use IO::Handle; # ->autoflush
use IO::Socket;
use File::Spec;
-use POSIX qw(WNOHANG :signal_h);
+use POSIX qw(WNOHANG :signal_h F_SETFD);
use Socket qw(IPPROTO_TCP SOL_SOCKET);
STDOUT->autoflush(1);
STDERR->autoflush(1);
$tlsd->{$f} = $logs{$p} //= open_log_path(my $fh, $p);
warn "# $scheme://$addr $f=$p\n";
}
+ my $err = $tlsd->{err};
+ $tlsd->{warn_cb} = sub { print $err @_ }; # for local $SIG{__WARN__}
\%xn;
}
die "--pid-file cannot end with '.oldbin'\n";
}
@listeners = inherit($listener_names);
-
- # allow socket-activation users to set certs once and not
- # have to configure each socket:
- my @inherited_names = keys(%$listener_names) if defined($default_cert);
+ my @inherited_names = keys(%$listener_names);
# ignore daemonize when inheriting
$daemonize = undef if scalar @listeners;
$default_listen // die "no listeners specified\n";
push @cfg_listen, $default_listen
}
-
+ my ($default_scheme) = (($default_listen // '') =~ m!\A([^:]+)://!);
foreach my $l (@cfg_listen) {
my $orig = $l;
- my $scheme = '';
- my $port;
- if ($l =~ s!\A([^:]+)://!!) { $scheme = $1 }
+ my ($scheme, $port, $opt);
+ $l =~ s!\A([a-z0-9]+)://!! and $scheme = $1;
+ $scheme //= $default_scheme;
if ($l =~ /\A(?:\[[^\]]+\]|[^:]+):([0-9]+)/) {
$port = $1 + 0;
- my $s = $KNOWN_TLS{$port} // $KNOWN_STARTTLS{$port};
- $scheme //= $s if defined $s;
- } elsif (index($l, '/') != 0) { # unix socket
- $port //= $SCHEME2PORT{$scheme} if $scheme;
- $port // die "no port in listen=$l\n";
+ $scheme //= $KNOWN_TLS{$port} // $KNOWN_STARTTLS{$port};
+ }
+ $scheme // die "unable to determine URL scheme of $orig\n";
+ if (!defined($port) && index($l, '/') != 0) { # AF_UNIX socket
+ $port = $SCHEME2PORT{$scheme} //
+ die "no port in listen=$orig\n";
$l =~ s!\A([^/]+)!$1:$port! or
die "unable to add port=$port to $l\n";
}
- my $opt; # non-TLS options
+ $l =~ s!/\z!!; # chop one trailing slash
if ($l =~ s!/?\?(.+)\z!!) {
$opt = listener_opt($1);
$tls_opt{"$scheme://$l"} = accept_tls_opt($opt);
} elsif ($scheme =~ /\A(?:https|imaps|nntps|pop3s)\z/) {
die "$orig specified w/o cert=\n";
}
- $scheme =~ /\A(?:http|imap|nntp|pop3)/ and
+ if ($listener_names->{$l}) { # already inherited
$xnetd->{$l} = load_mod($scheme, $opt, $l);
-
- next if $listener_names->{$l}; # already inherited
+ next;
+ }
my (%o, $sock_pkg);
if (index($l, '/') == 0) {
$sock_pkg = 'IO::Socket::UNIX';
}
$o{Listen} = 1024;
my $prev = umask 0000;
- my $s = eval { $sock_pkg->new(%o) };
- warn "error binding $l: $! ($@)\n" unless $s;
+ my $s = eval { $sock_pkg->new(%o) } or
+ warn "error binding $l: $! ($@)\n";
umask $prev;
- if ($s) {
- $s->blocking(0);
- my $k = sockname($s);
- warn "# bound $scheme://$k\n";
- $listener_names->{$k} = $s;
- push @listeners, $s;
- }
+ $s // next;
+ $s->blocking(0);
+ my $sockname = sockname($s);
+ warn "# bound $scheme://$sockname\n";
+ $xnetd->{$sockname} //= load_mod($scheme);
+ $listener_names->{$sockname} = $s;
+ push @listeners, $s;
}
# cert/key options in @cfg_listen takes precedence when inheriting,
# but map well-known inherited ports if --listen isn't specified
- # at all
- for my $sockname (@inherited_names) {
- $sockname =~ /:([0-9]+)\z/ or next;
- if (my $scheme = $KNOWN_TLS{$1}) {
- $xnetd->{$sockname} //= load_mod($scheme);
- $tls_opt{"$scheme://$sockname"} ||= accept_tls_opt('');
- } elsif (($scheme = $KNOWN_STARTTLS{$1})) {
- $xnetd->{$sockname} //= load_mod($scheme);
- $tls_opt{"$scheme://$sockname"} ||= accept_tls_opt('');
- $tls_opt{''} ||= accept_tls_opt('');
+ # at all. This allows socket-activation users to set certs once
+ # and not have to configure each socket:
+ if (defined $default_cert) {
+ my ($stls) = (($default_scheme // '') =~ /\A(pop3|nntp|imap)/);
+ for my $x (@inherited_names) {
+ $x =~ /:([0-9]+)\z/ or next; # no TLS for AF_UNIX
+ if (my $scheme = $KNOWN_TLS{$1}) {
+ $xnetd->{$x} //= load_mod($scheme);
+ $tls_opt{"$scheme://$x"} ||= accept_tls_opt('');
+ } elsif (($scheme = $KNOWN_STARTTLS{$1})) {
+ $xnetd->{$x} //= load_mod($scheme);
+ $tls_opt{"$scheme://$x"} ||= accept_tls_opt('');
+ } elsif (defined $stls) {
+ $tls_opt{"$stls://$x"} ||= accept_tls_opt('');
+ }
+ }
+ }
+ if (defined $default_scheme) {
+ for my $x (@inherited_names) {
+ $xnetd->{$x} //= load_mod($default_scheme);
}
}
- my @d;
- while (my ($k, $v) = each %tls_opt) { push(@d, $k) if !defined($v) }
- delete @tls_opt{@d};
die "No listeners bound\n" unless @listeners;
}
return;
}
if ($pid == 0) {
- use Fcntl qw(FD_CLOEXEC F_SETFD F_GETFD);
$ENV{LISTEN_FDS} = scalar @listeners;
$ENV{LISTEN_PID} = $$;
foreach my $s (@listeners) {
# @listeners are globs with workers, PI::L w/o workers
$s = $s->{sock} if ref($s) eq 'PublicInbox::Listener';
-
- my $fl = fcntl($s, F_GETFD, 0);
- fcntl($s, F_SETFD, $fl &= ~FD_CLOEXEC);
+ fcntl($s, F_SETFD, 0) // die "F_SETFD: $!";
}
exec @CMD;
die "Failed to exec: $!\n";
};
my %post_accept;
while (my ($k, $ctx_opt) = each %tls_opt) {
- my $l = $k;
- $l =~ s!\A([^:]+)://!!;
- my $scheme = $1 // '';
- my $xn = $xnetd->{$l} // $xnetd->{''};
+ $ctx_opt // next;
+ my ($scheme, $l) = split(m!://!, $k, 2);
+ my $xn = $xnetd->{$l} // die "BUG: no xnetd for $k";
$xn->{tlsd}->{ssl_ctx_opt} //= $ctx_opt;
$scheme =~ m!\A(?:https|imaps|nntps|pop3s)! and
$post_accept{$l} = tls_cb(@$xn{qw(post_accept tlsd)});
}
+ undef %tls_opt;
my $sig = {
HUP => $refresh,
INT => \&worker_quit,
if ($worker_processes > 0) {
$refresh->(); # preload by default
my $fh = master_loop(); # returns if in child process
- PublicInbox::EOFpipe->new($fh, \&worker_quit, undef);
+ PublicInbox::EOFpipe->new($fh, \&worker_quit);
} else {
reopen_logs();
$set_user->() if $set_user;
@listeners = map {;
my $l = sockname($_);
my $tls_cb = $post_accept{$l};
- my $xn = $xnetd->{$l} // $xnetd->{''};
+ my $xn = $xnetd->{$l} // die "BUG: no xnetd for $l";
# NNTPS, HTTPS, HTTP, IMAPS and POP3S are client-first traffic
# IMAP, NNTP and POP3 are server-first
sub run {
my ($default_listen) = @_;
- my $xnetd = {};
- if ($default_listen) {
- $default_listen =~ /\A(http|imap|nntp|pop3)/ or
- die "BUG: $default_listen";
- $xnetd->{''} = load_mod($1);
- }
- daemon_prepare($default_listen, $xnetd);
+ daemon_prepare($default_listen, my $xnetd = {});
my $for_destroy = daemonize();
# localize GCF2C for tests: