diff options
Diffstat (limited to 'src/conn-tools/s6-tlsc.c')
| -rw-r--r-- | src/conn-tools/s6-tlsc.c | 88 |
1 files changed, 43 insertions, 45 deletions
diff --git a/src/conn-tools/s6-tlsc.c b/src/conn-tools/s6-tlsc.c index d9df81c..6431ccb 100644 --- a/src/conn-tools/s6-tlsc.c +++ b/src/conn-tools/s6-tlsc.c @@ -2,67 +2,63 @@ #include <stdint.h> #include <unistd.h> -#include <errno.h> +#include <fcntl.h> + +#include <skalibs/gccattributes.h> #include <skalibs/types.h> #include <skalibs/sgetopt.h> #include <skalibs/strerr2.h> -#include <skalibs/tai.h> #include <skalibs/env.h> #include <skalibs/djbunix.h> -#include <s6-networking/config.h> - -#ifdef S6_NETWORKING_USE_TLS - -#include <s6-networking/stls.h> -#define s6tlsc stls_s6tlsc - -#else -#ifdef S6_NETWORKING_USE_BEARSSL - -#include <s6-networking/sbearssl.h> -#define s6tlsc sbearssl_s6tlsc - -#else - -#error No SSL backend configured. - -#endif -#endif +#include "s6tls-internal.h" #define USAGE "s6-tlsc [ -S | -s ] [ -Y | -y ] [ -v verbosity ] [ -K timeout ] [ -k servername ] [ -Z | -z ] [ -6 rfd ] [ -7 wfd ] prog..." #define dieusage() strerr_dieusage(100, USAGE) -int main (int argc, char const *const *argv, char const *const *envp) +static void child (int const [3][2], int, int, uint32_t, unsigned int, unsigned int, char const *) gccattr_noreturn ; +static void child (int const p[3][2], int fdr, int fdw, uint32_t options, unsigned int verbosity, unsigned int kimeout, char const *servername) +{ + int fds[3] = { p[0][0], p[1][1], p[2][1] } ; + PROG = "s6-tlsc (child)" ; + s6tls_drop() ; + close(p[2][0]) ; + close(p[0][1]) ; + close(p[1][0]) ; + if (fd_move(0, fdr) < 0 || fd_move(1, fdw) < 0) + strerr_diefu1sys(111, "move network fds to stdin/stdout") ; + s6tls_exec_tlscio(fds, options, verbosity, kimeout, servername) ; +} + +int main (int argc, char const *const *argv) { + int fds[2] = { 6, 7 } ; char const *servername = 0 ; - tain_t tto ; unsigned int verbosity = 1 ; - uid_t uid = 0 ; - gid_t gid = 0 ; - uint32_t preoptions = 2 ; - uint32_t options = 1 ; - int fds[2] = { 6, 7 } ; + unsigned int kimeout = 0 ; + int p[3][2] ; + uint32_t options = 0 ; + int cleanenv = 1 ; + pid_t pid ; PROG = "s6-tlsc" ; { subgetopt_t l = SUBGETOPT_ZERO ; - unsigned int t = 0 ; for (;;) { int opt = subgetopt_r(argc, argv, "SsYyv:K:k:Zz6:7:", &l) ; if (opt == -1) break ; switch (opt) { - case 'S' : options &= ~(uint32_t)1 ; break ; - case 's' : options |= 1 ; break ; - case 'Y' : preoptions &= ~(uint32_t)1 ; break ; - case 'y' : preoptions |= 1 ; break ; + case 'S' : options &= ~4 ; break ; + case 's' : options |= 4 ; break ; + case 'Y' : options &= ~1 ; break ; + case 'y' : options |= 1 ; break ; case 'v' : if (!uint0_scan(l.arg, &verbosity)) dieusage() ; break ; - case 'K' : if (!uint0_scan(l.arg, &t)) dieusage() ; break ; + case 'K' : if (!uint0_scan(l.arg, &kimeout)) dieusage() ; break ; case 'k' : servername = l.arg ; break ; - case 'Z' : preoptions &= ~(uint32_t)2 ; break ; - case 'z' : preoptions |= 2 ; break ; + case 'Z' : cleanenv = 0 ; break ; + case 'z' : cleanenv = 1 ; break ; case '6' : { unsigned int fd ; @@ -81,18 +77,20 @@ int main (int argc, char const *const *argv, char const *const *envp) } } argc -= l.ind ; argv += l.ind ; - if (t) tain_from_millisecs(&tto, t) ; else tto = tain_infinite_relative ; } if (!argc) dieusage() ; - - if (!getuid()) + fd_sanitize() ; + if (fcntl(fds[0], F_GETFD) < 0 || fcntl(fds[1], F_GETFD) < 0) + strerr_diefu1sys(111, "check network fds") ; + if (pipe(p[0]) < 0 || pipe(p[1]) < 0 || pipe(p[2]) < 0) + strerr_diefu1sys(111, "pipe") ; + pid = fork() ; + switch (pid) { - char const *x = env_get2(envp, "TLS_UID") ; - if (x && !uid0_scan(x, &uid)) strerr_dieinvalid(100, "TLS_UID") ; - x = env_get2(envp, "TLS_GID") ; - if (x && !gid0_scan(x, &gid)) strerr_dieinvalid(100, "TLS_GID") ; + case -1 : strerr_diefu1sys(111, "fork") ; + case 0 : child(p, fds[0], fds[1], options, verbosity, kimeout, servername) ; + default : break ; } - tain_now_set_stopwatch_g() ; - return s6tlsc(argv, envp, &tto, preoptions, options, uid, gid, verbosity, servername, fds) ; + s6tls_wait_and_exec_app(argv, p, pid, fds[0], fds[1], cleanenv ? 1 : 0) ; } |