ant-http/httpd.c

338 lines
9.2 KiB
C
Raw Normal View History

2015-10-22 11:39:11 +02:00
#include <dirent.h>
#include "http_server.h"
2019-11-13 11:48:54 +01:00
#include "lib/ini.h"
2019-11-08 15:54:41 +01:00
2019-12-11 23:17:42 +01:00
static antd_scheduler_t scheduler;
#ifdef USE_OPENSSL
2019-11-08 15:54:41 +01:00
// define the cipher suit used
// dirty hack, this should be configured by the configuration file
2019-12-15 12:10:06 +01:00
#define CIPHER_SUIT "HIGH"
2015-10-22 11:39:11 +02:00
2018-02-10 16:57:21 +01:00
static int ssl_session_ctx_id = 1;
2018-03-02 19:04:00 +01:00
SSL_CTX *ctx;
2018-02-10 11:22:41 +01:00
void init_openssl()
{
SSL_load_error_strings();
OpenSSL_add_ssl_algorithms();
}
void cleanup_openssl()
{
EVP_cleanup();
}
SSL_CTX *create_context()
{
const SSL_METHOD *method;
SSL_CTX *ctx;
method = SSLv23_server_method();
ctx = SSL_CTX_new(method);
if (!ctx) {
2019-12-11 23:17:42 +01:00
ERROR("Unable to create SSL context");
ERR_print_errors_fp(stderr);
exit(EXIT_FAILURE);
2018-02-10 11:22:41 +01:00
}
return ctx;
}
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
static unsigned char antd_protocols[] = {
//TODO: add support to HTTP/2 protocol: 2,'h', '2',
8, 'h', 't', 't', 'p', '/', '1', '.', '1'
};
static int alpn_advertise_protos_cb(SSL *ssl, const unsigned char **out, unsigned int *outlen,void *arg)
{
UNUSED(ssl);
UNUSED(arg);
*out = antd_protocols;
*outlen = sizeof(antd_protocols);
return SSL_TLSEXT_ERR_OK;
}
static int alpn_select_cb(SSL *ssl, const unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg)
{
UNUSED(ssl);
UNUSED(arg);
if(SSL_select_next_proto((unsigned char **)out, outlen,antd_protocols,sizeof(antd_protocols),in, inlen) == OPENSSL_NPN_NEGOTIATED)
{
return SSL_TLSEXT_ERR_OK;
}
else
{
ERROR("No protocol support overlap found between client and server\n");
return SSL_TLSEXT_ERR_ALERT_FATAL;
}
}
#endif
2018-02-10 11:22:41 +01:00
void configure_context(SSL_CTX *ctx)
{
2018-03-19 12:06:22 +01:00
#if defined(SSL_CTX_set_ecdh_auto)
2018-02-10 11:22:41 +01:00
SSL_CTX_set_ecdh_auto(ctx, 1);
2018-03-19 12:06:22 +01:00
#else
SSL_CTX_set_tmp_ecdh(ctx, EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
#endif
//SSL_CTX_set_ecdh_auto(ctx, 1);
2018-02-10 16:57:21 +01:00
/* Set some options and the session id.
* SSL_OP_NO_SSLv2: SSLv2 is insecure, disable it.
* SSL_OP_NO_TICKET: We don't want TLS tickets used because this is an SSL server caching example.
* It should be fine to use tickets in addition to server side caching.
*/
2019-11-08 15:26:10 +01:00
SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_SSLv2|SSL_OP_NO_TICKET);
2018-02-10 16:57:21 +01:00
SSL_CTX_set_session_id_context(ctx, (void *)&ssl_session_ctx_id, sizeof(ssl_session_ctx_id));
2019-11-08 15:54:41 +01:00
// set the cipher suit
2019-12-15 18:23:01 +01:00
config_t * cnf = config();
const char* suit = cnf->ssl_cipher?cnf->ssl_cipher:CIPHER_SUIT;
2019-12-19 09:58:19 +01:00
LOG("Cirpher suit used: %s", suit);
2019-12-15 18:23:01 +01:00
if (SSL_CTX_set_cipher_list(ctx, suit) != 1)
2019-11-08 15:54:41 +01:00
{
2019-12-20 16:49:41 +01:00
ERROR("Fail to set ssl cirpher suit: %s", suit);
2019-11-08 15:54:41 +01:00
ERR_print_errors_fp(stderr);
exit(EXIT_FAILURE);
}
2018-02-10 11:22:41 +01:00
/* Set the key and cert */
2018-06-26 13:40:53 +02:00
/* use the full chain bundle of certificate */
//if (SSL_CTX_use_certificate_file(ctx, server_config->sslcert, SSL_FILETYPE_PEM) <= 0) {
2019-12-20 16:49:41 +01:00
if (SSL_CTX_use_certificate_chain_file(ctx, cnf->sslcert) <= 0) {
ERROR("Fail to read SSL certificate chain file: %s", cnf->sslcert);
2018-06-26 13:40:53 +02:00
ERR_print_errors_fp(stderr);
2018-02-10 16:57:21 +01:00
exit(EXIT_FAILURE);
2018-02-10 11:22:41 +01:00
}
2019-12-20 16:49:41 +01:00
if (SSL_CTX_use_PrivateKey_file(ctx, cnf->sslkey, SSL_FILETYPE_PEM) <= 0 ) {
ERROR("Fail to read SSL private file: %s", cnf->sslkey);
2018-02-10 11:22:41 +01:00
ERR_print_errors_fp(stderr);
2018-02-10 16:57:21 +01:00
exit(EXIT_FAILURE);
}
if (!SSL_CTX_check_private_key(ctx)) {
2019-12-20 16:49:41 +01:00
ERROR("Failed to validate SSL certificate");
2018-02-10 16:57:21 +01:00
ERR_print_errors_fp(stderr);
exit(EXIT_FAILURE);
2018-02-10 11:22:41 +01:00
}
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
SSL_CTX_set_alpn_select_cb(ctx,alpn_select_cb, NULL);
SSL_CTX_set_next_protos_advertised_cb(ctx,alpn_advertise_protos_cb,NULL);
#endif
2018-02-10 11:22:41 +01:00
}
#endif
2019-07-31 15:11:59 +02:00
void stop_serve(int dummy) {
2018-10-03 23:42:42 +02:00
UNUSED(dummy);
sigset_t mask;
sigemptyset(&mask);
//Blocks the SIG_IGN signal (by adding SIG_IGN to newMask)
sigaddset(&mask, SIGINT);
sigaddset(&mask, SIGPIPE);
sigaddset(&mask, SIGABRT);
sigprocmask(SIG_BLOCK, &mask, NULL);
2018-10-04 19:47:31 +02:00
antd_scheduler_destroy(&scheduler);
unload_all_plugin();
2018-03-02 19:04:00 +01:00
#ifdef USE_OPENSSL
2018-10-09 12:15:48 +02:00
FIPS_mode_set(0);
2018-03-02 19:04:00 +01:00
SSL_CTX_free(ctx);
2018-10-09 12:15:48 +02:00
FIPS_mode_set(0);
2019-11-08 11:52:00 +01:00
// DEPRECATED: CONF_modules_unload(1);
2018-10-09 12:15:48 +02:00
EVP_cleanup();
2019-11-08 11:52:00 +01:00
EVP_PBE_cleanup();
// DEPRECATED:ENGINE_cleanup();
2018-10-09 12:15:48 +02:00
CRYPTO_cleanup_all_ex_data();
2019-11-08 11:52:00 +01:00
// DEPRECATED: ERR_remove_state(0);
2018-10-09 12:15:48 +02:00
ERR_free_strings();
2018-03-02 19:04:00 +01:00
#endif
2019-12-11 23:17:42 +01:00
destroy_config();
sigprocmask(SIG_UNBLOCK, &mask, NULL);
}
2019-07-31 15:11:59 +02:00
2015-10-22 11:39:11 +02:00
int main(int argc, char* argv[])
{
// load the config first
if(argc==1)
2019-11-13 14:22:25 +01:00
load_config(CONFIG_FILE);
2015-10-22 11:39:11 +02:00
else
load_config(argv[1]);
int client_sock = -1;
struct sockaddr_in client_name;
socklen_t client_name_len = sizeof(client_name);
2018-03-14 10:51:46 +01:00
char* client_ip = NULL;
2015-10-22 11:39:11 +02:00
// ignore the broken PIPE error when writing
//or reading to/from a closed socked connection
signal(SIGPIPE, SIG_IGN);
2015-10-22 13:31:35 +02:00
signal(SIGABRT, SIG_IGN);
signal(SIGINT, stop_serve);
2018-02-10 11:22:41 +01:00
2019-12-20 16:49:41 +01:00
config_t* conf = config();
2018-02-10 11:22:41 +01:00
#ifdef USE_OPENSSL
2019-12-20 16:49:41 +01:00
if( conf->enable_ssl == 1 )
2018-02-10 11:22:41 +01:00
{
init_openssl();
ctx = create_context();
configure_context(ctx);
}
#endif
2019-12-20 16:49:41 +01:00
// startup port
chain_t it;
port_config_t * pcnf;
int nlisten = 0;
for_each_assoc(it, conf->ports)
{
pcnf = (port_config_t*)it->value;
if(pcnf)
{
pcnf->sock = startup(&pcnf->port);
if(pcnf->sock>0)
{
nlisten++;
set_nonblock(pcnf->sock);
LOG("Listening on port %d", pcnf->port);
}
else
{
ERROR("Port %d is disabled", pcnf->port);
}
}
}
if(nlisten == 0)
{
ERROR("No port is listenned, quit!!");
stop_serve(0);
exit(1);
}
2018-10-03 23:42:42 +02:00
// default to 4 workers
2019-12-20 16:49:41 +01:00
antd_scheduler_init(&scheduler, conf->n_workers);
2019-07-31 15:11:59 +02:00
scheduler.validate_data = 1;
scheduler.destroy_data = finish_request;
2018-10-10 12:42:47 +02:00
// use blocking server_sock
// make the scheduler wait for event on another thread
// this allow to ged rid of high cpu usage on
// endless loop without doing anything
// set_nonblock(server_sock);
pthread_t scheduler_th;
if (pthread_create(&scheduler_th, NULL,(void *(*)(void *))antd_wait, (void*)&scheduler) != 0)
{
2019-12-11 23:17:42 +01:00
ERROR("pthread_create: cannot create worker");
2018-10-10 12:42:47 +02:00
stop_serve(0);
exit(1);
}
else
{
// reclaim data when exit
pthread_detach(scheduler_th);
}
2018-10-14 20:41:44 +02:00
antd_task_t* task = NULL;
2019-12-20 16:49:41 +01:00
fd_set read_flags, write_flags;
// first verify if the socket is ready
struct timeval timeout;
// select
2018-10-03 23:42:42 +02:00
while (scheduler.status)
2015-10-22 11:39:11 +02:00
{
2019-12-20 16:49:41 +01:00
if(conf->connection > conf->maxcon)
2015-10-22 11:39:11 +02:00
{
2019-12-20 16:49:41 +01:00
//ERROR("Reach max connection %d", conf->connection);
timeout.tv_sec = 0;
2019-12-21 00:00:53 +01:00
timeout.tv_usec = 10000; // 5 ms
2019-12-20 16:49:41 +01:00
select(0, NULL, NULL, NULL, &timeout);
2015-10-22 11:39:11 +02:00
continue;
}
2019-12-20 16:49:41 +01:00
for_each_assoc(it, conf->ports)
2018-03-14 10:51:46 +01:00
{
2019-12-20 16:49:41 +01:00
pcnf = (port_config_t*) it->value;
if(pcnf->sock > 0)
{
FD_ZERO(&read_flags);
FD_SET(pcnf->sock, &read_flags);
FD_ZERO(&write_flags);
FD_SET(pcnf->sock, &write_flags);
timeout.tv_sec = 0;
2019-12-21 00:00:53 +01:00
timeout.tv_usec = 10000; // 10 ms
2019-12-20 16:49:41 +01:00
int sel = select(pcnf->sock + 1, &read_flags, &write_flags, (fd_set *)0, &timeout);
if(sel > 0 && (FD_ISSET(pcnf->sock, &read_flags) || FD_ISSET(pcnf->sock, &write_flags)))
{
client_sock = accept(pcnf->sock,(struct sockaddr *)&client_name,&client_name_len);
if (client_sock > 0)
{
// just dump the scheduler when we have a connection
antd_client_t* client = (antd_client_t*)malloc(sizeof(antd_client_t));
antd_request_t* request = (antd_request_t*)malloc(sizeof(*request));
request->client = client;
request->request = dict();
2020-01-08 19:17:51 +01:00
client->zstream = NULL;
client->z_level = ANTD_CNONE;
dictionary_t xheader = dict();
dput(request->request, "REQUEST_HEADER", xheader);
dput(request->request, "REQUEST_DATA", dict());
dput(xheader, "SERVER_PORT", (void *)__s("%d", pcnf->port));
dput(xheader, "SERVER_WWW_ROOT", (void*)strdup(pcnf->htdocs));
2019-12-20 16:49:41 +01:00
/*
get the remote IP
*/
if (client_name.sin_family == AF_INET)
{
client_ip = inet_ntoa(client_name.sin_addr);
LOG("Connect to client IP: %s on port:%d", client_ip, pcnf->port);
2020-01-08 19:17:51 +01:00
// ip address
dput(xheader, "REMOTE_ADDR", (void *)strdup(client_ip));
2019-12-20 16:49:41 +01:00
//LOG("socket: %d\n", client_sock);
}
2018-05-03 15:10:44 +02:00
2019-12-20 16:49:41 +01:00
// set timeout to socket
set_nonblock(client_sock);
/*struct timeval timeout;
timeout.tv_sec = 0;
timeout.tv_usec = 5000;
2018-05-03 15:10:44 +02:00
2019-12-20 16:49:41 +01:00
if (setsockopt (client_sock, SOL_SOCKET, SO_RCVTIMEO, (char *)&timeout,sizeof(timeout)) < 0)
perror("setsockopt failed\n");
2018-05-03 15:10:44 +02:00
2019-12-20 16:49:41 +01:00
if (setsockopt (client_sock, SOL_SOCKET, SO_SNDTIMEO, (char *)&timeout,sizeof(timeout)) < 0)
perror("setsockopt failed\n");
*/
client->sock = client_sock;
time(&client->last_io);
client->ssl = NULL;
2020-01-08 19:17:51 +01:00
#ifdef USE_OPENSSL
2019-12-20 16:49:41 +01:00
client->status = 0;
if(pcnf->usessl == 1)
{
client->ssl = (void*)SSL_new(ctx);
if(!client->ssl) continue;
SSL_set_fd((SSL*)client->ssl, client->sock);
// this can be used in the protocol select callback to
// set the protocol selected by the server
if(!SSL_set_ex_data((SSL*)client->ssl, client->sock, client))
{
ERROR("Cannot set ex data to ssl client:%d", client->sock);
}
2019-12-20 16:49:41 +01:00
/*if (SSL_accept((SSL*)client->ssl) <= 0) {
LOG("EROOR accept\n");
ERR_print_errors_fp(stderr);
antd_close(client);
continue;
}*/
}
#endif
conf->connection++;
// create callback for the server
task = antd_create_task(accept_request,(void*)request, finish_request, client->last_io);
//task->type = LIGHT;
antd_add_task(&scheduler, task);
}
}
}
2018-02-10 11:22:41 +01:00
}
2015-10-22 11:39:11 +02:00
}
2018-03-02 19:04:00 +01:00
2019-12-20 16:49:41 +01:00
stop_serve(0);
2015-10-22 11:39:11 +02:00
return(0);
2019-11-08 15:26:10 +01:00
}