X-Git-Url: http://git.madism.org/?a=blobdiff_plain;f=lib-sys%2Fevtloop.c;h=a28c9b872844b6fddb6b4a9bdc405b0763bad2c9;hb=5a4ed6a80a95c870a3603350d2a1e99b99d99b5b;hp=1991646aeedc165c1559c296fa8b84ae70873108;hpb=469f8c99bd1c9ebc670365a099df35b9f71fe6c7;p=apps%2Fmadmutt.git diff --git a/lib-sys/evtloop.c b/lib-sys/evtloop.c index 1991646..a28c9b8 100644 --- a/lib-sys/evtloop.c +++ b/lib-sys/evtloop.c @@ -17,6 +17,7 @@ * Copyright © 2006 Pierre Habouzit */ +#include #include #include #ifndef EPOLLRDHUP @@ -29,8 +30,12 @@ #endif #include "evtloop.h" #include "mutt.h" +#include "mutt_ssl.li" + +DO_ARRAY_TYPE(job_t, job); static int epollfd = -1; +static job_array jobs; static int el_job_setemode(job_t *w, el_mode emode) { @@ -69,6 +74,40 @@ int el_job_setmode(job_t *w, el_mode mode) } } +void job_wipe(job_t *w) +{ + if (w->xcred) + gnutls_certificate_free_credentials(w->xcred); + if (w->session) + gnutls_deinit(w->session); +} + +static void job_arrau_dtor(job_t **j) +{ + if (*j) + IGNORE(el_job_release(*j, EL_KILLED)); +} + +DO_ARRAY_FUNCS(job_t, job, job_arrau_dtor); + +static void job_array_remove(job_array *arr, job_t *j) +{ + for (int i = 0; i < arr->len; i++) { + if (arr->arr[i] == j) { + job_array_take(arr, i); + break; + } + } +} + +job_t *el_job_start(const machine_t *m, void *cfg) +{ + job_t *w = job_new(); + w->m = m; + job_array_append(&jobs, w); + return m->setup(w, cfg) < 0 ? NULL : w; +} + int el_job_release(job_t *w, el_status reason) { w->state = EL_LLP_FINI; @@ -76,12 +115,49 @@ int el_job_release(job_t *w, el_status reason) w->m->finalize(w, reason); } if (w->fd >= 0) { + if (w->session) + gnutls_bye(w->session, GNUTLS_SHUT_RDWR); close(w->fd); } + job_array_remove(&jobs, w); job_delete(&w); return -1; } +static int el_job_tlsing(job_t *w, int starttls) +{ + int err = gnutls_handshake(w->session); + if (err < 0 && !gnutls_error_is_fatal(err)) { + int wr = gnutls_record_get_direction(w->session); + return el_job_setemode(w, wr ? EL_WRITING : EL_READING); + } + if (err < 0) + return el_job_release(w, EL_RDHUP); + +#if 0 + if (!tls_check_certificate (conn)) + return -1; +#endif + + /* set Security Strength Factor (SSF) for SASL */ + /* NB: gnutls_cipher_get_key_size() returns key length in bytes */ + w->ssf = gnutls_cipher_get_key_size(gnutls_cipher_get(w->session)) * 8; + w->state = EL_LLP_READY; + if (starttls) + return el_job_setemode(w, w->mode); + return w->m->on_event(w, EL_EVT_RUNNING); +} + +static int el_job_starttlsing(job_t *w) +{ + return el_job_tlsing(w, true); +} + +static int el_job_connecting_ssl(job_t *w) +{ + return el_job_tlsing(w, false); +} + static int el_job_connecting(job_t *w) { int err = 0; @@ -90,12 +166,49 @@ static int el_job_connecting(job_t *w) if (getsockopt(w->fd, SOL_SOCKET, SO_ERROR, (void *)&err, &len) || err) return el_job_release(w, EL_ERROR); + if (w->session) { + w->llp = &el_job_connecting_ssl; + return w->llp(w); + } w->state = EL_LLP_READY; return w->m->on_event(w, EL_EVT_RUNNING); } +static int tls_negotiate(job_t *w) +{ + static int protocol_priority[] = { GNUTLS_TLS1, GNUTLS_SSL3, 0 }; + + if (gnutls_certificate_allocate_credentials(&w->xcred) < 0) + return -1; + + /* ignore errors, maybe file doesn't exist yet */ + gnutls_certificate_set_x509_trust_file(w->xcred, mod_ssl.cert_file, + GNUTLS_X509_FMT_PEM); + + if (mod_ssl.ca_certificates_file) { + gnutls_certificate_set_x509_trust_file(w->xcred, + mod_ssl.ca_certificates_file, GNUTLS_X509_FMT_PEM); + } + gnutls_init(&w->session, GNUTLS_CLIENT); + + /* set socket */ + gnutls_transport_set_ptr(w->session, (gnutls_transport_ptr)(intptr_t)w->fd); + + /* disable TLS/SSL protocols as needed */ + if (!mod_ssl.use_sslv3) { + protocol_priority[1] = 0; + } + + /* We use default priorities (see gnutls documentation), + except for protocol version */ + gnutls_set_default_priority(w->session); + gnutls_protocol_set_priority(w->session, protocol_priority); + gnutls_credentials_set(w->session, GNUTLS_CRD_CERTIFICATE, w->xcred); + return 0; +} + int el_job_connect(job_t *w, struct sockaddr *addr, socklen_t len, - int type, int proto) + int type, int proto, int ssl) { int res, sock = socket(addr->sa_family, type, proto); @@ -111,6 +224,9 @@ int el_job_connect(job_t *w, struct sockaddr *addr, socklen_t len, goto error; w->fd = sock; + if (ssl && tls_negotiate(w) < 0) + goto error; + w->llp = &el_job_connecting; return el_job_setmode(w, EL_WRITING); @@ -119,6 +235,15 @@ int el_job_connect(job_t *w, struct sockaddr *addr, socklen_t len, return el_job_release(w, EL_ERROR); } +int el_job_starttls(job_t *w) +{ + if (tls_negotiate(w) < 0) + return el_job_release(w, EL_RDHUP); + w->state = EL_LLP_INIT; + w->llp = &el_job_starttlsing; + return w->llp(w); +} + ssize_t el_job_read(job_t *w, buffer_t *buf) { ssize_t nr; @@ -185,6 +310,7 @@ int el_dispatch(int timeout) int event = events[count].events; int evt = 0; + gettimeofday(&w->mru, NULL); switch (w->state) { case EL_LLP_INIT: w->llp(w); @@ -212,3 +338,44 @@ int el_dispatch(int timeout) return 0; } + +void *el_loop(void *data) +{ + time_t sec = time(NULL); + + for (;;) { + struct timeval now; + + el_dispatch(100); + pthread_testcancel(); + + gettimeofday(&now, NULL); + if (sec >= now.tv_sec) + continue; + sec = now.tv_sec; + now.tv_sec -= 10; + for (int i = jobs.len - 1; i >= 0; --i) { + job_t *w = jobs.arr[i]; + if (timercmp(&now, &w->mru, >)) + IGNORE(w->m->on_event(w, EL_EVT_WAKEUP)); + } + } +} + +void el_initialize(void) +{ + gnutls_global_init(); + epollfd = epoll_create(1024); + if (epollfd < 0) { + mutt_error("epoll_create"); + mutt_exit(EXIT_FAILURE); + } + job_array_init(&jobs); +} + +void el_shutdown(void) +{ + job_array_wipe(&jobs); + close(epollfd); + gnutls_global_deinit(); +}