIZE];
char comp_out[CHUNK_SIZE];
char buf[256];
long len, snd_len;
int proxy_send(sock *client, unsigned long len_to_send, int flags) {
char buffer[CHUNK_SIZE], comp_out[CHUNK_SIZE], buf[256], *ptr;
long ret = 0, len, snd_len;
int finish_comp = 0;
char *ptr;
compress_ctx comp_ctx;
if (flags & REV_PROXY_COMPRESS_BR) {
flags &= ~REV_PROXY_COMPRESS_GZ;
if (flags & PROXY_COMPRESS_BR) {
flags &= ~PROXY_COMPRESS_GZ;
if (compress_init(&comp_ctx, COMPRESS_BR) != 0) {
print(ERR_STR "Unable to init brotli: %s" CLR_STR, strerror(errno));
flags &= ~REV_PROXY_COMPRESS_BR;
error("Unable to init brotli");
flags &= ~PROXY_COMPRESS_BR;
}
} else if (flags & REV_PROXY_COMPRESS_GZ) {
flags &= ~REV_PROXY_COMPRESS_BR;
} else if (flags & PROXY_COMPRESS_GZ) {
flags &= ~PROXY_COMPRESS_BR;
if (compress_init(&comp_ctx, COMPRESS_GZ) != 0) {
print(ERR_STR "Unable to init gzip: %s" CLR_STR, strerror(errno));
flags &= ~REV_PROXY_COMPRESS_GZ;
error("Unable to init gzip");
flags &= ~PROXY_COMPRESS_GZ;
}
}
do {
snd_len = 0;
if (flags & REV_PROXY_CHUNKED) {
char *pos;
ret = sock_recv(&rev_proxy, buffer, 16, MSG_PEEK);
if (ret <= 0) goto err0;
len_to_send = strtol(buffer, NULL, 16);
pos = strstr(buffer, "\r\n");
len = pos - buffer + 2;
sock_recv(&rev_proxy, buffer, len, 0);
if (ret <= 0) {
err0:
print("Unable to receive from server: %s", sock_strerror(&rev_proxy));
if (flags & PROXY_CHUNKED) {
ret = sock_get_chunk_header(&proxy);
if (ret < 0) {
if (ret == -1) {
error("Unable to receive from server: Malformed chunk header");
} else {
error("Unable to receive from server: %s", sock_strerror(&proxy));
}
break;
}
if (len_to_send == 0 && (flags & REV_PROXY_COMPRESS)) {
len_to_send = ret;
ret = 1;
if (len_to_send == 0 && (flags & PROXY_COMPRESS)) {
finish_comp = 1;
len = 0;
ptr = NULL;
goto out;
finish:
compress_free(&comp_ctx);
@@ -478,22 +502,21 @@ int rev_proxy_send(sock *client, unsigned long len_to_send, int flags) {
}
while (snd_len < len_to_send) {
unsigned long avail_in, avail_out;
ret = sock_recv(&rev_proxy, buffer, CHUNK_SIZE < (len_to_send - snd_len) ? CHUNK_SIZE : len_to_send - snd_len, 0);
ret = sock_recv(&proxy, buffer, CHUNK_SIZE < (len_to_send - snd_len) ? CHUNK_SIZE : len_to_send - snd_len, 0);
if (ret <= 0) {
print("Unable to receive from server: %s", sock_strerror(&rev_proxy));
error("Unable to receive from server: %s", sock_strerror(&proxy));
break;
}
len = ret;
ptr = buffer;
out:
avail_in = len;
void *next_in = ptr;
char *next_in = ptr;
do {
long buf_len = len;
if (flags & REV_PROXY_COMPRESS) {
if (flags & PROXY_COMPRESS) {
avail_out = sizeof(comp_out);
compress_compress(&comp_ctx, next_in + len - avail_in, &avail_in, comp_out, &avail_out,
finish_comp);
compress_compress(&comp_ctx, next_in + len - avail_in, &avail_in, comp_out, &avail_out, finish_comp);
ptr = comp_out;
buf_len = (int) (sizeof(comp_out) - avail_out);
snd_len += (long) (len - avail_in);
@@ -501,32 +524,35 @@ int rev_proxy_send(sock *client, unsigned long len_to_send, int flags) {
if (buf_len != 0) {
len = sprintf(buf, "%lX\r\n", buf_len);
ret = 1;
if (flags & REV_PROXY_CHUNKED) ret = sock_send(client, buf, len, 0);
if (flags & PROXY_CHUNKED) ret = sock_send(client, buf, len, 0);
if (ret <= 0) goto err;
ret = sock_send(client, ptr, buf_len, 0);
if (ret <= 0) goto err;
if (!(flags & REV_PROXY_COMPRESS)) snd_len += ret;
if (flags & REV_PROXY_CHUNKED) ret = sock_send(client, "\r\n", 2, 0);
if (!(flags & PROXY_COMPRESS)) snd_len += ret;
if (flags & PROXY_CHUNKED) ret = sock_send(client, "\r\n", 2, 0);
if (ret <= 0) {
err:
print(ERR_STR "Unable to send: %s" CLR_STR, sock_strerror(client));
error("Unable to send: %s", sock_strerror(client));
break;
}
}
} while ((flags & REV_PROXY_COMPRESS) && (avail_in != 0 || avail_out != sizeof(comp_out)));
} while ((flags & PROXY_COMPRESS) && (avail_in != 0 || avail_out != sizeof(comp_out)));
if (ret <= 0) break;
if (finish_comp) goto finish;
}
if (ret <= 0) break;
if (flags & REV_PROXY_CHUNKED) sock_recv(&rev_proxy, buffer, 2, 0);
} while ((flags & REV_PROXY_CHUNKED) && len_to_send > 0);
if (flags & PROXY_CHUNKED) sock_recv(&proxy, buffer, 2, 0);
} while ((flags & PROXY_CHUNKED) && len_to_send > 0);
if (ret <= 0) return (int) -1;
if (ret <= 0) return -1;
if (flags & REV_PROXY_CHUNKED) {
if (flags & PROXY_CHUNKED) {
ret = sock_send(client, "0\r\n\r\n", 5, 0);
if (ret <= 0) {
print(ERR_STR "Unable to send: %s" CLR_STR, sock_strerror(client));
error("Unable to send: %s", sock_strerror(client));
return -1;
}
}
@@ -534,8 +560,8 @@ int rev_proxy_send(sock *client, unsigned long len_to_send, int flags) {
return 0;
}
int rev_proxy_dump(char *buf, long len) {
sock_recv(&rev_proxy, buf, len, 0);
sock_close(&rev_proxy);
int proxy_dump(char *buf, long len) {
sock_recv(&proxy, buf, len, 0);
sock_close(&proxy);
return 0;
}

39
src/lib/proxy.h Normal file
View File

@@ -0,0 +1,39 @@
/**
* sesimos - secure, simple, modern web server
* @brief Reverse proxy (header file)
* @file src/lib/proxy.h
* @author Lorenz Stechauner
* @date 2021-01-07
*/
#ifndef SESIMOS_PROXY_H
#define SESIMOS_PROXY_H
#define PROXY_CHUNKED 1
#define PROXY_COMPRESS_GZ 2
#define PROXY_COMPRESS_BR 4
#define PROXY_COMPRESS 6
#ifndef SERVER_NAME
# define SERVER_NAME "reverse proxy"
#endif
#include "http.h"
#include "config.h"
#include "../client.h"
extern sock proxy;
int proxy_preload(void);
int proxy_request_header(http_req *req, int enc, client_ctx_t *ctx);
int proxy_response_header(http_req *req, http_res *res, host_config_t *conf);
int proxy_init(http_req *req, http_res *res, http_status_ctx *ctx, host_config_t *conf, sock *client, client_ctx_t *cctx, http_status *custom_status, char *err_msg);
int proxy_send(sock *client, unsigned long len_to_send, int flags);
int proxy_dump(char *buf, long len);
#endif //SESIMOS_PROXY_H

38
src/lib/rev_proxy.h
View File

@@ -1,38 +0,0 @@
/**
* Necronda Web Server
* Reverse proxy (header file)
* src/lib/rev_proxy.h
* Lorenz Stechauner, 2021-01-07
*/
#ifndef NECRONDA_SERVER_REV_PROXY_H
#define NECRONDA_SERVER_REV_PROXY_H
#define REV_PROXY_CHUNKED 1
#define REV_PROXY_COMPRESS_GZ 2
#define REV_PROXY_COMPRESS_BR 4
#define REV_PROXY_COMPRESS 6
#ifndef SERVER_NAME
# define SERVER_NAME "revproxy"
#endif
#include "http.h"
#include "config.h"
extern sock rev_proxy;
int rev_proxy_preload();
int rev_proxy_request_header(http_req *req, int enc);
int rev_proxy_response_header(http_req *req, http_res *res);
int rev_proxy_init(http_req *req, http_res *res, http_status_ctx *ctx, host_config *conf, sock *client,
http_status *custom_status, char *err_msg);
int rev_proxy_send(sock *client, unsigned long len_to_send, int flags);
int rev_proxy_dump(char *buf, long len);
#endif //NECRONDA_SERVER_REV_PROXY_H

106
src/lib/sock.c
View File

@@ -1,16 +1,21 @@
/**
* Necronda Web Server
* Basic TCP and TLS socket
* src/lib/sock.c
* Lorenz Stechauner, 2021-01-07
* sesimos - secure, simple, modern web server
* @brief Basic TCP and TLS socket
* @file src/lib/sock.c
* @author Lorenz Stechauner
* @date 2021-01-07
*/
#include "sock.h"
#include "utils.h"
#include <openssl/err.h>
#include <openssl/ssl.h>
#include <string.h>
#include <sys/socket.h>
#include <unistd.h>
#include <poll.h>
int sock_enc_error(sock *s) {
return (int) s->enc ? SSL_get_error(s->ssl, (int) s->_last_ret) : 0;
@@ -68,11 +73,8 @@ long sock_send(sock *s, void *buf, unsigned long len, int flags) {
long sock_recv(sock *s, void *buf, unsigned long len, int flags) {
long ret;
if (s->enc) {
if (flags & MSG_PEEK) {
ret = SSL_peek(s->ssl, buf, (int) len);
} else {
ret = SSL_read(s->ssl, buf, (int) len);
}
int (*func)(SSL*, void*, int) = (flags & MSG_PEEK) ? SSL_peek : SSL_read;
ret = func(s->ssl, buf, (int) len);
s->_ssl_error = ERR_get_error();
} else {
ret = recv(s->socket, buf, len, flags);
@@ -89,7 +91,7 @@ long sock_splice(sock *dst, sock *src, void *buf, unsigned long buf_len, unsigne
while (send_len < len) {
next_len = (buf_len < (len - send_len)) ? buf_len : (len - send_len);
ret = sock_recv(src, buf, next_len, 0);
if (ret < 0) return -2;
if (ret <= 0) return -2;
next_len = ret;
ret = sock_send(dst, buf, next_len, send_len + next_len < len ? MSG_MORE : 0);
if (ret < 0) return -1;
@@ -99,6 +101,25 @@ long sock_splice(sock *dst, sock *src, void *buf, unsigned long buf_len, unsigne
return (long) send_len;
}
long sock_splice_chunked(sock *dst, sock *src, void *buf, unsigned long buf_len) {
long ret;
unsigned long send_len = 0;
unsigned long next_len;
while (1) {
ret = sock_get_chunk_header(src);
if (ret < 0) return -2;
next_len = ret;
if (next_len <= 0) break;
ret = sock_splice(dst, src, buf, buf_len, next_len);
if (ret < 0) return ret;
}
return (long) send_len;
}
int sock_close(sock *s) {
if ((int) s->enc && s->ssl != NULL) {
if (s->_last_ret >= 0) SSL_shutdown(s->ssl);
@@ -109,6 +130,7 @@ int sock_close(sock *s) {
close(s->socket);
s->socket = 0;
s->enc = 0;
errno = 0;
return 0;
}
@@ -116,3 +138,67 @@ int sock_check(sock *s) {
char buf;
return recv(s->socket, &buf, 1, MSG_PEEK | MSG_DONTWAIT) == 1;
}
int sock_poll(sock *sockets[], sock *ready[], sock *error[], int n_sock, int *n_ready, int *n_error, short events, int timeout_ms) {
struct pollfd fds[n_sock];
for (int i = 0; i < n_sock; i++) {
fds[i].fd = sockets[i]->socket;
fds[i].events = events;
}
int ret = poll(fds, n_sock, timeout_ms);
if (ret < 0 || ready == NULL || error == NULL) return ret;
*n_ready = 0, *n_error = 0;
for (int i = 0; i < n_sock; i++) {
if (fds[i].revents & events)
ready[(*n_ready)++] = sockets[i];
if (fds[i].revents & (POLLERR | POLLHUP | POLLNVAL))
error[(*n_error)++] = sockets[i];
}
return ret;
}
int sock_poll_read(sock *sockets[], sock *readable[], sock *error[], int n_sock, int *n_readable, int *n_error, int timeout_ms) {
return sock_poll(sockets, readable, error, n_sock, n_readable, n_error, POLLIN, timeout_ms);
}
int sock_poll_write(sock *sockets[], sock *writable[], sock *error[], int n_sock, int *n_writable, int *n_error, int timeout_ms) {
return sock_poll(sockets, writable, error, n_sock, n_writable, n_error, POLLOUT, timeout_ms);
}
long sock_parse_chunk_header(const char *buf, long len, long *ret_len) {
for (int i = 0; i < len; i++) {
char ch = buf[i];
if (ch == '\r') {
continue;
} else if (ch == '\n') {
if (ret_len != NULL) *ret_len = i + 1;
return strtol(buf, NULL, 16);
} else if (!((ch >= '0' && ch <= '9') || (ch >= 'a' && ch <= 'f') || (ch >= 'A' && ch <= 'F'))) {
return -2;
}
}
return -1;
}
long sock_get_chunk_header(sock *s) {
long ret, len;
char buf[16];
do {
ret = sock_recv(s, buf, sizeof(buf), MSG_PEEK);
if (ret <= 0) return -2;
else if (ret < 2) continue;
ret = sock_parse_chunk_header(buf, ret, &len);
if (ret == -2) return -1;
} while (ret < 0);
if (sock_recv(s, buf, len, 0) != len)
return -2;
return ret;
}

36
src/lib/sock.h
View File

@@ -1,23 +1,27 @@
/**
* Necronda Web Server
* Basic TCP and TLS socket (header file)
* src/lib/sock.h
* Lorenz Stechauner, 2021-01-07
* sesimos - secure, simple, modern web server
* @brief Basic TCP and TLS socket (header file)
* @file src/lib/sock.h
* @author Lorenz Stechauner
* @date 2021-01-07
*/
#ifndef NECRONDA_SERVER_SOCK_H
#define NECRONDA_SERVER_SOCK_H
#ifndef SESIMOS_SOCK_H
#define SESIMOS_SOCK_H
#include <openssl/crypto.h>
#include <sys/socket.h>
#include <arpa/inet.h>
typedef struct {
unsigned int enc:1;
int socket;
union {
struct sockaddr sock;
struct sockaddr_in6 ipv6;
} addr;
SSL_CTX *ctx;
SSL *ssl;
char *buf;
unsigned long buf_len;
unsigned long buf_off;
long _last_ret;
int _errno;
unsigned long _ssl_error;
@@ -33,8 +37,20 @@ long sock_recv(sock *s, void *buf, unsigned long len, int flags);
long sock_splice(sock *dst, sock *src, void *buf, unsigned long buf_len, unsigned long len);
long sock_splice_chunked(sock *dst, sock *src, void *buf, unsigned long buf_len);
int sock_close(sock *s);
int sock_check(sock *s);
#endif //NECRONDA_SERVER_SOCK_H
int sock_poll(sock *sockets[], sock *ready[], sock *error[], int n_sock, int *n_ready, int *n_error, short events, int timeout_ms);
int sock_poll_read(sock *sockets[], sock *readable[], sock *error[], int n_sock, int *n_readable, int *n_error, int timeout_ms);
int sock_poll_write(sock *sockets[], sock *writable[], sock *error[], int n_sock, int *n_writable, int *n_error, int timeout_ms);
long sock_parse_chunk_header(const char *buf, long len, long *ret_len);
long sock_get_chunk_header(sock *s);
#endif //SESIMOS_SOCK_H

20
src/lib/uri.c
View File

@@ -1,15 +1,19 @@
/**
* Necronda Web Server
* URI and path handlers
* src/lib/uri.c
* Lorenz Stechauner, 2020-12-13
* sesimos - secure, simple, modern web server
* @brief URI and path handlers
* @file src/lib/uri.c
* @author Lorenz Stechauner
* @date 2020-12-13
*/
#include "uri.h"
#include "utils.h"
#include <errno.h>
#include <stdlib.h>
#include <string.h>
int path_is_directory(const char *path) {
struct stat statbuf;
return stat(path, &statbuf) == 0 && S_ISDIR(statbuf.st_mode) != 0;
@@ -17,12 +21,16 @@ int path_is_directory(const char *path) {
int path_is_file(const char *path) {
struct stat statbuf;
return stat(path, &statbuf) == 0 && S_ISDIR(statbuf.st_mode) == 0;
int ret = stat(path, &statbuf);
errno = 0;
return ret == 0 && S_ISDIR(statbuf.st_mode) == 0;
}
int path_exists(const char *path) {
struct stat statbuf;
return stat(path, &statbuf) == 0;
int ret = stat(path, &statbuf);
errno = 0;
return ret == 0;
}
int uri_init(http_uri *uri, const char *webroot, const char *uri_str, int dir_mode) {

33
src/lib/uri.h
View File

@@ -1,12 +1,13 @@
/**
* Necronda Web Server
* URI and path handlers (header file)
* src/lib/uri.h
* Lorenz Stechauner, 2020-12-13
* sesimos - secure, simple, modern web server
* @brief URI and path handlers (header file)
* @file src/lib/uri.h
* @author Lorenz Stechauner
* @date 2020-12-13
*/
#ifndef NECRONDA_SERVER_URI_H
#define NECRONDA_SERVER_URI_H
#ifndef SESIMOS_URI_H
#define SESIMOS_URI_H
#include <sys/stat.h>
@@ -15,14 +16,18 @@
#define URI_DIR_MODE_LIST 2
#define URI_DIR_MODE_INFO 3
#define URI_ETAG_SIZE 65 // SHA256 size (hex)
#define URI_TYPE_SIZE 64
#define URI_CHARSET_SIZE 16
typedef struct {
char etag[64];
char type[24];
char charset[16];
char etag[URI_ETAG_SIZE];
char type[URI_TYPE_SIZE];
char charset[URI_CHARSET_SIZE];
char filename_comp_gz[256];
char filename_comp_br[256];
struct stat stat;
} meta_data;
} metadata_t;
typedef struct {
char *webroot; // "/srv/www/www.test.org"
@@ -32,9 +37,9 @@ typedef struct {
char *query; // "username=test"
char *filename; // "/account/index.php"
char *uri; // "/account/login?username=test"
meta_data *meta;
unsigned char is_static:1;
unsigned char is_dir:1;
metadata_t *meta;
unsigned int is_static:1;
unsigned int is_dir:1;
} http_uri;
@@ -44,4 +49,4 @@ int uri_init_cache(http_uri *uri);
void uri_free(http_uri *uri);
#endif //NECRONDA_SERVER_URI_H
#endif //SESIMOS_URI_H

166
src/lib/utils.c
View File

@@ -1,80 +1,89 @@
/**
* Necronda Web Server
* Utilities
* src/lib/utils.c
* Lorenz Stechauner, 2020-12-03
* sesimos - secure, simple, modern web server
* @brief Utilities
* @file src/lib/utils.c
* @author Lorenz Stechauner
* @date 2020-12-03
*/
#include "utils.h"
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
char *log_prefix;
static const char base64_encode_table[64] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
static const int base64_mod_table[3] = {0, 2, 1};
char *format_duration(unsigned long micros, char *buf) {
if (micros < 10000) {
sprintf(buf, "%.1f ms", (double) micros / 1000);
} else if (micros < 1000000) {
sprintf(buf, "%li ms", micros / 1000);
} else if (micros < 60000000) {
} else if (micros < 1000000 - 1000) {
sprintf(buf, "%.0f ms", (double) micros / 1000);
} else if (micros < 60000000 - 1000000) {
sprintf(buf, "%.1f s", (double) micros / 1000000);
} else if (micros < 6000000000) {
sprintf(buf, "%.1f min", (double) micros / 1000000 / 60);
} else {
sprintf(buf, "%li min", micros / 1000000 / 60);
sprintf(buf, "%.0f min", (double) micros / 1000000 / 60);
}
return buf;
}
int url_encode_component(const char *str, char *enc, long *size) {
char *ptr = enc;
char ch;
memset(enc, 0, *size);
for (int i = 0; i < strlen(str); i++, ptr++) {
if ((ptr - enc) >= *size) {
return -1;
int url_encode_component(const void *in, size_t size_in, char *out, size_t size_out) {
int size = 0;
// Encode control characters
for (int i = 0; i < size_in; i++) {
unsigned char ch = ((unsigned char *) in)[i];
if (ch == ' ') {
ch = '+';
} else if (
ch <= 0x20 || ch >= 0x7F ||
!((ch >= 'A' && ch <= 'Z') || (ch >= 'a' && ch <= 'z') || (ch >= '0' && ch <= '9') ||
ch == '-' || ch == '_' || ch == '.' || ch == '!' || ch == '~' || ch == '*' || ch == '\'' ||
ch == '(' || ch == ')')
) {
size += 3;
if (size < size_out) sprintf(out + size - 3, "%%%02X", ch);
ch = 0;
}
ch = str[i];
if (ch == ':' || ch == '/' || ch == '?' || ch == '#' || ch == '[' || ch == ']' || ch == '@' || ch == '!' ||
ch == '$' || ch == '&' || ch == '\'' || ch == '(' || ch == ')' || ch == '*' || ch == '+' || ch == ',' ||
ch == ';' || ch == '=' || ch < ' ' || ch > '~') {
if ((ptr - enc + 2) >= *size) {
return -1;
}
sprintf(ptr, "%%%02X", ch);
ptr += 2;
} else if (ch == ' ') {
ptr[0] = '+';
} else {
ptr[0] = ch;
if (ch != 0) {
size++;
if (size < size_out) out[size - 1] = (char) ch;
}
}
*size = ptr - enc;
return 0;
// Set terminating null byte
if (size_out > 0) out[size < size_out ? size : size_out - 1] = 0;
// Return theoretical size
return size;
}
int url_encode(const char *str, char *enc, long *size) {
char *ptr = enc;
unsigned char ch;
memset(enc, 0, *size);
for (int i = 0; i < strlen(str); i++, ptr++) {
if ((ptr - enc) >= *size) {
return -1;
}
ch = str[i];
if (ch > 0x7F || ch == ' ') {
if ((ptr - enc + 2) >= *size) {
return -1;
}
sprintf(ptr, "%%%02X", ch);
ptr += 2;
int url_encode(const void *in, size_t size_in, char *out, size_t size_out) {
int size = 0;
// Encode control characters
for (int i = 0; i < size_in; i++) {
unsigned char ch = ((unsigned char *) in)[i];
if (ch <= 0x20 || ch >= 0x7F) {
size += 3;
if (size < size_out) sprintf(out + size - 3, "%%%02X", ch);
} else {
ptr[0] = (char) ch;
size++;
if (size < size_out) out[size - 1] = (char) ch;
}
}
*size = ptr - enc;
return 0;
// Set terminating null byte
if (size_out > 0) out[size < size_out ? size : size_out - 1] = 0;
// Return theoretical size
return size;
}
int url_decode(const char *str, char *dec, long *size) {
@@ -124,7 +133,6 @@ int mime_is_compressible(const char *type) {
strcmp(type_parsed, "application/vnd.ms-fontobject") == 0 ||
strcmp(type_parsed, "application/x-font-ttf") == 0 ||
strcmp(type_parsed, "application/x-javascript") == 0 ||
strcmp(type_parsed, "application/x-web-app-manifest+json") == 0 ||
strcmp(type_parsed, "font/eot") == 0 ||
strcmp(type_parsed, "font/opentype") == 0 ||
strcmp(type_parsed, "image/bmp") == 0 ||
@@ -135,11 +143,63 @@ int mime_is_compressible(const char *type) {
}
int strcpy_rem_webroot(char *dst, const char *src, long len, const char *webroot) {
strncpy(dst, src, len);
if (webroot == NULL) return 0;
memcpy(dst, src, len);
dst[len] = 0;
if (webroot == NULL)
return 0;
char *pos;
const unsigned long webroot_len = strlen(webroot);
if (webroot_len == 0)
return 0;
while ((pos = strstr(dst, webroot)) != NULL) {
strcpy(pos, pos + strlen(webroot));
strcpy(pos, pos + webroot_len);
}
return 0;
}
int str_trim(char **start, char **end) {
if (start == NULL || end == NULL || *start == NULL || *end == NULL)
return -1;
(*end)--;
while (*start[0] == ' ' || *start[0] == '\t' || *start[0] == '\r' || *start[0] == '\n') (*start)++;
while (*end[0] == ' ' || *end[0] == '\t' || *end[0] == '\r' || *end[0] == '\n') (*end)--;
(*end)++;
return 0;
}
int str_trim_lws(char **start, char **end) {
if (start == NULL || end == NULL || *start == NULL || *end == NULL)
return -1;
(*end)--;
while (*start[0] == ' ' || *start[0] == '\t') (*start)++;
while (*end[0] == ' ' || *end[0] == '\t') (*end)--;
(*end)++;
return 0;
}
int base64_encode(void *data, unsigned long data_len, char *output, unsigned long *output_len) {
unsigned long out_len = 4 * ((data_len + 2) / 3);
if (output_len != NULL) *output_len = out_len;
for (int i = 0, j = 0; i < data_len;) {
unsigned int octet_a = (i < data_len) ? ((unsigned char *) data)[i++] : 0;
unsigned int octet_b = (i < data_len) ? ((unsigned char *) data)[i++] : 0;
unsigned int octet_c = (i < data_len) ? ((unsigned char *) data)[i++] : 0;
unsigned int triple = (octet_a << 0x10) + (octet_b << 0x08) + octet_c;
output[j++] = base64_encode_table[(triple >> 3 * 6) & 0x3F];
output[j++] = base64_encode_table[(triple >> 2 * 6) & 0x3F];
output[j++] = base64_encode_table[(triple >> 1 * 6) & 0x3F];
output[j++] = base64_encode_table[(triple >> 0 * 6) & 0x3F];
}
for (int i = 0; i < base64_mod_table[data_len % 3]; i++)
output[out_len - 1 - i] = '=';
output[out_len] = 0;
return 0;
}

37
src/lib/utils.h
View File

@@ -1,12 +1,13 @@
/**
* Necronda Web Server
* Utilities (header file)
* src/lib/utils.h
* Lorenz Stechauner, 2020-12-03
* sesimos - secure, simple, modern web server
* @brief Utilities (header file)
* @file src/lib/utils.h
* @author Lorenz Stechauner
* @date 2020-12-03
*/
#ifndef NECRONDA_SERVER_UTILS_H
#define NECRONDA_SERVER_UTILS_H
#ifndef SESIMOS_UTILS_H
#define SESIMOS_UTILS_H
#include <stdio.h>
@@ -18,23 +19,11 @@
#define HTTP_STR "\x1B[1;31m"
#define HTTPS_STR "\x1B[1;32m"
extern char *log_prefix;
#define out_1(fmt) fprintf(stdout, "%s" fmt "\n", log_prefix)
#define out_2(fmt, args...) fprintf(stdout, "%s" fmt "\n", log_prefix, args)
#define out_x(x, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9, FUNC, ...) FUNC
#define print(...) out_x(, ##__VA_ARGS__, out_2(__VA_ARGS__), out_2(__VA_ARGS__), out_2(__VA_ARGS__), \
out_2(__VA_ARGS__), out_2(__VA_ARGS__), out_2(__VA_ARGS__), out_2(__VA_ARGS__), \
out_2(__VA_ARGS__), out_1(__VA_ARGS__))
char *format_duration(unsigned long micros, char *buf);
int url_encode_component(const char *str, char *enc, long *size);
int url_encode_component(const void *in, size_t size_in, char *out, size_t size_out);
int url_encode(const char *str, char *enc, long *size);
int url_encode(const void *in, size_t size_in, char *out, size_t size_out);
int url_decode(const char *str, char *dec, long *size);
@@ -42,4 +31,10 @@ int mime_is_compressible(const char *type);
int strcpy_rem_webroot(char *dst, const char *str, long len, const char *webroot);
#endif //NECRONDA_SERVER_UTILS_H
int str_trim(char **start, char **end);
int str_trim_lws(char **start, char **end);
int base64_encode(void *data, unsigned long data_len, char *output, unsigned long *output_len);
#endif //SESIMOS_UTILS_H

208
src/lib/websocket.c Normal file
View File

@@ -0,0 +1,208 @@
/**
* sesimos - secure, simple, modern web server
* @brief WebSocket reverse proxy
* @file src/lib/websocket.c
* @author Lorenz Stechauner
* @date 2022-08-16
*/
#include "../defs.h"
#include "../logger.h"
#include "websocket.h"
#include "utils.h"
#include <string.h>
#include <openssl/sha.h>
#include <errno.h>
#include <signal.h>
static const char ws_key_uuid[] = "258EAFA5-E914-47DA-95CA-C5AB0DC85B11";
static volatile sig_atomic_t terminate = 0;
void ws_terminate(int _) {
terminate = 1;
}
int ws_calc_accept_key(const char *key, char *accept_key) {
if (key == NULL || accept_key == NULL)
return -1;
char input[256] = "";
unsigned char output[SHA_DIGEST_LENGTH];
strcat(input, key);
strcat(input, ws_key_uuid);
if (SHA1((unsigned char *) input, strlen(input), output) == NULL) {
return -2;
}
base64_encode(output, sizeof(output), accept_key, NULL);
return 0;
}
int ws_recv_frame_header(sock *s, ws_frame *frame) {
unsigned char buf[12];
long ret = sock_recv(s, buf, 2, 0);
if (ret < 0) {
error("Unable to receive from socket");
return -1;
} else if (ret != 2) {
error("Unable to receive 2 bytes from socket");
return -2;
}
unsigned short bits = (buf[0] << 8) | buf[1];
frame->f_fin = (bits >> 15) & 1;
frame->f_rsv1 = (bits >> 14) & 1;
frame->f_rsv2 = (bits >> 13) & 1;
frame->f_rsv3 = (bits >> 12) & 1;
frame->opcode = (bits >> 8) & 0xF;
frame->f_mask = (bits >> 7) & 1;
unsigned short len = (bits & 0x7F);
int remaining = frame->f_mask ? 4 : 0;
if (len == 126) {
remaining += 2;
} else if (len == 127) {
remaining += 8;
}
ret = sock_recv(s, buf, remaining, 0);
if (ret < 0) {
error("Unable to receive from socket");
return -1;
} else if (ret != remaining) {
error("Unable to receive correct number of bytes from socket");
return -2;
}
if (len == 126) {
frame->len = (((unsigned long) buf[0]) << 8) | ((unsigned long) buf[1]);
} else if (len == 127) {
frame->len =
(((unsigned long) buf[0]) << 56) |
(((unsigned long) buf[1]) << 48) |
(((unsigned long) buf[2]) << 40) |
(((unsigned long) buf[3]) << 32) |
(((unsigned long) buf[4]) << 24) |
(((unsigned long) buf[5]) << 16) |
(((unsigned long) buf[6]) << 8) |
(((unsigned long) buf[7]) << 0);
} else {
frame->len = len;
}
if (frame->f_mask) memcpy(frame->masking_key, buf + (remaining - 4), 4);
return 0;
}
int ws_send_frame_header(sock *s, ws_frame *frame) {
unsigned char buf[14], *ptr = buf;
unsigned short len;
if (frame->len > 0x7FFF) {
len = 127;
} else if (frame->len > 125) {
len = 126;
} else {
len = frame->len;
}
unsigned short bits =
(frame->f_fin << 15) |
(frame->f_rsv1 << 14) |
(frame->f_rsv2 << 13) |
(frame->f_rsv3 << 12) |
(frame->opcode << 8) |
(frame->f_mask << 7) |
len;
ptr++[0] = bits >> 8;
ptr++[0] = bits & 0xFF;
if (len >= 126) {
for (int i = (len == 126 ? 2 : 8) - 1; i >= 0; i--)
ptr++[0] = (unsigned char) ((frame->len >> (i * 8)) & 0xFF);
}
if (frame->f_mask) {
memcpy(ptr, frame->masking_key, 4);
ptr += 4;
}
long ret = sock_send(s, buf, ptr - buf, frame->len != 0 ? MSG_MORE : 0);
if (ret < 0) {
error("Unable to send to socket");
return -1;
} else if (ret != ptr - buf) {
error("Unable to send to socket");
return -2;
}
return 0;
}
int ws_handle_connection(sock *s1, sock *s2) {
sock *poll_socks[2] = {s1, s2};
sock *readable[2], *error[2];
int n_sock = 2, n_readable = 0, n_error = 0;
ws_frame frame;
char buf[CHUNK_SIZE];
int closes = 0;
long ret;
signal(SIGINT, ws_terminate);
signal(SIGTERM, ws_terminate);
while (!terminate && closes != 3) {
ret = sock_poll_read(poll_socks, readable, error, n_sock, &n_readable, &n_error, WS_TIMEOUT * 1000);
if (terminate) {
break;
} else if (ret < 0) {
error("Unable to poll sockets");
return -1;
} else if (n_readable == 0) {
error("Connection timed out");
return -2;
} else if (n_error > 0) {
error("Peer closed connection");
return -3;
}
for (int i = 0; i < n_readable; i++) {
sock *s = readable[i];
sock *o = (s == s1) ? s2 : s1;
if (ws_recv_frame_header(s, &frame) != 0) return -3;
// debug("WebSocket: Peer %s, Opcode=0x%X, Len=%li", (s == s1) ? "1" : "2", frame.opcode, frame.len);
if (frame.opcode == 0x8) {
n_sock--;
if (s == s1) {
poll_socks[0] = s2;
closes |= 1;
} else {
closes |= 2;
}
}
if (ws_send_frame_header(o, &frame) != 0) return -3;
if (frame.len > 0) {
ret = sock_splice(o, s, buf, sizeof(buf), frame.len);
if (ret < 0) {
error("Unable to forward data in WebSocket");
return -4;
} else if (ret != frame.len) {
error("Unable to forward correct number of bytes in WebSocket");
return -4;
}
}
}
}
return 0;
}

35
src/lib/websocket.h Normal file
View File

@@ -0,0 +1,35 @@
/**
* sesimos - secure, simple, modern web server
* @brief WebSocket reverse proxy (header file)
* @file src/lib/websocket.h
* @author Lorenz Stechauner
* @date 2022-08-16
*/
#ifndef SESIMOS_WEBSOCKET_H
#define SESIMOS_WEBSOCKET_H
#include "sock.h"
#define WS_TIMEOUT 3600
typedef struct {
unsigned char f_fin:1;
unsigned char f_rsv1:1;
unsigned char f_rsv2:1;
unsigned char f_rsv3:1;
unsigned char opcode:4;
unsigned char f_mask:1;
unsigned long len;
char masking_key[4];
} ws_frame;
int ws_calc_accept_key(const char *key, char *accept_key);
int ws_recv_frame_header(sock *s, ws_frame *frame);
int ws_send_frame_header(sock *s, ws_frame *frame);
int ws_handle_connection(sock *s1, sock *s2);
#endif //SESIMOS_WEBSOCKET_H

281
src/logger.c Normal file
View File

@@ -0,0 +1,281 @@
/**
* sesimos - secure, simple, modern web server
* @brief Logger
* @file src/logger.h
* @author Lorenz Stechauner
* @date 2022-12-10
*/
#include "logger.h"
#include "lib/utils.h"
#include <stdio.h>
#include <pthread.h>
#include <semaphore.h>
#include <errno.h>
#include <string.h>
#include <stdarg.h>
#include <signal.h>
#include <malloc.h>
#define LOG_MAX_MSG_SIZE 2048
#define LOG_BUF_SIZE 16
#define LOG_NAME_LEN 12
#define LOG_PREFIX_LEN 256
#define LOG_PREFIX "[%-8s][%-6s]"
typedef struct {
log_lvl_t lvl;
char name[LOG_NAME_LEN];
char prefix[LOG_PREFIX_LEN];
char txt[LOG_MAX_MSG_SIZE];
} log_msg_t;
typedef struct {
int rd;
int wr;
log_msg_t msgs[LOG_BUF_SIZE];
} buf_t;
static pthread_t thread;
static volatile sig_atomic_t alive = 0;
static sem_t sem_buf, sem_buf_free, sem_buf_used;
static buf_t buffer;
static pthread_key_t key_name = -1, key_prefix = -1;
static char global_name[LOG_NAME_LEN] = "", global_prefix[LOG_PREFIX_LEN] = "";
static const char *level_keywords[] = {
"EMERG",
"ALERT",
"CRIT",
"ERROR",
"WARN",
"NOTICE",
"INFO",
"DEBUG"
};
static void err(const char *restrict msg) {
char err_buf[64];
strerror_r(errno, err_buf, sizeof(err_buf));
fprintf(stderr, ERR_STR LOG_PREFIX " %s: %s" CLR_STR "\n", "logger", level_keywords[LOG_CRITICAL], msg, err_buf);
}
void logmsgf(log_lvl_t level, const char *restrict format, ...) {
char buf[256];
char err_buf[64];
va_list args;
va_start(args, format);
const char *color = (level <= LOG_ERROR) ? ERR_STR : ((level <= LOG_WARNING) ? WRN_STR : "");
if (errno != 0) {
strerror_r(errno, err_buf, sizeof(err_buf));
snprintf(buf, sizeof(buf), "%s%s: %s" CLR_STR, color, format, err_buf);
} else {
snprintf(buf, sizeof(buf), "%s%s" CLR_STR, color, format);
}
void *name = pthread_getspecific(key_name);
if (name == NULL && global_name[0] != 0) name = global_name;
void *prefix = pthread_getspecific(key_prefix);
if (prefix == NULL && global_prefix[0] != 0) prefix = global_prefix;
if (!alive) {
// no logger thread running
// simply write to stdout without synchronization
printf("%s" LOG_PREFIX "%s%s ", color, (name != NULL) ? (char *) name : "", level_keywords[level], CLR_STR, (prefix != NULL) ? (char *) prefix : "");
vprintf(buf, args);
printf("\n");
} else {
// wait for free slot in buffer
try_again_free:
if (sem_wait(&sem_buf_free) != 0) {
if (errno == EINTR) {
errno = 0;
goto try_again_free;
} else {
err("Unable to lock semaphore");
errno = 0;
}
// cleanup
va_end(args);
return;
}
// try to lock buffer
try_again_buf:
if (sem_wait(&sem_buf) != 0) {
if (errno == EINTR) {
errno = 0;
goto try_again_buf;
} else {
err("Unable to lock semaphore");
errno = 0;
}
// cleanup
sem_post(&sem_buf_free);
va_end(args);
return;
}
// write message to buffer
log_msg_t *msg = &buffer.msgs[buffer.rd];
buffer.rd = (buffer.rd + 1) % LOG_BUF_SIZE;
vsnprintf(msg->txt, sizeof(msg->txt), buf, args);
msg->lvl = level;
if (name != NULL) {
snprintf(msg->name, sizeof(msg->name), "%s", (char *) name);
} else {
msg->name[0] = 0;
}
if (prefix != NULL) {
snprintf(msg->prefix, sizeof(msg->prefix), "%s", (char *) prefix);
} else {
msg->prefix[0] = 0;
}
// unlock buffer
sem_post(&sem_buf);
// unlock slot in buffer for logger
sem_post(&sem_buf_used);
}
// cleanup
va_end(args);
}
static void logger_destroy(void) {
sem_destroy(&sem_buf);
sem_destroy(&sem_buf_free);
sem_destroy(&sem_buf_used);
}
static int logger_remaining(void) {
int val = 0;
sem_getvalue(&sem_buf_used, &val);
return val;
}
void logger_set_name(const char *restrict format, ...) {
va_list args;
if (key_name == -1) {
// not initialized
va_start(args, format);
vsnprintf(global_name, sizeof(global_name), format, args);
} else {
int ret;
void *ptr = pthread_getspecific(key_name);
if (!ptr) {
ptr = malloc(LOG_NAME_LEN);
if ((ret = pthread_setspecific(key_name, ptr)) != 0) {
errno = ret;
err("Unable to set thread specific values");
return;
}
}
va_start(args, format);
vsnprintf(ptr, LOG_NAME_LEN, format, args);
}
// cleanup
va_end(args);
}
void logger_set_prefix(const char *restrict format, ...) {
va_list args;
if (key_prefix == -1) {
// not initialized
va_start(args, format);
vsnprintf(global_prefix, sizeof(global_prefix), format, args);
} else {
int ret;
void *ptr = pthread_getspecific(key_prefix);
if (!ptr) {
ptr = malloc(LOG_PREFIX_LEN);
if ((ret = pthread_setspecific(key_prefix, ptr)) != 0) {
errno = ret;
err("Unable to set thread specific values");
return;
}
}
va_start(args, format);
vsnprintf(ptr, LOG_PREFIX_LEN, format, args);
}
// cleanup
va_end(args);
}
static void *logger_thread(void *arg) {
logger_set_name("logger");
alive = 1;
while (alive || logger_remaining() > 0) {
// wait for buffer to be filled
if (sem_wait(&sem_buf_used) != 0) {
if (errno == EINTR) {
errno = 0;
continue;
} else {
err("Unable to lock semaphore");
errno = 0;
break;
}
}
log_msg_t *msg = &buffer.msgs[buffer.wr];
buffer.wr = (buffer.wr + 1) % LOG_BUF_SIZE;
printf("%s" LOG_PREFIX "%s%s %s\n",
(msg->lvl <= LOG_ERROR) ? ERR_STR : ((msg->lvl <= LOG_WARNING) ? WRN_STR : ""),
(msg->name[0] != 0) ? (char *) msg->name : "", level_keywords[msg->lvl], CLR_STR,
(msg->prefix[0] != 0) ? (char *) msg->prefix : "", msg->txt);
// unlock slot in buffer
sem_post(&sem_buf_free);
}
logger_destroy();
return NULL;
}
int logger_init(void) {
int ret;
// try to initialize all three semaphores
if (sem_init(&sem_buf, 0, 1) != 0 || sem_init(&sem_buf_free, 0, LOG_BUF_SIZE) != 0 || sem_init(&sem_buf_used, 0, 0) != 0) {
err("Unable to initialize semaphore");
logger_destroy();
return -1;
}
// initialize read/write heads
buffer.rd = 0;
buffer.wr = 0;
// initialize thread specific values (keys)
if ((ret = pthread_key_create(&key_name, free)) != 0 || (ret = pthread_key_create(&key_prefix, free)) != 0) {
errno = ret;
err("Unable to initialize thread specific values");
logger_destroy();
return -1;
}
pthread_create(&thread, NULL, logger_thread, NULL);
return 0;
}
void logger_stop(void) {
alive = 0;
}

40
src/logger.h Normal file
View File

@@ -0,0 +1,40 @@
/**
* sesimos - secure, simple, modern web server
* @brief Logger (header file)
* @file src/logger.h
* @author Lorenz Stechauner
* @date 2022-12-10
*/
#ifndef SESIMOS_LOGGER_H
#define SESIMOS_LOGGER_H
#define LOG_DEBUG 7
#define LOG_INFO 6
#define LOG_NOTICE 5
#define LOG_WARNING 4
#define LOG_ERROR 3
#define LOG_CRITICAL 2
#define LOG_ALERT 1
typedef unsigned char log_lvl_t;
#define debug(...) logmsgf(LOG_DEBUG, __VA_ARGS__)
#define info(...) logmsgf(LOG_INFO, __VA_ARGS__)
#define notice(...) logmsgf(LOG_NOTICE, __VA_ARGS__)
#define warning(...) logmsgf(LOG_WARNING, __VA_ARGS__)
#define error(...) logmsgf(LOG_ERROR, __VA_ARGS__)
#define critical(...) logmsgf(LOG_CRITICAL, __VA_ARGS__)
#define alert(...) logmsgf(LOG_ALERT, __VA_ARGS__)
void logmsgf(log_lvl_t level, const char *restrict format, ...);
void logger_set_name(const char *restrict format, ...);
void logger_set_prefix(const char *restrict format, ...);
int logger_init(void);
void logger_stop(void);
#endif //SESIMOS_LOGGER_H

419
src/necronda-server.c
View File

@@ -1,419 +0,0 @@
/**
* Necronda Web Server
* Main executable
* src/necronda-server.c
* Lorenz Stechauner, 2020-12-03
*/
#define _POSIX_C_SOURCE 199309L
#include "necronda.h"
#include "necronda-server.h"
#include "client.c"
#include "lib/cache.h"
#include "lib/config.h"
#include "lib/sock.h"
#include "lib/rev_proxy.h"
#include "lib/geoip.h"
#include <stdio.h>
#include <sys/socket.h>
#include <signal.h>
#include <unistd.h>
#include <sys/select.h>
#include <string.h>
#include <errno.h>
#include <arpa/inet.h>
#include <wait.h>
#include <sys/types.h>
#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/ssl.h>
#include <openssl/conf.h>
#include <dirent.h>
int active = 1;
const char *config_file;
int sockets[NUM_SOCKETS];
pid_t children[MAX_CHILDREN];
MMDB_s mmdbs[MAX_MMDB];
SSL_CTX *contexts[CONFIG_MAX_CERT_CONFIG];
void openssl_init() {
SSL_library_init();
SSL_load_error_strings();
ERR_load_BIO_strings();
OpenSSL_add_all_algorithms();
}
static int ssl_servername_cb(SSL *ssl, int *ad, void *arg) {
const char *servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
if (servername != NULL) {
const host_config *conf = get_host_config(servername);
if (conf != NULL) SSL_set_SSL_CTX(ssl, contexts[conf->cert]);
}
return SSL_TLSEXT_ERR_OK;
}
void destroy() {
fprintf(stderr, "\n" ERR_STR "Terminating forcefully!" CLR_STR "\n");
int status = 0;
int ret;
int kills = 0;
for (int i = 0; i < MAX_CHILDREN; i++) {
if (children[i] != 0) {
ret = waitpid(children[i], &status, WNOHANG);
if (ret < 0) {
fprintf(stderr, ERR_STR "Unable to wait for child process (PID %i): %s" CLR_STR "\n",
children[i], strerror(errno));
} else if (ret == children[i]) {
children[i] = 0;
if (status != 0) {
fprintf(stderr, ERR_STR "Child process with PID %i terminated with exit code %i" CLR_STR "\n",
ret, status);
}
} else {
kill(children[i], SIGKILL);
kills++;
}
}
}
if (kills > 0) {
fprintf(stderr, ERR_STR "Killed %i child process(es)" CLR_STR "\n", kills);
}
cache_unload();
config_unload();
exit(2);
}
void terminate() {
fprintf(stderr, "\nTerminating gracefully...\n");
active = 0;
signal(SIGINT, destroy);
signal(SIGTERM, destroy);
for (int i = 0; i < NUM_SOCKETS; i++) {
shutdown(sockets[i], SHUT_RDWR);
close(sockets[i]);
}
int status = 0;
int wait_num = 0;
int ret;
for (int i = 0; i < MAX_CHILDREN; i++) {
if (children[i] != 0) {
ret = waitpid(children[i], &status, WNOHANG);
if (ret < 0) {
fprintf(stderr, ERR_STR "Unable to wait for child process (PID %i): %s" CLR_STR "\n",
children[i], strerror(errno));
} else if (ret == children[i]) {
children[i] = 0;
if (status != 0) {
fprintf(stderr, ERR_STR "Child process with PID %i terminated with exit code %i" CLR_STR "\n",
ret, status);
}
} else {
kill(children[i], SIGTERM);
wait_num++;
}
}
}
if (wait_num > 0) {
fprintf(stderr, "Waiting for %i child process(es)...\n", wait_num);
}
for (int i = 0; i < MAX_CHILDREN; i++) {
if (children[i] != 0) {
ret = waitpid(children[i], &status, 0);
if (ret < 0) {
fprintf(stderr, ERR_STR "Unable to wait for child process (PID %i): %s" CLR_STR "\n",
children[i], strerror(errno));
} else if (ret == children[i]) {
children[i] = 0;
if (status != 0) {
fprintf(stderr, ERR_STR "Child process with PID %i terminated with exit code %i" CLR_STR "\n",
ret, status);
}
}
}
}
if (wait_num > 0) {
// Wait another 50 ms to let child processes write to stdout/stderr
signal(SIGINT, SIG_IGN);
signal(SIGTERM, SIG_IGN);
struct timespec ts = {.tv_sec = 0, .tv_nsec = 50000000};
nanosleep(&ts, &ts);
fprintf(stderr, "\nGoodbye\n");
} else {
fprintf(stderr, "Goodbye\n");
}
cache_unload();
config_unload();
exit(0);
}
int main(int argc, const char *argv[]) {
const int YES = 1;
fd_set socket_fds, read_socket_fds;
int max_socket_fd = 0;
int ready_sockets_num;
long client_num = 0;
char buf[1024];
int ret;
int client_fd;
sock client;
struct sockaddr_in6 client_addr;
unsigned int client_addr_len = sizeof(client_addr);
memset(sockets, 0, sizeof(sockets));
memset(children, 0, sizeof(children));
memset(mmdbs, 0, sizeof(mmdbs));
struct timeval timeout;
const struct sockaddr_in6 addresses[2] = {
{.sin6_family = AF_INET6, .sin6_addr = IN6ADDR_ANY_INIT, .sin6_port = htons(80)},
{.sin6_family = AF_INET6, .sin6_addr = IN6ADDR_ANY_INIT, .sin6_port = htons(443)}
};
if (setvbuf(stdout, NULL, _IOLBF, 0) != 0) {
fprintf(stderr, ERR_STR "Unable to set stdout to line-buffered mode: %s" CLR_STR, strerror(errno));
return 1;
}
printf("Necronda Web Server " NECRONDA_VERSION "\n");
ret = config_init();
if (ret != 0) {
return 1;
}
config_file = NULL;
for (int i = 1; i < argc; i++) {
const char *arg = argv[i];
if (strcmp(arg, "-h") == 0 || strcmp(arg, "--help") == 0) {
printf("Usage: necronda-server [-h] [-c <CONFIG-FILE>]\n"
"\n"
"Options:\n"
" -c, --config <CONFIG-FILE> path to the config file. If not provided, default will be used\n"
" -h, --help print this dialogue\n");
config_unload();
return 0;
} else if (strcmp(arg, "-c") == 0 || strcmp(arg, "--config") == 0) {
if (i == argc - 1) {
fprintf(stderr, ERR_STR "Unable to parse argument %s, usage: --config <CONFIG-FILE>" CLR_STR "\n", arg);
config_unload();
return 1;
}
config_file = argv[++i];
} else {
fprintf(stderr, ERR_STR "Unable to parse argument '%s'" CLR_STR "\n", arg);
config_unload();
return 1;
}
}
ret = config_load(config_file == NULL ? DEFAULT_CONFIG_FILE : config_file);
if (ret != 0) {
config_unload();
return 1;
}
sockets[0] = socket(AF_INET6, SOCK_STREAM, 0);
if (sockets[0] < 0) goto socket_err;
sockets[1] = socket(AF_INET6, SOCK_STREAM, 0);
if (sockets[1] < 0) {
socket_err:
fprintf(stderr, ERR_STR "Unable to create socket: %s" CLR_STR "\n", strerror(errno));
config_unload();
return 1;
}
for (int i = 0; i < NUM_SOCKETS; i++) {
if (setsockopt(sockets[i], SOL_SOCKET, SO_REUSEADDR, &YES, sizeof(YES)) < 0) {
fprintf(stderr, ERR_STR "Unable to set options for socket %i: %s" CLR_STR "\n", i, strerror(errno));
config_unload();
return 1;
}
}
if (bind(sockets[0], (struct sockaddr *) &addresses[0], sizeof(addresses[0])) < 0) goto bind_err;
if (bind(sockets[1], (struct sockaddr *) &addresses[1], sizeof(addresses[1])) < 0) {
bind_err:
fprintf(stderr, ERR_STR "Unable to bind socket to address: %s" CLR_STR "\n", strerror(errno));
config_unload();
return 1;
}
signal(SIGINT, terminate);
signal(SIGTERM, terminate);
if (geoip_dir[0] != 0) {
DIR *geoip = opendir(geoip_dir);
if (geoip == NULL) {
fprintf(stderr, ERR_STR "Unable to open GeoIP dir: %s" CLR_STR "\n", strerror(errno));
config_unload();
return 1;
}
struct dirent *dir;
int i = 0;
while ((dir = readdir(geoip)) != NULL) {
if (strcmp(dir->d_name + strlen(dir->d_name) - 5, ".mmdb") != 0) continue;
if (i >= MAX_MMDB) {
fprintf(stderr, ERR_STR "Too many .mmdb files" CLR_STR "\n");
config_unload();
return 1;
}
sprintf(buf, "%s/%s", geoip_dir, dir->d_name);
ret = MMDB_open(buf, 0, &mmdbs[i]);
if (ret != MMDB_SUCCESS) {
fprintf(stderr, ERR_STR "Unable to open .mmdb file: %s" CLR_STR "\n", MMDB_strerror(ret));
config_unload();
return 1;
}
i++;
}
if (i == 0) {
fprintf(stderr, ERR_STR "No .mmdb files found in %s" CLR_STR "\n", geoip_dir);
config_unload();
return 1;
}
closedir(geoip);
}
ret = cache_init();
if (ret < 0) {
config_unload();
return 1;
} else if (ret != 0) {
children[0] = ret; // pid
} else {
return 0;
}
openssl_init();
client.buf = NULL;
client.buf_len = 0;
client.buf_off = 0;
for (int i = 0; i < CONFIG_MAX_CERT_CONFIG; i++) {
const cert_config *conf = &config->certs[i];
if (conf->name[0] == 0) break;
contexts[i] = SSL_CTX_new(TLS_server_method());
SSL_CTX *ctx = contexts[i];
SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE);
SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);
SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION);
SSL_CTX_set_mode(ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
SSL_CTX_set_cipher_list(ctx, "HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4");
SSL_CTX_set_ecdh_auto(ctx, 1);
SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);
if (SSL_CTX_use_certificate_chain_file(ctx, conf->full_chain) != 1) {
fprintf(stderr, ERR_STR "Unable to load certificate chain file: %s: %s" CLR_STR "\n",
ERR_reason_error_string(ERR_get_error()), conf->full_chain);
config_unload();
return 1;
}
if (SSL_CTX_use_PrivateKey_file(ctx, conf->priv_key, SSL_FILETYPE_PEM) != 1) {
fprintf(stderr, ERR_STR "Unable to load private key file: %s: %s" CLR_STR "\n",
ERR_reason_error_string(ERR_get_error()), conf->priv_key);
config_unload();
return 1;
}
}
client.ctx = contexts[0];
rev_proxy_preload();
for (int i = 0; i < NUM_SOCKETS; i++) {
if (listen(sockets[i], LISTEN_BACKLOG) < 0) {
fprintf(stderr, ERR_STR "Unable to listen on socket %i: %s" CLR_STR "\n", i, strerror(errno));
config_unload();
return 1;
}
}
FD_ZERO(&socket_fds);
for (int i = 0; i < NUM_SOCKETS; i++) {
FD_SET(sockets[i], &socket_fds);
if (sockets[i] > max_socket_fd) {
max_socket_fd = sockets[i];
}
}
fprintf(stderr, "Ready to accept connections\n");
while (active) {
timeout.tv_sec = 1;
timeout.tv_usec = 0;
read_socket_fds = socket_fds;
ready_sockets_num = select(max_socket_fd + 1, &read_socket_fds, NULL, NULL, &timeout);
if (ready_sockets_num < 0) {
fprintf(stderr, ERR_STR "Unable to select sockets: %s" CLR_STR "\n", strerror(errno));
terminate();
return 1;
}
for (int i = 0; i < NUM_SOCKETS; i++) {
if (FD_ISSET(sockets[i], &read_socket_fds)) {
client_fd = accept(sockets[i], (struct sockaddr *) &client_addr, &client_addr_len);
if (client_fd < 0) {
fprintf(stderr, ERR_STR "Unable to accept connection: %s" CLR_STR "\n", strerror(errno));
continue;
}
pid_t pid = fork();
if (pid == 0) {
// child
signal(SIGINT, SIG_IGN);
signal(SIGTERM, SIG_IGN);
client.socket = client_fd;
client.enc = i == 1;
return client_handler(&client, client_num, &client_addr);
} else if (pid > 0) {
// parent
client_num++;
close(client_fd);
for (int j = 0; j < MAX_CHILDREN; j++) {
if (children[j] == 0) {
children[j] = pid;
break;
}
}
} else {
fprintf(stderr, ERR_STR "Unable to create child process: %s" CLR_STR "\n", strerror(errno));
}
}
}
// TODO outsource in thread
int status = 0;
for (int i = 0; i < MAX_CHILDREN; i++) {
if (children[i] != 0) {
ret = waitpid(children[i], &status, WNOHANG);
if (ret < 0) {
fprintf(stderr, ERR_STR "Unable to wait for child process (PID %i): %s" CLR_STR "\n",
children[i], strerror(errno));
} else if (ret == children[i]) {
children[i] = 0;
if (status != 0) {
fprintf(stderr, ERR_STR "Child process with PID %i terminated with exit code %i" CLR_STR "\n",
ret, status);
}
}
}
}
}
return 0;
}

34
src/necronda-server.h
View File

@@ -1,34 +0,0 @@
/**
* Necronda Web Server
* Main executable (header file)
* src/necronda-server.h
* Lorenz Stechauner, 2020-12-03
*/
#ifndef NECRONDA_SERVER_NECRONDA_SERVER_H
#define NECRONDA_SERVER_NECRONDA_SERVER_H
#include <sys/time.h>
#include <maxminddb.h>
#define NUM_SOCKETS 2
#define MAX_CHILDREN 1024
#define MAX_MMDB 3
#define LISTEN_BACKLOG 16
#define REQ_PER_CONNECTION 200
#define CLIENT_TIMEOUT 3600
#define SERVER_TIMEOUT_INIT 4
#define SERVER_TIMEOUT 3600
#define CHUNK_SIZE 8192
extern int sockets[NUM_SOCKETS];
extern pid_t children[MAX_CHILDREN];
extern MMDB_s mmdbs[MAX_MMDB];
extern int server_keep_alive;
extern char *log_client_prefix, *log_conn_prefix, *log_req_prefix, *client_geoip;
extern char *client_addr_str, *client_addr_str_ptr, *server_addr_str, *server_addr_str_ptr, *client_host_str;
extern struct timeval client_timeout;
#endif //NECRONDA_SERVER_NECRONDA_SERVER_H

23
src/necronda.h
View File

@@ -1,23 +0,0 @@
/**
* Necronda Web Server
* Definitions
* src/necronda.h
* Lorenz Stechauner, 2021-05-04
*/
#ifndef NECRONDA_SERVER_NECRONDA_H
#define NECRONDA_SERVER_NECRONDA_H
#define NECRONDA_VERSION "4.5"
#define SERVER_STR "Necronda/" NECRONDA_VERSION
#define SERVER_STR_HTML "Necronda&nbsp;web&nbsp;server&nbsp;" NECRONDA_VERSION
#ifndef DEFAULT_HOST
# define DEFAULT_HOST "www.necronda.net"
#endif
#ifndef SERVER_NAME
# define SERVER_NAME DEFAULT_HOST
#endif
#endif //NECRONDA_SERVER_NECRONDA_H

280
src/server.c Normal file
View File

@@ -0,0 +1,280 @@
/**
* Sesimos - secure, simple, modern web server
* @brief Main executable
* @file src/server.c
* @author Lorenz Stechauner
* @date 2020-12-03
*/
#include "defs.h"
#include "server.h"
#include "client.h"
#include "logger.h"
#include "async.h"
#include "worker/tcp_acceptor.h"
#include "cache_handler.h"
#include "lib/config.h"
#include "lib/proxy.h"
#include "lib/geoip.h"
#include "worker/tcp_closer.h"
#include "worker/request_handler.h"
#include <stdio.h>
#include <getopt.h>
#include <sys/socket.h>
#include <signal.h>
#include <unistd.h>
#include <poll.h>
#include <string.h>
#include <errno.h>
#include <arpa/inet.h>
#include <sys/types.h>
#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/ssl.h>
#include <openssl/conf.h>
volatile sig_atomic_t server_alive = 1;
const char *config_file;
static int sockets[NUM_SOCKETS];
static SSL_CTX *contexts[CONFIG_MAX_CERT_CONFIG];
static client_ctx_t clients[MAX_CLIENTS]; // TODO dynamic
static int clean() {
remove("/var/sesimos/server/cache");
rmdir("/var/sesimos/server/");
return 0;
}
static int ssl_servername_cb(SSL *ssl, int *ad, void *arg) {
const char *servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
if (servername != NULL) {
const host_config_t *conf = get_host_config(servername);
if (conf != NULL) SSL_set_SSL_CTX(ssl, contexts[conf->cert]);
}
return SSL_TLSEXT_ERR_OK;
}
static void accept_cb(void *arg) {
int i = (int) (((int *) arg) - sockets);
int fd = sockets[i];
int j;
for (j = 0; j < MAX_CLIENTS; j++) {
if (clients[j].in_use == 0) break;
}
client_ctx_t *client_ctx = &clients[j];
client_ctx->in_use = 1;
sock *client = &client_ctx->socket;
client->ctx = contexts[0];
socklen_t addr_len = sizeof(client->addr);
int client_fd = accept(fd, &client->addr.sock, &addr_len);
if (client_fd < 0) {
critical("Unable to accept connection");
return;
}
client->socket = client_fd;
client->enc = (i == 1);
tcp_accept(client_ctx);
}
static void accept_err_cb(void *arg) {
int i = (int) (((int *) arg) - sockets);
int fd = sockets[i];
// TODO accept error callback
}
static void terminate_forcefully(int sig) {
fprintf(stderr, "\n");
notice("Terminating forcefully!");
geoip_free();
notice("Goodbye");
exit(2);
}
static void terminate_gracefully(int sig) {
fprintf(stderr, "\n");
notice("Terminating gracefully...");
server_alive = 0;
signal(SIGINT, terminate_forcefully);
signal(SIGTERM, terminate_forcefully);
tcp_acceptor_stop();
request_handler_stop();
tcp_closer_stop();
tcp_acceptor_destroy();
request_handler_destroy();
tcp_closer_destroy();
for (int i = 0; i < NUM_SOCKETS; i++) {
shutdown(sockets[i], SHUT_RDWR);
close(sockets[i]);
}
notice("Goodbye");
geoip_free();
exit(0);
}
static void nothing(int sig) {}
int main(int argc, char *const argv[]) {
const int YES = 1;
int ret;
memset(sockets, 0, sizeof(sockets));
memset(clients, 0, sizeof(clients));
const struct sockaddr_in6 addresses[2] = {
{.sin6_family = AF_INET6, .sin6_addr = IN6ADDR_ANY_INIT, .sin6_port = htons(80)},
{.sin6_family = AF_INET6, .sin6_addr = IN6ADDR_ANY_INIT, .sin6_port = htons(443)}
};
logger_init();
logger_set_name("server");
if (setvbuf(stdout, NULL, _IOLBF, 0) != 0 || setvbuf(stderr, NULL, _IOLBF, 0) != 0) {
critical("Unable to set stdout/stderr to line-buffered mode");
return 1;
}
printf("Sesimos web server " SERVER_VERSION "\n");
static const struct option long_opts[] = {
{"help", no_argument, 0, 'h'},
{"config", required_argument, 0, 'c'},
{ 0, 0, 0, 0 }
};
config_file = NULL;
int c, opt_idx;
while ((c = getopt_long(argc, argv, "hc:", long_opts, &opt_idx)) != -1) {
switch (c) {
case 'h':
fprintf(stderr,
"Usage: sesimos [-h] [-c <CONFIG FILE>]\n"
"\n"
"Options:\n"
" -c, --config <CONFIG-FILE> path to the config file. If not provided, default will be used\n"
" -h, --help print this dialogue\n");
return 0;
case 'c':
config_file = optarg;
break;
case '?':
default:
critical("Unable to parse arguments");
return 1;
}
}
if (optind != argc) {
critical("No positional arguments expected");
return 1;
}
if (config_load(config_file == NULL ? DEFAULT_CONFIG_FILE : config_file) != 0)
return 1;
if ((sockets[0] = socket(AF_INET6, SOCK_STREAM, 0)) == -1 ||
(sockets[1] = socket(AF_INET6, SOCK_STREAM, 0)) == -1)
{
critical("Unable to create socket");
return 1;
}
for (int i = 0; i < NUM_SOCKETS; i++) {
if (setsockopt(sockets[i], SOL_SOCKET, SO_REUSEADDR, &YES, sizeof(YES)) < 0) {
critical("Unable to set options for socket %i", i);
return 1;
}
}
if (bind(sockets[0], (struct sockaddr *) &addresses[0], sizeof(addresses[0])) == -1 ||
bind(sockets[1], (struct sockaddr *) &addresses[1], sizeof(addresses[1])) == -1)
{
critical("Unable to bind socket to address");
return 1;
}
signal(SIGINT, terminate_gracefully);
signal(SIGTERM, terminate_gracefully);
signal(SIGUSR1, nothing);
if ((ret = geoip_init(config.geoip_dir)) != 0) {
if (ret == -1) {
critical("Unable to initialize geoip");
}
return 1;
}
if ((ret = cache_init()) != 0) {
geoip_free();
if (ret == -1) critical("Unable to initialize cache");
return 1;
}
for (int i = 0; i < CONFIG_MAX_CERT_CONFIG; i++) {
const cert_config_t *conf = &config.certs[i];
if (conf->name[0] == 0) break;
contexts[i] = SSL_CTX_new(TLS_server_method());
SSL_CTX *ctx = contexts[i];
SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE);
SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);
SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION);
SSL_CTX_set_mode(ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
SSL_CTX_set_cipher_list(ctx, "HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4");
SSL_CTX_set_ecdh_auto(ctx, 1);
SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);
if (SSL_CTX_use_certificate_chain_file(ctx, conf->full_chain) != 1) {
critical("Unable to load certificate chain file: %s: %s", ERR_reason_error_string(ERR_get_error()), conf->full_chain);
geoip_free();
return 1;
}
if (SSL_CTX_use_PrivateKey_file(ctx, conf->priv_key, SSL_FILETYPE_PEM) != 1) {
critical("Unable to load private key file: %s: %s", ERR_reason_error_string(ERR_get_error()), conf->priv_key);
geoip_free();
return 1;
}
}
proxy_preload();
for (int i = 0; i < NUM_SOCKETS; i++) {
if (listen(sockets[i], LISTEN_BACKLOG) < 0) {
critical("Unable to listen on socket %i", i);
geoip_free();
return 1;
}
}
tcp_acceptor_init(CNX_HANDLER_WORKERS, 64);
tcp_closer_init(CNX_HANDLER_WORKERS, 64);
request_handler_init(REQ_HANDLER_WORKERS, 64);
for (int i = 0; i < NUM_SOCKETS; i++) {
async(sockets[i], POLLIN, ASYNC_KEEP, accept_cb, &sockets[i], accept_err_cb, &sockets[i]);
}
notice("Ready to accept connections");
async_thread();
// cleanup
geoip_free();
return 0;
}

29
src/server.h Normal file
View File

@@ -0,0 +1,29 @@
/**
* sesimos - secure, simple, modern web server
* @brief Main executable (header file)
* @file src/server.h
* @author Lorenz Stechauner
* @date 2020-12-03
*/
#ifndef SESIMOS_SERVER_H
#define SESIMOS_SERVER_H
#include <sys/time.h>
#include <maxminddb.h>
#include <signal.h>
#define NUM_SOCKETS 2
#define LISTEN_BACKLOG 16
#define REQ_PER_CONNECTION 200
#define CLIENT_TIMEOUT 3600
#define SERVER_TIMEOUT_INIT 4
#define SERVER_TIMEOUT 3600
#define MAX_CLIENTS 4096
#define CNX_HANDLER_WORKERS 8
#define REQ_HANDLER_WORKERS 16
extern volatile sig_atomic_t server_alive;
#endif //SESIMOS_SERVER_H

39
src/worker/request_handler.c Normal file
View File

@@ -0,0 +1,39 @@
#include "request_handler.h"
#include "../logger.h"
#include "../lib/mpmc.h"
#include "../lib/utils.h"
#include "tcp_closer.h"
#include "../async.h"
#include "../server.h"
static mpmc_t mpmc_ctx;
static void request_handler_func(client_ctx_t *ctx);
int request_handler_init(int n_workers, int buf_size) {
return mpmc_init(&mpmc_ctx, n_workers, buf_size, (void (*)(void *)) request_handler_func, "req");
}
int handle_request(client_ctx_t *ctx) {
return mpmc_queue(&mpmc_ctx, ctx);
}
void request_handler_stop(void) {
mpmc_stop(&mpmc_ctx);
}
void request_handler_destroy(void) {
mpmc_destroy(&mpmc_ctx);
}
static void request_handler_func(client_ctx_t *ctx) {
client_request_handler(ctx);
if (ctx->c_keep_alive && ctx->s_keep_alive && ctx->req_num < REQ_PER_CONNECTION) {
async(ctx->socket.socket, POLLIN, 0, (void (*)(void *)) handle_request, ctx, (void (*)(void *)) tcp_close, ctx);
logger_set_prefix(ctx->log_prefix);
} else {
tcp_close(ctx);
}
}

15
src/worker/request_handler.h Normal file
View File

@@ -0,0 +1,15 @@
#ifndef SESIMOS_REQUEST_HANDLER_H
#define SESIMOS_REQUEST_HANDLER_H
#include "../client.h"
int request_handler_init(int n_workers, int buf_size);
int handle_request(client_ctx_t *ctx);
void request_handler_stop(void);
void request_handler_destroy(void);
#endif //SESIMOS_REQUEST_HANDLER_H

129
src/worker/tcp_acceptor.c Normal file
View File

@@ -0,0 +1,129 @@
#include "tcp_acceptor.h"
#include "../logger.h"
#include "../lib/mpmc.h"
#include "../lib/utils.h"
#include "../server.h"
#include "../lib/geoip.h"
#include "../async.h"
#include "tcp_closer.h"
#include "request_handler.h"
#include <string.h>
#include <errno.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
static mpmc_t mpmc_ctx;
static void tcp_acceptor_func(client_ctx_t *ctx);
int tcp_acceptor_init(int n_workers, int buf_size) {
return mpmc_init(&mpmc_ctx, n_workers, buf_size, (void (*)(void *)) tcp_acceptor_func, "tcp_a");
}
int tcp_accept(client_ctx_t *ctx) {
return mpmc_queue(&mpmc_ctx, ctx);
}
void tcp_acceptor_stop(void) {
mpmc_stop(&mpmc_ctx);
}
void tcp_acceptor_destroy(void) {
mpmc_destroy(&mpmc_ctx);
}
static void tcp_acceptor_func(client_ctx_t *ctx) {
struct sockaddr_in6 server_addr;
inet_ntop(ctx->socket.addr.ipv6.sin6_family, &ctx->socket.addr.ipv6.sin6_addr, ctx->_c_addr, sizeof(ctx->_c_addr));
if (strncmp(ctx->_c_addr, "::ffff:", 7) == 0) {
ctx->addr = ctx->_c_addr + 7;
} else {
ctx->addr = ctx->_c_addr;
}
socklen_t len = sizeof(server_addr);
getsockname(ctx->socket.socket, (struct sockaddr *) &server_addr, &len);
inet_ntop(server_addr.sin6_family, (void *) &server_addr.sin6_addr, ctx->_s_addr, sizeof(ctx->_s_addr));
if (strncmp(ctx->_s_addr, "::ffff:", 7) == 0) {
ctx->s_addr = ctx->_s_addr + 7;
} else {
ctx->s_addr = ctx->_s_addr;
}
sprintf(ctx->log_prefix, "[%s%4i%s]%s[%*s][%5i]%s", (int) ctx->socket.enc ? HTTPS_STR : HTTP_STR,
ntohs(server_addr.sin6_port), CLR_STR, /*color_table[0]*/ "", INET6_ADDRSTRLEN, ctx->addr,
ntohs(ctx->socket.addr.ipv6.sin6_port), CLR_STR);
logger_set_prefix("[%*s]%s", INET6_ADDRSTRLEN, ctx->s_addr, ctx->log_prefix);
int ret;
char buf[1024];
sock *client = &ctx->socket;
clock_gettime(CLOCK_MONOTONIC, &ctx->begin);
if (config.dns_server[0] != 0) {
sprintf(buf, "dig @%s +short +time=1 -x %s", config.dns_server, ctx->addr);
FILE *dig = popen(buf, "r");
if (dig == NULL) {
error("Unable to start dig: %s", strerror(errno));
goto dig_err;
}
unsigned long read = fread(buf, 1, sizeof(buf), dig);
ret = pclose(dig);
if (ret != 0) {
error("Dig terminated with exit code %i", ret);
goto dig_err;
}
char *ptr = memchr(buf, '\n', read);
if (ptr == buf || ptr == NULL) {
goto dig_err;
}
ptr[-1] = 0;
strncpy(ctx->host, buf, sizeof(ctx->host));
} else {
dig_err:
ctx->host[0] = 0;
}
ctx->cc[0] = 0;
geoip_lookup_country(&client->addr.sock, ctx->cc);
info("Connection accepted from %s %s%s%s[%s]", ctx->addr, ctx->host[0] != 0 ? "(" : "",
ctx->host[0] != 0 ? ctx->host : "", ctx->host[0] != 0 ? ") " : "",
ctx->cc[0] != 0 ? ctx->cc : "N/A");
struct timeval client_timeout = {.tv_sec = CLIENT_TIMEOUT, .tv_usec = 0};
if (setsockopt(client->socket, SOL_SOCKET, SO_RCVTIMEO, &client_timeout, sizeof(client_timeout)) == -1 ||
setsockopt(client->socket, SOL_SOCKET, SO_SNDTIMEO, &client_timeout, sizeof(client_timeout)) == -1)
{
error("Unable to set timeout for socket");
tcp_close(ctx);
return;
}
if (client->enc) {
client->ssl = SSL_new(client->ctx);
SSL_set_fd(client->ssl, client->socket);
SSL_set_accept_state(client->ssl);
ret = SSL_accept(client->ssl);
client->_last_ret = ret;
client->_errno = errno;
client->_ssl_error = ERR_get_error();
if (ret <= 0) {
info("Unable to perform handshake: %s", sock_strerror(client));
tcp_close(ctx);
return;
}
}
ctx->req_num = 0;
ctx->s_keep_alive = 1;
ctx->c_keep_alive = 1;
async(ctx->socket.socket, POLLIN, 0, (void (*)(void *)) handle_request, ctx, (void (*)(void *)) tcp_close, ctx);
}

15
src/worker/tcp_acceptor.h Normal file
View File

@@ -0,0 +1,15 @@
#ifndef SESIMOS_TCP_ACCEPTOR_H
#define SESIMOS_TCP_ACCEPTOR_H
#include "../client.h"
int tcp_acceptor_init(int n_workers, int buf_size);
int tcp_accept(client_ctx_t *ctx);
void tcp_acceptor_stop(void);
void tcp_acceptor_destroy(void);
#endif //SESIMOS_TCP_ACCEPTOR_H

40
src/worker/tcp_closer.c Normal file
View File

@@ -0,0 +1,40 @@
#include "tcp_closer.h"
#include "../logger.h"
#include "../lib/mpmc.h"
#include "../lib/utils.h"
#include <memory.h>
static mpmc_t mpmc_ctx;
static void tcp_closer_func(client_ctx_t *ctx);
int tcp_closer_init(int n_workers, int buf_size) {
return mpmc_init(&mpmc_ctx, n_workers, buf_size, (void (*)(void *)) tcp_closer_func, "tcp_c");
}
int tcp_close(client_ctx_t *ctx) {
return mpmc_queue(&mpmc_ctx, ctx);
}
void tcp_closer_stop(void) {
mpmc_stop(&mpmc_ctx);
}
void tcp_closer_destroy(void) {
mpmc_destroy(&mpmc_ctx);
}
static void tcp_closer_func(client_ctx_t *ctx) {
logger_set_prefix("[%*s]%s", INET6_ADDRSTRLEN, ctx->s_addr, ctx->log_prefix);
sock_close(&ctx->socket);
char buf[32];
clock_gettime(CLOCK_MONOTONIC, &ctx->end);
unsigned long micros = (ctx->end.tv_nsec - ctx->begin.tv_nsec) / 1000 + (ctx->end.tv_sec - ctx->begin.tv_sec) * 1000000;
info("Connection closed (%s)", format_duration(micros, buf));
memset(ctx, 0, sizeof(*ctx));
}

15
src/worker/tcp_closer.h Normal file
View File

@@ -0,0 +1,15 @@
#ifndef SESIMOS_TCP_CLOSER_H
#define SESIMOS_TCP_CLOSER_H
#include "../client.h"
int tcp_closer_init(int n_workers, int buf_size);
int tcp_close(client_ctx_t *ctx);
void tcp_closer_stop(void);
void tcp_closer_destroy(void);
#endif //SESIMOS_TCP_CLOSER_H

28
test/mock_socket.c Normal file
View File

@@ -0,0 +1,28 @@
#include <stdio.h>
#include <errno.h>
#include "mock_socket.h"
int mock_socket_send_mode;
static int sockets[256] = {0};
static int n_sockets = 0;
int mock_socket(int domain, int type, int protocol) {
printf("SOCKET\n");
return (n_sockets++) + 100;
}
ssize_t mock_send(int fd, const void *buf, size_t n, int flags) {
printf("SEND\n");
if (mock_socket_send_mode == MOCK_SOCKET_MODE_EINTR) {
errno = EINTR;
return rand() % ((ssize_t) n) - 1;
} else if (mock_socket_send_mode == MOCK_SOCKET_MODE_CLOSED) {
errno = 0; // TODO
return -1;
}
return (ssize_t) n;
}

20
test/mock_socket.h Normal file
View File

@@ -0,0 +1,20 @@
#ifndef SESIMOS_MOCK_SOCKET_H
#define SESIMOS_MOCK_SOCKET_H
#include <stdlib.h>
#define MOCK_SOCKET_MODE_SUCCESS 0
#define MOCK_SOCKET_MODE_EINTR 1
#define MOCK_SOCKET_MODE_CLOSED 2
#define socket(args...) mock_socket(args)
#define send(args...) mock_send(args)
extern int mock_socket_send_mode;
int mock_socket(int domain, int type, int protocol);
ssize_t mock_send(int fd, const void *buf, size_t n, int flags);
#endif //SESIMOS_MOCK_SOCKET_H

33
test/mock_ssl.c Normal file
View File

@@ -0,0 +1,33 @@
#include <openssl/crypto.h>
int SSL_write(SSL *ssl, const void *buf, int num) {
return num;
}
int SSL_read(SSL *ssl, void *buf, int num) {
return num;
}
int SSL_peek(SSL *ssl, void *buf, int num) {
return num;
}
int SSL_get_error(const SSL *s, int ret_code) {
return 0;
}
const char *ERR_reason_error_string(unsigned long e) {
return "";
}
int SSL_shutdown(SSL *s) {
return 0;
}
void SSL_free(SSL *ssl) {}
unsigned long ERR_get_error(void) {
return 0;
}

15
test/test_sock.c Normal file
View File

@@ -0,0 +1,15 @@
#include <criterion/criterion.h>
#include "mock_socket.h"
#include "../src/lib/sock.h"
Test(sock, sock_send_1) {
int fd = socket(AF_INET6, SOCK_STREAM, 0);
sock s;
s.enc = 0;
s.socket = fd;
long ret = sock_send(&s, "Hello", 5, 0);
cr_assert_eq(ret, 5);
}

86
test/test_utils.c Normal file
View File

@@ -0,0 +1,86 @@
#include <criterion/criterion.h>
#include <criterion/parameterized.h>
#include "../src/lib/utils.h"
struct url_encode_t {
long in_size;
char in[256];
long exp_size;
char exp[256];
};
struct format_duration_t {
unsigned long micros;
char exp[16];
};
ParameterizedTestParameters(utils, url_encode) {
static struct url_encode_t params[] = {
{0, "", 0, ""},
{9, "Test Text", 11, "Test%20Text"},
{21, "Text\0with\0null\0bytes\0", 29, "Text%00with%00null%00bytes%00"},
{59, "Text&with+some/strange_symbols-or#something?I%don't|know...", 59, "Text&with+some/strange_symbols-or#something?I%don't|know..."},
{33, "Data\x12With\x13Some" "\xFF" "Control" "\xFE" "Characters", 41, "Data%12With%13Some%FFControl%FECharacters"}
};
return cr_make_param_array(struct url_encode_t, params, sizeof(params) / sizeof(struct url_encode_t));
}
ParameterizedTest(struct url_encode_t *param, utils, url_encode) {
char out[256];
cr_assert_eq(url_encode(param->in, param->in_size, out, sizeof(out)), param->exp_size);
cr_assert_arr_eq(out, param->exp, param->exp_size + 1);
}
Test(utils, url_encode_bytes) {
char out[4];
char exp[4];
for (int i = 0; i < 256; i++) {
unsigned char ch = i;
if (ch <= 0x20 || ch >= 0x7F) {
cr_assert_eq(url_encode(&ch, 1, out, sizeof(out)), 3);
sprintf(exp, "%%%02X", ch);
cr_assert_str_eq(out, exp);
} else {
cr_assert_eq(url_encode(&ch, 1, out, sizeof(out)), 1);
sprintf(exp, "%c", ch);
cr_assert_str_eq(out, exp);
}
}
}
Test(utils, url_encode_invalid) {
cr_assert_eq(url_encode("Hello", 5, NULL, 0), 5);
}
ParameterizedTestParameters(utils, format_duration) {
static struct format_duration_t params[] = {
{0, "0.0 ms"},
{1, "0.0 ms"},
{90, "0.1 ms"},
{100, "0.1 ms"},
{110, "0.1 ms"},
{900, "0.9 ms"},
{1000, "1.0 ms"},
{9000, "9.0 ms"},
{9899, "9.9 ms"},
{9999, "10.0 ms"},
{10000, "10 ms"},
{11999, "12 ms"},
{999999, "1.0 s"},
{1000000, "1.0 s"},
{3000000, "3.0 s"},
{1000000 * 60, "1.0 min"},
{1000000 * 60 * 30L - 30000000, "29.5 min"},
{1000000 * 60 * 60L, "60.0 min"},
{1000000 * 60 * 120L, "120 min"},
};
return cr_make_param_array(struct format_duration_t, params, sizeof(params) / sizeof(struct format_duration_t));
}
ParameterizedTest(struct format_duration_t *param, utils, format_duration) {
char buf[16];
cr_assert_str_eq(format_duration(param->micros, buf), param->exp);
}