2 * This program is free software; you can redistribute it and/or modify
3 * it under the terms of the GNU General Public License as published by
4 * the Free Software Foundation; either version 2 of the License, or (at
5 * your option) any later version.
7 * This program is distributed in the hope that it will be useful, but
8 * WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
10 * General Public License for more details.
12 * You should have received a copy of the GNU General Public License
13 * along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
17 * Copyright © 2006 Pierre Habouzit
20 #include <sys/epoll.h>
21 #include <sys/socket.h>
23 # include <linux/poll.h>
25 # define EPOLLRDHUP POLLRDHUP
32 #include "mutt_ssl.li"
34 static int epollfd = -1;
36 static int el_job_setemode(job_t *w, el_mode emode)
38 static int const evtmode_to_epoll[] = {
39 [EL_NEW] = EPOLLRDHUP,
40 [EL_READING] = EPOLLIN,
41 [EL_WRITING] = EPOLLOUT,
42 [EL_RDWR] = EPOLLIN | EPOLLOUT,
43 [EL_IDLE] = EPOLLRDHUP,
46 assert (w->mode == emode || emode == EL_WRITING || emode == EL_READING);
48 if (emode != w->emode) {
49 struct epoll_event event = {
51 .events = evtmode_to_epoll[emode],
53 int action = w->emode == EL_NEW ? EPOLL_CTL_ADD : EPOLL_CTL_MOD;
54 if (epoll_ctl(epollfd, action, w->fd, &event) < 0) {
55 return el_job_release(w, true);
62 int el_job_setmode(job_t *w, el_mode mode)
64 if (w->mode == w->emode) {
66 return el_job_setemode(w, mode);
73 void job_wipe(job_t *w)
76 gnutls_certificate_free_credentials(w->xcred);
78 gnutls_deinit(w->session);
81 int el_job_release(job_t *w, el_status reason)
83 w->state = EL_LLP_FINI;
84 if (w->m && w->m->finalize) {
85 w->m->finalize(w, reason);
89 gnutls_bye(w->session, GNUTLS_SHUT_RDWR);
96 static int el_job_tlsing(job_t *w, int starttls)
98 int err = gnutls_handshake(w->session);
99 if (err < 0 && !gnutls_error_is_fatal(err)) {
100 int wr = gnutls_record_get_direction(w->session);
101 return el_job_setemode(w, wr ? EL_WRITING : EL_READING);
104 return el_job_release(w, EL_RDHUP);
107 if (!tls_check_certificate (conn))
111 /* set Security Strength Factor (SSF) for SASL */
112 /* NB: gnutls_cipher_get_key_size() returns key length in bytes */
113 w->ssf = gnutls_cipher_get_key_size(gnutls_cipher_get(w->session)) * 8;
114 w->state = EL_LLP_READY;
116 return el_job_setemode(w, w->mode);
117 return w->m->on_event(w, EL_EVT_RUNNING);
120 static int el_job_starttlsing(job_t *w)
122 return el_job_tlsing(w, true);
125 static int el_job_connecting_ssl(job_t *w)
127 return el_job_tlsing(w, false);
130 static int el_job_connecting(job_t *w)
133 socklen_t len = sizeof(err);
135 if (getsockopt(w->fd, SOL_SOCKET, SO_ERROR, (void *)&err, &len) || err)
136 return el_job_release(w, EL_ERROR);
139 w->llp = &el_job_connecting_ssl;
142 w->state = EL_LLP_READY;
143 return w->m->on_event(w, EL_EVT_RUNNING);
146 static int tls_negotiate(job_t *w)
148 static int protocol_priority[] = { GNUTLS_TLS1, GNUTLS_SSL3, 0 };
150 if (gnutls_certificate_allocate_credentials(&w->xcred) < 0)
153 /* ignore errors, maybe file doesn't exist yet */
154 gnutls_certificate_set_x509_trust_file(w->xcred, mod_ssl.cert_file,
155 GNUTLS_X509_FMT_PEM);
157 if (mod_ssl.ca_certificates_file) {
158 gnutls_certificate_set_x509_trust_file(w->xcred,
159 mod_ssl.ca_certificates_file, GNUTLS_X509_FMT_PEM);
161 gnutls_init(&w->session, GNUTLS_CLIENT);
164 gnutls_transport_set_ptr(w->session, (gnutls_transport_ptr)(intptr_t)w->fd);
166 /* disable TLS/SSL protocols as needed */
167 if (!mod_ssl.use_sslv3) {
168 protocol_priority[1] = 0;
171 /* We use default priorities (see gnutls documentation),
172 except for protocol version */
173 gnutls_set_default_priority(w->session);
174 gnutls_protocol_set_priority(w->session, protocol_priority);
175 gnutls_credentials_set(w->session, GNUTLS_CRD_CERTIFICATE, w->xcred);
179 int el_job_connect(job_t *w, struct sockaddr *addr, socklen_t len,
180 int type, int proto, int ssl)
182 int res, sock = socket(addr->sa_family, type, proto);
187 res = fcntl(sock, F_GETFL);
190 if (fcntl(sock, F_SETFL, res | O_NONBLOCK) < 0)
192 if (connect(sock, addr, len) < 0)
196 if (ssl && tls_negotiate(w) < 0)
199 w->llp = &el_job_connecting;
200 return el_job_setmode(w, EL_WRITING);
204 return el_job_release(w, EL_ERROR);
207 int el_job_starttls(job_t *w)
209 if (tls_negotiate(w) < 0)
210 return el_job_release(w, EL_RDHUP);
211 w->state = EL_LLP_INIT;
212 w->llp = &el_job_starttlsing;
216 ssize_t el_job_read(job_t *w, buffer_t *buf)
220 buffer_ensure(buf, BUFSIZ);
223 nr = gnutls_record_recv(w->session, buf->data + buf->len, BUFSIZ);
224 if (nr < 0 && !gnutls_error_is_fatal(nr)) {
225 int wr = gnutls_record_get_direction(w->session);
226 return el_job_setemode(w, wr ? EL_WRITING : EL_READING);
228 EL_JOB_CHECK(el_job_setemode(w, w->mode));
230 nr = read(w->fd, buf->data + buf->len, BUFSIZ);
231 if (nr < 0 && (errno == EINTR || errno == EAGAIN))
235 return el_job_release(w, EL_RDHUP);
236 buffer_extend(buf, nr);
240 ssize_t el_job_write(job_t *w, buffer_t *buf)
248 nr = gnutls_record_send(w->session, buf->data, buf->len);
249 if (nr < 0 && !gnutls_error_is_fatal(nr)) {
250 int wr = gnutls_record_get_direction(w->session);
251 return el_job_setemode(w, wr ? EL_WRITING : EL_READING);
253 EL_JOB_CHECK(el_job_setemode(w, w->mode));
255 nr = write(w->fd, buf->data, buf->len);
256 if (nr < 0 && (errno == EINTR || errno == EAGAIN))
260 return el_job_release(w, EL_RDHUP);
261 buffer_splice(buf, 0, nr, NULL, 0);
265 int el_dispatch(int timeout)
267 struct epoll_event events[FD_SETSIZE];
268 int count = epoll_wait(epollfd, events, countof(events), timeout);
271 if (errno == EAGAIN || errno == EINTR)
273 mutt_error("epoll_wait");
274 mutt_exit(EXIT_FAILURE);
277 while (--count >= 0) {
278 job_t *w = events[count].data.ptr;
279 int event = events[count].events;
288 if (event & EPOLLRDHUP) {
289 IGNORE(el_job_release(w, EL_RDHUP));
290 } else if (w->mode != w->emode) {
291 IGNORE(w->m->on_event(w, EL_EVT_INOUT ^ w->emode));
295 if (event & EPOLLOUT)
297 IGNORE(w->m->on_event(w, evt));
302 IGNORE(el_job_release(w, EL_ERROR));