Make TLS spawn instead of exec, sigh

6 files changed, 55 insertions, 17 deletions

diff --git a/INSTALL b/INSTALL
index 15c2da3..447a602 100644
--- a/INSTALL
+++ b/INSTALL
@@ -6,7 +6,7 @@ Build Instructions
 
   - A POSIX-compliant C development environment
   - GNU make version 3.81 or later
-  - skalibs version 2.14.5.1 or later: https://skarnet.org/software/skalibs/
+  - skalibs version 2.14.5.2 or later: https://skarnet.org/software/skalibs/
   - s6 version 2.14.0.1 or later: https://skarnet.org/software/s6/
   - s6-networking version 2.7.2.1 or later: https://skarnet.org/software/s6-networking/
 
diff --git a/NEWS b/NEWS
index 382766c..0144c50 100644
--- a/NEWS
+++ b/NEWS
@@ -3,7 +3,8 @@ Changelog for smtpd-starttls-proxy.
 In 0.1.0.0
 ----------
 
- - New binary: qmail-remote.
+ - New binary: qmail-remote. Comes with a qmail-remote-io helper.
+This is a full implementation of qmail's SMTP client.
 
 
 In 0.0.2.1
diff --git a/doc/index.html b/doc/index.html
index 3b350ea..c5423e5 100644
--- a/doc/index.html
+++ b/doc/index.html
@@ -34,7 +34,7 @@ inetd-like mail servers that do not already support it.
  <li> A POSIX-compliant system with a standard C development environment </li>
  <li> GNU make, version 3.81 or later </li>
  <li> <a href="//skarnet.org/software/skalibs/">skalibs</a> version
-2.14.5.1 or later. It's a build-time requirement. It's also a run-time
+2.14.5.2 or later. It's a build-time requirement. It's also a run-time
 requirement if you link against the shared version of the skalibs
 library. </li>
  <li> <a href="//skarnet.org/software/s6/">s6</a> version
diff --git a/doc/upgrade.html b/doc/upgrade.html
index 1dba5fc..5393bc0 100644
--- a/doc/upgrade.html
+++ b/doc/upgrade.html
@@ -22,7 +22,7 @@
 
 <ul>
  <li> <a href="//skarnet.org/software/skalibs/">skalibs</a>
-dependency bumped to 2.14.5.1 </li>
+dependency bumped to 2.14.5.2 </li>
  <li> <a href="//skarnet.org/software/s6/">s6</a>
 dependency bumped to 2.14.0.1 </li>
  <li> New dependency: <a href="//skarnet.org/software/s6-dns/">s6-dns</a> 2.4.1.1 </li>
diff --git a/package/deps-build b/package/deps-build
index f687cff..0041709 100644
--- a/package/deps-build
+++ b/package/deps-build
@@ -1,4 +1,4 @@
-true	true	/package/prog/skalibs		2.14.5.1	libskarnet
+true	true	/package/prog/skalibs		2.14.5.2	libskarnet
 true	false	/package/admin/s6		2.14.0.1	libs6
 true	false	/package/web/s6-dns		2.4.1.1		libs6dns
 true	false	/package/net/s6-networking	2.7.2.1
diff --git a/src/qmail-remote/tls.c b/src/qmail-remote/tls.c
index 8c4c068..77be6f8 100644
--- a/src/qmail-remote/tls.c
+++ b/src/qmail-remote/tls.c
@@ -1,10 +1,12 @@
 /* ISC license. */
 
+#include <sys/wait.h>
 #include <unistd.h>
 #include <limits.h>
 
 #include <skalibs/types.h>
 #include <skalibs/env.h>
+#include <skalibs/allreadwrite.h>
 #include <skalibs/stralloc.h>
 #include <skalibs/cspawn.h>
 #include <skalibs/djbunix.h>
@@ -16,11 +18,32 @@
 #include "qmailr.h"
 #include "qmail-remote.h"
 
+/*
+  Ideally, we would just exec into "s6-tlsc qmail-remote-io".
+  Unfortunately, the interface with qmail-rspawn is super weird:
+we don't have access to stderr directly, stdout counts as both a
+protocol channel and an error channel so we need to prepend
+messages with Z|D|K and null-terminate them, and qmail-rspawn
+hates a child that doesn't exit 0 or 111.
+  s6-tlsc writes error messages to its stderr and exits nonzero
+and non-111 in important TLS failure cases that we want to report.
+So instead of execing, we spawn it and stick around to translate
+the exit code and the error message back to qmail-rspawn.
+*/
+
 void run_tls (int fdr, char const *fmtip, unsigned int timeoutconnect, unsigned int timeoutremote, qmailr_tls const *qtls, size_t helopos, size_t const *eaddrpos, unsigned int n, char const *storage)
 {
+  int wstat ;
+  pid_t pid ;
   int fdw = dup(fdr) ;
   unsigned int m = 0 ;
   stralloc modif = STRALLOC_ZERO ;
+  cspawn_fileaction fa[2] =
+  {
+    [0] = { .type = CSPAWN_FA_CLOSE },
+    [1] = { .type = CSPAWN_FA_MOVE, .x = { .fd2 = { [0] = 2 } } }
+  } ;
+  int p[2] ;
   char fmtr[UINT_FMT] ;
   char fmtw[UINT_FMT] ;
   char fmtt[UINT_FMT] ;
@@ -28,6 +51,10 @@ void run_tls (int fdr, char const *fmtip, unsigned int timeoutconnect, unsigned
   char const *argv[20 + n] ;
 
   if (fdw == -1) qmailr_tempusys("duplicate file descriptor") ;
+  if (pipe(p) == -1) qmailr_tempusys("pipe") ;
+  fa[1].x.fd = p[0] ;
+  fa[1].x.fd2[1] = p[1] ;
+
   if (!env_addmodif(&modif, "TLS_UID", 0) || !env_addmodif(&modif, "TLS_GID", 0)
    || !env_addmodif(&modif, qtls->flagtadir ? "CADIR" : "CAFILE", storage + qtls->tapos)) dienomem() ;
   if (qtls->flagclientcert)
@@ -36,22 +63,13 @@ void run_tls (int fdr, char const *fmtip, unsigned int timeoutconnect, unsigned
      || !env_addmodif(&modif, "KEYFILE", storage + qtls->keypos)) dienomem() ;
   }
 
-  {
-    int devnull = open_readb("/dev/null") ;
-    if (devnull >= 0)
-    {
-      if (devnull < 3) qmailr_temp("weird fd configuration") ;
-      fd_move(2, devnull) ;
-    }
-  }
-
   fmtr[uint_fmt(fmtr, (unsigned int)fdr)] = 0 ;
   fmtw[uint_fmt(fmtw, (unsigned int)fdw)] = 0 ;
   fmtt[uint_fmt(fmtt, timeoutremote)] = 0 ;
   fmtk[uint_fmt(fmtk, timeoutconnect > UINT_MAX/1000 ? UINT_MAX : timeoutconnect * 1000)] = 0 ;
 
   argv[m++] = S6_NETWORKING_EXTBINPREFIX "s6-tlsc" ;
-  argv[m++] = "-Sjzv0" ;
+  argv[m++] = "-Sjzv0" ;  /* S = use close_notify, v0 = as silent as possible */
   argv[m++] = "-K" ;
   argv[m++] = fmtk ;
   argv[m++] = "-6" ;
@@ -72,6 +90,25 @@ void run_tls (int fdr, char const *fmtip, unsigned int timeoutconnect, unsigned
   argv[m++] = storage + helopos ;
   for (unsigned int i = 0 ; i < n ; i++) argv[m++] = storage + eaddrpos[i] ;
   argv[m++] = 0 ;
-  mexec_m(argv, modif.s, modif.len) ;
-  qmailr_tempusys("exec ", argv[0]) ;
+  pid = mspawn_m(argv, modif.s, modif.len, 0, fa, 2) ;
+  if (!pid) qmailr_tempusys("spawn ", argv[0]) ;
+
+  stralloc_free(&modif) ;
+  fd_close(p[1]) ;
+  if (wait_pid(pid, &wstat) == -1) qmailr_tempusys("waitpid") ;
+  if (WIFSIGNALED(wstat))
+    qmailr_tempusys("either s6-tlsc or qmail-remote-io crashed") ;
+
+  {
+    char buf[4096] ;
+    size_t r = fd_read(p[0], buf, 4096) ;
+    if (r == -1) qmailr_tempusys("read from pipe") ;
+    if (r)
+    {
+      if (r == 4096) r-- ;
+      buf[r++] = 0 ;
+      qmailr_temp(buf) ;
+    }
+  }
+  _exit(0) ;
 }