aboutsummaryrefslogtreecommitdiff
path: root/server.c
AgeCommit message (Collapse)Author
2024-03-12remove dead codeOmar Polo
2024-01-21convert remaining code to the imsg gettersOmar Polo
Now gmid doesn't touch anymore the internals of the imsg structs.
2024-01-09fix configtest with chrootOmar Polo
The configtest checks try to open the root directories too, operation that can fail when they're expected to be inside a chroot.
2023-08-28log ip address and port when tls_handshake failsOmar Polo
These connection are not otherwise logged and it could be helpful to track down the bad ip.
2023-08-11fix comment (ge -> gemexp)Omar Polo
2023-08-09don't call client_close() from fcgi/proxy bev handlersOmar Polo
We might end up calling client_close() from start_reply(), but that will free the fcgi/proxy bufferevent while they're still used on the stack. Instead, start_reply() only sets REQUEST_DONE and exits, returning the error eventually, so callers know when to stop.
2023-08-08move strip_path to utils.cOmar Polo
2023-08-03actually use the specified log styleOmar Polo
2023-07-23add `fastcgi off' to forceful skip fastcgi for a routeOmar Polo
2023-07-23revamp fastcgi configuration: make it per-locationOmar Polo
this revamps the syntax in the configuration to better match httpd(8) (and in general be less weird) and to allow per-location fastcgi configurations. the bare `param' is now deprecated, but for compatibility it acts like `fastcgi param' would do now. Same story for `fastcgi <pathÂ>'.
2023-07-01rename do_accept() -> server_accept()Omar Polo
2023-07-01change log_request to take the code and meta unpackedOmar Polo
don't know what i was smoking when I wrote log_request() like that...
2023-07-01change on fatalx -> log_warnxOmar Polo
we already check the validity of the format string, but still avoid a gratious fatal() at runtime.
2023-07-01rename fmt_sbuf -> fmtbuf; make the buffer explicitOmar Polo
2023-07-01avoid needless strlen()Omar Polo
2023-07-01simplify request handlingOmar Polo
get rid of check_path(), it's overly complicated. Instead, inline open_file() in client_read() and rework open_dir() to just use openat() instead of the complicate dance it was doing. Simplify open_dir() too in the process: if the directory entry for the index is not a regular file, pretend it doesn't exist.
2023-07-01use a function-local buffer for the canonical redirectOmar Polo
2023-06-26use snprintf() instead of chain of strlcpy/catOmar Polo
2023-06-26call getnameinfo() only once per requestOmar Polo
2023-06-24avoid gratious strlen; evbuffer_readln returns the lengthOmar Polo
2023-06-24plug memory leak in client_close_evOmar Polo
2023-06-24fix client_close_ev when tls_close() returns TLS_WANT_POLLIN/OUTOmar Polo
in those cases we need to reschedule the function and return, instead of going on with the cleanup.
2023-06-24properly handle handshake failuresOmar Polo
If a TLS handshake fails there's nothing we can do, so don't attempt to reply an error (the connected client is not speaking Gemini as it's not using TLS at all) and instead just close the connection. Fixes issue #13
2023-06-24copyright years++Omar Polo
2023-06-24remove unused global flagOmar Polo
2023-06-24don't match host if connecting from the wrong socketOmar Polo
limit how one given virtual host can be reached based on its `listen on' lists
2023-06-24load the certs per listening addressOmar Polo
2023-06-24send host addresses to the server processOmar Polo
2023-06-23implement `listen on'Omar Polo
Listening by default on all the addresses is so bad I don't know why I haven't changed this before. Anyway. Add a `listen on $hostname port $port' syntax to the config file and deprecate the old "port" and "ipv6" global setting. Still try to honour them when no "listen on" directive is used for backward compatibily, but this will go away in the next next version hopefully. At the moment the `listen on' in server context don't filter the host, i.e. one can still reach a host from a address not specified in the corresponding `liste on', this will be added later.
2023-06-23rename client->addr to raddr (remote address) and keep original lengthOmar Polo
2023-06-11disable the privsep crypto engine on !OpenBSDOmar Polo
it fails bandly at runtime on various linux distros and on freebsd. Until a fix is found, disable it so I can move forward.
2023-06-11remove has_siginfoOmar Polo
and wrap siginfo behind #ifdef SIGINFO. avoids some warnings in !BSD.
2023-06-11fixes for -Wpointer-signOmar Polo
2023-06-11add a privsep crypto engineOmar Polo
Incorporate the OpenSMTPD' privsep crypto engine. The idea behind it is to never load the certificate' private keys in a networked process, instead they are loaded in a separate process (the `crypto' one) which signs payloads on the behalf of the server processes. This way, we greatly reduce the risk of leaking the certificate' private key should the server process be compromised. This currently compiles only on LibreSSL (portable fix is in the way).
2023-06-11drop useless debug statementOmar Polo
2023-06-09don't have the config being a globalOmar Polo
2023-06-09move hosts into the config structOmar Polo
2023-06-09move fastcgi from global var to the config structOmar Polo
while here also make them a list rather than a fixed-size array.
2023-06-09readd proxy certs and `require client ca' supportOmar Polo
Was temporarly disabled during the transition to real privsep. While here, fix a memory leak when using `require client ca'. Also, avoid leaking info about the parent address space layout to server processes by not sending pointer values.
2023-06-08less logger.hOmar Polo
2023-06-08make server_init and server_configure_done 'public'Omar Polo
server_configure_done is the code we ran in IMSG_RECONF_END splitted in a separate functions. This is all needed for ge.c which doesn't do privsep but needs to bootstrap the server process.
2023-06-08remove debug codeOmar Polo
2023-06-08rework the daemon to do fork+execOmar Polo
It uses the 'common' proc.c from various OpenBSD-daemons. gmid grew organically bit by bit and it was also the first place where I tried to implement privsep. It wasn't done very well, in fact the parent process (that retains root privileges) just fork()s a generation of servers, all sharing *exactly* the same address space. No good! Now, we fork() and re-exec() ourselves, so that each process has a fresh address space. Some features (require client ca for example) are temporarly disabled, will be fixed in subsequent commits. The "ge" program is also temporarly disabled as it needs tweaks to do privsep too.
2023-06-06switch to the more usual log.cOmar Polo
2023-06-06rename log.[ch] to logger.[ch]Omar Polo
2023-06-05move and dedup the tls initalization in server.cOmar Polo
2023-06-05provide a more usual fatalOmar Polo
fatal usually appends the error string. Add 'fatalx' that doesn't. Fix callers and move the prototypes to log.h
2023-06-05move some server-related code to server.cOmar Polo
2023-05-08send capsicum/landlock/seccomp hack to ValhallaOmar Polo
2022-11-27typoOmar Polo