op public repos

Blame

Date:: Tue Aug 31 11:21:37 2021 UTC
Message:: fmt
Actions:: History | Blob | Raw File
  1 8d1b399b 2021-07-22 op /*
  2 8d1b399b 2021-07-22 op  * Copyright (c) 2021 Omar Polo <op@omarpolo.com>
  3 8d1b399b 2021-07-22 op  * Copyright (c) 2018 Florian Obser <florian@openbsd.org>
  4 8d1b399b 2021-07-22 op  * Copyright (c) 2004, 2005 Claudio Jeker <claudio@openbsd.org>
  5 8d1b399b 2021-07-22 op  * Copyright (c) 2004 Esben Norby <norby@openbsd.org>
  6 8d1b399b 2021-07-22 op  * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
  7 8d1b399b 2021-07-22 op  *
  8 8d1b399b 2021-07-22 op  * Permission to use, copy, modify, and distribute this software for any
  9 8d1b399b 2021-07-22 op  * purpose with or without fee is hereby granted, provided that the above
 10 8d1b399b 2021-07-22 op  * copyright notice and this permission notice appear in all copies.
 11 8d1b399b 2021-07-22 op  *
 12 8d1b399b 2021-07-22 op  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 13 8d1b399b 2021-07-22 op  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 14 8d1b399b 2021-07-22 op  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 15 8d1b399b 2021-07-22 op  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 16 8d1b399b 2021-07-22 op  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 17 8d1b399b 2021-07-22 op  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 18 8d1b399b 2021-07-22 op  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 19 8d1b399b 2021-07-22 op  */
 20 8d1b399b 2021-07-22 op 
 21 8d1b399b 2021-07-22 op #include "compat.h"
 22 8d1b399b 2021-07-22 op 
 23 8d1b399b 2021-07-22 op #include <sys/socket.h>
 24 8d1b399b 2021-07-22 op 
 25 8850afbc 2021-07-25 op #include <endian.h>
 26 8d1b399b 2021-07-22 op #include <errno.h>
 27 8d1b399b 2021-07-22 op #include <inttypes.h>
 28 8d1b399b 2021-07-22 op #include <pwd.h>
 29 8d1b399b 2021-07-22 op #include <signal.h>
 30 8d1b399b 2021-07-22 op #include <stdio.h>
 31 8d1b399b 2021-07-22 op #include <stdlib.h>
 32 8d1b399b 2021-07-22 op #include <string.h>
 33 8d1b399b 2021-07-22 op #include <syslog.h>
 34 8d1b399b 2021-07-22 op #include <unistd.h>
 35 8d1b399b 2021-07-22 op 
 36 8d1b399b 2021-07-22 op #include "control.h"
 37 8d1b399b 2021-07-22 op #include "kamid.h"
 38 8d1b399b 2021-07-22 op #include "listener.h"
 39 8d1b399b 2021-07-22 op #include "log.h"
 40 8d1b399b 2021-07-22 op #include "sandbox.h"
 41 8d1b399b 2021-07-22 op #include "utils.h"
 42 8d1b399b 2021-07-22 op 
 43 8d1b399b 2021-07-22 op static struct kd_conf	*listener_conf;
 44 8d1b399b 2021-07-22 op static struct imsgev	*iev_main;
 45 8d1b399b 2021-07-22 op 
 46 8d1b399b 2021-07-22 op static void	listener_sig_handler(int, short, void *);
 47 06a84967 2021-07-22 op ATTR_DEAD void	listener_shutdown(void);
 48 8d1b399b 2021-07-22 op 
 49 8d1b399b 2021-07-22 op SPLAY_HEAD(clients_tree_id, client) clients;
 50 8d1b399b 2021-07-22 op 
 51 8d1b399b 2021-07-22 op struct client {
 52 8d1b399b 2021-07-22 op 	uint32_t		 id;
 53 0ca6718e 2021-07-22 op 	uint32_t		 lid;
 54 aeb5a578 2021-07-28 op 	uint32_t		 msize;
 55 8d1b399b 2021-07-22 op 	int			 fd;
 56 8d1b399b 2021-07-22 op 	int			 done;
 57 8d1b399b 2021-07-22 op 	struct tls		*ctx;
 58 8d1b399b 2021-07-22 op 	struct event		 event;
 59 8d1b399b 2021-07-22 op 	struct imsgev		 iev;
 60 8d1b399b 2021-07-22 op 	struct bufferevent	*bev;
 61 8d1b399b 2021-07-22 op 	SPLAY_ENTRY(client)	 sp_entry;
 62 8d1b399b 2021-07-22 op };
 63 8d1b399b 2021-07-22 op 
 64 8d1b399b 2021-07-22 op static void	listener_imsg_event_add(struct imsgev *, void *);
 65 8d1b399b 2021-07-22 op static void	listener_dispatch_client(int, short, void *);
 66 8d1b399b 2021-07-22 op static int	listener_imsg_compose_client(struct client *, int,
 67 8d1b399b 2021-07-22 op     uint32_t, const void *, uint16_t);
 68 8d1b399b 2021-07-22 op 
 69 8d1b399b 2021-07-22 op static void	apply_config(struct kd_conf *);
 70 8d1b399b 2021-07-22 op static void	handle_accept(int, short, void *);
 71 8d1b399b 2021-07-22 op 
 72 8d1b399b 2021-07-22 op static void	handle_handshake(int, short, void *);
 73 8d1b399b 2021-07-22 op static void	client_read(struct bufferevent *, void *);
 74 8d1b399b 2021-07-22 op static void	client_write(struct bufferevent *, void *);
 75 8d1b399b 2021-07-22 op static void	client_error(struct bufferevent *, short, void *);
 76 8d1b399b 2021-07-22 op static void	client_tls_readcb(int, short, void *);
 77 8d1b399b 2021-07-22 op static void	client_tls_writecb(int, short, void *);
 78 8d1b399b 2021-07-22 op static void	close_conn(struct client *);
 79 8d1b399b 2021-07-22 op static void	handle_close(int, short, void *);
 80 8d1b399b 2021-07-22 op 
 81 8d1b399b 2021-07-22 op static inline int
 82 8d1b399b 2021-07-22 op clients_tree_cmp(struct client *a, struct client *b)
 83 8d1b399b 2021-07-22 op {
 84 8d1b399b 2021-07-22 op 	if (a->id == b->id)
 85 8d1b399b 2021-07-22 op 		return 0;
 86 8d1b399b 2021-07-22 op 	else if (a->id < b->id)
 87 8d1b399b 2021-07-22 op 		return -1;
 88 8d1b399b 2021-07-22 op 	else
 89 8d1b399b 2021-07-22 op 		return +1;
 90 8d1b399b 2021-07-22 op }
 91 8d1b399b 2021-07-22 op 
 92 8d1b399b 2021-07-22 op SPLAY_PROTOTYPE(clients_tree_id, client, sp_entry, clients_tree_cmp);
 93 8d1b399b 2021-07-22 op SPLAY_GENERATE(clients_tree_id, client, sp_entry, clients_tree_cmp)
 94 8d1b399b 2021-07-22 op 
 95 8d1b399b 2021-07-22 op static void
 96 8d1b399b 2021-07-22 op listener_sig_handler(int sig, short event, void *d)
 97 8d1b399b 2021-07-22 op {
 98 8d1b399b 2021-07-22 op 	/*
 99 8d1b399b 2021-07-22 op 	 * Normal signal handler rules don't apply because libevent
100 8d1b399b 2021-07-22 op 	 * decouples for us.
101 8d1b399b 2021-07-22 op 	 */
102 8d1b399b 2021-07-22 op 
103 8d1b399b 2021-07-22 op 	switch (sig) {
104 8d1b399b 2021-07-22 op 	case SIGINT:
105 8d1b399b 2021-07-22 op 	case SIGTERM:
106 8d1b399b 2021-07-22 op 		listener_shutdown();
107 8d1b399b 2021-07-22 op 	default:
108 8d1b399b 2021-07-22 op 		fatalx("unexpected signal %d", sig);
109 8d1b399b 2021-07-22 op 	}
110 8d1b399b 2021-07-22 op }
111 8d1b399b 2021-07-22 op 
112 8d1b399b 2021-07-22 op void
113 8d1b399b 2021-07-22 op listener(int debug, int verbose)
114 8d1b399b 2021-07-22 op {
115 8d1b399b 2021-07-22 op 	struct event		 ev_sigint, ev_sigterm;
116 8d1b399b 2021-07-22 op 	struct passwd		*pw;
117 8d1b399b 2021-07-22 op 
118 8d1b399b 2021-07-22 op 	/* listener_conf = config_new_empty(); */
119 8d1b399b 2021-07-22 op 
120 8d1b399b 2021-07-22 op 	log_init(debug, LOG_DAEMON);
121 8d1b399b 2021-07-22 op 	log_setverbose(verbose);
122 8d1b399b 2021-07-22 op 
123 8d1b399b 2021-07-22 op 	if ((pw = getpwnam(KD_USER)) == NULL)
124 8d1b399b 2021-07-22 op 		fatal("getpwnam");
125 8d1b399b 2021-07-22 op 
126 8d1b399b 2021-07-22 op 	if (chroot(pw->pw_dir) == -1)
127 8d1b399b 2021-07-22 op 		fatal("chroot");
128 8d1b399b 2021-07-22 op 	if (chdir("/") == -1)
129 8d1b399b 2021-07-22 op 		fatal("chdir(\"/\")");
130 8d1b399b 2021-07-22 op 
131 8d1b399b 2021-07-22 op 	setproctitle("listener");
132 8d1b399b 2021-07-22 op 	log_procinit("listener");
133 8d1b399b 2021-07-22 op 
134 8d1b399b 2021-07-22 op 	if (setgroups(1, &pw->pw_gid) ||
135 8d1b399b 2021-07-22 op 	    setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) ||
136 8d1b399b 2021-07-22 op 	    setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
137 8d1b399b 2021-07-22 op 		fatal("can't drop privileges");
138 8d1b399b 2021-07-22 op 
139 8d1b399b 2021-07-22 op 	event_init();
140 8d1b399b 2021-07-22 op 
141 8d1b399b 2021-07-22 op 	/* Setup signal handlers(s). */
142 8d1b399b 2021-07-22 op 	signal_set(&ev_sigint, SIGINT, listener_sig_handler, NULL);
143 8d1b399b 2021-07-22 op 	signal_set(&ev_sigterm, SIGTERM, listener_sig_handler, NULL);
144 8d1b399b 2021-07-22 op 
145 8d1b399b 2021-07-22 op 	signal_add(&ev_sigint, NULL);
146 8d1b399b 2021-07-22 op 	signal_add(&ev_sigterm, NULL);
147 8d1b399b 2021-07-22 op 
148 8d1b399b 2021-07-22 op 	signal(SIGPIPE, SIG_IGN);
149 8d1b399b 2021-07-22 op 	signal(SIGHUP, SIG_IGN);
150 8d1b399b 2021-07-22 op 
151 8d1b399b 2021-07-22 op 	/* Setup pipe and event handler to the main process. */
152 8d1b399b 2021-07-22 op 	if ((iev_main = malloc(sizeof(*iev_main))) == NULL)
153 8d1b399b 2021-07-22 op 		fatal(NULL);
154 8d1b399b 2021-07-22 op 
155 8d1b399b 2021-07-22 op 	imsg_init(&iev_main->ibuf, 3);
156 8d1b399b 2021-07-22 op 	iev_main->handler = listener_dispatch_main;
157 8d1b399b 2021-07-22 op 
158 8d1b399b 2021-07-22 op 	/* Setup event handlers. */
159 8d1b399b 2021-07-22 op 	iev_main->events = EV_READ;
160 8d1b399b 2021-07-22 op 	event_set(&iev_main->ev, iev_main->ibuf.fd, iev_main->events,
161 8d1b399b 2021-07-22 op 	    iev_main->handler, iev_main);
162 8d1b399b 2021-07-22 op 	event_add(&iev_main->ev, NULL);
163 8d1b399b 2021-07-22 op 
164 8d1b399b 2021-07-22 op 	sandbox_listener();
165 8d1b399b 2021-07-22 op 	event_dispatch();
166 8d1b399b 2021-07-22 op 	listener_shutdown();
167 8d1b399b 2021-07-22 op }
168 8d1b399b 2021-07-22 op 
169 06a84967 2021-07-22 op ATTR_DEAD void
170 8d1b399b 2021-07-22 op listener_shutdown(void)
171 8d1b399b 2021-07-22 op {
172 8d1b399b 2021-07-22 op 	msgbuf_clear(&iev_main->ibuf.w);
173 8d1b399b 2021-07-22 op 	close(iev_main->ibuf.fd);
174 8d1b399b 2021-07-22 op 
175 8d1b399b 2021-07-22 op 	config_clear(listener_conf);
176 8d1b399b 2021-07-22 op 
177 8d1b399b 2021-07-22 op 	free(iev_main);
178 8d1b399b 2021-07-22 op 
179 8d1b399b 2021-07-22 op 	log_info("listener exiting");
180 8d1b399b 2021-07-22 op 	exit(0);
181 8d1b399b 2021-07-22 op }
182 8d1b399b 2021-07-22 op 
183 8d1b399b 2021-07-22 op static void
184 8d1b399b 2021-07-22 op listener_receive_config(struct imsg *imsg, struct kd_conf **nconf,
185 8d1b399b 2021-07-22 op     struct kd_pki_conf **pki)
186 8d1b399b 2021-07-22 op {
187 8d1b399b 2021-07-22 op 	struct kd_listen_conf *listen;
188 8d1b399b 2021-07-22 op 	char *t;
189 8d1b399b 2021-07-22 op 
190 8d1b399b 2021-07-22 op 	switch (imsg->hdr.type) {
191 8d1b399b 2021-07-22 op 	case IMSG_RECONF_CONF:
192 8d1b399b 2021-07-22 op 		if (*nconf != NULL)
193 8d1b399b 2021-07-22 op 			fatalx("%s: IMSG_RECONF_CONF already in "
194 8d1b399b 2021-07-22 op 			    "progress", __func__);
195 8d1b399b 2021-07-22 op 
196 8d1b399b 2021-07-22 op 		if (listener_conf != NULL)
197 8d1b399b 2021-07-22 op 			fatalx("%s: don't know how reload the "
198 8d1b399b 2021-07-22 op 			    "configuration yet", __func__);
199 8d1b399b 2021-07-22 op 
200 8d1b399b 2021-07-22 op 		if (IMSG_DATA_SIZE(*imsg) != sizeof(struct kd_conf))
201 8d1b399b 2021-07-22 op 			fatalx("%s: IMSG_RECONF_CONF wrong length: %lu",
202 8d1b399b 2021-07-22 op 			    __func__, IMSG_DATA_SIZE(*imsg));
203 8d1b399b 2021-07-22 op 		if ((*nconf = malloc(sizeof(**nconf))) == NULL)
204 8d1b399b 2021-07-22 op 			fatal(NULL);
205 8d1b399b 2021-07-22 op 		memcpy(*nconf, imsg->data, sizeof(**nconf));
206 8d1b399b 2021-07-22 op 		memset(&(*nconf)->pki_head, 0, sizeof((*nconf)->pki_head));
207 8d1b399b 2021-07-22 op 		memset(&(*nconf)->table_head, 0, sizeof((*nconf)->table_head));
208 8d1b399b 2021-07-22 op 		memset(&(*nconf)->listen_head, 0, sizeof((*nconf)->listen_head));
209 8d1b399b 2021-07-22 op 		break;
210 8d1b399b 2021-07-22 op 	case IMSG_RECONF_PKI:
211 8d1b399b 2021-07-22 op 		if (*nconf == NULL)
212 8d1b399b 2021-07-22 op 			fatalx("%s: IMSG_RECONF_PKI without "
213 8d1b399b 2021-07-22 op 			    "IMSG_RECONF_CONF", __func__);
214 8d1b399b 2021-07-22 op 		*pki = xcalloc(1, sizeof(**pki));
215 8d1b399b 2021-07-22 op 		t = imsg->data;
216 8d1b399b 2021-07-22 op 		t[IMSG_DATA_SIZE(*imsg)-1] = '\0';
217 8d1b399b 2021-07-22 op 		strlcpy((*pki)->name, t, sizeof((*pki)->name));
218 8d1b399b 2021-07-22 op 		break;
219 8d1b399b 2021-07-22 op 	case IMSG_RECONF_PKI_CERT:
220 8d1b399b 2021-07-22 op 		if (*pki == NULL)
221 8d1b399b 2021-07-22 op 			fatalx("%s: IMSG_RECONF_PKI_CERT without "
222 8d1b399b 2021-07-22 op 			    "IMSG_RECONF_PKI", __func__);
223 8d1b399b 2021-07-22 op 		(*pki)->certlen = IMSG_DATA_SIZE(*imsg);
224 8d1b399b 2021-07-22 op 		(*pki)->cert = xmemdup(imsg->data, (*pki)->certlen);
225 8d1b399b 2021-07-22 op 		break;
226 8d1b399b 2021-07-22 op 	case IMSG_RECONF_PKI_KEY:
227 8d1b399b 2021-07-22 op 		if (*pki == NULL)
228 8d1b399b 2021-07-22 op 			fatalx("%s: IMSG_RECONF_PKI_KEY without "
229 8d1b399b 2021-07-22 op 			    "IMSG_RECONF_PKI", __func__);
230 8d1b399b 2021-07-22 op 		(*pki)->keylen = IMSG_DATA_SIZE(*imsg);
231 8d1b399b 2021-07-22 op 		(*pki)->key = xmemdup(imsg->data, (*pki)->keylen);
232 c25feded 2021-07-26 op 		STAILQ_INSERT_HEAD(&(*nconf)->pki_head, *pki, entry);
233 8d1b399b 2021-07-22 op 		pki = NULL;
234 8d1b399b 2021-07-22 op 		break;
235 8d1b399b 2021-07-22 op 	case IMSG_RECONF_LISTEN:
236 8d1b399b 2021-07-22 op 		if (*nconf == NULL)
237 8d1b399b 2021-07-22 op 			fatalx("%s: IMSG_RECONF_LISTEN without "
238 8d1b399b 2021-07-22 op 			    "IMSG_RECONF_CONF", __func__);
239 8d1b399b 2021-07-22 op 		if (IMSG_DATA_SIZE(*imsg) != sizeof(*listen))
240 8d1b399b 2021-07-22 op 			fatalx("%s: IMSG_RECONF_LISTEN wrong length: %lu",
241 8d1b399b 2021-07-22 op 			    __func__, IMSG_DATA_SIZE(*imsg));
242 8d1b399b 2021-07-22 op 		listen = xcalloc(1, sizeof(*listen));
243 8d1b399b 2021-07-22 op 		memcpy(listen, imsg->data, sizeof(*listen));
244 8d1b399b 2021-07-22 op 		memset(&listen->entry, 0, sizeof(listen->entry));
245 8d1b399b 2021-07-22 op 		if ((listen->fd = imsg->fd) == -1)
246 8d1b399b 2021-07-22 op 			fatalx("%s: IMSG_RECONF_LISTEN no fd",
247 8d1b399b 2021-07-22 op 			    __func__);
248 8d1b399b 2021-07-22 op 		listen->auth_table = NULL;
249 8d1b399b 2021-07-22 op 		memset(&listen->ev, 0, sizeof(listen->ev));
250 c25feded 2021-07-26 op 		STAILQ_INSERT_HEAD(&(*nconf)->listen_head, listen, entry);
251 8d1b399b 2021-07-22 op 		break;
252 8d1b399b 2021-07-22 op 	case IMSG_RECONF_END:
253 8d1b399b 2021-07-22 op 		if (*nconf == NULL)
254 8d1b399b 2021-07-22 op 			fatalx("%s: IMSG_RECONF_END without "
255 8d1b399b 2021-07-22 op 			    "IMSG_RECONF_CONF", __func__);
256 8d1b399b 2021-07-22 op 		/* merge_config(listener_conf, nconf); */
257 8d1b399b 2021-07-22 op 		apply_config(*nconf);
258 8d1b399b 2021-07-22 op 		*nconf = NULL;
259 8d1b399b 2021-07-22 op 		break;
260 8d1b399b 2021-07-22 op 	}
261 8d1b399b 2021-07-22 op }
262 fccfa871 2021-07-23 op 
263 fccfa871 2021-07-23 op static inline struct kd_listen_conf *
264 fccfa871 2021-07-23 op listen_by_id(uint32_t id)
265 fccfa871 2021-07-23 op {
266 fccfa871 2021-07-23 op 	struct kd_listen_conf *l;
267 8d1b399b 2021-07-22 op 
268 c25feded 2021-07-26 op 	STAILQ_FOREACH(l, &listener_conf->listen_head, entry) {
269 fccfa871 2021-07-23 op 		if (l->id == id)
270 fccfa871 2021-07-23 op 			return l;
271 fccfa871 2021-07-23 op 	}
272 fccfa871 2021-07-23 op 	return NULL;
273 fccfa871 2021-07-23 op }
274 fccfa871 2021-07-23 op 
275 8d1b399b 2021-07-22 op void
276 8d1b399b 2021-07-22 op listener_dispatch_main(int fd, short event, void *d)
277 8d1b399b 2021-07-22 op {
278 8d1b399b 2021-07-22 op 	static struct kd_conf		*nconf;
279 8d1b399b 2021-07-22 op 	static struct kd_pki_conf	*pki;
280 fccfa871 2021-07-23 op 	struct kd_listen_conf		*listen;
281 8d1b399b 2021-07-22 op 	struct client			*client, find;
282 8d1b399b 2021-07-22 op 	struct imsg			 imsg;
283 8d1b399b 2021-07-22 op 	struct imsgev			*iev = d;
284 8d1b399b 2021-07-22 op 	struct imsgbuf			*ibuf;
285 8d1b399b 2021-07-22 op 	ssize_t				 n;
286 8d1b399b 2021-07-22 op 	int				 shut = 0;
287 8d1b399b 2021-07-22 op 
288 8d1b399b 2021-07-22 op 	ibuf = &iev->ibuf;
289 8d1b399b 2021-07-22 op 
290 8d1b399b 2021-07-22 op 	if (event & EV_READ) {
291 8d1b399b 2021-07-22 op 		if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN)
292 8d1b399b 2021-07-22 op 			fatal("imsg_read error");
293 8d1b399b 2021-07-22 op 		if (n == 0)	/* Connection closed. */
294 8d1b399b 2021-07-22 op 			shut = 1;
295 8d1b399b 2021-07-22 op 	}
296 8d1b399b 2021-07-22 op 	if (event & EV_WRITE) {
297 8d1b399b 2021-07-22 op 		if ((n = msgbuf_write(&ibuf->w)) == -1 && errno != EAGAIN)
298 8d1b399b 2021-07-22 op 			fatal("msgbuf_write");
299 8d1b399b 2021-07-22 op 		if (n == 0)	/* Connection closed. */
300 8d1b399b 2021-07-22 op 			shut = 1;
301 8d1b399b 2021-07-22 op 	}
302 8d1b399b 2021-07-22 op 
303 8d1b399b 2021-07-22 op 	for (;;) {
304 8d1b399b 2021-07-22 op 		if ((n = imsg_get(ibuf, &imsg)) == -1)
305 8d1b399b 2021-07-22 op 			fatal("%s: imsg_get error", __func__);
306 8d1b399b 2021-07-22 op 		if (n == 0)	/* No more messages. */
307 8d1b399b 2021-07-22 op 			break;
308 8d1b399b 2021-07-22 op 
309 8d1b399b 2021-07-22 op 		switch (imsg.hdr.type) {
310 8d1b399b 2021-07-22 op 		case IMSG_CONTROLFD:
311 8d1b399b 2021-07-22 op 			if ((fd = imsg.fd) == -1)
312 8d1b399b 2021-07-22 op 				fatalx("%s: expected to receive imsg "
313 8d1b399b 2021-07-22 op 				    "control fd but didn't receive any",
314 8d1b399b 2021-07-22 op 				    __func__);
315 8d1b399b 2021-07-22 op 			/* Listen on control socket. */
316 8d1b399b 2021-07-22 op 			control_listen(fd);
317 8d1b399b 2021-07-22 op 			break;
318 8d1b399b 2021-07-22 op 		case IMSG_RECONF_CONF:
319 8d1b399b 2021-07-22 op 		case IMSG_RECONF_PKI:
320 8d1b399b 2021-07-22 op 		case IMSG_RECONF_PKI_CERT:
321 8d1b399b 2021-07-22 op 		case IMSG_RECONF_PKI_KEY:
322 8d1b399b 2021-07-22 op 		case IMSG_RECONF_LISTEN:
323 8d1b399b 2021-07-22 op 		case IMSG_RECONF_END:
324 8d1b399b 2021-07-22 op 			listener_receive_config(&imsg, &nconf, &pki);
325 8d1b399b 2021-07-22 op 			break;
326 8d1b399b 2021-07-22 op 		case IMSG_AUTH:
327 8d1b399b 2021-07-22 op 			find.id = imsg.hdr.peerid;
328 8d1b399b 2021-07-22 op 			client = SPLAY_FIND(clients_tree_id, &clients, &find);
329 8d1b399b 2021-07-22 op 			if (client == NULL) {
330 bd434b78 2021-07-26 op 				if (imsg.fd != -1)
331 8d1b399b 2021-07-22 op 					close(imsg.fd);
332 8d1b399b 2021-07-22 op 				break;
333 8d1b399b 2021-07-22 op 			}
334 8d1b399b 2021-07-22 op 			if (imsg.fd == -1) {
335 7de040bc 2021-07-26 op 				log_info("got fd = -1, auth failed?");
336 8d1b399b 2021-07-22 op 				close_conn(client);
337 8d1b399b 2021-07-22 op 				break;
338 8d1b399b 2021-07-22 op 			}
339 8d1b399b 2021-07-22 op 			imsg_init(&client->iev.ibuf, imsg.fd);
340 8d1b399b 2021-07-22 op 			client->iev.events = EV_READ;
341 8d1b399b 2021-07-22 op 			client->iev.handler = listener_dispatch_client;
342 8d1b399b 2021-07-22 op 			event_set(&client->iev.ev, client->iev.ibuf.fd,
343 8d1b399b 2021-07-22 op 			    client->iev.events, client->iev.handler, client);
344 8d1b399b 2021-07-22 op 			listener_imsg_compose_client(client, IMSG_AUTH,
345 adce5c38 2021-07-28 op 			    client->id, imsg.data, IMSG_DATA_SIZE(imsg));
346 8d1b399b 2021-07-22 op 			break;
347 8d1b399b 2021-07-22 op 		case IMSG_AUTH_DIR:
348 8d1b399b 2021-07-22 op 			find.id = imsg.hdr.peerid;
349 8d1b399b 2021-07-22 op 			client = SPLAY_FIND(clients_tree_id, &clients, &find);
350 8d1b399b 2021-07-22 op 			if (client == NULL) {
351 8d1b399b 2021-07-22 op 				log_info("got AUTH_DIR but client gone");
352 8d1b399b 2021-07-22 op 				break;
353 8d1b399b 2021-07-22 op 			}
354 8850afbc 2021-07-25 op 
355 8d1b399b 2021-07-22 op 			listener_imsg_compose_client(client, IMSG_AUTH_DIR,
356 8d1b399b 2021-07-22 op 			    0, imsg.data, IMSG_DATA_SIZE(imsg));
357 8850afbc 2021-07-25 op 
358 8d1b399b 2021-07-22 op 			client->bev = bufferevent_new(client->fd,
359 8d1b399b 2021-07-22 op 			    client_read, client_write, client_error,
360 8d1b399b 2021-07-22 op 			    client);
361 8d1b399b 2021-07-22 op 			if (client->bev == NULL) {
362 8d1b399b 2021-07-22 op 				log_info("failed to allocate client buffer");
363 8d1b399b 2021-07-22 op 				close_conn(client);
364 8d1b399b 2021-07-22 op 				return;
365 8d1b399b 2021-07-22 op 			}
366 2d96e64d 2021-07-28 op 
367 2d96e64d 2021-07-28 op #if HAVE_EVENT2
368 2d96e64d 2021-07-28 op 			evbuffer_unfreeze(client->bev->input, 0);
369 2d96e64d 2021-07-28 op 			evbuffer_unfreeze(client->bev->output, 1);
370 2d96e64d 2021-07-28 op #endif
371 fccfa871 2021-07-23 op 
372 fccfa871 2021-07-23 op 			listen = listen_by_id(client->lid);
373 fccfa871 2021-07-23 op 			if (listen->flags & L_TLS) {
374 fccfa871 2021-07-23 op 				event_set(&client->bev->ev_read, client->fd,
375 fccfa871 2021-07-23 op 				    EV_READ, client_tls_readcb, client->bev);
376 fccfa871 2021-07-23 op 				event_set(&client->bev->ev_write, client->fd,
377 fccfa871 2021-07-23 op 				    EV_WRITE, client_tls_writecb, client->bev);
378 fccfa871 2021-07-23 op 			}
379 8d1b399b 2021-07-22 op 
380 8850afbc 2021-07-25 op 			/*
381 8850afbc 2021-07-25 op 			 * Read or write at least a header before
382 8850afbc 2021-07-25 op 			 * firing the callbacks.  High watermark of 0
383 8850afbc 2021-07-25 op 			 * to never stop reading/writing; probably to
384 8850afbc 2021-07-25 op 			 * be revisited.
385 8850afbc 2021-07-25 op 			 */
386 67bfdd45 2021-07-27 op 			/* bufferevent_setwatermark(client->bev, EV_READ|EV_WRITE, */
387 67bfdd45 2021-07-27 op 			    /* sizeof(struct np_msg_header), 0); */
388 8d1b399b 2021-07-22 op 			bufferevent_enable(client->bev, EV_READ|EV_WRITE);
389 8d1b399b 2021-07-22 op 			break;
390 8850afbc 2021-07-25 op 
391 8d1b399b 2021-07-22 op 		default:
392 8d1b399b 2021-07-22 op 			log_debug("%s: unexpected imsg %d", __func__,
393 8d1b399b 2021-07-22 op 			    imsg.hdr.type);
394 8d1b399b 2021-07-22 op 			break;
395 8d1b399b 2021-07-22 op 		}
396 8d1b399b 2021-07-22 op 		imsg_free(&imsg);
397 8d1b399b 2021-07-22 op 	}
398 8d1b399b 2021-07-22 op 
399 8d1b399b 2021-07-22 op 	if (!shut)
400 8d1b399b 2021-07-22 op 		listener_imsg_event_add(iev, d);
401 8d1b399b 2021-07-22 op 	else {
402 8d1b399b 2021-07-22 op 		/* This pipe is dead.  Remove its event handler. */
403 8d1b399b 2021-07-22 op 		event_del(&iev->ev);
404 8d1b399b 2021-07-22 op 		log_warnx("pipe closed, shutting down...");
405 8d1b399b 2021-07-22 op 		event_loopexit(NULL);
406 8d1b399b 2021-07-22 op 	}
407 8d1b399b 2021-07-22 op }
408 8d1b399b 2021-07-22 op 
409 8d1b399b 2021-07-22 op int
410 8d1b399b 2021-07-22 op listener_imsg_compose_main(int type, uint32_t peerid, const void *data,
411 8d1b399b 2021-07-22 op     uint16_t datalen)
412 8d1b399b 2021-07-22 op {
413 8d1b399b 2021-07-22 op 	return imsg_compose_event(iev_main, type, peerid, 0, -1, data,
414 36da9bee 2021-08-31 op 	    datalen);
415 8d1b399b 2021-07-22 op }
416 8d1b399b 2021-07-22 op 
417 8d1b399b 2021-07-22 op static void
418 8d1b399b 2021-07-22 op listener_imsg_event_add(struct imsgev *iev, void *d)
419 8d1b399b 2021-07-22 op {
420 8d1b399b 2021-07-22 op 	iev->events = EV_READ;
421 8d1b399b 2021-07-22 op 	if (iev->ibuf.w.queued)
422 8d1b399b 2021-07-22 op 		iev->events |= EV_WRITE;
423 8d1b399b 2021-07-22 op 
424 8d1b399b 2021-07-22 op 	event_del(&iev->ev);
425 8d1b399b 2021-07-22 op 	event_set(&iev->ev, iev->ibuf.fd, iev->events, iev->handler, d);
426 8d1b399b 2021-07-22 op 	event_add(&iev->ev, NULL);
427 8d1b399b 2021-07-22 op }
428 8d1b399b 2021-07-22 op 
429 8d1b399b 2021-07-22 op static void
430 8d1b399b 2021-07-22 op listener_dispatch_client(int fd, short event, void *d)
431 8d1b399b 2021-07-22 op {
432 8d1b399b 2021-07-22 op         struct client	 find, *client = d;
433 8d1b399b 2021-07-22 op 	struct imsg	 imsg;
434 8d1b399b 2021-07-22 op 	struct imsgev	*iev;
435 8d1b399b 2021-07-22 op 	struct imsgbuf	*ibuf;
436 8d1b399b 2021-07-22 op 	ssize_t		 n;
437 8d1b399b 2021-07-22 op 	int		 r, shut = 0;
438 8d1b399b 2021-07-22 op 
439 8d1b399b 2021-07-22 op 	iev = &client->iev;
440 8d1b399b 2021-07-22 op 	ibuf = &iev->ibuf;
441 8d1b399b 2021-07-22 op 
442 8d1b399b 2021-07-22 op 	if (event & EV_READ) {
443 8d1b399b 2021-07-22 op 		if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN)
444 8d1b399b 2021-07-22 op 			fatal("imsg_read error");
445 8d1b399b 2021-07-22 op 		if (n == 0)	/* Connection closed */
446 8d1b399b 2021-07-22 op 			shut = 1;
447 8d1b399b 2021-07-22 op 	}
448 8d1b399b 2021-07-22 op 
449 8d1b399b 2021-07-22 op 	if (event & EV_WRITE) {
450 8d1b399b 2021-07-22 op 		if ((n = msgbuf_write(&ibuf->w)) == -1 && errno != EAGAIN)
451 8d1b399b 2021-07-22 op 			fatal("msgbuf_write");
452 8d1b399b 2021-07-22 op 		if (n == 0)	/* Connection closed. */
453 8d1b399b 2021-07-22 op 			shut = 1;
454 8d1b399b 2021-07-22 op 	}
455 8d1b399b 2021-07-22 op 
456 8d1b399b 2021-07-22 op 	for (;;) {
457 8d1b399b 2021-07-22 op 		if ((n = imsg_get(ibuf, &imsg)) == -1)
458 8d1b399b 2021-07-22 op 			fatal("%s: imsg_get error", __func__);
459 8d1b399b 2021-07-22 op 		if (n == 0)	/* No more messages. */
460 8d1b399b 2021-07-22 op 			break;
461 8d1b399b 2021-07-22 op 
462 8d1b399b 2021-07-22 op 		switch (imsg.hdr.type) {
463 8d1b399b 2021-07-22 op 		case IMSG_BUF:
464 8d1b399b 2021-07-22 op 			find.id = imsg.hdr.peerid;
465 8d1b399b 2021-07-22 op 			client = SPLAY_FIND(clients_tree_id, &clients, &find);
466 8d1b399b 2021-07-22 op 			if (client == NULL) {
467 8d1b399b 2021-07-22 op 				log_info("got IMSG_BUF but client (%d) gone",
468 8d1b399b 2021-07-22 op 				    imsg.hdr.peerid);
469 8d1b399b 2021-07-22 op 				break;
470 8d1b399b 2021-07-22 op 			}
471 8d1b399b 2021-07-22 op 			r = bufferevent_write(client->bev, imsg.data,
472 8d1b399b 2021-07-22 op 			    IMSG_DATA_SIZE(imsg));
473 8d1b399b 2021-07-22 op 			if (r == -1) {
474 8d1b399b 2021-07-22 op 				log_warn("%s: bufferevent_write failed",
475 8d1b399b 2021-07-22 op 				    __func__);
476 8d1b399b 2021-07-22 op 				close_conn(client);
477 8d1b399b 2021-07-22 op 				break;
478 8d1b399b 2021-07-22 op 			}
479 8d1b399b 2021-07-22 op 			break;
480 5c485996 2021-07-28 op 
481 5c485996 2021-07-28 op 		case IMSG_MSIZE:
482 5c485996 2021-07-28 op 			if (IMSG_DATA_SIZE(imsg) != sizeof(client->msize))
483 5c485996 2021-07-28 op 				fatal("IMSG_MSIZE size mismatch: "
484 5c485996 2021-07-28 op 				    "got %zu want %zu", IMSG_DATA_SIZE(imsg),
485 5c485996 2021-07-28 op 				    sizeof(client->msize));
486 5c485996 2021-07-28 op 
487 5c485996 2021-07-28 op 			memcpy(&client->msize, imsg.data,
488 5c485996 2021-07-28 op 			    sizeof(client->msize));
489 5c485996 2021-07-28 op 
490 5c485996 2021-07-28 op 			if (client->msize == 0)
491 5c485996 2021-07-28 op 				fatal("IMSG_MSIZE got msize = 0");
492 5c485996 2021-07-28 op 
493 5c485996 2021-07-28 op 			break;
494 5c485996 2021-07-28 op 
495 5c485996 2021-07-28 op 		case IMSG_CLOSE:
496 5c485996 2021-07-28 op 			/*
497 5c485996 2021-07-28 op 			 * Both EVBUFFER_READ or EVBUFFER_WRITE should
498 5c485996 2021-07-28 op 			 * be fine.
499 5c485996 2021-07-28 op 			 */
500 5c485996 2021-07-28 op 			client_error(client->bev, EVBUFFER_READ, client);
501 5c485996 2021-07-28 op 			break;
502 5c485996 2021-07-28 op 
503 8d1b399b 2021-07-22 op 		default:
504 8d1b399b 2021-07-22 op 			log_debug("%s: unexpected imsg %d", __func__,
505 8d1b399b 2021-07-22 op 			    imsg.hdr.type);
506 8d1b399b 2021-07-22 op 			break;
507 8d1b399b 2021-07-22 op 		}
508 8d1b399b 2021-07-22 op 		imsg_free(&imsg);
509 8d1b399b 2021-07-22 op 	}
510 8d1b399b 2021-07-22 op 
511 8d1b399b 2021-07-22 op 	if (!shut)
512 8d1b399b 2021-07-22 op 		listener_imsg_event_add(iev, d);
513 8d1b399b 2021-07-22 op 	else {
514 8d1b399b 2021-07-22 op 		/* This pipe is dead.  Remove its handler */
515 8d1b399b 2021-07-22 op 		log_debug("client proc vanished");
516 8d1b399b 2021-07-22 op                 close_conn(client);
517 8d1b399b 2021-07-22 op 	}
518 8d1b399b 2021-07-22 op }
519 8d1b399b 2021-07-22 op 
520 8d1b399b 2021-07-22 op static int
521 8d1b399b 2021-07-22 op listener_imsg_compose_client(struct client *client, int type,
522 8d1b399b 2021-07-22 op     uint32_t peerid, const void *data, uint16_t len)
523 8d1b399b 2021-07-22 op {
524 8d1b399b 2021-07-22 op 	int ret;
525 8d1b399b 2021-07-22 op 
526 8d1b399b 2021-07-22 op 	if ((ret = imsg_compose(&client->iev.ibuf, type, peerid, 0, -1,
527 8d1b399b 2021-07-22 op 	    data, len)) != -1)
528 8d1b399b 2021-07-22 op 		listener_imsg_event_add(&client->iev, client);
529 8d1b399b 2021-07-22 op 
530 8d1b399b 2021-07-22 op 	return ret;
531 8d1b399b 2021-07-22 op }
532 8d1b399b 2021-07-22 op 
533 8d1b399b 2021-07-22 op static inline struct kd_pki_conf *
534 8d1b399b 2021-07-22 op pki_by_name(const char *name)
535 8d1b399b 2021-07-22 op {
536 8d1b399b 2021-07-22 op         struct kd_pki_conf *pki;
537 8d1b399b 2021-07-22 op 
538 c25feded 2021-07-26 op 	STAILQ_FOREACH(pki, &listener_conf->pki_head, entry) {
539 8d1b399b 2021-07-22 op 		if (!strcmp(name, pki->name))
540 8d1b399b 2021-07-22 op 			return pki;
541 8d1b399b 2021-07-22 op 	}
542 8d1b399b 2021-07-22 op 
543 8d1b399b 2021-07-22 op 	return NULL;
544 8d1b399b 2021-07-22 op }
545 8d1b399b 2021-07-22 op 
546 8d1b399b 2021-07-22 op static void
547 8d1b399b 2021-07-22 op apply_config(struct kd_conf *conf)
548 8d1b399b 2021-07-22 op {
549 8d1b399b 2021-07-22 op 	struct kd_pki_conf *pki;
550 8d1b399b 2021-07-22 op 	struct kd_listen_conf *listen;
551 8d1b399b 2021-07-22 op 
552 8d1b399b 2021-07-22 op 	listener_conf = conf;
553 8d1b399b 2021-07-22 op 
554 8d1b399b 2021-07-22 op 	/* prepare the various tls_config */
555 c25feded 2021-07-26 op 	STAILQ_FOREACH(pki, &listener_conf->pki_head, entry) {
556 8d1b399b 2021-07-22 op 		if ((pki->tlsconf = tls_config_new()) == NULL)
557 8d1b399b 2021-07-22 op 			fatal("tls_config_new");
558 8d1b399b 2021-07-22 op 		tls_config_verify_client_optional(pki->tlsconf);
559 8d1b399b 2021-07-22 op 		tls_config_insecure_noverifycert(pki->tlsconf);
560 8d1b399b 2021-07-22 op 		if (tls_config_set_keypair_mem(pki->tlsconf,
561 8d1b399b 2021-07-22 op 		    pki->cert, pki->certlen,
562 8d1b399b 2021-07-22 op 		    pki->key, pki->keylen) == -1)
563 8d1b399b 2021-07-22 op 			fatalx("tls_config_set_keypair_mem: %s",
564 8d1b399b 2021-07-22 op 			    tls_config_error(pki->tlsconf));
565 8d1b399b 2021-07-22 op 	}
566 8d1b399b 2021-07-22 op 
567 8d1b399b 2021-07-22 op 	/* prepare and kickoff the listeners */
568 c25feded 2021-07-26 op 	STAILQ_FOREACH(listen, &listener_conf->listen_head, entry) {
569 8d1b399b 2021-07-22 op 		if ((listen->ctx = tls_server()) == NULL)
570 8d1b399b 2021-07-22 op 			fatal("tls_server");
571 8d1b399b 2021-07-22 op 
572 8d1b399b 2021-07-22 op 		pki = pki_by_name(listen->pki);
573 8d1b399b 2021-07-22 op 		if (tls_configure(listen->ctx, pki->tlsconf) == -1)
574 8d1b399b 2021-07-22 op 			fatalx("tls_configure: %s",
575 8d1b399b 2021-07-22 op 			    tls_config_error(pki->tlsconf));
576 8d1b399b 2021-07-22 op 
577 8d1b399b 2021-07-22 op 		event_set(&listen->ev, listen->fd, EV_READ|EV_PERSIST,
578 8d1b399b 2021-07-22 op 		    handle_accept, listen);
579 8d1b399b 2021-07-22 op 		event_add(&listen->ev, NULL);
580 8d1b399b 2021-07-22 op 	}
581 8d1b399b 2021-07-22 op }
582 8d1b399b 2021-07-22 op 
583 8d1b399b 2021-07-22 op static inline void
584 8d1b399b 2021-07-22 op yield_r(struct client *c, void (*fn)(int, short, void *))
585 8d1b399b 2021-07-22 op {
586 8d1b399b 2021-07-22 op 	if (event_pending(&c->event, EV_WRITE|EV_READ, NULL))
587 8d1b399b 2021-07-22 op 		event_del(&c->event);
588 8d1b399b 2021-07-22 op 	event_set(&c->event, c->fd, EV_READ, fn, c);
589 8d1b399b 2021-07-22 op 	event_add(&c->event, NULL);
590 8d1b399b 2021-07-22 op }
591 8d1b399b 2021-07-22 op 
592 8d1b399b 2021-07-22 op static inline void
593 8d1b399b 2021-07-22 op yield_w(struct client *c, void (*fn)(int, short, void *))
594 8d1b399b 2021-07-22 op {
595 8d1b399b 2021-07-22 op 	if (event_pending(&c->event, EV_WRITE|EV_READ, NULL))
596 8d1b399b 2021-07-22 op 		event_del(&c->event);
597 8d1b399b 2021-07-22 op 	event_set(&c->event, c->fd, EV_WRITE, fn, c);
598 8d1b399b 2021-07-22 op 	event_add(&c->event, NULL);
599 8d1b399b 2021-07-22 op }
600 8d1b399b 2021-07-22 op 
601 8d1b399b 2021-07-22 op static inline uint32_t
602 8d1b399b 2021-07-22 op random_id(void)
603 8d1b399b 2021-07-22 op {
604 52ef585b 2021-07-23 op #if HAVE_ARC4RANDOM
605 9398fd28 2021-07-23 op # define RANDID() arc4random()
606 53dd4db6 2021-07-23 op #else
607 53dd4db6 2021-07-23 op 	/* not as pretty as a random id */
608 53dd4db6 2021-07-23 op 	static uint32_t counter = 0;
609 9398fd28 2021-07-23 op # define RANDID() counter++
610 9398fd28 2021-07-23 op #endif
611 53dd4db6 2021-07-23 op 
612 9398fd28 2021-07-23 op 	struct client find, *res;
613 9398fd28 2021-07-23 op 
614 53dd4db6 2021-07-23 op 	for (;;) {
615 9398fd28 2021-07-23 op 		find.id = RANDID();
616 8d1b399b 2021-07-22 op 		res = SPLAY_FIND(clients_tree_id, &clients, &find);
617 8d1b399b 2021-07-22 op 		if (res == NULL)
618 8d1b399b 2021-07-22 op 			return find.id;
619 8d1b399b 2021-07-22 op 	}
620 9398fd28 2021-07-23 op 
621 9398fd28 2021-07-23 op #undef RANDID
622 8d1b399b 2021-07-22 op }
623 8d1b399b 2021-07-22 op 
624 8d1b399b 2021-07-22 op static void
625 8d1b399b 2021-07-22 op handle_accept(int fd, short ev, void *data)
626 8d1b399b 2021-07-22 op {
627 8d1b399b 2021-07-22 op 	struct kd_listen_conf *listen = data;
628 8d1b399b 2021-07-22 op 	struct client *c;
629 8d1b399b 2021-07-22 op 	int s;
630 8d1b399b 2021-07-22 op 
631 8d1b399b 2021-07-22 op 	if ((s = accept(fd, NULL, NULL)) == -1) {
632 8d1b399b 2021-07-22 op 		log_warn("accept");
633 8d1b399b 2021-07-22 op 		return;
634 8d1b399b 2021-07-22 op 	}
635 8d1b399b 2021-07-22 op 
636 8d1b399b 2021-07-22 op 	c = xcalloc(1, sizeof(*c));
637 aeb5a578 2021-07-28 op 	c->msize = MSIZE9P;
638 0ca6718e 2021-07-22 op 	c->lid = listen->id;
639 8d1b399b 2021-07-22 op 	c->iev.ibuf.fd = -1;
640 8d1b399b 2021-07-22 op 
641 8d1b399b 2021-07-22 op 	if (tls_accept_socket(listen->ctx, &c->ctx, s) == -1) {
642 8d1b399b 2021-07-22 op 		log_warnx("tls_accept_socket: %s",
643 8d1b399b 2021-07-22 op 		    tls_error(listen->ctx));
644 8d1b399b 2021-07-22 op 		free(c);
645 8d1b399b 2021-07-22 op 		close(s);
646 8d1b399b 2021-07-22 op 		return;
647 8d1b399b 2021-07-22 op 	}
648 8d1b399b 2021-07-22 op 
649 8d1b399b 2021-07-22 op 	c->fd = s;
650 8d1b399b 2021-07-22 op 	c->id = random_id();
651 8d1b399b 2021-07-22 op 
652 8d1b399b 2021-07-22 op 	SPLAY_INSERT(clients_tree_id, &clients, c);
653 8d1b399b 2021-07-22 op 
654 8d1b399b 2021-07-22 op 	/* initialize the event */
655 8d1b399b 2021-07-22 op 	event_set(&c->event, c->fd, EV_READ, NULL, NULL);
656 8d1b399b 2021-07-22 op 
657 8d1b399b 2021-07-22 op 	yield_r(c, handle_handshake);
658 8d1b399b 2021-07-22 op }
659 8d1b399b 2021-07-22 op 
660 8d1b399b 2021-07-22 op static void
661 8d1b399b 2021-07-22 op handle_handshake(int fd, short ev, void *data)
662 8d1b399b 2021-07-22 op {
663 8d1b399b 2021-07-22 op 	struct client *c = data;
664 0ca6718e 2021-07-22 op 	struct kd_auth_req auth;
665 8d1b399b 2021-07-22 op 	ssize_t r;
666 8d1b399b 2021-07-22 op 	const char *hash;
667 8d1b399b 2021-07-22 op 
668 8d1b399b 2021-07-22 op 	switch (r = tls_handshake(c->ctx)) {
669 8d1b399b 2021-07-22 op 	case TLS_WANT_POLLIN:
670 8d1b399b 2021-07-22 op 		yield_r(c, handle_handshake);
671 8d1b399b 2021-07-22 op 		return;
672 8d1b399b 2021-07-22 op 	case TLS_WANT_POLLOUT:
673 8d1b399b 2021-07-22 op 		yield_w(c, handle_handshake);
674 8d1b399b 2021-07-22 op 		return;
675 8d1b399b 2021-07-22 op 	case -1:
676 8d1b399b 2021-07-22 op 		log_debug("handhsake failed: %s", tls_error(c->ctx));
677 8d1b399b 2021-07-22 op 		close_conn(c);
678 8d1b399b 2021-07-22 op 		return;
679 8d1b399b 2021-07-22 op 	}
680 8d1b399b 2021-07-22 op 
681 8d1b399b 2021-07-22 op 	if ((hash = tls_peer_cert_hash(c->ctx)) == NULL) {
682 8d1b399b 2021-07-22 op 		log_warnx("client didn't provide certificate");
683 8d1b399b 2021-07-22 op 		close_conn(c);
684 8d1b399b 2021-07-22 op 		return;
685 8d1b399b 2021-07-22 op 	}
686 0ca6718e 2021-07-22 op 
687 0ca6718e 2021-07-22 op 	memset(&auth, 0, sizeof(auth));
688 0ca6718e 2021-07-22 op 	auth.listen_id = c->lid;
689 0ca6718e 2021-07-22 op 	strlcpy(auth.hash, hash, sizeof(auth.hash));
690 0ca6718e 2021-07-22 op 	log_debug("sending hash %s", auth.hash);
691 8d1b399b 2021-07-22 op 
692 8d1b399b 2021-07-22 op 	listener_imsg_compose_main(IMSG_AUTH_TLS, c->id,
693 0ca6718e 2021-07-22 op 	    &auth, sizeof(auth));
694 8d1b399b 2021-07-22 op }
695 8d1b399b 2021-07-22 op 
696 8d1b399b 2021-07-22 op static void
697 8d1b399b 2021-07-22 op client_read(struct bufferevent *bev, void *d)
698 8d1b399b 2021-07-22 op {
699 8d1b399b 2021-07-22 op 	struct client	*client = d;
700 8d1b399b 2021-07-22 op 	struct evbuffer	*src = EVBUFFER_INPUT(bev);
701 8850afbc 2021-07-25 op 	uint32_t	 len;
702 8d1b399b 2021-07-22 op 
703 8850afbc 2021-07-25 op 	for (;;) {
704 8850afbc 2021-07-25 op 		if (EVBUFFER_LENGTH(src) < 4)
705 8850afbc 2021-07-25 op 			return;
706 8d1b399b 2021-07-22 op 
707 8850afbc 2021-07-25 op 		memcpy(&len, EVBUFFER_DATA(src), sizeof(len));
708 8850afbc 2021-07-25 op 		len = le32toh(len);
709 133a47ac 2021-07-28 op 		log_debug("expecting a message %"PRIu32" bytes long "
710 133a47ac 2021-07-28 op 		    "(of wich %zu already read)",
711 133a47ac 2021-07-28 op 		    len, EVBUFFER_LENGTH(src));
712 4bc78402 2021-08-01 op 
713 4bc78402 2021-08-01 op 		if (len < HEADERSIZE) {
714 4bc78402 2021-08-01 op 			log_warnx("invalid message size %d (too low)", len);
715 4bc78402 2021-08-01 op 			client_error(bev, EVBUFFER_READ, client);
716 4bc78402 2021-08-01 op 			return;
717 4bc78402 2021-08-01 op 		}
718 8850afbc 2021-07-25 op 
719 aeb5a578 2021-07-28 op 		if (len > client->msize) {
720 aeb5a578 2021-07-28 op 			log_warnx("incoming message bigger than msize "
721 aeb5a578 2021-07-28 op 			    "(%"PRIu32" vs %"PRIu32")", len, client->msize);
722 aeb5a578 2021-07-28 op 			client_error(bev, EVBUFFER_READ, client);
723 aeb5a578 2021-07-28 op 			return;
724 aeb5a578 2021-07-28 op 		}
725 aeb5a578 2021-07-28 op 
726 8850afbc 2021-07-25 op 		if (len > EVBUFFER_LENGTH(src))
727 8850afbc 2021-07-25 op 			return;
728 8850afbc 2021-07-25 op 
729 8850afbc 2021-07-25 op 		listener_imsg_compose_client(client, IMSG_BUF, client->id,
730 8850afbc 2021-07-25 op 		    EVBUFFER_DATA(src), len);
731 8850afbc 2021-07-25 op 		evbuffer_drain(src, len);
732 8850afbc 2021-07-25 op 	}
733 8d1b399b 2021-07-22 op }
734 8d1b399b 2021-07-22 op 
735 8d1b399b 2021-07-22 op static void
736 8d1b399b 2021-07-22 op client_write(struct bufferevent *bev, void *d)
737 8d1b399b 2021-07-22 op {
738 8d1b399b 2021-07-22 op 	/*
739 8d1b399b 2021-07-22 op 	 * here we can do some fancy logic like deciding when to call
740 8d1b399b 2021-07-22 op 	 *
741 8d1b399b 2021-07-22 op 	 *	(*bev->errorcb)(bev, EVBUFFER_WRITE, bev->cbarg)
742 8d1b399b 2021-07-22 op 	 *
743 8d1b399b 2021-07-22 op 	 * to signal the end of the transaction.
744 8d1b399b 2021-07-22 op 	 */
745 8d1b399b 2021-07-22 op 
746 8d1b399b 2021-07-22 op 	return;
747 8d1b399b 2021-07-22 op }
748 8d1b399b 2021-07-22 op 
749 8d1b399b 2021-07-22 op static void
750 8d1b399b 2021-07-22 op client_error(struct bufferevent *bev, short err, void *d)
751 8d1b399b 2021-07-22 op {
752 8d1b399b 2021-07-22 op 	struct client	*client = d;
753 8d1b399b 2021-07-22 op 	struct evbuffer	*buf;
754 8d1b399b 2021-07-22 op 
755 8d1b399b 2021-07-22 op         if (err & EVBUFFER_ERROR) {
756 8d1b399b 2021-07-22 op 		if (errno == EFBIG) {
757 8d1b399b 2021-07-22 op 			bufferevent_enable(bev, EV_READ);
758 8d1b399b 2021-07-22 op 			return;
759 8d1b399b 2021-07-22 op 		}
760 8d1b399b 2021-07-22 op 		log_debug("buffer event error");
761 8d1b399b 2021-07-22 op                 close_conn(client);
762 8d1b399b 2021-07-22 op 		return;
763 8d1b399b 2021-07-22 op 	}
764 8d1b399b 2021-07-22 op 
765 8d1b399b 2021-07-22 op 	if (err & EVBUFFER_EOF) {
766 8d1b399b 2021-07-22 op                 close_conn(client);
767 8d1b399b 2021-07-22 op 		return;
768 8d1b399b 2021-07-22 op 	}
769 8d1b399b 2021-07-22 op 
770 8d1b399b 2021-07-22 op 	if (err & (EVBUFFER_READ|EVBUFFER_WRITE)) {
771 8d1b399b 2021-07-22 op 		bufferevent_disable(bev, EV_READ|EV_WRITE);
772 8d1b399b 2021-07-22 op 		client->done = 1;
773 8d1b399b 2021-07-22 op 
774 8d1b399b 2021-07-22 op 		buf = EVBUFFER_OUTPUT(client->bev);
775 8d1b399b 2021-07-22 op 		if (EVBUFFER_LENGTH(buf) != 0) {
776 8d1b399b 2021-07-22 op 			/* finish writing all the data first */
777 8d1b399b 2021-07-22 op 			bufferevent_enable(client->bev, EV_WRITE);
778 8d1b399b 2021-07-22 op 			return;
779 8d1b399b 2021-07-22 op 		}
780 8d1b399b 2021-07-22 op 
781 8d1b399b 2021-07-22 op 		close_conn(client);
782 8d1b399b 2021-07-22 op 		return;
783 8d1b399b 2021-07-22 op 	}
784 8d1b399b 2021-07-22 op 
785 8d1b399b 2021-07-22 op 	log_warnx("unknown event error, closing client connection");
786 8d1b399b 2021-07-22 op 	close_conn(client);
787 8d1b399b 2021-07-22 op }
788 8d1b399b 2021-07-22 op 
789 8d1b399b 2021-07-22 op static void
790 8d1b399b 2021-07-22 op client_tls_readcb(int fd, short event, void *d)
791 8d1b399b 2021-07-22 op {
792 8d1b399b 2021-07-22 op 	struct bufferevent	*bufev = d;
793 8d1b399b 2021-07-22 op 	struct client		*client = bufev->cbarg;
794 77694967 2021-07-26 op 	char			 buf[IBUF_READ_SIZE];
795 8d1b399b 2021-07-22 op 	int			 what = EVBUFFER_READ;
796 8d1b399b 2021-07-22 op 	int			 howmuch = IBUF_READ_SIZE;
797 8d1b399b 2021-07-22 op 	ssize_t			 ret;
798 8d1b399b 2021-07-22 op 	size_t			 len;
799 8d1b399b 2021-07-22 op 
800 8d1b399b 2021-07-22 op 	if (event == EV_TIMEOUT) {
801 8d1b399b 2021-07-22 op 		what |= EVBUFFER_TIMEOUT;
802 8d1b399b 2021-07-22 op 		goto err;
803 8d1b399b 2021-07-22 op 	}
804 8d1b399b 2021-07-22 op 
805 8d1b399b 2021-07-22 op 	if (bufev->wm_read.high != 0)
806 8d1b399b 2021-07-22 op 		howmuch = MIN(sizeof(buf), bufev->wm_read.high);
807 8d1b399b 2021-07-22 op 
808 8d1b399b 2021-07-22 op         switch (ret = tls_read(client->ctx, buf, howmuch)) {
809 8d1b399b 2021-07-22 op 	case TLS_WANT_POLLIN:
810 8d1b399b 2021-07-22 op 	case TLS_WANT_POLLOUT:
811 8d1b399b 2021-07-22 op 		goto retry;
812 8d1b399b 2021-07-22 op 	case -1:
813 8d1b399b 2021-07-22 op 		what |= EVBUFFER_ERROR;
814 8d1b399b 2021-07-22 op 		goto err;
815 8d1b399b 2021-07-22 op 	}
816 8d1b399b 2021-07-22 op 	len = ret;
817 8d1b399b 2021-07-22 op 
818 8d1b399b 2021-07-22 op 	if (len == 0) {
819 8d1b399b 2021-07-22 op 		what |= EVBUFFER_EOF;
820 8d1b399b 2021-07-22 op 		goto err;
821 8d1b399b 2021-07-22 op 	}
822 8d1b399b 2021-07-22 op 
823 2d96e64d 2021-07-28 op 	if (evbuffer_add(bufev->input, buf, len) == -1) {
824 8d1b399b 2021-07-22 op 		what |= EVBUFFER_ERROR;
825 8d1b399b 2021-07-22 op 		goto err;
826 8d1b399b 2021-07-22 op 	}
827 8d1b399b 2021-07-22 op 
828 8d1b399b 2021-07-22 op 	event_add(&bufev->ev_read, NULL);
829 8d1b399b 2021-07-22 op 
830 8d1b399b 2021-07-22 op 	len = EVBUFFER_LENGTH(bufev->input);
831 8d1b399b 2021-07-22 op 	if (bufev->wm_read.low != 0 && len < bufev->wm_read.low)
832 8d1b399b 2021-07-22 op 		return;
833 8d1b399b 2021-07-22 op 	if (bufev->wm_read.high != 0 && len > bufev->wm_read.high) {
834 8d1b399b 2021-07-22 op 		/*
835 8d1b399b 2021-07-22 op 		 * here we could implement some read pressure
836 8d1b399b 2021-07-22 op 		 * mechanism.
837 8d1b399b 2021-07-22 op 		 */
838 8d1b399b 2021-07-22 op 	}
839 8d1b399b 2021-07-22 op 
840 8d1b399b 2021-07-22 op 	if (bufev->readcb != NULL)
841 8d1b399b 2021-07-22 op 		(*bufev->readcb)(bufev, bufev->cbarg);
842 8d1b399b 2021-07-22 op 
843 8d1b399b 2021-07-22 op 	return;
844 8d1b399b 2021-07-22 op 
845 8d1b399b 2021-07-22 op retry:
846 8d1b399b 2021-07-22 op 	event_add(&bufev->ev_read, NULL);
847 8d1b399b 2021-07-22 op 	return;
848 8d1b399b 2021-07-22 op 
849 8d1b399b 2021-07-22 op err:
850 8d1b399b 2021-07-22 op 	(*bufev->errorcb)(bufev, what, bufev->cbarg);
851 8d1b399b 2021-07-22 op }
852 8d1b399b 2021-07-22 op 
853 8d1b399b 2021-07-22 op static void
854 8d1b399b 2021-07-22 op client_tls_writecb(int fd, short event, void *d)
855 8d1b399b 2021-07-22 op {
856 8d1b399b 2021-07-22 op 	struct bufferevent	*bufev = d;
857 8d1b399b 2021-07-22 op 	struct client		*client = bufev->cbarg;
858 8d1b399b 2021-07-22 op 	ssize_t			 ret;
859 8d1b399b 2021-07-22 op 	size_t			 len;
860 8d1b399b 2021-07-22 op 	short			 what = EVBUFFER_WRITE;
861 8d1b399b 2021-07-22 op 
862 8d1b399b 2021-07-22 op 	if (event == EV_TIMEOUT) {
863 8d1b399b 2021-07-22 op 		what |= EVBUFFER_TIMEOUT;
864 8d1b399b 2021-07-22 op 		goto err;
865 8d1b399b 2021-07-22 op 	}
866 8d1b399b 2021-07-22 op 
867 8d1b399b 2021-07-22 op 	if (EVBUFFER_LENGTH(bufev->output) != 0) {
868 8d1b399b 2021-07-22 op 		ret = tls_write(client->ctx,
869 8d1b399b 2021-07-22 op 		    EVBUFFER_DATA(bufev->output),
870 8d1b399b 2021-07-22 op 		    EVBUFFER_LENGTH(bufev->output));
871 8d1b399b 2021-07-22 op 		switch (ret) {
872 8d1b399b 2021-07-22 op 		case TLS_WANT_POLLIN:
873 8d1b399b 2021-07-22 op 		case TLS_WANT_POLLOUT:
874 8d1b399b 2021-07-22 op 			goto retry;
875 8d1b399b 2021-07-22 op 		case -1:
876 8d1b399b 2021-07-22 op 			what |= EVBUFFER_ERROR;
877 8d1b399b 2021-07-22 op 			goto err;
878 8d1b399b 2021-07-22 op 		}
879 8d1b399b 2021-07-22 op 		len = ret;
880 8d1b399b 2021-07-22 op 		evbuffer_drain(bufev->output, len);
881 8d1b399b 2021-07-22 op 	}
882 8d1b399b 2021-07-22 op 
883 8d1b399b 2021-07-22 op 	if (EVBUFFER_LENGTH(bufev->output) != 0)
884 8d1b399b 2021-07-22 op 		event_add(&bufev->ev_write, NULL);
885 8d1b399b 2021-07-22 op 
886 8d1b399b 2021-07-22 op 	if (bufev->writecb != NULL &&
887 8d1b399b 2021-07-22 op 	    EVBUFFER_LENGTH(bufev->output) <= bufev->wm_write.low)
888 8d1b399b 2021-07-22 op 		(*bufev->writecb)(bufev, bufev->cbarg);
889 8d1b399b 2021-07-22 op 	return;
890 8d1b399b 2021-07-22 op 
891 8d1b399b 2021-07-22 op retry:
892 8d1b399b 2021-07-22 op 	event_add(&bufev->ev_write, NULL);
893 8d1b399b 2021-07-22 op 	return;
894 8d1b399b 2021-07-22 op 
895 8d1b399b 2021-07-22 op err:
896 8d1b399b 2021-07-22 op 	(*bufev->errorcb)(bufev, what, bufev->cbarg);
897 8d1b399b 2021-07-22 op }
898 8d1b399b 2021-07-22 op 
899 8d1b399b 2021-07-22 op static void
900 8d1b399b 2021-07-22 op close_conn(struct client *c)
901 8d1b399b 2021-07-22 op {
902 8d1b399b 2021-07-22 op 	log_debug("closing connection");
903 8d1b399b 2021-07-22 op 
904 8d1b399b 2021-07-22 op 	if (c->iev.ibuf.fd != -1) {
905 8d1b399b 2021-07-22 op 		listener_imsg_compose_client(c, IMSG_CONN_GONE, 0, NULL, 0);
906 8d1b399b 2021-07-22 op 		imsg_flush(&c->iev.ibuf);
907 8d1b399b 2021-07-22 op 		msgbuf_clear(&c->iev.ibuf.w);
908 8d1b399b 2021-07-22 op 		event_del(&c->iev.ev);
909 8d1b399b 2021-07-22 op 		close(c->iev.ibuf.fd);
910 8d1b399b 2021-07-22 op 	}
911 8d1b399b 2021-07-22 op 
912 8d1b399b 2021-07-22 op 	handle_close(c->fd, 0, c);
913 8d1b399b 2021-07-22 op }
914 8d1b399b 2021-07-22 op 
915 8d1b399b 2021-07-22 op static void
916 8d1b399b 2021-07-22 op handle_close(int fd, short ev, void *d)
917 8d1b399b 2021-07-22 op {
918 8d1b399b 2021-07-22 op 	struct client *c = d;
919 8d1b399b 2021-07-22 op 
920 8d1b399b 2021-07-22 op 	switch (tls_close(c->ctx)) {
921 8d1b399b 2021-07-22 op 	case TLS_WANT_POLLIN:
922 8d1b399b 2021-07-22 op 		yield_r(c, handle_close);
923 8d1b399b 2021-07-22 op 		return;
924 8d1b399b 2021-07-22 op 	case TLS_WANT_POLLOUT:
925 8d1b399b 2021-07-22 op 		yield_w(c, handle_close);
926 8d1b399b 2021-07-22 op 		return;
927 8d1b399b 2021-07-22 op 	}
928 8d1b399b 2021-07-22 op 
929 8d1b399b 2021-07-22 op 	event_del(&c->event);
930 8d1b399b 2021-07-22 op 	tls_free(c->ctx);
931 8d1b399b 2021-07-22 op 	close(c->fd);
932 8d1b399b 2021-07-22 op 	free(c);
933 8d1b399b 2021-07-22 op }