Blob


1 /*
2 * Copyright (c) 2021 Omar Polo <op@omarpolo.com>
3 * Copyright (c) 2018 Florian Obser <florian@openbsd.org>
4 * Copyright (c) 2004, 2005 Claudio Jeker <claudio@openbsd.org>
5 * Copyright (c) 2004 Esben Norby <norby@openbsd.org>
6 * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
7 *
8 * Permission to use, copy, modify, and distribute this software for any
9 * purpose with or without fee is hereby granted, provided that the above
10 * copyright notice and this permission notice appear in all copies.
11 *
12 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
13 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
14 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
15 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
16 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 */
21 #include "compat.h"
23 #include <sys/socket.h>
25 #include <errno.h>
26 #include <inttypes.h>
27 #include <pwd.h>
28 #include <signal.h>
29 #include <stdio.h>
30 #include <stdlib.h>
31 #include <string.h>
32 #include <syslog.h>
33 #include <unistd.h>
35 #include "control.h"
36 #include "kamid.h"
37 #include "listener.h"
38 #include "log.h"
39 #include "sandbox.h"
40 #include "utils.h"
42 #define MIN(a, b) ((a) < (b) ? (a) : (b))
44 static struct kd_conf *listener_conf;
45 static struct imsgev *iev_main;
47 static void listener_sig_handler(int, short, void *);
48 ATTR_DEAD void listener_shutdown(void);
50 SPLAY_HEAD(clients_tree_id, client) clients;
52 struct client {
53 uint32_t id;
54 uint32_t lid;
55 int fd;
56 int done;
57 struct tls *ctx;
58 struct event event;
59 struct imsgev iev;
60 struct bufferevent *bev;
61 SPLAY_ENTRY(client) sp_entry;
62 };
64 static void listener_imsg_event_add(struct imsgev *, void *);
65 static void listener_dispatch_client(int, short, void *);
66 static int listener_imsg_compose_client(struct client *, int,
67 uint32_t, const void *, uint16_t);
69 static void apply_config(struct kd_conf *);
70 static void handle_accept(int, short, void *);
72 static void handle_handshake(int, short, void *);
73 static void client_read(struct bufferevent *, void *);
74 static void client_write(struct bufferevent *, void *);
75 static void client_error(struct bufferevent *, short, void *);
76 static void client_tls_readcb(int, short, void *);
77 static void client_tls_writecb(int, short, void *);
78 static void close_conn(struct client *);
79 static void handle_close(int, short, void *);
81 static inline int
82 clients_tree_cmp(struct client *a, struct client *b)
83 {
84 if (a->id == b->id)
85 return 0;
86 else if (a->id < b->id)
87 return -1;
88 else
89 return +1;
90 }
92 SPLAY_PROTOTYPE(clients_tree_id, client, sp_entry, clients_tree_cmp);
93 SPLAY_GENERATE(clients_tree_id, client, sp_entry, clients_tree_cmp)
95 static void
96 listener_sig_handler(int sig, short event, void *d)
97 {
98 /*
99 * Normal signal handler rules don't apply because libevent
100 * decouples for us.
101 */
103 switch (sig) {
104 case SIGINT:
105 case SIGTERM:
106 listener_shutdown();
107 default:
108 fatalx("unexpected signal %d", sig);
112 void
113 listener(int debug, int verbose)
115 struct event ev_sigint, ev_sigterm;
116 struct passwd *pw;
118 /* listener_conf = config_new_empty(); */
120 log_init(debug, LOG_DAEMON);
121 log_setverbose(verbose);
123 if ((pw = getpwnam(KD_USER)) == NULL)
124 fatal("getpwnam");
126 if (chroot(pw->pw_dir) == -1)
127 fatal("chroot");
128 if (chdir("/") == -1)
129 fatal("chdir(\"/\")");
131 setproctitle("listener");
132 log_procinit("listener");
134 if (setgroups(1, &pw->pw_gid) ||
135 setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) ||
136 setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
137 fatal("can't drop privileges");
139 event_init();
141 /* Setup signal handlers(s). */
142 signal_set(&ev_sigint, SIGINT, listener_sig_handler, NULL);
143 signal_set(&ev_sigterm, SIGTERM, listener_sig_handler, NULL);
145 signal_add(&ev_sigint, NULL);
146 signal_add(&ev_sigterm, NULL);
148 signal(SIGPIPE, SIG_IGN);
149 signal(SIGHUP, SIG_IGN);
151 /* Setup pipe and event handler to the main process. */
152 if ((iev_main = malloc(sizeof(*iev_main))) == NULL)
153 fatal(NULL);
155 imsg_init(&iev_main->ibuf, 3);
156 iev_main->handler = listener_dispatch_main;
158 /* Setup event handlers. */
159 iev_main->events = EV_READ;
160 event_set(&iev_main->ev, iev_main->ibuf.fd, iev_main->events,
161 iev_main->handler, iev_main);
162 event_add(&iev_main->ev, NULL);
164 sandbox_listener();
165 event_dispatch();
166 listener_shutdown();
169 ATTR_DEAD void
170 listener_shutdown(void)
172 msgbuf_clear(&iev_main->ibuf.w);
173 close(iev_main->ibuf.fd);
175 config_clear(listener_conf);
177 free(iev_main);
179 log_info("listener exiting");
180 exit(0);
183 static void
184 listener_receive_config(struct imsg *imsg, struct kd_conf **nconf,
185 struct kd_pki_conf **pki)
187 struct kd_listen_conf *listen;
188 char *t;
190 switch (imsg->hdr.type) {
191 case IMSG_RECONF_CONF:
192 if (*nconf != NULL)
193 fatalx("%s: IMSG_RECONF_CONF already in "
194 "progress", __func__);
196 if (listener_conf != NULL)
197 fatalx("%s: don't know how reload the "
198 "configuration yet", __func__);
200 if (IMSG_DATA_SIZE(*imsg) != sizeof(struct kd_conf))
201 fatalx("%s: IMSG_RECONF_CONF wrong length: %lu",
202 __func__, IMSG_DATA_SIZE(*imsg));
203 if ((*nconf = malloc(sizeof(**nconf))) == NULL)
204 fatal(NULL);
205 memcpy(*nconf, imsg->data, sizeof(**nconf));
206 memset(&(*nconf)->pki_head, 0, sizeof((*nconf)->pki_head));
207 memset(&(*nconf)->table_head, 0, sizeof((*nconf)->table_head));
208 memset(&(*nconf)->listen_head, 0, sizeof((*nconf)->listen_head));
209 break;
210 case IMSG_RECONF_PKI:
211 if (*nconf == NULL)
212 fatalx("%s: IMSG_RECONF_PKI without "
213 "IMSG_RECONF_CONF", __func__);
214 *pki = xcalloc(1, sizeof(**pki));
215 t = imsg->data;
216 t[IMSG_DATA_SIZE(*imsg)-1] = '\0';
217 strlcpy((*pki)->name, t, sizeof((*pki)->name));
218 break;
219 case IMSG_RECONF_PKI_CERT:
220 if (*pki == NULL)
221 fatalx("%s: IMSG_RECONF_PKI_CERT without "
222 "IMSG_RECONF_PKI", __func__);
223 (*pki)->certlen = IMSG_DATA_SIZE(*imsg);
224 (*pki)->cert = xmemdup(imsg->data, (*pki)->certlen);
225 break;
226 case IMSG_RECONF_PKI_KEY:
227 if (*pki == NULL)
228 fatalx("%s: IMSG_RECONF_PKI_KEY without "
229 "IMSG_RECONF_PKI", __func__);
230 (*pki)->keylen = IMSG_DATA_SIZE(*imsg);
231 (*pki)->key = xmemdup(imsg->data, (*pki)->keylen);
232 SIMPLEQ_INSERT_HEAD(&(*nconf)->pki_head, *pki, entry);
233 pki = NULL;
234 break;
235 case IMSG_RECONF_LISTEN:
236 if (*nconf == NULL)
237 fatalx("%s: IMSG_RECONF_LISTEN without "
238 "IMSG_RECONF_CONF", __func__);
239 if (IMSG_DATA_SIZE(*imsg) != sizeof(*listen))
240 fatalx("%s: IMSG_RECONF_LISTEN wrong length: %lu",
241 __func__, IMSG_DATA_SIZE(*imsg));
242 listen = xcalloc(1, sizeof(*listen));
243 memcpy(listen, imsg->data, sizeof(*listen));
244 memset(&listen->entry, 0, sizeof(listen->entry));
245 if ((listen->fd = imsg->fd) == -1)
246 fatalx("%s: IMSG_RECONF_LISTEN no fd",
247 __func__);
248 listen->auth_table = NULL;
249 memset(&listen->ev, 0, sizeof(listen->ev));
250 SIMPLEQ_INSERT_HEAD(&(*nconf)->listen_head, listen, entry);
251 break;
252 case IMSG_RECONF_END:
253 if (*nconf == NULL)
254 fatalx("%s: IMSG_RECONF_END without "
255 "IMSG_RECONF_CONF", __func__);
256 /* merge_config(listener_conf, nconf); */
257 apply_config(*nconf);
258 *nconf = NULL;
259 break;
263 void
264 listener_dispatch_main(int fd, short event, void *d)
266 static struct kd_conf *nconf;
267 static struct kd_pki_conf *pki;
268 struct client *client, find;
269 struct imsg imsg;
270 struct imsgev *iev = d;
271 struct imsgbuf *ibuf;
272 ssize_t n;
273 int shut = 0;
275 ibuf = &iev->ibuf;
277 if (event & EV_READ) {
278 if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN)
279 fatal("imsg_read error");
280 if (n == 0) /* Connection closed. */
281 shut = 1;
283 if (event & EV_WRITE) {
284 if ((n = msgbuf_write(&ibuf->w)) == -1 && errno != EAGAIN)
285 fatal("msgbuf_write");
286 if (n == 0) /* Connection closed. */
287 shut = 1;
290 for (;;) {
291 if ((n = imsg_get(ibuf, &imsg)) == -1)
292 fatal("%s: imsg_get error", __func__);
293 if (n == 0) /* No more messages. */
294 break;
296 switch (imsg.hdr.type) {
297 case IMSG_CONTROLFD:
298 if ((fd = imsg.fd) == -1)
299 fatalx("%s: expected to receive imsg "
300 "control fd but didn't receive any",
301 __func__);
302 /* Listen on control socket. */
303 control_listen(fd);
304 break;
305 case IMSG_RECONF_CONF:
306 case IMSG_RECONF_PKI:
307 case IMSG_RECONF_PKI_CERT:
308 case IMSG_RECONF_PKI_KEY:
309 case IMSG_RECONF_LISTEN:
310 case IMSG_RECONF_END:
311 listener_receive_config(&imsg, &nconf, &pki);
312 break;
313 case IMSG_AUTH:
314 find.id = imsg.hdr.peerid;
315 client = SPLAY_FIND(clients_tree_id, &clients, &find);
316 if (client == NULL) {
317 if (imsg.fd == -1)
318 close(imsg.fd);
319 break;
321 if (imsg.fd == -1) {
322 close_conn(client);
323 break;
325 imsg_init(&client->iev.ibuf, imsg.fd);
326 client->iev.events = EV_READ;
327 client->iev.handler = listener_dispatch_client;
328 event_set(&client->iev.ev, client->iev.ibuf.fd,
329 client->iev.events, client->iev.handler, client);
330 listener_imsg_compose_client(client, IMSG_AUTH,
331 0, imsg.data, IMSG_DATA_SIZE(imsg));
332 break;
333 case IMSG_AUTH_DIR:
334 find.id = imsg.hdr.peerid;
335 client = SPLAY_FIND(clients_tree_id, &clients, &find);
336 if (client == NULL) {
337 log_info("got AUTH_DIR but client gone");
338 break;
340 listener_imsg_compose_client(client, IMSG_AUTH_DIR,
341 0, imsg.data, IMSG_DATA_SIZE(imsg));
342 client->bev = bufferevent_new(client->fd,
343 client_read, client_write, client_error,
344 client);
345 if (client->bev == NULL) {
346 log_info("failed to allocate client buffer");
347 close_conn(client);
348 return;
350 event_set(&client->bev->ev_read, client->fd, EV_READ,
351 client_tls_readcb, client->bev);
352 event_set(&client->bev->ev_write, client->fd, EV_WRITE,
353 client_tls_writecb, client->bev);
355 /* TODO: adjust watermarks */
356 bufferevent_setwatermark(client->bev, EV_WRITE, 1, 0);
357 bufferevent_setwatermark(client->bev, EV_READ, 1, 0);
359 bufferevent_enable(client->bev, EV_READ|EV_WRITE);
360 break;
361 default:
362 log_debug("%s: unexpected imsg %d", __func__,
363 imsg.hdr.type);
364 break;
366 imsg_free(&imsg);
369 if (!shut)
370 listener_imsg_event_add(iev, d);
371 else {
372 /* This pipe is dead. Remove its event handler. */
373 event_del(&iev->ev);
374 log_warnx("pipe closed, shutting down...");
375 event_loopexit(NULL);
379 int
380 listener_imsg_compose_main(int type, uint32_t peerid, const void *data,
381 uint16_t datalen)
383 return imsg_compose_event(iev_main, type, peerid, 0, -1, data,
384 datalen);
387 static void
388 listener_imsg_event_add(struct imsgev *iev, void *d)
390 iev->events = EV_READ;
391 if (iev->ibuf.w.queued)
392 iev->events |= EV_WRITE;
394 event_del(&iev->ev);
395 event_set(&iev->ev, iev->ibuf.fd, iev->events, iev->handler, d);
396 event_add(&iev->ev, NULL);
399 static void
400 listener_dispatch_client(int fd, short event, void *d)
402 struct client find, *client = d;
403 struct imsg imsg;
404 struct imsgev *iev;
405 struct imsgbuf *ibuf;
406 ssize_t n;
407 int r, shut = 0;
409 iev = &client->iev;
410 ibuf = &iev->ibuf;
412 if (event & EV_READ) {
413 if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN)
414 fatal("imsg_read error");
415 if (n == 0) /* Connection closed */
416 shut = 1;
419 if (event & EV_WRITE) {
420 if ((n = msgbuf_write(&ibuf->w)) == -1 && errno != EAGAIN)
421 fatal("msgbuf_write");
422 if (n == 0) /* Connection closed. */
423 shut = 1;
426 for (;;) {
427 if ((n = imsg_get(ibuf, &imsg)) == -1)
428 fatal("%s: imsg_get error", __func__);
429 if (n == 0) /* No more messages. */
430 break;
432 switch (imsg.hdr.type) {
433 case IMSG_BUF:
434 find.id = imsg.hdr.peerid;
435 client = SPLAY_FIND(clients_tree_id, &clients, &find);
436 if (client == NULL) {
437 log_info("got IMSG_BUF but client (%d) gone",
438 imsg.hdr.peerid);
439 break;
441 r = bufferevent_write(client->bev, imsg.data,
442 IMSG_DATA_SIZE(imsg));
443 if (r == -1) {
444 log_warn("%s: bufferevent_write failed",
445 __func__);
446 close_conn(client);
447 break;
449 break;
450 default:
451 log_debug("%s: unexpected imsg %d", __func__,
452 imsg.hdr.type);
453 break;
455 imsg_free(&imsg);
458 if (!shut)
459 listener_imsg_event_add(iev, d);
460 else {
461 /* This pipe is dead. Remove its handler */
462 log_debug("client proc vanished");
463 close_conn(client);
467 static int
468 listener_imsg_compose_client(struct client *client, int type,
469 uint32_t peerid, const void *data, uint16_t len)
471 int ret;
473 if ((ret = imsg_compose(&client->iev.ibuf, type, peerid, 0, -1,
474 data, len)) != -1)
475 listener_imsg_event_add(&client->iev, client);
477 return ret;
480 static inline struct kd_pki_conf *
481 pki_by_name(const char *name)
483 struct kd_pki_conf *pki;
485 SIMPLEQ_FOREACH(pki, &listener_conf->pki_head, entry) {
486 if (!strcmp(name, pki->name))
487 return pki;
490 return NULL;
493 static void
494 apply_config(struct kd_conf *conf)
496 struct kd_pki_conf *pki;
497 struct kd_listen_conf *listen;
499 listener_conf = conf;
501 /* prepare the various tls_config */
502 SIMPLEQ_FOREACH(pki, &listener_conf->pki_head, entry) {
503 if ((pki->tlsconf = tls_config_new()) == NULL)
504 fatal("tls_config_new");
505 tls_config_verify_client_optional(pki->tlsconf);
506 tls_config_insecure_noverifycert(pki->tlsconf);
507 if (tls_config_set_keypair_mem(pki->tlsconf,
508 pki->cert, pki->certlen,
509 pki->key, pki->keylen) == -1)
510 fatalx("tls_config_set_keypair_mem: %s",
511 tls_config_error(pki->tlsconf));
514 /* prepare and kickoff the listeners */
515 SIMPLEQ_FOREACH(listen, &listener_conf->listen_head, entry) {
516 if ((listen->ctx = tls_server()) == NULL)
517 fatal("tls_server");
519 pki = pki_by_name(listen->pki);
520 if (tls_configure(listen->ctx, pki->tlsconf) == -1)
521 fatalx("tls_configure: %s",
522 tls_config_error(pki->tlsconf));
524 event_set(&listen->ev, listen->fd, EV_READ|EV_PERSIST,
525 handle_accept, listen);
526 event_add(&listen->ev, NULL);
530 static inline void
531 yield_r(struct client *c, void (*fn)(int, short, void *))
533 if (event_pending(&c->event, EV_WRITE|EV_READ, NULL))
534 event_del(&c->event);
535 event_set(&c->event, c->fd, EV_READ, fn, c);
536 event_add(&c->event, NULL);
539 static inline void
540 yield_w(struct client *c, void (*fn)(int, short, void *))
542 if (event_pending(&c->event, EV_WRITE|EV_READ, NULL))
543 event_del(&c->event);
544 event_set(&c->event, c->fd, EV_WRITE, fn, c);
545 event_add(&c->event, NULL);
548 static inline uint32_t
549 random_id(void)
551 struct client find, *res;
553 for (;;) {
554 find.id = arc4random();
555 res = SPLAY_FIND(clients_tree_id, &clients, &find);
556 if (res == NULL)
557 return find.id;
561 static void
562 handle_accept(int fd, short ev, void *data)
564 struct kd_listen_conf *listen = data;
565 struct client *c;
566 int s;
568 if ((s = accept(fd, NULL, NULL)) == -1) {
569 log_warn("accept");
570 return;
573 c = xcalloc(1, sizeof(*c));
574 c->lid = listen->id;
575 c->iev.ibuf.fd = -1;
577 if (tls_accept_socket(listen->ctx, &c->ctx, s) == -1) {
578 log_warnx("tls_accept_socket: %s",
579 tls_error(listen->ctx));
580 free(c);
581 close(s);
582 return;
585 c->fd = s;
586 c->id = random_id();
588 SPLAY_INSERT(clients_tree_id, &clients, c);
590 /* initialize the event */
591 event_set(&c->event, c->fd, EV_READ, NULL, NULL);
593 yield_r(c, handle_handshake);
596 static void
597 handle_handshake(int fd, short ev, void *data)
599 struct client *c = data;
600 struct kd_auth_req auth;
601 ssize_t r;
602 const char *hash;
604 switch (r = tls_handshake(c->ctx)) {
605 case TLS_WANT_POLLIN:
606 yield_r(c, handle_handshake);
607 return;
608 case TLS_WANT_POLLOUT:
609 yield_w(c, handle_handshake);
610 return;
611 case -1:
612 log_debug("handhsake failed: %s", tls_error(c->ctx));
613 close_conn(c);
614 return;
617 if ((hash = tls_peer_cert_hash(c->ctx)) == NULL) {
618 log_warnx("client didn't provide certificate");
619 close_conn(c);
620 return;
623 memset(&auth, 0, sizeof(auth));
624 auth.listen_id = c->lid;
625 strlcpy(auth.hash, hash, sizeof(auth.hash));
626 log_debug("sending hash %s", auth.hash);
628 listener_imsg_compose_main(IMSG_AUTH_TLS, c->id,
629 &auth, sizeof(auth));
632 static void
633 client_read(struct bufferevent *bev, void *d)
635 struct client *client = d;
636 struct evbuffer *src = EVBUFFER_INPUT(bev);
637 char buf[BUFSIZ];
638 size_t len;
640 if (!EVBUFFER_LENGTH(src))
641 return;
643 len = bufferevent_read(bev, buf, sizeof(buf));
644 if (len == 0) {
645 (*bev->errorcb)(bev, EVBUFFER_READ, bev->cbarg);
646 return;
649 listener_imsg_compose_client(client, IMSG_BUF, client->id, buf, len);
652 static void
653 client_write(struct bufferevent *bev, void *d)
655 /*
656 * here we can do some fancy logic like deciding when to call
658 * (*bev->errorcb)(bev, EVBUFFER_WRITE, bev->cbarg)
660 * to signal the end of the transaction.
661 */
663 return;
666 static void
667 client_error(struct bufferevent *bev, short err, void *d)
669 struct client *client = d;
670 struct evbuffer *buf;
672 if (err & EVBUFFER_ERROR) {
673 if (errno == EFBIG) {
674 bufferevent_enable(bev, EV_READ);
675 return;
677 log_debug("buffer event error");
678 close_conn(client);
679 return;
682 if (err & EVBUFFER_EOF) {
683 close_conn(client);
684 return;
687 if (err & (EVBUFFER_READ|EVBUFFER_WRITE)) {
688 bufferevent_disable(bev, EV_READ|EV_WRITE);
689 client->done = 1;
691 buf = EVBUFFER_OUTPUT(client->bev);
692 if (EVBUFFER_LENGTH(buf) != 0) {
693 /* finish writing all the data first */
694 bufferevent_enable(client->bev, EV_WRITE);
695 return;
698 close_conn(client);
699 return;
702 log_warnx("unknown event error, closing client connection");
703 close_conn(client);
706 static void
707 client_tls_readcb(int fd, short event, void *d)
709 struct bufferevent *bufev = d;
710 struct client *client = bufev->cbarg;
711 char buf[BUFSIZ];
712 int what = EVBUFFER_READ;
713 int howmuch = IBUF_READ_SIZE;
714 ssize_t ret;
715 size_t len;
717 if (event == EV_TIMEOUT) {
718 what |= EVBUFFER_TIMEOUT;
719 goto err;
722 if (bufev->wm_read.high != 0)
723 howmuch = MIN(sizeof(buf), bufev->wm_read.high);
725 switch (ret = tls_read(client->ctx, buf, howmuch)) {
726 case TLS_WANT_POLLIN:
727 case TLS_WANT_POLLOUT:
728 goto retry;
729 case -1:
730 what |= EVBUFFER_ERROR;
731 goto err;
733 len = ret;
735 if (len == 0) {
736 what |= EVBUFFER_EOF;
737 goto err;
740 if (evbuffer_add(bufev->input, buf, len) == -1) {
741 what |= EVBUFFER_ERROR;
742 goto err;
745 event_add(&bufev->ev_read, NULL);
747 len = EVBUFFER_LENGTH(bufev->input);
748 if (bufev->wm_read.low != 0 && len < bufev->wm_read.low)
749 return;
750 if (bufev->wm_read.high != 0 && len > bufev->wm_read.high) {
751 /*
752 * here we could implement some read pressure
753 * mechanism.
754 */
757 if (bufev->readcb != NULL)
758 (*bufev->readcb)(bufev, bufev->cbarg);
760 return;
762 retry:
763 event_add(&bufev->ev_read, NULL);
764 return;
766 err:
767 (*bufev->errorcb)(bufev, what, bufev->cbarg);
770 static void
771 client_tls_writecb(int fd, short event, void *d)
773 struct bufferevent *bufev = d;
774 struct client *client = bufev->cbarg;
775 ssize_t ret;
776 size_t len;
777 short what = EVBUFFER_WRITE;
779 if (event == EV_TIMEOUT) {
780 what |= EVBUFFER_TIMEOUT;
781 goto err;
784 if (EVBUFFER_LENGTH(bufev->output) != 0) {
785 ret = tls_write(client->ctx,
786 EVBUFFER_DATA(bufev->output),
787 EVBUFFER_LENGTH(bufev->output));
788 switch (ret) {
789 case TLS_WANT_POLLIN:
790 case TLS_WANT_POLLOUT:
791 goto retry;
792 case -1:
793 what |= EVBUFFER_ERROR;
794 goto err;
796 len = ret;
797 evbuffer_drain(bufev->output, len);
800 if (EVBUFFER_LENGTH(bufev->output) != 0)
801 event_add(&bufev->ev_write, NULL);
803 if (bufev->writecb != NULL &&
804 EVBUFFER_LENGTH(bufev->output) <= bufev->wm_write.low)
805 (*bufev->writecb)(bufev, bufev->cbarg);
806 return;
808 retry:
809 event_add(&bufev->ev_write, NULL);
810 return;
812 err:
813 (*bufev->errorcb)(bufev, what, bufev->cbarg);
816 static void
817 close_conn(struct client *c)
819 log_debug("closing connection");
821 if (c->iev.ibuf.fd != -1) {
822 listener_imsg_compose_client(c, IMSG_CONN_GONE, 0, NULL, 0);
823 imsg_flush(&c->iev.ibuf);
824 msgbuf_clear(&c->iev.ibuf.w);
825 event_del(&c->iev.ev);
826 close(c->iev.ibuf.fd);
829 handle_close(c->fd, 0, c);
832 static void
833 handle_close(int fd, short ev, void *d)
835 struct client *c = d;
837 switch (tls_close(c->ctx)) {
838 case TLS_WANT_POLLIN:
839 yield_r(c, handle_close);
840 return;
841 case TLS_WANT_POLLOUT:
842 yield_w(c, handle_close);
843 return;
846 event_del(&c->event);
847 tls_free(c->ctx);
848 close(c->fd);
849 free(c);