]>
git.ipfire.org Git - thirdparty/openssl.git/blob - apps/lib/http_server.c
6db11f4150f9d2975bff684c49964135966dd94a
2 * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* Very basic HTTP server */
12 #if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS)
14 * On VMS, you need to define this to get the declaration of fileno(). The
15 * value 2 is to make sure no function defined in POSIX-2 is left undefined.
17 # define _POSIX_C_SOURCE 2
21 #include "http_server.h"
22 #include "internal/sockets.h"
23 #include <openssl/err.h>
24 #include <openssl/rand.h>
26 int multi
= 0; /* run multiple responder processes */
29 int acfd
= (int) INVALID_SOCKET
;
33 static int print_syslog(const char *str
, size_t len
, void *levPtr
)
35 int level
= *(int *)levPtr
;
36 int ilen
= len
> MAXERRLEN
? MAXERRLEN
: len
;
38 syslog(level
, "%.*s", ilen
, str
);
44 void log_message(const char *prog
, int level
, const char *fmt
, ...)
53 if (vsnprintf(buf
, sizeof(buf
), fmt
, ap
) > 0)
54 syslog(level
, "%s", buf
);
56 ERR_print_errors_cb(print_syslog
, &level
);
60 BIO_printf(bio_err
, "%s: ", prog
);
61 BIO_vprintf(bio_err
, fmt
, ap
);
62 BIO_printf(bio_err
, "\n");
68 void socket_timeout(int signum
)
70 if (acfd
!= (int)INVALID_SOCKET
)
71 (void)shutdown(acfd
, SHUT_RD
);
74 static void killall(int ret
, pid_t
*kidpids
)
78 for (i
= 0; i
< multi
; ++i
)
80 (void)kill(kidpids
[i
], SIGTERM
);
81 OPENSSL_free(kidpids
);
86 static int termsig
= 0;
88 static void noteterm(int sig
)
94 * Loop spawning up to `multi` child processes, only child processes return
95 * from this function. The parent process loops until receiving a termination
96 * signal, kills extant children and exits without returning.
98 void spawn_loop(const char *prog
)
100 pid_t
*kidpids
= NULL
;
105 openlog(prog
, LOG_PID
, LOG_DAEMON
);
108 syslog(LOG_ERR
, "fatal: error detaching from parent process group: %s",
112 kidpids
= app_malloc(multi
* sizeof(*kidpids
), "child PID array");
113 for (i
= 0; i
< multi
; ++i
)
116 signal(SIGINT
, noteterm
);
117 signal(SIGTERM
, noteterm
);
119 while (termsig
== 0) {
123 * Wait for a child to replace when we're at the limit.
124 * Slow down if a child exited abnormally or waitpid() < 0
126 while (termsig
== 0 && procs
>= multi
) {
127 if ((fpid
= waitpid(-1, &status
, 0)) > 0) {
128 for (i
= 0; i
< procs
; ++i
) {
129 if (kidpids
[i
] == fpid
) {
136 syslog(LOG_ERR
, "fatal: internal error: "
137 "no matching child slot for pid: %ld",
142 if (WIFEXITED(status
))
143 syslog(LOG_WARNING
, "child process: %ld, exit status: %d",
144 (long)fpid
, WEXITSTATUS(status
));
145 else if (WIFSIGNALED(status
))
146 syslog(LOG_WARNING
, "child process: %ld, term signal %d%s",
147 (long)fpid
, WTERMSIG(status
),
149 WCOREDUMP(status
) ? " (core dumped)" :
155 } else if (errno
!= EINTR
) {
156 syslog(LOG_ERR
, "fatal: waitpid(): %s", strerror(errno
));
163 switch (fpid
= fork()) {
165 /* System critically low on memory, pause and try again later */
169 OPENSSL_free(kidpids
);
170 signal(SIGINT
, SIG_DFL
);
171 signal(SIGTERM
, SIG_DFL
);
174 if (RAND_poll() <= 0) {
175 syslog(LOG_ERR
, "fatal: RAND_poll() failed");
179 default: /* parent */
180 for (i
= 0; i
< multi
; ++i
) {
181 if (kidpids
[i
] == 0) {
188 syslog(LOG_ERR
, "fatal: internal error: no free child slots");
195 /* The loop above can only break on termsig */
196 syslog(LOG_INFO
, "terminating on signal: %d", termsig
);
201 #ifndef OPENSSL_NO_SOCK
202 BIO
*http_server_init_bio(const char *prog
, const char *port
)
204 BIO
*acbio
= NULL
, *bufbio
;
206 bufbio
= BIO_new(BIO_f_buffer());
209 acbio
= BIO_new(BIO_s_accept());
211 || BIO_set_bind_mode(acbio
, BIO_BIND_REUSEADDR
) < 0
212 || BIO_set_accept_port(acbio
, port
) < 0) {
213 log_message(prog
, LOG_ERR
, "Error setting up accept BIO");
217 BIO_set_accept_bios(acbio
, bufbio
);
219 if (BIO_do_accept(acbio
) <= 0) {
220 log_message(prog
, LOG_ERR
, "Error starting accept");
233 * Decode %xx URL-decoding in-place. Ignores malformed sequences.
235 static int urldecode(char *p
)
237 unsigned char *out
= (unsigned char *)p
;
238 unsigned char *save
= out
;
243 } else if (isxdigit(_UC(p
[1])) && isxdigit(_UC(p
[2]))) {
244 /* Don't check, can't fail because of ixdigit() call. */
245 *out
++ = (OPENSSL_hexchar2int(p
[1]) << 4)
246 | OPENSSL_hexchar2int(p
[2]);
253 return (int)(out
- save
);
256 int http_server_get_asn1_req(const ASN1_ITEM
*it
, ASN1_VALUE
**preq
,
257 BIO
**pcbio
, BIO
*acbio
,
258 const char *prog
, int accept_get
, int timeout
)
260 BIO
*cbio
= NULL
, *getbio
= NULL
, *b64
= NULL
;
262 char reqbuf
[2048], inbuf
[2048];
270 /* Connection loss before accept() is routine, ignore silently */
271 if (BIO_do_accept(acbio
) <= 0)
274 cbio
= BIO_pop(acbio
);
283 (void)BIO_get_fd(cbio
, &acfd
);
288 /* Read the request line. */
289 len
= BIO_gets(cbio
, reqbuf
, sizeof(reqbuf
));
293 if (accept_get
&& strncmp(reqbuf
, "GET ", 4) == 0) {
294 /* Expecting GET {sp} /URL {sp} HTTP/1.x */
295 for (url
= reqbuf
+ 4; *url
== ' '; ++url
)
298 log_message(prog
, LOG_INFO
,
299 "Invalid GET -- URL does not begin with '/': %s", url
);
304 /* Splice off the HTTP version identifier. */
305 for (end
= url
; *end
!= '\0'; end
++)
308 if (strncmp(end
, " HTTP/1.", 7) != 0) {
309 log_message(prog
, LOG_INFO
,
310 "Invalid GET -- bad HTTP/version string: %s", end
+ 1);
316 * Skip "GET / HTTP..." requests often used by load-balancers.
317 * 'url' was incremented above to point to the first byte *after*
318 * the leading slash, so in case 'GET / ' it is now an empty string.
323 len
= urldecode(url
);
325 log_message(prog
, LOG_INFO
,
326 "Invalid GET request -- bad URL encoding: %s", url
);
329 if ((getbio
= BIO_new_mem_buf(url
, len
)) == NULL
330 || (b64
= BIO_new(BIO_f_base64())) == NULL
) {
331 log_message(prog
, LOG_ERR
,
332 "Could not allocate base64 bio with size = %d", len
);
338 BIO_set_flags(b64
, BIO_FLAGS_BASE64_NO_NL
);
339 getbio
= BIO_push(b64
, getbio
);
340 } else if (strncmp(reqbuf
, "POST ", 5) != 0) {
341 log_message(prog
, LOG_INFO
,
342 "HTTP request does not start with GET/POST: %s", reqbuf
);
343 /* TODO provide better diagnosis in case client tries TLS */
347 /* Read and skip past the headers. */
349 len
= BIO_gets(cbio
, inbuf
, sizeof(inbuf
));
351 log_message(prog
, LOG_ERR
,
352 "Error skipping remaining HTTP headers");
355 if ((inbuf
[0] == '\r') || (inbuf
[0] == '\n'))
360 /* Clear alarm before we close the client socket */
365 /* Try to read and parse request */
366 req
= ASN1_item_d2i_bio(it
, getbio
!= NULL
? getbio
: cbio
, NULL
);
368 log_message(prog
, LOG_ERR
, "Error parsing request");
373 BIO_free_all(getbio
);
377 acfd
= (int)INVALID_SOCKET
;
382 /* assumes that cbio does not do an encoding that changes the output length */
383 int http_server_send_asn1_resp(BIO
*cbio
, const char *content_type
,
384 const ASN1_ITEM
*it
, const ASN1_VALUE
*resp
)
386 int ret
= BIO_printf(cbio
, "HTTP/1.0 200 OK\r\nContent-type: %s\r\n"
387 "Content-Length: %d\r\n\r\n", content_type
,
388 ASN1_item_i2d(resp
, NULL
, it
)) > 0
389 && ASN1_item_i2d_bio(it
, cbio
, resp
) > 0;
391 (void)BIO_flush(cbio
);