diff options
| author | Omar Polo <op@omarpolo.com> | 2023-06-11 11:03:59 +0000 |
|---|---|---|
| committer | Omar Polo <op@omarpolo.com> | 2023-06-11 11:03:59 +0000 |
| commit | 86693a33abd5e8c31530adb3045c9f4664d4d6c9 (patch) | |
| tree | 3ef25d39266c92a62ece902799cc23b76812e0d0 /gmid.c | |
| parent | f81a97b3569478a36e5cbe95229efd1b831b7a7b (diff) | |
add a privsep crypto engine
Incorporate the OpenSMTPD' privsep crypto engine. The idea behind
it is to never load the certificate' private keys in a networked
process, instead they are loaded in a separate process (the `crypto'
one) which signs payloads on the behalf of the server processes.
This way, we greatly reduce the risk of leaking the certificate'
private key should the server process be compromised.
This currently compiles only on LibreSSL (portable fix is in the
way).
Diffstat (limited to 'gmid.c')
| -rw-r--r-- | gmid.c | 25 |
1 files changed, 24 insertions, 1 deletions
@@ -42,12 +42,14 @@ static void main_configure_done(struct conf *); static void main_reload(struct conf *); static void main_sig_handler(int, short, void *); static int main_dispatch_server(int, struct privsep_proc *, struct imsg *); +static int main_dispatch_crypto(int, struct privsep_proc *, struct imsg *); static int main_dispatch_logger(int, struct privsep_proc *, struct imsg *); static void __dead main_shutdown(struct conf *); static void main_print_conf(struct conf *); static struct privsep_proc procs[] = { { "server", PROC_SERVER, main_dispatch_server, server }, + { "crypto", PROC_CRYPTO, main_dispatch_crypto, crypto }, { "logger", PROC_LOGGER, main_dispatch_logger, logger }, }; @@ -328,16 +330,20 @@ main_configure(struct conf *conf) { struct privsep *ps = conf->ps; - conf->reload = conf->prefork; + conf->reload = conf->prefork + 1; /* servers, crypto */ if (proc_compose(ps, PROC_SERVER, IMSG_RECONF_START, NULL, 0) == -1) return -1; + if (proc_compose(ps, PROC_CRYPTO, IMSG_RECONF_START, NULL, 0) == -1) + return -1; if (config_send(conf) == -1) return -1; if (proc_compose(ps, PROC_SERVER, IMSG_RECONF_END, NULL, 0) == -1) return -1; + if (proc_compose(ps, PROC_CRYPTO, IMSG_RECONF_END, NULL, 0) == -1) + return -1; return 0; } @@ -421,6 +427,23 @@ main_dispatch_server(int fd, struct privsep_proc *p, struct imsg *imsg) } static int +main_dispatch_crypto(int fd, struct privsep_proc *p, struct imsg *imsg) +{ + struct privsep *ps = p->p_ps; + struct conf *conf = ps->ps_env; + + switch (imsg->hdr.type) { + case IMSG_RECONF_DONE: + main_configure_done(conf); + break; + default: + return -1; + } + + return 0; +} + +static int main_dispatch_logger(int fd, struct privsep_proc *p, struct imsg *imsg) { struct privsep *ps = p->p_ps; |