From ead934a879028ab68c14f645c06d90fa8ced175d Mon Sep 17 00:00:00 2001
From: Laurent Bercot <ska-skaware@skarnet.org>
Date: Fri, 24 Sep 2021 00:18:17 +0000
Subject:  Log client decision on s6-ucspitls[cd] -v2

Signed-off-by: Laurent Bercot <ska@appnovation.com>
---
 src/tls/s6-ucspitlsc.c | 25 +++++++++++++++++++++----
 src/tls/s6-ucspitlsd.c | 25 +++++++++++++++++++++----
 2 files changed, 42 insertions(+), 8 deletions(-)

(limited to 'src')

diff --git a/src/tls/s6-ucspitlsc.c b/src/tls/s6-ucspitlsc.c
index d2bad3d..877ffa6 100644
--- a/src/tls/s6-ucspitlsc.c
+++ b/src/tls/s6-ucspitlsc.c
@@ -17,8 +17,8 @@
 #define USAGE "s6-ucspitlsc [ -S | -s ] [ -Y | -y ] [ -v verbosity ] [ -K timeout ] [ -Z | -z ] [ -k servername ] [ -6 fdr ] [ -7 fdw ] prog..."
 #define dieusage() strerr_dieusage(100, USAGE)
 
-static inline void child (int [4][2], uint32_t, unsigned int, unsigned int, char const *) gccattr_noreturn ;
-static inline void child (int p[4][2], uint32_t options, unsigned int verbosity, unsigned int kimeout, char const *servername)
+static inline void child (int [4][2], uint32_t, unsigned int, unsigned int, char const *, pid_t) gccattr_noreturn ;
+static inline void child (int p[4][2], uint32_t options, unsigned int verbosity, unsigned int kimeout, char const *servername, pid_t pid)
 {
   int fds[3] = { p[0][0], p[1][1], p[2][1] } ;
   ssize_t r ;
@@ -31,7 +31,16 @@ static inline void child (int p[4][2], uint32_t options, unsigned int verbosity,
     strerr_diefu1sys(111, "move network fds to stdin/stdout") ;
   r = read(p[2][1], &c, 1) ;
   if (r < 0) strerr_diefu1sys(111, "read from control socket") ;
-  if (!r) _exit(0) ;
+  if (!r)
+  {
+    if (verbosity >= 2)
+    {
+      char fmt[PID_FMT] ;
+      fmt[pid_fmt(fmt, pid)] = 0 ;
+      strerr_warni4x("pid ", fmt, " declined", " opportunistic TLS") ;
+    }
+    _exit(0) ;
+  }
   switch (c)
   {
     case 'y' :
@@ -44,6 +53,12 @@ static inline void child (int p[4][2], uint32_t options, unsigned int verbosity,
     default :
       strerr_dief1x(100, "unrecognized command on control socket") ;
   }
+  if (verbosity >= 2)
+  {
+    char fmt[PID_FMT] ;
+    fmt[pid_fmt(fmt, pid)] = 0 ;
+    strerr_warni4x("pid ", fmt, " accepted", " opportunistic TLS") ;
+  }
   s6tls_exec_tlscio(fds, options, verbosity, kimeout, servername) ;
 }
 
@@ -55,6 +70,7 @@ int main (int argc, char const *const *argv, char const *const *envp)
   uint32_t coptions = 0 ;
   uint32_t poptions = 1 ;
   char const *servername = 0 ;
+  pid_t pid ;
 
   PROG = "s6-ucspitlsc (parent)" ;
   {
@@ -100,10 +116,11 @@ int main (int argc, char const *const *argv, char const *const *envp)
 
   if (ipc_pair_b(p[2]) < 0) strerr_diefu1sys(111, "ipc_pair") ;
   if (pipe(p[0]) < 0 || pipe(p[1]) < 0) strerr_diefu1sys(111, "pipe") ;
+  pid = getpid() ;
   switch (fork())
   {
     case -1 : strerr_diefu1sys(111, "fork") ;
-    case 0 : child(p, coptions, verbosity, kimeout, servername) ;
+    case 0 : child(p, coptions, verbosity, kimeout, servername, pid) ;
     default : break ;
   }
   s6tls_ucspi_exec_app(argv, p, poptions) ;
diff --git a/src/tls/s6-ucspitlsd.c b/src/tls/s6-ucspitlsd.c
index 0539d7e..9318f31 100644
--- a/src/tls/s6-ucspitlsd.c
+++ b/src/tls/s6-ucspitlsd.c
@@ -16,8 +16,8 @@
 #define USAGE "s6-ucspitlsd [ -S | -s ] [ -Y | -y ] [ -k snilevel ] [ -v verbosity ] [ -K timeout ] [ -Z | -z ] prog..."
 #define dieusage() strerr_dieusage(100, USAGE)
 
-static inline void child (int [4][2], uint32_t, unsigned int, unsigned int, unsigned int) gccattr_noreturn ;
-static inline void child (int p[4][2], uint32_t options, unsigned int verbosity, unsigned int kimeout, unsigned int snilevel)
+static inline void child (int [4][2], uint32_t, unsigned int, unsigned int, unsigned int, pid_t) gccattr_noreturn ;
+static inline void child (int p[4][2], uint32_t options, unsigned int verbosity, unsigned int kimeout, unsigned int snilevel, pid_t pid)
 {
   int fds[3] = { p[0][0], p[1][1], p[2][1] } ;
   ssize_t r ;
@@ -28,7 +28,16 @@ static inline void child (int p[4][2], uint32_t options, unsigned int verbosity,
   close(p[1][0]) ;
   r = read(p[2][1], &c, 1) ;
   if (r < 0) strerr_diefu1sys(111, "read from control socket") ;
-  if (!r) _exit(0) ;
+  if (!r)
+  {
+    if (verbosity >= 2)
+    {
+      char fmt[PID_FMT] ;
+      fmt[pid_fmt(fmt, pid)] = 0 ;
+      strerr_warni4x("pid ", fmt, " declined", " opportunistic TLS") ;
+    }
+    _exit(0) ;
+  }
   switch (c)
   {
     case 'y' :
@@ -41,6 +50,12 @@ static inline void child (int p[4][2], uint32_t options, unsigned int verbosity,
     default :
       strerr_dief1x(100, "unrecognized command on control socket") ;
   }
+  if (verbosity >= 2)
+  {
+    char fmt[PID_FMT] ;
+    fmt[pid_fmt(fmt, pid)] = 0 ;
+    strerr_warni4x("pid ", fmt, " accepted", " opportunistic TLS") ;
+  }
   s6tls_exec_tlsdio(fds, options, verbosity, kimeout, snilevel) ;
 }
 
@@ -52,6 +67,7 @@ int main (int argc, char const *const *argv)
   int p[4][2] = { [3] = { 0, 1 } } ;
   uint32_t coptions = 0 ;
   uint32_t poptions = 1 ;
+  pid_t pid ;
 
   PROG = "s6-ucspitlsd (parent)" ;
   {
@@ -80,11 +96,12 @@ int main (int argc, char const *const *argv)
 
   if (ipc_pair_b(p[2]) < 0) strerr_diefu1sys(111, "ipc_pair") ;
   if (pipe(p[0]) < 0 || pipe(p[1]) < 0) strerr_diefu1sys(111, "pipe") ;
+  pid = getpid() ;
 
   switch (fork())
   {
     case -1 : strerr_diefu1sys(111, "fork") ;
-    case 0 : child(p, coptions, verbosity, kimeout, snilevel) ;
+    case 0 : child(p, coptions, verbosity, kimeout, snilevel, pid) ;
     default : break ;
   }
   s6tls_ucspi_exec_app(argv, p, poptions) ;
-- 
cgit v1.2.3