2 * Copyright (c) 2021, 2022 Omar Polo <op@omarpolo.com>
3 * Copyright (c) 2018 Florian Obser <florian@openbsd.org>
4 * Copyright (c) 2004, 2005 Claudio Jeker <claudio@openbsd.org>
5 * Copyright (c) 2004 Esben Norby <norby@openbsd.org>
6 * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
8 * Permission to use, copy, modify, and distribute this software for any
9 * purpose with or without fee is hereby granted, provided that the above
10 * copyright notice and this permission notice appear in all copies.
12 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
13 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
14 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
15 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
16 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
23 #include <sys/socket.h>
24 #include <sys/types.h>
47 #define IMSG_MAXSIZE (MAX_IMSGSIZE - IMSG_HEADER_SIZE)
49 static struct kd_conf *listener_conf;
50 static struct imsgev *iev_main;
52 static void listener_sig_handler(int, short, void *);
53 __dead void listener_shutdown(void);
55 SPLAY_HEAD(clients_tree_id, client) clients;
67 struct bufferevent *bev;
68 SPLAY_ENTRY(client) sp_entry;
71 static void listener_imsg_event_add(struct imsgev *, void *);
72 static void listener_dispatch_client(int, short, void *);
73 static int listener_imsg_compose_client(struct client *, int,
74 uint32_t, const void *, uint16_t);
76 static void apply_config(struct kd_conf *);
77 static void handle_accept(int, short, void *);
79 static void handle_handshake(int, short, void *);
80 static void client_read(struct bufferevent *, void *);
81 static void client_write(struct bufferevent *, void *);
82 static void client_error(struct bufferevent *, short, void *);
83 static void client_tls_readcb(int, short, void *);
84 static void client_tls_writecb(int, short, void *);
85 static void close_conn(struct client *);
86 static void handle_close(int, short, void *);
89 clients_tree_cmp(struct client *a, struct client *b)
93 else if (a->id < b->id)
99 SPLAY_PROTOTYPE(clients_tree_id, client, sp_entry, clients_tree_cmp);
100 SPLAY_GENERATE(clients_tree_id, client, sp_entry, clients_tree_cmp)
103 listener_sig_handler(int sig, short event, void *d)
106 * Normal signal handler rules don't apply because libevent
115 fatalx("unexpected signal %d", sig);
120 listener(int debug, int verbose)
122 struct event ev_sigint, ev_sigterm;
125 /* listener_conf = config_new_empty(); */
127 log_init(debug, LOG_DAEMON);
128 log_setverbose(verbose);
130 if ((pw = getpwnam(KD_USER)) == NULL)
133 if (chroot(pw->pw_dir) == -1)
135 if (chdir("/") == -1)
136 fatal("chdir(\"/\")");
138 setproctitle("listener");
139 log_procinit("listener");
141 if (setgroups(1, &pw->pw_gid) ||
142 setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) ||
143 setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
144 fatal("can't drop privileges");
148 /* Setup signal handlers(s). */
149 signal_set(&ev_sigint, SIGINT, listener_sig_handler, NULL);
150 signal_set(&ev_sigterm, SIGTERM, listener_sig_handler, NULL);
152 signal_add(&ev_sigint, NULL);
153 signal_add(&ev_sigterm, NULL);
155 signal(SIGPIPE, SIG_IGN);
156 signal(SIGHUP, SIG_IGN);
158 /* Setup pipe and event handler to the main process. */
159 if ((iev_main = malloc(sizeof(*iev_main))) == NULL)
162 imsg_init(&iev_main->ibuf, 3);
163 iev_main->handler = listener_dispatch_main;
165 /* Setup event handlers. */
166 iev_main->events = EV_READ;
167 event_set(&iev_main->ev, iev_main->ibuf.fd, iev_main->events,
168 iev_main->handler, iev_main);
169 event_add(&iev_main->ev, NULL);
177 listener_shutdown(void)
179 msgbuf_clear(&iev_main->ibuf.w);
180 close(iev_main->ibuf.fd);
182 clear_config(listener_conf);
186 log_info("listener exiting");
191 listener_receive_config(struct imsg *imsg, struct kd_conf **nconf,
192 struct kd_pki_conf **pki)
194 struct kd_listen_conf *listen;
197 switch (imsg->hdr.type) {
198 case IMSG_RECONF_CONF:
200 fatalx("%s: IMSG_RECONF_CONF already in "
201 "progress", __func__);
203 if (IMSG_DATA_SIZE(*imsg) != sizeof(struct kd_conf))
204 fatalx("%s: IMSG_RECONF_CONF wrong length: %lu",
205 __func__, IMSG_DATA_SIZE(*imsg));
206 if ((*nconf = malloc(sizeof(**nconf))) == NULL)
208 memcpy(*nconf, imsg->data, sizeof(**nconf));
209 STAILQ_INIT(&(*nconf)->pki_head);
210 STAILQ_INIT(&(*nconf)->table_head);
211 STAILQ_INIT(&(*nconf)->listen_head);
213 case IMSG_RECONF_PKI:
215 fatalx("%s: IMSG_RECONF_PKI without "
216 "IMSG_RECONF_CONF", __func__);
217 *pki = xcalloc(1, sizeof(**pki));
219 t[IMSG_DATA_SIZE(*imsg)-1] = '\0';
220 strlcpy((*pki)->name, t, sizeof((*pki)->name));
222 case IMSG_RECONF_PKI_CERT:
224 fatalx("%s: IMSG_RECONF_PKI_CERT without "
225 "IMSG_RECONF_PKI", __func__);
226 (*pki)->certlen = IMSG_DATA_SIZE(*imsg);
227 (*pki)->cert = xmemdup(imsg->data, (*pki)->certlen);
229 case IMSG_RECONF_PKI_KEY:
231 fatalx("%s: IMSG_RECONF_PKI_KEY without "
232 "IMSG_RECONF_PKI", __func__);
233 (*pki)->keylen = IMSG_DATA_SIZE(*imsg);
234 (*pki)->key = xmemdup(imsg->data, (*pki)->keylen);
235 STAILQ_INSERT_HEAD(&(*nconf)->pki_head, *pki, entry);
238 case IMSG_RECONF_LISTEN:
240 fatalx("%s: IMSG_RECONF_LISTEN without "
241 "IMSG_RECONF_CONF", __func__);
242 if (IMSG_DATA_SIZE(*imsg) != sizeof(*listen))
243 fatalx("%s: IMSG_RECONF_LISTEN wrong length: %lu",
244 __func__, IMSG_DATA_SIZE(*imsg));
245 listen = xcalloc(1, sizeof(*listen));
246 memcpy(listen, imsg->data, sizeof(*listen));
247 memset(&listen->entry, 0, sizeof(listen->entry));
248 if ((listen->fd = imsg->fd) == -1)
249 fatalx("%s: IMSG_RECONF_LISTEN no fd",
251 listen->auth_table = NULL;
252 memset(&listen->ev, 0, sizeof(listen->ev));
253 STAILQ_INSERT_HEAD(&(*nconf)->listen_head, listen, entry);
255 case IMSG_RECONF_END:
257 fatalx("%s: IMSG_RECONF_END without "
258 "IMSG_RECONF_CONF", __func__);
259 apply_config(*nconf);
266 listener_dispatch_main(int fd, short event, void *d)
268 static struct kd_conf *nconf;
269 static struct kd_pki_conf *pki;
270 struct client *client, find;
272 struct imsgev *iev = d;
273 struct imsgbuf *ibuf;
279 if (event & EV_READ) {
280 if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN)
281 fatal("imsg_read error");
282 if (n == 0) /* Connection closed. */
285 if (event & EV_WRITE) {
286 if ((n = msgbuf_write(&ibuf->w)) == -1 && errno != EAGAIN)
287 fatal("msgbuf_write");
288 if (n == 0) /* Connection closed. */
293 if ((n = imsg_get(ibuf, &imsg)) == -1)
294 fatal("%s: imsg_get error", __func__);
295 if (n == 0) /* No more messages. */
298 switch (imsg.hdr.type) {
299 case IMSG_CTL_LOG_VERBOSE:
300 if (IMSG_DATA_SIZE(imsg) != sizeof(verbose))
301 fatalx("wrong size for IMSG_CTL_LOG_VERBOSE");
302 memcpy(&verbose, imsg.data, sizeof(verbose));
303 log_setverbose(verbose);
304 SPLAY_FOREACH(client, clients_tree_id, &clients)
305 listener_imsg_compose_client(client,
307 &verbose, sizeof(verbose));
310 if (SPLAY_EMPTY(&clients))
311 listener_imsg_compose_main(IMSG_CTL_DEBUG_END,
312 imsg.hdr.peerid, NULL, 0);
313 SPLAY_FOREACH(client, clients_tree_id, &clients)
314 listener_imsg_compose_client(client,
315 imsg.hdr.type, imsg.hdr.peerid,
316 imsg.data, IMSG_DATA_SIZE(imsg));
318 case IMSG_RECONF_CONF:
319 case IMSG_RECONF_PKI:
320 case IMSG_RECONF_PKI_CERT:
321 case IMSG_RECONF_PKI_KEY:
322 case IMSG_RECONF_LISTEN:
323 case IMSG_RECONF_END:
324 listener_receive_config(&imsg, &nconf, &pki);
327 if (IMSG_DATA_SIZE(imsg) != sizeof(struct kd_auth_proc))
328 fatalx("mismatching size for IMSG_AUTH");
330 find.id = imsg.hdr.peerid;
331 client = SPLAY_FIND(clients_tree_id, &clients, &find);
332 if (client == NULL) {
338 log_info("got fd = -1, auth failed?");
342 imsg_init(&client->iev.ibuf, imsg.fd);
343 client->iev.events = EV_READ;
344 client->iev.handler = listener_dispatch_client;
345 event_set(&client->iev.ev, client->iev.ibuf.fd,
346 client->iev.events, client->iev.handler, client);
347 listener_imsg_compose_client(client, IMSG_AUTH,
348 client->id, imsg.data, IMSG_DATA_SIZE(imsg));
350 client->bev = bufferevent_new(client->fd,
351 client_read, client_write, client_error,
353 if (client->bev == NULL) {
354 log_info("failed to allocate client buffer");
360 evbuffer_unfreeze(client->bev->input, 0);
361 evbuffer_unfreeze(client->bev->output, 1);
364 if (client->lflags & L_TLS) {
365 event_set(&client->bev->ev_read, client->fd,
366 EV_READ, client_tls_readcb, client->bev);
367 event_set(&client->bev->ev_write, client->fd,
368 EV_WRITE, client_tls_writecb, client->bev);
372 * Read or write at least a header before
373 * firing the callbacks. High watermark of 0
374 * to never stop reading/writing; probably to
377 /* bufferevent_setwatermark(client->bev, EV_READ|EV_WRITE, */
378 /* sizeof(struct np_msg_header), 0); */
379 bufferevent_enable(client->bev, EV_READ|EV_WRITE);
383 log_debug("%s: unexpected imsg %d", __func__,
391 listener_imsg_event_add(iev, d);
393 /* This pipe is dead. Remove its event handler. */
395 log_warnx("pipe closed, shutting down...");
396 event_loopexit(NULL);
401 listener_imsg_compose_main(int type, uint32_t peerid, const void *data,
404 return imsg_compose_event(iev_main, type, peerid, 0, -1, data,
409 listener_imsg_event_add(struct imsgev *iev, void *d)
411 iev->events = EV_READ;
412 if (iev->ibuf.w.queued)
413 iev->events |= EV_WRITE;
416 event_set(&iev->ev, iev->ibuf.fd, iev->events, iev->handler, d);
417 event_add(&iev->ev, NULL);
421 listener_dispatch_client(int fd, short event, void *d)
423 struct client find, *client = d;
426 struct imsgbuf *ibuf;
433 if (event & EV_READ) {
434 if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN)
435 fatal("imsg_read error");
436 if (n == 0) /* Connection closed */
440 if (event & EV_WRITE) {
441 if ((n = msgbuf_write(&ibuf->w)) == -1 && errno != EAGAIN)
442 fatal("msgbuf_write");
443 if (n == 0) /* Connection closed. */
448 if ((n = imsg_get(ibuf, &imsg)) == -1)
449 fatal("%s: imsg_get error", __func__);
450 if (n == 0) /* No more messages. */
453 switch (imsg.hdr.type) {
454 case IMSG_CTL_DEBUG_BACK:
455 case IMSG_CTL_DEBUG_END:
456 listener_imsg_compose_main(imsg.hdr.type,
457 imsg.hdr.peerid, imsg.data, IMSG_DATA_SIZE(imsg));
461 find.id = imsg.hdr.peerid;
462 client = SPLAY_FIND(clients_tree_id, &clients, &find);
463 if (client == NULL) {
464 log_info("got IMSG_BUF but client %d gone",
468 r = bufferevent_write(client->bev, imsg.data,
469 IMSG_DATA_SIZE(imsg));
471 log_warn("%s: bufferevent_write failed",
479 if (IMSG_DATA_SIZE(imsg) != sizeof(client->msize))
480 fatal("IMSG_MSIZE size mismatch: "
481 "got %zu want %zu", IMSG_DATA_SIZE(imsg),
482 sizeof(client->msize));
484 memcpy(&client->msize, imsg.data,
485 sizeof(client->msize));
487 if (client->msize == 0)
488 fatal("IMSG_MSIZE got msize = 0");
489 log_debug("set msize to %d", client->msize);
494 * Both EVBUFFER_READ or EVBUFFER_WRITE should
497 client_error(client->bev, EVBUFFER_READ, client);
501 log_debug("%s: unexpected imsg %d", __func__,
509 listener_imsg_event_add(iev, d);
511 /* This pipe is dead. Remove its handler */
512 log_debug("client proc vanished");
518 listener_imsg_compose_client(struct client *client, int type,
519 uint32_t peerid, const void *data, uint16_t len)
523 if ((ret = imsg_compose(&client->iev.ibuf, type, peerid, 0, -1,
525 listener_imsg_event_add(&client->iev, client);
530 static inline struct kd_pki_conf *
531 pki_by_name(const char *name)
533 struct kd_pki_conf *pki;
535 STAILQ_FOREACH(pki, &listener_conf->pki_head, entry) {
536 if (!strcmp(name, pki->name))
544 apply_config(struct kd_conf *conf)
546 struct kd_pki_conf *pki;
547 struct kd_listen_conf *listen;
550 /* drop any pre-auth inflight connections */
551 SPLAY_FOREACH(c, clients_tree_id, &clients) {
553 * c->event is set only during the handshake and the teardown
554 * of the connection; c->bev is set only after auth. Checking
555 * for both ensures we drop only incoming connection in the
558 if (event_pending(&c->event, EV_READ|EV_WRITE, NULL) &&
560 log_warn("closing in-flight connection due to reload");
565 /* swap the now config with the current one */
566 clear_config(listener_conf);
567 listener_conf = conf;
569 /* prepare the various tls_config */
570 STAILQ_FOREACH(pki, &listener_conf->pki_head, entry) {
571 if ((pki->tlsconf = tls_config_new()) == NULL)
572 fatal("tls_config_new");
573 tls_config_verify_client_optional(pki->tlsconf);
574 tls_config_insecure_noverifycert(pki->tlsconf);
575 if (tls_config_set_keypair_mem(pki->tlsconf,
576 pki->cert, pki->certlen,
577 pki->key, pki->keylen) == -1)
578 fatalx("tls_config_set_keypair_mem: %s",
579 tls_config_error(pki->tlsconf));
582 /* prepare and kickoff the listeners */
583 STAILQ_FOREACH(listen, &listener_conf->listen_head, entry) {
584 if ((listen->ctx = tls_server()) == NULL)
587 pki = pki_by_name(listen->pki);
588 if (tls_configure(listen->ctx, pki->tlsconf) == -1)
589 fatalx("tls_configure: %s",
590 tls_config_error(pki->tlsconf));
592 event_set(&listen->ev, listen->fd, EV_READ|EV_PERSIST,
593 handle_accept, listen);
594 event_add(&listen->ev, NULL);
599 yield_r(struct client *c, void (*fn)(int, short, void *))
601 if (event_pending(&c->event, EV_WRITE|EV_READ, NULL))
602 event_del(&c->event);
603 event_set(&c->event, c->fd, EV_READ, fn, c);
604 event_add(&c->event, NULL);
608 yield_w(struct client *c, void (*fn)(int, short, void *))
610 if (event_pending(&c->event, EV_WRITE|EV_READ, NULL))
611 event_del(&c->event);
612 event_set(&c->event, c->fd, EV_WRITE, fn, c);
613 event_add(&c->event, NULL);
617 handle_accept(int fd, short ev, void *data)
619 static uint32_t counter;
620 struct kd_listen_conf *listen = data;
624 if ((s = accept(fd, NULL, NULL)) == -1) {
629 c = xcalloc(1, sizeof(*c));
632 c->lflags = listen->flags;
635 if (tls_accept_socket(listen->ctx, &c->ctx, s) == -1) {
636 log_warnx("tls_accept_socket: %s",
637 tls_error(listen->ctx));
646 SPLAY_INSERT(clients_tree_id, &clients, c);
648 /* initialize the event */
649 event_set(&c->event, c->fd, EV_READ, NULL, NULL);
651 yield_r(c, handle_handshake);
655 handle_handshake(int fd, short ev, void *data)
657 struct client *c = data;
658 struct kd_auth_req auth;
662 switch (r = tls_handshake(c->ctx)) {
663 case TLS_WANT_POLLIN:
664 yield_r(c, handle_handshake);
666 case TLS_WANT_POLLOUT:
667 yield_w(c, handle_handshake);
670 log_debug("handhsake failed: %s", tls_error(c->ctx));
675 if ((hash = tls_peer_cert_hash(c->ctx)) == NULL) {
676 log_warnx("client didn't provide certificate");
681 memset(&auth, 0, sizeof(auth));
682 auth.listen_id = c->lid;
683 strlcpy(auth.hash, hash, sizeof(auth.hash));
684 log_debug("sending hash %s", auth.hash);
686 listener_imsg_compose_main(IMSG_AUTH_TLS, c->id,
687 &auth, sizeof(auth));
691 client_read(struct bufferevent *bev, void *d)
693 struct client *client = d;
694 struct evbuffer *src = EVBUFFER_INPUT(bev);
699 evlen = EVBUFFER_LENGTH(src);
701 if (client->left != 0) {
702 /* wait to fill a whole imsg if possible */
703 if (client->left >= IMSG_MAXSIZE &&
704 evlen < IMSG_MAXSIZE)
707 len = MIN(client->left, evlen);
708 len = MIN(len, IMSG_MAXSIZE);
710 listener_imsg_compose_client(client, IMSG_BUF_CONT,
711 client->id, EVBUFFER_DATA(src), len);
712 evbuffer_drain(src, len);
720 memcpy(&len, EVBUFFER_DATA(src), sizeof(len));
722 log_debug("expecting a message %"PRIu32" bytes long "
723 "(of wich %zu already read)", len, evlen);
725 if (len < HEADERSIZE) {
726 log_warnx("invalid message size %d (too low)", len);
727 client_error(bev, EVBUFFER_READ, client);
731 if (len > client->msize) {
732 log_warnx("incoming message bigger than msize "
733 "(%"PRIu32" vs %"PRIu32")", len, client->msize);
734 client_error(bev, EVBUFFER_READ, client);
738 if (len > IMSG_MAXSIZE && evlen >= len) {
739 listener_imsg_compose_client(client, IMSG_BUF,
740 client->id, EVBUFFER_DATA(src), IMSG_MAXSIZE);
741 evbuffer_drain(src, IMSG_MAXSIZE);
742 client->left = len - IMSG_MAXSIZE;
749 listener_imsg_compose_client(client, IMSG_BUF, client->id,
750 EVBUFFER_DATA(src), len);
751 evbuffer_drain(src, len);
756 client_write(struct bufferevent *bev, void *d)
759 * here we can do some fancy logic like deciding when to call
761 * (*bev->errorcb)(bev, EVBUFFER_WRITE, bev->cbarg)
763 * to signal the end of the transaction.
770 client_error(struct bufferevent *bev, short err, void *d)
772 struct client *client = d;
773 struct evbuffer *buf;
775 if (err & EVBUFFER_ERROR) {
776 if (errno == EFBIG) {
777 bufferevent_enable(bev, EV_READ);
780 log_debug("buffer event error");
785 if (err & EVBUFFER_EOF) {
790 if (err & (EVBUFFER_READ|EVBUFFER_WRITE)) {
791 bufferevent_disable(bev, EV_READ|EV_WRITE);
793 buf = EVBUFFER_OUTPUT(client->bev);
794 if (EVBUFFER_LENGTH(buf) != 0) {
795 /* finish writing all the data first */
796 bufferevent_enable(client->bev, EV_WRITE);
804 log_warnx("unknown event error, closing client connection");
809 client_tls_readcb(int fd, short event, void *d)
811 struct bufferevent *bufev = d;
812 struct client *client = bufev->cbarg;
813 char buf[IBUF_READ_SIZE];
814 int what = EVBUFFER_READ;
815 int howmuch = IBUF_READ_SIZE;
819 if (event == EV_TIMEOUT) {
820 what |= EVBUFFER_TIMEOUT;
824 if (bufev->wm_read.high != 0)
825 howmuch = MIN(sizeof(buf), bufev->wm_read.high);
827 switch (ret = tls_read(client->ctx, buf, howmuch)) {
828 case TLS_WANT_POLLIN:
829 case TLS_WANT_POLLOUT:
832 what |= EVBUFFER_ERROR;
838 what |= EVBUFFER_EOF;
842 if (evbuffer_add(bufev->input, buf, len) == -1) {
843 what |= EVBUFFER_ERROR;
847 event_add(&bufev->ev_read, NULL);
849 len = EVBUFFER_LENGTH(bufev->input);
850 if (bufev->wm_read.low != 0 && len < bufev->wm_read.low)
852 if (bufev->wm_read.high != 0 && len > bufev->wm_read.high) {
854 * here we could implement some read pressure
859 if (bufev->readcb != NULL)
860 (*bufev->readcb)(bufev, bufev->cbarg);
865 event_add(&bufev->ev_read, NULL);
869 (*bufev->errorcb)(bufev, what, bufev->cbarg);
873 client_tls_writecb(int fd, short event, void *d)
875 struct bufferevent *bufev = d;
876 struct client *client = bufev->cbarg;
879 short what = EVBUFFER_WRITE;
881 if (event == EV_TIMEOUT) {
882 what |= EVBUFFER_TIMEOUT;
886 if (EVBUFFER_LENGTH(bufev->output) != 0) {
887 ret = tls_write(client->ctx,
888 EVBUFFER_DATA(bufev->output),
889 EVBUFFER_LENGTH(bufev->output));
891 case TLS_WANT_POLLIN:
892 case TLS_WANT_POLLOUT:
895 what |= EVBUFFER_ERROR;
899 evbuffer_drain(bufev->output, len);
902 if (EVBUFFER_LENGTH(bufev->output) != 0)
903 event_add(&bufev->ev_write, NULL);
905 if (bufev->writecb != NULL &&
906 EVBUFFER_LENGTH(bufev->output) <= bufev->wm_write.low)
907 (*bufev->writecb)(bufev, bufev->cbarg);
911 event_add(&bufev->ev_write, NULL);
915 (*bufev->errorcb)(bufev, what, bufev->cbarg);
919 close_conn(struct client *c)
921 log_debug("closing connection");
923 SPLAY_REMOVE(clients_tree_id, &clients, c);
925 if (c->iev.ibuf.fd != -1) {
926 listener_imsg_compose_client(c, IMSG_CONN_GONE, 0, NULL, 0);
927 imsg_flush(&c->iev.ibuf);
928 msgbuf_clear(&c->iev.ibuf.w);
929 event_del(&c->iev.ev);
930 close(c->iev.ibuf.fd);
933 handle_close(c->fd, 0, c);
937 handle_close(int fd, short ev, void *d)
939 struct client *c = d;
941 switch (tls_close(c->ctx)) {
942 case TLS_WANT_POLLIN:
943 yield_r(c, handle_close);
945 case TLS_WANT_POLLOUT:
946 yield_w(c, handle_close);
950 event_del(&c->event);
