int tls_scache_sequence(TLS_SCACHE *cp, int first_next,
char **out_cache_id, ACL_VSTRING *out_session)
{
char *member;
char *value;
char *saved_cursor;
int found_entry;
int keep_entry = 0;
char *saved_member = 0;
size_t key_size, val_size;
/*
* XXX Deleting entries while enumerating a map can he tricky. Some map
* types have a concept of cursor and support a "delete the current
* element" operation. Some map types without cursors don't behave well
* when the current first/next entry is deleted (example: with Berkeley
* DB < 2, the "next" operation produces garbage). To avoid trouble, we
* delete an expired entry after advancing the current first/next
* position beyond it, and ignore client requests to delete the current
* entry.
*/
/*
* Find the first or next database entry. Activate the passivated entry
* and check the time stamp. Schedule the entry for deletion if it is too
* old.
*
* Save the member (cache id) so that it will not be clobbered by the
* tls_scache_lookup() call below.
*/
found_entry = (DICT_SEQ(cp->db, first_next, &member, &key_size, &value, &val_size) == 0);
if (found_entry) {
keep_entry = tls_scache_decode(cp, member, value, (int) strlen(value),
out_session);
if (keep_entry && out_cache_id)
*out_cache_id = acl_mystrdup(member);
saved_member = acl_mystrdup(member);
acl_myfree(member);
acl_myfree(value);
}
/*
* Delete behind. This is a no-op if an expired cache entry was updated
* in the mean time. Use the saved lookup criteria so that the "delete
* behind" operation works as promised.
*/
if (cp->flags & TLS_SCACHE_FLAG_DEL_SAVED_CURSOR) {
cp->flags &= ~TLS_SCACHE_FLAG_DEL_SAVED_CURSOR;
saved_cursor = cp->saved_cursor;
cp->saved_cursor = 0;
tls_scache_lookup(cp, saved_cursor, (ACL_VSTRING *) 0);
acl_myfree(saved_cursor);
}
/*
* Otherwise, clean up if this is not the first iteration.
*/
else {
if (cp->saved_cursor)
acl_myfree(cp->saved_cursor);
cp->saved_cursor = 0;
}
/*
* Protect the current first/next entry against explicit or implied
* client delete requests, and schedule a bad or expired entry for
* deletion. Save the lookup criteria so that the "delete behind"
* operation will work as promised.
*/
if (found_entry) {
cp->saved_cursor = saved_member;
if (keep_entry == 0)
cp->flags |= TLS_SCACHE_FLAG_DEL_SAVED_CURSOR;
}
return (found_entry);
}
static void tlsmgr_service(VSTREAM *client_stream, char *unused_service,
char **argv)
{
static VSTRING *request = 0;
static VSTRING *cache_type = 0;
static VSTRING *cache_id = 0;
static VSTRING *buffer = 0;
int len;
static char wakeup[] = { /* master wakeup request */
TRIGGER_REQ_WAKEUP,
0,
};
TLSMGR_SCACHE *ent;
int status = TLS_MGR_STAT_FAIL;
/*
* Sanity check. This service takes no command-line arguments.
*/
if (argv[0])
msg_fatal("unexpected command-line argument: %s", argv[0]);
/*
* Initialize. We're select threaded, so we can use static buffers.
*/
if (request == 0) {
request = vstring_alloc(10);
cache_type = vstring_alloc(10);
cache_id = vstring_alloc(10);
buffer = vstring_alloc(10);
}
/*
* This routine runs whenever a client connects to the socket dedicated
* to the tlsmgr service (including wake up events sent by the master).
* All connection-management stuff is handled by the common code in
* multi_server.c.
*/
if (tlsmgr_request_receive(client_stream, request) == 0) {
/*
* Load session from cache.
*/
if (STREQ(STR(request), TLS_MGR_REQ_LOOKUP)) {
if (attr_scan(client_stream, ATTR_FLAG_STRICT,
ATTR_TYPE_STR, TLS_MGR_ATTR_CACHE_TYPE, cache_type,
ATTR_TYPE_STR, TLS_MGR_ATTR_CACHE_ID, cache_id,
ATTR_TYPE_END) == 2) {
for (ent = cache_table; ent->cache_label; ++ent)
if (strcmp(ent->cache_label, STR(cache_type)) == 0)
break;
if (ent->cache_label == 0) {
msg_warn("bogus cache type \"%s\" in \"%s\" request",
STR(cache_type), TLS_MGR_REQ_LOOKUP);
VSTRING_RESET(buffer);
} else if (ent->cache_info == 0) {
/*
* Cache type valid, but not enabled
*/
VSTRING_RESET(buffer);
} else {
status = tls_scache_lookup(ent->cache_info,
STR(cache_id), buffer) ?
TLS_MGR_STAT_OK : TLS_MGR_STAT_ERR;
}
}
attr_print(client_stream, ATTR_FLAG_NONE,
ATTR_TYPE_INT, MAIL_ATTR_STATUS, status,
ATTR_TYPE_DATA, TLS_MGR_ATTR_SESSION,
LEN(buffer), STR(buffer),
ATTR_TYPE_END);
}
/*
* Save session to cache.
*/
else if (STREQ(STR(request), TLS_MGR_REQ_UPDATE)) {
if (attr_scan(client_stream, ATTR_FLAG_STRICT,
ATTR_TYPE_STR, TLS_MGR_ATTR_CACHE_TYPE, cache_type,
ATTR_TYPE_STR, TLS_MGR_ATTR_CACHE_ID, cache_id,
ATTR_TYPE_DATA, TLS_MGR_ATTR_SESSION, buffer,
ATTR_TYPE_END) == 3) {
for (ent = cache_table; ent->cache_label; ++ent)
if (strcmp(ent->cache_label, STR(cache_type)) == 0)
break;
if (ent->cache_label == 0) {
msg_warn("bogus cache type \"%s\" in \"%s\" request",
STR(cache_type), TLS_MGR_REQ_UPDATE);
} else if (ent->cache_info != 0) {
status =
tls_scache_update(ent->cache_info, STR(cache_id),
STR(buffer), LEN(buffer)) ?
TLS_MGR_STAT_OK : TLS_MGR_STAT_ERR;
}
}
attr_print(client_stream, ATTR_FLAG_NONE,
ATTR_TYPE_INT, MAIL_ATTR_STATUS, status,
ATTR_TYPE_END);
}
/*
* Delete session from cache.
*/
else if (STREQ(STR(request), TLS_MGR_REQ_DELETE)) {
if (attr_scan(client_stream, ATTR_FLAG_STRICT,
ATTR_TYPE_STR, TLS_MGR_ATTR_CACHE_TYPE, cache_type,
ATTR_TYPE_STR, TLS_MGR_ATTR_CACHE_ID, cache_id,
ATTR_TYPE_END) == 2) {
for (ent = cache_table; ent->cache_label; ++ent)
if (strcmp(ent->cache_label, STR(cache_type)) == 0)
break;
if (ent->cache_label == 0) {
msg_warn("bogus cache type \"%s\" in \"%s\" request",
STR(cache_type), TLS_MGR_REQ_DELETE);
} else if (ent->cache_info != 0) {
status = tls_scache_delete(ent->cache_info,
STR(cache_id)) ?
TLS_MGR_STAT_OK : TLS_MGR_STAT_ERR;
}
}
attr_print(client_stream, ATTR_FLAG_NONE,
ATTR_TYPE_INT, MAIL_ATTR_STATUS, status,
ATTR_TYPE_END);
}
/*
* RFC 5077 TLS session ticket keys
*/
else if (STREQ(STR(request), TLS_MGR_REQ_TKTKEY)) {
if (attr_scan(client_stream, ATTR_FLAG_STRICT,
ATTR_TYPE_DATA, TLS_MGR_ATTR_KEYNAME, buffer,
ATTR_TYPE_END) == 1) {
if (LEN(buffer) != 0 && LEN(buffer) != TLS_TICKET_NAMELEN) {
msg_warn("invalid session ticket key name length: %ld",
(long) LEN(buffer));
VSTRING_RESET(buffer);
} else if (*smtpd_cache.cache_timeout <= 0) {
status = TLS_MGR_STAT_ERR;
VSTRING_RESET(buffer);
} else {
status = tlsmgr_key(buffer, *smtpd_cache.cache_timeout);
}
}
attr_print(client_stream, ATTR_FLAG_NONE,
ATTR_TYPE_INT, MAIL_ATTR_STATUS, status,
ATTR_TYPE_DATA, TLS_MGR_ATTR_KEYBUF,
LEN(buffer), STR(buffer),
ATTR_TYPE_END);
}
/*
* Entropy request.
*/
else if (STREQ(STR(request), TLS_MGR_REQ_SEED)) {
if (attr_scan(client_stream, ATTR_FLAG_STRICT,
ATTR_TYPE_INT, TLS_MGR_ATTR_SIZE, &len,
ATTR_TYPE_END) == 1) {
VSTRING_RESET(buffer);
if (len <= 0 || len > 255) {
msg_warn("bogus seed length \"%d\" in \"%s\" request",
len, TLS_MGR_REQ_SEED);
} else {
VSTRING_SPACE(buffer, len);
RAND_bytes((unsigned char *) STR(buffer), len);
VSTRING_AT_OFFSET(buffer, len); /* XXX not part of the
* official interface */
status = TLS_MGR_STAT_OK;
}
}
attr_print(client_stream, ATTR_FLAG_NONE,
ATTR_TYPE_INT, MAIL_ATTR_STATUS, status,
ATTR_TYPE_DATA, TLS_MGR_ATTR_SEED,
LEN(buffer), STR(buffer),
ATTR_TYPE_END);
}
/*
* Caching policy request.
*/
else if (STREQ(STR(request), TLS_MGR_REQ_POLICY)) {
int cachable = 0;
int timeout = 0;
if (attr_scan(client_stream, ATTR_FLAG_STRICT,
ATTR_TYPE_STR, TLS_MGR_ATTR_CACHE_TYPE, cache_type,
ATTR_TYPE_END) == 1) {
for (ent = cache_table; ent->cache_label; ++ent)
if (strcmp(ent->cache_label, STR(cache_type)) == 0)
break;
if (ent->cache_label == 0) {
msg_warn("bogus cache type \"%s\" in \"%s\" request",
STR(cache_type), TLS_MGR_REQ_POLICY);
} else {
cachable = (ent->cache_info != 0) ? 1 : 0;
timeout = *ent->cache_timeout;
status = TLS_MGR_STAT_OK;
}
}
attr_print(client_stream, ATTR_FLAG_NONE,
ATTR_TYPE_INT, MAIL_ATTR_STATUS, status,
ATTR_TYPE_INT, TLS_MGR_ATTR_CACHABLE, cachable,
ATTR_TYPE_INT, TLS_MGR_ATTR_SESSTOUT, timeout,
ATTR_TYPE_END);
}
/*
* Master trigger. Normally, these triggers arrive only after some
* other process requested the tlsmgr's service. The purpose is to
* restart the tlsmgr after it aborted due to a fatal run-time error,
* so that it can continue its housekeeping even while nothing is
* using TLS.
*
* XXX Which begs the question, if TLS isn't used often, do we need a
* tlsmgr background process? It could terminate when the session
* caches are empty.
*/
else if (STREQ(STR(request), wakeup)) {
if (msg_verbose)
msg_info("received master trigger");
multi_server_disconnect(client_stream);
return; /* NOT: vstream_fflush */
}
}
/*
* Protocol error.
*/
else {
attr_print(client_stream, ATTR_FLAG_NONE,
ATTR_TYPE_INT, MAIL_ATTR_STATUS, TLS_MGR_STAT_FAIL,
ATTR_TYPE_END);
}
vstream_fflush(client_stream);
}
