]> git.proxmox.com Git - pve-manager.git/blame - PVE/HTTPServer.pm
projects / pve-manager.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
add generic formater support
[pve-manager.git] / PVE / HTTPServer.pm
CommitLineData
57f93db1
DM		 1package PVE::HTTPServer;
2
3use strict;
4use warnings;
d06a1c62 5use Time::HiRes qw(usleep ualarm gettimeofday tv_interval);
57f93db1
DM		 6use Socket qw(IPPROTO_TCP TCP_NODELAY SOMAXCONN);
7use POSIX qw(strftime EINTR EAGAIN);
8use Fcntl;
d06a1c62 9use IO::File;
57f93db1 10use File::stat qw();
d06a1c62 11use Digest::MD5;
15903af6 12# use AnyEvent::Strict; # only use this for debugging
57f93db1 13use AnyEvent::Util qw(guard fh_nonblocking WSAEWOULDBLOCK WSAEINPROGRESS);
33afb29b 14use AnyEvent::Socket;
57f93db1 15use AnyEvent::Handle;
943776b0 16use Net::SSLeay;
57f93db1
DM		 17use AnyEvent::TLS;
18use AnyEvent::IO;
19use AnyEvent::HTTP;
20use Fcntl ();
21use Compress::Zlib;
22use PVE::SafeSyslog;
23use PVE::INotify;
24use PVE::RPCEnvironment;
25use PVE::REST;
26
a908636e 27use Net::IP;
57f93db1 28use URI;
9195c8f9 29use URI::Escape;
57f93db1
DM		 30use HTTP::Status qw(:constants);
31use HTTP::Headers;
32use HTTP::Response;
f6c357cf 33use Data::Dumper;
57f93db1 34
209b203e
DM		 35my $limit_max_headers = 30;
36my $limit_max_header_size = 8*1024;
37my $limit_max_post = 16*1024;
57f93db1 38
57f93db1
DM		 39
40my $known_methods = {
41 GET => 1,
42 POST => 1,
43 PUT => 1,
44 DELETE => 1,
45};
46
d06a1c62
DM		 47my $baseuri = "/api2";
48
49sub split_abs_uri {
50 my ($abs_uri) = @_;
51
3ed61033 52 my ($format, $rel_uri) = $abs_uri =~ m/^\Q$baseuri\E\/+([a-z][a-z0-9]+)(\/.*)?$/;
d06a1c62
DM		 53 $rel_uri = '/' if !$rel_uri;
54
55 return wantarray ? ($rel_uri, $format) : $rel_uri;
56}
57
57f93db1
DM		 58sub log_request {
59 my ($self, $reqstate) = @_;
60
57f93db1
DM		 61 my $loginfo = $reqstate->{log};
62
63 # like apache2 common log format
64 # LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\""
65
8d5310c1
DM		 66 return if $loginfo->{written}; # avoid duplicate logs
67 $loginfo->{written} = 1;
68
57f93db1
DM		 69 my $peerip = $reqstate->{peer_host} || '-';
70 my $userid = $loginfo->{userid} || '-';
71 my $content_length = defined($loginfo->{content_length}) ? $loginfo->{content_length} : '-';
72 my $code = $loginfo->{code} || 500;
73 my $requestline = $loginfo->{requestline} || '-';
74 my $timestr = strftime("%d/%b/%Y:%H:%M:%S %z", localtime());
75
76 my $msg = "$peerip - $userid [$timestr] \"$requestline\" $code $content_length\n";
77
c2e9823c 78 $self->write_log($msg);
57f93db1
DM		 79}
80
81sub log_aborted_request {
82 my ($self, $reqstate, $error) = @_;
83
84 my $r = $reqstate->{request};
85 return if !$r; # no active request
86
87 if ($error) {
88 syslog("err", "problem with client $reqstate->{peer_host}; $error");
89 }
f91072d5 90
57f93db1
DM		 91 $self->log_request($reqstate);
92}
93
23699d1e
DM		 94sub cleanup_reqstate {
95 my ($reqstate) = @_;
96
97 delete $reqstate->{log};
98 delete $reqstate->{request};
99 delete $reqstate->{proto};
100 delete $reqstate->{accept_gzip};
8dc1715b 101 delete $reqstate->{starttime};
57f93db1 102
d06a1c62
DM		 103 if ($reqstate->{tmpfilename}) {
104 unlink $reqstate->{tmpfilename};
105 delete $reqstate->{tmpfilename};
106 }
23699d1e
DM		 107}
108
109sub client_do_disconnect {
110 my ($self, $reqstate) = @_;
111
112 cleanup_reqstate($reqstate);
d06a1c62 113
89634434
DM		 114 my $shutdown_hdl = sub {
115 my $hdl = shift;
116
117 shutdown($hdl->{fh}, 1);
118 # clear all handlers
119 $hdl->on_drain(undef);
120 $hdl->on_read(undef);
121 $hdl->on_eof(undef);
122 };
123
124 if (my $proxyhdl = delete $reqstate->{proxyhdl}) {
125 &$shutdown_hdl($proxyhdl);
126 }
127
57f93db1
DM		 128 my $hdl = delete $reqstate->{hdl};
129
130 if (!$hdl) {
131 syslog('err', "detected empty handle");
132 return;
133 }
134
89634434
DM		 135 print "close connection $hdl\n" if $self->{debug};
136
137 &$shutdown_hdl($hdl);
57f93db1 138
57f93db1
DM		 139 $self->{conn_count}--;
140
f91072d5 141 print "$$: CLOSE FH" . $hdl->{fh}->fileno() . " CONN$self->{conn_count}\n" if $self->{debug};
57f93db1
DM		 142}
143
144sub finish_response {
145 my ($self, $reqstate) = @_;
146
147 my $hdl = $reqstate->{hdl};
148
23699d1e 149 cleanup_reqstate($reqstate);
d06a1c62 150
57f93db1 151 if (!$self->{end_loop} && $reqstate->{keep_alive} > 0) {
d06a1c62 152 # print "KEEPALIVE $reqstate->{keep_alive}\n" if $self->{debug};
f91072d5 153 $hdl->on_read(sub {
57f93db1
DM		 154 eval { $self->push_request_header($reqstate); };
155 warn $@ if $@;
156 });
157 } else {
158 $hdl->on_drain (sub {
f91072d5
DM		 159 eval {
160 $self->client_do_disconnect($reqstate);
161 };
57f93db1
DM		 162 warn $@ if $@;
163 });
164 }
165}
166
167sub response {
8dc1715b 168 my ($self, $reqstate, $resp, $mtime, $nocomp, $delay) = @_;
57f93db1
DM		 169
170 #print "$$: send response: " . Dumper($resp);
171
23699d1e
DM		 172 # activate timeout
173 $reqstate->{hdl}->timeout_reset();
174 $reqstate->{hdl}->timeout($self->{timeout});
175
5c495833
DM		 176 $nocomp = 1 if !$reqstate->{accept_gzip};
177
57f93db1
DM		 178 my $code = $resp->code;
179 my $msg = $resp->message || HTTP::Status::status_message($code);
180 ($msg) = $msg =~m/^(.*)$/m;
181 my $content = $resp->content;
182
183 if ($code =~ /^(1\d\d|[23]04)$/) {
184 # make sure content we have no content
185 $content = "";
186 }
187
88ad4103 188 $reqstate->{keep_alive} = 0 if ($code >= 400) || $self->{end_loop};
57f93db1
DM		 189
190 $reqstate->{log}->{code} = $code;
191
1319da81
DM		 192 my $proto = $reqstate->{proto} ? $reqstate->{proto}->{str} : 'HTTP/1.0';
193 my $res = "$proto $code $msg\015\012";
f91072d5 194
57f93db1
DM		 195 my $ctime = time();
196 my $date = HTTP::Date::time2str($ctime);
197 $resp->header('Date' => $date);
198 if ($mtime) {
199 $resp->header('Last-Modified' => HTTP::Date::time2str($mtime));
200 } else {
201 $resp->header('Expires' => $date);
202 $resp->header('Cache-Control' => "max-age=0");
203 $resp->header("Pragma", "no-cache");
204 }
205
206 $resp->header('Server' => "pve-api-daemon/3.0");
207
208 my $content_length;
f91072d5 209 if ($content) {
57f93db1
DM		 210
211 $content_length = length($content);
212
213 if (!$nocomp && ($content_length > 1024)) {
214 my $comp = Compress::Zlib::memGzip($content);
215 $resp->header('Content-Encoding', 'gzip');
216 $content = $comp;
217 $content_length = length($content);
218 }
219 $resp->header("Content-Length" => $content_length);
220 $reqstate->{log}->{content_length} = $content_length;
f91072d5 221
57f93db1
DM		 222 } else {
223 $resp->remove_header("Content-Length");
224 }
f91072d5 225
57f93db1
DM		 226 if ($reqstate->{keep_alive} > 0) {
227 $resp->push_header('Connection' => 'Keep-Alive');
228 } else {
229 $resp->header('Connection' => 'close');
230 }
231
232 $res .= $resp->headers_as_string("\015\012");
f91072d5 233 #print "SEND(without content) $res\n" if $self->{debug};
57f93db1
DM		 234
235 $res .= "\015\012";
33afb29b 236 $res .= $content if $content;
57f93db1
DM		 237
238 $self->log_request($reqstate, $reqstate->{request});
8dc1715b
DM		 239
240 if ($delay && $delay > 0) {
241 my $w; $w = AnyEvent->timer(after => $delay, cb => sub {
242 undef $w; # delete reference
243 $reqstate->{hdl}->push_write($res);
244 $self->finish_response($reqstate);
245 });
246 } else {
247 $reqstate->{hdl}->push_write($res);
248 $self->finish_response($reqstate);
249 }
57f93db1
DM		 250}
251
252sub error {
253 my ($self, $reqstate, $code, $msg, $hdr, $content) = @_;
254
255 eval {
f91072d5 256 my $resp = HTTP::Response->new($code, $msg, $hdr, $content);
57f93db1
DM		 257 $self->response($reqstate, $resp);
258 };
259 warn $@ if $@;
260}
261
262sub send_file_start {
263 my ($self, $reqstate, $filename) = @_;
264
265 eval {
266 # print "SEND FILE $filename\n";
f91072d5 267 # Note: aio_load() this is not really async unless we use IO::AIO!
57f93db1
DM		 268 eval {
269
88ad4103
DM		 270 my $r = $reqstate->{request};
271
57f93db1
DM		 272 my $fh = IO::File->new($filename, '<') ||
273 die "$!\n";
274 my $stat = File::stat::stat($fh) ||
275 die "$!\n";
88ad4103
DM		 276
277 my $mtime = $stat->mtime;
278
279 if (my $ifmod = $r->header('if-modified-since')) {
280 my $iftime = HTTP::Date::str2time($ifmod);
281 if ($mtime <= $iftime) {
282 my $resp = HTTP::Response->new(304, "NOT MODIFIED");
283 $self->response($reqstate, $resp, $mtime);
284 return;
285 }
286 }
f91072d5 287
57f93db1
DM		 288 my $data;
289 my $len = sysread($fh, $data, $stat->size);
290 die "got short file\n" if !defined($len) || $len != $stat->size;
291
292 my $ct;
0ebf2fa8 293 my $nocomp;
57f93db1
DM		 294 if ($filename =~ m/\.css$/) {
295 $ct = 'text/css';
f91072d5 296 } elsif ($filename =~ m/\.js$/) {
57f93db1 297 $ct = 'application/javascript';
f91072d5 298 } elsif ($filename =~ m/\.png$/) {
57f93db1 299 $ct = 'image/png';
0ebf2fa8 300 $nocomp = 1;
e88a5cde
DM		 301 } elsif ($filename =~ m/\.ico$/) {
302 $ct = 'image/x-icon';
303 $nocomp = 1;
f91072d5 304 } elsif ($filename =~ m/\.gif$/) {
57f93db1 305 $ct = 'image/gif';
0ebf2fa8 306 $nocomp = 1;
f91072d5 307 } elsif ($filename =~ m/\.jar$/) {
57f93db1 308 $ct = 'application/java-archive';
a49706cb 309 $nocomp = 1;
57f93db1
DM		 310 } else {
311 die "unable to detect content type";
312 }
313
314 my $header = HTTP::Headers->new(Content_Type => $ct);
f91072d5 315 my $resp = HTTP::Response->new(200, "OK", $header, $data);
0ebf2fa8 316 $self->response($reqstate, $resp, $mtime, $nocomp);
57f93db1
DM		 317 };
318 if (my $err = $@) {
319 $self->error($reqstate, 501, $err);
320 }
321 };
f91072d5 322
57f93db1
DM		 323 warn $@ if $@;
324}
325
326sub proxy_request {
d06a1c62 327 my ($self, $reqstate, $clientip, $host, $method, $uri, $ticket, $token, $params) = @_;
57f93db1
DM		 328
329 eval {
330 my $target;
5a68b2b2 331 my $keep_alive = 1;
57f93db1 332 if ($host eq 'localhost') {
d06a1c62 333 $target = "http://$host:85$uri";
5a68b2b2
DM		 334 # keep alive for localhost is not worth (connection setup is about 0.2ms)
335 $keep_alive = 0;
57f93db1 336 } else {
d06a1c62 337 $target = "https://$host:8006$uri";
57f93db1
DM		 338 }
339
340 my $headers = {
341 PVEDisableProxy => 'true',
342 PVEClientIP => $clientip,
343 };
344
57f93db1
DM		 345 $headers->{'cookie'} = PVE::REST::create_auth_cookie($ticket) if $ticket;
346 $headers->{'CSRFPreventionToken'} = $token if $token;
5c495833 347 $headers->{'Accept-Encoding'} = 'gzip' if $reqstate->{accept_gzip};
57f93db1
DM		 348
349 my $content;
350
351 if ($method eq 'POST' || $method eq 'PUT') {
352 $headers->{'Content-Type'} = 'application/x-www-form-urlencoded';
d06a1c62 353 # use URI object to format application/x-www-form-urlencoded content.
57f93db1
DM		 354 my $url = URI->new('http:');
355 $url->query_form(%$params);
356 $content = $url->query;
357 if (defined($content)) {
358 $headers->{'Content-Length'} = length($content);
359 }
360 }
361
57f93db1 362 my $w; $w = http_request(
f91072d5
DM		 363 $method => $target,
364 headers => $headers,
365 timeout => 30,
353fef24 366 recurse => 0,
139cb2da 367 proxy => undef, # avoid use of $ENV{HTTP_PROXY}
5a68b2b2 368 keepalive => $keep_alive,
f91072d5 369 body => $content,
353fef24 370 tls_ctx => $self->{tls_ctx},
57f93db1
DM		 371 sub {
372 my ($body, $hdr) = @_;
373
374 undef $w;
f91072d5 375
17c8ec64
DM		 376 if (!$reqstate->{hdl}) {
377 warn "proxy detected vanished client connection\n";
378 return;
379 }
380
57f93db1
DM		 381 eval {
382 my $code = delete $hdr->{Status};
383 my $msg = delete $hdr->{Reason};
384 delete $hdr->{URL};
385 delete $hdr->{HTTPVersion};
386 my $header = HTTP::Headers->new(%$hdr);
387 my $resp = HTTP::Response->new($code, $msg, $header, $body);
5c495833 388 # Note: disable compression, because body is already compressed
57f93db1
DM		 389 $self->response($reqstate, $resp, undef, 1);
390 };
391 warn $@ if $@;
392 });
393 };
394 warn $@ if $@;
395}
396
d06a1c62
DM		 397# return arrays as \0 separated strings (like CGI.pm)
398sub decode_urlencoded {
399 my ($data) = @_;
400
401 my $res = {};
402
403 return $res if !$data;
404
405 foreach my $kv (split(/[\&\;]/, $data)) {
406 my ($k, $v) = split(/=/, $kv);
407 $k =~s/\+/ /g;
408 $k =~ s/%([0-9a-fA-F][0-9a-fA-F])/chr(hex($1))/eg;
409 $v =~s/\+/ /g;
410 $v =~ s/%([0-9a-fA-F][0-9a-fA-F])/chr(hex($1))/eg;
411
412 if (defined(my $old = $res->{$k})) {
413 $res->{$k} = "$old\0$v";
414 } else {
415 $res->{$k} = $v;
416 }
417 }
418 return $res;
419}
420
f6c357cf 421sub extract_params {
57f93db1
DM		 422 my ($r, $method) = @_;
423
d06a1c62 424 my $params = {};
57f93db1
DM		 425
426 if ($method eq 'PUT' || $method eq 'POST') {
d06a1c62 427 $params = decode_urlencoded($r->content);
57f93db1
DM		 428 }
429
d06a1c62 430 my $query_params = decode_urlencoded($r->url->query());
57f93db1
DM		 431
432 foreach my $k (keys %{$query_params}) {
433 $params->{$k} = $query_params->{$k};
434 }
435
436 return PVE::Tools::decode_utf8_parameters($params);
f6c357cf 437}
57f93db1
DM		 438
439sub handle_api2_request {
d06a1c62 440 my ($self, $reqstate, $auth, $upload_state) = @_;
57f93db1
DM		 441
442 eval {
443 my $r = $reqstate->{request};
444 my $method = $r->method();
445 my $path = $r->uri->path();
446
d06a1c62 447 my ($rel_uri, $format) = split_abs_uri($path);
3ed61033
DM		 448
449 my $formater = PVE::REST::get_formater($format);
450
451 if (!defined($formater)) {
452 $self->error($reqstate, HTTP_NOT_IMPLEMENTED, "no such uri $rel_uri, $format");
57f93db1
DM		 453 return;
454 }
455
d0547f7f 456 #print Dumper($upload_state) if $upload_state;
57f93db1 457
d06a1c62 458 my $rpcenv = $self->{rpcenv};
57f93db1 459
d06a1c62 460 my $params;
57f93db1 461
d06a1c62
DM		 462 if ($upload_state) {
463 $params = $upload_state->{params};
464 } else {
f6c357cf 465 $params = extract_params($r, $method);
d06a1c62 466 }
57f93db1 467
d06a1c62 468 delete $params->{_dc}; # remove disable cache parameter
57f93db1 469
d06a1c62 470 my $clientip = $reqstate->{peer_host};
57f93db1 471
d06a1c62 472 $rpcenv->init_request();
57f93db1 473
d06a1c62 474 my $res = PVE::REST::rest_handler($rpcenv, $clientip, $method, $rel_uri, $auth, $params);
57f93db1 475
23699d1e
DM		 476 AnyEvent->now_update(); # in case somebody called sleep()
477
57f93db1
DM		 478 $rpcenv->set_user(undef); # clear after request
479
40ca6e9c 480 if (my $host = $res->{proxy}) {
57f93db1
DM		 481
482 if ($self->{trusted_env}) {
483 $self->error($reqstate, HTTP_INTERNAL_SERVER_ERROR, "proxy not allowed");
484 return;
f91072d5 485 }
57f93db1 486
40ca6e9c 487 if ($host ne 'localhost' && $r->header('PVEDisableProxy')) {
f2c8b269
DM		 488 $self->error($reqstate, HTTP_INTERNAL_SERVER_ERROR, "proxy loop detected");
489 return;
490 }
491
d06a1c62
DM		 492 $res->{proxy_params}->{tmpfilename} = $reqstate->{tmpfilename} if $upload_state;
493
40ca6e9c 494 $self->proxy_request($reqstate, $clientip, $host, $method,
d06a1c62 495 $r->uri, $auth->{ticket}, $auth->{token}, $res->{proxy_params});
57f93db1
DM		 496 return;
497
498 }
499
8dc1715b
DM		 500 my $delay = 0;
501 if ($res->{status} == HTTP_UNAUTHORIZED) {
502 # always delay unauthorized calls by 3 seconds
503 $delay = 3 - tv_interval($reqstate->{starttime});
504 $delay = 0 if $delay < 0;
505 }
506
3ed61033
DM		 507 if ($res->{info} && $res->{info}->{formater}) {
508 if (defined(my $func = $res->{info}->{formater}->{$format})) {
509 $formater = $func;
510 }
511 }
512
513 my ($raw, $ct, $nocomp) = &$formater($res, $res->{data}, $path, $auth);
514
c9c0cd34
DM		 515 my $resp;
516 if (ref($raw) && (ref($raw) eq 'HTTP::Response')) {
517 $resp = $raw;
518 } else {
519 $resp = HTTP::Response->new($res->{status}, $res->{message});
520 $resp->header("Content-Type" => $ct);
521 $resp->content($raw);
522 }
8dc1715b 523 $self->response($reqstate, $resp, undef, $nocomp, $delay);
57f93db1 524 };
d06a1c62
DM		 525 if (my $err = $@) {
526 $self->error($reqstate, 501, $err);
527 }
57f93db1
DM		 528}
529
33afb29b 530sub handle_spice_proxy_request {
89634434 531 my ($self, $reqstate, $connect_str, $vmid, $node, $spiceport) = @_;
33afb29b
DM		 532
533 eval {
534
f60bd577
AD		 535 die "Port $spiceport is not allowed" if ($spiceport < 61000 || $spiceport > 61099);
536
c3b83ed1
DM		 537 my $rpcenv = $self->{rpcenv};
538 $rpcenv->init_request();
539
f2c8b269
DM		 540 my $clientip = $reqstate->{peer_host};
541 my $r = $reqstate->{request};
542
33afb29b
DM		 543 my $remip;
544
ce429a15 545 if ($node ne 'localhost' && PVE::INotify::nodename() !~ m/^$node$/i) {
33afb29b 546 $remip = PVE::Cluster::remote_node_ip($node);
89634434
DM		 547 die "unable to get remote IP address for node '$node'\n" if !$remip;
548 print "REMOTE CONNECT $vmid, $remip, $connect_str\n" if $self->{debug};
549 } else {
550 print "$$: CONNECT $vmid, $node, $spiceport\n" if $self->{debug};
551 }
33afb29b 552
64363f40 553 if ($remip && $r->header('PVEDisableProxy')) {
f2c8b269
DM		 554 $self->error($reqstate, HTTP_INTERNAL_SERVER_ERROR, "proxy loop detected");
555 return;
556 }
557
33afb29b 558 $reqstate->{hdl}->timeout(0);
89634434 559 $reqstate->{hdl}->wbuf_max(64*10*1024);
33afb29b 560
89634434
DM		 561 my $remhost = $remip ? $remip : "127.0.0.1";
562 my $remport = $remip ? 3128 : $spiceport;
33afb29b 563
89634434 564 tcp_connect $remhost, $remport, sub {
33afb29b 565 my ($fh) = @_
89634434 566 or die "connect to '$remhost:$remport' failed: $!";
33afb29b 567
89634434 568 print "$$: CONNECTed to '$remhost:$remport'\n" if $self->{debug};
33afb29b
DM		 569 $reqstate->{proxyhdl} = AnyEvent::Handle->new(
570 fh => $fh,
571 rbuf_max => 64*1024,
572 wbuf_max => 64*10*1024,
89634434 573 timeout => 5,
33afb29b
DM		 574 on_eof => sub {
575 my ($hdl) = @_;
576 eval {
577 $self->log_aborted_request($reqstate);
578 $self->client_do_disconnect($reqstate);
579 };
580 if (my $err = $@) { syslog('err', $err); }
581 },
582 on_error => sub {
583 my ($hdl, $fatal, $message) = @_;
584 eval {
585 $self->log_aborted_request($reqstate, $message);
586 $self->client_do_disconnect($reqstate);
587 };
588 if (my $err = $@) { syslog('err', "$err"); }
cffad904 589 });
33afb29b 590
89634434 591
cffad904
DM		 592 my $proxyhdlreader = sub {
593 my ($hdl) = @_;
33afb29b 594
cffad904
DM		 595 my $len = length($hdl->{rbuf});
596 my $data = substr($hdl->{rbuf}, 0, $len, '');
597
598 #print "READ1 $len\n";
599 $reqstate->{hdl}->push_write($data) if $reqstate->{hdl};
600 };
601
602 my $hdlreader = sub {
33afb29b
DM		 603 my ($hdl) = @_;
604
605 my $len = length($hdl->{rbuf});
606 my $data = substr($hdl->{rbuf}, 0, $len, '');
607
608 #print "READ0 $len\n";
609 $reqstate->{proxyhdl}->push_write($data) if $reqstate->{proxyhdl};
cffad904
DM		 610 };
611
89634434 612 my $proto = $reqstate->{proto} ? $reqstate->{proto}->{str} : 'HTTP/1.0';
33afb29b 613
89634434
DM		 614 my $startproxy = sub {
615 $reqstate->{proxyhdl}->timeout(0);
616 $reqstate->{proxyhdl}->on_read($proxyhdlreader);
617 $reqstate->{hdl}->on_read($hdlreader);
33afb29b 618
89634434 619 # todo: use stop_read/start_read if write buffer grows to much
33afb29b 620
89634434
DM		 621 my $res = "$proto 200 OK\015\012"; # hope this is the right answer?
622 $reqstate->{hdl}->push_write($res);
623
624 # log early
625 $reqstate->{log}->{code} = 200;
626 $self->log_request($reqstate);
627 };
628
629 if ($remip) {
630 my $header = "CONNECT ${connect_str} $proto\015\012" .
631 "Host: ${connect_str}\015\012" .
632 "Proxy-Connection: keep-alive\015\012" .
633 "User-Agent: spiceproxy\015\012" .
f2c8b269
DM		 634 "PVEDisableProxy: true\015\012" .
635 "PVEClientIP: $clientip\015\012" .
89634434 636 "\015\012";
f2c8b269 637
89634434
DM		 638 $reqstate->{proxyhdl}->push_write($header);
639 $reqstate->{proxyhdl}->push_read(line => sub {
640 my ($hdl, $line) = @_;
641
642 if ($line =~ m!^$proto 200 OK$!) {
643 &$startproxy();
644 } else {
645 $reqstate->{hdl}->push_write($line);
646 $self->client_do_disconnect($reqstate);
647 }
648 });
649 } else {
650 &$startproxy();
651 }
8d5310c1 652
33afb29b
DM		 653 };
654 };
655 if (my $err = $@) {
94c803f4 656 warn $err;
33afb29b
DM		 657 $self->log_aborted_request($reqstate, $err);
658 $self->client_do_disconnect($reqstate);
659 }
660}
661
57f93db1 662sub handle_request {
d06a1c62 663 my ($self, $reqstate, $auth) = @_;
57f93db1
DM		 664
665 eval {
666 my $r = $reqstate->{request};
667 my $method = $r->method();
668 my $path = $r->uri->path();
23699d1e
DM		 669
670 # disable timeout on handle (we already have all data we need)
671 # we re-enable timeout in response()
672 $reqstate->{hdl}->timeout(0);
57f93db1 673
d06a1c62
DM		 674 if ($path =~ m!$baseuri!) {
675 $self->handle_api2_request($reqstate, $auth);
57f93db1
DM		 676 return;
677 }
678
679 if ($self->{pages} && ($method eq 'GET') && (my $handler = $self->{pages}->{$path})) {
680 if (ref($handler) eq 'CODE') {
d06a1c62
DM		 681 my $params = decode_urlencoded($r->url->query());
682 my ($resp, $userid) = &$handler($self, $reqstate->{request}, $params);
57f93db1
DM		 683 $self->response($reqstate, $resp);
684 } elsif (ref($handler) eq 'HASH') {
685 if (my $filename = $handler->{file}) {
686 my $fh = IO::File->new($filename) ||
687 die "unable to open file '$filename' - $!\n";
688 send_file_start($self, $reqstate, $filename);
689 } else {
690 die "internal error - no handler";
691 }
692 } else {
693 die "internal error - no handler";
694 }
695 return;
f91072d5 696 }
57f93db1
DM		 697
698 if ($self->{dirs} && ($method eq 'GET')) {
699 # we only allow simple names
700 if ($path =~ m!^(/\S+/)([a-zA-Z0-9\-\_\.]+)$!) {
701 my ($subdir, $file) = ($1, $2);
702 if (my $dir = $self->{dirs}->{$subdir}) {
703 my $filename = "$dir$file";
704 my $fh = IO::File->new($filename) ||
705 die "unable to open file '$filename' - $!\n";
706 send_file_start($self, $reqstate, $filename);
707 return;
708 }
709 }
710 }
711
712 die "no such file '$path'";
713 };
714 if (my $err = $@) {
715 $self->error($reqstate, 501, $err);
716 }
717}
718
d06a1c62
DM		 719sub file_upload_multipart {
720 my ($self, $reqstate, $auth, $rstate) = @_;
721
722 eval {
723 my $boundary = $rstate->{boundary};
724 my $hdl = $reqstate->{hdl};
725
726 my $startlen = length($hdl->{rbuf});
727
728 if ($rstate->{phase} == 0) { # skip everything until start
729 if ($hdl->{rbuf} =~ s/^.*?--\Q$boundary\E \015?\012
730 ((?:[^\015]+\015\012)* ) \015?\012//xs) {
731 my $header = $1;
732 my ($ct, $disp, $name, $filename);
733 foreach my $line (split(/\015?\012/, $header)) {
734 # assume we have single line headers
735 if ($line =~ m/^Content-Type\s*:\s*(.*)/i) {
736 $ct = parse_content_type($1);
737 } elsif ($line =~ m/^Content-Disposition\s*:\s*(.*)/i) {
738 ($disp, $name, $filename) = parse_content_disposition($1);
739 }
740 }
741
742 if (!($disp && $disp eq 'form-data' && $name)) {
a81182b0 743 syslog('err', "wrong content disposition in multipart - abort upload");
d06a1c62
DM		 744 $rstate->{phase} = -1;
745 } else {
746
747 $rstate->{fieldname} = $name;
748
a81182b0
DM		 749 if ($filename) {
750 if ($name eq 'filename') {
751 # found file upload data
752 $rstate->{phase} = 1;
753 $rstate->{filename} = $filename;
754 } else {
755 syslog('err', "wrong field name for file upload - abort upload");
756 $rstate->{phase} = -1;
757 }
758 } else {
d06a1c62
DM		 759 # found form data for field $name
760 $rstate->{phase} = 2;
d06a1c62
DM		 761 }
762 }
763 } else {
764 my $len = length($hdl->{rbuf});
765 substr($hdl->{rbuf}, 0, $len - $rstate->{maxheader}, '')
766 if $len > $rstate->{maxheader}; # skip garbage
767 }
768 } elsif ($rstate->{phase} == 1) { # inside file - dump until end marker
769 if ($hdl->{rbuf} =~ s/^(.*?)\015?\012(--\Q$boundary\E(--)? \015?\012(.*))$/$2/xs) {
770 my ($rest, $eof) = ($1, $3);
771 my $len = length($rest);
772 die "write to temporary file failed - $!"
773 if syswrite($rstate->{outfh}, $rest) != $len;
774 $rstate->{ctx}->add($rest);
775 $rstate->{params}->{filename} = $rstate->{filename};
776 $rstate->{md5sum} = $rstate->{ctx}->hexdigest;
777 $rstate->{bytes} += $len;
778 $rstate->{phase} = $eof ? 100 : 0;
779 } else {
780 my $len = length($hdl->{rbuf});
781 my $wlen = $len - $rstate->{boundlen};
782 if ($wlen > 0) {
2c32df36 783 my $data = substr($hdl->{rbuf}, 0, $wlen, '');
d06a1c62
DM		 784 die "write to temporary file failed - $!"
785 if syswrite($rstate->{outfh}, $data) != $wlen;
786 $rstate->{bytes} += $wlen;
787 $rstate->{ctx}->add($data);
788 }
789 }
790 } elsif ($rstate->{phase} == 2) { # inside normal field
791
792 if ($hdl->{rbuf} =~ s/^(.*?)\015?\012(--\Q$boundary\E(--)? \015?\012(.*))$/$2/xs) {
793 my ($rest, $eof) = ($1, $3);
794 my $len = length($rest);
209b203e
DM		 795 $rstate->{post_size} += $len;
796 if ($rstate->{post_size} < $limit_max_post) {
d06a1c62
DM		 797 $rstate->{params}->{$rstate->{fieldname}} = $rest;
798 $rstate->{phase} = $eof ? 100 : 0;
799 } else {
209b203e 800 syslog('err', "form data to large - abort upload");
d06a1c62
DM		 801 $rstate->{phase} = -1; # skip
802 }
803 }
804 } else { # skip
805 my $len = length($hdl->{rbuf});
806 substr($hdl->{rbuf}, 0, $len, ''); # empty rbuf
807 }
808
809 $rstate->{read} += ($startlen - length($hdl->{rbuf}));
810
811 if (!$rstate->{done} && ($rstate->{read} + length($hdl->{rbuf})) >= $rstate->{size}) {
812 $rstate->{done} = 1; # make sure we dont get called twice
813 if ($rstate->{phase} < 0 || !$rstate->{md5sum}) {
f6c357cf 814 die "upload failed\n";
d06a1c62
DM		 815 } else {
816 my $elapsed = tv_interval($rstate->{starttime});
817
818 my $rate = int($rstate->{bytes}/($elapsed*1024*1024));
819 syslog('info', "multipart upload complete " .
2c32df36
DM		 820 "(size: %d time: %ds rate: %.2fMiB/s md5sum: $rstate->{md5sum})",
821 $rstate->{bytes}, $elapsed, $rate);
d06a1c62
DM		 822 $self->handle_api2_request($reqstate, $auth, $rstate);
823 }
824 }
825 };
826 if (my $err = $@) {
2c32df36 827 syslog('err', $err);
d06a1c62
DM		 828 $self->error($reqstate, 501, $err);
829 }
830}
831
832sub parse_content_type {
833 my ($ctype) = @_;
834
835 my ($ct, @params) = split(/\s*[;,]\s*/o, $ctype);
836
837 foreach my $v (@params) {
838 if ($v =~ m/^\s*boundary\s*=\s*(\S+?)\s*$/o) {
839 return wantarray ? ($ct, $1) : $ct;
840 }
841 }
842
843 return wantarray ? ($ct) : $ct;
844}
845
846sub parse_content_disposition {
847 my ($line) = @_;
848
849 my ($disp, @params) = split(/\s*[;,]\s*/o, $line);
850 my $name;
851 my $filename;
852
853 foreach my $v (@params) {
854 if ($v =~ m/^\s*name\s*=\s*(\S+?)\s*$/o) {
855 $name = $1;
856 $name =~ s/^"(.*)"$/$1/;
e3110298 857 } elsif ($v =~ m/^\s*filename\s*=\s*(.+?)\s*$/o) {
d06a1c62
DM		 858 $filename = $1;
859 $filename =~ s/^"(.*)"$/$1/;
860 }
861 }
862
863 return wantarray ? ($disp, $name, $filename) : $disp;
864}
865
866my $tmpfile_seq_no = 0;
867
868sub get_upload_filename {
869 # choose unpredictable tmpfile name
870
871 $tmpfile_seq_no++;
872 return "/var/tmp/pveupload-" . Digest::MD5::md5_hex($tmpfile_seq_no . time() . $$);
873}
874
57f93db1
DM		 875sub unshift_read_header {
876 my ($self, $reqstate, $state) = @_;
877
209b203e 878 $state = { size => 0, count => 0 } if !$state;
57f93db1
DM		 879
880 $reqstate->{hdl}->unshift_read(line => sub {
881 my ($hdl, $line) = @_;
882
883 eval {
209b203e
DM		 884 # print "$$: got header: $line\n" if $self->{debug};
885
886 die "to many http header lines\n" if ++$state->{count} >= $limit_max_headers;
887 die "http header too large\n" if ($state->{size} += length($line)) >= $limit_max_header_size;
57f93db1
DM		 888
889 my $r = $reqstate->{request};
890 if ($line eq '') {
891
d06a1c62
DM		 892 my $path = $r->uri->path();
893 my $method = $r->method();
894
57f93db1
DM		 895 $r->push_header($state->{key}, $state->{val})
896 if $state->{key};
897
d06a1c62
DM		 898 if (!$known_methods->{$method}) {
899 my $resp = HTTP::Response->new(HTTP_NOT_IMPLEMENTED, "method '$method' not available");
900 $self->response($reqstate, $resp);
901 return;
902 }
903
57f93db1 904 my $conn = $r->header('Connection');
5c495833
DM		 905 my $accept_enc = $r->header('Accept-Encoding');
906 $reqstate->{accept_gzip} = ($accept_enc && $accept_enc =~ m/gzip/) ? 1 : 0;
57f93db1
DM		 907
908 if ($conn) {
909 $reqstate->{keep_alive} = 0 if $conn =~ m/close/oi;
910 } else {
911 if ($reqstate->{proto}->{ver} < 1001) {
912 $reqstate->{keep_alive} = 0;
913 }
914 }
915
57f93db1 916 my $te = $r->header('Transfer-Encoding');
d06a1c62
DM		 917 if ($te && lc($te) eq 'chunked') {
918 # Handle chunked transfer encoding
919 $self->error($reqstate, 501, "chunked transfer encoding not supported");
920 return;
921 } elsif ($te) {
922 $self->error($reqstate, 501, "Unknown transfer encoding '$te'");
923 return;
924 }
925
57f93db1
DM		 926 my $pveclientip = $r->header('PVEClientIP');
927
f91072d5 928 # fixme: how can we make PVEClientIP header trusted?
57f93db1
DM		 929 if ($self->{trusted_env} && $pveclientip) {
930 $reqstate->{peer_host} = $pveclientip;
931 } else {
932 $r->header('PVEClientIP', $reqstate->{peer_host});
933 }
934
d06a1c62
DM		 935 my $len = $r->header('Content-Length');
936
937 # header processing complete - authenticate now
938
939 my $auth = {};
33afb29b
DM		 940 if ($self->{spiceproxy}) {
941 my $connect_str = $r->header('Host');
8a223d4f 942 my ($vmid, $node, $port) = PVE::AccessControl::verify_spice_connect_url($connect_str);
e1bae24c 943 if (!(defined($vmid) && $node && $port)) {
33afb29b
DM		 944 $self->error($reqstate, HTTP_UNAUTHORIZED, "invalid ticket");
945 return;
946 }
89634434 947 $self->handle_spice_proxy_request($reqstate, $connect_str, $vmid, $node, $port);
33afb29b
DM		 948 return;
949 } elsif ($path =~ m!$baseuri!) {
d06a1c62
DM		 950 my $token = $r->header('CSRFPreventionToken');
951 my $cookie = $r->header('Cookie');
952 my $ticket = PVE::REST::extract_auth_cookie($cookie);
953
954 my ($rel_uri, $format) = split_abs_uri($path);
955 if (!$format) {
956 $self->error($reqstate, HTTP_NOT_IMPLEMENTED, "no such uri");
957 return;
958 }
959
960 eval {
961 $auth = PVE::REST::auth_handler($self->{rpcenv}, $reqstate->{peer_host}, $method,
962 $rel_uri, $ticket, $token);
963 };
964 if (my $err = $@) {
3ed61033
DM		 965 # always delay unauthorized calls by 3 seconds
966 my $delay = 3;
967 if (my $formater = PVE::REST::get_login_formater($format)) {
968 my ($raw, $ct, $nocomp) = &$formater($path, $auth);
969 my $resp;
970 if (ref($raw) && (ref($raw) eq 'HTTP::Response')) {
971 $resp = $raw;
972 } else {
973 $resp = HTTP::Response->new(HTTP_UNAUTHORIZED, "Login Required");
974 $resp->header("Content-Type" => $ct);
975 $resp->content($raw);
976 }
977 $self->response($reqstate, $resp, undef, $nocomp, 3);
978 } else {
979 my $resp = HTTP::Response->new(HTTP_UNAUTHORIZED, $err);
980 $self->response($reqstate, $resp, undef, 0, $delay);
981 }
d06a1c62
DM		 982 return;
983 }
984 }
985
986 $reqstate->{log}->{userid} = $auth->{userid};
987
e66d68a9 988 if ($len) {
d06a1c62
DM		 989
990 if (!($method eq 'PUT' || $method eq 'POST')) {
991 $self->error($reqstate, 501, "Unexpected content for method '$method'");
992 return;
993 }
994
995 my $ctype = $r->header('Content-Type');
d0547f7f 996 my ($ct, $boundary) = parse_content_type($ctype) if $ctype;
d06a1c62
DM		 997
998 if ($auth->{isUpload} && !$self->{trusted_env}) {
999 die "upload 'Content-Type '$ctype' not implemented\n"
d0547f7f 1000 if !($boundary && $ct && ($ct eq 'multipart/form-data'));
d06a1c62
DM		 1001
1002 die "upload without content length header not supported" if !$len;
1003
1004 die "upload without content length header not supported" if !$len;
1005
1006 print "start upload $path $ct $boundary\n" if $self->{debug};
1007
1008 my $tmpfilename = get_upload_filename();
1009 my $outfh = IO::File->new($tmpfilename, O_RDWR|O_CREAT|O_EXCL, 0600) ||
1010 die "unable to create temporary upload file '$tmpfilename'";
1011
1012 $reqstate->{keep_alive} = 0;
1013
1014 my $boundlen = length($boundary) + 8; # \015?\012--$boundary--\015?\012
1015
1016 my $state = {
1017 size => $len,
1018 boundary => $boundary,
1019 ctx => Digest::MD5->new,
1020 boundlen => $boundlen,
1021 maxheader => 2048 + $boundlen, # should be large enough
1022 params => decode_urlencoded($r->url->query()),
1023 phase => 0,
1024 read => 0,
209b203e 1025 post_size => 0,
d06a1c62
DM		 1026 starttime => [gettimeofday],
1027 outfh => $outfh,
1028 };
1029 $reqstate->{tmpfilename} = $tmpfilename;
1030 $reqstate->{hdl}->on_read(sub { $self->file_upload_multipart($reqstate, $auth, $state); });
1031 return;
1032 }
1033
209b203e
DM		 1034 if ($len > $limit_max_post) {
1035 $self->error($reqstate, 501, "for data too large");
1036 return;
1037 }
1038
d06a1c62
DM		 1039 if (!$ct || $ct eq 'application/x-www-form-urlencoded') {
1040 $reqstate->{hdl}->unshift_read(chunk => $len, sub {
1041 my ($hdl, $data) = @_;
1042 $r->content($data);
1043 $self->handle_request($reqstate, $auth);
1044 });
1045 } else {
1046 $self->error($reqstate, 506, "upload 'Content-Type '$ctype' not implemented");
1047 }
57f93db1 1048 } else {
d06a1c62 1049 $self->handle_request($reqstate, $auth);
57f93db1
DM		 1050 }
1051 } elsif ($line =~ /^([^:\s]+)\s*:\s*(.*)/) {
1052 $r->push_header($state->{key}, $state->{val}) if $state->{key};
1053 ($state->{key}, $state->{val}) = ($1, $2);
1054 $self->unshift_read_header($reqstate, $state);
1055 } elsif ($line =~ /^\s+(.*)/) {
1056 $state->{val} .= " $1";
1057 $self->unshift_read_header($reqstate, $state);
1058 } else {
1059 $self->error($reqstate, 506, "unable to parse request header");
1060 }
1061 };
1062 warn $@ if $@;
1063 });
1064};
1065
1066sub push_request_header {
1067 my ($self, $reqstate) = @_;
1068
1069 eval {
1070 $reqstate->{hdl}->push_read(line => sub {
1071 my ($hdl, $line) = @_;
1072
1073 eval {
89634434 1074 # print "got request header: $line\n" if $self->{debug};
f91072d5 1075
57f93db1
DM		 1076 $reqstate->{keep_alive}--;
1077
1078 if ($line =~ /(\S+)\040(\S+)\040HTTP\/(\d+)\.(\d+)/o) {
9195c8f9 1079 my ($method, $url, $maj, $min) = ($1, $2, $3, $4);
57f93db1
DM		 1080
1081 if ($maj != 1) {
1082 $self->error($reqstate, 506, "http protocol version $maj.$min not supported");
1083 return;
1084 }
1085
1086 $self->{request_count}++; # only count valid request headers
1087 if ($self->{request_count} >= $self->{max_requests}) {
f91072d5 1088 $self->{end_loop} = 1;
57f93db1
DM		 1089 }
1090 $reqstate->{log} = { requestline => $line };
d0547f7f 1091 $reqstate->{proto}->{str} = "HTTP/$maj.$min";
57f93db1
DM		 1092 $reqstate->{proto}->{maj} = $maj;
1093 $reqstate->{proto}->{min} = $min;
1094 $reqstate->{proto}->{ver} = $maj*1000+$min;
9195c8f9 1095 $reqstate->{request} = HTTP::Request->new($method, uri_unescape($url));
8dc1715b 1096 $reqstate->{starttime} = [gettimeofday],
57f93db1
DM		 1097
1098 $self->unshift_read_header($reqstate);
1099 } elsif ($line eq '') {
1100 # ignore empty lines before requests (browser bugs?)
1101 $self->push_request_header($reqstate);
1102 } else {
1103 $self->error($reqstate, 400, 'bad request');
1104 }
1105 };
1106 warn $@ if $@;
1107 });
1108 };
1109 warn $@ if $@;
1110}
1111
1112sub accept {
1113 my ($self) = @_;
1114
1115 my $clientfh;
1116
1117 return if $self->{end_loop};
1118
1119 # we need to m make sure that only one process calls accept
1120 while (!flock($self->{lockfh}, Fcntl::LOCK_EX())) {
1121 next if $! == EINTR;
1122 die "could not get lock on file '$self->{lockfile}' - $!\n";
1123 }
1124
1125 my $again = 0;
1126 my $errmsg;
1127 eval {
1128 while (!$self->{end_loop} &&
1129 !defined($clientfh = $self->{socket}->accept()) &&
1130 ($! == EINTR)) {};
1131
1132 if ($self->{end_loop}) {
1133 $again = 0;
1134 } else {
1135 $again = ($! == EAGAIN || $! == WSAEWOULDBLOCK);
1136 if (!defined($clientfh)) {
1137 $errmsg = "failed to accept connection: $!\n";
1138 }
1139 }
1140 };
1141 warn $@ if $@;
1142
1143 flock($self->{lockfh}, Fcntl::LOCK_UN());
1144
1145 if (!defined($clientfh)) {
1146 return if $again;
1147 die $errmsg if $errmsg;
1148 }
1149
f91072d5 1150 fh_nonblocking $clientfh, 1;
57f93db1
DM		 1151
1152 $self->{conn_count}++;
1153
57f93db1
DM		 1154 return $clientfh;
1155}
1156
1157sub wait_end_loop {
1158 my ($self) = @_;
1159
1160 $self->{end_loop} = 1;
1161
1162 undef $self->{socket_watch};
f91072d5 1163
57f93db1
DM		 1164 if ($self->{conn_count} <= 0) {
1165 $self->{end_cond}->send(1);
1166 return;
1167 }
1168
1169 # else we need to wait until all open connections gets closed
1170 my $w; $w = AnyEvent->timer (after => 1, interval => 1, cb => sub {
1171 eval {
f91072d5 1172 # todo: test for active connections instead (we can abort idle connections)
57f93db1
DM		 1173 if ($self->{conn_count} <= 0) {
1174 undef $w;
1175 $self->{end_cond}->send(1);
1176 }
1177 };
1178 warn $@ if $@;
1179 });
1180}
f91072d5 1181
a908636e
DM		 1182
1183sub check_host_access {
1184 my ($self, $clientip) = @_;
1185
1186 my $cip = Net::IP->new($clientip);
1187
1188 my $match_allow = 0;
1189 my $match_deny = 0;
1190
1191 if ($self->{allow_from}) {
1192 foreach my $t (@{$self->{allow_from}}) {
1193 if ($t->overlaps($cip)) {
1194 $match_allow = 1;
1195 last;
1196 }
1197 }
1198 }
1199
1200 if ($self->{deny_from}) {
1201 foreach my $t (@{$self->{deny_from}}) {
1202 if ($t->overlaps($cip)) {
1203 $match_deny = 1;
1204 last;
1205 }
1206 }
1207 }
1208
1209 if ($match_allow == $match_deny) {
1210 # match both allow and deny, or no match
1211 return $self->{policy} && $self->{policy} eq 'allow' ? 1 : 0;
1212 }
1213
1214 return $match_allow;
1215}
1216
57f93db1
DM		 1217sub accept_connections {
1218 my ($self) = @_;
1219
1220 eval {
1221
1222 while (my $clientfh = $self->accept()) {
1223
1224 my $reqstate = { keep_alive => $self->{keep_alive} };
1225
02667982
DM		 1226 # stop keep-alive when there are many open connections
1227 if ($self->{conn_count} >= $self->{max_conn_soft_limit}) {
1228 $reqstate->{keep_alive} = 0;
1229 }
1230
57f93db1
DM		 1231 if (my $sin = getpeername($clientfh)) {
1232 my ($pport, $phost) = Socket::unpack_sockaddr_in($sin);
1233 ($reqstate->{peer_port}, $reqstate->{peer_host}) = ($pport, Socket::inet_ntoa($phost));
1234 }
1235
a908636e
DM		 1236 if (!$self->{trusted_env} && !$self->check_host_access($reqstate->{peer_host})) {
1237 print "$$: ABORT request from $reqstate->{peer_host} - access denied\n" if $self->{debug};
1238 $reqstate->{log}->{code} = 403;
1239 $self->log_request($reqstate);
1240 next;
1241 }
1242
57f93db1
DM		 1243 $reqstate->{hdl} = AnyEvent::Handle->new(
1244 fh => $clientfh,
d06a1c62 1245 rbuf_max => 64*1024,
57f93db1
DM		 1246 timeout => $self->{timeout},
1247 linger => 0, # avoid problems with ssh - really needed ?
1248 on_eof => sub {
1249 my ($hdl) = @_;
1250 eval {
1251 $self->log_aborted_request($reqstate);
1252 $self->client_do_disconnect($reqstate);
1253 };
1254 if (my $err = $@) { syslog('err', $err); }
1255 },
f91072d5 1256 on_error => sub {
57f93db1
DM		 1257 my ($hdl, $fatal, $message) = @_;
1258 eval {
1259 $self->log_aborted_request($reqstate, $message);
1260 $self->client_do_disconnect($reqstate);
1261 };
1262 if (my $err = $@) { syslog('err', "$err"); }
1263 },
1264 ($self->{tls_ctx} ? (tls => "accept", tls_ctx => $self->{tls_ctx}) : ()));
1265
f91072d5 1266 print "$$: ACCEPT FH" . $clientfh->fileno() . " CONN$self->{conn_count}\n" if $self->{debug};
57f93db1
DM		 1267
1268 $self->push_request_header($reqstate);
1269 }
1270 };
1271
1272 if (my $err = $@) {
1273 syslog('err', $err);
1274 $self->{end_loop} = 1;
1275 }
1276
1277 $self->wait_end_loop() if $self->{end_loop};
1278}
1279
c2e9823c
DM		 1280# Note: We can't open log file in non-blocking mode and use AnyEvent::Handle,
1281# because we write from multiple processes, and that would arbitrarily mix output
f91072d5 1282# of all processes.
57f93db1
DM		 1283sub open_access_log {
1284 my ($self, $filename) = @_;
1285
1286 my $old_mask = umask(0137);;
1287 my $logfh = IO::File->new($filename, ">>") ||
1288 die "unable to open log file '$filename' - $!\n";
1289 umask($old_mask);
1290
c2e9823c
DM		 1291 $logfh->autoflush(1);
1292
1293 $self->{logfh} = $logfh;
1294}
1295
1296sub write_log {
1297 my ($self, $data) = @_;
1298
1299 return if !defined($self->{logfh}) || !$data;
1300
1301 my $res = $self->{logfh}->print($data);
1302
1303 if (!$res) {
1304 delete $self->{logfh};
1305 syslog('err', "error writing access log");
1306 $self->{end_loop} = 1; # terminate asap
1307 }
57f93db1
DM		 1308}
1309
353fef24
DM		 1310sub atfork_handler {
1311 my ($self) = @_;
1312
1313 eval {
1314 # something else do to ?
1315 close($self->{socket});
1316 };
1317 warn $@ if $@;
1318}
1319
57f93db1
DM		 1320sub new {
1321 my ($this, %args) = @_;
1322
1323 my $class = ref($this) || $this;
1324
d804d82f 1325 foreach my $req (qw(base_handler_class socket lockfh lockfile)) {
57f93db1
DM		 1326 die "misssing required argument '$req'" if !defined($args{$req});
1327 }
1328
1329 my $self = bless { %args }, $class;
1330
d804d82f
DM		 1331 PVE::REST::set_base_handler_class($self->{base_handler_class});
1332
f91072d5
DM		 1333 # init inotify
1334 PVE::INotify::inotify_init();
1335
f91072d5 1336 $self->{rpcenv} = PVE::RPCEnvironment->init(
353fef24 1337 $self->{trusted_env} ? 'priv' : 'pub', atfork => sub { $self-> atfork_handler() });
f91072d5 1338
57f93db1
DM		 1339 fh_nonblocking($self->{socket}, 1);
1340
1341 $self->{end_loop} = 0;
1342 $self->{conn_count} = 0;
1343 $self->{request_count} = 0;
1344 $self->{timeout} = 5 if !$self->{timeout};
1345 $self->{keep_alive} = 0 if !defined($self->{keep_alive});
1346 $self->{max_conn} = 800 if !$self->{max_conn};
1347 $self->{max_requests} = 8000 if !$self->{max_requests};
1348
a908636e
DM		 1349 $self->{policy} = 'allow' if !$self->{policy};
1350
57f93db1
DM		 1351 $self->{end_cond} = AnyEvent->condvar;
1352
1353 if ($self->{ssl}) {
f91072d5 1354 $self->{tls_ctx} = AnyEvent::TLS->new(%{$self->{ssl}});
943776b0 1355 Net::SSLeay::CTX_set_options($self->{tls_ctx}->{ctx}, &Net::SSLeay::OP_NO_COMPRESSION);
57f93db1
DM		 1356 }
1357
33afb29b
DM		 1358 if ($self->{spiceproxy}) {
1359 $known_methods = { CONNECT => 1 };
1360 }
1361
57f93db1 1362 $self->open_access_log($self->{logfile}) if $self->{logfile};
f91072d5 1363
02667982
DM		 1364 $self->{max_conn_soft_limit} = $self->{max_conn} > 100 ? $self->{max_conn} - 20 : $self->{max_conn};
1365
57f93db1
DM		 1366 $self->{socket_watch} = AnyEvent->io(fh => $self->{socket}, poll => 'r', cb => sub {
1367 eval {
1368 if ($self->{conn_count} >= $self->{max_conn}) {
1369 my $w; $w = AnyEvent->timer (after => 1, interval => 1, cb => sub {
1370 if ($self->{conn_count} < $self->{max_conn}) {
1371 undef $w;
1372 $self->accept_connections();
1373 }
1374 });
1375 } else {
1376 $self->accept_connections();
f91072d5 1377 }
57f93db1
DM		 1378 };
1379 warn $@ if $@;
1380 });
1381
1382 $self->{term_watch} = AnyEvent->signal(signal => "TERM", cb => sub {
1383 undef $self->{term_watch};
1384 $self->wait_end_loop();
1385 });
1386
f91072d5 1387 $self->{quit_watch} = AnyEvent->signal(signal => "QUIT", cb => sub {
57f93db1
DM		 1388 undef $self->{quit_watch};
1389 $self->wait_end_loop();
1390 });
1391
f91072d5
DM		 1392 $self->{inotify_poll} = AnyEvent->timer(after => 5, interval => 5, cb => sub {
1393 PVE::INotify::poll(); # read inotify events
1394 });
1395
57f93db1
DM		 1396 return $self;
1397}
1398
1399sub run {
1400 my ($self) = @_;
1401
1402 $self->{end_cond}->recv;
1403}
1404
14051;
The Proxmox VE Management API and Web UI