aboutsummaryrefslogtreecommitdiffstats
path: root/src/conn-tools/s6tls_wait_and_exec_app.c
diff options
context:
space:
mode:
authorLaurent Bercot <ska-skaware@skarnet.org>2020-11-20 23:24:29 +0000
committerLaurent Bercot <ska-skaware@skarnet.org>2020-11-20 23:24:29 +0000
commit5715c21a077ee1c2fe8957cb4adcea14fd2eda6b (patch)
treecf3e992dce2d426727b535703b0b73dbafb41dbb /src/conn-tools/s6tls_wait_and_exec_app.c
parent1fea1f6ed53cae7f752c9a78271c7c8367b0ad03 (diff)
downloads6-networking-5715c21a077ee1c2fe8957cb4adcea14fd2eda6b.tar.gz
Refactor tls code to support ucspi-tls
That includes: - new architecture: the tls binary is now a child of the app instead of the other way around - the sbearssl_run engine now takes a post-handshake callback. This allows s6-tlsc and s6-tlsd to only exec into the app when the handshake succeeds (which was already the case with libressl). - new binaries s6-tlsc-io and s6-tlsd-io encapsulate the crypto code; they init and run the engine, connecting to 4 already open fds (stdin/stdout = network, argv[1] and argv[2] = local) - s6-tlsc is now a simple wrapper around s6-tlsc-io - s6-tlsd is now a simple wrapper around s6-tlsd-io - new binary: s6-ucspitlsd, which is also a wrapper around s6-tlsd-io, but differently: the parent execs the app which should be ucspi-tls-aware, the child waits for a command from the parent and execs into s6-tlsd-io if it receives it.
Diffstat (limited to 'src/conn-tools/s6tls_wait_and_exec_app.c')
-rw-r--r--src/conn-tools/s6tls_wait_and_exec_app.c43
1 files changed, 43 insertions, 0 deletions
diff --git a/src/conn-tools/s6tls_wait_and_exec_app.c b/src/conn-tools/s6tls_wait_and_exec_app.c
new file mode 100644
index 0000000..20828f6
--- /dev/null
+++ b/src/conn-tools/s6tls_wait_and_exec_app.c
@@ -0,0 +1,43 @@
+/* ISC license. */
+
+#include <stdint.h>
+#include <unistd.h>
+
+#include <skalibs/posixplz.h>
+#include <skalibs/strerr2.h>
+#include <skalibs/env.h>
+#include <skalibs/djbunix.h>
+
+#include "s6tls-internal.h"
+
+#define MAXENVSIZE 2048
+
+void s6tls_wait_and_exec_app (char const *const *argv, int const p[3][2], pid_t pid, int fdr, int fdw, uint32_t options)
+{
+ char buf[sizeof(s6tls_envvars) + MAXENVSIZE] ;
+ size_t m = 0 ;
+ ssize_t r ;
+ close(p[2][1]) ;
+ close(p[1][1]) ;
+ close(p[0][0]) ;
+ if (fd_move(fdr, p[1][0]) < 0 || fd_move(fdw, p[0][1]) < 0)
+ strerr_diefu1sys(111, "move file descriptors") ;
+ if (options & 1)
+ {
+ memcpy(buf + m, s6tls_envvars, sizeof(s6tls_envvars)) ;
+ m += sizeof(s6tls_envvars) ;
+ }
+ r = read(p[2][0], buf + m, MAXENVSIZE) ;
+ if (r < 0) strerr_diefu1sys(111, "read from handshake notification pipe") ;
+ if (!r)
+ {
+ int wstat ;
+ if (wait_pid(pid, &wstat) < 0)
+ strerr_diefu1sys(111, "wait") ;
+ _exit(wait_estatus(wstat)) ;
+ }
+ if (r >= MAXENVSIZE)
+ strerr_dief1x(100, "SSL data too large") ;
+ m += r - 1 ;
+ xpathexec_r(argv, (char const *const *)environ, env_len((char const *const *)environ), buf, m) ;
+}