int tls_mgr_delete(const char *cache_type, const char *cache_id)
{
int status;
/*
* Create the tlsmgr client handle.
*/
if (tls_mgr == 0)
tls_mgr_open();
/*
* Send the request and receive the reply.
*/
if (attr_clnt_request(tls_mgr,
ATTR_FLAG_NONE, /* Request */
ATTR_TYPE_STR, TLS_MGR_ATTR_REQ, TLS_MGR_REQ_DELETE,
ATTR_TYPE_STR, TLS_MGR_ATTR_CACHE_TYPE, cache_type,
ATTR_TYPE_STR, TLS_MGR_ATTR_CACHE_ID, cache_id,
ATTR_TYPE_END,
ATTR_FLAG_MISSING, /* Reply */
ATTR_TYPE_INT, TLS_MGR_ATTR_STATUS, &status,
ATTR_TYPE_END) != 1)
status = TLS_MGR_STAT_FAIL;
return (status);
}
int tls_mgr_lookup(const char *cache_type, const char *cache_id,
VSTRING *buf)
{
int status;
/*
* Create the tlsmgr client handle.
*/
if (tls_mgr == 0)
tls_mgr_open();
/*
* Send the request and receive the reply.
*/
if (attr_clnt_request(tls_mgr,
ATTR_FLAG_NONE, /* Request */
ATTR_TYPE_STR, TLS_MGR_ATTR_REQ, TLS_MGR_REQ_LOOKUP,
ATTR_TYPE_STR, TLS_MGR_ATTR_CACHE_TYPE, cache_type,
ATTR_TYPE_STR, TLS_MGR_ATTR_CACHE_ID, cache_id,
ATTR_TYPE_END,
ATTR_FLAG_MISSING, /* Reply */
ATTR_TYPE_INT, TLS_MGR_ATTR_STATUS, &status,
ATTR_TYPE_DATA, TLS_MGR_ATTR_SESSION, buf,
ATTR_TYPE_END) != 2)
status = TLS_MGR_STAT_FAIL;
return (status);
}
int tls_mgr_policy(const char *cache_type, int *cachable, int *timeout)
{
int status;
/*
* Create the tlsmgr client handle.
*/
if (tls_mgr == 0)
tls_mgr_open();
/*
* Request policy.
*/
if (attr_clnt_request(tls_mgr,
ATTR_FLAG_NONE, /* Request attributes */
ATTR_TYPE_STR, TLS_MGR_ATTR_REQ, TLS_MGR_REQ_POLICY,
ATTR_TYPE_STR, TLS_MGR_ATTR_CACHE_TYPE, cache_type,
ATTR_TYPE_END,
ATTR_FLAG_MISSING, /* Reply attributes */
ATTR_TYPE_INT, TLS_MGR_ATTR_STATUS, &status,
ATTR_TYPE_INT, TLS_MGR_ATTR_CACHABLE, cachable,
ATTR_TYPE_INT, TLS_MGR_ATTR_SESSTOUT, timeout,
ATTR_TYPE_END) != 3)
status = TLS_MGR_STAT_FAIL;
return (status);
}
int tls_mgr_seed(VSTRING *buf, int len)
{
int status;
/*
* Create the tlsmgr client handle.
*/
if (tls_mgr == 0)
tls_mgr_open();
/*
* Request seed.
*/
if (attr_clnt_request(tls_mgr,
ATTR_FLAG_NONE, /* Request attributes */
ATTR_TYPE_STR, TLS_MGR_ATTR_REQ, TLS_MGR_REQ_SEED,
ATTR_TYPE_INT, TLS_MGR_ATTR_SIZE, len,
ATTR_TYPE_END,
ATTR_FLAG_MISSING, /* Reply attributes */
ATTR_TYPE_INT, TLS_MGR_ATTR_STATUS, &status,
ATTR_TYPE_DATA, TLS_MGR_ATTR_SEED, buf,
ATTR_TYPE_END) != 2)
status = TLS_MGR_STAT_FAIL;
return (status);
}
int tls_mgr_update(const char *cache_type, const char *cache_id,
const char *buf, ssize_t len)
{
int status;
/*
* Create the tlsmgr client handle.
*/
if (tls_mgr == 0)
tls_mgr_open();
/*
* Send the request and receive the reply.
*/
if (attr_clnt_request(tls_mgr,
ATTR_FLAG_NONE, /* Request */
SEND_ATTR_STR(TLS_MGR_ATTR_REQ, TLS_MGR_REQ_UPDATE),
SEND_ATTR_STR(TLS_MGR_ATTR_CACHE_TYPE, cache_type),
SEND_ATTR_STR(TLS_MGR_ATTR_CACHE_ID, cache_id),
SEND_ATTR_DATA(TLS_MGR_ATTR_SESSION, len, buf),
ATTR_TYPE_END,
ATTR_FLAG_MISSING, /* Reply */
RECV_ATTR_INT(TLS_MGR_ATTR_STATUS, &status),
ATTR_TYPE_END) != 1)
status = TLS_MGR_STAT_FAIL;
return (status);
}
static TLS_TICKET_KEY *request_scache_key(unsigned char *keyname)
{
TLS_TICKET_KEY tmp;
static VSTRING *keybuf;
char *name;
size_t len;
int status;
/*
* Create the tlsmgr client handle.
*/
if (tls_mgr == 0)
tls_mgr_open();
if (keybuf == 0)
keybuf = vstring_alloc(sizeof(tmp));
/* In tlsmgr requests we encode null key names as empty strings. */
name = keyname ? (char *) keyname : "";
len = keyname ? TLS_TICKET_NAMELEN : 0;
/*
* Send the request and receive the reply.
*/
if (attr_clnt_request(tls_mgr,
ATTR_FLAG_NONE, /* Request */
ATTR_TYPE_STR, TLS_MGR_ATTR_REQ, TLS_MGR_REQ_TKTKEY,
ATTR_TYPE_DATA, TLS_MGR_ATTR_KEYNAME, len, name,
ATTR_TYPE_END,
ATTR_FLAG_MISSING, /* Reply */
ATTR_TYPE_INT, TLS_MGR_ATTR_STATUS, &status,
ATTR_TYPE_DATA, TLS_MGR_ATTR_KEYBUF, keybuf,
ATTR_TYPE_END) != 2
|| status != TLS_MGR_STAT_OK
|| LEN(keybuf) != sizeof(tmp))
return (0);
memcpy((char *) &tmp, STR(keybuf), sizeof(tmp));
return (tls_scache_key_rotate(&tmp));
}
int main(int unused_ac, char **av)
{
ACL_VSTRING *inbuf = acl_vstring_alloc(10);
int status;
ARGV *argv = 0;
ACL_EVENT *eventp = acl_event_new_select(1, 0);
acl_msg_verbose = 3;
mail_conf_read();
acl_msg_info("using config files in %s", var_config_dir);
if (chdir(var_queue_dir) < 0)
acl_msg_fatal("chdir %s: %s", var_queue_dir, acl_last_serror());
tls_mgr_open(eventp);
while (acl_vstring_fgets_nonl(inbuf, ACL_VSTREAM_IN)) {
argv = argv_split(STR(inbuf), " \t\r\n");
if (argv->argc == 0) {
argv_free(argv);
continue;
}
#define COMMAND(argv, str, len) \
(strcasecmp(argv->argv[0], str) == 0 && argv->argc == len)
if (COMMAND(argv, "policy", 2)) {
int cachable;
status = tls_mgr_policy(argv->argv[1], &cachable);
acl_vstream_printf("status=%d cachable=%d\n", status, cachable);
} else if (COMMAND(argv, "seed", 2)) {
ACL_VSTRING *buf = acl_vstring_alloc(10);
ACL_VSTRING *hex = acl_vstring_alloc(10);
int len = atoi(argv->argv[1]);
status = tls_mgr_seed(buf, len);
hex_encode(hex, STR(buf), LEN(buf));
acl_vstream_printf("status=%d seed=%s\n", status, STR(hex));
acl_vstring_free(hex);
acl_vstring_free(buf);
} else if (COMMAND(argv, "lookup", 3)) {
ACL_VSTRING *buf = acl_vstring_alloc(10);
status = tls_mgr_lookup(argv->argv[1], argv->argv[2], buf);
acl_vstream_printf("status=%d session=%.*s\n",
status, LEN(buf), STR(buf));
acl_vstring_free(buf);
} else if (COMMAND(argv, "update", 4)) {
status = tls_mgr_update(argv->argv[1], argv->argv[2],
argv->argv[3], strlen(argv->argv[3]));
acl_vstream_printf("status=%d\n", status);
} else if (COMMAND(argv, "delete", 3)) {
status = tls_mgr_delete(argv->argv[1], argv->argv[2]);
acl_vstream_printf("status=%d\n", status);
} else {
acl_vstream_printf("usage:\n"
"seed byte_count\n"
"policy smtpd|smtp|lmtp\n"
"lookup smtpd|smtp|lmtp cache_id\n"
"update smtpd|smtp|lmtp cache_id session\n"
"delete smtpd|smtp|lmtp cache_id\n");
}
acl_vstream_fflush(ACL_VSTREAM_OUT);
argv_free(argv);
}
acl_vstring_free(inbuf);
acl_event_free(eventp);
return (0);
}
