From ab61e5ff8fdbddafb2a05a3b7a427135701960d6 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sun, 27 Jun 2021 18:58:44 +0100 Subject: [PATCH] TLS: track changing fd of file-watcher when creds are releaded. Broken-by: 5fd673807d --- src/src/daemon.c | 9 ++++++++- src/src/functions.h | 2 +- src/src/tls.c | 14 ++++++++++++-- 3 files changed, 21 insertions(+), 4 deletions(-) diff --git a/src/src/daemon.c b/src/src/daemon.c index b088e3491..a4b1e2685 100644 --- a/src/src/daemon.c +++ b/src/src/daemon.c @@ -2462,7 +2462,14 @@ for (;;) #ifndef DISABLE_TLS /* Create or rotate any required keys; handle (delayed) filewatch event */ - tls_daemon_tick(); + for (int old_tfd = tls_daemon_tick(); old_tfd >= 0; ) + { + FD_CLR(old_tfd, &select_listen); + if (old_tfd == listen_fd_max - 1) listen_fd_max = old_tfd; + if (tls_watch_fd >= 0) + add_listener_socket(tls_watch_fd, &select_listen, &listen_fd_max); + break; + } #endif errno = select_errno; } diff --git a/src/src/functions.h b/src/src/functions.h index 6029ab4b1..e34972170 100644 --- a/src/src/functions.h +++ b/src/src/functions.h @@ -58,7 +58,7 @@ extern void tls_client_creds_reload(BOOL); extern void tls_close(void *, int); extern BOOL tls_could_read(void); extern void tls_daemon_init(void); -extern void tls_daemon_tick(void); +extern int tls_daemon_tick(void); extern BOOL tls_dropprivs_validate_require_cipher(BOOL); extern BOOL tls_export_cert(uschar *, size_t, void *); extern int tls_feof(void); diff --git a/src/src/tls.c b/src/src/tls.c index 3de417eca..0df99845c 100644 --- a/src/src/tls.c +++ b/src/src/tls.c @@ -359,11 +359,18 @@ opt_unset_or_noexpand(const uschar * opt) -/* Called every time round the daemon loop */ +/* Called every time round the daemon loop. -void +If we reloaded fd-watcher, return the old watch fd +having modified the global for the new one. Otherwise +return -1. +*/ + +int tls_daemon_tick(void) { +int old_watch_fd = tls_watch_fd; + tls_per_lib_daemon_tick(); #if defined(EXIM_HAVE_INOTIFY) || defined(EXIM_HAVE_KEVENT) if (tls_creds_expire && time(NULL) >= tls_creds_expire) @@ -375,6 +382,7 @@ if (tls_creds_expire && time(NULL) >= tls_creds_expire) DEBUG(D_tls) debug_printf("selfsign cert rotate\n"); tls_creds_expire = 0; tls_daemon_creds_reload(); + return old_watch_fd; } else if (tls_watch_trigger_time && time(NULL) >= tls_watch_trigger_time + 5) { @@ -386,8 +394,10 @@ else if (tls_watch_trigger_time && time(NULL) >= tls_watch_trigger_time + 5) DEBUG(D_tls) debug_printf("watch triggered\n"); tls_watch_trigger_time = tls_creds_expire = 0; tls_daemon_creds_reload(); + return old_watch_fd; } #endif +return -1; } /* Called once at daemon startup */ -- 2.30.2