Commit Graph

724 Commits

Author SHA1 Message Date
Omar Polo
1bd706dc41 drop unsigned
it causes a cascade of warnings on some architectures.  Also, for what
we're doing here, the signed/unsigned property isn't important.
2021-07-09 12:56:59 +00:00
Omar Polo
528f37cd2d sync macro usage and mention the `include' keyword 2021-07-09 12:50:24 +00:00
Omar Polo
67f494057a @-macros, rollback changes to strings and optional semicolons
* expand $-macros as string, only the new @-macros get expanded as-is
* rollback changes to characters allowed in bare strings
* optional semicolons in optnl, useful for readable @-macros
2021-07-09 12:49:15 +00:00
Omar Polo
c39be742cf parsing: bring lots of goodies from OpenBSD' parse.y
This allows to solve the problem with the \n in the grammar (before
two following macro declaration were treated as invalid.  This also
brings in a nice `include' keyword.
2021-07-09 11:25:25 +00:00
Omar Polo
a5d822e542 typo 2021-07-09 08:12:05 +00:00
Omar Polo
be52e954c1 sync readme.md with sandbox.c 2021-07-09 08:11:57 +00:00
Omar Polo
3d132b2833 param' is forbidden inside location's too
and while there sort the list of disallowed rules.
2021-07-09 08:04:12 +00:00
Omar Polo
2b520ad595 misc improvements to the manual 2021-07-09 08:01:22 +00:00
Omar Polo
efacb859a7 change (again) the env/param separator: use '='
Given that env/param are new features of this release, no support for
the "old" syntax is needed.
2021-07-09 07:27:15 +00:00
Omar Polo
762b9b991f add => in env/param and `port' between hostname and port for fastcgi
In the same spite of the last commit, add the missing separators
between strings to avoid the auto-concat pitfalls.  `=>' is used to
separate between `env' and `param' arguments, while for `fastcgi' the
keyword `port' is required between the hostname/ip address and the
port (if provided).

Since `env', `param' and `fastcgi' are all new stuff, there's no need
to keep compatibility.
2021-07-09 08:30:55 +02:00
Omar Polo
ff954a3e76 typo... 2021-07-09 08:30:55 +02:00
Omar Polo
d19951cf03 rename mime MIME EXT' to map MIME to-ext EXT'
With the newish automatic string concatenation, options like `mime'
that accepts two strings as parameter start to become ambiguous: which
strings gets concatenated?  Instead of trying to document in the
manpage which argument(s) is subject to string concatenation, do the
concat always and introduce a separator.  In the case of mime,
`to-ext' now acts as a separator to distinguish.  While there, also
use a new keyword because it sounds better.

It's dead-easy to upgrade to the new configuration, possibly with some
sed magic, but for the moment the old `mime' form is preserved: (with
a warning!)  Will be dropped in the next release.
2021-07-09 08:30:55 +02:00
Omar Polo
d93c819182 use bsearch to match the keywords
not that it's a bottleneck, but it's fancier this way.
2021-07-09 08:30:55 +02:00
Omar Polo
bffa7daab8 provide a means to skip the runtime tests
Setting the environment variable SKIP_RUNTIME_TESTS to 1 will prevent
the runtime tests.  This is useful when running the tests inside a
sandbox.

based on a similar diff by Anna "CyberTailor"
2021-07-08 17:13:17 +02:00
Anna “CyberTailor”
8c9b8f487e replace add_{cflags,ldflags} with add_library 2021-07-08 16:56:29 +02:00
Anna “CyberTailor”
9c84a04f9c check freedesktop's libbsd 2021-07-08 16:55:58 +02:00
Anna “CyberTailor”
9797799ad4 regress/Makefile: add missing LDFLAGS 2021-07-08 16:55:08 +02:00
Omar Polo
2e2e189b01 PF_UNIX is not a valid protocol for socketpair
OpenBSD accept it, but FreeBSD disallows it.  PF_UNSPEC (or 0) should
be used instead.  The FastCGI bit in the regress suite still doesn't
work on FreeBSD, but at least now it starts.
2021-07-08 10:09:24 +00:00
Omar Polo
e7c6502bf3 don't leak a file descriptor
make sure we always close every fd in every possible code path; while
there, also add a log_err if fork(2) failed.
2021-07-08 09:40:23 +00:00
Omar Polo
a8a1f43921 style(9)-ify 2021-07-07 09:46:37 +00:00
Omar Polo
68ef117092 always append -W flags to CFLAGS 2021-07-07 09:19:24 +00:00
Omar Polo
8a50fc0330 initialize the logger early
Initialize the logger as soon as possible and log by default to
stderr.  With this, some (common?) errors are printed early instead of
ending up in syslog.

	# NB: this is in configless mode
	% ./gmid -p 80
	[2021-07-07 11:05:57] bind: Address already in use
	% ./gmid -p 81
	[2021-07-07 11:13:53] bind: Permission denied
	%
2021-07-07 09:18:24 +00:00
Omar Polo
d336aeafd4 refactor add_{cflags,ldflags} 2021-07-07 08:46:23 +00:00
Omar Polo
489e1655a0 add --enable-sandbox
patch from Anna "CyberTailor"

It's handy for helpers like ebuild's use_enable.

(the sandbox is still always enabled by default)
2021-07-07 08:43:33 +00:00
Omar Polo
1a572d4221 check libimsg too
patch from Anna "CyberTailor"
2021-07-07 08:41:27 +00:00
Omar Polo
af15474448 always append LDFLAGS and CFLAGS
Initial patch from Anna "CyberTailor", tweaked by me (drop guessing_*
and always append CFLAGS)
2021-07-07 08:38:19 +00:00
Omar Polo
321341f6c0 add -T timeout to gg; don't let the regress test hang 2021-07-06 13:09:24 +00:00
Omar Polo
6edcfca97f try to preserve as much as possible CFLAGS and LDFLAGS from env
but still try to autodetect with pkg-config if they aren't provided.

Passing CFLAGS/LDFLAGS from the command line will still override the
guessed ones.
2021-07-06 13:01:11 +00:00
Omar Polo
eb877bffaa explain the OpenBSD bit 2021-07-06 12:18:53 +00:00
Omar Polo
ca3f67564c don't log too much by default 2021-07-06 11:53:24 +00:00
Omar Polo
fb4102a5ff test macro expansion too 2021-07-06 11:52:28 +00:00
Omar Polo
3759d3eb56 show macro usage in the example 2021-07-06 11:41:24 +00:00
Omar Polo
7700ab07d3 fmt 2021-07-06 10:56:13 +00:00
Omar Polo
59c7ee13b4 fmt 2021-07-06 10:56:01 +00:00
Omar Polo
090b8a89fa gracefully shut down fastcgi backends
we need to delete the events associated with the backends, otherwise
the server process won't ever quit.

Here, we add a pending counter to every backend and shut down
immediately if they aren't handling any client; otherwise we try to
close them as soon as possible (i.e. when they close the connection to
the last connected client.)
2021-07-06 10:54:27 +00:00
Omar Polo
ea976e8743 don't let CGI scripts inherit our stderr
our stderr could have been sent to the logger process, so it may be
invalid.  Furthermore, in the future we may want to capture also the
stderr of the processes.
2021-07-06 10:48:59 +00:00
Omar Polo
ef945cf415 reset fcgi array in free_config
otherwise path, port and/or prog could become an invalid pointer.
2021-07-06 10:46:50 +00:00
Omar Polo
4aa1dd553a typo 2021-07-03 18:30:07 +00:00
Omar Polo
b24021d4a2 fix seccomp filter for ppc64le
before we matched ppc64le as ppc64 (which is big ending I presume), so
the seccomp filter would always kill gmid

#4 related
2021-07-03 17:38:50 +00:00
Omar Polo
7322a054f5 use -subj /CN=name when generating the keys for the tests
`printf | openssl` is ugly :/
2021-07-03 08:13:42 +00:00
Omar Polo
8bb8cf2ad4 configure: add --disable-sandbox
Calling `configure' with --disable-sandbox will disable the sandbox
support *completely* at compile time.  gmid will still complain at
compile time and during the startup.

Users shouldn't disable the sandbox if possible, but instead report
problem upstream so they get fixed (hopefully.)

#4 related
2021-07-02 09:26:59 +00:00
Omar Polo
137def5ff4 reworked seccomp filter
* SECCOMP_AUDIT_ARCH extended to support more architectures
* relax fcntl policy: allow the syscall regardless of the flags
* wrap every syscall in a ifdef, and add some (statx, fcntl64, ...)
  used in x86

Some bits were taken from dhcpcd[0], thanks!

#4 related


[0]: https://roy.marples.name/git/dhcpcd/blob/HEAD:/src/privsep-linux.c
2021-07-02 09:11:40 +00:00
Omar Polo
4f9a27603c revert 2c16dbd548 -- macro names can't be reserved words
While one can define a macro using a reserved word as name using
-Dname=val, inside the configuration file it'll fail.
2021-07-02 09:05:22 +00:00
Omar Polo
2c16dbd548 macro names can be reserved words 2021-06-29 16:49:38 +00:00
Omar Polo
4ede0fe495 fix macro example 2021-06-29 16:45:09 +00:00
Omar Polo
eaf7f776f1 document the c-like handling of strings 2021-06-29 16:44:17 +00:00
Omar Polo
bfb076ed7e don't expand macros inside the quotes
Now that we have this auto concat string thingy, macros can simply
expand to standalone strings in place, as single words.

Forgot to point it out in previous commits, but now we can

	cert = "/etc/keys"

	server "foo" {
		cert $cert "/foo.crt"
		...
	}
2021-06-29 16:35:06 +00:00
Omar Polo
7252049dd7 align 2021-06-29 16:10:40 +00:00
Omar Polo
98f5217822 [config] concat two or more strings next to each others 2021-06-29 16:10:10 +00:00
Omar Polo
8b743ddacb document macros: both -D and syntax 2021-06-29 14:19:35 +00:00