[exim-cvs] TLS: track changing fd of file-watcher when creds…

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: Exim Git Commits Mailing List
Ημερομηνία:  
Προς: exim-cvs
Αντικείμενο: [exim-cvs] TLS: track changing fd of file-watcher when creds are releaded.
Gitweb: https://git.exim.org/exim.git/commitdiff/ab61e5ff8fdbddafb2a05a3b7a427135701960d6
Commit:     ab61e5ff8fdbddafb2a05a3b7a427135701960d6
Parent:     20395676aba7fa5eb9a2c5e0b9f582ec2b3e71e4
Author:     Jeremy Harris <jgh146exb@???>
AuthorDate: Sun Jun 27 18:58:44 2021 +0100
Committer:  Jeremy Harris <jgh146exb@???>
CommitDate: Sun Jun 27 21:03:02 2021 +0100


    TLS: track changing fd of file-watcher when creds are releaded.


    Broken-by: 5fd673807d
---
 src/src/daemon.c    |  9 ++++++++-
 src/src/functions.h |  2 +-
 src/src/tls.c       | 14 ++++++++++++--
 3 files changed, 21 insertions(+), 4 deletions(-)


diff --git a/src/src/daemon.c b/src/src/daemon.c
index b088e34..a4b1e26 100644
--- a/src/src/daemon.c
+++ b/src/src/daemon.c
@@ -2462,7 +2462,14 @@ for (;;)

 #ifndef DISABLE_TLS
       /* Create or rotate any required keys; handle (delayed) filewatch event */
-      tls_daemon_tick();
+      for (int old_tfd = tls_daemon_tick(); old_tfd >= 0; )
+    {
+    FD_CLR(old_tfd, &select_listen);
+    if (old_tfd == listen_fd_max - 1) listen_fd_max = old_tfd;
+    if (tls_watch_fd >= 0)
+      add_listener_socket(tls_watch_fd, &select_listen, &listen_fd_max);
+    break;
+    }
 #endif
       errno = select_errno;
       }
diff --git a/src/src/functions.h b/src/src/functions.h
index 6029ab4..e349721 100644
--- a/src/src/functions.h
+++ b/src/src/functions.h
@@ -58,7 +58,7 @@ extern void    tls_client_creds_reload(BOOL);
 extern void    tls_close(void *, int);
 extern BOOL    tls_could_read(void);
 extern void    tls_daemon_init(void);
-extern void    tls_daemon_tick(void);
+extern int     tls_daemon_tick(void);
 extern BOOL    tls_dropprivs_validate_require_cipher(BOOL);
 extern BOOL    tls_export_cert(uschar *, size_t, void *);
 extern int     tls_feof(void);
diff --git a/src/src/tls.c b/src/src/tls.c
index 3de417e..0df9984 100644
--- a/src/src/tls.c
+++ b/src/src/tls.c
@@ -359,11 +359,18 @@ opt_unset_or_noexpand(const uschar * opt)




-/* Called every time round the daemon loop */
+/* Called every time round the daemon loop.

-void
+If we reloaded fd-watcher, return the old watch fd
+having modified the global for the new one. Otherwise
+return -1.
+*/
+
+int
tls_daemon_tick(void)
{
+int old_watch_fd = tls_watch_fd;
+
tls_per_lib_daemon_tick();
#if defined(EXIM_HAVE_INOTIFY) || defined(EXIM_HAVE_KEVENT)
if (tls_creds_expire && time(NULL) >= tls_creds_expire)
@@ -375,6 +382,7 @@ if (tls_creds_expire && time(NULL) >= tls_creds_expire)
DEBUG(D_tls) debug_printf("selfsign cert rotate\n");
tls_creds_expire = 0;
tls_daemon_creds_reload();
+ return old_watch_fd;
}
else if (tls_watch_trigger_time && time(NULL) >= tls_watch_trigger_time + 5)
{
@@ -386,8 +394,10 @@ else if (tls_watch_trigger_time && time(NULL) >= tls_watch_trigger_time + 5)
DEBUG(D_tls) debug_printf("watch triggered\n");
tls_watch_trigger_time = tls_creds_expire = 0;
tls_daemon_creds_reload();
+ return old_watch_fd;
}
#endif
+return -1;
}

/* Called once at daemon startup */