mirrors
/
rspamd
mirror of https://github.com/vstakhov/rspamd.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 159 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
21063 Commits
28 Branches
Tree: c8897ff041
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'c8897ff041'
${ noResults }
rspamd/src/libserver/http/http_connection.c

http_connection.c 66KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842184318441845184618471848184918501851185218531854185518561857185818591860186118621863186418651866186718681869187018711872187318741875187618771878187918801881188218831884188518861887188818891890189118921893189418951896189718981899190019011902190319041905190619071908190919101911191219131914191519161917191819191920192119221923192419251926192719281929193019311932193319341935193619371938193919401941194219431944194519461947194819491950195119521953195419551956195719581959196019611962196319641965196619671968196919701971197219731974197519761977197819791980198119821983198419851986198719881989199019911992199319941995199619971998199920002001200220032004200520062007200820092010201120122013201420152016201720182019202020212022202320242025202620272028202920302031203220332034203520362037203820392040204120422043204420452046204720482049205020512052205320542055205620572058205920602061206220632064206520662067206820692070207120722073207420752076207720782079208020812082208320842085208620872088208920902091209220932094209520962097209820992100210121022103210421052106210721082109211021112112211321142115211621172118211921202121212221232124212521262127212821292130213121322133213421352136213721382139214021412142214321442145214621472148214921502151215221532154215521562157215821592160216121622163216421652166216721682169217021712172217321742175217621772178217921802181218221832184218521862187218821892190219121922193219421952196219721982199220022012202220322042205220622072208220922102211221222132214221522162217221822192220222122222223222422252226222722282229223022312232223322342235223622372238223922402241224222432244224522462247224822492250225122522253225422552256225722582259226022612262226322642265226622672268226922702271227222732274227522762277227822792280228122822283228422852286228722882289229022912292229322942295229622972298229923002301230223032304230523062307230823092310231123122313231423152316231723182319232023212322232323242325232623272328232923302331233223332334233523362337233823392340234123422343234423452346234723482349235023512352235323542355235623572358235923602361236223632364236523662367236823692370237123722373237423752376237723782379238023812382238323842385238623872388238923902391239223932394239523962397239823992400240124022403240424052406240724082409241024112412241324142415241624172418241924202421242224232424242524262427242824292430243124322433243424352436243724382439244024412442244324442445244624472448244924502451245224532454245524562457245824592460246124622463246424652466246724682469247024712472247324742475247624772478247924802481248224832484248524862487248824892490249124922493249424952496249724982499250025012502250325042505250625072508250925102511251225132514251525162517251825192520252125222523252425252526252725282529253025312532253325342535253625372538253925402541254225432544254525462547254825492550255125522553255425552556255725582559256025612562256325642565256625672568256925702571257225732574257525762577257825792580258125822583258425852586258725882589259025912592259325942595259625972598259926002601260226032604260526062607260826092610261126122613261426152616261726182619262026212622262326242625262626272628262926302631263226332634263526362637263826392640264126422643264426452646264726482649 
  1. /*-

  2.  * Copyright 2016 Vsevolod Stakhov

  3.  *

  4.  * Licensed under the Apache License, Version 2.0 (the "License");

  5.  * you may not use this file except in compliance with the License.

  6.  * You may obtain a copy of the License at

  7.  *

  8.  *   http://www.apache.org/licenses/LICENSE-2.0

  9.  *

  10.  * Unless required by applicable law or agreed to in writing, software

  11.  * distributed under the License is distributed on an "AS IS" BASIS,

  12.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  13.  * See the License for the specific language governing permissions and

  14.  * limitations under the License.

  15.  */

  16. #include "config.h"

  17. #include "http_connection.h"

  18. #include "http_private.h"

  19. #include "http_message.h"

  20. #include "utlist.h"

  21. #include "util.h"

  22. #include "printf.h"

  23. #include "logger.h"

  24. #include "ref.h"

  25. #include "ottery.h"

  26. #include "keypair_private.h"

  27. #include "cryptobox.h"

  28. #include "libutil/libev_helper.h"

  29. #include "libserver/ssl_util.h"

  30. #include "libserver/url.h"

  31. 

  32. #include "contrib/mumhash/mum.h"

  33. #include "contrib/http-parser/http_parser.h"

  34. #include "unix-std.h"

  35. 

  36. #include <openssl/err.h>

  37. 

  38. #define ENCRYPTED_VERSION " HTTP/1.0"

  39. 

  40. struct _rspamd_http_privbuf {

  41. 	rspamd_fstring_t *data;

  42. 	const char *zc_buf;

  43. 	gsize zc_remain;

  44. 	ref_entry_t ref;

  45. };

  46. 

  47. enum rspamd_http_priv_flags {

  48. 	RSPAMD_HTTP_CONN_FLAG_ENCRYPTED = 1u << 0u,

  49. 	RSPAMD_HTTP_CONN_FLAG_NEW_HEADER = 1u << 1u,

  50. 	RSPAMD_HTTP_CONN_FLAG_RESETED = 1u << 2u,

  51. 	RSPAMD_HTTP_CONN_FLAG_TOO_LARGE = 1u << 3u,

  52. 	RSPAMD_HTTP_CONN_FLAG_ENCRYPTION_NEEDED = 1u << 4u,

  53. 	RSPAMD_HTTP_CONN_FLAG_PROXY = 1u << 5u,

  54. 	RSPAMD_HTTP_CONN_FLAG_PROXY_REQUEST = 1u << 6u,

  55. 	RSPAMD_HTTP_CONN_OWN_SOCKET = 1u << 7u,

  56. };

  57. 

  58. #define IS_CONN_ENCRYPTED(c) ((c)->flags & RSPAMD_HTTP_CONN_FLAG_ENCRYPTED)

  59. #define IS_CONN_RESETED(c) ((c)->flags & RSPAMD_HTTP_CONN_FLAG_RESETED)

  60. 

  61. struct rspamd_http_connection_private {

  62. 	struct rspamd_http_context *ctx;

  63. 	struct rspamd_ssl_connection *ssl;

  64. 	struct _rspamd_http_privbuf *buf;

  65. 	struct rspamd_keypair_cache *cache;

  66. 	struct rspamd_cryptobox_pubkey *peer_key;

  67. 	struct rspamd_cryptobox_keypair *local_key;

  68. 	struct rspamd_http_header *header;

  69. 	struct http_parser parser;

  70. 	struct http_parser_settings parser_cb;

  71. 	struct rspamd_io_ev ev;

  72. 	ev_tstamp timeout;

  73. 	struct rspamd_http_message *msg;

  74. 	struct iovec *out;

  75. 	unsigned int outlen;

  76. 	enum rspamd_http_priv_flags flags;

  77. 	gsize wr_pos;

  78. 	gsize wr_total;

  79. };

  80. 

  81. static const rspamd_ftok_t key_header = {

  82. 	.begin = "Key",

  83. 	.len = 3};

  84. static const rspamd_ftok_t date_header = {

  85. 	.begin = "Date",

  86. 	.len = 4};

  87. static const rspamd_ftok_t last_modified_header = {

  88. 	.begin = "Last-Modified",

  89. 	.len = 13};

  90. 

  91. static void rspamd_http_event_handler(int fd, short what, gpointer ud);

  92. static void rspamd_http_ssl_err_handler(gpointer ud, GError *err);

  93. 

  94. 

  95. #define HTTP_ERROR http_error_quark()

  96. GQuark

  97. http_error_quark(void)

  98. {

  99. 	return g_quark_from_static_string("http-error-quark");

  100. }

  101. 

  102. static void

  103. rspamd_http_privbuf_dtor(gpointer ud)

  104. {

  105. 	struct _rspamd_http_privbuf *p = (struct _rspamd_http_privbuf *) ud;

  106. 

  107. 	if (p->data) {

  108. 		rspamd_fstring_free(p->data);

  109. 	}

  110. 

  111. 	g_free(p);

  112. }

  113. 

  114. static const char *

  115. rspamd_http_code_to_str(int code)

  116. {

  117. 	if (code == 200) {

  118. 		return "OK";

  119. 	}

  120. 	else if (code == 404) {

  121. 		return "Not found";

  122. 	}

  123. 	else if (code == 403 || code == 401) {

  124. 		return "Not authorized";

  125. 	}

  126. 	else if (code >= 400 && code < 500) {

  127. 		return "Bad request";

  128. 	}

  129. 	else if (code >= 300 && code < 400) {

  130. 		return "See Other";

  131. 	}

  132. 	else if (code >= 500 && code < 600) {

  133. 		return "Internal server error";

  134. 	}

  135. 

  136. 	return "Unknown error";

  137. }

  138. 

  139. static void

  140. rspamd_http_parse_key(rspamd_ftok_t *data, struct rspamd_http_connection *conn,

  141. 					  struct rspamd_http_connection_private *priv)

  142. {

  143. 	unsigned char *decoded_id;

  144. 	const char *eq_pos;

  145. 	gsize id_len;

  146. 	struct rspamd_cryptobox_pubkey *pk;

  147. 

  148. 	if (priv->local_key == NULL) {

  149. 		/* In this case we cannot do anything, e.g. we cannot decrypt payload */

  150. 		priv->flags &= ~RSPAMD_HTTP_CONN_FLAG_ENCRYPTED;

  151. 	}

  152. 	else {

  153. 		/* Check sanity of what we have */

  154. 		eq_pos = memchr(data->begin, '=', data->len);

  155. 		if (eq_pos != NULL) {

  156. 			decoded_id = rspamd_decode_base32(data->begin, eq_pos - data->begin,

  157. 											  &id_len, RSPAMD_BASE32_DEFAULT);

  158. 

  159. 			if (decoded_id != NULL && id_len >= RSPAMD_KEYPAIR_SHORT_ID_LEN) {

  160. 				pk = rspamd_pubkey_from_base32(eq_pos + 1,

  161. 											   data->begin + data->len - eq_pos - 1,

  162. 											   RSPAMD_KEYPAIR_KEX,

  163. 											   RSPAMD_CRYPTOBOX_MODE_25519);

  164. 				if (pk != NULL) {

  165. 					if (memcmp(rspamd_keypair_get_id(priv->local_key),

  166. 							   decoded_id,

  167. 							   RSPAMD_KEYPAIR_SHORT_ID_LEN) == 0) {

  168. 						priv->msg->peer_key = pk;

  169. 

  170. 						if (priv->cache && priv->msg->peer_key) {

  171. 							rspamd_keypair_cache_process(priv->cache,

  172. 														 priv->local_key,

  173. 														 priv->msg->peer_key);

  174. 						}

  175. 					}

  176. 					else {

  177. 						rspamd_pubkey_unref(pk);

  178. 					}

  179. 				}

  180. 			}

  181. 

  182. 			priv->flags |= RSPAMD_HTTP_CONN_FLAG_ENCRYPTED;

  183. 			g_free(decoded_id);

  184. 		}

  185. 	}

  186. }

  187. 

  188. static inline void

  189. rspamd_http_check_special_header(struct rspamd_http_connection *conn,

  190. 								 struct rspamd_http_connection_private *priv)

  191. {

  192. 	if (rspamd_ftok_casecmp(&priv->header->name, &date_header) == 0) {

  193. 		priv->msg->date = rspamd_http_parse_date(priv->header->value.begin,

  194. 												 priv->header->value.len);

  195. 	}

  196. 	else if (rspamd_ftok_casecmp(&priv->header->name, &key_header) == 0) {

  197. 		rspamd_http_parse_key(&priv->header->value, conn, priv);

  198. 	}

  199. 	else if (rspamd_ftok_casecmp(&priv->header->name, &last_modified_header) == 0) {

  200. 		priv->msg->last_modified = rspamd_http_parse_date(

  201. 			priv->header->value.begin,

  202. 			priv->header->value.len);

  203. 	}

  204. }

  205. 

  206. static int

  207. rspamd_http_on_url(http_parser *parser, const char *at, size_t length)

  208. {

  209. 	struct rspamd_http_connection *conn =

  210. 		(struct rspamd_http_connection *) parser->data;

  211. 	struct rspamd_http_connection_private *priv;

  212. 

  213. 	priv = conn->priv;

  214. 

  215. 	priv->msg->url = rspamd_fstring_append(priv->msg->url, at, length);

  216. 

  217. 	return 0;

  218. }

  219. 

  220. static int

  221. rspamd_http_on_status(http_parser *parser, const char *at, size_t length)

  222. {

  223. 	struct rspamd_http_connection *conn =

  224. 		(struct rspamd_http_connection *) parser->data;

  225. 	struct rspamd_http_connection_private *priv;

  226. 

  227. 	priv = conn->priv;

  228. 

  229. 	if (parser->status_code != 200) {

  230. 		if (priv->msg->status == NULL) {

  231. 			priv->msg->status = rspamd_fstring_new();

  232. 		}

  233. 

  234. 		priv->msg->status = rspamd_fstring_append(priv->msg->status, at, length);

  235. 	}

  236. 

  237. 	return 0;

  238. }

  239. 

  240. static void

  241. rspamd_http_finish_header(struct rspamd_http_connection *conn,

  242. 						  struct rspamd_http_connection_private *priv)

  243. {

  244. 	struct rspamd_http_header *hdr;

  245. 	khiter_t k;

  246. 	int r;

  247. 

  248. 	priv->header->combined = rspamd_fstring_append(priv->header->combined,

  249. 												   "\r\n", 2);

  250. 	priv->header->value.len = priv->header->combined->len -

  251. 							  priv->header->name.len - 4;

  252. 	priv->header->value.begin = priv->header->combined->str +

  253. 								priv->header->name.len + 2;

  254. 	priv->header->name.begin = priv->header->combined->str;

  255. 

  256. 	k = kh_put(rspamd_http_headers_hash, priv->msg->headers, &priv->header->name,

  257. 			   &r);

  258. 

  259. 	if (r != 0) {

  260. 		kh_value(priv->msg->headers, k) = priv->header;

  261. 		hdr = NULL;

  262. 	}

  263. 	else {

  264. 		hdr = kh_value(priv->msg->headers, k);

  265. 	}

  266. 

  267. 	DL_APPEND(hdr, priv->header);

  268. 

  269. 	rspamd_http_check_special_header(conn, priv);

  270. }

  271. 

  272. static void

  273. rspamd_http_init_header(struct rspamd_http_connection_private *priv)

  274. {

  275. 	priv->header = g_malloc0(sizeof(struct rspamd_http_header));

  276. 	priv->header->combined = rspamd_fstring_new();

  277. }

  278. 

  279. static int

  280. rspamd_http_on_header_field(http_parser *parser,

  281. 							const char *at,

  282. 							size_t length)

  283. {

  284. 	struct rspamd_http_connection *conn =

  285. 		(struct rspamd_http_connection *) parser->data;

  286. 	struct rspamd_http_connection_private *priv;

  287. 

  288. 	priv = conn->priv;

  289. 

  290. 	if (priv->header == NULL) {

  291. 		rspamd_http_init_header(priv);

  292. 	}

  293. 	else if (priv->flags & RSPAMD_HTTP_CONN_FLAG_NEW_HEADER) {

  294. 		rspamd_http_finish_header(conn, priv);

  295. 		rspamd_http_init_header(priv);

  296. 	}

  297. 

  298. 	priv->flags &= ~RSPAMD_HTTP_CONN_FLAG_NEW_HEADER;

  299. 	priv->header->combined = rspamd_fstring_append(priv->header->combined,

  300. 												   at, length);

  301. 

  302. 	return 0;

  303. }

  304. 

  305. static int

  306. rspamd_http_on_header_value(http_parser *parser,

  307. 							const char *at,

  308. 							size_t length)

  309. {

  310. 	struct rspamd_http_connection *conn =

  311. 		(struct rspamd_http_connection *) parser->data;

  312. 	struct rspamd_http_connection_private *priv;

  313. 

  314. 	priv = conn->priv;

  315. 

  316. 	if (priv->header == NULL) {

  317. 		/* Should not happen */

  318. 		return -1;

  319. 	}

  320. 

  321. 	if (!(priv->flags & RSPAMD_HTTP_CONN_FLAG_NEW_HEADER)) {

  322. 		priv->flags |= RSPAMD_HTTP_CONN_FLAG_NEW_HEADER;

  323. 		priv->header->combined = rspamd_fstring_append(priv->header->combined,

  324. 													   ": ", 2);

  325. 		priv->header->name.len = priv->header->combined->len - 2;

  326. 	}

  327. 

  328. 	priv->header->combined = rspamd_fstring_append(priv->header->combined,

  329. 												   at, length);

  330. 

  331. 	return 0;

  332. }

  333. 

  334. static int

  335. rspamd_http_on_headers_complete(http_parser *parser)

  336. {

  337. 	struct rspamd_http_connection *conn =

  338. 		(struct rspamd_http_connection *) parser->data;

  339. 	struct rspamd_http_connection_private *priv;

  340. 	struct rspamd_http_message *msg;

  341. 	int ret;

  342. 

  343. 	priv = conn->priv;

  344. 	msg = priv->msg;

  345. 

  346. 	if (priv->header != NULL) {

  347. 		rspamd_http_finish_header(conn, priv);

  348. 

  349. 		priv->header = NULL;

  350. 		priv->flags &= ~RSPAMD_HTTP_CONN_FLAG_NEW_HEADER;

  351. 	}

  352. 

  353. 	if (msg->method == HTTP_HEAD) {

  354. 		/* We don't care about the rest */

  355. 		rspamd_ev_watcher_stop(priv->ctx->event_loop, &priv->ev);

  356. 

  357. 		msg->code = parser->status_code;

  358. 		rspamd_http_connection_ref(conn);

  359. 		ret = conn->finish_handler(conn, msg);

  360. 

  361. 		if (conn->opts & RSPAMD_HTTP_CLIENT_KEEP_ALIVE) {

  362. 			rspamd_http_context_push_keepalive(conn->priv->ctx, conn,

  363. 											   msg, conn->priv->ctx->event_loop);

  364. 			rspamd_http_connection_reset(conn);

  365. 		}

  366. 		else {

  367. 			conn->finished = TRUE;

  368. 		}

  369. 

  370. 		rspamd_http_connection_unref(conn);

  371. 

  372. 		return ret;

  373. 	}

  374. 

  375. 	/*

  376. 	 * HTTP parser sets content length to (-1) when it doesn't know the real

  377. 	 * length, for example, in case of chunked encoding.

  378. 	 *

  379. 	 * Hence, we skip body setup here

  380. 	 */

  381. 	if (parser->content_length != ULLONG_MAX && parser->content_length != 0 &&

  382. 		msg->method != HTTP_HEAD) {

  383. 		if (conn->max_size > 0 &&

  384. 			parser->content_length > conn->max_size) {

  385. 			/* Too large message */

  386. 			priv->flags |= RSPAMD_HTTP_CONN_FLAG_TOO_LARGE;

  387. 			return -1;

  388. 		}

  389. 

  390. 		if (!rspamd_http_message_set_body(msg, NULL, parser->content_length)) {

  391. 			return -1;

  392. 		}

  393. 	}

  394. 

  395. 	if (parser->flags & F_SPAMC) {

  396. 		msg->flags |= RSPAMD_HTTP_FLAG_SPAMC;

  397. 	}

  398. 

  399. 

  400. 	msg->method = parser->method;

  401. 	msg->code = parser->status_code;

  402. 

  403. 	return 0;

  404. }

  405. 

  406. static void

  407. rspamd_http_switch_zc(struct _rspamd_http_privbuf *pbuf,

  408. 					  struct rspamd_http_message *msg)

  409. {

  410. 	pbuf->zc_buf = msg->body_buf.begin + msg->body_buf.len;

  411. 	pbuf->zc_remain = msg->body_buf.allocated_len - msg->body_buf.len;

  412. }

  413. 

  414. static int

  415. rspamd_http_on_body(http_parser *parser, const char *at, size_t length)

  416. {

  417. 	struct rspamd_http_connection *conn =

  418. 		(struct rspamd_http_connection *) parser->data;

  419. 	struct rspamd_http_connection_private *priv;

  420. 	struct rspamd_http_message *msg;

  421. 	struct _rspamd_http_privbuf *pbuf;

  422. 	const char *p;

  423. 

  424. 	priv = conn->priv;

  425. 	msg = priv->msg;

  426. 	pbuf = priv->buf;

  427. 	p = at;

  428. 

  429. 	if (!(msg->flags & RSPAMD_HTTP_FLAG_HAS_BODY)) {

  430. 		if (!rspamd_http_message_set_body(msg, NULL, parser->content_length)) {

  431. 			return -1;

  432. 		}

  433. 	}

  434. 

  435. 	if (conn->finished) {

  436. 		return 0;

  437. 	}

  438. 

  439. 	if (conn->max_size > 0 &&

  440. 		msg->body_buf.len + length > conn->max_size) {

  441. 		/* Body length overflow */

  442. 		priv->flags |= RSPAMD_HTTP_CONN_FLAG_TOO_LARGE;

  443. 		return -1;

  444. 	}

  445. 

  446. 	if (!pbuf->zc_buf) {

  447. 		if (!rspamd_http_message_append_body(msg, at, length)) {

  448. 			return -1;

  449. 		}

  450. 

  451. 		/* We might have some leftover in our private buffer */

  452. 		if (pbuf->data->len == length) {

  453. 			/* Switch to zero-copy mode */

  454. 			rspamd_http_switch_zc(pbuf, msg);

  455. 		}

  456. 	}

  457. 	else {

  458. 		if (msg->body_buf.begin + msg->body_buf.len != at) {

  459. 			/* Likely chunked encoding */

  460. 			memmove((char *) msg->body_buf.begin + msg->body_buf.len, at, length);

  461. 			p = msg->body_buf.begin + msg->body_buf.len;

  462. 		}

  463. 

  464. 		/* Adjust zero-copy buf */

  465. 		msg->body_buf.len += length;

  466. 

  467. 		if (!(msg->flags & RSPAMD_HTTP_FLAG_SHMEM)) {

  468. 			msg->body_buf.c.normal->len += length;

  469. 		}

  470. 

  471. 		pbuf->zc_buf = msg->body_buf.begin + msg->body_buf.len;

  472. 		pbuf->zc_remain = msg->body_buf.allocated_len - msg->body_buf.len;

  473. 	}

  474. 

  475. 	if ((conn->opts & RSPAMD_HTTP_BODY_PARTIAL) && !IS_CONN_ENCRYPTED(priv)) {

  476. 		/* Incremental update is impossible for encrypted requests so far */

  477. 		return (conn->body_handler(conn, msg, p, length));

  478. 	}

  479. 

  480. 	return 0;

  481. }

  482. 

  483. static int

  484. rspamd_http_on_body_decrypted(http_parser *parser, const char *at, size_t length)

  485. {

  486. 	struct rspamd_http_connection *conn =

  487. 		(struct rspamd_http_connection *) parser->data;

  488. 	struct rspamd_http_connection_private *priv;

  489. 

  490. 	priv = conn->priv;

  491. 

  492. 	if (priv->header != NULL) {

  493. 		rspamd_http_finish_header(conn, priv);

  494. 		priv->header = NULL;

  495. 	}

  496. 

  497. 	if (conn->finished) {

  498. 		return 0;

  499. 	}

  500. 

  501. 	if (priv->msg->body_buf.len == 0) {

  502. 

  503. 		priv->msg->body_buf.begin = at;

  504. 		priv->msg->method = parser->method;

  505. 		priv->msg->code = parser->status_code;

  506. 	}

  507. 

  508. 	priv->msg->body_buf.len += length;

  509. 

  510. 	return 0;

  511. }

  512. 

  513. static int

  514. rspamd_http_on_headers_complete_decrypted(http_parser *parser)

  515. {

  516. 	struct rspamd_http_connection *conn =

  517. 		(struct rspamd_http_connection *) parser->data;

  518. 	struct rspamd_http_connection_private *priv;

  519. 	struct rspamd_http_message *msg;

  520. 	int ret;

  521. 

  522. 	priv = conn->priv;

  523. 	msg = priv->msg;

  524. 

  525. 	if (priv->header != NULL) {

  526. 		rspamd_http_finish_header(conn, priv);

  527. 

  528. 		priv->header = NULL;

  529. 		priv->flags &= ~RSPAMD_HTTP_CONN_FLAG_NEW_HEADER;

  530. 	}

  531. 

  532. 	if (parser->flags & F_SPAMC) {

  533. 		priv->msg->flags |= RSPAMD_HTTP_FLAG_SPAMC;

  534. 	}

  535. 

  536. 	if (msg->method == HTTP_HEAD) {

  537. 		/* We don't care about the rest */

  538. 		rspamd_ev_watcher_stop(priv->ctx->event_loop, &priv->ev);

  539. 		msg->code = parser->status_code;

  540. 		rspamd_http_connection_ref(conn);

  541. 		ret = conn->finish_handler(conn, msg);

  542. 

  543. 		if (conn->opts & RSPAMD_HTTP_CLIENT_KEEP_ALIVE) {

  544. 			rspamd_http_context_push_keepalive(conn->priv->ctx, conn,

  545. 											   msg, conn->priv->ctx->event_loop);

  546. 			rspamd_http_connection_reset(conn);

  547. 		}

  548. 		else {

  549. 			conn->finished = TRUE;

  550. 		}

  551. 

  552. 		rspamd_http_connection_unref(conn);

  553. 

  554. 		return ret;

  555. 	}

  556. 

  557. 	priv->msg->method = parser->method;

  558. 	priv->msg->code = parser->status_code;

  559. 

  560. 	return 0;

  561. }

  562. 

  563. static int

  564. rspamd_http_decrypt_message(struct rspamd_http_connection *conn,

  565. 							struct rspamd_http_connection_private *priv,

  566. 							struct rspamd_cryptobox_pubkey *peer_key)

  567. {

  568. 	unsigned char *nonce, *m;

  569. 	const unsigned char *nm;

  570. 	gsize dec_len;

  571. 	struct rspamd_http_message *msg = priv->msg;

  572. 	struct rspamd_http_header *hdr, *hcur, *hcurtmp;

  573. 	struct http_parser decrypted_parser;

  574. 	struct http_parser_settings decrypted_cb;

  575. 	enum rspamd_cryptobox_mode mode;

  576. 

  577. 	mode = rspamd_keypair_alg(priv->local_key);

  578. 	nonce = msg->body_buf.str;

  579. 	m = msg->body_buf.str + rspamd_cryptobox_nonce_bytes(mode) +

  580. 		rspamd_cryptobox_mac_bytes(mode);

  581. 	dec_len = msg->body_buf.len - rspamd_cryptobox_nonce_bytes(mode) -

  582. 			  rspamd_cryptobox_mac_bytes(mode);

  583. 

  584. 	if ((nm = rspamd_pubkey_get_nm(peer_key, priv->local_key)) == NULL) {

  585. 		nm = rspamd_pubkey_calculate_nm(peer_key, priv->local_key);

  586. 	}

  587. 

  588. 	if (!rspamd_cryptobox_decrypt_nm_inplace(m, dec_len, nonce,

  589. 											 nm, m - rspamd_cryptobox_mac_bytes(mode), mode)) {

  590. 		msg_err("cannot verify encrypted message, first bytes of the input: %*xs",

  591. 				(int) MIN(msg->body_buf.len, 64), msg->body_buf.begin);

  592. 		return -1;

  593. 	}

  594. 

  595. 	/* Cleanup message */

  596. 	kh_foreach_value (msg->headers, hdr, {

  597. 		DL_FOREACH_SAFE (hdr, hcur, hcurtmp) {

  598. 			rspamd_fstring_free (hcur->combined);

  599. 			g_free (hcur);

  600. }

  601. });

  602. 

  603. kh_destroy(rspamd_http_headers_hash, msg->headers);

  604. msg->headers = kh_init(rspamd_http_headers_hash);

  605. 

  606. if (msg->url != NULL) {

  607. 	msg->url = rspamd_fstring_assign(msg->url, "", 0);

  608. }

  609. 

  610. msg->body_buf.len = 0;

  611. 

  612. memset(&decrypted_parser, 0, sizeof(decrypted_parser));

  613. http_parser_init(&decrypted_parser,

  614. 				 conn->type == RSPAMD_HTTP_SERVER ? HTTP_REQUEST : HTTP_RESPONSE);

  615. 

  616. memset(&decrypted_cb, 0, sizeof(decrypted_cb));

  617. decrypted_cb.on_url = rspamd_http_on_url;

  618. decrypted_cb.on_status = rspamd_http_on_status;

  619. decrypted_cb.on_header_field = rspamd_http_on_header_field;

  620. decrypted_cb.on_header_value = rspamd_http_on_header_value;

  621. decrypted_cb.on_headers_complete = rspamd_http_on_headers_complete_decrypted;

  622. decrypted_cb.on_body = rspamd_http_on_body_decrypted;

  623. decrypted_parser.data = conn;

  624. decrypted_parser.content_length = dec_len;

  625. 

  626. if (http_parser_execute(&decrypted_parser, &decrypted_cb, m,

  627. 						dec_len) != (size_t) dec_len) {

  628. 	msg_err("HTTP parser error: %s when parsing encrypted request",

  629. 			http_errno_description(decrypted_parser.http_errno));

  630. 	return -1;

  631. }

  632. 

  633. return 0;

  634. }

  635. 

  636. static int

  637. rspamd_http_on_message_complete(http_parser *parser)

  638. {

  639. 	struct rspamd_http_connection *conn =

  640. 		(struct rspamd_http_connection *) parser->data;

  641. 	struct rspamd_http_connection_private *priv;

  642. 	int ret = 0;

  643. 	enum rspamd_cryptobox_mode mode;

  644. 

  645. 	if (conn->finished) {

  646. 		return 0;

  647. 	}

  648. 

  649. 	priv = conn->priv;

  650. 

  651. 	if ((conn->opts & RSPAMD_HTTP_REQUIRE_ENCRYPTION) && !IS_CONN_ENCRYPTED(priv)) {

  652. 		priv->flags |= RSPAMD_HTTP_CONN_FLAG_ENCRYPTION_NEEDED;

  653. 		msg_err("unencrypted connection when encryption has been requested");

  654. 		return -1;

  655. 	}

  656. 

  657. 	if ((conn->opts & RSPAMD_HTTP_BODY_PARTIAL) == 0 && IS_CONN_ENCRYPTED(priv)) {

  658. 		mode = rspamd_keypair_alg(priv->local_key);

  659. 

  660. 		if (priv->local_key == NULL || priv->msg->peer_key == NULL ||

  661. 			priv->msg->body_buf.len < rspamd_cryptobox_nonce_bytes(mode) +

  662. 										  rspamd_cryptobox_mac_bytes(mode)) {

  663. 			msg_err("cannot decrypt message");

  664. 			return -1;

  665. 		}

  666. 

  667. 		/* We have keys, so we can decrypt message */

  668. 		ret = rspamd_http_decrypt_message(conn, priv, priv->msg->peer_key);

  669. 

  670. 		if (ret != 0) {

  671. 			return ret;

  672. 		}

  673. 

  674. 		if (conn->body_handler != NULL) {

  675. 			rspamd_http_connection_ref(conn);

  676. 			ret = conn->body_handler(conn,

  677. 									 priv->msg,

  678. 									 priv->msg->body_buf.begin,

  679. 									 priv->msg->body_buf.len);

  680. 			rspamd_http_connection_unref(conn);

  681. 		}

  682. 	}

  683. 	else if ((conn->opts & RSPAMD_HTTP_BODY_PARTIAL) == 0 && conn->body_handler) {

  684. 		g_assert(conn->body_handler != NULL);

  685. 		rspamd_http_connection_ref(conn);

  686. 		ret = conn->body_handler(conn,

  687. 								 priv->msg,

  688. 								 priv->msg->body_buf.begin,

  689. 								 priv->msg->body_buf.len);

  690. 		rspamd_http_connection_unref(conn);

  691. 	}

  692. 

  693. 	if (ret == 0) {

  694. 		rspamd_ev_watcher_stop(priv->ctx->event_loop, &priv->ev);

  695. 		rspamd_http_connection_ref(conn);

  696. 		ret = conn->finish_handler(conn, priv->msg);

  697. 

  698. 		if (conn->opts & RSPAMD_HTTP_CLIENT_KEEP_ALIVE) {

  699. 			rspamd_http_context_push_keepalive(conn->priv->ctx, conn,

  700. 											   priv->msg, conn->priv->ctx->event_loop);

  701. 			rspamd_http_connection_reset(conn);

  702. 		}

  703. 		else {

  704. 			conn->finished = TRUE;

  705. 		}

  706. 

  707. 		rspamd_http_connection_unref(conn);

  708. 	}

  709. 

  710. 	return ret;

  711. }

  712. 

  713. static void

  714. rspamd_http_simple_client_helper(struct rspamd_http_connection *conn)

  715. {

  716. 	struct rspamd_http_connection_private *priv;

  717. 	gpointer ssl;

  718. 	int request_method;

  719. 	GString *prev_host = NULL;

  720. 

  721. 	priv = conn->priv;

  722. 	ssl = priv->ssl;

  723. 	priv->ssl = NULL;

  724. 

  725. 	/* Preserve data */

  726. 	if (priv->msg) {

  727. 		request_method = priv->msg->method;

  728. 		/* Preserve host for keepalive */

  729. 		prev_host = priv->msg->host;

  730. 		priv->msg->host = NULL;

  731. 	}

  732. 

  733. 	rspamd_http_connection_reset(conn);

  734. 	priv->ssl = ssl;

  735. 

  736. 	/* Plan read message */

  737. 

  738. 	if (conn->opts & RSPAMD_HTTP_CLIENT_SHARED) {

  739. 		rspamd_http_connection_read_message_shared(conn, conn->ud,

  740. 												   conn->priv->timeout);

  741. 	}

  742. 	else {

  743. 		rspamd_http_connection_read_message(conn, conn->ud,

  744. 											conn->priv->timeout);

  745. 	}

  746. 

  747. 	if (priv->msg) {

  748. 		priv->msg->method = request_method;

  749. 		priv->msg->host = prev_host;

  750. 	}

  751. 	else {

  752. 		if (prev_host) {

  753. 			g_string_free(prev_host, TRUE);

  754. 		}

  755. 	}

  756. }

  757. 

  758. static void

  759. rspamd_http_write_helper(struct rspamd_http_connection *conn)

  760. {

  761. 	struct rspamd_http_connection_private *priv;

  762. 	struct iovec *start;

  763. 	unsigned int niov, i;

  764. 	int flags = 0;

  765. 	gsize remain;

  766. 	gssize r;

  767. 	GError *err;

  768. 	struct iovec *cur_iov;

  769. 	struct msghdr msg;

  770. 

  771. 	priv = conn->priv;

  772. 

  773. 	if (priv->wr_pos == priv->wr_total) {

  774. 		goto call_finish_handler;

  775. 	}

  776. 

  777. 	start = &priv->out[0];

  778. 	niov = priv->outlen;

  779. 	remain = priv->wr_pos;

  780. 	/* We know that niov is small enough for that */

  781. 	if (priv->ssl) {

  782. 		/* Might be recursive! */

  783. 		cur_iov = g_malloc(niov * sizeof(struct iovec));

  784. 	}

  785. 	else {

  786. 		cur_iov = alloca(niov * sizeof(struct iovec));

  787. 	}

  788. 	memcpy(cur_iov, priv->out, niov * sizeof(struct iovec));

  789. 	for (i = 0; i < priv->outlen && remain > 0; i++) {

  790. 		/* Find out the first iov required */

  791. 		start = &cur_iov[i];

  792. 		if (start->iov_len <= remain) {

  793. 			remain -= start->iov_len;

  794. 			start = &cur_iov[i + 1];

  795. 			niov--;

  796. 		}

  797. 		else {

  798. 			start->iov_base = (void *) ((char *) start->iov_base + remain);

  799. 			start->iov_len -= remain;

  800. 			remain = 0;

  801. 		}

  802. 	}

  803. 

  804. 	memset(&msg, 0, sizeof(msg));

  805. 	msg.msg_iov = start;

  806. 	msg.msg_iovlen = MIN(IOV_MAX, niov);

  807. 	g_assert(niov > 0);

  808. #ifdef MSG_NOSIGNAL

  809. 	flags = MSG_NOSIGNAL;

  810. #endif

  811. 

  812. 	if (priv->ssl) {

  813. 		r = rspamd_ssl_writev(priv->ssl, msg.msg_iov, msg.msg_iovlen);

  814. 		g_free(cur_iov);

  815. 	}

  816. 	else {

  817. 		r = sendmsg(conn->fd, &msg, flags);

  818. 	}

  819. 

  820. 	if (r == -1) {

  821. 		if (!priv->ssl) {

  822. 			err = g_error_new(HTTP_ERROR, 500, "IO write error: %s", strerror(errno));

  823. 			rspamd_http_connection_ref(conn);

  824. 			conn->error_handler(conn, err);

  825. 			rspamd_http_connection_unref(conn);

  826. 			g_error_free(err);

  827. 		}

  828. 

  829. 		return;

  830. 	}

  831. 	else {

  832. 		priv->wr_pos += r;

  833. 	}

  834. 

  835. 	if (priv->wr_pos >= priv->wr_total) {

  836. 		goto call_finish_handler;

  837. 	}

  838. 	else {

  839. 		/* Want to write more */

  840. 		priv->flags &= ~RSPAMD_HTTP_CONN_FLAG_RESETED;

  841. 

  842. 		if (priv->ssl && r > 0) {

  843. 			/* We can write more data... */

  844. 			rspamd_http_write_helper(conn);

  845. 			return;

  846. 		}

  847. 	}

  848. 

  849. 	return;

  850. 

  851. call_finish_handler:

  852. 	rspamd_ev_watcher_stop(priv->ctx->event_loop, &priv->ev);

  853. 

  854. 	if ((conn->opts & RSPAMD_HTTP_CLIENT_SIMPLE) == 0) {

  855. 		rspamd_http_connection_ref(conn);

  856. 		conn->finished = TRUE;

  857. 		conn->finish_handler(conn, priv->msg);

  858. 		rspamd_http_connection_unref(conn);

  859. 	}

  860. 	else {

  861. 		/* Plan read message */

  862. 		rspamd_http_simple_client_helper(conn);

  863. 	}

  864. }

  865. 

  866. static gssize

  867. rspamd_http_try_read(int fd,

  868. 					 struct rspamd_http_connection *conn,

  869. 					 struct rspamd_http_connection_private *priv,

  870. 					 struct _rspamd_http_privbuf *pbuf,

  871. 					 const char **buf_ptr)

  872. {

  873. 	gssize r;

  874. 	char *data;

  875. 	gsize len;

  876. 	struct rspamd_http_message *msg;

  877. 

  878. 	msg = priv->msg;

  879. 

  880. 	if (pbuf->zc_buf == NULL) {

  881. 		data = priv->buf->data->str;

  882. 		len = priv->buf->data->allocated;

  883. 	}

  884. 	else {

  885. 		data = (char *) pbuf->zc_buf;

  886. 		len = pbuf->zc_remain;

  887. 

  888. 		if (len == 0) {

  889. 			rspamd_http_message_grow_body(priv->msg, priv->buf->data->allocated);

  890. 			rspamd_http_switch_zc(pbuf, msg);

  891. 			data = (char *) pbuf->zc_buf;

  892. 			len = pbuf->zc_remain;

  893. 		}

  894. 	}

  895. 

  896. 	if (priv->ssl) {

  897. 		r = rspamd_ssl_read(priv->ssl, data, len);

  898. 	}

  899. 	else {

  900. 		r = read(fd, data, len);

  901. 	}

  902. 

  903. 	if (r <= 0) {

  904. 		return r;

  905. 	}

  906. 	else {

  907. 		if (pbuf->zc_buf == NULL) {

  908. 			priv->buf->data->len = r;

  909. 		}

  910. 		else {

  911. 			pbuf->zc_remain -= r;

  912. 			pbuf->zc_buf += r;

  913. 		}

  914. 	}

  915. 

  916. 	if (buf_ptr) {

  917. 		*buf_ptr = data;

  918. 	}

  919. 

  920. 	return r;

  921. }

  922. 

  923. static void

  924. rspamd_http_ssl_err_handler(gpointer ud, GError *err)

  925. {

  926. 	struct rspamd_http_connection *conn = (struct rspamd_http_connection *) ud;

  927. 

  928. 	rspamd_http_connection_ref(conn);

  929. 	conn->error_handler(conn, err);

  930. 	rspamd_http_connection_unref(conn);

  931. }

  932. 

  933. static void

  934. rspamd_http_event_handler(int fd, short what, gpointer ud)

  935. {

  936. 	struct rspamd_http_connection *conn = (struct rspamd_http_connection *) ud;

  937. 	struct rspamd_http_connection_private *priv;

  938. 	struct _rspamd_http_privbuf *pbuf;

  939. 	const char *d;

  940. 	gssize r;

  941. 	GError *err;

  942. 

  943. 	priv = conn->priv;

  944. 	pbuf = priv->buf;

  945. 	REF_RETAIN(pbuf);

  946. 	rspamd_http_connection_ref(conn);

  947. 

  948. 	if (what == EV_READ) {

  949. 		r = rspamd_http_try_read(fd, conn, priv, pbuf, &d);

  950. 

  951. 		if (r > 0) {

  952. 			if (http_parser_execute(&priv->parser, &priv->parser_cb,

  953. 									d, r) != (size_t) r ||

  954. 				priv->parser.http_errno != 0) {

  955. 				if (priv->flags & RSPAMD_HTTP_CONN_FLAG_TOO_LARGE) {

  956. 					err = g_error_new(HTTP_ERROR, 413,

  957. 									  "Request entity too large: %zu",

  958. 									  (size_t) priv->parser.content_length);

  959. 				}

  960. 				else if (priv->flags & RSPAMD_HTTP_CONN_FLAG_ENCRYPTION_NEEDED) {

  961. 					err = g_error_new(HTTP_ERROR, 400,

  962. 									  "Encryption required");

  963. 				}

  964. 				else if (priv->parser.http_errno == HPE_CLOSED_CONNECTION) {

  965. 					msg_err("got garbage after end of the message, ignore it");

  966. 

  967. 					REF_RELEASE(pbuf);

  968. 					rspamd_http_connection_unref(conn);

  969. 

  970. 					return;

  971. 				}

  972. 				else {

  973. 					if (priv->parser.http_errno > HPE_CB_status) {

  974. 						err = g_error_new(HTTP_ERROR, 400,

  975. 										  "HTTP parser error: %s",

  976. 										  http_errno_description(priv->parser.http_errno));

  977. 					}

  978. 					else {

  979. 						err = g_error_new(HTTP_ERROR, 500,

  980. 										  "HTTP parser internal error: %s",

  981. 										  http_errno_description(priv->parser.http_errno));

  982. 					}

  983. 				}

  984. 

  985. 				if (!conn->finished) {

  986. 					conn->error_handler(conn, err);

  987. 				}

  988. 				else {

  989. 					msg_err("got error after HTTP request is finished: %e", err);

  990. 				}

  991. 

  992. 				g_error_free(err);

  993. 

  994. 				REF_RELEASE(pbuf);

  995. 				rspamd_http_connection_unref(conn);

  996. 

  997. 				return;

  998. 			}

  999. 		}

  1000. 		else if (r == 0) {

  1001. 			/* We can still call http parser */

  1002. 			http_parser_execute(&priv->parser, &priv->parser_cb, d, r);

  1003. 

  1004. 			if (!conn->finished) {

  1005. 				err = g_error_new(HTTP_ERROR,

  1006. 								  400,

  1007. 								  "IO read error: unexpected EOF");

  1008. 				conn->error_handler(conn, err);

  1009. 				g_error_free(err);

  1010. 			}

  1011. 			REF_RELEASE(pbuf);

  1012. 			rspamd_http_connection_unref(conn);

  1013. 

  1014. 			return;

  1015. 		}

  1016. 		else {

  1017. 			if (!priv->ssl) {

  1018. 				err = g_error_new(HTTP_ERROR,

  1019. 								  500,

  1020. 								  "HTTP IO read error: %s",

  1021. 								  strerror(errno));

  1022. 				conn->error_handler(conn, err);

  1023. 				g_error_free(err);

  1024. 			}

  1025. 

  1026. 			REF_RELEASE(pbuf);

  1027. 			rspamd_http_connection_unref(conn);

  1028. 

  1029. 			return;

  1030. 		}

  1031. 	}

  1032. 	else if (what == EV_TIMEOUT) {

  1033. 		if (!priv->ssl) {

  1034. 			/* Let's try to read from the socket first */

  1035. 			r = rspamd_http_try_read(fd, conn, priv, pbuf, &d);

  1036. 

  1037. 			if (r > 0) {

  1038. 				if (http_parser_execute(&priv->parser, &priv->parser_cb,

  1039. 										d, r) != (size_t) r ||

  1040. 					priv->parser.http_errno != 0) {

  1041. 					err = g_error_new(HTTP_ERROR, 400,

  1042. 									  "HTTP parser error: %s",

  1043. 									  http_errno_description(priv->parser.http_errno));

  1044. 

  1045. 					if (!conn->finished) {

  1046. 						conn->error_handler(conn, err);

  1047. 					}

  1048. 					else {

  1049. 						msg_err("got error after HTTP request is finished: %e", err);

  1050. 					}

  1051. 

  1052. 					g_error_free(err);

  1053. 

  1054. 					REF_RELEASE(pbuf);

  1055. 					rspamd_http_connection_unref(conn);

  1056. 

  1057. 					return;

  1058. 				}

  1059. 			}

  1060. 			else {

  1061. 				err = g_error_new(HTTP_ERROR, 408,

  1062. 								  "IO timeout");

  1063. 				conn->error_handler(conn, err);

  1064. 				g_error_free(err);

  1065. 

  1066. 				REF_RELEASE(pbuf);

  1067. 				rspamd_http_connection_unref(conn);

  1068. 

  1069. 				return;

  1070. 			}

  1071. 		}

  1072. 		else {

  1073. 			/* In case of SSL we disable this logic as we already came from SSL handler */

  1074. 			REF_RELEASE(pbuf);

  1075. 			rspamd_http_connection_unref(conn);

  1076. 

  1077. 			return;

  1078. 		}

  1079. 	}

  1080. 	else if (what == EV_WRITE) {

  1081. 		rspamd_http_write_helper(conn);

  1082. 	}

  1083. 

  1084. 	REF_RELEASE(pbuf);

  1085. 	rspamd_http_connection_unref(conn);

  1086. }

  1087. 

  1088. static void

  1089. rspamd_http_parser_reset(struct rspamd_http_connection *conn)

  1090. {

  1091. 	struct rspamd_http_connection_private *priv = conn->priv;

  1092. 

  1093. 	http_parser_init(&priv->parser,

  1094. 					 conn->type == RSPAMD_HTTP_SERVER ? HTTP_REQUEST : HTTP_RESPONSE);

  1095. 

  1096. 	priv->parser_cb.on_url = rspamd_http_on_url;

  1097. 	priv->parser_cb.on_status = rspamd_http_on_status;

  1098. 	priv->parser_cb.on_header_field = rspamd_http_on_header_field;

  1099. 	priv->parser_cb.on_header_value = rspamd_http_on_header_value;

  1100. 	priv->parser_cb.on_headers_complete = rspamd_http_on_headers_complete;

  1101. 	priv->parser_cb.on_body = rspamd_http_on_body;

  1102. 	priv->parser_cb.on_message_complete = rspamd_http_on_message_complete;

  1103. }

  1104. 

  1105. static struct rspamd_http_connection *

  1106. rspamd_http_connection_new_common(struct rspamd_http_context *ctx,

  1107. 								  int fd,

  1108. 								  rspamd_http_body_handler_t body_handler,

  1109. 								  rspamd_http_error_handler_t error_handler,

  1110. 								  rspamd_http_finish_handler_t finish_handler,

  1111. 								  unsigned opts,

  1112. 								  enum rspamd_http_connection_type type,

  1113. 								  enum rspamd_http_priv_flags priv_flags,

  1114. 								  struct upstream *proxy_upstream)

  1115. {

  1116. 	struct rspamd_http_connection *conn;

  1117. 	struct rspamd_http_connection_private *priv;

  1118. 

  1119. 	g_assert(error_handler != NULL && finish_handler != NULL);

  1120. 

  1121. 	if (ctx == NULL) {

  1122. 		ctx = rspamd_http_context_default();

  1123. 	}

  1124. 

  1125. 	conn = g_malloc0(sizeof(struct rspamd_http_connection));

  1126. 	conn->opts = opts;

  1127. 	conn->type = type;

  1128. 	conn->body_handler = body_handler;

  1129. 	conn->error_handler = error_handler;

  1130. 	conn->finish_handler = finish_handler;

  1131. 	conn->fd = fd;

  1132. 	conn->ref = 1;

  1133. 	conn->finished = FALSE;

  1134. 

  1135. 	/* Init priv */

  1136. 	priv = g_malloc0(sizeof(struct rspamd_http_connection_private));

  1137. 	conn->priv = priv;

  1138. 	priv->ctx = ctx;

  1139. 	priv->flags = priv_flags;

  1140. 

  1141. 	if (type == RSPAMD_HTTP_SERVER) {

  1142. 		priv->cache = ctx->server_kp_cache;

  1143. 	}

  1144. 	else {

  1145. 		priv->cache = ctx->client_kp_cache;

  1146. 		if (ctx->client_kp) {

  1147. 			priv->local_key = rspamd_keypair_ref(ctx->client_kp);

  1148. 		}

  1149. 	}

  1150. 

  1151. 	rspamd_http_parser_reset(conn);

  1152. 	priv->parser.data = conn;

  1153. 

  1154. 	return conn;

  1155. }

  1156. 

  1157. struct rspamd_http_connection *

  1158. rspamd_http_connection_new_server(struct rspamd_http_context *ctx,

  1159. 								  int fd,

  1160. 								  rspamd_http_body_handler_t body_handler,

  1161. 								  rspamd_http_error_handler_t error_handler,

  1162. 								  rspamd_http_finish_handler_t finish_handler,

  1163. 								  unsigned opts)

  1164. {

  1165. 	return rspamd_http_connection_new_common(ctx, fd, body_handler,

  1166. 											 error_handler, finish_handler, opts, RSPAMD_HTTP_SERVER, 0, NULL);

  1167. }

  1168. 

  1169. struct rspamd_http_connection *

  1170. rspamd_http_connection_new_client_socket(struct rspamd_http_context *ctx,

  1171. 										 rspamd_http_body_handler_t body_handler,

  1172. 										 rspamd_http_error_handler_t error_handler,

  1173. 										 rspamd_http_finish_handler_t finish_handler,

  1174. 										 unsigned opts,

  1175. 										 int fd)

  1176. {

  1177. 	return rspamd_http_connection_new_common(ctx, fd, body_handler,

  1178. 											 error_handler, finish_handler, opts, RSPAMD_HTTP_CLIENT, 0, NULL);

  1179. }

  1180. 

  1181. struct rspamd_http_connection *

  1182. rspamd_http_connection_new_client(struct rspamd_http_context *ctx,

  1183. 								  rspamd_http_body_handler_t body_handler,

  1184. 								  rspamd_http_error_handler_t error_handler,

  1185. 								  rspamd_http_finish_handler_t finish_handler,

  1186. 								  unsigned opts,

  1187. 								  rspamd_inet_addr_t *addr)

  1188. {

  1189. 	int fd;

  1190. 

  1191. 	if (ctx == NULL) {

  1192. 		ctx = rspamd_http_context_default();

  1193. 	}

  1194. 

  1195. 	if (ctx->http_proxies) {

  1196. 		struct upstream *up = rspamd_upstream_get(ctx->http_proxies,

  1197. 												  RSPAMD_UPSTREAM_ROUND_ROBIN, NULL, 0);

  1198. 

  1199. 		if (up) {

  1200. 			rspamd_inet_addr_t *proxy_addr = rspamd_upstream_addr_next(up);

  1201. 

  1202. 			fd = rspamd_inet_address_connect(proxy_addr, SOCK_STREAM, TRUE);

  1203. 

  1204. 			if (fd == -1) {

  1205. 				msg_info("cannot connect to http proxy %s: %s",

  1206. 						 rspamd_inet_address_to_string_pretty(proxy_addr),

  1207. 						 strerror(errno));

  1208. 				rspamd_upstream_fail(up, TRUE, strerror(errno));

  1209. 

  1210. 				return NULL;

  1211. 			}

  1212. 

  1213. 			return rspamd_http_connection_new_common(ctx, fd, body_handler,

  1214. 													 error_handler, finish_handler, opts,

  1215. 													 RSPAMD_HTTP_CLIENT,

  1216. 													 RSPAMD_HTTP_CONN_OWN_SOCKET | RSPAMD_HTTP_CONN_FLAG_PROXY,

  1217. 													 up);

  1218. 		}

  1219. 	}

  1220. 

  1221. 	/* Unproxied version */

  1222. 	fd = rspamd_inet_address_connect(addr, SOCK_STREAM, TRUE);

  1223. 

  1224. 	if (fd == -1) {

  1225. 		msg_info("cannot connect make http connection to %s: %s",

  1226. 				 rspamd_inet_address_to_string_pretty(addr),

  1227. 				 strerror(errno));

  1228. 

  1229. 		return NULL;

  1230. 	}

  1231. 

  1232. 	return rspamd_http_connection_new_common(ctx, fd, body_handler,

  1233. 											 error_handler, finish_handler, opts,

  1234. 											 RSPAMD_HTTP_CLIENT,

  1235. 											 RSPAMD_HTTP_CONN_OWN_SOCKET,

  1236. 											 NULL);

  1237. }

  1238. 

  1239. struct rspamd_http_connection *

  1240. rspamd_http_connection_new_client_keepalive(struct rspamd_http_context *ctx,

  1241. 											rspamd_http_body_handler_t body_handler,

  1242. 											rspamd_http_error_handler_t error_handler,

  1243. 											rspamd_http_finish_handler_t finish_handler,

  1244. 											unsigned opts,

  1245. 											rspamd_inet_addr_t *addr,

  1246. 											const char *host)

  1247. {

  1248. 	struct rspamd_http_connection *conn;

  1249. 

  1250. 	if (ctx == NULL) {

  1251. 		ctx = rspamd_http_context_default();

  1252. 	}

  1253. 

  1254. 	conn = rspamd_http_context_check_keepalive(ctx, addr, host,

  1255. 											   opts & RSPAMD_HTTP_CLIENT_SSL);

  1256. 

  1257. 	if (conn) {

  1258. 		return conn;

  1259. 	}

  1260. 

  1261. 	conn = rspamd_http_connection_new_client(ctx,

  1262. 											 body_handler, error_handler, finish_handler,

  1263. 											 opts | RSPAMD_HTTP_CLIENT_SIMPLE | RSPAMD_HTTP_CLIENT_KEEP_ALIVE,

  1264. 											 addr);

  1265. 

  1266. 	if (conn) {

  1267. 		rspamd_http_context_prepare_keepalive(ctx, conn, addr, host,

  1268. 											  opts & RSPAMD_HTTP_CLIENT_SSL);

  1269. 	}

  1270. 

  1271. 	return conn;

  1272. }

  1273. 

  1274. void rspamd_http_connection_reset(struct rspamd_http_connection *conn)

  1275. {

  1276. 	struct rspamd_http_connection_private *priv;

  1277. 	struct rspamd_http_message *msg;

  1278. 

  1279. 	priv = conn->priv;

  1280. 	msg = priv->msg;

  1281. 

  1282. 	/* Clear request */

  1283. 	if (msg != NULL) {

  1284. 		if (msg->peer_key) {

  1285. 			priv->peer_key = msg->peer_key;

  1286. 			msg->peer_key = NULL;

  1287. 		}

  1288. 		rspamd_http_message_unref(msg);

  1289. 		priv->msg = NULL;

  1290. 	}

  1291. 

  1292. 	conn->finished = FALSE;

  1293. 	/* Clear priv */

  1294. 	rspamd_ev_watcher_stop(priv->ctx->event_loop, &priv->ev);

  1295. 

  1296. 	if (!(priv->flags & RSPAMD_HTTP_CONN_FLAG_RESETED)) {

  1297. 		rspamd_http_parser_reset(conn);

  1298. 	}

  1299. 

  1300. 	if (priv->buf != NULL) {

  1301. 		REF_RELEASE(priv->buf);

  1302. 		priv->buf = NULL;

  1303. 	}

  1304. 

  1305. 	if (priv->out != NULL) {

  1306. 		g_free(priv->out);

  1307. 		priv->out = NULL;

  1308. 	}

  1309. 

  1310. 	priv->flags |= RSPAMD_HTTP_CONN_FLAG_RESETED;

  1311. }

  1312. 

  1313. struct rspamd_http_message *

  1314. rspamd_http_connection_steal_msg(struct rspamd_http_connection *conn)

  1315. {

  1316. 	struct rspamd_http_connection_private *priv;

  1317. 	struct rspamd_http_message *msg;

  1318. 

  1319. 	priv = conn->priv;

  1320. 	msg = priv->msg;

  1321. 

  1322. 	/* Clear request */

  1323. 	if (msg != NULL) {

  1324. 		if (msg->peer_key) {

  1325. 			priv->peer_key = msg->peer_key;

  1326. 			msg->peer_key = NULL;

  1327. 		}

  1328. 		priv->msg = NULL;

  1329. 	}

  1330. 

  1331. 	return msg;

  1332. }

  1333. 

  1334. struct rspamd_http_message *

  1335. rspamd_http_connection_copy_msg(struct rspamd_http_message *msg, GError **err)

  1336. {

  1337. 	struct rspamd_http_message *new_msg;

  1338. 	struct rspamd_http_header *hdr, *nhdr, *nhdrs, *hcur;

  1339. 	const char *old_body;

  1340. 	gsize old_len;

  1341. 	struct stat st;

  1342. 	union _rspamd_storage_u *storage;

  1343. 

  1344. 	new_msg = rspamd_http_new_message(msg->type);

  1345. 	new_msg->flags = msg->flags;

  1346. 

  1347. 	if (msg->body_buf.len > 0) {

  1348. 

  1349. 		if (msg->flags & RSPAMD_HTTP_FLAG_SHMEM) {

  1350. 			/* Avoid copying by just mapping a shared segment */

  1351. 			new_msg->flags |= RSPAMD_HTTP_FLAG_SHMEM_IMMUTABLE;

  1352. 

  1353. 			storage = &new_msg->body_buf.c;

  1354. 			storage->shared.shm_fd = dup(msg->body_buf.c.shared.shm_fd);

  1355. 

  1356. 			if (storage->shared.shm_fd == -1) {

  1357. 				rspamd_http_message_unref(new_msg);

  1358. 				g_set_error(err, http_error_quark(), errno,

  1359. 							"cannot dup shmem fd: %d: %s",

  1360. 							msg->body_buf.c.shared.shm_fd, strerror(errno));

  1361. 

  1362. 				return NULL;

  1363. 			}

  1364. 

  1365. 			if (fstat(storage->shared.shm_fd, &st) == -1) {

  1366. 				g_set_error(err, http_error_quark(), errno,

  1367. 							"cannot stat shmem fd: %d: %s",

  1368. 							storage->shared.shm_fd, strerror(errno));

  1369. 				rspamd_http_message_unref(new_msg);

  1370. 

  1371. 				return NULL;

  1372. 			}

  1373. 

  1374. 			/* We don't own segment, so do not try to touch it */

  1375. 

  1376. 			if (msg->body_buf.c.shared.name) {

  1377. 				storage->shared.name = msg->body_buf.c.shared.name;

  1378. 				REF_RETAIN(storage->shared.name);

  1379. 			}

  1380. 

  1381. 			new_msg->body_buf.str = mmap(NULL, st.st_size,

  1382. 										 PROT_READ, MAP_SHARED,

  1383. 										 storage->shared.shm_fd, 0);

  1384. 

  1385. 			if (new_msg->body_buf.str == MAP_FAILED) {

  1386. 				g_set_error(err, http_error_quark(), errno,

  1387. 							"cannot mmap shmem fd: %d: %s",

  1388. 							storage->shared.shm_fd, strerror(errno));

  1389. 				rspamd_http_message_unref(new_msg);

  1390. 

  1391. 				return NULL;

  1392. 			}

  1393. 

  1394. 			new_msg->body_buf.begin = new_msg->body_buf.str;

  1395. 			new_msg->body_buf.len = msg->body_buf.len;

  1396. 			new_msg->body_buf.begin = new_msg->body_buf.str +

  1397. 									  (msg->body_buf.begin - msg->body_buf.str);

  1398. 		}

  1399. 		else {

  1400. 			old_body = rspamd_http_message_get_body(msg, &old_len);

  1401. 

  1402. 			if (!rspamd_http_message_set_body(new_msg, old_body, old_len)) {

  1403. 				g_set_error(err, http_error_quark(), errno,

  1404. 							"cannot set body for message, length: %zd",

  1405. 							old_len);

  1406. 				rspamd_http_message_unref(new_msg);

  1407. 

  1408. 				return NULL;

  1409. 			}

  1410. 		}

  1411. 	}

  1412. 

  1413. 	if (msg->url) {

  1414. 		if (new_msg->url) {

  1415. 			new_msg->url = rspamd_fstring_append(new_msg->url, msg->url->str,

  1416. 												 msg->url->len);

  1417. 		}

  1418. 		else {

  1419. 			new_msg->url = rspamd_fstring_new_init(msg->url->str,

  1420. 												   msg->url->len);

  1421. 		}

  1422. 	}

  1423. 

  1424. 	if (msg->host) {

  1425. 		new_msg->host = g_string_new_len(msg->host->str, msg->host->len);

  1426. 	}

  1427. 

  1428. 	new_msg->method = msg->method;

  1429. 	new_msg->port = msg->port;

  1430. 	new_msg->date = msg->date;

  1431. 	new_msg->last_modified = msg->last_modified;

  1432. 

  1433. 	kh_foreach_value(msg->headers, hdr, {

  1434. 		nhdrs = NULL;

  1435. 

  1436. 		DL_FOREACH(hdr, hcur)

  1437. 		{

  1438. 			nhdr = g_malloc(sizeof(struct rspamd_http_header));

  1439. 

  1440. 			nhdr->combined = rspamd_fstring_new_init(hcur->combined->str,

  1441. 													 hcur->combined->len);

  1442. 			nhdr->name.begin = nhdr->combined->str +

  1443. 							   (hcur->name.begin - hcur->combined->str);

  1444. 			nhdr->name.len = hcur->name.len;

  1445. 			nhdr->value.begin = nhdr->combined->str +

  1446. 								(hcur->value.begin - hcur->combined->str);

  1447. 			nhdr->value.len = hcur->value.len;

  1448. 			DL_APPEND(nhdrs, nhdr);

  1449. 		}

  1450. 

  1451. 		int r;

  1452. 		khiter_t k = kh_put(rspamd_http_headers_hash, new_msg->headers,

  1453. 							&nhdrs->name, &r);

  1454. 

  1455. 		if (r != 0) {

  1456. 			kh_value(new_msg->headers, k) = nhdrs;

  1457. 		}

  1458. 		else {

  1459. 			DL_CONCAT(kh_value(new_msg->headers, k), nhdrs);

  1460. 		}

  1461. 	});

  1462. 

  1463. 	return new_msg;

  1464. }

  1465. 

  1466. void rspamd_http_connection_free(struct rspamd_http_connection *conn)

  1467. {

  1468. 	struct rspamd_http_connection_private *priv;

  1469. 

  1470. 	priv = conn->priv;

  1471. 

  1472. 	if (priv != NULL) {

  1473. 		rspamd_http_connection_reset(conn);

  1474. 

  1475. 		if (priv->ssl) {

  1476. 			rspamd_ssl_connection_free(priv->ssl);

  1477. 			priv->ssl = NULL;

  1478. 		}

  1479. 

  1480. 		if (priv->local_key) {

  1481. 			rspamd_keypair_unref(priv->local_key);

  1482. 		}

  1483. 		if (priv->peer_key) {

  1484. 			rspamd_pubkey_unref(priv->peer_key);

  1485. 		}

  1486. 

  1487. 		if (priv->flags & RSPAMD_HTTP_CONN_OWN_SOCKET) {

  1488. 			/* Fd is owned by a connection */

  1489. 			close(conn->fd);

  1490. 		}

  1491. 

  1492. 		g_free(priv);

  1493. 	}

  1494. 

  1495. 	g_free(conn);

  1496. }

  1497. 

  1498. static void

  1499. rspamd_http_connection_read_message_common(struct rspamd_http_connection *conn,

  1500. 										   gpointer ud, ev_tstamp timeout,

  1501. 										   int flags)

  1502. {

  1503. 	struct rspamd_http_connection_private *priv = conn->priv;

  1504. 	struct rspamd_http_message *req;

  1505. 

  1506. 	conn->ud = ud;

  1507. 	req = rspamd_http_new_message(

  1508. 		conn->type == RSPAMD_HTTP_SERVER ? HTTP_REQUEST : HTTP_RESPONSE);

  1509. 	priv->msg = req;

  1510. 	req->flags = flags;

  1511. 

  1512. 	if (flags & RSPAMD_HTTP_FLAG_SHMEM) {

  1513. 		req->body_buf.c.shared.shm_fd = -1;

  1514. 	}

  1515. 

  1516. 	if (priv->peer_key) {

  1517. 		priv->msg->peer_key = priv->peer_key;

  1518. 		priv->peer_key = NULL;

  1519. 		priv->flags |= RSPAMD_HTTP_CONN_FLAG_ENCRYPTED;

  1520. 	}

  1521. 

  1522. 	priv->timeout = timeout;

  1523. 	priv->header = NULL;

  1524. 	priv->buf = g_malloc0(sizeof(*priv->buf));

  1525. 	REF_INIT_RETAIN(priv->buf, rspamd_http_privbuf_dtor);

  1526. 	priv->buf->data = rspamd_fstring_sized_new(8192);

  1527. 	priv->flags |= RSPAMD_HTTP_CONN_FLAG_NEW_HEADER;

  1528. 

  1529. 	if (!priv->ssl) {

  1530. 		rspamd_ev_watcher_init(&priv->ev, conn->fd, EV_READ,

  1531. 							   rspamd_http_event_handler, conn);

  1532. 		rspamd_ev_watcher_start(priv->ctx->event_loop, &priv->ev, priv->timeout);

  1533. 	}

  1534. 	else {

  1535. 		rspamd_ssl_connection_restore_handlers(priv->ssl,

  1536. 											   rspamd_http_event_handler,

  1537. 											   rspamd_http_ssl_err_handler,

  1538. 											   conn,

  1539. 											   EV_READ);

  1540. 	}

  1541. 

  1542. 	priv->flags &= ~RSPAMD_HTTP_CONN_FLAG_RESETED;

  1543. }

  1544. 

  1545. void rspamd_http_connection_read_message(struct rspamd_http_connection *conn,

  1546. 										 gpointer ud, ev_tstamp timeout)

  1547. {

  1548. 	rspamd_http_connection_read_message_common(conn, ud, timeout, 0);

  1549. }

  1550. 

  1551. void rspamd_http_connection_read_message_shared(struct rspamd_http_connection *conn,

  1552. 												gpointer ud, ev_tstamp timeout)

  1553. {

  1554. 	rspamd_http_connection_read_message_common(conn, ud, timeout,

  1555. 											   RSPAMD_HTTP_FLAG_SHMEM);

  1556. }

  1557. 

  1558. static void

  1559. rspamd_http_connection_encrypt_message(

  1560. 	struct rspamd_http_connection *conn,

  1561. 	struct rspamd_http_message *msg,

  1562. 	struct rspamd_http_connection_private *priv,

  1563. 	unsigned char *pbody,

  1564. 	unsigned int bodylen,

  1565. 	unsigned char *pmethod,

  1566. 	unsigned int methodlen,

  1567. 	unsigned int preludelen,

  1568. 	int hdrcount,

  1569. 	unsigned char *np,

  1570. 	unsigned char *mp,

  1571. 	struct rspamd_cryptobox_pubkey *peer_key)

  1572. {

  1573. 	struct rspamd_cryptobox_segment *segments;

  1574. 	unsigned char *crlfp;

  1575. 	const unsigned char *nm;

  1576. 	int i, cnt;

  1577. 	unsigned int outlen;

  1578. 	struct rspamd_http_header *hdr, *hcur;

  1579. 	enum rspamd_cryptobox_mode mode;

  1580. 

  1581. 	mode = rspamd_keypair_alg(priv->local_key);

  1582. 	crlfp = mp + rspamd_cryptobox_mac_bytes(mode);

  1583. 

  1584. 	outlen = priv->out[0].iov_len + priv->out[1].iov_len;

  1585. 	/*

  1586. 	 * Create segments from the following:

  1587. 	 * Method, [URL], CRLF, nheaders, CRLF, body

  1588. 	 */

  1589. 	segments = g_new(struct rspamd_cryptobox_segment, hdrcount + 5);

  1590. 

  1591. 	segments[0].data = pmethod;

  1592. 	segments[0].len = methodlen;

  1593. 

  1594. 	if (conn->type != RSPAMD_HTTP_SERVER) {

  1595. 		segments[1].data = msg->url->str;

  1596. 		segments[1].len = msg->url->len;

  1597. 		/* space + HTTP version + crlf */

  1598. 		segments[2].data = crlfp;

  1599. 		segments[2].len = preludelen - 2;

  1600. 		crlfp += segments[2].len;

  1601. 		i = 3;

  1602. 	}

  1603. 	else {

  1604. 		/* Here we send just CRLF */

  1605. 		segments[1].data = crlfp;

  1606. 		segments[1].len = 2;

  1607. 		crlfp += segments[1].len;

  1608. 

  1609. 		i = 2;

  1610. 	}

  1611. 

  1612. 

  1613. 	kh_foreach_value (msg->headers, hdr, {

  1614. 		DL_FOREACH (hdr, hcur) {

  1615. 			segments[i].data = hcur->combined->str;

  1616. 			segments[i++].len = hcur->combined->len;

  1617. }

  1618. });

  1619. 

  1620. /* crlfp should point now at the second crlf */

  1621. segments[i].data = crlfp;

  1622. segments[i++].len = 2;

  1623. 

  1624. if (pbody) {

  1625. 	segments[i].data = pbody;

  1626. 	segments[i++].len = bodylen;

  1627. }

  1628. 

  1629. cnt = i;

  1630. 

  1631. if ((nm = rspamd_pubkey_get_nm(peer_key, priv->local_key)) == NULL) {

  1632. 	nm = rspamd_pubkey_calculate_nm(peer_key, priv->local_key);

  1633. }

  1634. 

  1635. rspamd_cryptobox_encryptv_nm_inplace(segments, cnt, np, nm, mp, mode);

  1636. 

  1637. /*

  1638. 	 * iov[0] = base HTTP request

  1639. 	 * iov[1] = CRLF

  1640. 	 * iov[2] = nonce

  1641. 	 * iov[3] = mac

  1642. 	 * iov[4..i] = encrypted HTTP request/reply

  1643. 	 */

  1644. priv->out[2].iov_base = np;

  1645. priv->out[2].iov_len = rspamd_cryptobox_nonce_bytes(mode);

  1646. priv->out[3].iov_base = mp;

  1647. priv->out[3].iov_len = rspamd_cryptobox_mac_bytes(mode);

  1648. 

  1649. outlen += rspamd_cryptobox_nonce_bytes(mode) +

  1650. 		  rspamd_cryptobox_mac_bytes(mode);

  1651. 

  1652. for (i = 0; i < cnt; i++) {

  1653. 	priv->out[i + 4].iov_base = segments[i].data;

  1654. 	priv->out[i + 4].iov_len = segments[i].len;

  1655. 	outlen += segments[i].len;

  1656. }

  1657. 

  1658. priv->wr_total = outlen;

  1659. 

  1660. g_free(segments);

  1661. }

  1662. 

  1663. static void

  1664. rspamd_http_detach_shared(struct rspamd_http_message *msg)

  1665. {

  1666. 	rspamd_fstring_t *cpy_str;

  1667. 

  1668. 	cpy_str = rspamd_fstring_new_init(msg->body_buf.begin, msg->body_buf.len);

  1669. 	rspamd_http_message_set_body_from_fstring_steal(msg, cpy_str);

  1670. }

  1671. 

  1672. int rspamd_http_message_write_header(const char *mime_type, gboolean encrypted,

  1673. 									 char *repbuf, gsize replen, gsize bodylen, gsize enclen, const char *host,

  1674. 									 struct rspamd_http_connection *conn, struct rspamd_http_message *msg,

  1675. 									 rspamd_fstring_t **buf,

  1676. 									 struct rspamd_http_connection_private *priv,

  1677. 									 struct rspamd_cryptobox_pubkey *peer_key)

  1678. {

  1679. 	char datebuf[64];

  1680. 	int meth_len = 0;

  1681. 	const char *conn_type = "close";

  1682. 

  1683. 	if (conn->type == RSPAMD_HTTP_SERVER) {

  1684. 		/* Format reply */

  1685. 		if (msg->method < HTTP_SYMBOLS) {

  1686. 			rspamd_ftok_t status;

  1687. 

  1688. 			rspamd_http_date_format(datebuf, sizeof(datebuf), msg->date);

  1689. 

  1690. 			if (mime_type == NULL) {

  1691. 				mime_type =

  1692. 					encrypted ? "application/octet-stream" : "text/plain";

  1693. 			}

  1694. 

  1695. 			if (msg->status == NULL || msg->status->len == 0) {

  1696. 				if (msg->code == 200) {

  1697. 					RSPAMD_FTOK_ASSIGN(&status, "OK");

  1698. 				}

  1699. 				else if (msg->code == 404) {

  1700. 					RSPAMD_FTOK_ASSIGN(&status, "Not Found");

  1701. 				}

  1702. 				else if (msg->code == 403) {

  1703. 					RSPAMD_FTOK_ASSIGN(&status, "Forbidden");

  1704. 				}

  1705. 				else if (msg->code >= 500 && msg->code < 600) {

  1706. 					RSPAMD_FTOK_ASSIGN(&status, "Internal Server Error");

  1707. 				}

  1708. 				else {

  1709. 					RSPAMD_FTOK_ASSIGN(&status, "Undefined Error");

  1710. 				}

  1711. 			}

  1712. 			else {

  1713. 				status.begin = msg->status->str;

  1714. 				status.len = msg->status->len;

  1715. 			}

  1716. 

  1717. 			if (encrypted) {

  1718. 				/* Internal reply (encrypted) */

  1719. 				if (mime_type) {

  1720. 					meth_len =

  1721. 						rspamd_snprintf(repbuf, replen,

  1722. 										"HTTP/1.1 %d %T\r\n"

  1723. 										"Connection: close\r\n"

  1724. 										"Server: %s\r\n"

  1725. 										"Date: %s\r\n"

  1726. 										"Content-Length: %z\r\n"

  1727. 										"Content-Type: %s", /* NO \r\n at the end ! */

  1728. 										msg->code, &status, priv->ctx->config.server_hdr,

  1729. 										datebuf,

  1730. 										bodylen, mime_type);

  1731. 				}

  1732. 				else {

  1733. 					meth_len =

  1734. 						rspamd_snprintf(repbuf, replen,

  1735. 										"HTTP/1.1 %d %T\r\n"

  1736. 										"Connection: close\r\n"

  1737. 										"Server: %s\r\n"

  1738. 										"Date: %s\r\n"

  1739. 										"Content-Length: %z", /* NO \r\n at the end ! */

  1740. 										msg->code, &status, priv->ctx->config.server_hdr,

  1741. 										datebuf,

  1742. 										bodylen);

  1743. 				}

  1744. 				enclen += meth_len;

  1745. 				/* External reply */

  1746. 				rspamd_printf_fstring(buf,

  1747. 									  "HTTP/1.1 200 OK\r\n"

  1748. 									  "Connection: close\r\n"

  1749. 									  "Server: %s\r\n"

  1750. 									  "Date: %s\r\n"

  1751. 									  "Content-Length: %z\r\n"

  1752. 									  "Content-Type: application/octet-stream\r\n",

  1753. 									  priv->ctx->config.server_hdr,

  1754. 									  datebuf, enclen);

  1755. 			}

  1756. 			else {

  1757. 				if (mime_type) {

  1758. 					meth_len =

  1759. 						rspamd_printf_fstring(buf,

  1760. 											  "HTTP/1.1 %d %T\r\n"

  1761. 											  "Connection: close\r\n"

  1762. 											  "Server: %s\r\n"

  1763. 											  "Date: %s\r\n"

  1764. 											  "Content-Length: %z\r\n"

  1765. 											  "Content-Type: %s\r\n",

  1766. 											  msg->code, &status, priv->ctx->config.server_hdr,

  1767. 											  datebuf,

  1768. 											  bodylen, mime_type);

  1769. 				}

  1770. 				else {

  1771. 					meth_len =

  1772. 						rspamd_printf_fstring(buf,

  1773. 											  "HTTP/1.1 %d %T\r\n"

  1774. 											  "Connection: close\r\n"

  1775. 											  "Server: %s\r\n"

  1776. 											  "Date: %s\r\n"

  1777. 											  "Content-Length: %z\r\n",

  1778. 											  msg->code, &status, priv->ctx->config.server_hdr,

  1779. 											  datebuf,

  1780. 											  bodylen);

  1781. 				}

  1782. 			}

  1783. 		}

  1784. 		else {

  1785. 			/* Legacy spamd reply */

  1786. 			if (msg->flags & RSPAMD_HTTP_FLAG_SPAMC) {

  1787. 				gsize real_bodylen;

  1788. 				goffset eoh_pos;

  1789. 				GString tmp;

  1790. 

  1791. 				/* Unfortunately, spamc protocol is deadly brain damaged */

  1792. 				tmp.str = (char *) msg->body_buf.begin;

  1793. 				tmp.len = msg->body_buf.len;

  1794. 

  1795. 				if (rspamd_string_find_eoh(&tmp, &eoh_pos) != -1 &&

  1796. 					bodylen > eoh_pos) {

  1797. 					real_bodylen = bodylen - eoh_pos;

  1798. 				}

  1799. 				else {

  1800. 					real_bodylen = bodylen;

  1801. 				}

  1802. 

  1803. 				rspamd_printf_fstring(buf, "SPAMD/1.1 0 EX_OK\r\n"

  1804. 										   "Content-length: %z\r\n",

  1805. 									  real_bodylen);

  1806. 			}

  1807. 			else {

  1808. 				rspamd_printf_fstring(buf, "RSPAMD/1.3 0 EX_OK\r\n");

  1809. 			}

  1810. 		}

  1811. 	}

  1812. 	else {

  1813. 

  1814. 		/* Client request */

  1815. 		if (conn->opts & RSPAMD_HTTP_CLIENT_KEEP_ALIVE) {

  1816. 			conn_type = "keep-alive";

  1817. 		}

  1818. 

  1819. 		/* Format request */

  1820. 		enclen += RSPAMD_FSTRING_LEN(msg->url) +

  1821. 				  strlen(http_method_str(msg->method)) + 1;

  1822. 

  1823. 		if (host == NULL && msg->host == NULL) {

  1824. 			/* Fallback to HTTP/1.0 */

  1825. 			if (encrypted) {

  1826. 				rspamd_printf_fstring(buf,

  1827. 									  "%s %s HTTP/1.0\r\n"

  1828. 									  "Content-Length: %z\r\n"

  1829. 									  "Content-Type: application/octet-stream\r\n"

  1830. 									  "Connection: %s\r\n",

  1831. 									  "POST",

  1832. 									  "/post",

  1833. 									  enclen,

  1834. 									  conn_type);

  1835. 			}

  1836. 			else {

  1837. 				rspamd_printf_fstring(buf,

  1838. 									  "%s %V HTTP/1.0\r\n"

  1839. 									  "Content-Length: %z\r\n"

  1840. 									  "Connection: %s\r\n",

  1841. 									  http_method_str(msg->method),

  1842. 									  msg->url,

  1843. 									  bodylen,

  1844. 									  conn_type);

  1845. 

  1846. 				if (bodylen > 0) {

  1847. 					if (mime_type == NULL) {

  1848. 						mime_type = "text/plain";

  1849. 					}

  1850. 

  1851. 					rspamd_printf_fstring(buf,

  1852. 										  "Content-Type: %s\r\n",

  1853. 										  mime_type);

  1854. 				}

  1855. 			}

  1856. 		}

  1857. 		else {

  1858. 			/* Normal HTTP/1.1 with Host */

  1859. 			if (host == NULL) {

  1860. 				host = msg->host->str;

  1861. 			}

  1862. 

  1863. 			if (encrypted) {

  1864. 				/* TODO: Add proxy support to HTTPCrypt */

  1865. 				if (rspamd_http_message_is_standard_port(msg)) {

  1866. 					rspamd_printf_fstring(buf,

  1867. 										  "%s %s HTTP/1.1\r\n"

  1868. 										  "Connection: %s\r\n"

  1869. 										  "Host: %s\r\n"

  1870. 										  "Content-Length: %z\r\n"

  1871. 										  "Content-Type: application/octet-stream\r\n",

  1872. 										  "POST",

  1873. 										  "/post",

  1874. 										  conn_type,

  1875. 										  host,

  1876. 										  enclen);

  1877. 				}

  1878. 				else {

  1879. 					rspamd_printf_fstring(buf,

  1880. 										  "%s %s HTTP/1.1\r\n"

  1881. 										  "Connection: %s\r\n"

  1882. 										  "Host: %s:%d\r\n"

  1883. 										  "Content-Length: %z\r\n"

  1884. 										  "Content-Type: application/octet-stream\r\n",

  1885. 										  "POST",

  1886. 										  "/post",

  1887. 										  conn_type,

  1888. 										  host,

  1889. 										  msg->port,

  1890. 										  enclen);

  1891. 				}

  1892. 			}

  1893. 			else {

  1894. 				if (conn->priv->flags & RSPAMD_HTTP_CONN_FLAG_PROXY) {

  1895. 					/* Write proxied request */

  1896. 					if ((msg->flags & RSPAMD_HTTP_FLAG_HAS_HOST_HEADER)) {

  1897. 						rspamd_printf_fstring(buf,

  1898. 											  "%s %s://%s:%d/%V HTTP/1.1\r\n"

  1899. 											  "Connection: %s\r\n"

  1900. 											  "Content-Length: %z\r\n",

  1901. 											  http_method_str(msg->method),

  1902. 											  (conn->opts & RSPAMD_HTTP_CLIENT_SSL) ? "https" : "http",

  1903. 											  host,

  1904. 											  msg->port,

  1905. 											  msg->url,

  1906. 											  conn_type,

  1907. 											  bodylen);

  1908. 					}

  1909. 					else {

  1910. 						if (rspamd_http_message_is_standard_port(msg)) {

  1911. 							rspamd_printf_fstring(buf,

  1912. 												  "%s %s://%s:%d/%V HTTP/1.1\r\n"

  1913. 												  "Connection: %s\r\n"

  1914. 												  "Host: %s\r\n"

  1915. 												  "Content-Length: %z\r\n",

  1916. 												  http_method_str(msg->method),

  1917. 												  (conn->opts & RSPAMD_HTTP_CLIENT_SSL) ? "https" : "http",

  1918. 												  host,

  1919. 												  msg->port,

  1920. 												  msg->url,

  1921. 												  conn_type,

  1922. 												  host,

  1923. 												  bodylen);

  1924. 						}

  1925. 						else {

  1926. 							rspamd_printf_fstring(buf,

  1927. 												  "%s %s://%s:%d/%V HTTP/1.1\r\n"

  1928. 												  "Connection: %s\r\n"

  1929. 												  "Host: %s:%d\r\n"

  1930. 												  "Content-Length: %z\r\n",

  1931. 												  http_method_str(msg->method),

  1932. 												  (conn->opts & RSPAMD_HTTP_CLIENT_SSL) ? "https" : "http",

  1933. 												  host,

  1934. 												  msg->port,

  1935. 												  msg->url,

  1936. 												  conn_type,

  1937. 												  host,

  1938. 												  msg->port,

  1939. 												  bodylen);

  1940. 						}

  1941. 					}

  1942. 				}

  1943. 				else {

  1944. 					/* Unproxied version */

  1945. 					if ((msg->flags & RSPAMD_HTTP_FLAG_HAS_HOST_HEADER)) {

  1946. 						rspamd_printf_fstring(buf,

  1947. 											  "%s %V HTTP/1.1\r\n"

  1948. 											  "Connection: %s\r\n"

  1949. 											  "Content-Length: %z\r\n",

  1950. 											  http_method_str(msg->method),

  1951. 											  msg->url,

  1952. 											  conn_type,

  1953. 											  bodylen);

  1954. 					}

  1955. 					else {

  1956. 						if (rspamd_http_message_is_standard_port(msg)) {

  1957. 							rspamd_printf_fstring(buf,

  1958. 												  "%s %V HTTP/1.1\r\n"

  1959. 												  "Connection: %s\r\n"

  1960. 												  "Host: %s\r\n"

  1961. 												  "Content-Length: %z\r\n",

  1962. 												  http_method_str(msg->method),

  1963. 												  msg->url,

  1964. 												  conn_type,

  1965. 												  host,

  1966. 												  bodylen);

  1967. 						}

  1968. 						else {

  1969. 							rspamd_printf_fstring(buf,

  1970. 												  "%s %V HTTP/1.1\r\n"

  1971. 												  "Connection: %s\r\n"

  1972. 												  "Host: %s:%d\r\n"

  1973. 												  "Content-Length: %z\r\n",

  1974. 												  http_method_str(msg->method),

  1975. 												  msg->url,

  1976. 												  conn_type,

  1977. 												  host,

  1978. 												  msg->port,

  1979. 												  bodylen);

  1980. 						}

  1981. 					}

  1982. 				}

  1983. 

  1984. 				if (bodylen > 0) {

  1985. 					if (mime_type != NULL) {

  1986. 						rspamd_printf_fstring(buf,

  1987. 											  "Content-Type: %s\r\n",

  1988. 											  mime_type);

  1989. 					}

  1990. 				}

  1991. 			}

  1992. 		}

  1993. 

  1994. 		if (encrypted) {

  1995. 			GString *b32_key, *b32_id;

  1996. 

  1997. 			b32_key = rspamd_keypair_print(priv->local_key,

  1998. 										   RSPAMD_KEYPAIR_PUBKEY | RSPAMD_KEYPAIR_BASE32);

  1999. 			b32_id = rspamd_pubkey_print(peer_key,

  2000. 										 RSPAMD_KEYPAIR_ID_SHORT | RSPAMD_KEYPAIR_BASE32);

  2001. 			/* XXX: add some fuzz here */

  2002. 			rspamd_printf_fstring(&*buf, "Key: %v=%v\r\n", b32_id, b32_key);

  2003. 			g_string_free(b32_key, TRUE);

  2004. 			g_string_free(b32_id, TRUE);

  2005. 		}

  2006. 	}

  2007. 

  2008. 	return meth_len;

  2009. }

  2010. 

  2011. static gboolean

  2012. rspamd_http_connection_write_message_common(struct rspamd_http_connection *conn,

  2013. 											struct rspamd_http_message *msg,

  2014. 											const char *host,

  2015. 											const char *mime_type,

  2016. 											gpointer ud,

  2017. 											ev_tstamp timeout,

  2018. 											gboolean allow_shared)

  2019. {

  2020. 	struct rspamd_http_connection_private *priv = conn->priv;

  2021. 	struct rspamd_http_header *hdr, *hcur;

  2022. 	char repbuf[512], *pbody;

  2023. 	int i, hdrcount, meth_len = 0, preludelen = 0;

  2024. 	gsize bodylen, enclen = 0;

  2025. 	rspamd_fstring_t *buf;

  2026. 	gboolean encrypted = FALSE;

  2027. 	unsigned char nonce[rspamd_cryptobox_MAX_NONCEBYTES], mac[rspamd_cryptobox_MAX_MACBYTES];

  2028. 	unsigned char *np = NULL, *mp = NULL, *meth_pos = NULL;

  2029. 	struct rspamd_cryptobox_pubkey *peer_key = NULL;

  2030. 	enum rspamd_cryptobox_mode mode;

  2031. 	GError *err;

  2032. 

  2033. 	conn->ud = ud;

  2034. 	priv->msg = msg;

  2035. 	priv->timeout = timeout;

  2036. 

  2037. 	priv->header = NULL;

  2038. 	priv->buf = g_malloc0(sizeof(*priv->buf));

  2039. 	REF_INIT_RETAIN(priv->buf, rspamd_http_privbuf_dtor);

  2040. 	priv->buf->data = rspamd_fstring_sized_new(512);

  2041. 	buf = priv->buf->data;

  2042. 

  2043. 	if ((msg->flags & RSPAMD_HTTP_FLAG_WANT_SSL) && !(conn->opts & RSPAMD_HTTP_CLIENT_SSL)) {

  2044. 		err = g_error_new(HTTP_ERROR, 400,

  2045. 						  "SSL connection requested but not created properly, internal error");

  2046. 		rspamd_http_connection_ref(conn);

  2047. 		conn->error_handler(conn, err);

  2048. 		rspamd_http_connection_unref(conn);

  2049. 		g_error_free(err);

  2050. 		return FALSE;

  2051. 	}

  2052. 

  2053. 	if (priv->peer_key && priv->local_key) {

  2054. 		priv->msg->peer_key = priv->peer_key;

  2055. 		priv->peer_key = NULL;

  2056. 		priv->flags |= RSPAMD_HTTP_CONN_FLAG_ENCRYPTED;

  2057. 	}

  2058. 

  2059. 	if (msg->peer_key != NULL) {

  2060. 		if (priv->local_key == NULL) {

  2061. 			/* Automatically generate a temporary keypair */

  2062. 			priv->local_key = rspamd_keypair_new(RSPAMD_KEYPAIR_KEX,

  2063. 												 RSPAMD_CRYPTOBOX_MODE_25519);

  2064. 		}

  2065. 

  2066. 		encrypted = TRUE;

  2067. 

  2068. 		if (priv->cache) {

  2069. 			rspamd_keypair_cache_process(priv->cache,

  2070. 										 priv->local_key, priv->msg->peer_key);

  2071. 		}

  2072. 	}

  2073. 

  2074. 	if (encrypted && (msg->flags &

  2075. 					  (RSPAMD_HTTP_FLAG_SHMEM_IMMUTABLE | RSPAMD_HTTP_FLAG_SHMEM))) {

  2076. 		/* We cannot use immutable body to encrypt message in place */

  2077. 		allow_shared = FALSE;

  2078. 		rspamd_http_detach_shared(msg);

  2079. 	}

  2080. 

  2081. 	if (allow_shared) {

  2082. 		char tmpbuf[64];

  2083. 

  2084. 		if (!(msg->flags & RSPAMD_HTTP_FLAG_SHMEM) ||

  2085. 			msg->body_buf.c.shared.name == NULL) {

  2086. 			allow_shared = FALSE;

  2087. 		}

  2088. 		else {

  2089. 			/* Insert new headers */

  2090. 			rspamd_http_message_add_header(msg, "Shm",

  2091. 										   msg->body_buf.c.shared.name->shm_name);

  2092. 			rspamd_snprintf(tmpbuf, sizeof(tmpbuf), "%d",

  2093. 							(int) (msg->body_buf.begin - msg->body_buf.str));

  2094. 			rspamd_http_message_add_header(msg, "Shm-Offset",

  2095. 										   tmpbuf);

  2096. 			rspamd_snprintf(tmpbuf, sizeof(tmpbuf), "%z",

  2097. 							msg->body_buf.len);

  2098. 			rspamd_http_message_add_header(msg, "Shm-Length",

  2099. 										   tmpbuf);

  2100. 		}

  2101. 	}

  2102. 

  2103. 	if (priv->ctx->config.user_agent && conn->type == RSPAMD_HTTP_CLIENT) {

  2104. 		rspamd_ftok_t srch;

  2105. 		khiter_t k;

  2106. 		int r;

  2107. 

  2108. 		RSPAMD_FTOK_ASSIGN(&srch, "User-Agent");

  2109. 

  2110. 		k = kh_put(rspamd_http_headers_hash, msg->headers, &srch, &r);

  2111. 

  2112. 		if (r != 0) {

  2113. 			hdr = g_malloc0(sizeof(struct rspamd_http_header));

  2114. 			unsigned int vlen = strlen(priv->ctx->config.user_agent);

  2115. 			hdr->combined = rspamd_fstring_sized_new(srch.len + vlen + 4);

  2116. 			rspamd_printf_fstring(&hdr->combined, "%T: %*s\r\n", &srch, vlen,

  2117. 								  priv->ctx->config.user_agent);

  2118. 			hdr->name.begin = hdr->combined->str;

  2119. 			hdr->name.len = srch.len;

  2120. 			hdr->value.begin = hdr->combined->str + srch.len + 2;

  2121. 			hdr->value.len = vlen;

  2122. 			hdr->prev = hdr; /* for utlists */

  2123. 

  2124. 			kh_value(msg->headers, k) = hdr;

  2125. 			/* as we searched using static buffer */

  2126. 			kh_key(msg->headers, k) = &hdr->name;

  2127. 		}

  2128. 	}

  2129. 

  2130. 	if (encrypted) {

  2131. 		mode = rspamd_keypair_alg(priv->local_key);

  2132. 

  2133. 		if (msg->body_buf.len == 0) {

  2134. 			pbody = NULL;

  2135. 			bodylen = 0;

  2136. 			msg->method = HTTP_GET;

  2137. 		}

  2138. 		else {

  2139. 			pbody = (char *) msg->body_buf.begin;

  2140. 			bodylen = msg->body_buf.len;

  2141. 			msg->method = HTTP_POST;

  2142. 		}

  2143. 

  2144. 		if (conn->type == RSPAMD_HTTP_SERVER) {

  2145. 			/*

  2146. 			 * iov[0] = base reply

  2147. 			 * iov[1] = CRLF

  2148. 			 * iov[2] = nonce

  2149. 			 * iov[3] = mac

  2150. 			 * iov[4] = encrypted reply

  2151. 			 * iov[6] = encrypted crlf

  2152. 			 * iov[7..n] = encrypted headers

  2153. 			 * iov[n + 1] = encrypted crlf

  2154. 			 * [iov[n + 2] = encrypted body]

  2155. 			 */

  2156. 			priv->outlen = 7;

  2157. 			enclen = rspamd_cryptobox_nonce_bytes(mode) +

  2158. 					 rspamd_cryptobox_mac_bytes(mode) +

  2159. 					 4 + /* 2 * CRLF */

  2160. 					 bodylen;

  2161. 		}

  2162. 		else {

  2163. 			/*

  2164. 			 * iov[0] = base request

  2165. 			 * iov[1] = CRLF

  2166. 			 * iov[2] = nonce

  2167. 			 * iov[3] = mac

  2168. 			 * iov[4] = encrypted method + space

  2169. 			 * iov[5] = encrypted url

  2170. 			 * iov[7] = encrypted prelude

  2171. 			 * iov[8..n] = encrypted headers

  2172. 			 * iov[n + 1] = encrypted crlf

  2173. 			 * [iov[n + 2] = encrypted body]

  2174. 			 */

  2175. 			priv->outlen = 8;

  2176. 

  2177. 			if (bodylen > 0) {

  2178. 				if (mime_type != NULL) {

  2179. 					preludelen = rspamd_snprintf(repbuf, sizeof(repbuf), "%s\r\n"

  2180. 																		 "Content-Length: %z\r\n"

  2181. 																		 "Content-Type: %s\r\n"

  2182. 																		 "\r\n",

  2183. 												 ENCRYPTED_VERSION, bodylen,

  2184. 												 mime_type);

  2185. 				}

  2186. 				else {

  2187. 					preludelen = rspamd_snprintf(repbuf, sizeof(repbuf), "%s\r\n"

  2188. 																		 "Content-Length: %z\r\n"

  2189. 																		 ""

  2190. 																		 "\r\n",

  2191. 												 ENCRYPTED_VERSION, bodylen);

  2192. 				}

  2193. 			}

  2194. 			else {

  2195. 				preludelen = rspamd_snprintf(repbuf, sizeof(repbuf),

  2196. 											 "%s\r\n\r\n",

  2197. 											 ENCRYPTED_VERSION);

  2198. 			}

  2199. 

  2200. 			enclen = rspamd_cryptobox_nonce_bytes(mode) +

  2201. 					 rspamd_cryptobox_mac_bytes(mode) +

  2202. 					 preludelen + /* version [content-length] + 2 * CRLF */

  2203. 					 bodylen;

  2204. 		}

  2205. 

  2206. 		if (bodylen > 0) {

  2207. 			priv->outlen++;

  2208. 		}

  2209. 	}

  2210. 	else {

  2211. 		if (msg->method < HTTP_SYMBOLS) {

  2212. 			if (msg->body_buf.len == 0 || allow_shared) {

  2213. 				pbody = NULL;

  2214. 				bodylen = 0;

  2215. 				priv->outlen = 2;

  2216. 

  2217. 				if (msg->method == HTTP_INVALID) {

  2218. 					msg->method = HTTP_GET;

  2219. 				}

  2220. 			}

  2221. 			else {

  2222. 				pbody = (char *) msg->body_buf.begin;

  2223. 				bodylen = msg->body_buf.len;

  2224. 				priv->outlen = 3;

  2225. 

  2226. 				if (msg->method == HTTP_INVALID) {

  2227. 					msg->method = HTTP_POST;

  2228. 				}

  2229. 			}

  2230. 		}

  2231. 		else if (msg->body_buf.len > 0) {

  2232. 			allow_shared = FALSE;

  2233. 			pbody = (char *) msg->body_buf.begin;

  2234. 			bodylen = msg->body_buf.len;

  2235. 			priv->outlen = 2;

  2236. 		}

  2237. 		else {

  2238. 			/* Invalid body for spamc method */

  2239. 			abort();

  2240. 		}

  2241. 	}

  2242. 

  2243. 	peer_key = msg->peer_key;

  2244. 

  2245. 	priv->wr_total = bodylen + 2;

  2246. 

  2247. 	hdrcount = 0;

  2248. 

  2249. 	if (msg->method < HTTP_SYMBOLS) {

  2250. 		kh_foreach_value (msg->headers, hdr, {

  2251. 			DL_FOREACH (hdr, hcur) {

  2252. 				/* <name: value\r\n> */

  2253. 				priv->wr_total += hcur->combined->len;

  2254. 				enclen += hcur->combined->len;

  2255. 				priv->outlen ++;

  2256. 				hdrcount ++;

  2257. 	}

  2258. });

  2259. }

  2260. 

  2261. /* Allocate iov */

  2262. priv->out = g_malloc0(sizeof(struct iovec) * priv->outlen);

  2263. priv->wr_pos = 0;

  2264. 

  2265. meth_len = rspamd_http_message_write_header(mime_type, encrypted,

  2266. 											repbuf, sizeof(repbuf), bodylen, enclen,

  2267. 											host, conn, msg,

  2268. 											&buf, priv, peer_key);

  2269. priv->wr_total += buf->len;

  2270. 

  2271. /* Setup external request body */

  2272. priv->out[0].iov_base = buf->str;

  2273. priv->out[0].iov_len = buf->len;

  2274. 

  2275. /* Buf will be used eventually for encryption */

  2276. if (encrypted) {

  2277. 	int meth_offset, nonce_offset, mac_offset;

  2278. 	mode = rspamd_keypair_alg(priv->local_key);

  2279. 

  2280. 	ottery_rand_bytes(nonce, rspamd_cryptobox_nonce_bytes(mode));

  2281. 	memset(mac, 0, rspamd_cryptobox_mac_bytes(mode));

  2282. 	meth_offset = buf->len;

  2283. 

  2284. 	if (conn->type == RSPAMD_HTTP_SERVER) {

  2285. 		buf = rspamd_fstring_append(buf, repbuf, meth_len);

  2286. 	}

  2287. 	else {

  2288. 		meth_len = strlen(http_method_str(msg->method)) + 1; /* + space */

  2289. 		buf = rspamd_fstring_append(buf, http_method_str(msg->method),

  2290. 									meth_len - 1);

  2291. 		buf = rspamd_fstring_append(buf, " ", 1);

  2292. 	}

  2293. 

  2294. 	nonce_offset = buf->len;

  2295. 	buf = rspamd_fstring_append(buf, nonce,

  2296. 								rspamd_cryptobox_nonce_bytes(mode));

  2297. 	mac_offset = buf->len;

  2298. 	buf = rspamd_fstring_append(buf, mac,

  2299. 								rspamd_cryptobox_mac_bytes(mode));

  2300. 

  2301. 	/* Need to be encrypted */

  2302. 	if (conn->type == RSPAMD_HTTP_SERVER) {

  2303. 		buf = rspamd_fstring_append(buf, "\r\n\r\n", 4);

  2304. 	}

  2305. 	else {

  2306. 		buf = rspamd_fstring_append(buf, repbuf, preludelen);

  2307. 	}

  2308. 

  2309. 	meth_pos = buf->str + meth_offset;

  2310. 	np = buf->str + nonce_offset;

  2311. 	mp = buf->str + mac_offset;

  2312. }

  2313. 

  2314. /* During previous writes, buf might be reallocated and changed */

  2315. priv->buf->data = buf;

  2316. 

  2317. if (encrypted) {

  2318. 	/* Finish external HTTP request */

  2319. 	priv->out[1].iov_base = "\r\n";

  2320. 	priv->out[1].iov_len = 2;

  2321. 	/* Encrypt the real request */

  2322. 	rspamd_http_connection_encrypt_message(conn, msg, priv, pbody, bodylen,

  2323. 										   meth_pos, meth_len, preludelen, hdrcount, np, mp, peer_key);

  2324. }

  2325. else {

  2326. 	i = 1;

  2327. 	if (msg->method < HTTP_SYMBOLS) {

  2328. 			kh_foreach_value (msg->headers, hdr, {

  2329. 				DL_FOREACH (hdr, hcur) {

  2330. 					priv->out[i].iov_base = hcur->combined->str;

  2331. 					priv->out[i++].iov_len = hcur->combined->len;

  2332. 	}

  2333. });

  2334. 

  2335. priv->out[i].iov_base = "\r\n";

  2336. priv->out[i++].iov_len = 2;

  2337. }

  2338. else

  2339. {

  2340. 	/* No CRLF for compatibility reply */

  2341. 	priv->wr_total -= 2;

  2342. }

  2343. 

  2344. if (pbody != NULL) {

  2345. 	priv->out[i].iov_base = pbody;

  2346. 	priv->out[i++].iov_len = bodylen;

  2347. }

  2348. }

  2349. 

  2350. priv->flags &= ~RSPAMD_HTTP_CONN_FLAG_RESETED;

  2351. 

  2352. if ((priv->flags & RSPAMD_HTTP_CONN_FLAG_PROXY) && (conn->opts & RSPAMD_HTTP_CLIENT_SSL)) {

  2353. 	/* We need to disable SSL flag! */

  2354. 	err = g_error_new(HTTP_ERROR, 400, "cannot use proxy for SSL connections");

  2355. 	rspamd_http_connection_ref(conn);

  2356. 	conn->error_handler(conn, err);

  2357. 	rspamd_http_connection_unref(conn);

  2358. 	g_error_free(err);

  2359. 	return FALSE;

  2360. }

  2361. 

  2362. rspamd_ev_watcher_stop(priv->ctx->event_loop, &priv->ev);

  2363. 

  2364. if (conn->opts & RSPAMD_HTTP_CLIENT_SSL) {

  2365. 	gpointer ssl_ctx = (msg->flags & RSPAMD_HTTP_FLAG_SSL_NOVERIFY) ? priv->ctx->ssl_ctx_noverify : priv->ctx->ssl_ctx;

  2366. 

  2367. 	if (!ssl_ctx) {

  2368. 			err = g_error_new(HTTP_ERROR, 400, "ssl message requested "

  2369. 											   "with no ssl ctx");

  2370. 			rspamd_http_connection_ref(conn);

  2371. 			conn->error_handler(conn, err);

  2372. 			rspamd_http_connection_unref(conn);

  2373. 			g_error_free(err);

  2374. 			return FALSE;

  2375. 	}

  2376. 	else {

  2377. 			if (!priv->ssl) {

  2378. 				priv->ssl = rspamd_ssl_connection_new(ssl_ctx, priv->ctx->event_loop,

  2379. 													  !(msg->flags & RSPAMD_HTTP_FLAG_SSL_NOVERIFY),

  2380. 													  conn->log_tag);

  2381. 				g_assert(priv->ssl != NULL);

  2382. 

  2383. 				if (!rspamd_ssl_connect_fd(priv->ssl, conn->fd, host, &priv->ev,

  2384. 										   priv->timeout, rspamd_http_event_handler,

  2385. 										   rspamd_http_ssl_err_handler, conn)) {

  2386. 

  2387. 					err = g_error_new(HTTP_ERROR, 400,

  2388. 									  "ssl connection error: ssl error=%s, errno=%s",

  2389. 									  ERR_error_string(ERR_get_error(), NULL),

  2390. 									  strerror(errno));

  2391. 					rspamd_http_connection_ref(conn);

  2392. 					conn->error_handler(conn, err);

  2393. 					rspamd_http_connection_unref(conn);

  2394. 					g_error_free(err);

  2395. 					return FALSE;

  2396. 				}

  2397. 			}

  2398. 			else {

  2399. 				/* Just restore SSL handlers */

  2400. 				rspamd_ssl_connection_restore_handlers(priv->ssl,

  2401. 													   rspamd_http_event_handler,

  2402. 													   rspamd_http_ssl_err_handler,

  2403. 													   conn,

  2404. 													   EV_WRITE);

  2405. 			}

  2406. 	}

  2407. }

  2408. else {

  2409. 	rspamd_ev_watcher_init(&priv->ev, conn->fd, EV_WRITE,

  2410. 						   rspamd_http_event_handler, conn);

  2411. 	rspamd_ev_watcher_start(priv->ctx->event_loop, &priv->ev, priv->timeout);

  2412. }

  2413. 

  2414. return TRUE;

  2415. }

  2416. 

  2417. gboolean

  2418. rspamd_http_connection_write_message(struct rspamd_http_connection *conn,

  2419. 									 struct rspamd_http_message *msg,

  2420. 									 const char *host,

  2421. 									 const char *mime_type,

  2422. 									 gpointer ud,

  2423. 									 ev_tstamp timeout)

  2424. {

  2425. 	return rspamd_http_connection_write_message_common(conn, msg, host, mime_type,

  2426. 													   ud, timeout, FALSE);

  2427. }

  2428. 

  2429. gboolean

  2430. rspamd_http_connection_write_message_shared(struct rspamd_http_connection *conn,

  2431. 											struct rspamd_http_message *msg,

  2432. 											const char *host,

  2433. 											const char *mime_type,

  2434. 											gpointer ud,

  2435. 											ev_tstamp timeout)

  2436. {

  2437. 	return rspamd_http_connection_write_message_common(conn, msg, host, mime_type,

  2438. 													   ud, timeout, TRUE);

  2439. }

  2440. 

  2441. 

  2442. void rspamd_http_connection_set_max_size(struct rspamd_http_connection *conn,

  2443. 										 gsize sz)

  2444. {

  2445. 	conn->max_size = sz;

  2446. }

  2447. 

  2448. void rspamd_http_connection_set_key(struct rspamd_http_connection *conn,

  2449. 									struct rspamd_cryptobox_keypair *key)

  2450. {

  2451. 	struct rspamd_http_connection_private *priv = conn->priv;

  2452. 

  2453. 	g_assert(key != NULL);

  2454. 	priv->local_key = rspamd_keypair_ref(key);

  2455. }

  2456. 

  2457. void rspamd_http_connection_own_socket(struct rspamd_http_connection *conn)

  2458. {

  2459. 	struct rspamd_http_connection_private *priv = conn->priv;

  2460. 

  2461. 	priv->flags |= RSPAMD_HTTP_CONN_OWN_SOCKET;

  2462. }

  2463. 

  2464. const struct rspamd_cryptobox_pubkey *

  2465. rspamd_http_connection_get_peer_key(struct rspamd_http_connection *conn)

  2466. {

  2467. 	struct rspamd_http_connection_private *priv = conn->priv;

  2468. 

  2469. 	if (priv->peer_key) {

  2470. 			return priv->peer_key;

  2471. 	}

  2472. 	else if (priv->msg) {

  2473. 			return priv->msg->peer_key;

  2474. 	}

  2475. 

  2476. 	return NULL;

  2477. }

  2478. 

  2479. gboolean

  2480. rspamd_http_connection_is_encrypted(struct rspamd_http_connection *conn)

  2481. {

  2482. 	struct rspamd_http_connection_private *priv = conn->priv;

  2483. 

  2484. 	if (priv->peer_key != NULL) {

  2485. 			return TRUE;

  2486. 	}

  2487. 	else if (priv->msg) {

  2488. 			return priv->msg->peer_key != NULL;

  2489. 	}

  2490. 

  2491. 	return FALSE;

  2492. }

  2493. 

  2494. GHashTable *

  2495. rspamd_http_message_parse_query(struct rspamd_http_message *msg)

  2496. {

  2497. 	GHashTable *res;

  2498. 	rspamd_fstring_t *key = NULL, *value = NULL;

  2499. 	rspamd_ftok_t *key_tok = NULL, *value_tok = NULL;

  2500. 	const char *p, *c, *end;

  2501. 	struct http_parser_url u;

  2502. 	enum {

  2503. 		parse_key,

  2504. 		parse_eqsign,

  2505. 		parse_value,

  2506. 		parse_ampersand

  2507. 	} state = parse_key;

  2508. 

  2509. 	res = g_hash_table_new_full(rspamd_ftok_icase_hash,

  2510. 								rspamd_ftok_icase_equal,

  2511. 								rspamd_fstring_mapped_ftok_free,

  2512. 								rspamd_fstring_mapped_ftok_free);

  2513. 

  2514. 	if (msg->url && msg->url->len > 0) {

  2515. 			http_parser_parse_url(msg->url->str, msg->url->len, TRUE, &u);

  2516. 

  2517. 			if (u.field_set & (1 << UF_QUERY)) {

  2518. 				p = msg->url->str + u.field_data[UF_QUERY].off;

  2519. 				c = p;

  2520. 				end = p + u.field_data[UF_QUERY].len;

  2521. 

  2522. 				while (p <= end) {

  2523. 					switch (state) {

  2524. 					case parse_key:

  2525. 						if ((p == end || *p == '&') && p > c) {

  2526. 							/* We have a single parameter without a value */

  2527. 							key = rspamd_fstring_new_init(c, p - c);

  2528. 							key_tok = rspamd_ftok_map(key);

  2529. 							key_tok->len = rspamd_url_decode(key->str, key->str,

  2530. 															 key->len);

  2531. 

  2532. 							value = rspamd_fstring_new_init("", 0);

  2533. 							value_tok = rspamd_ftok_map(value);

  2534. 

  2535. 							g_hash_table_replace(res, key_tok, value_tok);

  2536. 							state = parse_ampersand;

  2537. 						}

  2538. 						else if (*p == '=' && p > c) {

  2539. 							/* We have something like key=value */

  2540. 							key = rspamd_fstring_new_init(c, p - c);

  2541. 							key_tok = rspamd_ftok_map(key);

  2542. 							key_tok->len = rspamd_url_decode(key->str, key->str,

  2543. 															 key->len);

  2544. 

  2545. 							state = parse_eqsign;

  2546. 						}

  2547. 						else {

  2548. 							p++;

  2549. 						}

  2550. 						break;

  2551. 

  2552. 					case parse_eqsign:

  2553. 						if (*p != '=') {

  2554. 							c = p;

  2555. 							state = parse_value;

  2556. 						}

  2557. 						else {

  2558. 							p++;

  2559. 						}

  2560. 						break;

  2561. 

  2562. 					case parse_value:

  2563. 						if ((p == end || *p == '&') && p >= c) {

  2564. 							g_assert(key != NULL);

  2565. 							if (p > c) {

  2566. 								value = rspamd_fstring_new_init(c, p - c);

  2567. 								value_tok = rspamd_ftok_map(value);

  2568. 								value_tok->len = rspamd_url_decode(value->str,

  2569. 																   value->str,

  2570. 																   value->len);

  2571. 								/* Detect quotes for value */

  2572. 								if (value_tok->begin[0] == '"') {

  2573. 									memmove(value->str, value->str + 1,

  2574. 											value_tok->len - 1);

  2575. 									value_tok->len--;

  2576. 								}

  2577. 								if (value_tok->begin[value_tok->len - 1] == '"') {

  2578. 									value_tok->len--;

  2579. 								}

  2580. 							}

  2581. 							else {

  2582. 								value = rspamd_fstring_new_init("", 0);

  2583. 								value_tok = rspamd_ftok_map(value);

  2584. 							}

  2585. 

  2586. 							g_hash_table_replace(res, key_tok, value_tok);

  2587. 							key = value = NULL;

  2588. 							key_tok = value_tok = NULL;

  2589. 							state = parse_ampersand;

  2590. 						}

  2591. 						else {

  2592. 							p++;

  2593. 						}

  2594. 						break;

  2595. 

  2596. 					case parse_ampersand:

  2597. 						if (p != end && *p != '&') {

  2598. 							c = p;

  2599. 							state = parse_key;

  2600. 						}

  2601. 						else {

  2602. 							p++;

  2603. 						}

  2604. 						break;

  2605. 					}

  2606. 				}

  2607. 			}

  2608. 

  2609. 			if (state != parse_ampersand && key != NULL) {

  2610. 				rspamd_fstring_free(key);

  2611. 			}

  2612. 	}

  2613. 

  2614. 	return res;

  2615. }

  2616. 

  2617. 

  2618. struct rspamd_http_message *

  2619. rspamd_http_message_ref(struct rspamd_http_message *msg)

  2620. {

  2621. 	REF_RETAIN(msg);

  2622. 

  2623. 	return msg;

  2624. }

  2625. 

  2626. void rspamd_http_message_unref(struct rspamd_http_message *msg)

  2627. {

  2628. 	REF_RELEASE(msg);

  2629. }

  2630. 

  2631. void rspamd_http_connection_disable_encryption(struct rspamd_http_connection *conn)

  2632. {

  2633. 	struct rspamd_http_connection_private *priv;

  2634. 

  2635. 	priv = conn->priv;

  2636. 

  2637. 	if (priv) {

  2638. 			if (priv->local_key) {

  2639. 				rspamd_keypair_unref(priv->local_key);

  2640. 			}

  2641. 			if (priv->peer_key) {

  2642. 				rspamd_pubkey_unref(priv->peer_key);

  2643. 			}

  2644. 

  2645. 			priv->local_key = NULL;

  2646. 			priv->peer_key = NULL;

  2647. 			priv->flags &= ~RSPAMD_HTTP_CONN_FLAG_ENCRYPTED;

  2648. 	}

  2649. }