ircd: support restarting ssld processes
Add REHASH SSLD (admins only) that starts new sslds and marks the existing ones as inactive until all their clients disconnect. Very useful whenever the SSL library has a vulnerability because new connections can use a new version of the library without disconnecting existing clients/servers. Add STATS S (admins only) to list ssld processes, status, and client count.
This commit is contained in:
Simon Arlott
William Pitcock
parent
dea27a087c
commit
eb1b303d56
6 changed files with 88 additions and 5 deletions
|
|
@ -66,6 +66,7 @@ struct _ssl_ctl
|
|||
pid_t pid;
|
||||
rb_dlink_list readq;
|
||||
rb_dlink_list writeq;
|
||||
uint8_t shutdown;
|
||||
uint8_t dead;
|
||||
};
|
||||
|
||||
|
|
@ -150,6 +151,31 @@ static time_t last_spin;
|
|||
static int ssld_wait = 0;
|
||||
|
||||
|
||||
void
|
||||
restart_ssld(void)
|
||||
{
|
||||
rb_dlink_node *ptr, *next;
|
||||
ssl_ctl_t *ctl;
|
||||
|
||||
RB_DLINK_FOREACH_SAFE(ptr, next, ssl_daemons.head)
|
||||
{
|
||||
ctl = ptr->data;
|
||||
if(ctl->dead)
|
||||
continue;
|
||||
if(ctl->shutdown)
|
||||
continue;
|
||||
ctl->shutdown = 1;
|
||||
ssld_count--;
|
||||
if(!ctl->cli_count)
|
||||
{
|
||||
rb_kill(ctl->pid, SIGKILL);
|
||||
free_ssl_daemon(ctl);
|
||||
}
|
||||
}
|
||||
|
||||
start_ssldaemon(ServerInfo.ssld_count, ServerInfo.ssl_cert, ServerInfo.ssl_private_key, ServerInfo.ssl_dh_params, ServerInfo.ssl_cipher_list);
|
||||
}
|
||||
|
||||
static void
|
||||
ssl_killall(void)
|
||||
{
|
||||
|
|
@ -161,8 +187,11 @@ ssl_killall(void)
|
|||
if(ctl->dead)
|
||||
continue;
|
||||
ctl->dead = 1;
|
||||
ssld_count--;
|
||||
if(!ctl->shutdown)
|
||||
ssld_count--;
|
||||
rb_kill(ctl->pid, SIGKILL);
|
||||
if(!ctl->cli_count)
|
||||
free_ssl_daemon(ctl);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -173,11 +202,15 @@ ssl_dead(ssl_ctl_t * ctl)
|
|||
return;
|
||||
|
||||
ctl->dead = 1;
|
||||
ssld_count--;
|
||||
rb_kill(ctl->pid, SIGKILL); /* make sure the process is really gone */
|
||||
ilog(L_MAIN, "ssld helper died - attempting to restart");
|
||||
sendto_realops_snomask(SNO_GENERAL, L_ALL, "ssld helper died - attempting to restart");
|
||||
start_ssldaemon(1, ServerInfo.ssl_cert, ServerInfo.ssl_private_key, ServerInfo.ssl_dh_params, ServerInfo.ssl_cipher_list);
|
||||
|
||||
if(!ctl->shutdown)
|
||||
{
|
||||
ssld_count--;
|
||||
ilog(L_MAIN, "ssld helper died - attempting to restart");
|
||||
sendto_realops_snomask(SNO_GENERAL, L_ALL, "ssld helper died - attempting to restart");
|
||||
start_ssldaemon(1, ServerInfo.ssl_cert, ServerInfo.ssl_private_key, ServerInfo.ssl_dh_params, ServerInfo.ssl_cipher_list);
|
||||
}
|
||||
}
|
||||
|
||||
static void
|
||||
|
|
@ -541,6 +574,8 @@ which_ssld(void)
|
|||
ctl = ptr->data;
|
||||
if(ctl->dead)
|
||||
continue;
|
||||
if(ctl->shutdown)
|
||||
continue;
|
||||
if(lowest == NULL)
|
||||
{
|
||||
lowest = ctl;
|
||||
|
|
@ -737,6 +772,11 @@ ssld_decrement_clicount(ssl_ctl_t * ctl)
|
|||
return;
|
||||
|
||||
ctl->cli_count--;
|
||||
if(ctl->shutdown && !ctl->cli_count)
|
||||
{
|
||||
ctl->dead = 1;
|
||||
rb_kill(ctl->pid, SIGKILL);
|
||||
}
|
||||
if(ctl->dead && !ctl->cli_count)
|
||||
{
|
||||
free_ssl_daemon(ctl);
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue