# HG changeset patch
# User Timo Sirainen <tss@iki.fi>
# Date 1139162415 -7200
# Node ID e93e39326ae1616bb8d02cb8f28f221ba671c2a6
# Parent  ab1a0a37785172361873e876ce41a7199e6dfb82
Added ssl-build-param binary to build the ssl-parameters.dat. This way
dovecot master binary doesn't anymore need to be linked with SSL libraries,
and the process title is also clearer.

diff -r ab1a0a377851 -r e93e39326ae1 src/master/.cvsignore
--- a/src/master/.cvsignore	Sun Feb 05 16:14:12 2006 +0200
+++ b/src/master/.cvsignore	Sun Feb 05 20:00:15 2006 +0200
@@ -7,3 +7,4 @@
 Makefile.in
 so_locations
 dovecot
+ssl-build-param
diff -r ab1a0a377851 -r e93e39326ae1 src/master/Makefile.am
--- a/src/master/Makefile.am	Sun Feb 05 16:14:12 2006 +0200
+++ b/src/master/Makefile.am	Sun Feb 05 20:00:15 2006 +0200
@@ -1,6 +1,7 @@
 pkglibexecdir = $(libexecdir)/dovecot
 
 sbin_PROGRAMS = dovecot
+pkglibexec_PROGRAMS = ssl-build-param
 
 AM_CPPFLAGS = \
 	-I$(top_srcdir)/src/lib \
@@ -13,8 +14,7 @@
 
 dovecot_LDADD = \
 	../lib-settings/libsettings.a \
-	../lib/liblib.a \
-	$(SSL_LIBS)
+	../lib/liblib.a
 
 dovecot_SOURCES = \
 	auth-process.c \
@@ -26,9 +26,7 @@
 	main.c \
 	master-settings.c \
 	syslog-util.c \
-	ssl-init.c \
-	ssl-init-gnutls.c \
-	ssl-init-openssl.c
+	ssl-init.c
 
 noinst_HEADERS = \
 	auth-process.h \
@@ -42,3 +40,13 @@
 	master-settings.h \
 	syslog-util.h \
 	ssl-init.h
+
+ssl_build_param_SOURCES = \
+	ssl-init-main.c \
+	ssl-init-openssl.c \
+	ssl-init-gnutls.c
+
+ssl_build_param_LDADD = \
+	../lib/liblib.a \
+	$(SSL_LIBS)
+
diff -r ab1a0a377851 -r e93e39326ae1 src/master/common.h
--- a/src/master/common.h	Sun Feb 05 16:14:12 2006 +0200
+++ b/src/master/common.h	Sun Feb 05 20:00:15 2006 +0200
@@ -24,6 +24,7 @@
 extern struct hash_table *pids;
 extern int null_fd, inetd_login_fd;
 extern uid_t master_uid;
+extern char program_path[];
 extern const char *process_names[];
 extern char ssl_manual_key_password[];
 
diff -r ab1a0a377851 -r e93e39326ae1 src/master/main.c
--- a/src/master/main.c	Sun Feb 05 16:14:12 2006 +0200
+++ b/src/master/main.c	Sun Feb 05 20:00:15 2006 +0200
@@ -32,7 +32,7 @@
 	"login",
 	"imap",
 	"pop3",
-	"ssl-param",
+	"ssl-build-param",
 	"dict"
 };
 
@@ -44,6 +44,7 @@
 struct hash_table *pids;
 int null_fd, inetd_login_fd;
 uid_t master_uid;
+char program_path[PATH_MAX];
 char ssl_manual_key_password[100];
 #ifdef DEBUG
 static bool gdb;
@@ -604,7 +605,7 @@
 static void print_help(void)
 {
 	printf(
-"Usage: dovecot [-F] [-c <config file>] [-p] [--build-ssl-parameters]\n"
+"Usage: dovecot [-F] [-c <config file>] [-p]\n"
 "       [--exec-mail <protocol>] [--version] [--build-options]\n");
 }
 
@@ -704,7 +705,7 @@
 {
 	/* parse arguments */
 	const char *exec_protocol = NULL, *exec_section = NULL, *user, *home;
-	bool foreground = FALSE, ask_key_pass = FALSE, build_parameters = FALSE;
+	bool foreground = FALSE, ask_key_pass = FALSE;
 	int i;
 
 #ifdef DEBUG
@@ -734,8 +735,6 @@
 			exec_protocol = argv[i];
 			if (i+1 != argc) 
 				exec_section = argv[++i];
-		} else if (strcmp(argv[i], "--build-ssl-parameters") == 0) {
-			build_parameters = TRUE;
 		} else if (strcmp(argv[i], "--version") == 0) {
 			printf("%s\n", VERSION);
 			return 0;
@@ -775,10 +774,6 @@
 			sizeof(ssl_manual_key_password));
 		t_pop();
 	}
-	if (build_parameters) {
-		ssl_check_parameters_file(TRUE);
-		exit(0);
-	}
 
 	/* save TZ environment. AIX depends on it to get the timezone
 	   correctly. */
diff -r ab1a0a377851 -r e93e39326ae1 src/master/ssl-init-main.c
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/master/ssl-init-main.c	Sun Feb 05 20:00:15 2006 +0200
@@ -0,0 +1,56 @@
+/* Copyright (C) 2006 Timo Sirainen */
+
+#include "lib.h"
+#include "lib-signals.h"
+#include "randgen.h"
+#include "ssl-init.h"
+
+#include <stdio.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <sys/stat.h>
+
+static void generate_parameters_file(const char *fname)
+{
+	const char *temp_fname;
+	mode_t old_mask;
+	int fd;
+
+	temp_fname = t_strconcat(fname, ".tmp", NULL);
+	(void)unlink(temp_fname);
+
+	old_mask = umask(0);
+	fd = open(temp_fname, O_WRONLY | O_CREAT | O_EXCL, 0644);
+	umask(old_mask);
+
+	if (fd == -1) {
+		i_fatal("Can't create temporary SSL parameters file %s: %m",
+			temp_fname);
+	}
+
+	_ssl_generate_parameters(fd, temp_fname);
+
+	if (close(fd) < 0)
+		i_fatal("close(%s) failed: %m", temp_fname);
+
+	if (rename(temp_fname, fname) < 0)
+		i_fatal("rename(%s, %s) failed: %m", temp_fname, fname);
+
+	i_info("SSL parameters regeneration completed");
+}
+
+int main(int argc, char *argv[])
+{
+	lib_init();
+	i_set_failure_internal();
+
+	if (argc < 2)
+		i_fatal("Usage: ssl-build-param <path>");
+
+	random_init();
+	generate_parameters_file(argv[1]);
+
+	random_deinit();
+	lib_deinit();
+	return 0;
+}
diff -r ab1a0a377851 -r e93e39326ae1 src/master/ssl-init.c
--- a/src/master/ssl-init.c	Sun Feb 05 16:14:12 2006 +0200
+++ b/src/master/ssl-init.c	Sun Feb 05 20:00:15 2006 +0200
@@ -2,6 +2,8 @@
 
 #include "common.h"
 #include "ioloop.h"
+#include "env-util.h"
+#include "log.h"
 #include "ssl-init.h"
 
 #ifdef HAVE_SSL
@@ -15,54 +17,41 @@
 static struct timeout *to;
 static bool generating;
 
-static void generate_parameters_file(const char *fname)
-{
-	const char *temp_fname;
-	mode_t old_mask;
-	int fd;
-
-	temp_fname = t_strconcat(fname, ".tmp", NULL);
-	(void)unlink(temp_fname);
-
-	old_mask = umask(0);
-	fd = open(temp_fname, O_WRONLY | O_CREAT | O_EXCL, 0644);
-	umask(old_mask);
-
-	if (fd == -1) {
-		i_fatal("Can't create temporary SSL parameters file %s: %m",
-			temp_fname);
-	}
-
-	_ssl_generate_parameters(fd, temp_fname);
-
-	if (close(fd) < 0)
-		i_fatal("close(%s) failed: %m", temp_fname);
-
-	if (rename(temp_fname, fname) < 0)
-		i_fatal("rename(%s, %s) failed: %m", temp_fname, fname);
-
-	i_info("SSL parameters regeneration completed");
-}
-
 static void start_generate_process(const char *fname)
 {
+	const char *binpath = PKG_LIBEXECDIR"/ssl-build-param";
+	struct log_io *log;
 	pid_t pid;
+	int log_fd;
 
-	pid = fork();
-	if (pid < 0) {
-		i_error("fork() failed: %m");
+	log_fd = log_create_pipe(&log, 10);
+	if (log_fd == -1)
+		pid = -1;
+	else {
+		pid = fork();
+		if (pid < 0)
+			i_error("fork() failed: %m");
+	}
+	if (pid == -1) {
+		(void)close(log_fd);
 		return;
 	}
 
-	if (pid == 0) {
-		/* child */
-		generate_parameters_file(fname);
-		exit(0);
-	} else {
+	log_set_prefix(log, "ssl-build-param: ");
+	if (pid != 0) {
 		/* parent */
 		generating = TRUE;
 		PID_ADD_PROCESS_TYPE(pid, PROCESS_TYPE_SSL_PARAM);
+		return;
 	}
+
+	/* child. */
+	if (dup2(log_fd, 2) < 0)
+		i_fatal("dup2(stderr) failed: %m");
+
+	child_process_init_env();
+	client_process_exec(t_strconcat(binpath, " ", fname, NULL), "");
+	i_fatal_status(FATAL_EXEC, "execv(%s) failed: %m", binpath);
 }
 
 void ssl_parameter_process_destroyed(pid_t pid __attr_unused__)
@@ -70,7 +59,7 @@
 	generating = FALSE;
 }
 
-static bool check_parameters_file_set(struct settings *set, bool foreground)
+static bool check_parameters_file_set(struct settings *set)
 {
 	const char *path;
 	struct stat st;
@@ -100,27 +89,19 @@
 		(st.st_mtime + (time_t)(set->ssl_parameters_regenerate*3600));
 	if (regen_time < ioloop_time || st.st_size == 0 ||
 	    st.st_uid != master_uid) {
-		if (foreground) {
-			i_info("Generating Diffie-Hellman parameters. "
-			       "This may take a while..");
-			generate_parameters_file(path);
-		} else {
-			if (st.st_mtime == 0) {
-				i_info("Generating Diffie-Hellman parameters "
-				       "for the first time. This may take "
-				       "a while..");
-			}
-			start_generate_process(path);
+		if (st.st_mtime == 0) {
+			i_info("Generating Diffie-Hellman parameters "
+			       "for the first time. This may take "
+			       "a while..");
 		}
+		start_generate_process(path);
 		return FALSE;
-	} else if (foreground) {
-		i_info("Diffie-Hellman parameter file already exists.");
 	}
 
 	return TRUE;
 }
 
-void ssl_check_parameters_file(bool foreground)
+void ssl_check_parameters_file(void)
 {
 	struct server_settings *server;
 
@@ -129,14 +110,14 @@
 
 	for (server = settings_root; server != NULL; server = server->next) {
 		if (server->defaults != NULL &&
-		    !check_parameters_file_set(server->defaults, foreground))
+		    !check_parameters_file_set(server->defaults))
 			break;
 	}
 }
 
 static void check_parameters_file_timeout(void *context __attr_unused__)
 {
-	ssl_check_parameters_file(FALSE);
+	ssl_check_parameters_file();
 }
 
 void ssl_init(void)
@@ -146,7 +127,7 @@
 	/* check every 10 mins */
 	to = timeout_add(600 * 1000, check_parameters_file_timeout, NULL);
 
-        ssl_check_parameters_file(FALSE);
+        ssl_check_parameters_file();
 }
 
 void ssl_deinit(void)
@@ -157,7 +138,7 @@
 #else
 
 void ssl_parameter_process_destroyed(pid_t pid __attr_unused__) {}
-void ssl_check_parameters_file(bool foreground __attr_unused__) {}
+void ssl_check_parameters_file(void) {}
 void ssl_init(void) {}
 void ssl_deinit(void) {}
 
diff -r ab1a0a377851 -r e93e39326ae1 src/master/ssl-init.h
--- a/src/master/ssl-init.h	Sun Feb 05 16:14:12 2006 +0200
+++ b/src/master/ssl-init.h	Sun Feb 05 20:00:15 2006 +0200
@@ -5,7 +5,7 @@
 
 void ssl_parameter_process_destroyed(pid_t pid);
 
-void ssl_check_parameters_file(bool foreground);
+void ssl_check_parameters_file(void);
 void _ssl_generate_parameters(int fd, const char *fname);
 
 void ssl_init(void);