Makefile- acl.c
- acl.h
- acldata.c
- acldata.h
- auth.c
- auth.h
- config.c
- config.h
- configmanager.c
- configmanager.h
- error.c
- error.h
- event.c
- event.h
- event_bsd.c
- event_bsd.h
- event_linux.c
- event_linux.h
- event_solaris.c
- event_solaris.h
- func.c
- func.h
- http.c
- http.h
- httplistener.c
- httplistener.h
- httpparser.c
- httpparser.h
- httprequest.c
- httprequest.h
- keyfile_auth.c
- keyfile_auth.h
- ldap_auth.c
- ldap_auth.h
- log.c
- log.h
- main.c
- netsite.h
- objs.mk
- protocol.c
- protocol.h
- request.c
- request.h
- session.c
- session.h
- sessionhandler.c
- sessionhandler.h
- srvctrl.c
- srvctrl.h
- threadpools.c
- threadpools.h
- vfs.c
- vfs.h
- vserver.c
- vserver.h
- webserver.c
- webserver.h
- websocket.c
- websocket.h
- ws-fn.c
/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright 2013 Olaf Wintermann. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#include "../public/nsapi.h"
#include <stdio.h>
#include <stdlib.h>
#include <fcntl.h>
#include <sys/shm.h>
#include <sys/types.h>
#include <sys/ipc.h>
#include <sys/socket.h>
#include <sys/file.h>
#include <netinet/in.h>
#include <netdb.h>
#include <stdio.h>
#include <stdlib.h>
#include <fcntl.h>
#include <unistd.h>
#include <strings.h>
#include <stdbool.h>
#include <pthread.h>
#include <ucx/map.h>
#include "../util/atomic.h"
#include "httplistener.h"
#include "netsite.h"
#include "session.h"
#include "configmanager.h"
#include "log.h"
UcxMap *listener_map = NULL;
int start_all_listener() {
ServerConfiguration *conf = cfgmgr_get_server_config();
UcxList *ls = conf->listeners;
while(ls) {
HttpListener *listener = ls->data;
http_listener_start(listener);
ls = ls->next;
}
return 0;
}
HttpListener* http_listener_create(ListenerConfig *conf) {
if(listener_map == NULL) {
listener_map = ucx_map_new(16);
}
HttpListener *fl = ucx_map_sstr_get(listener_map, conf->name);
if(fl == NULL) {
return http_listener_new(conf);
}
HttpListener* newls = calloc(1, sizeof(HttpListener));
if(newls == NULL) {
// TODO: error
}
newls->name = conf->name;
newls->cfg = conf->cfg;
newls->nacceptors = conf->nacceptors;
newls->default_vs.vs_name = conf->vs.ptr;
newls->port = fl->port;
newls->server_socket = fl->server_socket;
newls->running = 1;
newls->threadpool = NULL;
newls->ref = 2; // 1 reference is fl->next
newls->session_handler = fl->session_handler; // TODO
// the listener threadpool might be changed
if(conf->threadpool.ptr != NULL) {
newls->threadpool = get_threadpool(conf->threadpool);
}
if(newls->threadpool == NULL) {
newls->threadpool = get_default_threadpool();
}
// create acceptor threads
newls->acceptors = calloc(newls->nacceptors, sizeof(void*));
for (int i=0;i<newls->nacceptors;i++) {
newls->acceptors[i] = acceptor_new(newls);
}
// fl hold one reference of newls
fl->next = newls;
ucx_map_sstr_put(listener_map, newls->name, newls);
for (int i=0;i<newls->nacceptors;i++) {
acceptor_start(newls->acceptors[i]);
}
// check if a restart is required to apply all changes
if(newls->port != conf->port) {
// TODO: log
}
return newls;
}
HttpListener* http_listener_new(ListenerConfig *conf) {
// TODO: remove
if(listener_map == NULL) {
listener_map = ucx_map_new(16);
}
HttpListener *fl = ucx_map_sstr_get(listener_map, conf->name);
if(fl != NULL) {
return fl;
}
// end remove
HttpListener *listener = malloc(sizeof(HttpListener));
listener->running = 0;
listener->cfg = conf->cfg;
listener->name = conf->name;
listener->default_vs.vs_name = conf->vs.ptr;
listener->threadpool = NULL;
if(conf->threadpool.ptr != NULL) {
listener->threadpool = get_threadpool(conf->threadpool);
}
if(listener->threadpool == NULL) {
listener->threadpool = get_default_threadpool();
}
if(conf->blockingio) {
listener->session_handler = create_basic_session_handler();
} else {
listener->session_handler = create_event_session_handler();
}
listener->nacceptors = conf->nacceptors;
listener->port = conf->port;
listener->ref = 1;
listener->next = NULL;
listener->ssl = NULL;
int error = 0;
if(conf->ssl) {
listener->ssl = malloc(sizeof(HttpSSL));
SSL_CTX *ctx = SSL_CTX_new(SSLv23_server_method());
SSL_CTX_set_options(
ctx,
SSL_OP_SINGLE_DH_USE | SSL_OP_NO_SSLv3);
if(conf->disable_proto.ptr) {
ssize_t n = 0;
sstr_t *plist = sstrsplit(conf->disable_proto, S(","), &n);
if(plist) {
for(int i=0;i<n;i++) {
sstr_t proto = plist[i];
log_ereport(
LOG_VERBOSE,
"Listener %s: Disable protocol %s",
listener->name.ptr,
proto.ptr);
if(!sstrcasecmp(sstrtrim(proto), S("SSLv2"))) {
SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
} else if(!sstrcasecmp(sstrtrim(proto), S("SSLv3"))) {
SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3);
} else if(!sstrcasecmp(sstrtrim(proto), S("TLSv1"))) {
SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1);
} else if(!sstrcasecmp(sstrtrim(proto), S("TLSv1.1"))) {
#ifdef SSL_OP_NO_TLSv1_1
SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1_1);
#else
log_ereport(
LOG_WARN,
"Listener: %s: TLSv1.1 already not supported",
listener->name.ptr);
#endif
} else if(sstrcasecmp(sstrtrim(proto), S("TLSv1.2"))) {
#ifdef SSL_OP_NO_TLSv1_2
SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1_2);
#else
log_ereport(
LOG_WARN,
"Listener: %s: TLSv1.2 already not supported",
listener->name.ptr);
#endif
} else if(sstrcasecmp(sstrtrim(proto), S("TLSv1.3"))) {
#ifdef SSL_OP_NO_TLSv1_3
SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1_3);
#else
log_ereport(
LOG_WARN,
"Listener: %s: TLSv1.3 already not supported",
listener->name.ptr);
#endif
} else {
error = 1;
log_ereport(
LOG_MISCONFIG,
"Listener: %s: Unknown protocol %s",
listener->name.ptr,
proto.ptr);
}
free(proto.ptr);
}
free(plist);
}
}
if(error) {
return NULL;
}
// TODO: cleanup on error
sstr_t file;
int ret;
char errbuf[512];
if(!conf->chainfile.ptr) {
file = sstrdup(conf->certfile);
ret = SSL_CTX_use_certificate_file(ctx, file.ptr, SSL_FILETYPE_PEM);
free(file.ptr);
if(!ret) {
ERR_error_string(ERR_get_error(), errbuf);
log_ereport(LOG_MISCONFIG, "Cannot load ssl chain file: %s", errbuf);
return NULL;
}
} else {
file = sstrdup(conf->chainfile);
ret = SSL_CTX_use_certificate_chain_file(ctx, file.ptr);
free(file.ptr);
if(!ret) {
ERR_error_string(ERR_get_error(), errbuf);
log_ereport(LOG_MISCONFIG, "Cannot load ssl cert file: %s", errbuf);
return NULL;
}
}
file = sstrdup(conf->privkeyfile);
ret = SSL_CTX_use_PrivateKey_file(ctx, file.ptr, SSL_FILETYPE_PEM);
free(file.ptr);
if(!ret) {
ERR_error_string(ERR_get_error(), errbuf);
log_ereport(LOG_MISCONFIG, "Cannot load ssl key file: %s", errbuf);
return NULL;
}
// TODO: chain
listener->ssl->sslctx = ctx;
}
ucx_map_sstr_put(listener_map, listener->name, listener);
struct sockaddr_in servaddr; /* server address */
/* init address structure */
memset(&servaddr, 0, sizeof(servaddr));
servaddr.sin_family = AF_INET;
servaddr.sin_addr.s_addr = htonl(INADDR_ANY);
servaddr.sin_port = htons(conf->port);
/* create socket */
if((listener->server_socket = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
perror("Error: http_listener_new: socket");
return NULL;
}
int o = 1;
setsockopt(
listener->server_socket,
SOL_SOCKET, SO_REUSEADDR,
&o,
sizeof(int));
/* bind server socket to address */
if(bind(listener->server_socket, (struct sockaddr*)&servaddr, sizeof(servaddr))){
log_ereport(LOG_FAILURE, "http_listener_new: bind failed. Port: %d", conf->port);
return NULL;
}
/* create acceptors */
listener->acceptors = calloc(listener->nacceptors, sizeof(void*));
for (int i=0;i<listener->nacceptors;i++) {
listener->acceptors[i] = acceptor_new(listener);
}
return listener;
}
int http_listener_start(HttpListener *listener) {
if(listener->running) {
return 0;
}
log_ereport(LOG_INFORM, "start listener on port %d", listener->port);
if (listen(listener->server_socket, 256) == -1) {
log_ereport(LOG_FAILURE, "http_listener_start: listen failed");
return -1;
}
/* start acceptor threads */
for (int i=0;i<listener->nacceptors;i++) {
acceptor_start(listener->acceptors[i]);
}
return 0;
}
void http_listener_ref(HttpListener *listener) {
ws_atomic_inc32(&listener->ref);
}
void http_listener_unref(HttpListener *listener) {
uint32_t ref = ws_atomic_dec32(&listener->ref);
if(ref == 0) {
free(listener->acceptors);
// TODO: unref cfg
// TODO: unref session handler
free(listener);
}
}
Acceptor* acceptor_new(HttpListener *listener) {
Acceptor *acceptor = malloc(sizeof(Acceptor));
acceptor->listener = listener;
return acceptor;
}
void acceptor_start(Acceptor *a) {
if(pthread_create(
&a->tid,
NULL,
(void*(*)(void*))acceptor_thread,
a) != 0)
{
perror("Error: acceptor_start: pthread_create");
}
}
void* acceptor_thread(Acceptor *acceptor) {
WS_ASSERT(acceptor);
WS_ASSERT(acceptor->listener);
WS_ASSERT(acceptor->listener->session_handler);
WS_ASSERT(acceptor->listener->session_handler->enqueue_connection);
HttpListener *listener = acceptor->listener;
for (;;) {
/* accept connections */
struct sockaddr_in ca;
socklen_t length = sizeof(ca);
int clientfd;
/* accept a connection */
clientfd = accept(
listener->server_socket,
(struct sockaddr*)&ca,
&length);
if (clientfd == -1) {
perror("Error: acceptor_thread: accept");
continue;
}
// check listener
HttpListener *ls = listener;
int acceptor_exit = 0;
while(ls->next) {
ls = ls->next;
acceptor_exit = 1;
}
/* create Connection object */
Connection *conn = malloc(sizeof(Connection));
conn->address = ca;
conn->fd = clientfd;
conn->listener = ls;
conn->ssl_accepted = 0;
if(ls->ssl) {
// SSL connections are always non-blocking
// set socket non blocking
int flags;
if((flags = fcntl(conn->fd, F_GETFL, 0)) == -1) {
flags = 0;
}
if(fcntl(conn->fd, F_SETFL, flags | O_NONBLOCK)) {
perror("Error: acceptor_thread: fcntl");
// TODO: error
}
SSL *ssl = SSL_new(ls->ssl->sslctx);
SSL_set_fd(ssl, clientfd);
conn->ssl = ssl;
conn->read = connection_ssl_read;
conn->write = connection_ssl_write;
conn->close = connection_ssl_close;
} else {
conn->ssl = NULL;
conn->read = connection_read;
conn->write = connection_write;
conn->close = connection_close;
}
if(conn) {
cfg_ref(ls->cfg);
/* enqueue the connection */
ls->session_handler->enqueue_connection(
ls->session_handler,
conn);
}
/* ready for new connection */
if(acceptor_exit) {
// this acceptor is outdated
break;
}
}
http_listener_unref(listener->next);
http_listener_unref(listener);
return NULL;
}