Blob


1 /*
2 * Copyright (c) 2021, 2022 Omar Polo <op@omarpolo.com>
3 * Copyright (c) 2018 Florian Obser <florian@openbsd.org>
4 * Copyright (c) 2004, 2005 Claudio Jeker <claudio@openbsd.org>
5 * Copyright (c) 2004 Esben Norby <norby@openbsd.org>
6 * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
7 *
8 * Permission to use, copy, modify, and distribute this software for any
9 * purpose with or without fee is hereby granted, provided that the above
10 * copyright notice and this permission notice appear in all copies.
11 *
12 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
13 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
14 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
15 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
16 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 */
21 #include "compat.h"
23 #include <sys/socket.h>
24 #include <sys/types.h>
25 #include <sys/uio.h>
27 #include <endian.h>
28 #include <errno.h>
29 #include <inttypes.h>
30 #include <pwd.h>
31 #include <signal.h>
32 #include <stdint.h>
33 #include <stdio.h>
34 #include <stdlib.h>
35 #include <string.h>
36 #include <syslog.h>
37 #include <unistd.h>
39 #include "control.h"
40 #include "kami.h"
41 #include "kamid.h"
42 #include "listener.h"
43 #include "log.h"
44 #include "sandbox.h"
45 #include "utils.h"
47 static struct kd_conf *listener_conf;
48 static struct imsgev *iev_main;
50 static void listener_sig_handler(int, short, void *);
51 __dead void listener_shutdown(void);
53 SPLAY_HEAD(clients_tree_id, client) clients;
55 struct client {
56 uint32_t id;
57 uint32_t lid;
58 uint32_t lflags;
59 uint32_t msize;
60 int fd;
61 struct tls *ctx;
62 struct event event;
63 struct imsgev iev;
64 struct bufferevent *bev;
65 SPLAY_ENTRY(client) sp_entry;
66 };
68 static void listener_imsg_event_add(struct imsgev *, void *);
69 static void listener_dispatch_client(int, short, void *);
70 static int listener_imsg_compose_client(struct client *, int,
71 uint32_t, const void *, uint16_t);
73 static void apply_config(struct kd_conf *);
74 static void handle_accept(int, short, void *);
76 static void handle_handshake(int, short, void *);
77 static void client_read(struct bufferevent *, void *);
78 static void client_write(struct bufferevent *, void *);
79 static void client_error(struct bufferevent *, short, void *);
80 static void client_tls_readcb(int, short, void *);
81 static void client_tls_writecb(int, short, void *);
82 static void close_conn(struct client *);
83 static void handle_close(int, short, void *);
85 static inline int
86 clients_tree_cmp(struct client *a, struct client *b)
87 {
88 if (a->id == b->id)
89 return 0;
90 else if (a->id < b->id)
91 return -1;
92 else
93 return +1;
94 }
96 SPLAY_PROTOTYPE(clients_tree_id, client, sp_entry, clients_tree_cmp);
97 SPLAY_GENERATE(clients_tree_id, client, sp_entry, clients_tree_cmp)
99 static void
100 listener_sig_handler(int sig, short event, void *d)
102 /*
103 * Normal signal handler rules don't apply because libevent
104 * decouples for us.
105 */
107 switch (sig) {
108 case SIGINT:
109 case SIGTERM:
110 listener_shutdown();
111 default:
112 fatalx("unexpected signal %d", sig);
116 void
117 listener(int debug, int verbose)
119 struct event ev_sigint, ev_sigterm;
120 struct passwd *pw;
122 /* listener_conf = config_new_empty(); */
124 log_init(debug, LOG_DAEMON);
125 log_setverbose(verbose);
127 if ((pw = getpwnam(KD_USER)) == NULL)
128 fatal("getpwnam");
130 if (chroot(pw->pw_dir) == -1)
131 fatal("chroot");
132 if (chdir("/") == -1)
133 fatal("chdir(\"/\")");
135 setproctitle("listener");
136 log_procinit("listener");
138 if (setgroups(1, &pw->pw_gid) ||
139 setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) ||
140 setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
141 fatal("can't drop privileges");
143 event_init();
145 /* Setup signal handlers(s). */
146 signal_set(&ev_sigint, SIGINT, listener_sig_handler, NULL);
147 signal_set(&ev_sigterm, SIGTERM, listener_sig_handler, NULL);
149 signal_add(&ev_sigint, NULL);
150 signal_add(&ev_sigterm, NULL);
152 signal(SIGPIPE, SIG_IGN);
153 signal(SIGHUP, SIG_IGN);
155 /* Setup pipe and event handler to the main process. */
156 if ((iev_main = malloc(sizeof(*iev_main))) == NULL)
157 fatal(NULL);
159 imsg_init(&iev_main->ibuf, 3);
160 iev_main->handler = listener_dispatch_main;
162 /* Setup event handlers. */
163 iev_main->events = EV_READ;
164 event_set(&iev_main->ev, iev_main->ibuf.fd, iev_main->events,
165 iev_main->handler, iev_main);
166 event_add(&iev_main->ev, NULL);
168 sandbox_listener();
169 event_dispatch();
170 listener_shutdown();
173 __dead void
174 listener_shutdown(void)
176 msgbuf_clear(&iev_main->ibuf.w);
177 close(iev_main->ibuf.fd);
179 clear_config(listener_conf);
181 free(iev_main);
183 log_info("listener exiting");
184 exit(0);
187 static void
188 listener_receive_config(struct imsg *imsg, struct kd_conf **nconf,
189 struct kd_pki_conf **pki)
191 struct kd_listen_conf *listen;
192 char *t;
194 switch (imsg->hdr.type) {
195 case IMSG_RECONF_CONF:
196 if (*nconf != NULL)
197 fatalx("%s: IMSG_RECONF_CONF already in "
198 "progress", __func__);
200 if (listener_conf != NULL)
201 fatalx("%s: don't know how reload the "
202 "configuration yet", __func__);
204 if (IMSG_DATA_SIZE(*imsg) != sizeof(struct kd_conf))
205 fatalx("%s: IMSG_RECONF_CONF wrong length: %lu",
206 __func__, IMSG_DATA_SIZE(*imsg));
207 if ((*nconf = malloc(sizeof(**nconf))) == NULL)
208 fatal(NULL);
209 memcpy(*nconf, imsg->data, sizeof(**nconf));
210 STAILQ_INIT(&(*nconf)->pki_head);
211 STAILQ_INIT(&(*nconf)->table_head);
212 STAILQ_INIT(&(*nconf)->listen_head);
213 break;
214 case IMSG_RECONF_PKI:
215 if (*nconf == NULL)
216 fatalx("%s: IMSG_RECONF_PKI without "
217 "IMSG_RECONF_CONF", __func__);
218 *pki = xcalloc(1, sizeof(**pki));
219 t = imsg->data;
220 t[IMSG_DATA_SIZE(*imsg)-1] = '\0';
221 strlcpy((*pki)->name, t, sizeof((*pki)->name));
222 break;
223 case IMSG_RECONF_PKI_CERT:
224 if (*pki == NULL)
225 fatalx("%s: IMSG_RECONF_PKI_CERT without "
226 "IMSG_RECONF_PKI", __func__);
227 (*pki)->certlen = IMSG_DATA_SIZE(*imsg);
228 (*pki)->cert = xmemdup(imsg->data, (*pki)->certlen);
229 break;
230 case IMSG_RECONF_PKI_KEY:
231 if (*pki == NULL)
232 fatalx("%s: IMSG_RECONF_PKI_KEY without "
233 "IMSG_RECONF_PKI", __func__);
234 (*pki)->keylen = IMSG_DATA_SIZE(*imsg);
235 (*pki)->key = xmemdup(imsg->data, (*pki)->keylen);
236 STAILQ_INSERT_HEAD(&(*nconf)->pki_head, *pki, entry);
237 pki = NULL;
238 break;
239 case IMSG_RECONF_LISTEN:
240 if (*nconf == NULL)
241 fatalx("%s: IMSG_RECONF_LISTEN without "
242 "IMSG_RECONF_CONF", __func__);
243 if (IMSG_DATA_SIZE(*imsg) != sizeof(*listen))
244 fatalx("%s: IMSG_RECONF_LISTEN wrong length: %lu",
245 __func__, IMSG_DATA_SIZE(*imsg));
246 listen = xcalloc(1, sizeof(*listen));
247 memcpy(listen, imsg->data, sizeof(*listen));
248 memset(&listen->entry, 0, sizeof(listen->entry));
249 if ((listen->fd = imsg->fd) == -1)
250 fatalx("%s: IMSG_RECONF_LISTEN no fd",
251 __func__);
252 listen->auth_table = NULL;
253 memset(&listen->ev, 0, sizeof(listen->ev));
254 STAILQ_INSERT_HEAD(&(*nconf)->listen_head, listen, entry);
255 break;
256 case IMSG_RECONF_END:
257 if (*nconf == NULL)
258 fatalx("%s: IMSG_RECONF_END without "
259 "IMSG_RECONF_CONF", __func__);
260 apply_config(*nconf);
261 *nconf = NULL;
262 break;
266 static inline struct kd_listen_conf *
267 listen_by_id(uint32_t id)
269 struct kd_listen_conf *l;
271 STAILQ_FOREACH(l, &listener_conf->listen_head, entry) {
272 if (l->id == id)
273 return l;
275 return NULL;
278 void
279 listener_dispatch_main(int fd, short event, void *d)
281 static struct kd_conf *nconf;
282 static struct kd_pki_conf *pki;
283 struct kd_listen_conf *listen;
284 struct client *client, find;
285 struct imsg imsg;
286 struct imsgev *iev = d;
287 struct imsgbuf *ibuf;
288 ssize_t n;
289 int shut = 0;
291 ibuf = &iev->ibuf;
293 if (event & EV_READ) {
294 if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN)
295 fatal("imsg_read error");
296 if (n == 0) /* Connection closed. */
297 shut = 1;
299 if (event & EV_WRITE) {
300 if ((n = msgbuf_write(&ibuf->w)) == -1 && errno != EAGAIN)
301 fatal("msgbuf_write");
302 if (n == 0) /* Connection closed. */
303 shut = 1;
306 for (;;) {
307 if ((n = imsg_get(ibuf, &imsg)) == -1)
308 fatal("%s: imsg_get error", __func__);
309 if (n == 0) /* No more messages. */
310 break;
312 switch (imsg.hdr.type) {
313 case IMSG_CTL_LOG_VERBOSE:
314 if (IMSG_DATA_SIZE(imsg) != sizeof(verbose))
315 fatalx("wrong size for IMSG_CTL_LOG_VERBOSE");
316 memcpy(&verbose, imsg.data, sizeof(verbose));
317 log_setverbose(verbose);
318 SPLAY_FOREACH(client, clients_tree_id, &clients)
319 listener_imsg_compose_client(client,
320 imsg.hdr.type, 0,
321 &verbose, sizeof(verbose));
322 break;
323 case IMSG_RECONF_CONF:
324 case IMSG_RECONF_PKI:
325 case IMSG_RECONF_PKI_CERT:
326 case IMSG_RECONF_PKI_KEY:
327 case IMSG_RECONF_LISTEN:
328 case IMSG_RECONF_END:
329 listener_receive_config(&imsg, &nconf, &pki);
330 break;
331 case IMSG_AUTH:
332 if (IMSG_DATA_SIZE(imsg) != sizeof(struct kd_auth_proc))
333 fatalx("mismatching size for IMSG_AUTH");
335 find.id = imsg.hdr.peerid;
336 client = SPLAY_FIND(clients_tree_id, &clients, &find);
337 if (client == NULL) {
338 if (imsg.fd != -1)
339 close(imsg.fd);
340 break;
342 if (imsg.fd == -1) {
343 log_info("got fd = -1, auth failed?");
344 close_conn(client);
345 break;
347 imsg_init(&client->iev.ibuf, imsg.fd);
348 client->iev.events = EV_READ;
349 client->iev.handler = listener_dispatch_client;
350 event_set(&client->iev.ev, client->iev.ibuf.fd,
351 client->iev.events, client->iev.handler, client);
352 listener_imsg_compose_client(client, IMSG_AUTH,
353 client->id, imsg.data, IMSG_DATA_SIZE(imsg));
355 client->bev = bufferevent_new(client->fd,
356 client_read, client_write, client_error,
357 client);
358 if (client->bev == NULL) {
359 log_info("failed to allocate client buffer");
360 close_conn(client);
361 return;
364 #if HAVE_EVENT2
365 evbuffer_unfreeze(client->bev->input, 0);
366 evbuffer_unfreeze(client->bev->output, 1);
367 #endif
369 if (client->lflags & L_TLS) {
370 event_set(&client->bev->ev_read, client->fd,
371 EV_READ, client_tls_readcb, client->bev);
372 event_set(&client->bev->ev_write, client->fd,
373 EV_WRITE, client_tls_writecb, client->bev);
376 /*
377 * Read or write at least a header before
378 * firing the callbacks. High watermark of 0
379 * to never stop reading/writing; probably to
380 * be revisited.
381 */
382 /* bufferevent_setwatermark(client->bev, EV_READ|EV_WRITE, */
383 /* sizeof(struct np_msg_header), 0); */
384 bufferevent_enable(client->bev, EV_READ|EV_WRITE);
385 break;
387 default:
388 log_debug("%s: unexpected imsg %d", __func__,
389 imsg.hdr.type);
390 break;
392 imsg_free(&imsg);
395 if (!shut)
396 listener_imsg_event_add(iev, d);
397 else {
398 /* This pipe is dead. Remove its event handler. */
399 event_del(&iev->ev);
400 log_warnx("pipe closed, shutting down...");
401 event_loopexit(NULL);
405 int
406 listener_imsg_compose_main(int type, uint32_t peerid, const void *data,
407 uint16_t datalen)
409 return imsg_compose_event(iev_main, type, peerid, 0, -1, data,
410 datalen);
413 static void
414 listener_imsg_event_add(struct imsgev *iev, void *d)
416 iev->events = EV_READ;
417 if (iev->ibuf.w.queued)
418 iev->events |= EV_WRITE;
420 event_del(&iev->ev);
421 event_set(&iev->ev, iev->ibuf.fd, iev->events, iev->handler, d);
422 event_add(&iev->ev, NULL);
425 static void
426 listener_dispatch_client(int fd, short event, void *d)
428 struct client find, *client = d;
429 struct imsg imsg;
430 struct imsgev *iev;
431 struct imsgbuf *ibuf;
432 ssize_t n;
433 int r, shut = 0;
435 iev = &client->iev;
436 ibuf = &iev->ibuf;
438 if (event & EV_READ) {
439 if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN)
440 fatal("imsg_read error");
441 if (n == 0) /* Connection closed */
442 shut = 1;
445 if (event & EV_WRITE) {
446 if ((n = msgbuf_write(&ibuf->w)) == -1 && errno != EAGAIN)
447 fatal("msgbuf_write");
448 if (n == 0) /* Connection closed. */
449 shut = 1;
452 for (;;) {
453 if ((n = imsg_get(ibuf, &imsg)) == -1)
454 fatal("%s: imsg_get error", __func__);
455 if (n == 0) /* No more messages. */
456 break;
458 switch (imsg.hdr.type) {
459 case IMSG_BUF:
460 find.id = imsg.hdr.peerid;
461 client = SPLAY_FIND(clients_tree_id, &clients, &find);
462 if (client == NULL) {
463 log_info("got IMSG_BUF but client (%d) gone",
464 imsg.hdr.peerid);
465 break;
467 r = bufferevent_write(client->bev, imsg.data,
468 IMSG_DATA_SIZE(imsg));
469 if (r == -1) {
470 log_warn("%s: bufferevent_write failed",
471 __func__);
472 close_conn(client);
473 break;
475 break;
477 case IMSG_MSIZE:
478 if (IMSG_DATA_SIZE(imsg) != sizeof(client->msize))
479 fatal("IMSG_MSIZE size mismatch: "
480 "got %zu want %zu", IMSG_DATA_SIZE(imsg),
481 sizeof(client->msize));
483 memcpy(&client->msize, imsg.data,
484 sizeof(client->msize));
486 if (client->msize == 0)
487 fatal("IMSG_MSIZE got msize = 0");
489 break;
491 case IMSG_CLOSE:
492 /*
493 * Both EVBUFFER_READ or EVBUFFER_WRITE should
494 * be fine.
495 */
496 client_error(client->bev, EVBUFFER_READ, client);
497 break;
499 default:
500 log_debug("%s: unexpected imsg %d", __func__,
501 imsg.hdr.type);
502 break;
504 imsg_free(&imsg);
507 if (!shut)
508 listener_imsg_event_add(iev, d);
509 else {
510 /* This pipe is dead. Remove its handler */
511 log_debug("client proc vanished");
512 close_conn(client);
516 static int
517 listener_imsg_compose_client(struct client *client, int type,
518 uint32_t peerid, const void *data, uint16_t len)
520 int ret;
522 if ((ret = imsg_compose(&client->iev.ibuf, type, peerid, 0, -1,
523 data, len)) != -1)
524 listener_imsg_event_add(&client->iev, client);
526 return ret;
529 static inline struct kd_pki_conf *
530 pki_by_name(const char *name)
532 struct kd_pki_conf *pki;
534 STAILQ_FOREACH(pki, &listener_conf->pki_head, entry) {
535 if (!strcmp(name, pki->name))
536 return pki;
539 return NULL;
542 static void
543 apply_config(struct kd_conf *conf)
545 struct kd_pki_conf *pki;
546 struct kd_listen_conf *listen;
547 struct client *c;
549 /* drop any pre-auth inflight connections */
550 SPLAY_FOREACH(c, clients_tree_id, &clients) {
551 /*
552 * c->event is set only during the handshake and the teardown
553 * of the connection; c->bev is set only after auth. Checking
554 * for both ensures we drop only incoming connection in the
555 * pre-auth state.
556 */
557 if (event_pending(&c->event, EV_READ|EV_WRITE, NULL) &&
558 c->bev == NULL) {
559 log_warn("closing in-flight connection due to reload");
560 close_conn(c);
564 /* swap the now config with the current one */
565 clear_config(listener_conf);
566 listener_conf = conf;
568 /* prepare the various tls_config */
569 STAILQ_FOREACH(pki, &listener_conf->pki_head, entry) {
570 if ((pki->tlsconf = tls_config_new()) == NULL)
571 fatal("tls_config_new");
572 tls_config_verify_client_optional(pki->tlsconf);
573 tls_config_insecure_noverifycert(pki->tlsconf);
574 if (tls_config_set_keypair_mem(pki->tlsconf,
575 pki->cert, pki->certlen,
576 pki->key, pki->keylen) == -1)
577 fatalx("tls_config_set_keypair_mem: %s",
578 tls_config_error(pki->tlsconf));
581 /* prepare and kickoff the listeners */
582 STAILQ_FOREACH(listen, &listener_conf->listen_head, entry) {
583 if ((listen->ctx = tls_server()) == NULL)
584 fatal("tls_server");
586 pki = pki_by_name(listen->pki);
587 if (tls_configure(listen->ctx, pki->tlsconf) == -1)
588 fatalx("tls_configure: %s",
589 tls_config_error(pki->tlsconf));
591 event_set(&listen->ev, listen->fd, EV_READ|EV_PERSIST,
592 handle_accept, listen);
593 event_add(&listen->ev, NULL);
597 static inline void
598 yield_r(struct client *c, void (*fn)(int, short, void *))
600 if (event_pending(&c->event, EV_WRITE|EV_READ, NULL))
601 event_del(&c->event);
602 event_set(&c->event, c->fd, EV_READ, fn, c);
603 event_add(&c->event, NULL);
606 static inline void
607 yield_w(struct client *c, void (*fn)(int, short, void *))
609 if (event_pending(&c->event, EV_WRITE|EV_READ, NULL))
610 event_del(&c->event);
611 event_set(&c->event, c->fd, EV_WRITE, fn, c);
612 event_add(&c->event, NULL);
615 static void
616 handle_accept(int fd, short ev, void *data)
618 static uint32_t counter;
619 struct kd_listen_conf *listen = data;
620 struct client *c;
621 int s;
623 if ((s = accept(fd, NULL, NULL)) == -1) {
624 log_warn("accept");
625 return;
628 c = xcalloc(1, sizeof(*c));
629 c->msize = MSIZE9P;
630 c->lid = listen->id;
631 c->lflags = listen->flags;
632 c->iev.ibuf.fd = -1;
634 if (tls_accept_socket(listen->ctx, &c->ctx, s) == -1) {
635 log_warnx("tls_accept_socket: %s",
636 tls_error(listen->ctx));
637 free(c);
638 close(s);
639 return;
642 c->fd = s;
643 c->id = counter++;
645 SPLAY_INSERT(clients_tree_id, &clients, c);
647 /* initialize the event */
648 event_set(&c->event, c->fd, EV_READ, NULL, NULL);
650 yield_r(c, handle_handshake);
653 static void
654 handle_handshake(int fd, short ev, void *data)
656 struct client *c = data;
657 struct kd_auth_req auth;
658 ssize_t r;
659 const char *hash;
661 switch (r = tls_handshake(c->ctx)) {
662 case TLS_WANT_POLLIN:
663 yield_r(c, handle_handshake);
664 return;
665 case TLS_WANT_POLLOUT:
666 yield_w(c, handle_handshake);
667 return;
668 case -1:
669 log_debug("handhsake failed: %s", tls_error(c->ctx));
670 close_conn(c);
671 return;
674 if ((hash = tls_peer_cert_hash(c->ctx)) == NULL) {
675 log_warnx("client didn't provide certificate");
676 close_conn(c);
677 return;
680 memset(&auth, 0, sizeof(auth));
681 auth.listen_id = c->lid;
682 strlcpy(auth.hash, hash, sizeof(auth.hash));
683 log_debug("sending hash %s", auth.hash);
685 listener_imsg_compose_main(IMSG_AUTH_TLS, c->id,
686 &auth, sizeof(auth));
689 static void
690 client_read(struct bufferevent *bev, void *d)
692 struct client *client = d;
693 struct evbuffer *src = EVBUFFER_INPUT(bev);
694 uint32_t len;
696 for (;;) {
697 if (EVBUFFER_LENGTH(src) < 4)
698 return;
700 memcpy(&len, EVBUFFER_DATA(src), sizeof(len));
701 len = le32toh(len);
702 log_debug("expecting a message %"PRIu32" bytes long "
703 "(of wich %zu already read)",
704 len, EVBUFFER_LENGTH(src));
706 if (len < HEADERSIZE) {
707 log_warnx("invalid message size %d (too low)", len);
708 client_error(bev, EVBUFFER_READ, client);
709 return;
712 if (len > client->msize) {
713 log_warnx("incoming message bigger than msize "
714 "(%"PRIu32" vs %"PRIu32")", len, client->msize);
715 client_error(bev, EVBUFFER_READ, client);
716 return;
719 if (len > EVBUFFER_LENGTH(src))
720 return;
722 listener_imsg_compose_client(client, IMSG_BUF, client->id,
723 EVBUFFER_DATA(src), len);
724 evbuffer_drain(src, len);
728 static void
729 client_write(struct bufferevent *bev, void *d)
731 /*
732 * here we can do some fancy logic like deciding when to call
734 * (*bev->errorcb)(bev, EVBUFFER_WRITE, bev->cbarg)
736 * to signal the end of the transaction.
737 */
739 return;
742 static void
743 client_error(struct bufferevent *bev, short err, void *d)
745 struct client *client = d;
746 struct evbuffer *buf;
748 if (err & EVBUFFER_ERROR) {
749 if (errno == EFBIG) {
750 bufferevent_enable(bev, EV_READ);
751 return;
753 log_debug("buffer event error");
754 close_conn(client);
755 return;
758 if (err & EVBUFFER_EOF) {
759 close_conn(client);
760 return;
763 if (err & (EVBUFFER_READ|EVBUFFER_WRITE)) {
764 bufferevent_disable(bev, EV_READ|EV_WRITE);
766 buf = EVBUFFER_OUTPUT(client->bev);
767 if (EVBUFFER_LENGTH(buf) != 0) {
768 /* finish writing all the data first */
769 bufferevent_enable(client->bev, EV_WRITE);
770 return;
773 close_conn(client);
774 return;
777 log_warnx("unknown event error, closing client connection");
778 close_conn(client);
781 static void
782 client_tls_readcb(int fd, short event, void *d)
784 struct bufferevent *bufev = d;
785 struct client *client = bufev->cbarg;
786 char buf[IBUF_READ_SIZE];
787 int what = EVBUFFER_READ;
788 int howmuch = IBUF_READ_SIZE;
789 ssize_t ret;
790 size_t len;
792 if (event == EV_TIMEOUT) {
793 what |= EVBUFFER_TIMEOUT;
794 goto err;
797 if (bufev->wm_read.high != 0)
798 howmuch = MIN(sizeof(buf), bufev->wm_read.high);
800 switch (ret = tls_read(client->ctx, buf, howmuch)) {
801 case TLS_WANT_POLLIN:
802 case TLS_WANT_POLLOUT:
803 goto retry;
804 case -1:
805 what |= EVBUFFER_ERROR;
806 goto err;
808 len = ret;
810 if (len == 0) {
811 what |= EVBUFFER_EOF;
812 goto err;
815 if (evbuffer_add(bufev->input, buf, len) == -1) {
816 what |= EVBUFFER_ERROR;
817 goto err;
820 event_add(&bufev->ev_read, NULL);
822 len = EVBUFFER_LENGTH(bufev->input);
823 if (bufev->wm_read.low != 0 && len < bufev->wm_read.low)
824 return;
825 if (bufev->wm_read.high != 0 && len > bufev->wm_read.high) {
826 /*
827 * here we could implement some read pressure
828 * mechanism.
829 */
832 if (bufev->readcb != NULL)
833 (*bufev->readcb)(bufev, bufev->cbarg);
835 return;
837 retry:
838 event_add(&bufev->ev_read, NULL);
839 return;
841 err:
842 (*bufev->errorcb)(bufev, what, bufev->cbarg);
845 static void
846 client_tls_writecb(int fd, short event, void *d)
848 struct bufferevent *bufev = d;
849 struct client *client = bufev->cbarg;
850 ssize_t ret;
851 size_t len;
852 short what = EVBUFFER_WRITE;
854 if (event == EV_TIMEOUT) {
855 what |= EVBUFFER_TIMEOUT;
856 goto err;
859 if (EVBUFFER_LENGTH(bufev->output) != 0) {
860 ret = tls_write(client->ctx,
861 EVBUFFER_DATA(bufev->output),
862 EVBUFFER_LENGTH(bufev->output));
863 switch (ret) {
864 case TLS_WANT_POLLIN:
865 case TLS_WANT_POLLOUT:
866 goto retry;
867 case -1:
868 what |= EVBUFFER_ERROR;
869 goto err;
871 len = ret;
872 evbuffer_drain(bufev->output, len);
875 if (EVBUFFER_LENGTH(bufev->output) != 0)
876 event_add(&bufev->ev_write, NULL);
878 if (bufev->writecb != NULL &&
879 EVBUFFER_LENGTH(bufev->output) <= bufev->wm_write.low)
880 (*bufev->writecb)(bufev, bufev->cbarg);
881 return;
883 retry:
884 event_add(&bufev->ev_write, NULL);
885 return;
887 err:
888 (*bufev->errorcb)(bufev, what, bufev->cbarg);
891 static void
892 close_conn(struct client *c)
894 log_debug("closing connection");
896 SPLAY_REMOVE(clients_tree_id, &clients, c);
898 if (c->iev.ibuf.fd != -1) {
899 listener_imsg_compose_client(c, IMSG_CONN_GONE, 0, NULL, 0);
900 imsg_flush(&c->iev.ibuf);
901 msgbuf_clear(&c->iev.ibuf.w);
902 event_del(&c->iev.ev);
903 close(c->iev.ibuf.fd);
906 handle_close(c->fd, 0, c);
909 static void
910 handle_close(int fd, short ev, void *d)
912 struct client *c = d;
914 switch (tls_close(c->ctx)) {
915 case TLS_WANT_POLLIN:
916 yield_r(c, handle_close);
917 return;
918 case TLS_WANT_POLLOUT:
919 yield_w(c, handle_close);
920 return;
923 event_del(&c->event);
924 tls_free(c->ctx);
925 close(c->fd);
926 free(c);