From 5d38ea056c82221a0ddc206cd57dd7c1852a3159 Mon Sep 17 00:00:00 2001 From: Laurent Bercot Date: Sun, 4 Dec 2016 13:44:23 +0000 Subject: Remove s6-tls* dependency to libs6net. Improve gen-deps to make dynlinking easier. --- src/sbearssl/deps-lib/sbearssl | 2 +- src/sbearssl/sbearssl-internal.h | 1 + src/sbearssl/sbearssl_clean_tls_and_spawn.c | 21 +++++++++++++++++++++ src/sbearssl/sbearssl_s6tlsc.c | 3 +-- src/sbearssl/sbearssl_s6tlsd.c | 1 - 5 files changed, 24 insertions(+), 4 deletions(-) create mode 100644 src/sbearssl/sbearssl_clean_tls_and_spawn.c (limited to 'src/sbearssl') diff --git a/src/sbearssl/deps-lib/sbearssl b/src/sbearssl/deps-lib/sbearssl index d5964e6..b3e69bb 100644 --- a/src/sbearssl/deps-lib/sbearssl +++ b/src/sbearssl/deps-lib/sbearssl @@ -1,4 +1,5 @@ sbearssl_append.o +sbearssl_clean_tls_and_spawn.o sbearssl_cert_from.o sbearssl_cert_readbigpem.o sbearssl_cert_readfile.o @@ -33,5 +34,4 @@ sbearssl_x509_minimal_set_tai.o sbearssl_s6tlsc.o sbearssl_s6tlsd.o -lbearssl --ls6net -lskarnet diff --git a/src/sbearssl/sbearssl-internal.h b/src/sbearssl/sbearssl-internal.h index eee3b84..ac5e4e2 100644 --- a/src/sbearssl/sbearssl-internal.h +++ b/src/sbearssl/sbearssl-internal.h @@ -18,5 +18,6 @@ struct sbearssl_strallocerr_s extern void sbearssl_append (void *, void const *, size_t) ; extern int sbearssl_pem_push (br_pem_decoder_context *, char const *, size_t, sbearssl_pemobject *, genalloc *, sbearssl_strallocerr *, int *) ; +extern pid_t sbearssl_clean_tls_and_spawn (char const *const *, char const *const *, int *, uint32_t) ; #endif diff --git a/src/sbearssl/sbearssl_clean_tls_and_spawn.c b/src/sbearssl/sbearssl_clean_tls_and_spawn.c new file mode 100644 index 0000000..258db90 --- /dev/null +++ b/src/sbearssl/sbearssl_clean_tls_and_spawn.c @@ -0,0 +1,21 @@ +/* ISC license. */ + +#include +#include +#include +#include "sbearssl-internal.h" + +pid_t sbearssl_clean_tls_and_spawn (char const *const *argv, char const *const *envp, int *fds, uint32_t options) +{ + if (!(options & 1)) return child_spawn2(argv[0], argv, envp, fds) ; + else + { + char const modifs[] = "CADIR\0CAFILE\0KEYFILE\0CERTFILE\0TLS_UID\0TLS_GID" ; + size_t modiflen = sizeof(modifs) ; + size_t n = env_len(envp) ; + char const *newenv[n + 7] ; + size_t newenvlen = env_merge(newenv, n+7, envp, n, modifs, modiflen) ; + if (!newenvlen) return 0 ; + return child_spawn2(argv[0], argv, newenv, fds) ; + } +} diff --git a/src/sbearssl/sbearssl_s6tlsc.c b/src/sbearssl/sbearssl_s6tlsc.c index f20f293..598774a 100644 --- a/src/sbearssl/sbearssl_s6tlsc.c +++ b/src/sbearssl/sbearssl_s6tlsc.c @@ -11,7 +11,6 @@ #include #include #include -#include #include int sbearssl_s6tlsc (char const *const *argv, char const *const *envp, tain_t const *tto, uint32_t preoptions, uint32_t options, uid_t uid, gid_t gid, unsigned int verbosity, char const *servername, int *sfd) @@ -67,7 +66,7 @@ int sbearssl_s6tlsc (char const *const *argv, char const *const *envp, tain_t co br_ssl_engine_inject_entropy(&cc.eng, buf, 32) ; random_finish() ; - pid = s6net_clean_tls_and_spawn(argv, envp, fds, !!(preoptions & 2)) ; + pid = sbearssl_clean_tls_and_spawn(argv, envp, fds, !!(preoptions & 2)) ; if (gid && setgid(gid) < 0) strerr_diefu1sys(111, "setgid") ; if (uid && setuid(uid) < 0) strerr_diefu1sys(111, "setuid") ; diff --git a/src/sbearssl/sbearssl_s6tlsd.c b/src/sbearssl/sbearssl_s6tlsd.c index 2cb3d21..aa32ed1 100644 --- a/src/sbearssl/sbearssl_s6tlsd.c +++ b/src/sbearssl/sbearssl_s6tlsd.c @@ -11,7 +11,6 @@ #include #include #include -#include #include int sbearssl_s6tlsd (char const *const *argv, char const *const *envp, tain_t const *tto, uint32_t preoptions, uint32_t options, uid_t uid, gid_t gid, unsigned int verbosity) -- cgit v1.2.3