src/server/daemon/httplistener.c

Tue, 24 Jan 2017 23:19:48 +0100

author
Olaf Wintermann <olaf.wintermann@gmail.com>
date
Tue, 24 Jan 2017 23:19:48 +0100
changeset 157
a0c8e752490d
parent 152
8b85c5face66
child 161
aadda87bad1b
child 188
0e6a05c779e0
permissions
-rw-r--r--

adds pblock operations to set-variable saf

/*
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
 *
 * Copyright 2013 Olaf Wintermann. All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 *
 *   1. Redistributions of source code must retain the above copyright
 *      notice, this list of conditions and the following disclaimer.
 *
 *   2. Redistributions in binary form must reproduce the above copyright
 *      notice, this list of conditions and the following disclaimer in the
 *      documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */

#include "../public/nsapi.h"

#include <stdio.h>
#include <stdlib.h>
#include <fcntl.h>
#include <sys/shm.h>
#include <sys/types.h>
#include <sys/ipc.h>
#include <sys/socket.h>
#include <sys/file.h>
#include <netinet/in.h>
#include <netdb.h>
#include <stdio.h>
#include <stdlib.h>
#include <fcntl.h>
#include <unistd.h>
#include <strings.h>
#include <stdbool.h>
#include <pthread.h>

#include <ucx/map.h>

#include "../util/atomic.h"
#include "httplistener.h"

#include "session.h"
#include "configmanager.h"
#include "log.h"

UcxMap *listener_map = NULL;

int start_all_listener() {
    ServerConfiguration *conf = cfgmgr_get_server_config();
    UcxList *ls = conf->listeners;
    while(ls) {
        HttpListener *listener = ls->data;
        http_listener_start(listener);
        ls = ls->next;
    }

    return 0;
}

HttpListener* http_listener_create(ListenerConfig *conf) {
    if(listener_map == NULL) {
        listener_map = ucx_map_new(16);
    }

    HttpListener *fl = ucx_map_sstr_get(listener_map, conf->name);
    if(fl == NULL) {
        return http_listener_new(conf);
    }
    
    HttpListener* newls = calloc(1, sizeof(HttpListener));
    if(newls == NULL) {
        // TODO: error
    }
    
    newls->name = conf->name;
    newls->cfg = conf->cfg;
    newls->nacceptors = conf->nacceptors;
    newls->default_vs.vs_name = conf->vs.ptr;  
    newls->port = fl->port;
    newls->server_socket = fl->server_socket;
    newls->running = 1;
    newls->threadpool = NULL;
    newls->ref = 2; // 1 reference is fl->next
    
    newls->session_handler = fl->session_handler; // TODO
    
    // the listener threadpool might be changed
    if(conf->threadpool.ptr != NULL) {
        newls->threadpool = get_threadpool(conf->threadpool);
    }
    if(newls->threadpool == NULL) {
        newls->threadpool = get_default_threadpool();
    }
    
    // create acceptor threads
    newls->acceptors = calloc(newls->nacceptors, sizeof(void*));
    for (int i=0;i<newls->nacceptors;i++) {
        newls->acceptors[i] = acceptor_new(newls);
    }
    
    // fl hold one reference of newls
    fl->next = newls;
    
    
    ucx_map_sstr_put(listener_map, newls->name, newls);
    
    for (int i=0;i<newls->nacceptors;i++) {
        acceptor_start(newls->acceptors[i]);
    }
    
    // check if a restart is required to apply all changes
    
    if(newls->port != conf->port) {
        // TODO: log
    }
    
    return newls;
}

HttpListener* http_listener_new(ListenerConfig *conf) {
    // TODO: remove
    if(listener_map == NULL) {
        listener_map = ucx_map_new(16);
    }

    HttpListener *fl = ucx_map_sstr_get(listener_map, conf->name);
    if(fl != NULL) {
        return fl;
    }
    // end remove

    HttpListener *listener = malloc(sizeof(HttpListener));
    listener->running = 0;
    listener->cfg = conf->cfg;
    listener->name = conf->name;
    listener->default_vs.vs_name = conf->vs.ptr;
    listener->threadpool = NULL;
    if(conf->threadpool.ptr != NULL) {
        listener->threadpool = get_threadpool(conf->threadpool);
    }
    if(listener->threadpool == NULL) {
        listener->threadpool = get_default_threadpool();
    }
    if(conf->blockingio) {
        listener->session_handler = create_basic_session_handler();
    } else {
        listener->session_handler = create_event_session_handler();
    }
    listener->nacceptors = conf->nacceptors;
    listener->port = conf->port;
    listener->ref = 1;
    listener->next = NULL;
    listener->ssl = NULL;
    
    int error = 0;
    
    if(conf->ssl) {
        listener->ssl = malloc(sizeof(HttpSSL));
        
        SSL_CTX *ctx = SSL_CTX_new(SSLv23_server_method());
        SSL_CTX_set_options(
                ctx,
                SSL_OP_SINGLE_DH_USE | SSL_OP_NO_SSLv3);
        if(conf->disable_proto.ptr) {
            ssize_t n = 0;
            sstr_t *plist = sstrsplit(conf->disable_proto, S(","), &n);
            if(plist) {
                for(int i=0;i<n;i++) {
                    sstr_t proto = plist[i];
                    log_ereport(
                            LOG_VERBOSE,
                            "Listener %s: Disable protocol %s",
                            listener->name.ptr,
                            proto.ptr);
                    if(!sstrcasecmp(sstrtrim(proto), S("SSLv2"))) {
                        SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
                    } else if(!sstrcasecmp(sstrtrim(proto), S("SSLv3"))) {
                        SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3);
                    } else if(!sstrcasecmp(sstrtrim(proto), S("TLSv1"))) {
                        SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1);
                    } else if(!sstrcasecmp(sstrtrim(proto), S("TLSv1.1"))) {
#ifdef SSL_OP_NO_TLSv1_1
                        SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1_1);
#else
                        log_ereport(
                                LOG_WARN,
                                "Listener: %s: TLSv1.1 already not supported",
                                listener->name.ptr);
#endif
                    } else if(sstrcasecmp(sstrtrim(proto), S("TLSv1.2"))) {
#ifdef SSL_OP_NO_TLSv1_2
                        SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1_2);
#else
                        log_ereport(
                                LOG_WARN,
                                "Listener: %s: TLSv1.2 already not supported",
                                listener->name.ptr);
#endif
                    } else if(sstrcasecmp(sstrtrim(proto), S("TLSv1.3"))) {
#ifdef SSL_OP_NO_TLSv1_3
                        SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1_3);
#else
                        log_ereport(
                                LOG_WARN,
                                "Listener: %s: TLSv1.3 already not supported",
                                listener->name.ptr);
#endif
                    } else {
                        error = 1;
                        log_ereport(
                                LOG_MISCONFIG,
                                "Listener: %s: Unknown protocol %s",
                                listener->name.ptr,
                                proto.ptr);
                    }
                    free(proto.ptr);
                }
                free(plist);
            }
        }
        
        if(error) {
            return NULL;
        }
        // TODO: cleanup on error
        
        sstr_t file;
        int ret;
        char errbuf[512];
        
        if(!conf->chainfile.ptr) {
            file = sstrdup(conf->certfile);
            ret = SSL_CTX_use_certificate_file(ctx, file.ptr, SSL_FILETYPE_PEM);
            free(file.ptr);
            if(!ret) {
                ERR_error_string(ERR_get_error(), errbuf);
                log_ereport(LOG_MISCONFIG, "Cannot load ssl chain file: %s", errbuf);
                return NULL;
            }
        } else {
            file = sstrdup(conf->chainfile);
            ret = SSL_CTX_use_certificate_chain_file(ctx, file.ptr);
            free(file.ptr);
            if(!ret) { 
                ERR_error_string(ERR_get_error(), errbuf);
                log_ereport(LOG_MISCONFIG, "Cannot load ssl cert file: %s", errbuf);
                return NULL;
            }
        }
        
        file = sstrdup(conf->privkeyfile);
        ret = SSL_CTX_use_PrivateKey_file(ctx, file.ptr, SSL_FILETYPE_PEM);
        free(file.ptr);
        if(!ret) { 
            ERR_error_string(ERR_get_error(), errbuf);
            log_ereport(LOG_MISCONFIG, "Cannot load ssl key file: %s", errbuf);
            return NULL;
        }
        
        // TODO: chain
        listener->ssl->sslctx = ctx;
    }
    
    
    ucx_map_sstr_put(listener_map, listener->name, listener);

    struct sockaddr_in servaddr;   /* server address */

    /* init address structure */
    memset(&servaddr, 0, sizeof(servaddr));
    servaddr.sin_family = AF_INET;
    servaddr.sin_addr.s_addr = htonl(INADDR_ANY);
    servaddr.sin_port = htons(conf->port);

    /* create socket */
    if((listener->server_socket = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
        perror("Error: http_listener_new: socket");
        return NULL;
    }

    int o = 1;
    setsockopt(
            listener->server_socket,
            SOL_SOCKET, SO_REUSEADDR,
            &o,
            sizeof(int));

    /* bind server socket to address */
    if(bind(listener->server_socket, (struct sockaddr*)&servaddr, sizeof(servaddr))){
        log_ereport(LOG_FAILURE, "http_listener_new: bind failed. Port: %d", conf->port);
        return NULL;
    }

    /* create acceptors */
    listener->acceptors = calloc(listener->nacceptors, sizeof(void*));
    for (int i=0;i<listener->nacceptors;i++) {
        listener->acceptors[i] = acceptor_new(listener);
    }

    return listener;
}

int http_listener_start(HttpListener *listener) {
    if(listener->running) {
        return 0;
    }
    log_ereport(LOG_INFORM, "start listener on port %d", listener->port);

    if (listen(listener->server_socket, 256) == -1) {
        log_ereport(LOG_FAILURE, "http_listener_start: listen failed");
        return -1;
    }

    /* start acceptor threads */
    for (int i=0;i<listener->nacceptors;i++) {
        acceptor_start(listener->acceptors[i]);
    }

    return 0;
}

void http_listener_ref(HttpListener *listener) {
    ws_atomic_inc32(&listener->ref);
}

void http_listener_unref(HttpListener *listener) {
    uint32_t ref = ws_atomic_dec32(&listener->ref);
    if(ref == 0) {
        free(listener->acceptors);
        // TODO: unref cfg
        // TODO: unref session handler
        free(listener);
    }
}



Acceptor* acceptor_new(HttpListener *listener) {
    Acceptor *acceptor = malloc(sizeof(Acceptor));
    acceptor->listener = listener;
    return acceptor;
}

void acceptor_start(Acceptor *a) {
    if(pthread_create(
            &a->tid,
            NULL,
            (void*(*)(void*))acceptor_thread,
            a) != 0)
    {
        perror("Error: acceptor_start: pthread_create");
    }
}

void* acceptor_thread(Acceptor *acceptor) {
    WS_ASSERT(acceptor);
    WS_ASSERT(acceptor->listener);
    WS_ASSERT(acceptor->listener->session_handler);
    WS_ASSERT(acceptor->listener->session_handler->enqueue_connection);
    
    HttpListener *listener = acceptor->listener;

    for (;;) {
        /* accept connections */
        struct sockaddr_in ca;
        socklen_t length = sizeof(ca);
        int clientfd;

        /* accept a connection */
        clientfd = accept(
                listener->server_socket,
                (struct sockaddr*)&ca,
                &length);
        if (clientfd == -1) {
            perror("Error: acceptor_thread: accept");
            continue;
        }
                 
        // check listener
        HttpListener *ls = listener;
        int acceptor_exit = 0;
        while(ls->next) {
            ls = ls->next;
            acceptor_exit = 1;
        }
        
        /* create Connection object */
        Connection *conn = malloc(sizeof(Connection));
        conn->address = ca;
        conn->fd = clientfd;
        conn->listener = ls;
        if(ls->ssl) {
            SSL *ssl = SSL_new(ls->ssl->sslctx);
            SSL_set_fd(ssl, clientfd);
            int ssl_ar = SSL_accept(ssl);
            if(ssl_ar <= 0) {
                int error = SSL_get_error(ssl, ssl_ar);
                char *errstr;
                switch(error) {
                    default: errstr = "unknown"; break;
                    case SSL_ERROR_ZERO_RETURN: errstr = "SSL_ERROR_ZERO_RETURN"; break;
                    case SSL_ERROR_WANT_READ: errstr = "SSL_ERROR_WANT_READ"; break;
                    case SSL_ERROR_WANT_WRITE: errstr = "SSL_ERROR_WANT_WRITE"; break;
                    case SSL_ERROR_WANT_CONNECT: errstr = "SSL_ERROR_WANT_CONNECT"; break;
                    case SSL_ERROR_WANT_ACCEPT: errstr = "SSL_ERROR_WANT_ACCEPT"; break;
                    case SSL_ERROR_WANT_X509_LOOKUP: errstr = "SSL_ERROR_WANT_X509_LOOKUP"; break;
                    case SSL_ERROR_SYSCALL: errstr = "SSL_ERROR_SYSCALL"; break;
                    case SSL_ERROR_SSL: errstr = "SL_ERROR_SSL"; break;
                }
                log_ereport(LOG_VERBOSE, "SSL accept error[%d]: %s", error, errstr);
                free(conn);
                conn = NULL;
                close(clientfd);
            } else {
                conn->ssl = ssl;
                conn->read = connection_ssl_read;
                conn->write = connection_ssl_write;
                conn->close = connection_ssl_close;
            }
        } else {
            conn->ssl = NULL;
            conn->read = connection_read;
            conn->write = connection_write;
            conn->close = connection_close;
        }
        
        if(conn) {
            cfg_ref(ls->cfg);

            /* enqueue the connection */
            ls->session_handler->enqueue_connection(
                    ls->session_handler,
                    conn);
        }

        /* ready for new connection */
        
        if(acceptor_exit) {
            // this acceptor is outdated
            break;
        }
    }
    
    http_listener_unref(listener->next);
    http_listener_unref(listener);
    
    return NULL;
}

mercurial