repo: tlswrap
action: commit
revision: 
path_from: 
revision_from: a9d11e8f560fe9e2370157a562f09d9c2744ee03:
path_to: 
revision_to:
git.thebackupbox.net
tlswrap
git clone git://git.thebackupbox.net/tlswrap
commit a9d11e8f560fe9e2370157a562f09d9c2744ee03
Author: epoch 
Date:   Mon Feb 28 02:24:59 2022 +0000

    tlswrap now sends the stderr of the child process to syslog

diff --git a/Makefile b/Makefile
index 91a9ed7ea9d1a636b227c658c1f1c42444d631c2..
index ..cad8319e005c854a4477f6227a74a71319492fe8 100644
--- a/Makefile
+++ b/Makefile
@@ -8,5 +8,5 @@ tlswrap: CFLAGS=-pedantic -Wall
 tlswrap: LDLIBS=-lssl -lcrypto
 tlswrap: tlswrap.c

-install:
+install: all
 	install -Dt $(PREFIX)/bin tlswrap
diff --git a/tlswrap.c b/tlswrap.c
index 2cae88d71f9a7ea5e06d4655e9b1748091907a3a..
index ..5e5e97046779e1d304cbb7bc7ac92d509838f833 100644
--- a/tlswrap.c
+++ b/tlswrap.c
@@ -158,8 +158,10 @@ int main(int argc,char *argv[]) {

   int a[2]; //a is subprocess's stdin, so need to read decrypted data from stdin and write to a[1]
   int b[2]; //b is subprocees's stdout, so need to read it, and give it to SSL to encrypt and push out.
+  int c[2]; //c is subprocess's stderr, so need to read it, and write lines to syslog.
   pipe(a);
   pipe(b);
+  pipe(c);

   SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, verify_callback);
   SSL_CTX_set_ecdh_auto(ctx, 1);
@@ -206,12 +208,14 @@ int main(int argc,char *argv[]) {
     x=dup(0);
     dup2(a[0],0);
     dup2(b[1],1);
-    dup2(b[1],2);//probably log this instead of sending through the ssl socket
+    dup2(c[1],2);
     close(a[0]);
     close(b[1]);
     close(a[1]);
     close(b[0]);
-    dup2(x,3);
+    close(c[0]);
+    close(c[1]);
+    dup2(x,3);//we're passing this to the child ONLY so it can do getpeername and stuff.
     execv(argv[0],argv);
   }
   if(child == -1) {
@@ -227,12 +231,14 @@ int main(int argc,char *argv[]) {
   FD_ZERO(&readfs);
   FD_SET(0,&master);//SSL is ready to be read from
   FD_SET(b[0],&master);//subprocess is ready to be read from
-  fdmax=b[0];
+  FD_SET(c[0],&master);
+  fdmax=b[0]>c[0]?b[0]:c[0];
   struct timeval *tout=NULL;
-  close(b[1]);
   close(a[0]);
+  close(b[1]);
+  close(c[1]);
   syslog(LOG_INFO,"entering select loop");
-  while(1) { //a select() brick that reads from ssl and writes to subprocess. then reads from subprocess and writes to ssl
+  while(1) { //a select() brick that reads from ssl and writes to subprocess and reads from subprocess and writes to ssl
     readfs=master;
     if((j=select(fdmax+1,&readfs,0,0,tout)) == -1 ) {
       syslog(LOG_INFO,"sslwrap error'd in select: %s",strerror(errno));
@@ -243,14 +249,16 @@ int main(int argc,char *argv[]) {
       write(a[1],buffer,r);
     }
     if(FD_ISSET(b[0],&readfs)) {
-      r2=read(b[0],buffer,sizeof(buffer));
-      if(r2 <= 0) break;
+      if((r2=read(b[0],buffer,sizeof(buffer))) <= 0) break;
       syslog(LOG_INFO,"read %d bytes from subprocess!",r2);
       SSL_write(ssl,buffer,r2);
     }
+    if(FD_ISSET(c[0],&readfs)) {
+      if((r2=read(c[0],buffer,sizeof(buffer)-1)) <= 0) break;
+      buffer[r2]=0;//gotta null this off sice we're passing to something that expects a string.
+      syslog(LOG_WARNING,"stderr: %s",buffer);
+    }
   }
-
-  //what do we do here?
   SSL_shutdown(ssl);
   SSL_free(ssl);
   EVP_cleanup();

-----END OF PAGE-----