2011-01-23 12:43:00 +00:00
|
|
|
/*
|
|
|
|
* mbsync - mailbox synchronizer
|
|
|
|
* Copyright (C) 2000-2002 Michael R. Elkins <me@mutt.org>
|
2013-04-20 14:57:16 +00:00
|
|
|
* Copyright (C) 2002-2006,2008,2010,2011, 2013 Oswald Buddenhagen <ossi@users.sf.net>
|
2011-01-23 12:43:00 +00:00
|
|
|
* Copyright (C) 2004 Theodore Y. Ts'o <tytso@mit.edu>
|
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or modify
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
|
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
|
|
* (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License
|
2011-04-10 17:34:36 +00:00
|
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
2011-01-23 12:43:00 +00:00
|
|
|
*
|
|
|
|
* As a special exception, mbsync may be linked with the OpenSSL library,
|
|
|
|
* despite that library's more restrictive license.
|
|
|
|
*/
|
|
|
|
|
2013-12-08 19:46:40 +00:00
|
|
|
#include "socket.h"
|
2011-01-23 12:43:00 +00:00
|
|
|
|
|
|
|
#include <assert.h>
|
|
|
|
#include <unistd.h>
|
|
|
|
#include <stdlib.h>
|
2012-08-25 16:26:23 +00:00
|
|
|
#include <stddef.h>
|
2011-01-23 12:43:00 +00:00
|
|
|
#include <errno.h>
|
|
|
|
#include <string.h>
|
2012-08-25 16:26:23 +00:00
|
|
|
#include <fcntl.h>
|
2011-01-23 12:43:00 +00:00
|
|
|
#include <sys/socket.h>
|
|
|
|
#include <sys/ioctl.h>
|
|
|
|
#include <netinet/in.h>
|
|
|
|
#include <netinet/tcp.h>
|
|
|
|
#include <arpa/inet.h>
|
|
|
|
#include <netdb.h>
|
2013-12-08 19:46:40 +00:00
|
|
|
#ifdef HAVE_LIBSSL
|
|
|
|
# include <openssl/ssl.h>
|
|
|
|
# include <openssl/err.h>
|
|
|
|
# include <openssl/x509v3.h>
|
2018-05-18 13:11:15 +00:00
|
|
|
# if OPENSSL_VERSION_NUMBER < 0x10100000L \
|
2020-08-04 09:17:56 +00:00
|
|
|
|| (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070100fL)
|
2016-07-24 09:58:57 +00:00
|
|
|
# define X509_OBJECT_get0_X509(o) ((o)->data.x509)
|
|
|
|
# define X509_STORE_get0_objects(o) ((o)->objs)
|
|
|
|
# endif
|
2013-12-08 19:46:40 +00:00
|
|
|
#endif
|
2011-01-23 12:43:00 +00:00
|
|
|
|
2015-02-15 11:15:46 +00:00
|
|
|
enum {
|
|
|
|
SCK_CONNECTING,
|
|
|
|
#ifdef HAVE_LIBSSL
|
|
|
|
SCK_STARTTLS,
|
|
|
|
#endif
|
|
|
|
SCK_READY,
|
|
|
|
SCK_EOF
|
|
|
|
};
|
|
|
|
|
2011-03-27 14:50:32 +00:00
|
|
|
static void
|
|
|
|
socket_fail( conn_t *conn )
|
|
|
|
{
|
|
|
|
conn->bad_callback( conn->callback_aux );
|
|
|
|
}
|
|
|
|
|
2011-01-23 12:43:00 +00:00
|
|
|
#ifdef HAVE_LIBSSL
|
2019-07-28 09:35:02 +00:00
|
|
|
static void ATTR_PRINTFLIKE(1, 2)
|
|
|
|
print_ssl_errors( const char *fmt, ... )
|
|
|
|
{
|
|
|
|
char *action;
|
|
|
|
va_list va;
|
|
|
|
ulong err;
|
|
|
|
|
|
|
|
va_start( va, fmt );
|
|
|
|
nfvasprintf( &action, fmt, va );
|
|
|
|
va_end( va );
|
|
|
|
while ((err = ERR_get_error()))
|
|
|
|
error( "Error while %s: %s\n", action, ERR_error_string( err, 0 ) );
|
|
|
|
free( action );
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
print_ssl_socket_errors( const char *func, conn_t *conn )
|
|
|
|
{
|
|
|
|
ulong err;
|
|
|
|
int num = 0;
|
|
|
|
|
|
|
|
while ((err = ERR_get_error())) {
|
|
|
|
error( "Socket error: secure %s %s: %s\n", func, conn->name, ERR_error_string( err, 0 ) );
|
|
|
|
num++;
|
|
|
|
}
|
|
|
|
return num;
|
|
|
|
}
|
|
|
|
|
2012-08-25 16:26:23 +00:00
|
|
|
static int
|
|
|
|
ssl_return( const char *func, conn_t *conn, int ret )
|
|
|
|
{
|
2011-01-23 12:43:00 +00:00
|
|
|
int err;
|
|
|
|
|
2012-08-25 16:26:23 +00:00
|
|
|
switch ((err = SSL_get_error( conn->ssl, ret ))) {
|
|
|
|
case SSL_ERROR_NONE:
|
|
|
|
return ret;
|
|
|
|
case SSL_ERROR_WANT_WRITE:
|
2014-11-29 18:15:50 +00:00
|
|
|
conf_notifier( &conn->notify, POLLIN, POLLOUT );
|
2017-10-01 08:04:00 +00:00
|
|
|
FALLTHROUGH
|
2012-08-25 16:26:23 +00:00
|
|
|
case SSL_ERROR_WANT_READ:
|
|
|
|
return 0;
|
|
|
|
case SSL_ERROR_SSL:
|
2019-07-28 09:35:02 +00:00
|
|
|
print_ssl_socket_errors( func, conn );
|
|
|
|
break;
|
|
|
|
case SSL_ERROR_SYSCALL:
|
|
|
|
if (print_ssl_socket_errors( func, conn ))
|
|
|
|
break;
|
|
|
|
if (ret == 0) {
|
2015-02-15 11:19:47 +00:00
|
|
|
case SSL_ERROR_ZERO_RETURN:
|
2019-07-28 09:35:02 +00:00
|
|
|
/* Callers take the short path out, so signal higher layers from here. */
|
|
|
|
conn->state = SCK_EOF;
|
|
|
|
conn->read_callback( conn->callback_aux );
|
|
|
|
return -1;
|
2011-01-23 12:43:00 +00:00
|
|
|
}
|
2019-07-28 09:35:02 +00:00
|
|
|
sys_error( "Socket error: secure %s %s", func, conn->name );
|
2012-08-25 16:26:23 +00:00
|
|
|
break;
|
|
|
|
default:
|
2011-04-10 13:32:25 +00:00
|
|
|
error( "Socket error: secure %s %s: unhandled SSL error %d\n", func, conn->name, err );
|
2012-08-25 16:26:23 +00:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
if (conn->state == SCK_STARTTLS)
|
|
|
|
conn->callbacks.starttls( 0, conn->callback_aux );
|
2011-01-23 12:43:00 +00:00
|
|
|
else
|
2012-08-25 16:26:23 +00:00
|
|
|
socket_fail( conn );
|
|
|
|
return -1;
|
2011-01-23 12:43:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Some of this code is inspired by / lifted from mutt. */
|
|
|
|
|
2013-02-03 16:34:15 +00:00
|
|
|
static int
|
|
|
|
host_matches( const char *host, const char *pattern )
|
|
|
|
{
|
|
|
|
if (pattern[0] == '*' && pattern[1] == '.') {
|
|
|
|
pattern += 2;
|
|
|
|
if (!(host = strchr( host, '.' )))
|
|
|
|
return 0;
|
|
|
|
host++;
|
|
|
|
}
|
|
|
|
|
|
|
|
return *host && *pattern && !strcasecmp( host, pattern );
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
verify_hostname( X509 *cert, const char *hostname )
|
|
|
|
{
|
|
|
|
int i, len, found;
|
|
|
|
X509_NAME *subj;
|
|
|
|
STACK_OF(GENERAL_NAME) *subj_alt_names;
|
|
|
|
char cname[1000];
|
|
|
|
|
|
|
|
/* try the DNS subjectAltNames */
|
|
|
|
found = 0;
|
|
|
|
if ((subj_alt_names = X509_get_ext_d2i( cert, NID_subject_alt_name, NULL, NULL ))) {
|
|
|
|
int num_subj_alt_names = sk_GENERAL_NAME_num( subj_alt_names );
|
|
|
|
for (i = 0; i < num_subj_alt_names; i++) {
|
|
|
|
GENERAL_NAME *subj_alt_name = sk_GENERAL_NAME_value( subj_alt_names, i );
|
|
|
|
if (subj_alt_name->type == GEN_DNS &&
|
|
|
|
strlen( (const char *)subj_alt_name->d.ia5->data ) == (size_t)subj_alt_name->d.ia5->length &&
|
|
|
|
host_matches( hostname, (const char *)(subj_alt_name->d.ia5->data) ))
|
|
|
|
{
|
|
|
|
found = 1;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
sk_GENERAL_NAME_pop_free( subj_alt_names, GENERAL_NAME_free );
|
|
|
|
}
|
|
|
|
if (found)
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
/* try the common name */
|
|
|
|
if (!(subj = X509_get_subject_name( cert ))) {
|
|
|
|
error( "Error, cannot get certificate subject\n" );
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
if ((len = X509_NAME_get_text_by_NID( subj, NID_commonName, cname, sizeof(cname) )) < 0) {
|
|
|
|
error( "Error, cannot get certificate common name\n" );
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
if (strlen( cname ) == (size_t)len && host_matches( hostname, cname ))
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
error( "Error, certificate owner does not match hostname %s\n", hostname );
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
2011-01-23 12:43:00 +00:00
|
|
|
static int
|
2013-03-17 11:41:47 +00:00
|
|
|
verify_cert_host( const server_conf_t *conf, conn_t *sock )
|
2011-01-23 12:43:00 +00:00
|
|
|
{
|
2015-01-11 13:32:15 +00:00
|
|
|
int i;
|
2014-07-27 13:12:37 +00:00
|
|
|
long err;
|
2013-03-17 11:41:47 +00:00
|
|
|
X509 *cert;
|
2014-07-27 13:12:37 +00:00
|
|
|
STACK_OF(X509_OBJECT) *trusted;
|
2011-01-23 12:43:00 +00:00
|
|
|
|
2013-03-17 11:41:47 +00:00
|
|
|
cert = SSL_get_peer_certificate( sock->ssl );
|
2011-01-23 12:43:00 +00:00
|
|
|
if (!cert) {
|
|
|
|
error( "Error, no server certificate\n" );
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
2015-01-11 13:32:15 +00:00
|
|
|
trusted = (STACK_OF(X509_OBJECT) *)sock->conf->trusted_certs;
|
|
|
|
for (i = 0; i < sk_X509_OBJECT_num( trusted ); i++) {
|
2019-07-28 09:46:43 +00:00
|
|
|
if (!X509_cmp( cert, X509_OBJECT_get0_X509( sk_X509_OBJECT_value( trusted, i ) ) )) {
|
|
|
|
X509_free( cert );
|
2014-07-27 13:12:37 +00:00
|
|
|
return 0;
|
2019-07-28 09:46:43 +00:00
|
|
|
}
|
2014-07-27 13:12:37 +00:00
|
|
|
}
|
2013-02-03 16:34:15 +00:00
|
|
|
|
2014-07-27 13:12:37 +00:00
|
|
|
err = SSL_get_verify_result( sock->ssl );
|
|
|
|
if (err != X509_V_OK) {
|
2016-05-21 11:08:09 +00:00
|
|
|
error( "SSL error connecting %s: %s\n", sock->name, X509_verify_cert_error_string( err ) );
|
2019-07-28 09:46:43 +00:00
|
|
|
X509_free( cert );
|
2014-07-27 13:12:37 +00:00
|
|
|
return -1;
|
2011-01-23 12:43:00 +00:00
|
|
|
}
|
2014-07-27 13:12:37 +00:00
|
|
|
|
2014-07-27 16:10:26 +00:00
|
|
|
if (!conf->host) {
|
|
|
|
error( "SSL error connecting %s: Neither host nor matching certificate specified\n", sock->name );
|
2019-07-28 09:46:43 +00:00
|
|
|
X509_free( cert );
|
2014-07-27 16:10:26 +00:00
|
|
|
return -1;
|
|
|
|
}
|
2014-07-27 13:12:37 +00:00
|
|
|
|
2019-07-28 09:46:43 +00:00
|
|
|
int ret = verify_hostname( cert, conf->host );
|
|
|
|
|
|
|
|
X509_free( cert );
|
|
|
|
return ret;
|
2011-01-23 12:43:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
init_ssl_ctx( const server_conf_t *conf )
|
|
|
|
{
|
|
|
|
server_conf_t *mconf = (server_conf_t *)conf;
|
|
|
|
int options = 0;
|
|
|
|
|
2013-03-17 11:41:47 +00:00
|
|
|
if (conf->SSLContext)
|
|
|
|
return conf->ssl_ctx_valid;
|
|
|
|
|
2019-07-28 10:02:30 +00:00
|
|
|
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
|
|
|
const SSL_METHOD *method = TLS_client_method();
|
|
|
|
#else
|
|
|
|
const SSL_METHOD *method = SSLv23_client_method();
|
|
|
|
#endif
|
2019-07-28 10:11:48 +00:00
|
|
|
if (!(mconf->SSLContext = SSL_CTX_new( method ))) {
|
|
|
|
print_ssl_errors( "initializing SSL context" );
|
|
|
|
return 0;
|
|
|
|
}
|
2011-01-23 12:43:00 +00:00
|
|
|
|
2014-07-12 18:35:55 +00:00
|
|
|
if (!(conf->ssl_versions & SSLv3))
|
2011-01-23 12:43:00 +00:00
|
|
|
options |= SSL_OP_NO_SSLv3;
|
2014-07-12 18:35:55 +00:00
|
|
|
if (!(conf->ssl_versions & TLSv1))
|
2011-01-23 12:43:00 +00:00
|
|
|
options |= SSL_OP_NO_TLSv1;
|
2013-02-03 16:47:05 +00:00
|
|
|
#ifdef SSL_OP_NO_TLSv1_1
|
2014-07-12 18:35:55 +00:00
|
|
|
if (!(conf->ssl_versions & TLSv1_1))
|
2013-02-03 16:47:05 +00:00
|
|
|
options |= SSL_OP_NO_TLSv1_1;
|
|
|
|
#endif
|
|
|
|
#ifdef SSL_OP_NO_TLSv1_2
|
2014-07-12 18:35:55 +00:00
|
|
|
if (!(conf->ssl_versions & TLSv1_2))
|
2013-02-03 16:47:05 +00:00
|
|
|
options |= SSL_OP_NO_TLSv1_2;
|
|
|
|
#endif
|
2019-11-26 15:05:46 +00:00
|
|
|
#ifdef SSL_OP_NO_TLSv1_3
|
|
|
|
if (!(conf->ssl_versions & TLSv1_3))
|
|
|
|
options |= SSL_OP_NO_TLSv1_3;
|
|
|
|
#endif
|
2011-01-23 12:43:00 +00:00
|
|
|
|
|
|
|
SSL_CTX_set_options( mconf->SSLContext, options );
|
|
|
|
|
2019-11-09 18:47:55 +00:00
|
|
|
if (conf->cipher_string && !SSL_CTX_set_cipher_list( mconf->SSLContext, conf->cipher_string )) {
|
|
|
|
print_ssl_errors( "setting cipher string '%s'", conf->cipher_string );
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2013-03-17 11:41:47 +00:00
|
|
|
if (conf->cert_file && !SSL_CTX_load_verify_locations( mconf->SSLContext, conf->cert_file, 0 )) {
|
2019-07-28 09:35:02 +00:00
|
|
|
print_ssl_errors( "loading certificate file '%s'", conf->cert_file );
|
2013-03-17 11:41:47 +00:00
|
|
|
return 0;
|
|
|
|
}
|
2016-07-24 09:58:57 +00:00
|
|
|
mconf->trusted_certs = (_STACK *)sk_X509_OBJECT_dup( X509_STORE_get0_objects( SSL_CTX_get_cert_store( mconf->SSLContext ) ) );
|
2019-07-28 09:35:02 +00:00
|
|
|
if (mconf->system_certs && !SSL_CTX_set_default_verify_paths( mconf->SSLContext )) {
|
|
|
|
ulong err;
|
|
|
|
while ((err = ERR_get_error()))
|
|
|
|
warn( "Warning: Unable to load default certificate files: %s\n", ERR_error_string( err, 0 ) );
|
|
|
|
}
|
2013-03-17 11:41:47 +00:00
|
|
|
|
2014-07-27 13:12:37 +00:00
|
|
|
SSL_CTX_set_verify( mconf->SSLContext, SSL_VERIFY_NONE, NULL );
|
2013-03-17 11:41:47 +00:00
|
|
|
|
2015-08-08 17:45:53 +00:00
|
|
|
if (conf->client_certfile && !SSL_CTX_use_certificate_chain_file( mconf->SSLContext, conf->client_certfile)) {
|
2019-07-28 09:35:02 +00:00
|
|
|
print_ssl_errors( "loading client certificate file '%s'", conf->client_certfile );
|
2015-08-08 17:45:53 +00:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
if (conf->client_keyfile && !SSL_CTX_use_PrivateKey_file( mconf->SSLContext, conf->client_keyfile, SSL_FILETYPE_PEM)) {
|
2019-07-28 09:35:02 +00:00
|
|
|
print_ssl_errors( "loading client private key '%s'", conf->client_keyfile );
|
2015-08-08 17:45:53 +00:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2013-03-17 11:41:47 +00:00
|
|
|
mconf->ssl_ctx_valid = 1;
|
|
|
|
return 1;
|
2011-01-23 12:43:00 +00:00
|
|
|
}
|
|
|
|
|
2012-08-25 16:26:23 +00:00
|
|
|
static void start_tls_p2( conn_t * );
|
|
|
|
static void start_tls_p3( conn_t *, int );
|
2014-11-30 18:44:41 +00:00
|
|
|
static void ssl_fake_cb( void * );
|
2012-08-25 16:26:23 +00:00
|
|
|
|
|
|
|
void
|
|
|
|
socket_start_tls( conn_t *conn, void (*cb)( int ok, void *aux ) )
|
2011-01-23 12:43:00 +00:00
|
|
|
{
|
|
|
|
static int ssl_inited;
|
|
|
|
|
2012-08-25 16:26:23 +00:00
|
|
|
conn->callbacks.starttls = cb;
|
2019-07-28 11:36:15 +00:00
|
|
|
conn->state = SCK_STARTTLS;
|
2012-08-25 16:26:23 +00:00
|
|
|
|
2011-01-23 12:43:00 +00:00
|
|
|
if (!ssl_inited) {
|
|
|
|
SSL_library_init();
|
|
|
|
SSL_load_error_strings();
|
|
|
|
ssl_inited = 1;
|
|
|
|
}
|
|
|
|
|
2013-03-17 11:41:47 +00:00
|
|
|
if (!init_ssl_ctx( conn->conf )) {
|
2012-08-25 16:26:23 +00:00
|
|
|
start_tls_p3( conn, 0 );
|
|
|
|
return;
|
2011-01-23 12:43:00 +00:00
|
|
|
}
|
|
|
|
|
2014-11-30 18:44:41 +00:00
|
|
|
init_wakeup( &conn->ssl_fake, ssl_fake_cb, conn );
|
2019-07-28 10:11:48 +00:00
|
|
|
if (!(conn->ssl = SSL_new( ((server_conf_t *)conn->conf)->SSLContext ))) {
|
|
|
|
print_ssl_errors( "initializing SSL connection" );
|
|
|
|
start_tls_p3( conn, 0 );
|
|
|
|
return;
|
|
|
|
}
|
2019-07-28 11:33:12 +00:00
|
|
|
if (!SSL_set_tlsext_host_name( conn->ssl, conn->conf->host )) {
|
|
|
|
print_ssl_errors( "setting SSL server host name" );
|
|
|
|
start_tls_p3( conn, 0 );
|
2018-09-08 16:36:16 +00:00
|
|
|
return;
|
2019-07-28 11:33:12 +00:00
|
|
|
}
|
2019-07-28 10:11:48 +00:00
|
|
|
if (!SSL_set_fd( conn->ssl, conn->fd )) {
|
|
|
|
print_ssl_errors( "setting SSL socket fd" );
|
|
|
|
start_tls_p3( conn, 0 );
|
|
|
|
return;
|
|
|
|
}
|
2012-08-25 16:26:23 +00:00
|
|
|
SSL_set_mode( conn->ssl, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER );
|
2019-11-16 16:14:57 +00:00
|
|
|
socket_expect_activity( conn, 1 );
|
2012-08-25 16:26:23 +00:00
|
|
|
start_tls_p2( conn );
|
|
|
|
}
|
2011-01-23 12:43:00 +00:00
|
|
|
|
2012-08-25 16:26:23 +00:00
|
|
|
static void
|
|
|
|
start_tls_p2( conn_t *conn )
|
|
|
|
{
|
2013-03-17 13:32:06 +00:00
|
|
|
if (ssl_return( "connect to", conn, SSL_connect( conn->ssl ) ) > 0) {
|
2013-03-17 11:41:47 +00:00
|
|
|
if (verify_cert_host( conn->conf, conn )) {
|
2012-08-25 16:26:23 +00:00
|
|
|
start_tls_p3( conn, 0 );
|
|
|
|
} else {
|
|
|
|
info( "Connection is now encrypted\n" );
|
|
|
|
start_tls_p3( conn, 1 );
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static void start_tls_p3( conn_t *conn, int ok )
|
|
|
|
{
|
2019-11-16 16:14:57 +00:00
|
|
|
socket_expect_activity( conn, 0 );
|
2012-08-25 16:26:23 +00:00
|
|
|
conn->state = SCK_READY;
|
|
|
|
conn->callbacks.starttls( ok, conn->callback_aux );
|
2011-01-23 12:43:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
#endif /* HAVE_LIBSSL */
|
|
|
|
|
2014-12-13 11:09:15 +00:00
|
|
|
#ifdef HAVE_LIBZ
|
|
|
|
|
|
|
|
static void z_fake_cb( void * );
|
|
|
|
|
2017-07-30 11:47:51 +00:00
|
|
|
static const char *
|
|
|
|
z_err_msg( int code, z_streamp strm )
|
|
|
|
{
|
|
|
|
/* zlib's consistency in populating z_stream->msg is somewhat
|
|
|
|
* less than stellar. zError() is undocumented. */
|
|
|
|
return strm->msg ? strm->msg : zError( code );
|
|
|
|
}
|
|
|
|
|
2014-12-13 11:09:15 +00:00
|
|
|
void
|
|
|
|
socket_start_deflate( conn_t *conn )
|
|
|
|
{
|
|
|
|
int result;
|
|
|
|
|
|
|
|
conn->in_z = nfcalloc( sizeof(*conn->in_z) );
|
|
|
|
result = inflateInit2(
|
|
|
|
conn->in_z,
|
|
|
|
-15 /* Use raw deflate */
|
|
|
|
);
|
|
|
|
if (result != Z_OK) {
|
2017-07-30 11:47:51 +00:00
|
|
|
error( "Fatal: Cannot initialize decompression: %s\n", z_err_msg( result, conn->in_z ) );
|
2014-12-13 11:09:15 +00:00
|
|
|
abort();
|
|
|
|
}
|
|
|
|
|
|
|
|
conn->out_z = nfcalloc( sizeof(*conn->out_z) );
|
|
|
|
result = deflateInit2(
|
|
|
|
conn->out_z,
|
|
|
|
Z_DEFAULT_COMPRESSION, /* Compression level */
|
|
|
|
Z_DEFLATED, /* Only valid value */
|
|
|
|
-15, /* Use raw deflate */
|
|
|
|
8, /* Default memory usage */
|
|
|
|
Z_DEFAULT_STRATEGY /* Don't try to do anything fancy */
|
|
|
|
);
|
|
|
|
if (result != Z_OK) {
|
2017-07-30 11:47:51 +00:00
|
|
|
error( "Fatal: Cannot initialize compression: %s\n", z_err_msg( result, conn->out_z ) );
|
2014-12-13 11:09:15 +00:00
|
|
|
abort();
|
|
|
|
}
|
|
|
|
|
|
|
|
init_wakeup( &conn->z_fake, z_fake_cb, conn );
|
|
|
|
}
|
|
|
|
#endif /* HAVE_LIBZ */
|
|
|
|
|
2012-08-25 16:26:23 +00:00
|
|
|
static void socket_fd_cb( int, void * );
|
2014-11-08 14:42:41 +00:00
|
|
|
static void socket_fake_cb( void * );
|
2015-04-06 14:49:33 +00:00
|
|
|
static void socket_timeout_cb( void * );
|
2012-08-25 16:26:23 +00:00
|
|
|
|
2013-09-01 14:32:45 +00:00
|
|
|
static void socket_connect_one( conn_t * );
|
2017-06-21 07:33:20 +00:00
|
|
|
static void socket_connect_next( conn_t * );
|
2013-03-29 16:51:50 +00:00
|
|
|
static void socket_connect_failed( conn_t * );
|
2013-03-29 17:22:40 +00:00
|
|
|
static void socket_connected( conn_t * );
|
2012-08-25 16:26:23 +00:00
|
|
|
static void socket_connect_bail( conn_t * );
|
|
|
|
|
2014-12-07 11:51:01 +00:00
|
|
|
static void
|
|
|
|
socket_open_internal( conn_t *sock, int fd )
|
|
|
|
{
|
|
|
|
sock->fd = fd;
|
|
|
|
fcntl( fd, F_SETFL, O_NONBLOCK );
|
2014-11-29 18:15:50 +00:00
|
|
|
init_notifier( &sock->notify, fd, socket_fd_cb, sock );
|
2014-11-08 14:42:41 +00:00
|
|
|
init_wakeup( &sock->fd_fake, socket_fake_cb, sock );
|
2015-04-06 14:49:33 +00:00
|
|
|
init_wakeup( &sock->fd_timeout, socket_timeout_cb, sock );
|
2014-12-07 11:51:01 +00:00
|
|
|
}
|
|
|
|
|
2012-08-25 16:26:23 +00:00
|
|
|
static void
|
|
|
|
socket_close_internal( conn_t *sock )
|
|
|
|
{
|
2014-11-29 18:15:50 +00:00
|
|
|
wipe_notifier( &sock->notify );
|
2014-11-08 14:42:41 +00:00
|
|
|
wipe_wakeup( &sock->fd_fake );
|
2015-04-06 14:49:33 +00:00
|
|
|
wipe_wakeup( &sock->fd_timeout );
|
2012-08-25 16:26:23 +00:00
|
|
|
close( sock->fd );
|
|
|
|
sock->fd = -1;
|
|
|
|
}
|
|
|
|
|
2020-07-27 20:48:41 +00:00
|
|
|
#ifndef HAVE_IPV6
|
|
|
|
struct addr_info {
|
|
|
|
struct addr_info *ai_next;
|
|
|
|
struct sockaddr_in ai_addr[1];
|
|
|
|
};
|
|
|
|
|
|
|
|
#define freeaddrinfo(ai) free( ai )
|
|
|
|
|
|
|
|
static struct addr_info *
|
|
|
|
init_addrinfo( struct hostent *he )
|
|
|
|
{
|
|
|
|
uint naddr = 0;
|
|
|
|
for (char **addr = he->h_addr_list; *addr; addr++)
|
|
|
|
naddr++;
|
|
|
|
struct addr_info *caddr = nfcalloc( naddr * sizeof(struct addrinfo) );
|
|
|
|
struct addr_info *ret, **caddrp = &ret;
|
|
|
|
for (char **addr = he->h_addr_list; *addr; addr++, caddr++) {
|
|
|
|
caddr->ai_addr->sin_family = AF_INET;
|
|
|
|
memcpy( &caddr->ai_addr->sin_addr.s_addr, *addr, sizeof(struct in_addr) );
|
|
|
|
*caddrp = caddr;
|
|
|
|
caddrp = &caddr->ai_next;
|
|
|
|
}
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2012-08-25 16:26:23 +00:00
|
|
|
void
|
|
|
|
socket_connect( conn_t *sock, void (*cb)( int ok, void *aux ) )
|
2011-01-23 12:43:00 +00:00
|
|
|
{
|
2012-08-25 16:26:23 +00:00
|
|
|
const server_conf_t *conf = sock->conf;
|
2011-01-23 12:43:00 +00:00
|
|
|
|
2012-08-25 16:26:23 +00:00
|
|
|
sock->callbacks.connect = cb;
|
|
|
|
|
2014-07-06 08:06:40 +00:00
|
|
|
/* open connection to server */
|
2011-01-23 12:43:00 +00:00
|
|
|
if (conf->tunnel) {
|
2013-09-01 14:32:45 +00:00
|
|
|
int a[2];
|
|
|
|
|
2011-04-10 13:32:25 +00:00
|
|
|
nfasprintf( &sock->name, "tunnel '%s'", conf->tunnel );
|
|
|
|
infon( "Starting %s... ", sock->name );
|
2011-01-23 12:43:00 +00:00
|
|
|
|
|
|
|
if (socketpair( PF_UNIX, SOCK_STREAM, 0, a )) {
|
|
|
|
perror( "socketpair" );
|
|
|
|
exit( 1 );
|
|
|
|
}
|
|
|
|
|
|
|
|
if (fork() == 0) {
|
|
|
|
if (dup2( a[0], 0 ) == -1 || dup2( a[0], 1 ) == -1)
|
|
|
|
_exit( 127 );
|
|
|
|
close( a[0] );
|
|
|
|
close( a[1] );
|
|
|
|
execl( "/bin/sh", "sh", "-c", conf->tunnel, (char *)0 );
|
|
|
|
_exit( 127 );
|
|
|
|
}
|
|
|
|
|
|
|
|
close( a[0] );
|
2014-12-07 11:51:01 +00:00
|
|
|
socket_open_internal( sock, a[1] );
|
2012-08-25 16:26:23 +00:00
|
|
|
|
2013-09-01 14:32:45 +00:00
|
|
|
info( "\vok\n" );
|
|
|
|
socket_connected( sock );
|
2011-01-23 12:43:00 +00:00
|
|
|
} else {
|
2013-09-01 15:35:31 +00:00
|
|
|
#ifdef HAVE_IPV6
|
|
|
|
int gaierr;
|
|
|
|
struct addrinfo hints;
|
|
|
|
|
|
|
|
memset( &hints, 0, sizeof(hints) );
|
|
|
|
hints.ai_family = AF_UNSPEC;
|
|
|
|
hints.ai_socktype = SOCK_STREAM;
|
2014-02-02 11:24:34 +00:00
|
|
|
hints.ai_flags = AI_ADDRCONFIG;
|
2013-09-01 15:35:31 +00:00
|
|
|
infon( "Resolving %s... ", conf->host );
|
|
|
|
if ((gaierr = getaddrinfo( conf->host, NULL, &hints, &sock->addrs ))) {
|
2014-07-06 08:06:40 +00:00
|
|
|
error( "Error: Cannot resolve server '%s': %s\n", conf->host, gai_strerror( gaierr ) );
|
2013-09-01 15:35:31 +00:00
|
|
|
socket_connect_bail( sock );
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
info( "\vok\n" );
|
|
|
|
#else
|
2013-09-01 14:32:45 +00:00
|
|
|
struct hostent *he;
|
2011-01-23 12:43:00 +00:00
|
|
|
|
|
|
|
infon( "Resolving %s... ", conf->host );
|
|
|
|
he = gethostbyname( conf->host );
|
|
|
|
if (!he) {
|
2014-07-06 08:06:40 +00:00
|
|
|
error( "Error: Cannot resolve server '%s': %s\n", conf->host, hstrerror( h_errno ) );
|
2013-03-29 16:51:50 +00:00
|
|
|
socket_connect_bail( sock );
|
|
|
|
return;
|
2011-01-23 12:43:00 +00:00
|
|
|
}
|
2012-09-01 15:21:32 +00:00
|
|
|
info( "\vok\n" );
|
2011-01-23 12:43:00 +00:00
|
|
|
|
2020-07-27 20:48:41 +00:00
|
|
|
sock->addrs = init_addrinfo( he );
|
2013-09-01 15:35:31 +00:00
|
|
|
#endif
|
2020-07-27 20:48:41 +00:00
|
|
|
sock->curr_addr = sock->addrs;
|
2013-09-01 14:32:45 +00:00
|
|
|
socket_connect_one( sock );
|
|
|
|
}
|
|
|
|
}
|
2011-01-23 12:43:00 +00:00
|
|
|
|
2013-09-01 14:32:45 +00:00
|
|
|
static void
|
|
|
|
socket_connect_one( conn_t *sock )
|
|
|
|
{
|
|
|
|
int s;
|
2013-09-01 15:35:31 +00:00
|
|
|
#ifdef HAVE_IPV6
|
|
|
|
struct addrinfo *ai;
|
|
|
|
#else
|
2020-07-27 20:48:41 +00:00
|
|
|
struct addr_info *ai;
|
2013-09-01 15:35:31 +00:00
|
|
|
#endif
|
2013-09-01 14:32:45 +00:00
|
|
|
|
2013-09-01 15:35:31 +00:00
|
|
|
if (!(ai = sock->curr_addr)) {
|
2013-09-01 14:32:45 +00:00
|
|
|
error( "No working address found for %s\n", sock->conf->host );
|
|
|
|
socket_connect_bail( sock );
|
|
|
|
return;
|
|
|
|
}
|
2011-01-23 12:43:00 +00:00
|
|
|
|
2013-09-01 15:35:31 +00:00
|
|
|
#ifdef HAVE_IPV6
|
|
|
|
if (ai->ai_family == AF_INET6) {
|
|
|
|
struct sockaddr_in6 *in6 = ((struct sockaddr_in6 *)ai->ai_addr);
|
|
|
|
char sockname[64];
|
2014-07-06 08:06:40 +00:00
|
|
|
in6->sin6_port = htons( sock->conf->port );
|
2013-09-01 15:35:31 +00:00
|
|
|
nfasprintf( &sock->name, "%s ([%s]:%hu)",
|
2014-07-06 08:06:40 +00:00
|
|
|
sock->conf->host, inet_ntop( AF_INET6, &in6->sin6_addr, sockname, sizeof(sockname) ), sock->conf->port );
|
2013-09-01 15:35:31 +00:00
|
|
|
} else
|
|
|
|
#endif
|
2013-09-01 14:32:45 +00:00
|
|
|
{
|
|
|
|
struct sockaddr_in *in = ((struct sockaddr_in *)ai->ai_addr);
|
2014-07-06 08:06:40 +00:00
|
|
|
in->sin_port = htons( sock->conf->port );
|
2011-04-10 13:32:25 +00:00
|
|
|
nfasprintf( &sock->name, "%s (%s:%hu)",
|
2014-07-06 08:06:40 +00:00
|
|
|
sock->conf->host, inet_ntoa( in->sin_addr ), sock->conf->port );
|
2013-09-01 14:32:45 +00:00
|
|
|
}
|
|
|
|
|
2013-09-01 15:35:31 +00:00
|
|
|
#ifdef HAVE_IPV6
|
|
|
|
s = socket( ai->ai_family, SOCK_STREAM, 0 );
|
|
|
|
#else
|
2013-09-01 14:32:45 +00:00
|
|
|
s = socket( PF_INET, SOCK_STREAM, 0 );
|
2013-09-01 15:35:31 +00:00
|
|
|
#endif
|
2013-09-01 14:32:45 +00:00
|
|
|
if (s < 0) {
|
2017-06-21 07:33:20 +00:00
|
|
|
socket_connect_next( sock );
|
|
|
|
return;
|
2013-09-01 14:32:45 +00:00
|
|
|
}
|
2014-12-07 11:51:01 +00:00
|
|
|
socket_open_internal( sock, s );
|
2013-09-01 14:32:45 +00:00
|
|
|
|
|
|
|
infon( "Connecting to %s... ", sock->name );
|
2013-09-01 15:35:31 +00:00
|
|
|
#ifdef HAVE_IPV6
|
|
|
|
if (connect( s, ai->ai_addr, ai->ai_addrlen )) {
|
|
|
|
#else
|
2013-09-01 14:32:45 +00:00
|
|
|
if (connect( s, ai->ai_addr, sizeof(*ai->ai_addr) )) {
|
2013-09-01 15:35:31 +00:00
|
|
|
#endif
|
2013-09-01 14:32:45 +00:00
|
|
|
if (errno != EINPROGRESS) {
|
|
|
|
socket_connect_failed( sock );
|
2012-08-25 16:26:23 +00:00
|
|
|
return;
|
2011-01-23 12:43:00 +00:00
|
|
|
}
|
2014-11-29 18:15:50 +00:00
|
|
|
conf_notifier( &sock->notify, 0, POLLOUT );
|
2019-11-16 16:14:57 +00:00
|
|
|
socket_expect_activity( sock, 1 );
|
2013-09-01 14:32:45 +00:00
|
|
|
sock->state = SCK_CONNECTING;
|
|
|
|
info( "\v\n" );
|
|
|
|
return;
|
2011-01-23 12:43:00 +00:00
|
|
|
}
|
2012-09-01 15:21:32 +00:00
|
|
|
info( "\vok\n" );
|
2013-03-29 17:22:40 +00:00
|
|
|
socket_connected( sock );
|
2013-03-29 16:51:50 +00:00
|
|
|
}
|
2012-08-25 16:26:23 +00:00
|
|
|
|
2013-03-29 16:51:50 +00:00
|
|
|
static void
|
2017-06-21 07:33:20 +00:00
|
|
|
socket_connect_next( conn_t *conn )
|
2013-03-29 16:51:50 +00:00
|
|
|
{
|
|
|
|
sys_error( "Cannot connect to %s", conn->name );
|
2013-09-01 14:32:45 +00:00
|
|
|
free( conn->name );
|
|
|
|
conn->name = 0;
|
2013-09-01 15:35:31 +00:00
|
|
|
conn->curr_addr = conn->curr_addr->ai_next;
|
2013-09-01 14:32:45 +00:00
|
|
|
socket_connect_one( conn );
|
2012-08-25 16:26:23 +00:00
|
|
|
}
|
|
|
|
|
2017-06-21 07:33:20 +00:00
|
|
|
static void
|
|
|
|
socket_connect_failed( conn_t *conn )
|
|
|
|
{
|
|
|
|
socket_close_internal( conn );
|
|
|
|
socket_connect_next( conn );
|
|
|
|
}
|
|
|
|
|
2012-08-25 16:26:23 +00:00
|
|
|
static void
|
|
|
|
socket_connected( conn_t *conn )
|
|
|
|
{
|
2019-08-18 08:38:48 +00:00
|
|
|
if (conn->addrs) {
|
|
|
|
freeaddrinfo( conn->addrs );
|
|
|
|
conn->addrs = 0;
|
|
|
|
}
|
2014-11-29 18:15:50 +00:00
|
|
|
conf_notifier( &conn->notify, 0, POLLIN );
|
2019-11-16 16:14:57 +00:00
|
|
|
socket_expect_activity( conn, 0 );
|
2012-08-25 16:26:23 +00:00
|
|
|
conn->state = SCK_READY;
|
|
|
|
conn->callbacks.connect( 1, conn->callback_aux );
|
2011-01-23 12:43:00 +00:00
|
|
|
}
|
|
|
|
|
2012-08-25 16:26:23 +00:00
|
|
|
static void
|
2015-09-06 19:02:23 +00:00
|
|
|
socket_cleanup_names( conn_t *conn )
|
2012-08-25 16:26:23 +00:00
|
|
|
{
|
2015-09-06 19:02:23 +00:00
|
|
|
if (conn->addrs) {
|
|
|
|
freeaddrinfo( conn->addrs );
|
|
|
|
conn->addrs = 0;
|
|
|
|
}
|
2011-04-10 13:32:25 +00:00
|
|
|
free( conn->name );
|
|
|
|
conn->name = 0;
|
2015-09-06 19:02:23 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
socket_connect_bail( conn_t *conn )
|
|
|
|
{
|
|
|
|
socket_cleanup_names( conn );
|
2012-08-25 16:26:23 +00:00
|
|
|
conn->callbacks.connect( 0, conn->callback_aux );
|
|
|
|
}
|
|
|
|
|
|
|
|
static void dispose_chunk( conn_t *conn );
|
|
|
|
|
2011-01-23 12:43:00 +00:00
|
|
|
void
|
2011-01-23 13:06:03 +00:00
|
|
|
socket_close( conn_t *sock )
|
2011-01-23 12:43:00 +00:00
|
|
|
{
|
2012-08-25 16:26:23 +00:00
|
|
|
if (sock->fd >= 0)
|
|
|
|
socket_close_internal( sock );
|
2015-09-06 19:02:23 +00:00
|
|
|
socket_cleanup_names( sock );
|
2011-01-23 12:43:00 +00:00
|
|
|
#ifdef HAVE_LIBSSL
|
|
|
|
if (sock->ssl) {
|
|
|
|
SSL_free( sock->ssl );
|
|
|
|
sock->ssl = 0;
|
2014-11-30 18:44:41 +00:00
|
|
|
wipe_wakeup( &sock->ssl_fake );
|
2011-01-23 12:43:00 +00:00
|
|
|
}
|
2014-12-13 11:09:15 +00:00
|
|
|
#endif
|
|
|
|
#ifdef HAVE_LIBZ
|
|
|
|
if (sock->in_z) {
|
|
|
|
inflateEnd( sock->in_z );
|
|
|
|
free( sock->in_z );
|
|
|
|
sock->in_z = 0;
|
|
|
|
deflateEnd( sock->out_z );
|
|
|
|
free( sock->out_z );
|
|
|
|
sock->out_z = 0;
|
|
|
|
wipe_wakeup( &sock->z_fake );
|
|
|
|
}
|
2011-01-23 12:43:00 +00:00
|
|
|
#endif
|
2012-08-25 16:26:23 +00:00
|
|
|
while (sock->write_buf)
|
|
|
|
dispose_chunk( sock );
|
2014-11-08 14:42:41 +00:00
|
|
|
free( sock->append_buf );
|
|
|
|
sock->append_buf = 0;
|
2011-01-23 12:43:00 +00:00
|
|
|
}
|
|
|
|
|
2014-12-13 11:09:15 +00:00
|
|
|
static int
|
|
|
|
prepare_read( conn_t *sock, char **buf, int *len )
|
2011-01-23 12:43:00 +00:00
|
|
|
{
|
2011-04-03 16:47:37 +00:00
|
|
|
int n = sock->offset + sock->bytes;
|
2014-12-13 11:09:15 +00:00
|
|
|
if (!(*len = sizeof(sock->buf) - n)) {
|
2011-04-03 16:47:37 +00:00
|
|
|
error( "Socket error: receive buffer full. Probably protocol error.\n" );
|
2011-03-27 14:50:32 +00:00
|
|
|
socket_fail( sock );
|
2014-12-13 11:09:15 +00:00
|
|
|
return -1;
|
2011-04-03 16:47:37 +00:00
|
|
|
}
|
2014-12-13 11:09:15 +00:00
|
|
|
*buf = sock->buf + n;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
do_read( conn_t *sock, char *buf, int len )
|
|
|
|
{
|
|
|
|
int n;
|
|
|
|
|
2011-01-23 12:43:00 +00:00
|
|
|
assert( sock->fd >= 0 );
|
|
|
|
#ifdef HAVE_LIBSSL
|
2012-08-25 16:26:23 +00:00
|
|
|
if (sock->ssl) {
|
2011-04-10 13:32:25 +00:00
|
|
|
if ((n = ssl_return( "read from", sock, SSL_read( sock->ssl, buf, len ) )) <= 0)
|
2014-12-13 11:09:15 +00:00
|
|
|
return n;
|
|
|
|
|
2012-08-25 16:26:23 +00:00
|
|
|
if (n == len && SSL_pending( sock->ssl ))
|
2014-11-30 18:44:41 +00:00
|
|
|
conf_wakeup( &sock->ssl_fake, 0 );
|
2012-08-25 16:26:23 +00:00
|
|
|
} else
|
2011-01-23 12:43:00 +00:00
|
|
|
#endif
|
2012-08-25 16:26:23 +00:00
|
|
|
{
|
|
|
|
if ((n = read( sock->fd, buf, len )) < 0) {
|
2011-04-10 13:32:25 +00:00
|
|
|
sys_error( "Socket error: read from %s", sock->name );
|
2012-08-25 16:26:23 +00:00
|
|
|
socket_fail( sock );
|
|
|
|
} else if (!n) {
|
2015-02-15 11:15:46 +00:00
|
|
|
/* EOF. Callers take the short path out, so signal higher layers from here. */
|
|
|
|
sock->state = SCK_EOF;
|
|
|
|
sock->read_callback( sock->callback_aux );
|
2012-08-25 16:26:23 +00:00
|
|
|
}
|
2011-01-23 12:43:00 +00:00
|
|
|
}
|
2014-12-13 11:09:15 +00:00
|
|
|
|
|
|
|
return n;
|
|
|
|
}
|
|
|
|
|
|
|
|
#ifdef HAVE_LIBZ
|
|
|
|
static void
|
|
|
|
socket_fill_z( conn_t *sock )
|
|
|
|
{
|
|
|
|
char *buf;
|
2015-02-14 12:30:14 +00:00
|
|
|
int len, ret;
|
2014-12-13 11:09:15 +00:00
|
|
|
|
|
|
|
if (prepare_read( sock, &buf, &len ) < 0)
|
|
|
|
return;
|
|
|
|
|
|
|
|
sock->in_z->avail_out = len;
|
|
|
|
sock->in_z->next_out = (unsigned char *)buf;
|
|
|
|
|
2015-02-14 12:30:14 +00:00
|
|
|
ret = inflate( sock->in_z, Z_SYNC_FLUSH );
|
2017-07-30 16:37:58 +00:00
|
|
|
/* Z_BUF_ERROR happens here when the previous call both consumed
|
|
|
|
* all input and exactly filled up the output buffer. */
|
|
|
|
if (ret != Z_OK && ret != Z_BUF_ERROR && ret != Z_STREAM_END) {
|
2017-07-30 11:47:51 +00:00
|
|
|
error( "Error decompressing data from %s: %s\n", sock->name, z_err_msg( ret, sock->in_z ) );
|
2014-12-13 11:09:15 +00:00
|
|
|
socket_fail( sock );
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!sock->in_z->avail_out)
|
|
|
|
conf_wakeup( &sock->z_fake, 0 );
|
|
|
|
|
|
|
|
if ((len = (char *)sock->in_z->next_out - buf)) {
|
|
|
|
sock->bytes += len;
|
|
|
|
sock->read_callback( sock->callback_aux );
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
|
|
|
static void
|
|
|
|
socket_fill( conn_t *sock )
|
|
|
|
{
|
|
|
|
#ifdef HAVE_LIBZ
|
|
|
|
if (sock->in_z) {
|
2015-02-14 13:03:41 +00:00
|
|
|
int ret;
|
2014-12-13 11:09:15 +00:00
|
|
|
/* The timer will preempt reads until the buffer is empty. */
|
|
|
|
assert( !sock->in_z->avail_in );
|
|
|
|
sock->in_z->next_in = (uchar *)sock->z_buf;
|
2015-02-14 13:03:41 +00:00
|
|
|
if ((ret = do_read( sock, sock->z_buf, sizeof(sock->z_buf) )) <= 0)
|
2014-12-13 11:09:15 +00:00
|
|
|
return;
|
2015-02-14 13:03:41 +00:00
|
|
|
sock->in_z->avail_in = ret;
|
2014-12-13 11:09:15 +00:00
|
|
|
socket_fill_z( sock );
|
|
|
|
} else
|
|
|
|
#endif
|
|
|
|
{
|
|
|
|
char *buf;
|
|
|
|
int len;
|
|
|
|
|
|
|
|
if (prepare_read( sock, &buf, &len ) < 0)
|
|
|
|
return;
|
|
|
|
|
|
|
|
if ((len = do_read( sock, buf, len )) <= 0)
|
|
|
|
return;
|
|
|
|
|
|
|
|
sock->bytes += len;
|
|
|
|
sock->read_callback( sock->callback_aux );
|
|
|
|
}
|
2011-04-03 16:47:37 +00:00
|
|
|
}
|
|
|
|
|
2015-04-06 14:49:33 +00:00
|
|
|
void
|
2019-11-16 16:14:57 +00:00
|
|
|
socket_expect_activity( conn_t *conn, int expect )
|
2015-04-06 14:49:33 +00:00
|
|
|
{
|
|
|
|
if (conn->conf->timeout > 0 && expect != pending_wakeup( &conn->fd_timeout ))
|
|
|
|
conf_wakeup( &conn->fd_timeout, expect ? conn->conf->timeout : -1 );
|
|
|
|
}
|
|
|
|
|
2011-04-03 16:47:37 +00:00
|
|
|
int
|
|
|
|
socket_read( conn_t *conn, char *buf, int len )
|
|
|
|
{
|
|
|
|
int n = conn->bytes;
|
2015-02-15 11:15:46 +00:00
|
|
|
if (!n && conn->state == SCK_EOF)
|
|
|
|
return -1;
|
2011-04-03 16:47:37 +00:00
|
|
|
if (n > len)
|
|
|
|
n = len;
|
|
|
|
memcpy( buf, conn->buf + conn->offset, n );
|
|
|
|
if (!(conn->bytes -= n))
|
|
|
|
conn->offset = 0;
|
|
|
|
else
|
|
|
|
conn->offset += n;
|
2011-01-23 12:43:00 +00:00
|
|
|
return n;
|
|
|
|
}
|
|
|
|
|
2011-04-03 16:47:37 +00:00
|
|
|
char *
|
|
|
|
socket_read_line( conn_t *b )
|
|
|
|
{
|
|
|
|
char *p, *s;
|
|
|
|
int n;
|
|
|
|
|
|
|
|
s = b->buf + b->offset;
|
|
|
|
p = memchr( s + b->scanoff, '\n', b->bytes - b->scanoff );
|
|
|
|
if (!p) {
|
|
|
|
b->scanoff = b->bytes;
|
|
|
|
if (b->offset + b->bytes == sizeof(b->buf)) {
|
|
|
|
memmove( b->buf, b->buf + b->offset, b->bytes );
|
|
|
|
b->offset = 0;
|
|
|
|
}
|
2015-02-15 11:15:46 +00:00
|
|
|
if (b->state == SCK_EOF)
|
|
|
|
return (void *)~0;
|
2011-04-03 16:47:37 +00:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
n = p + 1 - s;
|
|
|
|
b->offset += n;
|
|
|
|
b->bytes -= n;
|
|
|
|
b->scanoff = 0;
|
|
|
|
if (p != s && p[-1] == '\r')
|
|
|
|
p--;
|
|
|
|
*p = 0;
|
|
|
|
return s;
|
|
|
|
}
|
|
|
|
|
2012-08-25 16:26:23 +00:00
|
|
|
static int
|
|
|
|
do_write( conn_t *sock, char *buf, int len )
|
2011-01-23 12:43:00 +00:00
|
|
|
{
|
|
|
|
int n;
|
|
|
|
|
|
|
|
assert( sock->fd >= 0 );
|
|
|
|
#ifdef HAVE_LIBSSL
|
2012-08-25 16:26:23 +00:00
|
|
|
if (sock->ssl)
|
2011-04-10 13:32:25 +00:00
|
|
|
return ssl_return( "write to", sock, SSL_write( sock->ssl, buf, len ) );
|
2011-01-23 12:43:00 +00:00
|
|
|
#endif
|
2012-08-25 16:26:23 +00:00
|
|
|
n = write( sock->fd, buf, len );
|
|
|
|
if (n < 0) {
|
|
|
|
if (errno != EAGAIN && errno != EWOULDBLOCK) {
|
2011-04-10 13:32:25 +00:00
|
|
|
sys_error( "Socket error: write to %s", sock->name );
|
2012-08-25 16:26:23 +00:00
|
|
|
socket_fail( sock );
|
|
|
|
} else {
|
|
|
|
n = 0;
|
2014-11-29 18:15:50 +00:00
|
|
|
conf_notifier( &sock->notify, POLLIN, POLLOUT );
|
2012-08-25 16:26:23 +00:00
|
|
|
}
|
|
|
|
} else if (n != len) {
|
2014-11-29 18:15:50 +00:00
|
|
|
conf_notifier( &sock->notify, POLLIN, POLLOUT );
|
2011-01-23 12:43:00 +00:00
|
|
|
}
|
2012-08-25 16:26:23 +00:00
|
|
|
return n;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
dispose_chunk( conn_t *conn )
|
|
|
|
{
|
|
|
|
buff_chunk_t *bc = conn->write_buf;
|
|
|
|
if (!(conn->write_buf = bc->next))
|
|
|
|
conn->write_buf_append = &conn->write_buf;
|
2015-02-15 17:13:05 +00:00
|
|
|
conn->buffer_mem -= bc->len;
|
2012-08-25 16:26:23 +00:00
|
|
|
free( bc );
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
do_queued_write( conn_t *conn )
|
|
|
|
{
|
|
|
|
buff_chunk_t *bc;
|
|
|
|
|
|
|
|
if (!conn->write_buf)
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
while ((bc = conn->write_buf)) {
|
|
|
|
int n, len = bc->len - conn->write_offset;
|
|
|
|
if ((n = do_write( conn, bc->data + conn->write_offset, len )) < 0)
|
|
|
|
return -1;
|
|
|
|
if (n != len) {
|
|
|
|
conn->write_offset += n;
|
2015-05-09 17:17:41 +00:00
|
|
|
conn->writing = 1;
|
2012-08-25 16:26:23 +00:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
conn->write_offset = 0;
|
|
|
|
dispose_chunk( conn );
|
|
|
|
}
|
|
|
|
#ifdef HAVE_LIBSSL
|
|
|
|
if (conn->ssl && SSL_pending( conn->ssl ))
|
2014-11-30 18:44:41 +00:00
|
|
|
conf_wakeup( &conn->ssl_fake, 0 );
|
2012-08-25 16:26:23 +00:00
|
|
|
#endif
|
2015-05-09 17:17:41 +00:00
|
|
|
conn->writing = 0;
|
2015-05-09 17:18:40 +00:00
|
|
|
conn->write_callback( conn->callback_aux );
|
|
|
|
return -1;
|
2012-08-25 16:26:23 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
2014-11-08 14:42:41 +00:00
|
|
|
do_append( conn_t *conn, buff_chunk_t *bc )
|
2012-08-25 16:26:23 +00:00
|
|
|
{
|
|
|
|
bc->next = 0;
|
2015-02-15 17:13:05 +00:00
|
|
|
conn->buffer_mem += bc->len;
|
2012-08-25 16:26:23 +00:00
|
|
|
*conn->write_buf_append = bc;
|
|
|
|
conn->write_buf_append = &bc->next;
|
2011-01-23 12:43:00 +00:00
|
|
|
}
|
|
|
|
|
2014-11-08 14:42:41 +00:00
|
|
|
/* This is big enough to avoid excessive chunking, but is
|
|
|
|
* sufficiently small to keep SSL latency low with a slow uplink. */
|
|
|
|
#define WRITE_CHUNK_SIZE 1024
|
|
|
|
|
2014-12-13 11:09:15 +00:00
|
|
|
static void
|
|
|
|
do_flush( conn_t *conn )
|
|
|
|
{
|
|
|
|
buff_chunk_t *bc = conn->append_buf;
|
|
|
|
#ifdef HAVE_LIBZ
|
|
|
|
if (conn->out_z) {
|
|
|
|
int buf_avail = conn->append_avail;
|
2015-05-09 17:17:41 +00:00
|
|
|
if (!conn->z_written)
|
|
|
|
return;
|
2014-12-13 11:09:15 +00:00
|
|
|
do {
|
2017-07-30 11:47:51 +00:00
|
|
|
int ret;
|
2014-12-13 11:09:15 +00:00
|
|
|
if (!bc) {
|
|
|
|
buf_avail = WRITE_CHUNK_SIZE;
|
|
|
|
bc = nfmalloc( offsetof(buff_chunk_t, data) + buf_avail );
|
|
|
|
bc->len = 0;
|
|
|
|
}
|
|
|
|
conn->out_z->next_in = Z_NULL;
|
|
|
|
conn->out_z->avail_in = 0;
|
|
|
|
conn->out_z->next_out = (uchar *)bc->data + bc->len;
|
|
|
|
conn->out_z->avail_out = buf_avail;
|
2017-07-30 16:37:58 +00:00
|
|
|
/* Z_BUF_ERROR cannot happen here, as zlib suppresses the error
|
|
|
|
* both upon increasing the flush level (1st iteration) and upon
|
|
|
|
* a no-op after the output buffer was full (later iterations). */
|
2017-07-30 11:47:51 +00:00
|
|
|
if ((ret = deflate( conn->out_z, Z_PARTIAL_FLUSH )) != Z_OK) {
|
|
|
|
error( "Fatal: Compression error: %s\n", z_err_msg( ret, conn->out_z ) );
|
2014-12-13 11:09:15 +00:00
|
|
|
abort();
|
|
|
|
}
|
|
|
|
bc->len = (char *)conn->out_z->next_out - bc->data;
|
|
|
|
if (bc->len) {
|
|
|
|
do_append( conn, bc );
|
|
|
|
bc = 0;
|
|
|
|
buf_avail = 0;
|
|
|
|
} else {
|
|
|
|
buf_avail = conn->out_z->avail_out;
|
|
|
|
}
|
|
|
|
} while (!conn->out_z->avail_out);
|
|
|
|
conn->append_buf = bc;
|
|
|
|
conn->append_avail = buf_avail;
|
2015-05-09 17:17:41 +00:00
|
|
|
conn->z_written = 0;
|
2014-12-13 11:09:15 +00:00
|
|
|
} else
|
|
|
|
#endif
|
|
|
|
if (bc) {
|
|
|
|
do_append( conn, bc );
|
|
|
|
conn->append_buf = 0;
|
|
|
|
#ifdef HAVE_LIBZ
|
|
|
|
conn->append_avail = 0;
|
|
|
|
#endif
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-05-09 17:17:41 +00:00
|
|
|
void
|
2014-10-26 20:10:25 +00:00
|
|
|
socket_write( conn_t *conn, conn_iovec_t *iov, int iovcnt )
|
2012-08-25 16:26:23 +00:00
|
|
|
{
|
2014-11-08 14:42:41 +00:00
|
|
|
int i, buf_avail, len, offset = 0, total = 0;
|
2015-05-09 17:17:41 +00:00
|
|
|
buff_chunk_t *bc;
|
2014-11-08 14:42:41 +00:00
|
|
|
|
|
|
|
for (i = 0; i < iovcnt; i++)
|
|
|
|
total += iov[i].len;
|
2015-05-09 17:17:41 +00:00
|
|
|
if (total >= WRITE_CHUNK_SIZE) {
|
2014-11-08 14:42:41 +00:00
|
|
|
/* If the new data is too big, queue the pending buffer to avoid latency. */
|
2014-12-13 11:09:15 +00:00
|
|
|
do_flush( conn );
|
2014-11-08 14:42:41 +00:00
|
|
|
}
|
2014-12-13 11:09:15 +00:00
|
|
|
bc = conn->append_buf;
|
|
|
|
#ifdef HAVE_LIBZ
|
|
|
|
buf_avail = conn->append_avail;
|
|
|
|
#endif
|
2014-11-08 14:42:41 +00:00
|
|
|
while (total) {
|
|
|
|
if (!bc) {
|
2014-12-13 11:09:15 +00:00
|
|
|
/* We don't do anything special when compressing, as there is no way to
|
|
|
|
* predict a reasonable output buffer size anyway - deflatePending() does
|
|
|
|
* not account for consumed but not yet compressed input, and adding up
|
|
|
|
* the deflateBound()s would be a tad *too* pessimistic. */
|
2014-11-08 14:42:41 +00:00
|
|
|
buf_avail = total > WRITE_CHUNK_SIZE ? total : WRITE_CHUNK_SIZE;
|
|
|
|
bc = nfmalloc( offsetof(buff_chunk_t, data) + buf_avail );
|
|
|
|
bc->len = 0;
|
2014-12-13 11:09:15 +00:00
|
|
|
#ifndef HAVE_LIBZ
|
2014-10-26 20:10:25 +00:00
|
|
|
} else {
|
2014-11-08 14:42:41 +00:00
|
|
|
/* A pending buffer will always be of standard size - over-sized
|
|
|
|
* buffers are immediately filled and queued. */
|
|
|
|
buf_avail = WRITE_CHUNK_SIZE - bc->len;
|
2014-12-13 11:09:15 +00:00
|
|
|
#endif
|
2014-11-08 14:42:41 +00:00
|
|
|
}
|
|
|
|
while (total) {
|
|
|
|
len = iov->len - offset;
|
2014-12-13 11:09:15 +00:00
|
|
|
#ifdef HAVE_LIBZ
|
|
|
|
if (conn->out_z) {
|
2017-07-30 11:47:51 +00:00
|
|
|
int ret;
|
2014-12-13 11:09:15 +00:00
|
|
|
conn->out_z->next_in = (uchar *)iov->buf + offset;
|
|
|
|
conn->out_z->avail_in = len;
|
|
|
|
conn->out_z->next_out = (uchar *)bc->data + bc->len;
|
|
|
|
conn->out_z->avail_out = buf_avail;
|
2017-07-30 16:37:58 +00:00
|
|
|
/* Z_BUF_ERROR is impossible here, as the input buffer always has data,
|
|
|
|
* and the output buffer always has space. */
|
2017-07-30 11:47:51 +00:00
|
|
|
if ((ret = deflate( conn->out_z, Z_NO_FLUSH )) != Z_OK) {
|
|
|
|
error( "Fatal: Compression error: %s\n", z_err_msg( ret, conn->out_z ) );
|
2014-12-13 11:09:15 +00:00
|
|
|
abort();
|
|
|
|
}
|
|
|
|
bc->len = (char *)conn->out_z->next_out - bc->data;
|
|
|
|
buf_avail = conn->out_z->avail_out;
|
|
|
|
len -= conn->out_z->avail_in;
|
2015-05-09 17:17:41 +00:00
|
|
|
conn->z_written = 1;
|
2014-12-13 11:09:15 +00:00
|
|
|
} else
|
|
|
|
#endif
|
|
|
|
{
|
|
|
|
if (len > buf_avail)
|
|
|
|
len = buf_avail;
|
|
|
|
memcpy( bc->data + bc->len, iov->buf + offset, len );
|
|
|
|
bc->len += len;
|
|
|
|
buf_avail -= len;
|
|
|
|
}
|
2014-11-08 14:42:41 +00:00
|
|
|
offset += len;
|
|
|
|
total -= len;
|
|
|
|
if (offset == iov->len) {
|
|
|
|
if (iov->takeOwn == GiveOwn)
|
|
|
|
free( iov->buf );
|
|
|
|
iov++;
|
|
|
|
offset = 0;
|
2014-10-26 20:10:25 +00:00
|
|
|
}
|
2014-11-08 14:42:41 +00:00
|
|
|
if (!buf_avail) {
|
|
|
|
do_append( conn, bc );
|
|
|
|
bc = 0;
|
|
|
|
break;
|
2014-10-26 20:10:25 +00:00
|
|
|
}
|
2012-08-25 16:26:23 +00:00
|
|
|
}
|
|
|
|
}
|
2014-11-08 14:42:41 +00:00
|
|
|
conn->append_buf = bc;
|
2014-12-13 11:09:15 +00:00
|
|
|
#ifdef HAVE_LIBZ
|
|
|
|
conn->append_avail = buf_avail;
|
|
|
|
#endif
|
2015-05-09 17:17:41 +00:00
|
|
|
conf_wakeup( &conn->fd_fake, 0 );
|
2012-08-25 16:26:23 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
socket_fd_cb( int events, void *aux )
|
2011-01-23 12:43:00 +00:00
|
|
|
{
|
2012-08-25 16:26:23 +00:00
|
|
|
conn_t *conn = (conn_t *)aux;
|
|
|
|
|
2013-03-29 17:22:40 +00:00
|
|
|
if ((events & POLLERR) || conn->state == SCK_CONNECTING) {
|
|
|
|
int soerr;
|
|
|
|
socklen_t selen = sizeof(soerr);
|
|
|
|
if (getsockopt( conn->fd, SOL_SOCKET, SO_ERROR, &soerr, &selen )) {
|
|
|
|
perror( "getsockopt" );
|
|
|
|
exit( 1 );
|
|
|
|
}
|
|
|
|
errno = soerr;
|
|
|
|
if (conn->state == SCK_CONNECTING) {
|
|
|
|
if (errno)
|
|
|
|
socket_connect_failed( conn );
|
|
|
|
else
|
|
|
|
socket_connected( conn );
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
sys_error( "Socket error from %s", conn->name );
|
2013-03-29 17:11:57 +00:00
|
|
|
socket_fail( conn );
|
2012-08-25 16:26:23 +00:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (events & POLLOUT)
|
2014-11-29 18:15:50 +00:00
|
|
|
conf_notifier( &conn->notify, POLLIN, 0 );
|
2011-01-23 12:43:00 +00:00
|
|
|
|
2019-11-16 16:14:32 +00:00
|
|
|
if (pending_wakeup( &conn->fd_timeout ))
|
|
|
|
conf_wakeup( &conn->fd_timeout, conn->conf->timeout );
|
|
|
|
|
2011-01-23 12:43:00 +00:00
|
|
|
#ifdef HAVE_LIBSSL
|
2012-08-25 16:26:23 +00:00
|
|
|
if (conn->ssl) {
|
2019-11-16 13:17:06 +00:00
|
|
|
if (conn->state == SCK_STARTTLS) {
|
|
|
|
start_tls_p2( conn );
|
|
|
|
return;
|
|
|
|
}
|
2012-08-25 16:26:23 +00:00
|
|
|
if (do_queued_write( conn ) < 0)
|
|
|
|
return;
|
|
|
|
socket_fill( conn );
|
|
|
|
return;
|
|
|
|
}
|
2011-01-23 12:43:00 +00:00
|
|
|
#endif
|
2012-08-25 16:26:23 +00:00
|
|
|
|
|
|
|
if ((events & POLLOUT) && do_queued_write( conn ) < 0)
|
|
|
|
return;
|
|
|
|
if (events & POLLIN)
|
|
|
|
socket_fill( conn );
|
2011-01-23 12:43:00 +00:00
|
|
|
}
|
2014-11-30 18:44:41 +00:00
|
|
|
|
2014-11-08 14:42:41 +00:00
|
|
|
static void
|
|
|
|
socket_fake_cb( void *aux )
|
|
|
|
{
|
|
|
|
conn_t *conn = (conn_t *)aux;
|
|
|
|
|
2015-05-09 17:17:41 +00:00
|
|
|
/* Ensure that a pending write gets queued. */
|
2014-12-13 11:09:15 +00:00
|
|
|
do_flush( conn );
|
2015-05-09 17:17:41 +00:00
|
|
|
/* If no writes are ongoing, start writing now. */
|
|
|
|
if (!conn->writing)
|
2014-11-08 14:42:41 +00:00
|
|
|
do_queued_write( conn );
|
|
|
|
}
|
|
|
|
|
2015-04-06 14:49:33 +00:00
|
|
|
static void
|
|
|
|
socket_timeout_cb( void *aux )
|
|
|
|
{
|
|
|
|
conn_t *conn = (conn_t *)aux;
|
|
|
|
|
|
|
|
if (conn->state == SCK_CONNECTING) {
|
|
|
|
errno = ETIMEDOUT;
|
|
|
|
socket_connect_failed( conn );
|
|
|
|
} else {
|
|
|
|
error( "Socket error on %s: timeout.\n", conn->name );
|
|
|
|
socket_fail( conn );
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-12-13 11:09:15 +00:00
|
|
|
#ifdef HAVE_LIBZ
|
|
|
|
static void
|
|
|
|
z_fake_cb( void *aux )
|
|
|
|
{
|
|
|
|
conn_t *conn = (conn_t *)aux;
|
|
|
|
|
|
|
|
socket_fill_z( conn );
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2014-11-30 18:44:41 +00:00
|
|
|
#ifdef HAVE_LIBSSL
|
|
|
|
static void
|
|
|
|
ssl_fake_cb( void *aux )
|
|
|
|
{
|
|
|
|
conn_t *conn = (conn_t *)aux;
|
|
|
|
|
|
|
|
socket_fill( conn );
|
|
|
|
}
|
|
|
|
#endif
|