diff options
author | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2015-09-10 18:32:07 +0000 |
---|---|---|
committer | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2015-09-10 18:32:07 +0000 |
commit | 71d93a9a4e7a3db0253631409dc7f055791e17a1 (patch) | |
tree | 98bae213381ca211e8da875e44793696c35389b8 /usr.sbin/syslogd | |
parent | 7f016c8a1dd6b7afa9db5de9bd3d4d6645f84426 (diff) |
Convert syslogd TLS connect to use handshake callback. The bt_hostname
can go away as the callback does not need the hostname anymore.
Call tls_handshake() until successful. Remove the function
tls_socket() as it has a bad prefix. Just call tls_client(),
tls_configure() and tls_connect_socket() after the TCP socket has
been created. There is no need to wait until TCP connect has
finished.
OK beck@ jsing@
Diffstat (limited to 'usr.sbin/syslogd')
-rw-r--r-- | usr.sbin/syslogd/evbuffer_tls.c | 19 | ||||
-rw-r--r-- | usr.sbin/syslogd/evbuffer_tls.h | 7 | ||||
-rw-r--r-- | usr.sbin/syslogd/syslogd.c | 73 |
3 files changed, 48 insertions, 51 deletions
diff --git a/usr.sbin/syslogd/evbuffer_tls.c b/usr.sbin/syslogd/evbuffer_tls.c index 56172e43f28..2100ce59aa0 100644 --- a/usr.sbin/syslogd/evbuffer_tls.c +++ b/usr.sbin/syslogd/evbuffer_tls.c @@ -1,4 +1,4 @@ -/* $OpenBSD: evbuffer_tls.c,v 1.6 2015/09/10 10:58:48 bluhm Exp $ */ +/* $OpenBSD: evbuffer_tls.c,v 1.7 2015/09/10 18:32:06 bluhm Exp $ */ /* * Copyright (c) 2002-2004 Niels Provos <provos@citi.umich.edu> @@ -210,29 +210,28 @@ buffertls_writecb(int fd, short event, void *arg) } static void -buffertls_connectcb(int fd, short event, void *arg) +buffertls_handshakecb(int fd, short event, void *arg) { struct buffertls *buftls = arg; struct bufferevent *bufev = buftls->bt_bufev; struct tls *ctx = buftls->bt_ctx; - const char *hostname = buftls->bt_hostname; int res = 0; - short what = EVBUFFER_CONNECT; + short what = EVBUFFER_HANDSHAKE; if (event == EV_TIMEOUT) { what |= EVBUFFER_TIMEOUT; goto error; } - res = tls_connect_socket(ctx, fd, hostname); + res = tls_handshake(ctx); switch (res) { case TLS_WANT_POLLIN: event_set(&bufev->ev_write, fd, EV_READ, - buffertls_connectcb, buftls); + buffertls_handshakecb, buftls); goto reschedule; case TLS_WANT_POLLOUT: event_set(&bufev->ev_write, fd, EV_WRITE, - buffertls_connectcb, buftls); + buffertls_handshakecb, buftls); goto reschedule; case -1: if (errno == EAGAIN || errno == EINTR || @@ -278,15 +277,15 @@ buffertls_set(struct buffertls *buftls, struct bufferevent *bufev, } void -buffertls_connect(struct buffertls *buftls, int fd, const char *hostname) +buffertls_connect(struct buffertls *buftls, int fd) { struct bufferevent *bufev = buftls->bt_bufev; event_del(&bufev->ev_read); event_del(&bufev->ev_write); - buftls->bt_hostname = hostname; - event_set(&bufev->ev_write, fd, EV_WRITE, buffertls_connectcb, buftls); + event_set(&bufev->ev_write, fd, EV_WRITE, buffertls_handshakecb, + buftls); bufferevent_add(&bufev->ev_write, bufev->timeout_write); } diff --git a/usr.sbin/syslogd/evbuffer_tls.h b/usr.sbin/syslogd/evbuffer_tls.h index d895808947f..3ce8083b042 100644 --- a/usr.sbin/syslogd/evbuffer_tls.h +++ b/usr.sbin/syslogd/evbuffer_tls.h @@ -1,4 +1,4 @@ -/* $OpenBSD: evbuffer_tls.h,v 1.3 2015/07/18 22:33:46 bluhm Exp $ */ +/* $OpenBSD: evbuffer_tls.h,v 1.4 2015/09/10 18:32:06 bluhm Exp $ */ /* * Copyright (c) 2014-2015 Alexander Bluhm <bluhm@openbsd.org> @@ -19,7 +19,7 @@ #ifndef _EVBUFFER_TLS_H_ #define _EVBUFFER_TLS_H_ -#define EVBUFFER_CONNECT 0x80 +#define EVBUFFER_HANDSHAKE 0x04 struct bufferevent; struct tls; @@ -27,11 +27,10 @@ struct tls; struct buffertls { struct bufferevent *bt_bufev; struct tls *bt_ctx; - const char *bt_hostname; }; void buffertls_set(struct buffertls *, struct bufferevent *, struct tls *, int); -void buffertls_connect(struct buffertls *, int, const char *); +void buffertls_connect(struct buffertls *, int); #endif /* _EVBUFFER_TLS_H_ */ diff --git a/usr.sbin/syslogd/syslogd.c b/usr.sbin/syslogd/syslogd.c index 4c1e68e0c12..b38a8e27b32 100644 --- a/usr.sbin/syslogd/syslogd.c +++ b/usr.sbin/syslogd/syslogd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: syslogd.c,v 1.184 2015/09/09 08:12:46 bluhm Exp $ */ +/* $OpenBSD: syslogd.c,v 1.185 2015/09/10 18:32:06 bluhm Exp $ */ /* * Copyright (c) 1983, 1988, 1993, 1994 @@ -306,7 +306,6 @@ void tcp_writecb(struct bufferevent *, void *); void tcp_errorcb(struct bufferevent *, short, void *); void tcp_connectcb(int, short, void *); void tcp_connect_retry(struct bufferevent *, struct filed *); -struct tls *tls_socket(struct filed *); int tcpbuf_countmsg(struct bufferevent *bufev); void die_signalcb(int, short, void *); void mark_timercb(int, short, void *); @@ -1229,7 +1228,7 @@ tcp_connectcb(int fd, short event, void *arg) { struct filed *f = arg; struct bufferevent *bufev = f->f_un.f_forw.f_bufev; - struct tls *ctx; + char ebuf[ERRBUFSIZE]; int s; if ((s = tcp_socket(f)) == -1) { @@ -1248,19 +1247,43 @@ tcp_connectcb(int fd, short event, void *arg) bufferevent_enable(bufev, EV_READ|EV_WRITE); if (f->f_type == F_FORWTLS) { - if ((ctx = tls_socket(f)) == NULL) { - close(f->f_file); - f->f_file = -1; - tcp_connect_retry(bufev, f); - return; + if ((f->f_un.f_forw.f_ctx = tls_client()) == NULL) { + snprintf(ebuf, sizeof(ebuf), "tls_client \"%s\"", + f->f_un.f_forw.f_loghost); + goto error; } - dprintf("tcp connect callback: TLS context success\n"); - f->f_un.f_forw.f_ctx = ctx; + if (tlsconfig && + tls_configure(f->f_un.f_forw.f_ctx, tlsconfig) == -1) { + snprintf(ebuf, sizeof(ebuf), "tls_configure " + "\"%s\": %s", f->f_un.f_forw.f_loghost, + tls_error(f->f_un.f_forw.f_ctx)); + goto error; + } + if (tls_connect_socket(f->f_un.f_forw.f_ctx, s, + f->f_un.f_forw.f_host) == -1) { + snprintf(ebuf, sizeof(ebuf), "tls_connect_socket " + "\"%s\": %s", f->f_un.f_forw.f_loghost, + tls_error(f->f_un.f_forw.f_ctx)); + goto error; + } + dprintf("tcp connect callback: tls context success\n"); + + buffertls_set(&f->f_un.f_forw.f_buftls, bufev, + f->f_un.f_forw.f_ctx, s); + buffertls_connect(&f->f_un.f_forw.f_buftls, s); + } + + return; - buffertls_set(&f->f_un.f_forw.f_buftls, bufev, ctx, s); - buffertls_connect(&f->f_un.f_forw.f_buftls, s, - f->f_un.f_forw.f_host); + error: + logerror(ebuf); + if (f->f_un.f_forw.f_ctx) { + tls_free(f->f_un.f_forw.f_ctx); + f->f_un.f_forw.f_ctx = NULL; } + close(f->f_file); + f->f_file = -1; + tcp_connect_retry(bufev, f); } void @@ -1284,30 +1307,6 @@ tcp_connect_retry(struct bufferevent *bufev, struct filed *f) evtimer_add(&bufev->ev_write, &to); } -struct tls * -tls_socket(struct filed *f) -{ - struct tls *ctx; - char ebuf[ERRBUFSIZE]; - - if ((ctx = tls_client()) == NULL) { - snprintf(ebuf, sizeof(ebuf), "tls_client \"%s\"", - f->f_un.f_forw.f_loghost); - logerror(ebuf); - return (NULL); - } - if (tlsconfig) { - if (tls_configure(ctx, tlsconfig) < 0) { - snprintf(ebuf, sizeof(ebuf), "tls_configure \"%s\": %s", - f->f_un.f_forw.f_loghost, tls_error(ctx)); - logerror(ebuf); - tls_free(ctx); - return (NULL); - } - } - return (ctx); -} - int tcpbuf_countmsg(struct bufferevent *bufev) { |