summaryrefslogtreecommitdiff
path: root/usr.sbin/syslogd
diff options
context:
space:
mode:
authorAlexander Bluhm <bluhm@cvs.openbsd.org>2015-09-10 18:32:07 +0000
committerAlexander Bluhm <bluhm@cvs.openbsd.org>2015-09-10 18:32:07 +0000
commit71d93a9a4e7a3db0253631409dc7f055791e17a1 (patch)
tree98bae213381ca211e8da875e44793696c35389b8 /usr.sbin/syslogd
parent7f016c8a1dd6b7afa9db5de9bd3d4d6645f84426 (diff)
Convert syslogd TLS connect to use handshake callback. The bt_hostname
can go away as the callback does not need the hostname anymore. Call tls_handshake() until successful. Remove the function tls_socket() as it has a bad prefix. Just call tls_client(), tls_configure() and tls_connect_socket() after the TCP socket has been created. There is no need to wait until TCP connect has finished. OK beck@ jsing@
Diffstat (limited to 'usr.sbin/syslogd')
-rw-r--r--usr.sbin/syslogd/evbuffer_tls.c19
-rw-r--r--usr.sbin/syslogd/evbuffer_tls.h7
-rw-r--r--usr.sbin/syslogd/syslogd.c73
3 files changed, 48 insertions, 51 deletions
diff --git a/usr.sbin/syslogd/evbuffer_tls.c b/usr.sbin/syslogd/evbuffer_tls.c
index 56172e43f28..2100ce59aa0 100644
--- a/usr.sbin/syslogd/evbuffer_tls.c
+++ b/usr.sbin/syslogd/evbuffer_tls.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: evbuffer_tls.c,v 1.6 2015/09/10 10:58:48 bluhm Exp $ */
+/* $OpenBSD: evbuffer_tls.c,v 1.7 2015/09/10 18:32:06 bluhm Exp $ */
/*
* Copyright (c) 2002-2004 Niels Provos <provos@citi.umich.edu>
@@ -210,29 +210,28 @@ buffertls_writecb(int fd, short event, void *arg)
}
static void
-buffertls_connectcb(int fd, short event, void *arg)
+buffertls_handshakecb(int fd, short event, void *arg)
{
struct buffertls *buftls = arg;
struct bufferevent *bufev = buftls->bt_bufev;
struct tls *ctx = buftls->bt_ctx;
- const char *hostname = buftls->bt_hostname;
int res = 0;
- short what = EVBUFFER_CONNECT;
+ short what = EVBUFFER_HANDSHAKE;
if (event == EV_TIMEOUT) {
what |= EVBUFFER_TIMEOUT;
goto error;
}
- res = tls_connect_socket(ctx, fd, hostname);
+ res = tls_handshake(ctx);
switch (res) {
case TLS_WANT_POLLIN:
event_set(&bufev->ev_write, fd, EV_READ,
- buffertls_connectcb, buftls);
+ buffertls_handshakecb, buftls);
goto reschedule;
case TLS_WANT_POLLOUT:
event_set(&bufev->ev_write, fd, EV_WRITE,
- buffertls_connectcb, buftls);
+ buffertls_handshakecb, buftls);
goto reschedule;
case -1:
if (errno == EAGAIN || errno == EINTR ||
@@ -278,15 +277,15 @@ buffertls_set(struct buffertls *buftls, struct bufferevent *bufev,
}
void
-buffertls_connect(struct buffertls *buftls, int fd, const char *hostname)
+buffertls_connect(struct buffertls *buftls, int fd)
{
struct bufferevent *bufev = buftls->bt_bufev;
event_del(&bufev->ev_read);
event_del(&bufev->ev_write);
- buftls->bt_hostname = hostname;
- event_set(&bufev->ev_write, fd, EV_WRITE, buffertls_connectcb, buftls);
+ event_set(&bufev->ev_write, fd, EV_WRITE, buffertls_handshakecb,
+ buftls);
bufferevent_add(&bufev->ev_write, bufev->timeout_write);
}
diff --git a/usr.sbin/syslogd/evbuffer_tls.h b/usr.sbin/syslogd/evbuffer_tls.h
index d895808947f..3ce8083b042 100644
--- a/usr.sbin/syslogd/evbuffer_tls.h
+++ b/usr.sbin/syslogd/evbuffer_tls.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: evbuffer_tls.h,v 1.3 2015/07/18 22:33:46 bluhm Exp $ */
+/* $OpenBSD: evbuffer_tls.h,v 1.4 2015/09/10 18:32:06 bluhm Exp $ */
/*
* Copyright (c) 2014-2015 Alexander Bluhm <bluhm@openbsd.org>
@@ -19,7 +19,7 @@
#ifndef _EVBUFFER_TLS_H_
#define _EVBUFFER_TLS_H_
-#define EVBUFFER_CONNECT 0x80
+#define EVBUFFER_HANDSHAKE 0x04
struct bufferevent;
struct tls;
@@ -27,11 +27,10 @@ struct tls;
struct buffertls {
struct bufferevent *bt_bufev;
struct tls *bt_ctx;
- const char *bt_hostname;
};
void buffertls_set(struct buffertls *, struct bufferevent *, struct tls *,
int);
-void buffertls_connect(struct buffertls *, int, const char *);
+void buffertls_connect(struct buffertls *, int);
#endif /* _EVBUFFER_TLS_H_ */
diff --git a/usr.sbin/syslogd/syslogd.c b/usr.sbin/syslogd/syslogd.c
index 4c1e68e0c12..b38a8e27b32 100644
--- a/usr.sbin/syslogd/syslogd.c
+++ b/usr.sbin/syslogd/syslogd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: syslogd.c,v 1.184 2015/09/09 08:12:46 bluhm Exp $ */
+/* $OpenBSD: syslogd.c,v 1.185 2015/09/10 18:32:06 bluhm Exp $ */
/*
* Copyright (c) 1983, 1988, 1993, 1994
@@ -306,7 +306,6 @@ void tcp_writecb(struct bufferevent *, void *);
void tcp_errorcb(struct bufferevent *, short, void *);
void tcp_connectcb(int, short, void *);
void tcp_connect_retry(struct bufferevent *, struct filed *);
-struct tls *tls_socket(struct filed *);
int tcpbuf_countmsg(struct bufferevent *bufev);
void die_signalcb(int, short, void *);
void mark_timercb(int, short, void *);
@@ -1229,7 +1228,7 @@ tcp_connectcb(int fd, short event, void *arg)
{
struct filed *f = arg;
struct bufferevent *bufev = f->f_un.f_forw.f_bufev;
- struct tls *ctx;
+ char ebuf[ERRBUFSIZE];
int s;
if ((s = tcp_socket(f)) == -1) {
@@ -1248,19 +1247,43 @@ tcp_connectcb(int fd, short event, void *arg)
bufferevent_enable(bufev, EV_READ|EV_WRITE);
if (f->f_type == F_FORWTLS) {
- if ((ctx = tls_socket(f)) == NULL) {
- close(f->f_file);
- f->f_file = -1;
- tcp_connect_retry(bufev, f);
- return;
+ if ((f->f_un.f_forw.f_ctx = tls_client()) == NULL) {
+ snprintf(ebuf, sizeof(ebuf), "tls_client \"%s\"",
+ f->f_un.f_forw.f_loghost);
+ goto error;
}
- dprintf("tcp connect callback: TLS context success\n");
- f->f_un.f_forw.f_ctx = ctx;
+ if (tlsconfig &&
+ tls_configure(f->f_un.f_forw.f_ctx, tlsconfig) == -1) {
+ snprintf(ebuf, sizeof(ebuf), "tls_configure "
+ "\"%s\": %s", f->f_un.f_forw.f_loghost,
+ tls_error(f->f_un.f_forw.f_ctx));
+ goto error;
+ }
+ if (tls_connect_socket(f->f_un.f_forw.f_ctx, s,
+ f->f_un.f_forw.f_host) == -1) {
+ snprintf(ebuf, sizeof(ebuf), "tls_connect_socket "
+ "\"%s\": %s", f->f_un.f_forw.f_loghost,
+ tls_error(f->f_un.f_forw.f_ctx));
+ goto error;
+ }
+ dprintf("tcp connect callback: tls context success\n");
+
+ buffertls_set(&f->f_un.f_forw.f_buftls, bufev,
+ f->f_un.f_forw.f_ctx, s);
+ buffertls_connect(&f->f_un.f_forw.f_buftls, s);
+ }
+
+ return;
- buffertls_set(&f->f_un.f_forw.f_buftls, bufev, ctx, s);
- buffertls_connect(&f->f_un.f_forw.f_buftls, s,
- f->f_un.f_forw.f_host);
+ error:
+ logerror(ebuf);
+ if (f->f_un.f_forw.f_ctx) {
+ tls_free(f->f_un.f_forw.f_ctx);
+ f->f_un.f_forw.f_ctx = NULL;
}
+ close(f->f_file);
+ f->f_file = -1;
+ tcp_connect_retry(bufev, f);
}
void
@@ -1284,30 +1307,6 @@ tcp_connect_retry(struct bufferevent *bufev, struct filed *f)
evtimer_add(&bufev->ev_write, &to);
}
-struct tls *
-tls_socket(struct filed *f)
-{
- struct tls *ctx;
- char ebuf[ERRBUFSIZE];
-
- if ((ctx = tls_client()) == NULL) {
- snprintf(ebuf, sizeof(ebuf), "tls_client \"%s\"",
- f->f_un.f_forw.f_loghost);
- logerror(ebuf);
- return (NULL);
- }
- if (tlsconfig) {
- if (tls_configure(ctx, tlsconfig) < 0) {
- snprintf(ebuf, sizeof(ebuf), "tls_configure \"%s\": %s",
- f->f_un.f_forw.f_loghost, tls_error(ctx));
- logerror(ebuf);
- tls_free(ctx);
- return (NULL);
- }
- }
- return (ctx);
-}
-
int
tcpbuf_countmsg(struct bufferevent *bufev)
{