{
int pid;
+#if !defined(DISABLE_TLS) && (defined(EXIM_HAVE_INOTIFY) || defined(EXIM_HAVE_KEVENT))
+tls_watch_invalidate();
+#endif
+
if (daemon_notifier_fd >= 0)
{
close(daemon_notifier_fd);
struct sockaddr_un sa_un = {.sun_family = AF_UNIX};
int len;
+if (!notifier_socket || !*notifier_socket)
+ {
+ DEBUG(D_any) debug_printf("-oY used so not creating notifier socket\n");
+ return;
+ }
if (override_local_interfaces && !override_pid_file_path)
{
DEBUG(D_any)
list = tls_in.on_connect_ports;
sep = 0;
+ /* the list isn't expanded so cannot be tainted. If it ever is we will trap here */
while ((s = string_nextinlist(&list, &sep, big_buffer, big_buffer_size)))
if (!isdigit(*s))
{
#ifdef SUPPORT_SPF
spf_init();
#endif
+#ifndef DISABLE_TLS
+tls_daemon_init();
+#endif
/* Close the log so it can be renamed and moved. In the few cases below where
this long-running process writes to the log (always exceptional conditions), it
if (f.daemon_listen)
{
- int lcount, select_errno;
+ int lcount;
int max_socket = 0;
BOOL select_failed = FALSE;
fd_set select_listen;
FD_ZERO(&select_listen);
+#ifndef DISABLE_TLS
+ if (tls_watch_fd >= 0)
+ {
+ FD_SET(tls_watch_fd, &select_listen);
+ if (tls_watch_fd > max_socket) max_socket = tls_watch_fd;
+ }
+#endif
if (daemon_notifier_fd >= 0)
+ {
FD_SET(daemon_notifier_fd, &select_listen);
+ if (daemon_notifier_fd > max_socket) max_socket = daemon_notifier_fd;
+ }
for (int sk = 0; sk < listen_socket_count; sk++)
{
FD_SET(listen_sockets[sk], &select_listen);
old one had just finished. Preserve the errno from any select() failure for
the use of the common select/accept error processing below. */
- select_errno = errno;
- handle_ending_processes();
- errno = select_errno;
+ {
+ int select_errno = errno;
+ handle_ending_processes();
#ifndef DISABLE_TLS
- /* Create or rotate any required keys */
- tls_daemon_init();
+ /* Create or rotate any required keys; handle (delayed) filewatch event */
+ tls_daemon_tick();
#endif
+ errno = select_errno;
+ }
/* Loop for all the sockets that are currently ready to go. If select
actually failed, we have set the count to 1 and select_failed=TRUE, so as
if (!select_failed)
{
+#if !defined(DISABLE_TLS) && (defined(EXIM_HAVE_INOTIFY) || defined(EXIM_HAVE_KEVENT))
+ if (tls_watch_fd >= 0 && FD_ISSET(tls_watch_fd, &select_listen))
+ {
+ FD_CLR(tls_watch_fd, &select_listen);
+ tls_watch_trigger_time = time(NULL); /* Set up delayed event */
+ tls_watch_discard_event(tls_watch_fd);
+ break; /* to top of daemon loop */
+ }
+#endif
if ( daemon_notifier_fd >= 0
&& FD_ISSET(daemon_notifier_fd, &select_listen))
{
accept_retry_errno = errno;
accept_retry_select_failed = select_failed;
}
- else
- {
- if (errno != accept_retry_errno ||
- select_failed != accept_retry_select_failed ||
- accept_retry_count >= 50)
+ else if ( errno != accept_retry_errno
+ || select_failed != accept_retry_select_failed
+ || accept_retry_count >= 50)
{
- log_write(0, LOG_MAIN | ((accept_retry_count >= 50)? LOG_PANIC : 0),
+ log_write(0, LOG_MAIN | (accept_retry_count >= 50 ? LOG_PANIC : 0),
"%d %s() failure%s: %s",
accept_retry_count,
- accept_retry_select_failed? "select" : "accept",
- (accept_retry_count == 1)? "" : "s",
+ accept_retry_select_failed ? "select" : "accept",
+ accept_retry_count == 1 ? "" : "s",
strerror(accept_retry_errno));
log_close_all();
accept_retry_count = 0;
accept_retry_errno = errno;
accept_retry_select_failed = select_failed;
}
- }
accept_retry_count++;
}
-
- else
- {
- if (accept_retry_count > 0)
- {
- log_write(0, LOG_MAIN, "%d %s() failure%s: %s",
- accept_retry_count,
- accept_retry_select_failed? "select" : "accept",
- (accept_retry_count == 1)? "" : "s",
- strerror(accept_retry_errno));
- log_close_all();
- accept_retry_count = 0;
- }
- }
+ else if (accept_retry_count > 0)
+ {
+ log_write(0, LOG_MAIN, "%d %s() failure%s: %s",
+ accept_retry_count,
+ accept_retry_select_failed ? "select" : "accept",
+ accept_retry_count == 1 ? "" : "s",
+ strerror(accept_retry_errno));
+ log_close_all();
+ accept_retry_count = 0;
+ }
/* If select/accept succeeded, deal with the connection. */