commit 1e186154edcaf6eea53fe66e5b5303b9d57433fd from: the xhr date: Fri Aug 20 07:00:16 2021 UTC Revert all access/error logging for now, needs more thought commit - c4e6dde0fb99f24bb7e08554517a4a3670751629 commit + 1e186154edcaf6eea53fe66e5b5303b9d57433fd blob - 20824e63b2355b7204e92a3d14dd59a15808a677 blob + 338a860e245c0825b3f31415366d9daf45e0fec7 --- Makefile +++ Makefile @@ -29,7 +29,6 @@ install: all $(INSTALL) -d -m 755 -o root $(MAN)/man8 $(INSTALL) -d -m 750 -o root $(CONFDIR) $(INSTALL) -d -m 755 -o root $(GEMINIDIR) - $(INSTALL) -d -m 755 -o _twind -g _twind $(GEMINIDIR)/logs $(INSTALL) -m 644 -o root twind.8 $(MAN)/man8 $(INSTALL) -m 755 -o root twind $(SBIN) blob - eca6308b9bf18101f58c4bec2b2ef6f44b69e302 blob + c8df8c1cde601d1c43bd25de8299c5ea99716b6e --- log.c +++ log.c @@ -18,29 +18,18 @@ #define _GNU_SOURCE -#include -#include - #include #include #include #include #include #include -#include -#include #include #include "log.h" -#include "twind.h" -#define MAXLOGLINE 1024 - static int debug; static int verbose; -static int access_fd; -static int error_fd; - static const char *log_procname; void @@ -210,78 +199,3 @@ fatalx(const char *emsg, ...) va_end(ap); exit(1); } - -void -open_twind_logs(void) -{ - if ((access_fd = open(_PATH_TWIND_ACCESS_LOG, O_WRONLY|O_APPEND|O_CREAT, 0644)) - == -1) - fatalx("Cannot open access log: %s", _PATH_TWIND_ACCESS_LOG); - - if ((error_fd = open(_PATH_TWIND_ERROR_LOG, O_WRONLY|O_APPEND|O_CREAT, 0644)) - == -1) - fatalx("Cannot open error log: %s", _PATH_TWIND_ACCESS_LOG); - - return; -} - -void -close_twind_logs(void) -{ - close(access_fd); - close(error_fd); -} - -void -log_access(const struct client_connection *cc, const char *fmt, ...) -{ - struct tm tm; - time_t t; - - t = time(NULL); - tm = *localtime(&t); - - user_log(0, "%s - - [%d/%d/%d:%d:%d:%d %s] %s", cc->client_addr, - tm.tm_mday, tm.tm_mon, tm.tm_year+1900, - tm.tm_hour, tm.tm_min, tm.tm_sec, - tm.tm_zone, fmt); -} - -void -log_error(const struct client_connection *cc, const char *fmt, ...) -{ - struct tm tm; - time_t t; - - t = time(NULL); - tm = *localtime(&t); - - user_log(1, "[%d/%d/%d:%d:%d:%d %s] [error] [client %s] %s", - tm.tm_mday, tm.tm_mon, tm.tm_year+1900, - tm.tm_hour, tm.tm_min, tm.tm_sec, - tm.tm_zone, - cc->client_addr, - fmt); -} - -void -user_log(int target, const char *fmt, ...) -{ - va_list ap; - int fd = -1; - - va_start(ap, fmt); - if (target == 0) - fd = access_fd; - else if (target == 1) - fd = error_fd; - else { - log_warn("Non-existent user log target"); - return; - } - - vdprintf(fd, fmt, ap); - dprintf(fd, "\n"); - - va_end(ap); -} blob - c73f3121e2eb098ba489f23bf522df37deac733b blob + 6d100a48988fc5bde78793af99c23abcf20445f5 --- twind.c +++ twind.c @@ -56,7 +56,6 @@ #define PID_BUF_SIZE 100 #define TWIND_USER "_twind" #define _PATH_TWIND_CHROOT "/var/twind" -#define _PATH_TWIND_LOGS "/var/twind/logs" #define _PATH_TWIND_CERT "/etc/twind/twind.cert.pem" #define _PATH_TWIND_KEY "/etc/twind/twind.key.pem" #define _PATH_TWIND_PID_CHROOT "/var/twind/twind.pid" @@ -155,8 +154,6 @@ main(int argc, char *argv[]) log_init(debug_flag, LOG_DAEMON); log_setverbose(verbose_flag); - open_twind_logs(); - #ifdef __OpenBSD__ if (pledge("stdio inet dns proc rpath", NULL) == -1) fatalx("pledge"); @@ -184,7 +181,6 @@ organize_termination(void) if (sub_pid == -1) { if (errno == ECHILD) { /* All sub processes are terminated */ - close_twind_logs(); log_debug("twind turns to dust"); exit(0); } else { @@ -229,9 +225,9 @@ handle_incoming_connections(int counter, int tcpsock, struct sockaddr_storage addr; struct sockaddr_in clientaddr; struct sockaddr_in6 clientaddr6; - struct client_connection *cc; char str[INET6_ADDRSTRLEN]; pthread_t thread_id; + SSL *ssl_peer; socklen_t len = sizeof(addr); int ret, ssl_err; @@ -246,57 +242,50 @@ handle_incoming_connections(int counter, int tcpsock, if (ret < 0) fatalx("Error when accepting connection"); - if ((cc = calloc(1, sizeof(struct client_connection))) == NULL) - fatalx("Cannot allocate memory for client structure"); - getpeername(ret, (struct sockaddr *)&clientaddr, &len); if (clientaddr.sin_family == AF_INET) { - if (inet_ntop(AF_INET, &clientaddr.sin_addr, cc->client_addr, sizeof(str))) + if (inet_ntop(AF_INET, &clientaddr.sin_addr, str, sizeof(str))) log_info("Connection from %s on Port %d", - cc->client_addr, ntohs(clientaddr.sin_port)); + str, ntohs(clientaddr.sin_port)); } else if (clientaddr.sin_family == AF_INET6) { getpeername(ret, (struct sockaddr *)&clientaddr6, &len); - if (inet_ntop(AF_INET6, &clientaddr6.sin6_addr, cc->client_addr, sizeof(str))) + if (inet_ntop(AF_INET6, &clientaddr6.sin6_addr, str, sizeof(str))) log_info("Connection from %s on Port %d", - cc->client_addr, ntohs(clientaddr6.sin6_port)); + str, ntohs(clientaddr6.sin6_port)); } - if ((cc->ssl_peer = SSL_new(sslctx)) == NULL) { + if ((ssl_peer = SSL_new(sslctx)) == NULL) { log_warn("Creating new TLS structure failed"); - free(cc); close(ret); continue; } - if (SSL_set_fd(cc->ssl_peer, ret) == 0) { + if (SSL_set_fd(ssl_peer, ret) == 0) { log_warn("TLS cannot set file descriptor"); - SSL_free(cc->ssl_peer); - free(cc); + SSL_free(ssl_peer); close(ret); continue; } - ssl_err = SSL_accept(cc->ssl_peer); + ssl_err = SSL_accept(ssl_peer); if (ssl_err < 0) { ERR_print_errors_fp(stderr); log_warn("Fatal TLS error. Cannot accept TLS connection"); - SSL_shutdown(cc->ssl_peer); - SSL_free(cc->ssl_peer); - free(cc); + SSL_shutdown(ssl_peer); + SSL_free(ssl_peer); close(ret); continue; } else if (ssl_err == 0) { log_warn("TLS handshake not successful"); - SSL_shutdown(cc->ssl_peer); - SSL_free(cc->ssl_peer); - free(cc); + SSL_shutdown(ssl_peer); + SSL_free(ssl_peer); close(ret); continue; } - log_debug("SSL connection using %s\n", SSL_get_cipher(cc->ssl_peer)); + log_debug("SSL connection using %s\n", SSL_get_cipher (ssl_peer)); - if (pthread_create(&thread_id, NULL, main_request_handler, ((void*)cc)) + if (pthread_create(&thread_id, NULL, main_request_handler, ((void*)ssl_peer)) != 0) { log_warn("Cannot create handling thread"); return -1; @@ -304,9 +293,8 @@ handle_incoming_connections(int counter, int tcpsock, pthread_join(thread_id, NULL); - SSL_shutdown(cc->ssl_peer); - SSL_free(cc->ssl_peer); - free(cc); + SSL_shutdown(ssl_peer); + SSL_free(ssl_peer); close(ret); } @@ -339,7 +327,7 @@ fork_main_process(int tcpsock[2], SSL_CTX *sslctx) void * main_request_handler(void *argp) { - struct client_connection *cc = (struct client_connection *)argp; + SSL *ssl_peer = (SSL*)argp; char finalpath[MAXREQLEN]; char temp[MAXREQLEN]; char request[MAXREQLEN]; @@ -351,16 +339,14 @@ main_request_handler(void *argp) memset(request, 0, sizeof(request)); memset(temp, 0, sizeof(temp)); - receive_gemini_request(cc->ssl_peer, request); + receive_gemini_request(ssl_peer, request); ret = get_path_from_request(request, finalpath); if (ret == -1) { /* Malformed request */ - log_error(cc, "Malformed request"); - send_non_success_response(cc->ssl_peer, STATUS_BAD_REQUEST); + send_non_success_response(ssl_peer, STATUS_BAD_REQUEST); return NULL; } else if (ret == -2) { /* 404 */ - log_error(cc, "Request file not found"); - send_non_success_response(cc->ssl_peer, STATUS_NOT_FOUND); + send_non_success_response(ssl_peer, STATUS_NOT_FOUND); return NULL; } @@ -371,9 +357,7 @@ main_request_handler(void *argp) log_debug("Cannot get MIME type for %s", ext); } - log_access(cc, finalpath); - - if (send_response(cc->ssl_peer, STATUS_SUCCESS, finalpath, mime) < 0) { + if (send_response(ssl_peer, STATUS_SUCCESS, finalpath, mime) < 0) { log_warn("Sending response to client failed"); return NULL; } @@ -507,8 +491,6 @@ drop_root(void) fatalx("unveil"); if (unveil(_PATH_TWIND_PID_CHROOT, "r") == -1) fatalx("unveil"); - if (unveil(_PATH_TWIND_LOGS, "cw") == -1) - log_warn("unveil"); if (unveil(NULL, NULL) == -1) fatalx("unveil"); #endif /* __OpenBSD__ */ blob - 9d9fce3ad479da1a3dd3a06969b71160dba3500b blob + cb93f4a30e0baa7e6ad993f3793bb5d472bc9836 --- twind.h +++ twind.h @@ -17,15 +17,28 @@ #ifndef _TWIND_H #define _TWIND_H -#include - #include #define VERSION "2021.a" #define MAXREQLEN 1025 -#define _PATH_TWIND_ACCESS_LOG "logs/access.log" -#define _PATH_TWIND_ERROR_LOG "logs/error.log" +/* gemini.c */ +int check_gemini_file(const char *); +int send_response(SSL*, int, const char *, const char *); +int send_non_success_response(SSL*, int); + +/* request.c */ +int get_path_from_request(char *, char *); + +/* mime.c */ +char* get_file_extension(const char*); +char* get_mime_type(const char *); + +/* util.c */ +void* xmalloc(size_t); +char* xstrdup(const char *); +size_t strlcpy(char *, const char *, size_t); + enum status_codes { STATUS_INPUT = 10, STATUS_SENSITIVE_INPUT = 11, @@ -47,33 +60,4 @@ enum status_codes { STATUS_CERT_NOT_VALID = 62, }; -struct client_connection { - SSL *ssl_peer; - char client_addr[INET6_ADDRSTRLEN]; -}; - -/* gemini.c */ -int check_gemini_file(const char *); -int send_response(SSL*, int, const char *, const char *); -int send_non_success_response(SSL*, int); - -/* request.c */ -int get_path_from_request(char *, char *); - -/* mime.c */ -char* get_file_extension(const char*); -char* get_mime_type(const char *); - -/* util.c */ -void* xmalloc(size_t); -char* xstrdup(const char *); -size_t strlcpy(char *, const char *, size_t); - -/* log.c */ -void open_twind_logs(void); -void close_twind_logs(void); -void log_access(const struct client_connection *, const char *, ...); -void log_error(const struct client_connection *, const char *, ...); -void user_log(int, const char *, ...); - #endif