Age | Commit message (Collapse) | Author |
|
We only honour the prefork at startup time.
|
|
|
|
|
|
otherwise the child processes still believet the prefork value is
3 and can end up reading/writing out of bounds when setting up the
sockets. Actually, server processes shouldn't create pipes to other
servers, but this is left for a follow-up diff.
Issue reported by la ninpre, thank you!
|
|
|
|
|
|
instead of making things more obscure via gmid_strnvis(), let's
just check for strnvis with -Werror so we can swap the OS broken
implementation with the bundled OpenBSD one.
|
|
|
|
with the privsep rework the config dumping was unadvertitely broken,
it prints the content of the key itself.
|
|
We should open the log file inside the chroot; missed in
4acf495f41d2c26136e99072293ca8b9bff91dc0.
See https://github.com/omar-polo/gmid/issues/24
|
|
Now gmid doesn't touch anymore the internals of the imsg structs.
|
|
so that we don't have to hardcode /etc in gmid.c. Helps on systems
like FreeBSD where the non-base programs are expected to look for
their config in /usr/local/etc.
|
|
The configtest checks try to open the root directories too, operation
that can fail when they're expected to be inside a chroot.
|
|
|
|
gg -> gemexp and better wording.
|
|
|
|
|
|
Attempt to do also a few more steps that were previously done only
at runtime. This can help verifying that the keypairs are matching
for example, but also that there are no typos in the path to the
root directories.
Was requested some time ago by Marian Mizik, thanks for the feature
request!
|
|
Was requested ages ago by Karl Jeacle, now that there is some better
support for configuring the logging there's no excuse to add this.
It helps with filtering from syslog.d / syslog.conf.
|
|
|
|
will be used in the future to log how much byte a titan request
uploaded.
|
|
|
|
|
|
add `log style <style>'; The old default is called `legacy' now, a
new default format is added called `condensed', and `common' and
`combined' to mimick Apache httpd and nginx (respectively) are also
added.
|
|
|
|
|
|
|
|
|
|
don't know what i was smoking when I wrote log_request() like that...
|
|
|
|
|
|
Listening by default on all the addresses is so bad I don't know
why I haven't changed this before. Anyway.
Add a `listen on $hostname port $port' syntax to the config file
and deprecate the old "port" and "ipv6" global setting. Still try
to honour them when no "listen on" directive is used for backward
compatibily, but this will go away in the next next version hopefully.
At the moment the `listen on' in server context don't filter the
host, i.e. one can still reach a host from a address not specified
in the corresponding `liste on', this will be added later.
|
|
|
|
|
|
Incorporate the OpenSMTPD' privsep crypto engine. The idea behind
it is to never load the certificate' private keys in a networked
process, instead they are loaded in a separate process (the `crypto'
one) which signs payloads on the behalf of the server processes.
This way, we greatly reduce the risk of leaking the certificate'
private key should the server process be compromised.
This currently compiles only on LibreSSL (portable fix is in the
way).
|
|
Don't have all the processes read gmid.conf. The parent needs to do
that, and the will send the config to the children (already
happening.) The other processes were reading the config anyway to
figure out the user and the chroot (if enabled); make the parent pass
additional flag to propagate that info.
We dissociate a bit from the "usual" proc.c but it's a change worth
having.
|
|
|
|
|
|
this avoids having the daemon dieing on SIGHUP with a bad config
file.
|
|
|
|
|
|
while here also make them a list rather than a fixed-size array.
|
|
set them as global vars; rename foreground -> debug
|
|
|
|
so that ge can provide its own log_request without requiring a
separate logger process.
|
|
|
|
It uses the 'common' proc.c from various OpenBSD-daemons.
gmid grew organically bit by bit and it was also the first place where I
tried to implement privsep. It wasn't done very well, in fact the
parent process (that retains root privileges) just fork()s a generation
of servers, all sharing *exactly* the same address space. No good!
Now, we fork() and re-exec() ourselves, so that each process has a fresh
address space.
Some features (require client ca for example) are temporarly disabled,
will be fixed in subsequent commits. The "ge" program is also
temporarly disabled as it needs tweaks to do privsep too.
|
|
|
|
|
|
|