Alpha version of the SSL work.

Doesn't build yet, but I'm scared of losing it, so using git as storage. Will fix the stupid bugs now, the tricky bugs later.
author: Laurent Bercot <ska-skaware@skarnet.org> 2016-11-25 18:16:05 +0000
committer: Laurent Bercot <ska-skaware@skarnet.org> 2016-11-25 18:16:05 +0000
commit: 018025f0f36a4847df265c9948dbaf7073ed3245 (patch)
tree: 984c9a4bba06ef8abc02d0fbe81a70ec28c6f529 /src/conn-tools
parent: 6421a5e923b0f695047b429e4176bca2873c5189 (diff)
download: s6-networking-018025f0f36a4847df265c9948dbaf7073ed3245.tar.xz
8 files changed, 622 insertions, 0 deletions
diff --git a/src/conn-tools/deps-exe/s6-tlsc b/src/conn-tools/deps-exe/s6-tlsc
new file mode 100644
index 0000000..d00d2b8
--- /dev/null
+++ b/src/conn-tools/deps-exe/s6-tlsc
@@ -0,0 +1,5 @@
+${LIBCRYPTOSUPPORT}
+-lskarnet
+${CRYPTO_LIB}
+${SOCKET_LIB}
+${TAINNOW_LIB}
diff --git a/src/conn-tools/deps-exe/s6-tlsclient b/src/conn-tools/deps-exe/s6-tlsclient
new file mode 100644
index 0000000..e7187fe
--- /dev/null
+++ b/src/conn-tools/deps-exe/s6-tlsclient
@@ -0,0 +1 @@
+-lskarnet
diff --git a/src/conn-tools/deps-exe/s6-tlsd b/src/conn-tools/deps-exe/s6-tlsd
new file mode 100644
index 0000000..d00d2b8
--- /dev/null
+++ b/src/conn-tools/deps-exe/s6-tlsd
@@ -0,0 +1,5 @@
+${LIBCRYPTOSUPPORT}
+-lskarnet
+${CRYPTO_LIB}
+${SOCKET_LIB}
+${TAINNOW_LIB}
diff --git a/src/conn-tools/deps-exe/s6-tlsserver b/src/conn-tools/deps-exe/s6-tlsserver
new file mode 100644
index 0000000..e7187fe
--- /dev/null
+++ b/src/conn-tools/deps-exe/s6-tlsserver
@@ -0,0 +1 @@
+-lskarnet
diff --git a/src/conn-tools/s6-tlsc.c b/src/conn-tools/s6-tlsc.c
new file mode 100644
index 0000000..e2b6f7f
--- /dev/null
+++ b/src/conn-tools/s6-tlsc.c
@@ -0,0 +1,102 @@
+/* ISC license. */
+
+#include <sys/types.h>
+#include <errno.h>
+#include <skalibs/uint64.h>
+#include <skalibs/uint.h>
+#include <skalibs/gidstuff.h>
+#include <skalibs/sgetopt.h>
+#include <skalibs/strerr2.h>
+#include <skalibs/tai.h>
+#include <skalibs/env.h>
+#include <skalibs/djbunix.h>
+#include <s6-networking/config.h>
+
+#ifdef S6_NETWORKING_USE_TLS
+
+#include <s6-networking/stls.h>
+#define s6tlsc stls_s6tlsc
+
+#else
+#ifdef S6_NETWORKING_USE_BEARSSL
+
+#include <s6-networking/sbearssl.h>
+#define s6tlsc sbearssl_s6tlsc
+
+#else
+
+#error No SSL backend configured.
+
+#endif
+#endif
+
+
+#define USAGE "s6-tlsc [ -S | -s ]  [ -Y | -y ] [ -v verbosity ] [ -K timeout ] [ -6 rfd ] [ -7 wfd ] prog..."
+#define dieusage() strerr_dieusage(100, USAGE)
+
+int main (int argc, char const *const *argv, char const *const *envp)
+{
+  tain_t tto ;
+  unsigned int verbosity = 1 ;
+  uid_t uid = 0 ;
+  gid_t gid = 0 ;
+  uint32_t preoptions = 0 ;
+  uint32_t options = 1 ;
+  int fds[2] = { 6, 7 } ;
+
+  PROG = "s6-tlsc" ;
+  {
+    subgetopt_t l = SUBGETOPT_ZERO ;
+    unsigned int t = 0 ;
+    for (;;)
+    {
+      register int opt = subgetopt_r(argc, argv, "SsYyv:K:6:7:", &l) ;
+      if (opt == -1) break ;
+      switch (opt)
+      {
+        case 'S' : options &= ~(uint32_t)1 ; break ;
+        case 's' : options |= 1 ; break ;
+        case 'Y' : preoptions &= ~(uint32_t)1 ; break ;
+        case 'y' : preoptions |= 1 ; break ;
+        case 'v' : if (!uint0_scan(l.arg, &verbosity)) dieusage() ; break ;
+        case 'K' : if (!uint0_scan(l.arg, &t)) dieusage() ; break ;
+        case '6' :
+        {
+          unsigned int fd ;
+          if (!uint0_scan(l.arg, &fd)) dieusage() ;
+          fds[0] = fd ;
+          break ;
+        }
+        case '7' :
+        {
+          unsigned int fd ;
+          if (!uint0_scan(l.arg, &fd)) dieusage() ;
+          fds[1] = fd ;
+          break ;
+        }
+        default : dieusage() ;
+      }
+    }
+    argc -= l.ind ; argv += l.ind ;
+    if (t) tain_from_millisecs(&tto, t) ; else tto = tain_infinite_relative ;
+  }
+  if (!argc) dieusage() ;
+
+  if (!getuid())
+  {
+    x = env_get2(envp, "TLS_UID") ;
+    if (x)
+    {
+      uint64 u ;
+      if (!uint640_scan(x, &u)) strerr_dieinvalid(100, "TLS_UID") ;
+      uid = (uid_t)u ;
+    }
+    x = env_get2(envp, "TLS_GID") ;
+    if (x)
+    {
+      if (!gid0_scan(x, &gid)) strerr_dieinvalid(100, "TLS_GID") ;
+    }
+  }
+
+  return s6tlsc(argv, envp, &tto, preoptions, options, uid, gid, verbosity) ;
+}
diff --git a/src/conn-tools/s6-tlsclient.c b/src/conn-tools/s6-tlsclient.c
new file mode 100644
index 0000000..6d2249a
--- /dev/null
+++ b/src/conn-tools/s6-tlsclient.c
@@ -0,0 +1,181 @@
+/* ISC license. */
+
+#include <skalibs/uint16.h>
+#include <skalibs/uint.h>
+#include <skalibs/bytestr.h>
+#include <skalibs/sgetopt.h>
+#include <skalibs/strerr2.h>
+#include <skalibs/djbunix.h>
+#include <skalibs/ip46.h>
+#include <s6-networking/config.h>
+
+#define USAGE "s6-tlsclient [ options ] ip port prog...\n" \
+"s6-tcpclient options: [ -q | -Q | -v ] [ -4 | -6 ] [ -d | -D ] [ -r | -R ] [ -h | -H ] [ -n | -N ] [ -t timeout ] [ -l localname ] [ -T timeoutconn ] [ -i localip ] [ -p localport ]\n" \
+"s6-tlsc options: [ -S | -s ] [ -Y | -y ] [ -K timeout ]"
+
+#define dieusage() strerr_dieusage(100, USAGE)
+
+typedef struct options_s options_t, *options_t_ref ;
+struct options_s
+{
+  char const *localname ;
+  unsigned int timeout ;
+  unsigned int ximeout ;
+  unsigned int yimeout ;
+  unsigned int kimeout ;
+  uint16 localport ;
+  ip46full_t localip ;
+  unsigned int verbosity : 2 ;
+  unsigned int flag4 : 1 ;
+  unsigned int flag6 : 1 ;
+  unsigned int flagD : 1 ;
+  unsigned int flagH : 1 ;
+  unsigned int flagr : 1 ;
+  unsigned int flagN : 1 ;
+  unsigned int flagS : 1 ;
+  unsigned int flagy : 1 ;
+  unsigned int doxy : 1 ;
+} ;
+
+#define OPTIONS_ZERO \
+{ \
+  .localname = 0, \
+  .timeout = 0, \
+  .ximeout = 2, \
+  .yimeout = 58, \
+  .kimeout = 0, \
+  .localport = 0, \
+  .localip = IP46FULL_ZERO, \
+  .verbosity = 1, \
+  .flag4 = 0, \
+  .flag6 = 0, \
+  .flagD = 0, \
+  .flagH = 0, \
+  .flagr = 0, \
+  .flagN = 0, \
+  .flagS = 0, \
+  .flagy = 0, \
+  .doxy = 0 \
+}
+
+int main (int argc, char const *const *argv, char const *const *envp)
+{
+  options_t o = OPTIONS_ZERO ;
+  PROG = "s6-tlsclient" ;
+  {
+    subgetopt_t l = SUBGETOPT_ZERO ;
+    for (;;)
+    {
+      register int opt = subgetopt_r(argc, argv, "qQv46DdHhRrnNt:l:T:i:p:SsYyK:", &l) ;
+      if (opt == -1) break ;
+      switch (opt)
+      {
+        case 'q' : o.verbosity = 0 ; break ;
+        case 'Q' : o.verbosity = 1 ; break ;
+        case 'v' : o.verbosity = 2 ; break ;
+        case '4' : o.flag4 = 1 ; break ;
+        case '6' : o.flag6 = 1 ; break ;
+        case 'D' : o.flagD = 1 ; break ;
+        case 'd' : o.flagD = 0 ; break ;
+        case 'H' : o.flagH = 1 ; break ;
+        case 'h' : o.flagh = 0 ; break ;
+        case 'R' : o.flagr = 0 ; break ;
+        case 'r' : o.flagr = 1 ; break ;
+        case 'n' : o.flagN = 0 ; break ;
+        case 'N' : o.flagN = 1 ; break ;
+        case 't' : if (!uint0_scan(l.arg, &o.timeout)) dieusage() ; break ;
+        case 'l' : o.localname = l.arg ; break ;
+        case 'T' :
+        {
+          unsigned int n = uint_scan(l.arg, &o.ximeout) ;
+          if (!n) dieusage() ;
+          o.doxy = 1 ;
+          if (!l.arg[n])
+          {
+            o.yimeout = 0 ;
+            break ;
+          }
+          if (l.arg[n] != '+') dieusage() ;
+          if (!uint0_scan(l.arg + n + 1, &o.yimeout)) dieusage() ;
+          break ;
+        }
+        case 'i' : if (!ip46full_scan(l.arg, &o.localip)) dieusage() ; break ;
+        case 'p' : if (!uint160_scan(l.arg, &o.localport)) dieusage() ; break ;
+        case 'S' : o.flagS = 1 ; break ;
+        case 's' : o.flagS = 0 ; break ;
+        case 'Y' : o.flagy = 0 ; break ;
+        case 'y' : o.flagy = 1 ; break ;
+        case 'K' : if (!uint0_scan(l.arg, &o.kimeout)) dieusage() ; break ;
+        default : dieusage() ;
+      }
+    }
+    argc -= l.ind ; argv += l.ind ;
+    if (argc < 3) dieusage() ;
+  }
+
+  {
+    unsigned int m = 0 ;
+    unsigned int pos = 0 ;
+    char fmt[UINT_FMT * 4 + UINT16_FMT + IP46_FMT] ;
+    char const *newargv[26 + argc] ;
+    newargv[m++] = S6_NETWORKING_BINPREFIX "s6-tcpclient" ;
+    if (o.verbosity != 1) newargv[m++] = o.verbosity ? "-v" ; "-q" ;
+    if (o.flag4) newargv[m++] = "-4" ;
+    if (o.flag6) newargv[m++] = "-6" ;
+    if (o.flagD) newargv[m++] = "-D" ;
+    if (o.flagH) newargv[m++] = "-H" ;
+    if (o.flagr) newargv[m++] = "-r" ;
+    if (o.flagN) newargv[m++] = "-N" ;
+    if (o.timeout)
+    {
+      newargv[m++] = "-t" ;
+      newargv[m++] = fmt + pos ;
+      pos += uint_fmt(fmt + pos, o.timeout) ;
+      fmt[pos++] = 0 ;
+    }
+    if (o.localname)
+    {
+      newargv[m++] = "-l" ;
+      newargv[m++] = o.localname ;
+    }
+    if (o.doxy)
+    {
+      newargv[m++] = "-T" ;
+      newargv[m++] = fmt + pos ;
+      pos += uint_fmt(fmt + pos, o.ximeout) ;
+      fmt[pos++] = '+' ;
+      pos += uint_fmt(fmt + pos, o.yimeout) ;
+      fmt[pos++] = 0 ;
+    }
+    if (byte_diff(o.localip.ip, 16, IP6_ANY))
+    {
+      newargv[m++] = "-i" ;
+      newargv[m++] = fmt + pos ;
+      pos += ip46full_fmt(fmt + pos, &o.localip) ;
+      fmt[pos++] = 0 ;
+    }
+    if (o.localport)
+    {
+      newargv[m++] = "-p" ;
+      newargv[m++] = fmt + pos ;
+      pos += uint16_fmt(fmt + pos, o.localport) ;
+      fmt[pos++] = 0 ;
+    }
+    newargv[m++] = "--" ;
+    newargv[m++] = S6_NETWORKING_BINPREFIX "s6-tlsc" ;
+    if (o.flagS) newargv[m++] = "-S" ;
+    if (o.flagy) newargv[m++] = "-y" ;
+    if (o.kimeout)
+    {
+      newargv[m++] = "-K" ;
+      newargv[m++] = fmt + pos ;
+      pos += uint_fmt(fmt + pos, o.kimeout) ;
+      fmt[pos++] = 0 ;
+    }
+    newargv[m++] = "--" ;
+    while (*argv) newargv[m++] = *argv++ ;
+    newargv[m++] = 0 ;
+    pathexec_run(newargv[0], newargv, envp) ;
+    strerr_dieexec(111, newargv[0]) ;
+  }
+}
diff --git a/src/conn-tools/s6-tlsd.c b/src/conn-tools/s6-tlsd.c
new file mode 100644
index 0000000..73758a2
--- /dev/null
+++ b/src/conn-tools/s6-tlsd.c
@@ -0,0 +1,86 @@
+/* ISC license. */
+
+#include <sys/types.h>
+#include <skalibs/uint64.h>
+#include <skalibs/uint.h>
+#include <skalibs/gidstuff.h>
+#include <skalibs/sgetopt.h>
+#include <skalibs/strerr2.h>
+#include <skalibs/tai.h>
+#include <skalibs/env.h>
+#include <skalibs/djbunix.h>
+#include <s6-networking/config.h>
+
+#ifdef S6_NETWORKING_USE_TLS
+
+#include <s6-networking/stls.h>
+#define s6tlsd stls_s6tlsd
+
+#else
+#ifdef S6_NETWORKING_USE_BEARSSL
+
+#include <s6-networking/sbearssl.h>
+#define s6tlsd sbearssl_s6tlsd
+
+#else
+
+#error No SSL backend configured.
+
+#endif
+#endif
+
+
+#define USAGE "s6-tlsd [ -S | -s ] [ -Y | -y ] [ -v verbosity ] [ -K timeout ] prog..."
+#define dieusage() strerr_dieusage(100, USAGE)
+
+int main (int argc, char const *const *argv, char const *const *envp)
+{
+  tain_t tto ;
+  unsigned int verbosity = 1 ;
+  uid_t uid = 0 ;
+  gid_t gid = 0 ;
+  uint32_t preoptions = 0 ;
+  uint32_t options = 1 ;
+
+  PROG = "s6-tlsd" ;
+  {
+    subgetopt_t l = SUBGETOPT_ZERO ;
+    unsigned int t = 0 ;
+    for (;;)
+    {
+      register int opt = subgetopt_r(argc, argv, "SsYyv:K:", &l) ;
+      if (opt == -1) break ;
+      switch (opt)
+      {
+        case 'S' : options &= ~(uint32_t)1 ; break ;
+        case 's' : options |= 1 ; break ;
+        case 'Y' : preoptions &= ~(uint32_t)1 ; break ;
+        case 'y' : preoptions |= 1 ; break ;
+        case 'v' : if (!uint0_scan(l.arg, &verbosity)) dieusage() ; break ;
+        case 'K' : if (!uint0_scan(l.arg, &t)) dieusage() ; break ;
+        default : dieusage() ;
+      }
+    }
+    argc -= l.ind ; argv += l.ind ;
+    if (t) tain_from_millisecs(&tto, t) ; else tto = tain_infinite_relative ;
+  }
+  if (!argc) dieusage() ;
+
+  if (!getuid())
+  {
+    x = env_get2(envp, "TLS_UID") ;
+    if (x)
+    {
+      uint64 u ;
+      if (!uint640_scan(x, &u)) strerr_dieinvalid(100, "TLS_UID") ;
+      uid = (uid_t)u ;
+    }
+    x = env_get2(envp, "TLS_GID") ;
+    if (x)
+    {
+      if (!gid0_scan(x, &gid)) strerr_dieinvalid(100, "TLS_GID") ;
+    }
+  }
+
+  return s6tlsd(argv, envp, &tto, preoptions, options, uid, gid, verbosity) ;
+}
diff --git a/src/conn-tools/s6-tlsserver.c b/src/conn-tools/s6-tlsserver.c
new file mode 100644
index 0000000..0154e24
--- /dev/null
+++ b/src/conn-tools/s6-tlsserver.c
@@ -0,0 +1,241 @@
+/* ISC license. */
+
+#include <sys/types.h>
+#include <limits.h>
+#include <skalibs/uint64.h>
+#include <skalibs/uint.h>
+#include <skalibs/gidstuff.h>
+#include <skalibs/sgetopt.h>
+#include <skalibs/strerr2.h>
+#include <skalibs/djbunix.h>
+#include <s6-networking/config.h>
+
+#define USAGE "s6-tlsserver [ options ] ip port prog...\n" \
+"s6-tcpserver options: [ -q | -Q | -v ] [ -4 | -6 ] [ -1 ] [ -c maxconn ] [ -C localmaxconn ] [ -b backlog ] [ -G gidlist ] [ -g gid ] [ -u uid ] [ -U ]\n" \
+"s6-tcpserver-access options: [ -W | -w ] [ -D | -d ] [ -H | -h ] [ -R | -r ] [ -P | -p ] [ -l localname ] [ -B banner ] [ -t timeout ] [ -i rulesdir | -x rulesfile ]\n" \
+"s6-tlsd options: [ -S | -s ] [ -Y | -y ] [ -K timeout ]"
+
+#define dieusage() strerr_dieusage(100, USAGE)
+
+typedef struct options_s options_t, *options_t_ref ;
+struct options_s
+{
+  uint64 uid ;
+  char const *localname ;
+  char const *banner ;
+  char const *rules ;
+  gid_t gids[NGROUPS_MAX] ;
+  gid_t gid ;
+  unsigned int maxconn ;
+  unsigned int localmaxconn ;
+  unsigned int backlog ;
+  unsigned int gidn ;
+  unsigned int timeout ;
+  unsigned int kimeout ;
+  unsigned int verbosity : 2 ;
+  unsigned int flag46 : 2 ;
+  unsigned int flag1 : 1 ;
+  unsigned int flagU : 1 ;
+  unsigned int flagw : 1 ;
+  unsigned int flagD : 1 ;
+  unsigned int flagH : 1 ;
+  unsigned int flagr : 1 ;
+  unsigned int flagp : 1 ;
+  unsigned int ruleswhat : 2 ;
+  unsigned int flagS : 1 ;
+  unsigned int flagy : 1 ;
+  unsigned int doaccess : 1 ;
+} ;
+
+#define OPTIONS_ZERO \
+{ \
+  .uid = 0, \
+  .localname = 0, \
+  .banner = 0, \
+  .rules = 0, \
+  .maxconn = 0, \
+  .localmaxconn = 0, \
+  .backlog = (unsigned int)-1, \
+  .gidn = (unsigned int)-1, \
+  .gid = 0, \
+  .timeout = 0, \
+  .kimeout = 0, \
+  .verbosity = 1, \
+  .flag46 = 0, \
+  .flag1 = 0, \
+  .flagU = 0, \
+  .flagw = 0, \
+  .flagD = 0, \
+  .flagH = 0, \
+  .flagr = 0, \
+  .flagp = 0, \
+  .ruleswhat = 0, \
+  .flagS = 0, \
+  .flagy = 0, \
+  .doaccess = 0 \
+}
+
+int main (int argc, char const *const *argv, char const *const *envp)
+{
+  options_t o = OPTIONS_ZERO ;
+  PROG = "s6-tlsserver" ;
+  {
+    subgetopt_t l = SUBGETOPT_ZERO ;
+    for (;;)
+    {
+      register int opt = subgetopt_r(argc, argv, "qQv461c:C:b:G:g:u:UWwDdHhRrPpl:B:t:i:x:SsYyK:", &l) ;
+      if (opt == -1) break ;
+      switch (opt)
+      {
+        case 'q' : o.verbosity = 0 ; break ;
+        case 'Q' : o.verbosity = 1 ; break ;
+        case 'v' : o.verbosity = 2 ; break ;
+        case '4' : o.flag46 = 1 ; break ;
+        case '6' : o.flag46 = 2 ; break ;
+        case '1' : o.flag1 = 1 ; break ;
+        case 'c' : if (!uint0_scan(l.arg, &o.maxconn)) dieusage() ; if (!o.maxconn) o.maxconn = 1 ; break ;
+        case 'C' : if (!uint0_scan(l.arg, &o.localmaxconn)) dieusage() ; if (!o.localmaxconn) o.localmaxconn = 1 ; break ;
+        case 'b' : if (!uint0_scan(l.arg, &o.backlog)) dieusage() ; break ;
+        case 'G' : if (!gid_scanlist(o.gids, NGROUPS_MAX, l.arg, &o.gidn) && *l.arg) dieusage() ; break ;
+        case 'g' : if (!uint0_scan(l.arg, &o.gid)) dieusage() ; break ;
+        case 'u' : if (!uint0_scan(l.arg, &o.uid)) dieusage() ; break ;
+        case 'U' : o.flagU = 1 ; o.uid = 0 ; o.gid = 0 ; o.gidn = (unsigned int)-1 ; break ;
+        case 'W' : o.flagw = 0 ; break ;
+        case 'w' : o.flagw = 1 ; break ;
+        case 'D' : o.flagD = 1 ; o.doaccess = 1 ; break ;
+        case 'd' : o.flagD = 0 ; break ;
+        case 'H' : o.flagH = 1 ; o.doaccess = 1 ; break ;
+        case 'h' : o.flagh = 0 ; break ;
+        case 'R' : o.flagr = 0 ; break ;
+        case 'r' : o.flagr = 1 ; o.doaccess = 1 ; break ;
+        case 'P' : o.flagp = 0 ; break ;
+        case 'p' : o.flagp = 1 ; o.doaccess = 1 ; break ;
+        case 'l' : o.localname = l.arg ; o.doaccess = 1 ; break ;
+        case 'B' : o.banner = l.arg ; o.doaccess = 1 ; break ;
+        case 't' : if (!uint0_scan(l.arg, &o.timeout)) dieusage() ; break ;
+        case 'i' : o.rules = l.arg ; o.ruleswhat = 1 ; o.doaccess = 1 ; break ;
+        case 'x' : o.rules = l.arg ; o.ruleswhat = 2 ; o.doaccess = 1 ; break ;
+        case 'S' : o.flagS = 1 ; break ;
+        case 's' : o.flagS = 0 ; break ;
+        case 'Y' : o.flagy = 0 ; break ;
+        case 'y' : o.flagy = 1 ; break ;
+        case 'K' : if (!uint0_scan(l.arg, &o.kimeout)) dieusage() ; break ;
+        default : dieusage() ;
+      }
+    }
+    argc -= l.ind ; argv += l.ind ;
+    if (argc < 3) dieusage() ;
+  }
+
+  {
+    unsigned int m = 0 ;
+    unsigned int pos = 0 ;
+    char fmt[UINT_FMT * 5 + GID_FMT * (NGROUPS_MAX + 1) + UINT64_FMT] ;
+    char const *newargv[44 + argc] ;
+    newargv[m++] = S6_NETWORKING_BINPREFIX "s6-tcpserver" ;
+    if (o.verbosity != 1) newargv[m++] = o.verbosity ? "-v" ; "-q" ;
+    if (o.flag46) newargv[m++] = o.flag46 == 1 ? "-4" : "-6" ;
+    if (o.flag1) newargv[m++] = "-1" ;
+    if (o.maxconn)
+    {
+      newargv[m++] = "-c" ;
+      newargv[m++] = fmt + pos ;
+      pos += uint_fmt(fmt + pos, maxconn) ;
+      fmt[pos++] = 0 ;
+    }
+    if (o.localmaxconn)
+    {
+      newargv[m++] = "-C" ;
+      newargv[m++] = fmt + pos ;
+      pos += uint_fmt(fmt + pos, o.localmaxconn) ;
+      fmt[pos++] = 0 ;
+    }
+    if (backlog != (unsigned int)-1)
+    {
+      newargv[m++] = "-b" ;
+      newargv[m++] = fmt + pos ;
+      pos += uint_fmt(fmt + pos, backlog) ;
+      fmt[pos++] = 0 ;
+    }
+    if (o.gidn != (unsigned int)-1)
+    {
+      newargv[m++] = "-G" ;
+      newargv[m++] = fmt + pos ;
+      pos += gid_fmtlist(fmt + pos, o.gids, o.gidn) ;
+      fmt[pos++] = 0 ;
+    }
+    if (o.gid)
+    {
+      newargv[m++] = "-g" ;
+      newargv[m++] = fmt + pos ;
+      pos += gid_fmt(fmt + pos, o.gid) ;
+      fmt[pos++] = 0 ;
+    }
+    if (o.uid)
+    {
+      newargv[m++] = "-u" ;
+      newargv[m++] = fmt + pos ;
+      pos += uint64_fmt(fmt + pos, o.uid) ;
+      fmt[pos++] = 0 ;
+    }
+    if (o.flagU) newargv[m++] = "-U" ;
+    newargv[m++] = "--" ;
+    if (o.doaccess)
+    {
+      newargv[m++] = S6_NETWORKING_BINPREFIX "s6-tcpserver-access" ;
+      if (o.verbosity != 1)
+      {
+        newargv[m++] = "-v" ;
+        newargv[m++] = o.verbosity ? "2" : "0" ;
+      }
+      if (o.flagw) newargv[m++] = "-w" ;
+      if (o.flagD) newargv[m++] = "-D" ;
+      if (o.flagH) newargv[m++] = "-H" ;
+      if (o.flagr) newargv[m++] = "-r" ;
+      if (o.flagp) newargv[m++] = "-p" ;
+      if (o.localname)
+      {
+        newargv[m++] = "-l" ;
+        newargv[m++] = o.localname ;
+      }
+      if (o.banner)
+      {
+        newargv[m++] = "-B" ;
+        newargv[m++] = o.banner ;
+      }
+      if (o.timeout)
+      {
+        newargv[m++] = "-t" ;
+        newargv[m++] = fmt + pos ;
+        pos += uint_fmt(fmt + pos, o.timeout) ;
+        fmt[pos++] = 0 ;
+      }
+      if (o.ruleswhat)
+      {
+        newargv[m++] = o.ruleswhat == 1 ? "-i" : "-x" ;
+        newargv[m++] = o.rules ;
+      }
+      newargv[m++] = "--" ;
+    }
+    newargv[m++] = S6_NETWORKING_BINPREFIX "s6-tlsd" ;
+    if (o.verbosity != 1)
+    {
+      newargv[m++] = "-v" ;
+      newargv[m++] = o.verbosity ? "2" : "0" ;
+    }
+    if (o.flagS) newargv[m++] = "-S" ;
+    if (o.flagy) newargv[m++] = "-y" ;
+    if (o.kimeout)
+    {
+      newargv[m++] = "-K" ;
+      newargv[m++] = fmt + pos ;
+      pos += uint_fmt(fmt + pos, o.kimeout) ;
+      fmt[pos++] = 0 ;
+    }
+    newargv[m++] = "--" ;
+    while (*argv) newargv[m++] = *argv++ ;
+    newargv[m++] = 0 ;
+    pathexec_run(newargv[0], newargv, envp) ;
+    strerr_dieexec(111, newargv[0]) ;
+  }
+}
author	Laurent Bercot <ska-skaware@skarnet.org>	2016-11-25 18:16:05 +0000
committer	Laurent Bercot <ska-skaware@skarnet.org>	2016-11-25 18:16:05 +0000
commit	018025f0f36a4847df265c9948dbaf7073ed3245 (patch)
tree	984c9a4bba06ef8abc02d0fbe81a70ec28c6f529 /src/conn-tools
parent	6421a5e923b0f695047b429e4176bca2873c5189 (diff)
download	s6-networking-018025f0f36a4847df265c9948dbaf7073ed3245.tar.xz