rdelaage
/
gmid
mirror of https://github.com/omar-polo/gmid.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
426 Commits 2 Branches 28 Tags 5.5 MiB
Commit Graph

68 Commits

Author SHA1 Message Date
Omar Polo 62e001b067 move all sandbox-related code to sandbox.c 
while there, add capsicum for the logger process
 2021-03-20 08:42:08 +00:00
Omar Polo bc99d868bc refactoring: imsg everywhere 
use imsg to handle ALL kinds of IPC in gmid.  This simplifies and shorten the
code, and  makes everything more uniform too.
 2021-03-19 19:21:29 +00:00
Omar Polo 4604dc9671
move vhost_should_log call to server.c 
log.o is linked to some regress/ stuff.  Calling from there a vhost_*
function means that we should link the regress/stuff to server.o too
(and that would pull in other stuff...).  Moving the call is easier,
and also probably better.
 2021-02-23 13:43:33 +01:00
Omar Polo 793835cb26
add `log on/off' to enable/disable logs per-location 2021-02-23 13:43:24 +01:00
Omar Polo 6b191ed52a
tests and compat for imsg 2021-02-23 13:43:14 +01:00
Omar Polo c39b26d308 mark reschedule_write inline & static 2021-02-12 20:25:48 +00:00
Omar Polo eecad7a3ca other s/fnmatch/matches 2021-02-12 19:51:54 +00:00
Omar Polo 52418c8d82 fix various compilation errors 
Include gmid.h as first header in every file, as it then includes
config.h (that defines _GNU_SOURCE for instance).

Fix also a warning about unsigned vs signed const char pointers in
openssl.
 2021-02-12 12:47:20 +00:00
Omar Polo 3cb3dd4d42 accept4 -> accept 
accept4(2) isn't part of any standard (even though it'll be part in
the future) and raises warnings on some linux distro.  Moreover, we
don't have thread that may fork at any time, so doing a mark_nonblock
after isn't a big deal.
 2021-02-12 11:59:03 +00:00
Omar Polo 5e3285d52e typo 2021-02-12 11:34:17 +00:00
Omar Polo 98ee8406aa fix occurrence of (killed) load_file 2021-02-12 11:32:49 +00:00
Omar Polo 27b2fa9ae5 don't mmap 
Before we mmap(2) file for reading, and use a buffer to handle CGI
scripts.  Turns out, for sequential access over the whole mmap isn't
better than our loop on read.  This has also the additional advantage
that we can use handle_cgi (now handle_copy) for both files and CGI,
which is pretty cool.

This also fixes a nasty bug where we could hang a connection forever,
because we scheduled the wrong type of event (read on POLLOUT and
write on POLLIN, it's the other way around!)
 2021-02-12 11:27:33 +00:00
Omar Polo a6e689d745 fix config reload 
the old server processes would stick around waiting on the signals
events.  While there, also drop the `struct server_events' and define
events as globals.
 2021-02-12 08:50:25 +00:00
Omar Polo 49b73ba1ab fix "first location" bug 
reported by devel at datenbrei dot de.  The first location would
overwrite the default value for a server, triggering the "`foo' rule
specified more than once" error.  This also needed a small tweak on
how we match locations to avoid breaking other tests.
 2021-02-10 16:37:08 +00:00
Omar Polo 02be96c6dd add `require client ca' rule to require certs signed by a CA 2021-02-09 22:30:04 +00:00
Omar Polo 57ec3e776e refactor apply_block_return 
move the strip and fmt logic to their own function
 2021-02-08 20:50:30 +00:00
Omar Polo df58efff26 fix seccomp for the new event loop 
add/remove syscalls from the BPF filter and move sandbox() after
libevent initialisation
 2021-02-08 12:46:46 +00:00
Omar Polo abc007d2b3 rewrite main loop using libevent 2021-02-08 10:01:45 +00:00
Omar Polo b63e30ff44 define TLS_CLIENT_NOT_BEFORE/NOT_AFTER in CGI scripts 2021-02-07 21:47:01 +00:00
Omar Polo 3077ce5bee don't fprintf 2021-02-07 16:10:09 +00:00
Omar Polo 3abf91b0b4 improve logs management 2021-02-07 15:30:28 +00:00
Omar Polo cfb8a77fd4 handle also EAGAIN together with EWOULDBLOCK 2021-02-07 12:04:11 +00:00
Omar Polo e3ddf39095 add the ``entrypoint'' option 2021-02-06 18:28:43 +00:00
Omar Polo cd76162494 swap check in vhost_* fns 
it's faster (statistically speaking) to first compute if the option is
set and then fnmatch than the inverse.  This way we can avoid
unnecessary fnmatch.
 2021-02-06 17:31:03 +00:00
Omar Polo 6abda252e9 added ``block return'' and ``strip'' options 2021-02-06 17:22:37 +00:00
Omar Polo daac4a9452 fix auto index precedence 2021-02-06 14:36:26 +00:00
Omar Polo ca21e10043 reload configuration on SIGHUP 2021-02-04 13:23:15 +00:00
Omar Polo 1e3ef7ab4f use upper bound given by poll 
it's a waste to loop through all fds.  We know the *exact* number of
clients that needs attention, so use that information to limit the
looping.
 2021-02-03 21:14:48 +00:00
Omar Polo 9b8f5ed2c0 revert commit 346f28eeaa 
keep mark_nonblock in utils.c, as otherwise the build for the regress
suite will fail (mark_nonblock needs fatal which is in gmid.c, and
we can't link gmid.o with the regress suite...)
 2021-02-03 14:16:39 +00:00
Omar Polo 346f28eeaa move mark_nonblock to utils.c 2021-02-02 23:03:33 +00:00
Omar Polo fe40638928 mark various functions as static 
By marking all those function as static, the compiler is free to do
more optimizations.  In addition, those functions are not used outside
server.c
 2021-02-02 23:01:09 +00:00
Omar Polo 87f2b68b58 cgi now follows globbing rules 2021-02-02 22:38:35 +00:00
Omar Polo 5f715ce43f print the header in the directory listing 2021-02-02 09:48:32 +00:00
Omar Polo 35744950aa simplify handle_cgi 
Now that I got rid of the enum+switch, adding more state is easier.
Before, we used an hack to remember if we had read the CGI reply or
not (c->code = -1).

This introduces a new state, handle_cgi_reply that reads the CGI
script reply, logs it, and only then switches to handle_cgi.
handle_cgi itself is cleaner, now it only reads into c->sbuf and send
what it had red.

We even get, almost for free, the 42 error.  If read exists with -1 or
0 from in handle_cgi_reply, we return a proper error to the client.
We can extend this further in the future and also try to validate the
CGI reply (for now we're only looking for a \n).
 2021-02-01 22:04:51 +00:00
Omar Polo b06f80cdf4 switch to handle_open_conn right after handshake 
So we don't re-enter the handle_handsahke and re-do the loop on
fnmatch etc.  This way, once we're successfully past the handshake,
we'll re-enter no handle_open_conn.
 2021-02-01 20:27:08 +00:00
Omar Polo 112802ea31 client state machine: function pointers instead of enum+switch 2021-02-01 20:00:33 +00:00
Omar Polo 2fafa2d23e bring the CGI implementation in par with GLV-1.12556 2021-02-01 11:11:43 +00:00
Omar Polo b59f3cdd27 typo 2021-01-30 12:12:37 +00:00
Omar Polo 6016a593a3 invert the location precedence: first match wins 
It's how httpd(8) does it, and it allows us to call fnmatch less time
 2021-01-30 12:04:20 +00:00
Omar Polo a8d4a89770 don't ignore punycode errors when decoding SNI-provided servname 2021-01-29 17:29:14 +00:00
Omar Polo a2fd801327 puny_decode: set an error string 2021-01-29 17:11:03 +00:00
Omar Polo 90cb9eea8a don't log the SNI & matching 
I'll re-enable this when i'll improve the logging
 2021-01-28 16:28:44 +00:00
Omar Polo 22c6d6334d log info about SNI, punycode and matched vhost 2021-01-27 15:06:15 +00:00
Omar Polo caad03081b some null checks 2021-01-27 15:05:50 +00:00
Omar Polo c4f682f855 trim_req_iri: set error string 2021-01-27 15:05:16 +00:00
Omar Polo 3300cbe06a initial punycode support 2021-01-27 10:47:49 +00:00
Omar Polo 8443bff77a rework the configless mode: change flags and generate certs 2021-01-25 14:08:31 +00:00
Omar Polo 252908e6bb added support for location blocks 2021-01-24 18:53:26 +00:00
Omar Polo c8b7433918 added support for location blocks 2021-01-24 14:11:40 +00:00
Omar Polo 07b0a14218 void-ify some functions 
their return value is no longer used, it's only confusing at this point.
 2021-01-24 09:54:44 +00:00