Subversion Repositories planix.SVN

#include <u.h>

#include <libc.h>

#include <bio.h>

#include <mp.h>

#include <libsec.h>

enum{ BufSize = 8192 };

char *remotesys, *logfile;

int debug, p[2];

void

death(void *, char *)

{

	int pid;

	close(0);

	close(1);

	close(p[1]);

	pid = getpid();

	postnote(PNGROUP, pid, "die");

	postnote(PNGROUP, pid, "die");

	postnote(PNGROUP, pid, "die");

	_exits(0);

}

static void

dump(int fd, uchar *buf, int n, char *label)

{

	Biobuf bout;

	int i;

	Binit(&bout, fd, OWRITE);

	Bprint(&bout, "%s<%d>: ", label, n);

	if(n > 64)

		n = 64;

	for(i = 0; i < n; i++)

		Bprint(&bout, "%2.2x ", buf[i]);

	Bprint(&bout, "\n");

	Bterm(&bout);

}

static void

xfer(int from, int to, int cfd, char *label)

{

	uchar buf[BufSize];

	int n;

	if(fork() == 0)

		return;

	close(cfd);

	for(;;){

		n = read(from, buf, sizeof(buf));

		if(n <= 0){

			fprint(2, "%s EOF\n", label);

			close(to);

			close(from);

			death(nil, nil);

		}

		dump(2, buf, n, label);

		n = write(to, buf, n);

		if(n < 0){

			fprint(2, "%s write err\n", label);

			close(to);

			close(from);

			death(nil, nil);

		}

	}

}

static int

dumper(int fd)

{

	int p[2];

	if(pipe(p) < 0)

		sysfatal("can't make pipe: %r");

	xfer(fd, p[0], p[1], "read");

	xfer(p[0], fd, p[1], "write");

	close(p[0]);

	return p[1];

}

static int

reporter(char *fmt, ...)

{

	va_list ap;

	char buf[2000];

	va_start(ap, fmt);

	if(logfile){

		vsnprint(buf, sizeof buf, fmt, ap);

		syslog(0, logfile, "%s tls reports %s", remotesys, buf);

	}else{

		fprint(2, "%s: %s tls reports ", argv0, remotesys);

		vfprint(2, fmt, ap);

		fprint(2, "\n");

	}

	va_end(ap);

	return 0;

}

void

usage(void)

{

	fprint(2, "usage: tlssrv -c cert [-D] [-l logfile] [-r remotesys] [cmd args...]\n");

	fprint(2, "  after  auth/secretpem key.pem > /mnt/factotum/ctl\n");

	exits("usage");

}

void

main(int argc, char *argv[])

{

	TLSconn *conn;

	uchar buf[BufSize];

	char *cert;

	int n, fd, clearfd;

	debug = 0;

	remotesys = nil;

	cert = nil;

	logfile = nil;

	ARGBEGIN{

	case 'D':

		debug++;

		break;

	case 'c':

		cert = EARGF(usage());

		break;

	case 'l':

		logfile = EARGF(usage());

		break;

	case 'r':

		remotesys = EARGF(usage());

		break;

	default:

		usage();

	}ARGEND

	if(cert == nil)

		sysfatal("no certificate specified");

	if(remotesys == nil)

		remotesys = "";

	conn = (TLSconn*)mallocz(sizeof *conn, 1);

	if(conn == nil)

		sysfatal("out of memory");

	conn->chain = readcertchain(cert);

	if (conn->chain == nil)

		sysfatal("can't read certificate");

	conn->cert = conn->chain->pem;

	conn->certlen = conn->chain->pemlen;

	conn->chain = conn->chain->next;

	if(debug)

		conn->trace = reporter;

	clearfd = 0;

	fd = 1;

	if(debug > 1)

		fd = dumper(fd);

	fd = tlsServer(fd, conn);

	if(fd < 0){

		reporter("failed: %r");

		exits(0);

	}

	reporter("open");

	if(argc > 0){

		if(pipe(p) < 0)

			exits("pipe");

		switch(fork()){

		case 0:

			close(fd);

			dup(p[0], 0);

			dup(p[0], 1);

			close(p[1]);

			close(p[0]);

			exec(argv[0], argv);

			reporter("can't exec %s: %r", argv[0]);

			_exits("exec");

		case -1:

			exits("fork");

		default:

			close(p[0]);

			clearfd = p[1];

			break;

		}

	}

	rfork(RFNOTEG);

	notify(death);

	switch(rfork(RFPROC)){

	case -1:

		sysfatal("can't fork");

	case 0:

		for(;;){

			n = read(clearfd, buf, BufSize);

			if(n <= 0)

				break;

			if(write(fd, buf, n) != n)

				break;

		}

		break;

	default:

		for(;;){

			n = read(fd, buf, BufSize);

			if(n <= 0)

				break;

			if(write(clearfd, buf, n) != n)

				break;

		}

		break;

	}

	death(nil, nil);

}