aboutsummaryrefslogtreecommitdiff
path: root/config.c
AgeCommit message (Collapse)Author
2024-01-21convert remaining code to the imsg gettersOmar Polo
Now gmid doesn't touch anymore the internals of the imsg structs.
2024-01-21convert most of gmid to the new imsg APIsOmar Polo
Makes parsing and handling of imsgs simpler / clearer. only crypto.c is left as-is.
2024-01-21convert to use imsg_get_fd()Omar Polo
since proc_forward_imsg() never forwards a file descriptor (it's never called actually) just use -1 there.
2023-08-25ignore some errors from socket(2)Omar Polo
There's no much we can do if we resolv an IPv6 address but its support is disabled in the current kernel, so ignore and go ahead. Spotted while testing gmid i n a FreeBSD jail without IPv6.
2023-08-23enable privsep crypto on all systemsOmar Polo
now that we have a bundled libtls we can actually do this. Retain the knob to disable it "just in case".
2023-08-07unbreak config_test() when !use_privsep_cryptoOmar Polo
The new config_test() fails miserably when the privsep crypto engine is not enabled. As a temporary workaround, forcibly disable it during config_test() as we're not going to run anyway.
2023-08-07try hard at loading the configuration during conftest (-n)Omar Polo
Attempt to do also a few more steps that were previously done only at runtime. This can help verifying that the keypairs are matching for example, but also that there are no typos in the path to the root directories. Was requested some time ago by Marian Mizik, thanks for the feature request!
2023-08-07add `log syslog facility' to use a different syslog(3) facilityOmar Polo
Was requested ages ago by Karl Jeacle, now that there is some better support for configuring the logging there's no excuse to add this. It helps with filtering from syslog.d / syslog.conf.
2023-08-04set the default logging style back to legacyOmar Polo
I think the condensed is better but it'll need to change post 2.0 to accomodate for logging the number of bytes read in the body of a titan request (and it's weird to hardcode a zero there.) 2.0 will ship with the legacy logging style thus.
2023-08-03actually use the specified log styleOmar Polo
2023-07-26add log syslog off; don't turn syslog off when log access is specifiedOmar Polo
2023-07-24add ability to log to files with log access <path>Omar Polo
2023-07-23avoid use-after-freeOmar Polo
2023-07-23revamp fastcgi configuration: make it per-locationOmar Polo
this revamps the syntax in the configuration to better match httpd(8) (and in general be less weird) and to allow per-location fastcgi configurations. the bare `param' is now deprecated, but for compatibility it acts like `fastcgi param' would do now. Same story for `fastcgi <pathÂ>'.
2023-07-01rename do_accept() -> server_accept()Omar Polo
2023-06-24typoOmar Polo
2023-06-24load the certs per listening addressOmar Polo
2023-06-24send host addresses to the server processOmar Polo
2023-06-24better fd rampage avoidanceOmar Polo
flush imsg right in config_send_file()
2023-06-23implement `listen on'Omar Polo
Listening by default on all the addresses is so bad I don't know why I haven't changed this before. Anyway. Add a `listen on $hostname port $port' syntax to the config file and deprecate the old "port" and "ipv6" global setting. Still try to honour them when no "listen on" directive is used for backward compatibily, but this will go away in the next next version hopefully. At the moment the `listen on' in server context don't filter the host, i.e. one can still reach a host from a address not specified in the corresponding `liste on', this will be added later.
2023-06-12load_ca: get a buffer instead of a fdOmar Polo
We dup(1) the ca fd and send it to various processes, so they fail loading it. Instead, use load_file to get a buffer with the file content and pass that to load_ca which then loads via BIO.
2023-06-12simplify config_send_kp: use config_send_fileOmar Polo
2023-06-11disable the privsep crypto engine on !OpenBSDOmar Polo
it fails bandly at runtime on various linux distros and on freebsd. Until a fix is found, disable it so I can move forward.
2023-06-11add a privsep crypto engineOmar Polo
Incorporate the OpenSMTPD' privsep crypto engine. The idea behind it is to never load the certificate' private keys in a networked process, instead they are loaded in a separate process (the `crypto' one) which signs payloads on the behalf of the server processes. This way, we greatly reduce the risk of leaking the certificate' private key should the server process be compromised. This currently compiles only on LibreSSL (portable fix is in the way).
2023-06-11rework load_file to use pread()Omar Polo
avoids issues since the same file is sent to multiple processes after being dup()'ed. Since these files are meant to be regular files, I don't expect short reads.
2023-06-11adjust how locations are receivedOmar Polo
2023-06-11simplify ocsp sending using config_send_fileOmar Polo
while here add an explicit flush to avoid a fd rampage.
2023-06-10change config_send_file to take the process id as argumentOmar Polo
i.e. not hardcode PROC_SERVER
2023-06-09don't have the config being a globalOmar Polo
2023-06-09move hosts into the config structOmar Polo
2023-06-09move fastcgi from global var to the config structOmar Polo
while here also make them a list rather than a fixed-size array.
2023-06-09readd proxy certs and `require client ca' supportOmar Polo
Was temporarly disabled during the transition to real privsep. While here, fix a memory leak when using `require client ca'. Also, avoid leaking info about the parent address space layout to server processes by not sending pointer values.
2023-06-08safety measure, explicitly memset config in config_initOmar Polo
2023-06-08keep cert/key/ocsp path as strings and don't send them via imsgOmar Polo
2023-06-08fix previousOmar Polo
2023-06-08move make_socket to config.c and make it privateOmar Polo
2023-06-08rework the daemon to do fork+execOmar Polo
It uses the 'common' proc.c from various OpenBSD-daemons. gmid grew organically bit by bit and it was also the first place where I tried to implement privsep. It wasn't done very well, in fact the parent process (that retains root privileges) just fork()s a generation of servers, all sharing *exactly* the same address space. No good! Now, we fork() and re-exec() ourselves, so that each process has a fresh address space. Some features (require client ca for example) are temporarly disabled, will be fixed in subsequent commits. The "ge" program is also temporarly disabled as it needs tweaks to do privsep too.
2023-06-06move config-related code to config.cOmar Polo
reuse it in ge too.