rdelaage
/
gmid
mirror of https://github.com/omar-polo/gmid.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,261 Commits 2 Branches 31 Tags 6.5 MiB
Commit Graph

1261 Commits

Author SHA1 Message Date
Omar Polo 2cef5cf42a load_ca: get a buffer instead of a fd 
We dup(1) the ca fd and send it to various processes, so they fail
loading it.  Instead, use load_file to get a buffer with the file
content and pass that to load_ca which then loads via BIO.
 2023-06-12 21:27:24 +00:00
Omar Polo 89cfcb4569 simplify config_send_kp: use config_send_file 2023-06-12 21:09:49 +00:00
Omar Polo 5d160453f2 remove proc_ispeer() 
unused, and was dropped by other copies of proc.c; reduces the diff
with httpd' proc.c.
 2023-06-11 12:45:42 +00:00
Omar Polo ba290ef3af disable the privsep crypto engine on !OpenBSD 
it fails bandly at runtime on various linux distros and on freebsd.
Until a fix is found, disable it so I can move forward.
 2023-06-11 12:18:27 +00:00
Omar Polo 237095fd9a remove has_siginfo 
and wrap siginfo behind #ifdef SIGINFO.  avoids some warnings in !BSD.
 2023-06-11 11:36:31 +00:00
Omar Polo 1ef09e6313 add -Wpointer-sign to the mix 
It's not present in -W -Wall -Wextra on OpenBSD but it is enabled
on other systems.
 2023-06-11 11:33:38 +00:00
Omar Polo b8d68fc8e4 fixes for -Wpointer-sign 2023-06-11 11:31:22 +00:00
Omar Polo d1739e3f03 cast uint64_t to unsigned long long 2023-06-11 11:31:06 +00:00
Omar Polo ec96a0ad3b work around different signature for ecdsae_compute_key 2023-06-11 11:30:20 +00:00
Omar Polo 86693a33ab add a privsep crypto engine 
Incorporate the OpenSMTPD' privsep crypto engine.  The idea behind
it is to never load the certificate' private keys in a networked
process, instead they are loaded in a separate process (the `crypto'
one) which signs payloads on the behalf of the server processes.
This way, we greatly reduce the risk of leaking the certificate'
private key should the server process be compromised.

This currently compiles only on LibreSSL (portable fix is in the
way).
 2023-06-11 11:03:59 +00:00
Omar Polo f81a97b356 drop useless debug statement 2023-06-11 09:49:01 +00:00
Omar Polo 725457a9e4 move setproctitle/privsep_process earlier 
We don't always do privilege dropping (as we may start as unprivileged
user), so set these two beforehand so when we skip privdrop we don't
miss to set privsep_process and set the process' title.
 2023-06-11 09:26:16 +00:00
Omar Polo 4ad573d0d5 rework load_file to use pread() 
avoids issues since the same file is sent to multiple processes
after being dup()'ed.  Since these files are meant to be regular
files, I don't expect short reads.
 2023-06-11 09:21:34 +00:00
Omar Polo 1a99859b35 adjust how locations are received 2023-06-11 09:19:42 +00:00
Omar Polo 15e60fdf0c simplify ocsp sending using config_send_file 
while here add an explicit flush to avoid a fd rampage.
 2023-06-11 09:18:30 +00:00
Omar Polo 2e880a57f8 change config_send_file to take the process id as argument 
i.e. not hardcode PROC_SERVER
 2023-06-10 11:03:29 +00:00
Omar Polo 892f3a5cf8 gencert: use secp384r1 
prime256v1 should be perfectly fine for all I understand, but
OpenBSD' acme-client uses secp384r1 and who am I to disagree :)
 2023-06-09 20:43:12 +00:00
Omar Polo 7fff8aa6cb parse the config file only once 
Don't have all the processes read gmid.conf.  The parent needs to do
that, and the will send the config to the children (already
happening.)  The other processes were reading the config anyway to
figure out the user and the chroot (if enabled); make the parent pass
additional flag to propagate that info.

We dissociate a bit from the "usual" proc.c but it's a change worth
having.
 2023-06-09 17:50:28 +00:00
Omar Polo 5af19830c3 move print_conf and make it take the config as argument 2023-06-09 17:29:52 +00:00
Omar Polo 792f302ace use fatal/fatalx instead of err/errx in daemon code 2023-06-09 17:27:41 +00:00
Omar Polo 68368f4c29 parse_conf: don't die on error, return -1 
this avoids having the daemon dieing on SIGHUP with a bad config
file.
 2023-06-09 17:24:37 +00:00
Omar Polo af1dab1870 don't have the config being a global 2023-06-09 17:18:04 +00:00
Omar Polo e45334e6ae move hosts into the config struct 2023-06-09 16:54:04 +00:00
Omar Polo d273c0648d ignore and clean fcgi.sock 2023-06-09 10:51:24 +00:00
Omar Polo fe7cdaa479 fcgi-test: be less verbose 2023-06-09 10:47:20 +00:00
Omar Polo 9adeb26579 re-establish fastcgi test 2023-06-09 10:46:50 +00:00
Omar Polo 5d22294a59 move fastcgi from global var to the config struct 
while here also make them a list rather than a fixed-size array.
 2023-06-09 10:42:36 +00:00
Omar Polo 1962764c62 fix sandbox_server_process 
it does the unveil(2)ing based on the first config, which breaks
config-reloading.
 2023-06-09 10:40:08 +00:00
Omar Polo cd1ede6dd3 rework fcgi-test so that it binds a local socket 
still not re-enabled.
 2023-06-09 10:39:05 +00:00
Omar Polo deadd9e131 readd proxy certs and `require client ca' support 
Was temporarly disabled during the transition to real privsep.
While here, fix a memory leak when using `require client ca'.

Also, avoid leaking info about the parent address space layout to
server processes by not sending pointer values.
 2023-06-09 09:28:26 +00:00
Omar Polo c144b1b6f8 configure: look for WAIT_ANY 2023-06-08 19:46:06 +00:00
Omar Polo 309dab3a90 fix typo 2023-06-08 19:41:38 +00:00
Omar Polo fc440833ad provide sandbox_main_process on !OpenBSD 2023-06-08 19:41:25 +00:00
Omar Polo 9b89eaeb55 fix build of proc.c on !OpenBSD 2023-06-08 19:41:00 +00:00
Omar Polo 9b2587bb33 safety measure, explicitly memset config in config_init 2023-06-08 19:35:05 +00:00
Omar Polo 1c6967b33a keep cert/key/ocsp path as strings and don't send them via imsg 2023-06-08 19:34:49 +00:00
Omar Polo 49bd46a150 fix ge build 2023-06-08 19:30:26 +00:00
Omar Polo 8eeb992206 less logger.h 2023-06-08 19:30:10 +00:00
Omar Polo f5c8360ade fix previous 2023-06-08 19:24:37 +00:00
Omar Polo ca84625a7f remove foreground / verbose from config 
set them as global vars; rename foreground -> debug
 2023-06-08 17:29:08 +00:00
Omar Polo 85a575a444 remove forgotten include of logger.h 2023-06-08 17:28:33 +00:00
Omar Polo cbb7f9fc28 move logger() prototype to gmid.h and delete logger.h 2023-06-08 17:03:13 +00:00
Omar Polo 797c4609a9 make ge work again 2023-06-08 16:22:03 +00:00
Omar Polo 3886afceec make server_init and server_configure_done 'public' 
server_configure_done is the code we ran in IMSG_RECONF_END splitted
in a separate functions.

This is all needed for ge.c which doesn't do privsep but needs to
bootstrap the server process.
 2023-06-08 16:21:31 +00:00
Omar Polo 47b0ff105a move log_request to gmid.c 
so that ge can provide its own log_request without requiring a
separate logger process.
 2023-06-08 16:16:14 +00:00
Omar Polo 4f4937f06a move make_socket to config.c and make it private 2023-06-08 16:07:01 +00:00
Omar Polo fc9cc497e0 move some new_* functions from parse.y to utils.c 2023-06-08 15:59:53 +00:00
Omar Polo e69e1151f6 drop now unused dispatch_imsg 2023-06-08 15:57:11 +00:00
Omar Polo 2b4ef796d7 remove debug code 2023-06-08 15:47:03 +00:00
Omar Polo 61febd28af remove now unused ibuf variable 2023-06-08 15:44:34 +00:00