2013-04-17 22:34:27 +02:00
|
|
|
/*
|
|
|
|
|
* Copyright (c) 2013 Joris Vink <joris@coders.se>
|
|
|
|
|
*
|
|
|
|
|
* Permission to use, copy, modify, and distribute this software for any
|
|
|
|
|
* purpose with or without fee is hereby granted, provided that the above
|
|
|
|
|
* copyright notice and this permission notice appear in all copies.
|
|
|
|
|
*
|
|
|
|
|
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
|
|
|
|
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
|
|
|
|
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
|
|
|
|
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
|
|
|
|
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
|
|
|
|
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
|
|
|
|
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include <sys/param.h>
|
|
|
|
|
#include <sys/types.h>
|
|
|
|
|
#include <sys/socket.h>
|
|
|
|
|
#include <sys/queue.h>
|
2013-06-04 11:55:38 +02:00
|
|
|
#include <sys/wait.h>
|
2013-04-17 22:34:27 +02:00
|
|
|
|
|
|
|
|
#include <netinet/in.h>
|
|
|
|
|
#include <arpa/inet.h>
|
|
|
|
|
|
2013-04-21 20:21:46 +02:00
|
|
|
#include <openssl/err.h>
|
|
|
|
|
#include <openssl/ssl.h>
|
|
|
|
|
|
2013-05-04 22:18:27 +02:00
|
|
|
#include <pwd.h>
|
2013-04-17 22:34:27 +02:00
|
|
|
#include <errno.h>
|
2013-05-04 22:18:27 +02:00
|
|
|
#include <grp.h>
|
2013-04-17 22:34:27 +02:00
|
|
|
#include <fcntl.h>
|
2013-05-03 00:04:06 +02:00
|
|
|
#include <signal.h>
|
2013-04-17 22:34:27 +02:00
|
|
|
#include <stdio.h>
|
|
|
|
|
#include <stdlib.h>
|
|
|
|
|
#include <string.h>
|
2013-06-04 13:54:16 +02:00
|
|
|
#include <sched.h>
|
2013-06-04 23:24:47 +02:00
|
|
|
#include <syslog.h>
|
2013-04-17 22:34:27 +02:00
|
|
|
#include <unistd.h>
|
2013-05-01 20:10:45 +02:00
|
|
|
#include <time.h>
|
2013-05-29 14:29:46 +02:00
|
|
|
#include <regex.h>
|
2013-05-01 12:23:21 +02:00
|
|
|
#include <zlib.h>
|
2013-05-04 22:18:27 +02:00
|
|
|
#include <unistd.h>
|
2013-04-17 22:34:27 +02:00
|
|
|
|
2013-04-28 19:11:44 +02:00
|
|
|
#include "spdy.h"
|
2013-04-17 22:34:27 +02:00
|
|
|
#include "kore.h"
|
2013-05-01 08:09:04 +02:00
|
|
|
#include "http.h"
|
2013-04-17 22:34:27 +02:00
|
|
|
|
2013-05-03 00:04:06 +02:00
|
|
|
volatile sig_atomic_t sig_recv;
|
2013-05-02 09:10:35 +02:00
|
|
|
|
2013-06-17 23:39:17 +02:00
|
|
|
struct listener server;
|
2013-06-26 11:18:32 +02:00
|
|
|
struct passwd *pw = NULL;
|
|
|
|
|
pid_t kore_pid = -1;
|
2013-06-17 23:39:17 +02:00
|
|
|
u_int16_t cpu_count = 1;
|
2013-06-05 08:55:07 +02:00
|
|
|
int kore_debug = 0;
|
2013-05-30 19:36:42 +02:00
|
|
|
int server_port = 0;
|
2013-06-04 16:53:30 +02:00
|
|
|
u_int8_t worker_count = 0;
|
2013-05-30 19:36:42 +02:00
|
|
|
char *server_ip = NULL;
|
|
|
|
|
char *runas_user = NULL;
|
2013-06-05 09:47:08 +02:00
|
|
|
char *chroot_path = NULL;
|
2013-06-04 16:53:30 +02:00
|
|
|
char *kore_pidfile = KORE_PIDFILE_DEFAULT;
|
2013-04-17 22:34:27 +02:00
|
|
|
|
2013-06-05 08:55:07 +02:00
|
|
|
static void usage(void);
|
2013-06-26 11:18:32 +02:00
|
|
|
static void kore_server_start(void);
|
|
|
|
|
static void kore_write_kore_pid(void);
|
2013-06-24 11:32:45 +02:00
|
|
|
static void kore_server_sslstart(void);
|
2013-04-21 20:35:47 +02:00
|
|
|
static int kore_server_bind(struct listener *, const char *, int);
|
2013-04-17 22:34:27 +02:00
|
|
|
|
2013-06-05 08:55:07 +02:00
|
|
|
static void
|
|
|
|
|
usage(void)
|
|
|
|
|
{
|
|
|
|
|
fprintf(stderr, "Usage: kore [-c config] [-d]\n");
|
|
|
|
|
exit(1);
|
|
|
|
|
}
|
|
|
|
|
|
2013-04-17 22:34:27 +02:00
|
|
|
int
|
|
|
|
|
main(int argc, char *argv[])
|
|
|
|
|
{
|
2013-06-05 08:55:07 +02:00
|
|
|
int ch;
|
2013-06-04 11:55:38 +02:00
|
|
|
struct kore_worker *kw, *next;
|
2013-04-17 22:34:27 +02:00
|
|
|
|
2013-06-04 16:53:30 +02:00
|
|
|
if (getuid() != 0)
|
|
|
|
|
fatal("kore must be started as root");
|
2013-04-17 22:34:27 +02:00
|
|
|
|
2013-06-05 08:55:07 +02:00
|
|
|
kore_debug = 0;
|
|
|
|
|
while ((ch = getopt(argc, argv, "c:d")) != -1) {
|
|
|
|
|
switch (ch) {
|
|
|
|
|
case 'c':
|
|
|
|
|
config_file = optarg;
|
|
|
|
|
break;
|
|
|
|
|
case 'd':
|
|
|
|
|
kore_debug = 1;
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
usage();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
argc -= optind;
|
|
|
|
|
argv += optind;
|
|
|
|
|
|
2013-06-26 11:18:32 +02:00
|
|
|
kore_pid = getpid();
|
2013-06-24 11:32:45 +02:00
|
|
|
kore_domain_init();
|
|
|
|
|
kore_server_sslstart();
|
|
|
|
|
|
2013-06-26 11:18:32 +02:00
|
|
|
kore_parse_config();
|
2013-06-24 09:36:40 +02:00
|
|
|
kore_log_init();
|
|
|
|
|
kore_platform_init();
|
|
|
|
|
kore_accesslog_init();
|
2013-05-04 22:18:27 +02:00
|
|
|
|
2013-05-03 00:04:06 +02:00
|
|
|
sig_recv = 0;
|
|
|
|
|
signal(SIGHUP, kore_signal);
|
2013-06-05 09:47:08 +02:00
|
|
|
signal(SIGQUIT, kore_signal);
|
|
|
|
|
|
2013-06-26 11:18:32 +02:00
|
|
|
kore_server_start();
|
2013-05-03 00:04:06 +02:00
|
|
|
|
2013-04-17 22:34:27 +02:00
|
|
|
for (;;) {
|
2013-06-04 11:55:38 +02:00
|
|
|
if (sig_recv != 0) {
|
|
|
|
|
if (sig_recv == SIGHUP) {
|
2013-06-05 13:50:50 +02:00
|
|
|
kore_module_reload();
|
2013-06-04 11:55:38 +02:00
|
|
|
TAILQ_FOREACH(kw, &kore_workers, list) {
|
|
|
|
|
if (kill(kw->pid, SIGHUP) == -1) {
|
2013-06-04 16:33:35 +02:00
|
|
|
kore_debug("kill(%d, HUP): %s",
|
2013-06-04 11:55:38 +02:00
|
|
|
kw->pid, errno_s);
|
|
|
|
|
}
|
2013-05-30 19:36:42 +02:00
|
|
|
}
|
2013-06-04 13:43:11 +02:00
|
|
|
} else if (sig_recv == SIGQUIT) {
|
2013-06-04 11:55:38 +02:00
|
|
|
break;
|
2013-05-30 20:38:25 +02:00
|
|
|
}
|
2013-06-04 11:55:38 +02:00
|
|
|
sig_recv = 0;
|
2013-05-30 20:38:25 +02:00
|
|
|
}
|
|
|
|
|
|
2013-06-24 09:36:40 +02:00
|
|
|
if (!kore_accesslog_wait())
|
|
|
|
|
break;
|
2013-06-26 11:18:32 +02:00
|
|
|
kore_platform_worker_wait(0);
|
2013-06-04 11:55:38 +02:00
|
|
|
}
|
2013-05-02 09:10:35 +02:00
|
|
|
|
2013-06-04 11:55:38 +02:00
|
|
|
for (kw = TAILQ_FIRST(&kore_workers); kw != NULL; kw = next) {
|
|
|
|
|
next = TAILQ_NEXT(kw, list);
|
|
|
|
|
if (kill(kw->pid, SIGINT) == -1)
|
2013-06-04 16:30:53 +02:00
|
|
|
kore_debug("kill(%d, SIGINT): %s", kw->pid, errno_s);
|
2013-06-04 11:55:38 +02:00
|
|
|
}
|
2013-05-30 19:36:42 +02:00
|
|
|
|
2013-06-04 23:24:47 +02:00
|
|
|
kore_log(LOG_NOTICE, "waiting for workers to drain and finish");
|
2013-06-04 16:17:42 +02:00
|
|
|
while (!TAILQ_EMPTY(&kore_workers))
|
2013-06-26 11:18:32 +02:00
|
|
|
kore_platform_worker_wait(1);
|
2013-04-17 22:34:27 +02:00
|
|
|
|
2013-06-04 23:24:47 +02:00
|
|
|
kore_log(LOG_NOTICE, "server shutting down");
|
2013-06-04 16:53:30 +02:00
|
|
|
unlink(kore_pidfile);
|
2013-04-17 22:34:27 +02:00
|
|
|
close(server.fd);
|
2013-06-04 11:55:38 +02:00
|
|
|
|
2013-04-17 22:34:27 +02:00
|
|
|
return (0);
|
|
|
|
|
}
|
|
|
|
|
|
2013-06-24 11:32:45 +02:00
|
|
|
int
|
|
|
|
|
kore_ssl_npn_cb(SSL *ssl, const u_char **data, unsigned int *len, void *arg)
|
2013-06-17 23:39:17 +02:00
|
|
|
{
|
2013-06-24 11:32:45 +02:00
|
|
|
kore_debug("kore_ssl_npn_cb(): sending protocols");
|
2013-06-17 23:39:17 +02:00
|
|
|
|
2013-06-24 11:32:45 +02:00
|
|
|
*data = (const unsigned char *)KORE_SSL_PROTO_STRING;
|
|
|
|
|
*len = strlen(KORE_SSL_PROTO_STRING);
|
2013-06-17 23:39:17 +02:00
|
|
|
|
2013-06-24 11:32:45 +02:00
|
|
|
return (SSL_TLSEXT_ERR_OK);
|
|
|
|
|
}
|
2013-06-17 23:39:17 +02:00
|
|
|
|
2013-06-24 11:32:45 +02:00
|
|
|
int
|
|
|
|
|
kore_ssl_sni_cb(SSL *ssl, int *ad, void *arg)
|
|
|
|
|
{
|
|
|
|
|
struct kore_domain *dom;
|
|
|
|
|
const char *sname;
|
|
|
|
|
|
|
|
|
|
sname = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
|
|
|
|
|
kore_debug("kore_ssl_sni_cb(): received host %s", sname);
|
|
|
|
|
|
|
|
|
|
if (sname != NULL && (dom = kore_domain_lookup(sname)) != NULL) {
|
|
|
|
|
kore_debug("kore_ssl_sni_cb(): Using %s CTX", sname);
|
|
|
|
|
SSL_set_SSL_CTX(ssl, dom->ssl_ctx);
|
|
|
|
|
return (SSL_TLSEXT_ERR_OK);
|
2013-06-17 23:39:17 +02:00
|
|
|
}
|
|
|
|
|
|
2013-06-24 11:32:45 +02:00
|
|
|
return (SSL_TLSEXT_ERR_NOACK);
|
|
|
|
|
}
|
2013-06-17 23:39:17 +02:00
|
|
|
|
2013-06-26 11:18:32 +02:00
|
|
|
void
|
|
|
|
|
kore_signal(int sig)
|
|
|
|
|
{
|
|
|
|
|
sig_recv = sig;
|
|
|
|
|
}
|
|
|
|
|
|
2013-06-24 11:32:45 +02:00
|
|
|
static void
|
|
|
|
|
kore_server_sslstart(void)
|
|
|
|
|
{
|
|
|
|
|
kore_debug("kore_server_sslstart()");
|
|
|
|
|
|
|
|
|
|
SSL_library_init();
|
|
|
|
|
SSL_load_error_strings();
|
2013-06-17 23:39:17 +02:00
|
|
|
}
|
|
|
|
|
|
2013-06-26 11:18:32 +02:00
|
|
|
static void
|
|
|
|
|
kore_server_start(void)
|
|
|
|
|
{
|
|
|
|
|
if (!kore_server_bind(&server, server_ip, server_port))
|
|
|
|
|
fatal("cannot bind to %s:%d", server_ip, server_port);
|
|
|
|
|
if (daemon(1, 1) == -1)
|
|
|
|
|
fatal("cannot daemon(): %s", errno_s);
|
|
|
|
|
|
|
|
|
|
kore_pid = getpid();
|
|
|
|
|
kore_write_kore_pid();
|
|
|
|
|
|
|
|
|
|
kore_log(LOG_NOTICE, "kore is starting up");
|
|
|
|
|
kore_platform_proctitle("kore [parent]");
|
|
|
|
|
|
|
|
|
|
kore_worker_init();
|
|
|
|
|
|
|
|
|
|
free(server_ip);
|
|
|
|
|
free(runas_user);
|
|
|
|
|
}
|
|
|
|
|
|
2013-06-17 23:39:17 +02:00
|
|
|
static int
|
|
|
|
|
kore_server_bind(struct listener *l, const char *ip, int port)
|
|
|
|
|
{
|
|
|
|
|
int on;
|
|
|
|
|
|
|
|
|
|
kore_debug("kore_server_bind(%p, %s, %d)", l, ip, port);
|
|
|
|
|
|
|
|
|
|
if ((l->fd = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
|
|
|
|
|
kore_debug("socket(): %s", errno_s);
|
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
on = 1;
|
|
|
|
|
if (setsockopt(l->fd, SOL_SOCKET, SO_REUSEADDR, (const char *)&on,
|
|
|
|
|
sizeof(on)) == -1) {
|
|
|
|
|
kore_debug("setsockopt(): %s", errno_s);
|
|
|
|
|
close(l->fd);
|
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
memset(&(l->sin), 0, sizeof(l->sin));
|
|
|
|
|
l->sin.sin_family = AF_INET;
|
|
|
|
|
l->sin.sin_port = htons(port);
|
|
|
|
|
l->sin.sin_addr.s_addr = inet_addr(ip);
|
|
|
|
|
|
|
|
|
|
if (bind(l->fd, (struct sockaddr *)&(l->sin), sizeof(l->sin)) == -1) {
|
|
|
|
|
close(l->fd);
|
|
|
|
|
kore_debug("bind(): %s", errno_s);
|
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (listen(l->fd, 50) == -1) {
|
|
|
|
|
close(l->fd);
|
|
|
|
|
kore_debug("listen(): %s", errno_s);
|
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
2013-06-26 11:18:32 +02:00
|
|
|
kore_write_kore_pid(void)
|
2013-06-04 16:53:30 +02:00
|
|
|
{
|
|
|
|
|
FILE *fp;
|
|
|
|
|
|
|
|
|
|
if ((fp = fopen(kore_pidfile, "w+")) == NULL) {
|
2013-06-26 11:18:32 +02:00
|
|
|
kore_debug("kore_write_kore_pid(): fopen() %s", errno_s);
|
2013-06-04 16:53:30 +02:00
|
|
|
} else {
|
2013-06-26 11:18:32 +02:00
|
|
|
fprintf(fp, "%d\n", kore_pid);
|
2013-06-04 16:53:30 +02:00
|
|
|
fclose(fp);
|
|
|
|
|
}
|
|
|
|
|
}
|
