summaryrefslogtreecommitdiff
path: root/lib/event.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/event.c')
-rw-r--r--lib/event.c221
1 files changed, 147 insertions, 74 deletions
diff --git a/lib/event.c b/lib/event.c
index 802c0b9..dcf7e1c 100644
--- a/lib/event.c
+++ b/lib/event.c
@@ -10,6 +10,7 @@
#include <errno.h>
#include <event2/event.h>
+#include <event2/listener.h>
#include <event2/bufferevent.h>
#if defined (RS_ENABLE_TLS)
#include <event2/bufferevent_ssl.h>
@@ -25,8 +26,9 @@
#include "err.h"
#include "radsec.h"
#include "event.h"
-#include "packet.h"
+#include "message.h"
#include "conn.h"
+#include "listener.h"
#include "debug.h"
#if defined (DEBUG)
@@ -72,8 +74,8 @@ event_conn_timeout_cb (int fd, short event, void *data)
if (event & EV_TIMEOUT)
{
rs_debug (("%s: connection timeout on %p (fd %d) connecting to %p\n",
- __func__, conn, conn->fd, conn->active_peer));
- conn->is_connecting = 0;
+ __func__, conn, conn->base_.fd, conn->active_peer));
+ conn->state = RS_CONN_STATE_UNDEFINED;
rs_err_conn_push_fl (conn, RSE_TIMEOUT_CONN, __FILE__, __LINE__, NULL);
event_loopbreak (conn);
}
@@ -90,68 +92,118 @@ event_retransmit_timeout_cb (int fd, short event, void *data)
if (event & EV_TIMEOUT)
{
rs_debug (("%s: retransmission timeout on %p (fd %d) sending to %p\n",
- __func__, conn, conn->fd, conn->active_peer));
+ __func__, conn, conn->base_.fd, conn->active_peer));
rs_err_conn_push_fl (conn, RSE_TIMEOUT_IO, __FILE__, __LINE__, NULL);
event_loopbreak (conn);
}
}
+/* FIXME: event_ is actually not such a great prefix given that we
+ link with libevent which exports 113 symbols prefixed 'event_'. */
int
-event_init_socket (struct rs_connection *conn, struct rs_peer *p)
+event_init_socket (struct rs_conn_base *connbase, struct rs_peer *p)
{
- if (conn->fd != -1)
+ if (connbase->fd != -1)
return RSE_OK;
+ assert (p);
+ assert (p->realm);
+
+ /* Resolve potential DNS name for peer. */
if (p->addr_cache == NULL)
{
struct rs_error *err =
rs_resolve (&p->addr_cache, p->realm->type, p->hostname, p->service);
if (err != NULL)
- return err_conn_push_err (conn, err);
+ return err_connbase_push_err (connbase, err);
}
- conn->fd = socket (p->addr_cache->ai_family, p->addr_cache->ai_socktype,
- p->addr_cache->ai_protocol);
- if (conn->fd < 0)
- return rs_err_conn_push_fl (conn, RSE_SOCKERR, __FILE__, __LINE__,
- "socket: %d (%s)",
- errno, strerror (errno));
- if (evutil_make_socket_nonblocking (conn->fd) < 0)
+ /* Create the socket and make it non-blocking. */
+ connbase->fd = socket (p->addr_cache->ai_family,
+ p->addr_cache->ai_socktype,
+ p->addr_cache->ai_protocol);
+ if (connbase->fd < 0)
+ return rs_err_connbase_push_fl (connbase, RSE_SOCKERR, __FILE__, __LINE__,
+ "socket: %d (%s)",
+ errno, strerror (errno));
+ if (evutil_make_socket_nonblocking (connbase->fd) < 0)
{
- evutil_closesocket (conn->fd);
- conn->fd = -1;
- return rs_err_conn_push_fl (conn, RSE_SOCKERR, __FILE__, __LINE__,
- "evutil_make_socket_nonblocking: %d (%s)",
- errno, strerror (errno));
+ evutil_closesocket (connbase->fd);
+ connbase->fd = -1;
+ return rs_err_connbase_push_fl (connbase, RSE_SOCKERR, __FILE__, __LINE__,
+ "evutil_make_socket_nonblocking: %d (%s)",
+ errno, strerror (errno));
+ }
+
+ /* If we're inititalising the socket for a listener, bind to the
+ peer address. */
+ if (connbase->magic == RS_CONN_MAGIC_LISTENER)
+ {
+ assert (p->realm->type == connbase->transport);
+ if (p->realm->type == RS_CONN_TYPE_TLS
+ || p->realm->type == RS_CONN_TYPE_TCP)
+ {
+ struct rs_listener *listener = TO_LISTENER_CONN (connbase);
+ listener->evlistener =
+ evconnlistener_new_bind (listener->base_.ctx->evb,
+ listener_accept_cb_,
+ listener, LEV_OPT_REUSEABLE,
+ LISTENER_BACKLOG,
+ p->addr_cache->ai_addr,
+ p->addr_cache->ai_addrlen);
+ if (listener->evlistener == NULL)
+ return rs_err_connbase_push (connbase, RSE_EVENT,
+ "evconnlistener_new_bind: %d (%s)",
+ errno, strerror (errno));
+
+ evconnlistener_set_error_cb (listener->evlistener, listener_err_cb_);
+ }
+ else
+ {
+ return rs_err_connbase_push_fl (connbase, RSE_NOSYS,
+ __FILE__, __LINE__, NULL);
+ }
}
+
return RSE_OK;
}
int
-event_init_bufferevent (struct rs_connection *conn, struct rs_peer *peer)
+event_init_bufferevent (struct rs_connection *conn)
{
- if (conn->bev)
+ struct rs_conn_base *connbase = NULL;
+ assert (conn);
+ connbase = TO_BASE_CONN(conn);
+
+ if (connbase->bev)
return RSE_OK;
- if (conn->realm->type == RS_CONN_TYPE_TCP)
+ if (connbase->transport == RS_CONN_TYPE_TCP)
{
- conn->bev = bufferevent_socket_new (conn->evb, conn->fd, 0);
- if (!conn->bev)
+ connbase->bev = bufferevent_socket_new (connbase->ctx->evb,
+ connbase->fd, 0);
+ if (!connbase->bev)
return rs_err_conn_push_fl (conn, RSE_EVENT, __FILE__, __LINE__,
- "bufferevent_socket_new");
+ "bufferevent_socket_new");
}
#if defined (RS_ENABLE_TLS)
- else if (conn->realm->type == RS_CONN_TYPE_TLS)
+ else if (connbase->transport == RS_CONN_TYPE_TLS)
{
+ enum bufferevent_ssl_state bev_ssl_state;
+
if (rs_tls_init (conn))
return -1;
- /* Would be convenient to pass BEV_OPT_CLOSE_ON_FREE but things
- seem to break when be_openssl_ctrl() (in libevent) calls
- SSL_set_bio() after BIO_new_socket() with flag=1. */
- conn->bev =
- bufferevent_openssl_socket_new (conn->evb, conn->fd, conn->tls_ssl,
- BUFFEREVENT_SSL_CONNECTING, 0);
- if (!conn->bev)
+ bev_ssl_state = conn_originating_p (conn)
+ ? BUFFEREVENT_SSL_CONNECTING : BUFFEREVENT_SSL_ACCEPTING;
+
+ /* It would be convenient to pass BEV_OPT_CLOSE_ON_FREE in last
+ argument (options) but things seem to break when
+ be_openssl_ctrl() (in libevent) calls SSL_set_bio() after
+ BIO_new_socket() with flag=1. */
+ connbase->bev =
+ bufferevent_openssl_socket_new (connbase->ctx->evb, connbase->fd,
+ conn->tls_ssl, bev_ssl_state, 0);
+ if (!connbase->bev)
return rs_err_conn_push_fl (conn, RSE_EVENT, __FILE__, __LINE__,
"bufferevent_openssl_socket_new");
}
@@ -160,7 +212,7 @@ event_init_bufferevent (struct rs_connection *conn, struct rs_peer *peer)
{
return rs_err_conn_push_fl (conn, RSE_INTERNAL, __FILE__, __LINE__,
"%s: unknown connection type: %d", __func__,
- conn->realm->type);
+ connbase->transport);
}
return RSE_OK;
@@ -169,62 +221,69 @@ event_init_bufferevent (struct rs_connection *conn, struct rs_peer *peer)
void
event_do_connect (struct rs_connection *conn)
{
- struct rs_peer *p;
int err, sockerr;
+ struct sockaddr *peer_addr;
+ size_t peer_addrlen;
assert (conn);
assert (conn->active_peer);
- p = conn->active_peer;
+ assert (conn->active_peer->addr_cache);
+ peer_addr = conn->active_peer->addr_cache->ai_addr;
+ peer_addrlen = conn->active_peer->addr_cache->ai_addrlen;
+
+ /* We don't connect listeners. */
+ assert (conn->base_.magic == RS_CONN_MAGIC_GENERIC);
#if defined (DEBUG)
{
char host[80], serv[80];
- getnameinfo (p->addr_cache->ai_addr,
- p->addr_cache->ai_addrlen,
- host, sizeof(host), serv, sizeof(serv),
+ getnameinfo (peer_addr, peer_addrlen,
+ host, sizeof(host),
+ serv, sizeof(serv),
0 /* NI_NUMERICHOST|NI_NUMERICSERV*/);
rs_debug (("%s: connecting to %s:%s\n", __func__, host, serv));
}
#endif
- if (p->conn->bev) /* TCP */
+ if (conn->base_.bev) /* TCP */
{
conn_activate_timeout (conn); /* Connect timeout. */
- err = bufferevent_socket_connect (p->conn->bev, p->addr_cache->ai_addr,
- p->addr_cache->ai_addrlen);
+ err = bufferevent_socket_connect (conn->base_.bev,
+ peer_addr, peer_addrlen);
if (err < 0)
- rs_err_conn_push_fl (p->conn, RSE_EVENT, __FILE__, __LINE__,
- "bufferevent_socket_connect: %s",
- evutil_gai_strerror (err));
+ rs_err_conn_push_fl (conn, RSE_EVENT, __FILE__, __LINE__,
+ "bufferevent_socket_connect: %s",
+ evutil_gai_strerror (err));
else
- p->conn->is_connecting = 1;
+ conn->state = RS_CONN_STATE_CONNECTING;
}
else /* UDP */
{
- err = connect (p->conn->fd,
- p->addr_cache->ai_addr,
- p->addr_cache->ai_addrlen);
+ err = connect (conn->base_.fd, peer_addr, peer_addrlen);
if (err < 0)
{
- sockerr = evutil_socket_geterror (p->conn->fd);
- rs_debug (("%s: %d: connect: %d (%s)\n", __func__, p->conn->fd,
+ sockerr = evutil_socket_geterror (conn->base_.fd);
+ rs_debug (("%s: %d: connect: %d (%s)\n", __func__,
+ conn->base_.fd,
sockerr, evutil_socket_error_to_string (sockerr)));
- rs_err_conn_push_fl (p->conn, RSE_SOCKERR, __FILE__, __LINE__,
- "%d: connect: %d (%s)", p->conn->fd, sockerr,
- evutil_socket_error_to_string (sockerr));
+ rs_err_conn_push (conn, RSE_SOCKERR,
+ "%d: connect: %d (%s)", conn->base_.fd,
+ sockerr, evutil_socket_error_to_string (sockerr));
}
+ else
+ conn->state = RS_CONN_STATE_CONNECTING;
}
}
int
event_loopbreak (struct rs_connection *conn)
{
- int err = event_base_loopbreak (conn->evb);
+ int err = event_base_loopbreak (TO_BASE_CONN(conn)->ctx->evb);
if (err < 0)
rs_err_conn_push_fl (conn, RSE_EVENT, __FILE__, __LINE__,
"event_base_loopbreak: %s",
- evutil_gai_strerror (err));
+ evutil_gai_strerror (err)); /* FIXME: really gai_strerror? */
return err;
}
@@ -232,21 +291,22 @@ event_loopbreak (struct rs_connection *conn)
void
event_on_disconnect (struct rs_connection *conn)
{
- conn->is_connecting = 0;
- conn->is_connected = 0;
+ conn->state = RS_CONN_STATE_UNDEFINED;
rs_debug (("%s: %p disconnected\n", __func__, conn->active_peer));
if (conn->callbacks.disconnected_cb)
- conn->callbacks.disconnected_cb (conn->user_data);
+ conn->callbacks.disconnected_cb (conn->base_.user_data);
}
-/** Internal connect event returning 0 on success or -1 on error. */
+/** Internal connect event for originating connections. Returns 0 on
+ success and -1 on TLS certificate verification failure. */
int
-event_on_connect (struct rs_connection *conn, struct rs_packet *pkt)
+event_on_connect_orig (struct rs_connection *conn, struct rs_message *msg)
{
- assert (!conn->is_connecting);
+ assert (conn->state == RS_CONN_STATE_CONNECTING);
+ assert (conn->active_peer);
#if defined (RS_ENABLE_TLS)
- if (conn_type_tls(conn) && !conn_cred_psk(conn))
+ if (conn_type_tls_p (conn) && !conn_cred_psk (conn))
if (tls_verify_cert (conn) != RSE_OK)
{
rs_debug (("%s: server cert verification failed\n", __func__));
@@ -254,23 +314,36 @@ event_on_connect (struct rs_connection *conn, struct rs_packet *pkt)
}
#endif /* RS_ENABLE_TLS */
- conn->is_connected = 1;
+ conn->state = RS_CONN_STATE_CONNECTED;
rs_debug (("%s: %p connected\n", __func__, conn->active_peer));
if (conn->callbacks.connected_cb)
- conn->callbacks.connected_cb (conn->user_data);
+ conn->callbacks.connected_cb (conn->base_.user_data);
- if (pkt)
- packet_do_send (pkt);
+ if (msg)
+ message_do_send (msg);
return 0;
}
+/** FIXME: DOC */
int
-event_init_eventbase (struct rs_connection *conn)
+event_on_connect_term (struct rs_connection *conn, struct rs_message *msg)
{
- assert (conn);
- if (conn->evb)
+ /* TODO: verify client */
+ conn->state = RS_CONN_STATE_CONNECTED;
+ rs_debug (("%s: WARNING: not checking client cert!!!\n", __func__));
+ if (conn->callbacks.connected_cb)
+ conn->callbacks.connected_cb (conn->base_.user_data);
+ return 0;
+}
+
+int
+event_init_eventbase (struct rs_conn_base *connbase)
+{
+ assert (connbase);
+ assert (connbase->ctx);
+ if (connbase->ctx->evb)
return RSE_OK;
#if defined (DEBUG)
@@ -278,10 +351,10 @@ event_init_eventbase (struct rs_connection *conn)
event_enable_debug_mode ();
#endif
event_set_log_callback (_evlog_cb);
- conn->evb = event_base_new ();
- if (!conn->evb)
- return rs_err_conn_push_fl (conn, RSE_EVENT, __FILE__, __LINE__,
- "event_base_new");
+ connbase->ctx->evb = event_base_new ();
+ if (!connbase->ctx->evb)
+ return rs_err_connbase_push_fl (connbase, RSE_EVENT, __FILE__, __LINE__,
+ "event_base_new");
return RSE_OK;
}
generated by cgit v1.1 at 2024-12-26 20:05:54 +0000