Age | Commit message (Collapse) | Author |
|
Now gmid doesn't touch anymore the internals of the imsg structs.
|
|
Makes parsing and handling of imsgs simpler / clearer. only crypto.c
is left as-is.
|
|
since proc_forward_imsg() never forwards a file descriptor (it's
never called actually) just use -1 there.
|
|
There's no much we can do if we resolv an IPv6 address but its
support is disabled in the current kernel, so ignore and go ahead.
Spotted while testing gmid i n a FreeBSD jail without IPv6.
|
|
now that we have a bundled libtls we can actually do this. Retain
the knob to disable it "just in case".
|
|
The new config_test() fails miserably when the privsep crypto engine is
not enabled. As a temporary workaround, forcibly disable it during
config_test() as we're not going to run anyway.
|
|
Attempt to do also a few more steps that were previously done only
at runtime. This can help verifying that the keypairs are matching
for example, but also that there are no typos in the path to the
root directories.
Was requested some time ago by Marian Mizik, thanks for the feature
request!
|
|
Was requested ages ago by Karl Jeacle, now that there is some better
support for configuring the logging there's no excuse to add this.
It helps with filtering from syslog.d / syslog.conf.
|
|
I think the condensed is better but it'll need to change post 2.0
to accomodate for logging the number of bytes read in the body of
a titan request (and it's weird to hardcode a zero there.) 2.0
will ship with the legacy logging style thus.
|
|
|
|
|
|
|
|
|
|
this revamps the syntax in the configuration to better match httpd(8)
(and in general be less weird) and to allow per-location fastcgi
configurations.
the bare `param' is now deprecated, but for compatibility it acts
like `fastcgi param' would do now. Same story for `fastcgi <pathÂ>'.
|
|
|
|
|
|
|
|
|
|
flush imsg right in config_send_file()
|
|
Listening by default on all the addresses is so bad I don't know
why I haven't changed this before. Anyway.
Add a `listen on $hostname port $port' syntax to the config file
and deprecate the old "port" and "ipv6" global setting. Still try
to honour them when no "listen on" directive is used for backward
compatibily, but this will go away in the next next version hopefully.
At the moment the `listen on' in server context don't filter the
host, i.e. one can still reach a host from a address not specified
in the corresponding `liste on', this will be added later.
|
|
We dup(1) the ca fd and send it to various processes, so they fail
loading it. Instead, use load_file to get a buffer with the file
content and pass that to load_ca which then loads via BIO.
|
|
|
|
it fails bandly at runtime on various linux distros and on freebsd.
Until a fix is found, disable it so I can move forward.
|
|
Incorporate the OpenSMTPD' privsep crypto engine. The idea behind
it is to never load the certificate' private keys in a networked
process, instead they are loaded in a separate process (the `crypto'
one) which signs payloads on the behalf of the server processes.
This way, we greatly reduce the risk of leaking the certificate'
private key should the server process be compromised.
This currently compiles only on LibreSSL (portable fix is in the
way).
|
|
avoids issues since the same file is sent to multiple processes
after being dup()'ed. Since these files are meant to be regular
files, I don't expect short reads.
|
|
|
|
while here add an explicit flush to avoid a fd rampage.
|
|
i.e. not hardcode PROC_SERVER
|
|
|
|
|
|
while here also make them a list rather than a fixed-size array.
|
|
Was temporarly disabled during the transition to real privsep.
While here, fix a memory leak when using `require client ca'.
Also, avoid leaking info about the parent address space layout to
server processes by not sending pointer values.
|
|
|
|
|
|
|
|
|
|
It uses the 'common' proc.c from various OpenBSD-daemons.
gmid grew organically bit by bit and it was also the first place where I
tried to implement privsep. It wasn't done very well, in fact the
parent process (that retains root privileges) just fork()s a generation
of servers, all sharing *exactly* the same address space. No good!
Now, we fork() and re-exec() ourselves, so that each process has a fresh
address space.
Some features (require client ca for example) are temporarly disabled,
will be fixed in subsequent commits. The "ge" program is also
temporarly disabled as it needs tweaks to do privsep too.
|
|
reuse it in ge too.
|