mirror of https://github.com/omar-polo/gmid.git
Compare commits
42 Commits
Author | SHA1 | Date |
---|---|---|
Omar Polo | 359c56ce35 | |
Omar Polo | c2dcb5fa6e | |
Omar Polo | 5d12e6a104 | |
Omar Polo | 0d8eb9b60c | |
Omar Polo | 5864f3ce3c | |
Omar Polo | 9536c8ca63 | |
Omar Polo | 40b71b6861 | |
Omar Polo | 42235e3fc2 | |
Omar Polo | f53f5e5fe1 | |
Omar Polo | 40ea7b163e | |
Omar Polo | be265175c6 | |
Omar Polo | 8aba5d8b21 | |
Omar Polo | 7c83689428 | |
Omar Polo | 248fb833f9 | |
Omar Polo | 0ed763b03d | |
Omar Polo | 9f1cce3d0e | |
Omar Polo | 8f543d941e | |
Omar Polo | acf244c516 | |
Anna “CyberTailor” | 53ad458e22 | |
Omar Polo | bb5a25d287 | |
Omar Polo | f862d389ff | |
Omar Polo | 574f71f7a3 | |
Omar Polo | ebe2e54900 | |
Omar Polo | ddb089c157 | |
Omar Polo | 3524375abe | |
Omar Polo | fe37d79200 | |
Omar Polo | 33a5425235 | |
Omar Polo | cd5e264f9d | |
Omar Polo | 0baf7066ac | |
Omar Polo | 83a2644bfb | |
Omar Polo | 4f3b85e6d7 | |
Omar Polo | 2a822b03ba | |
Omar Polo | 3f16db6263 | |
Omar Polo | 561b9f0067 | |
Omar Polo | aa2cb5c274 | |
Omar Polo | 63e6b0bd0c | |
Omar Polo | 6dec2ad700 | |
Omar Polo | b03e976aa2 | |
Anna “CyberTailor” | 6bce8180d9 | |
Omar Polo | 20fa7cded6 | |
Omar Polo | 2865452c40 | |
Omar Polo | 1ee636a45c |
10
.cirrus.yml
10
.cirrus.yml
|
@ -19,18 +19,18 @@ linux_arm_task:
|
|||
- make
|
||||
- make regress REGRESS_HOST="*"
|
||||
|
||||
freebsd_13_task:
|
||||
freebsd_14_task:
|
||||
freebsd_instance:
|
||||
image_family: freebsd-13-0
|
||||
test_script:
|
||||
- pkg install -y libevent libressl pkgconf
|
||||
image_family: freebsd-14-0
|
||||
install_script: pkg install -y libevent libressl pkgconf
|
||||
script:
|
||||
- ./configure CFLAGS='-O2 -pipe -Wno-deprecated-declarations' -Werror
|
||||
- make
|
||||
- make regress
|
||||
|
||||
mac_task:
|
||||
macos_instance:
|
||||
image: ghcr.io/cirruslabs/macos-ventura-xcode:latest
|
||||
image: ghcr.io/cirruslabs/macos-sonoma-xcode:latest
|
||||
test_script:
|
||||
- brew install libevent openssl libretls
|
||||
- PKG_CONFIG_PATH="$(brew --prefix openssl)/lib/pkgconfig" ./configure CFLAGS='-O2 -pipe -Wno-deprecated-declarations' -Werror
|
||||
|
|
40
ChangeLog
40
ChangeLog
|
@ -1,3 +1,43 @@
|
|||
2024-04-03 Omar Polo <op@omarpolo.com>
|
||||
|
||||
* configure: improve function checking in the configure
|
||||
* have/landlock.c: fix landlock test
|
||||
* gmid.c (main_print_conf): fix config dumping with -nn
|
||||
|
||||
2024-03-03 Omar Polo <op@omarpolo.com>
|
||||
|
||||
* gmid.c: fix `log access path' with a chroot
|
||||
|
||||
2024-01-30 Anna “CyberTailor”
|
||||
|
||||
* contrib/vim/indent/gmid.vim: fix indent
|
||||
|
||||
2024-01-30 Omar Polo <op@omarpolo.com>
|
||||
|
||||
* parse.y: don't make log styles reserved keywords. Unbreaks the
|
||||
example in the manpage with `common = ...'.
|
||||
|
||||
2024-01-26 Omar Polo <op@omarpolo.com>
|
||||
|
||||
* parse.y: rework grammar to allow the semicolon after
|
||||
variables/macros definition and top-level options
|
||||
|
||||
2024-01-24 Omar Polo <op@omarpolo.com>
|
||||
|
||||
* configure (VERSION): release 2.0.1
|
||||
|
||||
2024-01-21 Omar Polo <op@omarpolo.com>
|
||||
|
||||
* convert gmid to the new imsg API
|
||||
|
||||
2024-01-14 Anna “CyberTailor”
|
||||
|
||||
* configure: fix --mandir handling
|
||||
|
||||
2024-01-11 Omar Polo <op@omarpolo.com>
|
||||
|
||||
* configure (VERSION): release 2.0
|
||||
|
||||
2024-01-09 Anna “CyberTailor”
|
||||
|
||||
* contrib/vim/syntax/gmid.vim: update Vim syntax file
|
||||
|
|
2
Makefile
2
Makefile
|
@ -131,7 +131,7 @@ y.tab.c: parse.y
|
|||
lint:
|
||||
man -Tlint -Wstyle -l gmid.8 gmid.conf.5 gemexp.1 gg.1 titan.1
|
||||
|
||||
PUBKEY = keys/gmid-${VERSION}.pub
|
||||
PUBKEY = keys/gmid-2.0.pub
|
||||
PRIVKEY = set-PRIVKEY
|
||||
DISTFILES = .cirrus.yml .dockerignore .gitignore ChangeLog LICENSE \
|
||||
Makefile README.md config.c configure crypto.c dirs.c fcgi.c \
|
||||
|
|
100
config.c
100
config.c
|
@ -474,19 +474,20 @@ config_crypto_recv_kp(struct conf *conf, struct imsg *imsg)
|
|||
static struct pki *pki;
|
||||
uint8_t *d;
|
||||
size_t len;
|
||||
int fd;
|
||||
|
||||
/* XXX: check for duplicates */
|
||||
|
||||
if (imsg->fd == -1)
|
||||
fatalx("no fd for imsg %d", imsg->hdr.type);
|
||||
if ((fd = imsg_get_fd(imsg)) == -1)
|
||||
fatalx("%s: no fd for imsg %d", __func__, imsg_get_type(imsg));
|
||||
|
||||
switch (imsg->hdr.type) {
|
||||
switch (imsg_get_type(imsg)) {
|
||||
case IMSG_RECONF_CERT:
|
||||
if (pki != NULL)
|
||||
fatalx("imsg in wrong order; pki is not NULL");
|
||||
if ((pki = calloc(1, sizeof(*pki))) == NULL)
|
||||
fatal("calloc");
|
||||
if (load_file(imsg->fd, &d, &len) == -1)
|
||||
if (load_file(fd, &d, &len) == -1)
|
||||
fatalx("can't load file");
|
||||
if ((pki->hash = ssl_pubkey_hash(d, len)) == NULL)
|
||||
fatalx("failed to compute cert hash");
|
||||
|
@ -496,9 +497,9 @@ config_crypto_recv_kp(struct conf *conf, struct imsg *imsg)
|
|||
|
||||
case IMSG_RECONF_KEY:
|
||||
if (pki == NULL)
|
||||
fatalx("got key without cert beforehand %d",
|
||||
imsg->hdr.type);
|
||||
if (load_file(imsg->fd, &d, &len) == -1)
|
||||
fatalx("%s: RECONF_KEY: got key without cert",
|
||||
__func__);
|
||||
if (load_file(fd, &d, &len) == -1)
|
||||
fatalx("failed to load private key");
|
||||
if ((pki->pkey = ssl_load_pkey(d, len)) == NULL)
|
||||
fatalx("failed load private key");
|
||||
|
@ -529,11 +530,10 @@ config_recv(struct conf *conf, struct imsg *imsg)
|
|||
struct proxy *proxy;
|
||||
struct address *addr;
|
||||
uint8_t *d;
|
||||
size_t len, datalen;
|
||||
size_t len;
|
||||
int fd;
|
||||
|
||||
datalen = IMSG_DATA_SIZE(imsg);
|
||||
|
||||
switch (imsg->hdr.type) {
|
||||
switch (imsg_get_type(imsg)) {
|
||||
case IMSG_RECONF_START:
|
||||
config_purge(conf);
|
||||
h = NULL;
|
||||
|
@ -541,13 +541,14 @@ config_recv(struct conf *conf, struct imsg *imsg)
|
|||
break;
|
||||
|
||||
case IMSG_RECONF_LOG_FMT:
|
||||
IMSG_SIZE_CHECK(imsg, &conf->log_format);
|
||||
memcpy(&conf->log_format, imsg->data, datalen);
|
||||
if (imsg_get_data(imsg, &conf->log_format,
|
||||
sizeof(conf->log_format)) == -1)
|
||||
fatalx("bad length imsg LOG_FMT");
|
||||
break;
|
||||
|
||||
case IMSG_RECONF_MIME:
|
||||
IMSG_SIZE_CHECK(imsg, &m);
|
||||
memcpy(&m, imsg->data, datalen);
|
||||
if (imsg_get_data(imsg, &m, sizeof(m)) == -1)
|
||||
fatalx("bad length imsg RECONF_MIME");
|
||||
if (m.mime[sizeof(m.mime) - 1] != '\0' ||
|
||||
m.ext[sizeof(m.ext) - 1] != '\0')
|
||||
fatal("received corrupted IMSG_RECONF_MIME");
|
||||
|
@ -557,18 +558,19 @@ config_recv(struct conf *conf, struct imsg *imsg)
|
|||
break;
|
||||
|
||||
case IMSG_RECONF_PROTOS:
|
||||
IMSG_SIZE_CHECK(imsg, &conf->protos);
|
||||
memcpy(&conf->protos, imsg->data, datalen);
|
||||
if (imsg_get_data(imsg, &conf->protos, sizeof(conf->protos))
|
||||
== -1)
|
||||
fatalx("bad length imsg RECONF_PROTOS");
|
||||
break;
|
||||
|
||||
case IMSG_RECONF_SOCK:
|
||||
addr = xcalloc(1, sizeof(*addr));
|
||||
IMSG_SIZE_CHECK(imsg, addr);
|
||||
memcpy(addr, imsg->data, sizeof(*addr));
|
||||
if (imsg->fd == -1)
|
||||
if (imsg_get_data(imsg, addr, sizeof(*addr)) == -1)
|
||||
fatalx("bad length imsg RECONF_SOCK");
|
||||
if ((fd = imsg_get_fd(imsg)) == -1)
|
||||
fatalx("missing socket for IMSG_RECONF_SOCK");
|
||||
addr->conf = conf;
|
||||
addr->sock = imsg->fd;
|
||||
addr->sock = fd;
|
||||
event_set(&addr->evsock, addr->sock, EV_READ|EV_PERSIST,
|
||||
server_accept, addr);
|
||||
if ((addr->ctx = tls_server()) == NULL)
|
||||
|
@ -577,16 +579,16 @@ config_recv(struct conf *conf, struct imsg *imsg)
|
|||
break;
|
||||
|
||||
case IMSG_RECONF_FCGI:
|
||||
IMSG_SIZE_CHECK(imsg, fcgi);
|
||||
fcgi = xcalloc(1, sizeof(*fcgi));
|
||||
memcpy(fcgi, imsg->data, datalen);
|
||||
if (imsg_get_data(imsg, fcgi, sizeof(*fcgi)) == -1)
|
||||
fatalx("bad length imsg RECONF_FCGI");
|
||||
log_debug("received fcgi %s", fcgi->path);
|
||||
TAILQ_INSERT_TAIL(&conf->fcgi, fcgi, fcgi);
|
||||
break;
|
||||
|
||||
case IMSG_RECONF_HOST:
|
||||
IMSG_SIZE_CHECK(imsg, &vht);
|
||||
memcpy(&vht, imsg->data, datalen);
|
||||
if (imsg_get_data(imsg, &vht, sizeof(vht)) == -1)
|
||||
fatalx("bad length imsg RECONF_HOST");
|
||||
vh = new_vhost();
|
||||
strlcpy(vh->domain, vht.domain, sizeof(vh->domain));
|
||||
h = vh;
|
||||
|
@ -605,9 +607,9 @@ config_recv(struct conf *conf, struct imsg *imsg)
|
|||
fatalx("recv'd cert without host");
|
||||
if (h->cert != NULL)
|
||||
fatalx("cert already received");
|
||||
if (imsg->fd == -1)
|
||||
if ((fd = imsg_get_fd(imsg)) == -1)
|
||||
fatalx("no fd for IMSG_RECONF_CERT");
|
||||
if (load_file(imsg->fd, &h->cert, &h->certlen) == -1)
|
||||
if (load_file(fd, &h->cert, &h->certlen) == -1)
|
||||
fatalx("failed to load cert for %s",
|
||||
h->domain);
|
||||
break;
|
||||
|
@ -620,9 +622,9 @@ config_recv(struct conf *conf, struct imsg *imsg)
|
|||
fatalx("recv'd key without host");
|
||||
if (h->key != NULL)
|
||||
fatalx("key already received");
|
||||
if (imsg->fd == -1)
|
||||
if ((fd = imsg_get_fd(imsg)) == -1)
|
||||
fatalx("no fd for IMSG_RECONF_KEY");
|
||||
if (load_file(imsg->fd, &h->key, &h->keylen) == -1)
|
||||
if (load_file(fd, &h->key, &h->keylen) == -1)
|
||||
fatalx("failed to load key for %s",
|
||||
h->domain);
|
||||
break;
|
||||
|
@ -633,9 +635,9 @@ config_recv(struct conf *conf, struct imsg *imsg)
|
|||
fatalx("recv'd ocsp without host");
|
||||
if (h->ocsp != NULL)
|
||||
fatalx("ocsp already received");
|
||||
if (imsg->fd == -1)
|
||||
if ((fd = imsg_get_fd(imsg)) == -1)
|
||||
fatalx("no fd for IMSG_RECONF_OCSP");
|
||||
if (load_file(imsg->fd, &h->ocsp, &h->ocsplen) == -1)
|
||||
if (load_file(fd, &h->ocsp, &h->ocsplen) == -1)
|
||||
fatalx("failed to load ocsp for %s",
|
||||
h->domain);
|
||||
break;
|
||||
|
@ -644,22 +646,22 @@ config_recv(struct conf *conf, struct imsg *imsg)
|
|||
log_debug("receiving host addr");
|
||||
if (h == NULL)
|
||||
fatalx("recv'd host address withouth host");
|
||||
IMSG_SIZE_CHECK(imsg, addr);
|
||||
addr = xcalloc(1, sizeof(*addr));
|
||||
memcpy(addr, imsg->data, datalen);
|
||||
if (imsg_get_data(imsg, addr, sizeof(*addr)) == -1)
|
||||
fatalx("bad length imsg RECONF_HOST_ADDR");
|
||||
TAILQ_INSERT_TAIL(&h->addrs, addr, addrs);
|
||||
break;
|
||||
|
||||
case IMSG_RECONF_LOC:
|
||||
if (h == NULL)
|
||||
fatalx("recv'd location without host");
|
||||
IMSG_SIZE_CHECK(imsg, loc);
|
||||
loc = xcalloc(1, sizeof(*loc));
|
||||
memcpy(loc, imsg->data, datalen);
|
||||
if (imsg_get_data(imsg, loc, sizeof(*loc)) == -1)
|
||||
fatalx("bad length imsg RECONF_LOC");
|
||||
TAILQ_INIT(&loc->params);
|
||||
|
||||
if (imsg->fd != -1) {
|
||||
if (load_file(imsg->fd, &d, &len) == -1)
|
||||
if ((fd = imsg_get_fd(imsg)) != -1) {
|
||||
if (load_file(fd, &d, &len) == -1)
|
||||
fatal("load_file");
|
||||
loc->reqca = load_ca(d, len);
|
||||
if (loc->reqca == NULL)
|
||||
|
@ -674,18 +676,18 @@ config_recv(struct conf *conf, struct imsg *imsg)
|
|||
case IMSG_RECONF_ENV:
|
||||
if (l == NULL)
|
||||
fatalx("recv'd env without location");
|
||||
IMSG_SIZE_CHECK(imsg, env);
|
||||
env = xcalloc(1, sizeof(*env));
|
||||
memcpy(env, imsg->data, datalen);
|
||||
if (imsg_get_data(imsg, env, sizeof(*env)) == -1)
|
||||
fatalx("bad length imsg RECONF_ENV");
|
||||
TAILQ_INSERT_TAIL(&l->params, env, envs);
|
||||
break;
|
||||
|
||||
case IMSG_RECONF_ALIAS:
|
||||
if (h == NULL)
|
||||
fatalx("recv'd alias without host");
|
||||
IMSG_SIZE_CHECK(imsg, alias);
|
||||
alias = xcalloc(1, sizeof(*alias));
|
||||
memcpy(alias, imsg->data, datalen);
|
||||
if (imsg_get_data(imsg, alias, sizeof(*alias)) == -1)
|
||||
fatalx("bad length imsg RECONF_ALIAS");
|
||||
TAILQ_INSERT_TAIL(&h->aliases, alias, aliases);
|
||||
break;
|
||||
|
||||
|
@ -693,12 +695,12 @@ config_recv(struct conf *conf, struct imsg *imsg)
|
|||
log_debug("receiving proxy");
|
||||
if (h == NULL)
|
||||
fatalx("recv'd proxy without host");
|
||||
IMSG_SIZE_CHECK(imsg, proxy);
|
||||
proxy = xcalloc(1, sizeof(*proxy));
|
||||
memcpy(proxy, imsg->data, datalen);
|
||||
if (imsg_get_data(imsg, proxy, sizeof(*proxy)) == -1)
|
||||
fatalx("bad length imsg RECONF_PROXY");
|
||||
|
||||
if (imsg->fd != -1) {
|
||||
if (load_file(imsg->fd, &d, &len) == -1)
|
||||
if ((fd = imsg_get_fd(imsg)) != -1) {
|
||||
if (load_file(fd, &d, &len) == -1)
|
||||
fatal("load_file");
|
||||
proxy->reqca = load_ca(d, len);
|
||||
if (proxy->reqca == NULL)
|
||||
|
@ -716,9 +718,9 @@ config_recv(struct conf *conf, struct imsg *imsg)
|
|||
fatalx("recv'd proxy cert without proxy");
|
||||
if (p->cert != NULL)
|
||||
fatalx("proxy cert already received");
|
||||
if (imsg->fd == -1)
|
||||
if ((fd = imsg_get_fd(imsg)) == -1)
|
||||
fatalx("no fd for IMSG_RECONF_PROXY_CERT");
|
||||
if (load_file(imsg->fd, &p->cert, &p->certlen) == -1)
|
||||
if (load_file(fd, &p->cert, &p->certlen) == -1)
|
||||
fatalx("failed to load cert for proxy %s of %s",
|
||||
p->host, h->domain);
|
||||
break;
|
||||
|
@ -729,9 +731,9 @@ config_recv(struct conf *conf, struct imsg *imsg)
|
|||
fatalx("recv'd proxy key without proxy");
|
||||
if (p->key != NULL)
|
||||
fatalx("proxy key already received");
|
||||
if (imsg->fd == -1)
|
||||
if ((fd = imsg_get_fd(imsg)) == -1)
|
||||
fatalx("no fd for IMSG_RECONF_PROXY_KEY");
|
||||
if (load_file(imsg->fd, &p->key, &p->keylen) == -1)
|
||||
if (load_file(fd, &p->key, &p->keylen) == -1)
|
||||
fatalx("failed to load key for proxy %s of %s",
|
||||
p->host, h->domain);
|
||||
break;
|
||||
|
|
|
@ -19,7 +19,7 @@
|
|||
set -e
|
||||
|
||||
RELEASE=no
|
||||
VERSION=2.0
|
||||
VERSION=2.0.2-current
|
||||
|
||||
usage()
|
||||
{
|
||||
|
@ -59,6 +59,10 @@ CDIAGFLAGS="${CDIAGFLAGS} -Wsign-compare -Wno-unused-parameter" # -Wshadow
|
|||
CDIAGFLAGS="${CDIAGFLAGS} -Wno-missing-field-initializers"
|
||||
CDIAGFLAGS="${CDIAGFLAGS} -Wno-pointer-sign"
|
||||
|
||||
# On all OSes except OpenBSD use the bundled one. It may crash at
|
||||
# runtime otherwise since we depend on the libtls internals for the
|
||||
# privsep crypto engine.
|
||||
# See <https://codeberg.org/op/gmid/issues/2>.
|
||||
LIBTLS=bundled # or system
|
||||
if [ "$(uname || true)" = OpenBSD ]; then
|
||||
LIBTLS=system
|
||||
|
@ -120,6 +124,7 @@ while [ $# -gt 0 ]; do
|
|||
DISABLE_SANDBOX) DISABLE_SANDBOX="$val" ;;
|
||||
INSTALL) INSTALL="$val" ;;
|
||||
LDFLAGS) LDFLAGS="$val" ;;
|
||||
MANDIR) MANDIR="$val" ;;
|
||||
PKG_CONFIG) PKG_CONFIG="$val" ;;
|
||||
PREFIX) PREFIX="$val" ;;
|
||||
SYSCONFDIR) SYSCONFDIR="$val" ;;
|
||||
|
@ -141,7 +146,7 @@ NEED_OPENBSD_SOURCE=0
|
|||
NEED_LIBBSD_OPENBSD_VIS=0
|
||||
|
||||
COMPATS=
|
||||
COMP="${CC} ${CFLAGS} -Wno-unused -Werror"
|
||||
COMP="${CC} ${CFLAGS} -Werror=implicit-function-declaration"
|
||||
|
||||
# singletest name var extra-cflags extra-libs msg
|
||||
singletest() {
|
||||
|
|
|
@ -6,8 +6,6 @@ Wants=network-online.target
|
|||
|
||||
[Service]
|
||||
Type=simple
|
||||
User=gmid
|
||||
Group=nobody
|
||||
ExecStart=/usr/local/bin/gmid -f -c /etc/gmid.conf
|
||||
ExecStop=/bin/kill -TERM $MAINPID
|
||||
ExecReload=/bin/kill -HUP $MAINPID
|
||||
|
|
|
@ -9,3 +9,5 @@ setlocal indentexpr=
|
|||
setlocal cindent
|
||||
" Just make sure that the comments are not reset as defs would be.
|
||||
setlocal cinkeys-=0#
|
||||
" And indentation works correctly without semicolons.
|
||||
setlocal cinoptions=+0
|
||||
|
|
120
crypto.c
120
crypto.c
|
@ -80,7 +80,7 @@ crypto_init(struct privsep *ps, struct privsep_proc *p, void *arg)
|
|||
static int
|
||||
crypto_dispatch_parent(int fd, struct privsep_proc *p, struct imsg *imsg)
|
||||
{
|
||||
switch (imsg->hdr.type) {
|
||||
switch (imsg_get_type(imsg)) {
|
||||
case IMSG_RECONF_START:
|
||||
case IMSG_RECONF_CERT:
|
||||
case IMSG_RECONF_KEY:
|
||||
|
@ -117,25 +117,25 @@ crypto_dispatch_server(int fd, struct privsep_proc *p, struct imsg *imsg)
|
|||
EVP_PKEY *pkey;
|
||||
struct imsg_crypto_req req;
|
||||
struct imsg_crypto_res res;
|
||||
struct ibuf ibuf;
|
||||
struct iovec iov[2];
|
||||
const void *from;
|
||||
unsigned char *data, *to;
|
||||
size_t datalen;
|
||||
int n, ret;
|
||||
unsigned char *to;
|
||||
int n, ret, type;
|
||||
unsigned int len;
|
||||
pid_t pid;
|
||||
|
||||
data = imsg->data;
|
||||
datalen = IMSG_DATA_SIZE(imsg);
|
||||
if (imsg_get_ibuf(imsg, &ibuf) == -1)
|
||||
fatalx("%s: couldn't get an ibuf", __func__);
|
||||
|
||||
switch (imsg->hdr.type) {
|
||||
pid = imsg_get_pid(imsg);
|
||||
switch (type = imsg_get_type(imsg)) {
|
||||
case IMSG_CRYPTO_RSA_PRIVENC:
|
||||
case IMSG_CRYPTO_RSA_PRIVDEC:
|
||||
if (datalen < sizeof(req))
|
||||
fatalx("size mismatch for imsg %d", imsg->hdr.type);
|
||||
memcpy(&req, data, sizeof(req));
|
||||
if (datalen != sizeof(req) + req.flen)
|
||||
fatalx("size mismatch for imsg %d", imsg->hdr.type);
|
||||
from = data + sizeof(req);
|
||||
if (ibuf_get(&ibuf, &req, sizeof(req)) == -1 ||
|
||||
ibuf_size(&ibuf) != req.flen)
|
||||
fatalx("size mismatch for imsg %d", type);
|
||||
from = ibuf_data(&ibuf);
|
||||
|
||||
if ((pkey = get_pkey(req.hash)) == NULL ||
|
||||
(rsa = EVP_PKEY_get1_RSA(pkey)) == NULL)
|
||||
|
@ -144,7 +144,7 @@ crypto_dispatch_server(int fd, struct privsep_proc *p, struct imsg *imsg)
|
|||
if ((to = calloc(1, req.tlen)) == NULL)
|
||||
fatal("calloc");
|
||||
|
||||
if (imsg->hdr.type == IMSG_CRYPTO_RSA_PRIVENC)
|
||||
if (type == IMSG_CRYPTO_RSA_PRIVENC)
|
||||
ret = RSA_private_encrypt(req.flen, from,
|
||||
to, rsa, req.padding);
|
||||
else
|
||||
|
@ -168,12 +168,12 @@ crypto_dispatch_server(int fd, struct privsep_proc *p, struct imsg *imsg)
|
|||
n++;
|
||||
}
|
||||
|
||||
log_debug("replying to server #%d", imsg->hdr.pid);
|
||||
if (proc_composev_imsg(ps, PROC_SERVER, imsg->hdr.pid - 1,
|
||||
imsg->hdr.type, 0, -1, iov, n) == -1)
|
||||
log_debug("replying to server #%d", pid);
|
||||
if (proc_composev_imsg(ps, PROC_SERVER, pid - 1,
|
||||
type, 0, -1, iov, n) == -1)
|
||||
fatal("proc_composev_imsg");
|
||||
|
||||
if (proc_flush_imsg(ps, PROC_SERVER, imsg->hdr.pid - 1) == -1)
|
||||
if (proc_flush_imsg(ps, PROC_SERVER, pid - 1) == -1)
|
||||
fatal("proc_flush_imsg");
|
||||
|
||||
free(to);
|
||||
|
@ -181,12 +181,10 @@ crypto_dispatch_server(int fd, struct privsep_proc *p, struct imsg *imsg)
|
|||
break;
|
||||
|
||||
case IMSG_CRYPTO_ECDSA_SIGN:
|
||||
if (datalen < sizeof(req))
|
||||
fatalx("size mismatch for imsg %d", imsg->hdr.type);
|
||||
memcpy(&req, data, sizeof(req));
|
||||
if (datalen != sizeof(req) + req.flen)
|
||||
fatalx("size mismatch for imsg %d", imsg->hdr.type);
|
||||
from = data + sizeof(req);
|
||||
if (ibuf_get(&ibuf, &req, sizeof(req)) == -1 ||
|
||||
ibuf_size(&ibuf) != req.flen)
|
||||
fatalx("size mismatch for imsg %d", type);
|
||||
from = ibuf_data(&ibuf);
|
||||
|
||||
if ((pkey = get_pkey(req.hash)) == NULL ||
|
||||
(ecdsa = EVP_PKEY_get1_EC_KEY(pkey)) == NULL)
|
||||
|
@ -214,12 +212,12 @@ crypto_dispatch_server(int fd, struct privsep_proc *p, struct imsg *imsg)
|
|||
n++;
|
||||
}
|
||||
|
||||
log_debug("replying to server #%d", imsg->hdr.pid);
|
||||
if (proc_composev_imsg(ps, PROC_SERVER, imsg->hdr.pid - 1,
|
||||
imsg->hdr.type, 0, -1, iov, n) == -1)
|
||||
log_debug("replying to server #%d", pid);
|
||||
if (proc_composev_imsg(ps, PROC_SERVER, pid - 1,
|
||||
type, 0, -1, iov, n) == -1)
|
||||
fatal("proc_composev_imsg");
|
||||
|
||||
if (proc_flush_imsg(ps, PROC_SERVER, imsg->hdr.pid - 1) == -1)
|
||||
if (proc_flush_imsg(ps, PROC_SERVER, pid - 1) == -1)
|
||||
fatal("proc_flush_imsg");
|
||||
|
||||
free(to);
|
||||
|
@ -251,14 +249,13 @@ rsae_send_imsg(int flen, const unsigned char *from, unsigned char *to,
|
|||
struct imsgev *iev;
|
||||
struct privsep_proc *p;
|
||||
struct privsep *ps = conf->ps;
|
||||
struct imsgbuf *ibuf;
|
||||
struct imsgbuf *imsgbuf;
|
||||
struct imsg imsg;
|
||||
struct ibuf ibuf;
|
||||
int ret = 0;
|
||||
int n, done = 0;
|
||||
const void *toptr;
|
||||
char *hash;
|
||||
unsigned char *data;
|
||||
size_t datalen;
|
||||
|
||||
if ((hash = RSA_get_ex_data(rsa, 0)) == NULL)
|
||||
return (0);
|
||||
|
@ -289,56 +286,52 @@ rsae_send_imsg(int flen, const unsigned char *from, unsigned char *to,
|
|||
|
||||
iev = ps->ps_ievs[PROC_CRYPTO];
|
||||
p = iev->proc;
|
||||
ibuf = &iev->ibuf;
|
||||
imsgbuf = &iev->ibuf;
|
||||
|
||||
while (!done) {
|
||||
if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN)
|
||||
if ((n = imsg_read(imsgbuf)) == -1 && errno != EAGAIN)
|
||||
fatalx("imsg_read");
|
||||
if (n == 0)
|
||||
fatalx("pipe closed");
|
||||
|
||||
while (!done) {
|
||||
if ((n = imsg_get(ibuf, &imsg)) == -1)
|
||||
if ((n = imsg_get(imsgbuf, &imsg)) == -1)
|
||||
fatalx("imsg_get error");
|
||||
if (n == 0)
|
||||
break;
|
||||
|
||||
#if DEBUG > 1
|
||||
log_debug(
|
||||
"%s: %s %d got imsg %d peerid %d from %s %d",
|
||||
__func__, title, 1, imsg.hdr.type,
|
||||
imsg.hdr.peerid, "crypto", imsg.hdr.pid);
|
||||
"%s: %s %d got imsg %d id %d from %s %d",
|
||||
__func__, title, 1, imsg_get_type(&imsg),
|
||||
imsg_get_id(&imsg), "crypto", imsg_get_pid(&imsg));
|
||||
#endif
|
||||
|
||||
if ((p->p_cb)(ibuf->fd, p, &imsg) == 0) {
|
||||
if ((p->p_cb)(imsgbuf->fd, p, &imsg) == 0) {
|
||||
/* Message was handled by the callback */
|
||||
imsg_free(&imsg);
|
||||
continue;
|
||||
}
|
||||
|
||||
switch (imsg.hdr.type) {
|
||||
switch (imsg_get_type(&imsg)) {
|
||||
case IMSG_CRYPTO_RSA_PRIVENC:
|
||||
case IMSG_CRYPTO_RSA_PRIVDEC:
|
||||
break;
|
||||
default:
|
||||
fatalx("%s: %s %d got invalid imsg %d"
|
||||
" peerid %d from %s %d",
|
||||
" id %d from %s %d",
|
||||
__func__, "server", ps->ps_instance + 1,
|
||||
imsg.hdr.type, imsg.hdr.peerid,
|
||||
"crypto", imsg.hdr.pid);
|
||||
imsg_get_type(&imsg), imsg_get_id(&imsg),
|
||||
"crypto", imsg_get_pid(&imsg));
|
||||
}
|
||||
|
||||
data = imsg.data;
|
||||
datalen = IMSG_DATA_SIZE(&imsg);
|
||||
if (datalen < sizeof(res))
|
||||
fatalx("size mismatch for imsg %d",
|
||||
imsg.hdr.type);
|
||||
memcpy(&res, data, sizeof(res));
|
||||
if (datalen != sizeof(res) + res.ret)
|
||||
if (imsg_get_ibuf(&imsg, &ibuf) == -1 ||
|
||||
ibuf_get(&ibuf, &res, sizeof(res)) == -1 ||
|
||||
(int)ibuf_size(&ibuf) != res.ret)
|
||||
fatalx("size mismatch for imsg %d",
|
||||
imsg.hdr.type);
|
||||
ret = res.ret;
|
||||
toptr = data + sizeof(res);
|
||||
toptr = ibuf_data(&ibuf);
|
||||
|
||||
if (res.id != reqid)
|
||||
fatalx("invalid id; got %llu, want %llu",
|
||||
|
@ -399,13 +392,12 @@ ecdsae_send_enc_imsg(const unsigned char *dgst, int dgst_len,
|
|||
struct imsgev *iev;
|
||||
struct privsep_proc *p;
|
||||
struct privsep *ps = conf->ps;
|
||||
struct imsgbuf *ibuf;
|
||||
struct imsgbuf *imsgbuf;
|
||||
struct imsg imsg;
|
||||
struct ibuf ibuf;
|
||||
int n, done = 0;
|
||||
const void *toptr;
|
||||
char *hash;
|
||||
unsigned char *data;
|
||||
size_t datalen;
|
||||
|
||||
if ((hash = EC_KEY_get_ex_data(eckey, 0)) == NULL)
|
||||
return (0);
|
||||
|
@ -434,16 +426,16 @@ ecdsae_send_enc_imsg(const unsigned char *dgst, int dgst_len,
|
|||
|
||||
iev = ps->ps_ievs[PROC_CRYPTO];
|
||||
p = iev->proc;
|
||||
ibuf = &iev->ibuf;
|
||||
imsgbuf = &iev->ibuf;
|
||||
|
||||
while (!done) {
|
||||
if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN)
|
||||
if ((n = imsg_read(imsgbuf)) == -1 && errno != EAGAIN)
|
||||
fatalx("imsg_read");
|
||||
if (n == 0)
|
||||
fatalx("pipe closed");
|
||||
|
||||
while (!done) {
|
||||
if ((n = imsg_get(ibuf, &imsg)) == -1)
|
||||
if ((n = imsg_get(imsgbuf, &imsg)) == -1)
|
||||
fatalx("imsg_get error");
|
||||
if (n == 0)
|
||||
break;
|
||||
|
@ -456,7 +448,8 @@ ecdsae_send_enc_imsg(const unsigned char *dgst, int dgst_len,
|
|||
#endif
|
||||
|
||||
if (imsg.hdr.type != IMSG_CRYPTO_ECDSA_SIGN &&
|
||||
crypto_dispatch_server(ibuf->fd, p, &imsg) == 0) {
|
||||
crypto_dispatch_server(imsgbuf->fd, p, &imsg)
|
||||
== 0) {
|
||||
/* Message was handled by the callback */
|
||||
imsg_free(&imsg);
|
||||
continue;
|
||||
|
@ -469,16 +462,13 @@ ecdsae_send_enc_imsg(const unsigned char *dgst, int dgst_len,
|
|||
imsg.hdr.type, imsg.hdr.peerid,
|
||||
"crypto", imsg.hdr.pid);
|
||||
|
||||
data = imsg.data;
|
||||
datalen = IMSG_DATA_SIZE(&imsg);
|
||||
if (datalen < sizeof(res))
|
||||
if (imsg_get_ibuf(&imsg, &ibuf) == -1 ||
|
||||
ibuf_get(&ibuf, &res, sizeof(res)) == -1 ||
|
||||
ibuf_size(&ibuf) != res.len)
|
||||
fatalx("size mismatch for imsg %d",
|
||||
imsg.hdr.type);
|
||||
memcpy(&res, data, sizeof(res));
|
||||
if (datalen != sizeof(res) + res.len)
|
||||
fatalx("size mismatch for imsg %d",
|
||||
imsg.hdr.type);
|
||||
toptr = data + sizeof(res);
|
||||
|
||||
toptr = ibuf_data(&ibuf);
|
||||
|
||||
if (res.id != reqid)
|
||||
fatalx("invalid response id");
|
||||
|
|
7
gmid.8
7
gmid.8
|
@ -1,4 +1,4 @@
|
|||
.\" Copyright (c) 2021, 2022, 2023 Omar Polo <op@omarpolo.com>
|
||||
.\" Copyright (c) 2021, 2022, 2023, 2024 Omar Polo <op@omarpolo.com>
|
||||
.\"
|
||||
.\" Permission to use, copy, modify, and distribute this software for any
|
||||
.\" purpose with or without fee is hereby granted, provided that the above
|
||||
|
@ -11,7 +11,7 @@
|
|||
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
.Dd October 20, 2023
|
||||
.Dd April 27, 2024
|
||||
.Dt GMID 8
|
||||
.Os
|
||||
.Sh NAME
|
||||
|
@ -52,7 +52,8 @@ Overrides the definition of
|
|||
.Ar macro
|
||||
in the config file if present.
|
||||
.It Fl f
|
||||
Stays and logs on the foreground.
|
||||
Do not daemonize.
|
||||
Stay and log in the foreground.
|
||||
.It Fl h , Fl -help
|
||||
Print the usage and exit.
|
||||
.It Fl n
|
||||
|
|
12
gmid.c
12
gmid.c
|
@ -412,7 +412,7 @@ main_send_logfd(struct conf *conf)
|
|||
goto done;
|
||||
}
|
||||
|
||||
fd = open(conf->log_access, O_WRONLY|O_CREAT|O_APPEND, 0600);
|
||||
fd = open(path, O_WRONLY|O_CREAT|O_APPEND, 0600);
|
||||
if (fd == -1)
|
||||
log_warn("can't open %s", conf->log_access);
|
||||
}
|
||||
|
@ -526,7 +526,7 @@ main_dispatch_server(int fd, struct privsep_proc *p, struct imsg *imsg)
|
|||
struct privsep *ps = p->p_ps;
|
||||
struct conf *conf = ps->ps_env;
|
||||
|
||||
switch (imsg->hdr.type) {
|
||||
switch (imsg_get_type(imsg)) {
|
||||
case IMSG_RECONF_DONE:
|
||||
main_configure_done(conf);
|
||||
break;
|
||||
|
@ -543,7 +543,7 @@ main_dispatch_crypto(int fd, struct privsep_proc *p, struct imsg *imsg)
|
|||
struct privsep *ps = p->p_ps;
|
||||
struct conf *conf = ps->ps_env;
|
||||
|
||||
switch (imsg->hdr.type) {
|
||||
switch (imsg_get_type(imsg)) {
|
||||
case IMSG_RECONF_DONE:
|
||||
main_configure_done(conf);
|
||||
break;
|
||||
|
@ -560,7 +560,7 @@ main_dispatch_logger(int fd, struct privsep_proc *p, struct imsg *imsg)
|
|||
struct privsep *ps = p->p_ps;
|
||||
struct conf *conf = ps->ps_env;
|
||||
|
||||
switch (imsg->hdr.type) {
|
||||
switch (imsg_get_type(imsg)) {
|
||||
case IMSG_RECONF_DONE:
|
||||
main_configure_done(conf);
|
||||
break;
|
||||
|
@ -605,8 +605,8 @@ main_print_conf(struct conf *conf)
|
|||
|
||||
TAILQ_FOREACH(h, &conf->hosts, vhosts) {
|
||||
printf("\nserver \"%s\" {\n", h->domain);
|
||||
printf(" cert \"%s\"\n", h->cert);
|
||||
printf(" key \"%s\"\n", h->key);
|
||||
printf(" cert \"%s\"\n", h->cert_path);
|
||||
printf(" key \"%s\"\n", h->key_path);
|
||||
/* TODO: print locations... */
|
||||
printf("}\n");
|
||||
}
|
||||
|
|
|
@ -11,7 +11,7 @@
|
|||
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
.Dd January 11, 2024
|
||||
.Dd April 4, 2024
|
||||
.Dt GMID.CONF 5
|
||||
.Os
|
||||
.Sh NAME
|
||||
|
@ -384,7 +384,7 @@ The port the server is listening on.
|
|||
.Dq GEMINI
|
||||
.It Ev SERVER_SOFTWARE
|
||||
The name and version of the server, i.e.
|
||||
.Dq gmid/2.0
|
||||
.Dq gmid/2.0.2
|
||||
.It Ev REMOTE_USER
|
||||
The subject of the client certificate if provided, otherwise unset.
|
||||
.It Ev TLS_CLIENT_ISSUER
|
||||
|
|
1
gmid.h
1
gmid.h
|
@ -412,7 +412,6 @@ void mark_nonblock(int);
|
|||
void client_write(struct bufferevent *, void *);
|
||||
int start_reply(struct client*, int, const char*);
|
||||
void client_close(struct client *);
|
||||
struct client *client_by_id(int);
|
||||
void server_accept(int, short, void *);
|
||||
void server_init(struct privsep *, struct privsep_proc *, void *);
|
||||
int server_configure_done(struct conf *);
|
||||
|
|
|
@ -24,7 +24,8 @@ int
|
|||
main(void)
|
||||
{
|
||||
struct imsgbuf buf;
|
||||
struct imsg imsg;
|
||||
|
||||
imsg_init(&buf, -1);
|
||||
return 0;
|
||||
return imsg_get_fd(&imsg);
|
||||
}
|
||||
|
|
|
@ -19,6 +19,8 @@
|
|||
#include <sys/stat.h>
|
||||
#include <sys/syscall.h>
|
||||
|
||||
#include <stddef.h>
|
||||
|
||||
#ifndef landlock_create_ruleset
|
||||
static inline int
|
||||
landlock_create_ruleset(const struct landlock_ruleset_attr *attr, size_t size,
|
||||
|
|
25
logger.c
25
logger.c
|
@ -79,24 +79,20 @@ logger_shutdown(void)
|
|||
static int
|
||||
logger_dispatch_parent(int fd, struct privsep_proc *p, struct imsg *imsg)
|
||||
{
|
||||
switch (imsg->hdr.type) {
|
||||
switch (imsg_get_type(imsg)) {
|
||||
case IMSG_LOG_FACILITY:
|
||||
if (IMSG_DATA_SIZE(imsg) != sizeof(facility))
|
||||
if (imsg_get_data(imsg, &facility, sizeof(facility)) == -1)
|
||||
fatal("corrupted IMSG_LOG_SYSLOG");
|
||||
memcpy(&facility, imsg->data, sizeof(facility));
|
||||
break;
|
||||
case IMSG_LOG_SYSLOG:
|
||||
if (IMSG_DATA_SIZE(imsg) != sizeof(log_to_syslog))
|
||||
if (imsg_get_data(imsg, &log_to_syslog,
|
||||
sizeof(log_to_syslog)) == -1)
|
||||
fatal("corrupted IMSG_LOG_SYSLOG");
|
||||
memcpy(&log_to_syslog, imsg->data, sizeof(log_to_syslog));
|
||||
break;
|
||||
case IMSG_LOG_ACCESS:
|
||||
if (logfd != -1)
|
||||
close(logfd);
|
||||
logfd = -1;
|
||||
|
||||
if (imsg->fd != -1)
|
||||
logfd = imsg->fd;
|
||||
logfd = imsg_get_fd(imsg);
|
||||
break;
|
||||
default:
|
||||
return -1;
|
||||
|
@ -109,14 +105,15 @@ static int
|
|||
logger_dispatch_server(int fd, struct privsep_proc *p, struct imsg *imsg)
|
||||
{
|
||||
char *msg;
|
||||
size_t datalen;
|
||||
size_t datalen = 0;
|
||||
struct ibuf ibuf;
|
||||
|
||||
switch (imsg->hdr.type) {
|
||||
switch (imsg_get_type(imsg)) {
|
||||
case IMSG_LOG_REQUEST:
|
||||
msg = imsg->data;
|
||||
datalen = IMSG_DATA_SIZE(imsg);
|
||||
if (datalen == 0)
|
||||
if (imsg_get_ibuf(imsg, &ibuf) == -1 ||
|
||||
(datalen = ibuf_size(&ibuf)) == 0)
|
||||
fatal("got invalid IMSG_LOG_REQUEST");
|
||||
msg = ibuf_data(&ibuf);
|
||||
msg[datalen - 1] = '\0';
|
||||
if (logfd != -1)
|
||||
dprintf(logfd, "%s\n", msg);
|
||||
|
|
89
parse.y
89
parse.y
|
@ -1,7 +1,7 @@
|
|||
%{
|
||||
|
||||
/*
|
||||
* Copyright (c) 2021, 2022, 2023 Omar Polo <op@omarpolo.com>
|
||||
* Copyright (c) 2021-2024 Omar Polo <op@omarpolo.com>
|
||||
* Copyright (c) 2018 Florian Obser <florian@openbsd.org>
|
||||
* Copyright (c) 2004, 2005 Esben Norby <norby@openbsd.org>
|
||||
* Copyright (c) 2004 Ryan McBride <mcbride@openbsd.org>
|
||||
|
@ -46,7 +46,7 @@ static struct file {
|
|||
TAILQ_ENTRY(file) entry;
|
||||
FILE *stream;
|
||||
char *name;
|
||||
size_t ungetpos;
|
||||
size_t ungetpos;
|
||||
size_t ungetsize;
|
||||
u_char *ungetbuf;
|
||||
int eof_reached;
|
||||
|
@ -92,11 +92,9 @@ char *ensure_absolute_path(char*);
|
|||
int check_block_code(int);
|
||||
char *check_block_fmt(char*);
|
||||
int check_strip_no(int);
|
||||
int check_port_num(int);
|
||||
int check_prefork_num(int);
|
||||
void advance_loc(void);
|
||||
void advance_proxy(void);
|
||||
void parsehp(char *, char **, const char **, const char *);
|
||||
int fastcgi_conf(const char *, const char *);
|
||||
void add_param(char *, char *);
|
||||
int getservice(const char *);
|
||||
|
@ -125,12 +123,12 @@ typedef struct {
|
|||
|
||||
%token ACCESS ALIAS AUTO
|
||||
%token BLOCK
|
||||
%token CA CERT CHROOT CLIENT COMBINED COMMON CONDENSED
|
||||
%token CA CERT CHROOT CLIENT
|
||||
%token DEFAULT
|
||||
%token FACILITY FASTCGI FOR_HOST
|
||||
%token INCLUDE INDEX IPV6
|
||||
%token KEY
|
||||
%token LANG LEGACY LISTEN LOCATION LOG
|
||||
%token LANG LISTEN LOCATION LOG
|
||||
%token OCSP OFF ON
|
||||
%token PARAM PORT PREFORK PROTO PROTOCOLS PROXY
|
||||
%token RELAY_TO REQUIRE RETURN ROOT
|
||||
|
@ -150,13 +148,12 @@ typedef struct {
|
|||
%%
|
||||
|
||||
conf : /* empty */
|
||||
| conf include '\n'
|
||||
| conf '\n'
|
||||
| conf varset '\n'
|
||||
| conf option '\n'
|
||||
| conf vhost '\n'
|
||||
| conf types '\n'
|
||||
| conf error '\n' { file->errors++; }
|
||||
| conf include nl
|
||||
| conf varset nl
|
||||
| conf option nl
|
||||
| conf vhost nl
|
||||
| conf types nl
|
||||
| conf error nl { file->errors++; }
|
||||
;
|
||||
|
||||
include : INCLUDE STRING {
|
||||
|
@ -265,17 +262,18 @@ logopt : ACCESS string {
|
|||
free(conf->log_access);
|
||||
conf->log_access = $2;
|
||||
}
|
||||
| STYLE COMMON {
|
||||
conf->log_format = LOG_FORMAT_COMMON;
|
||||
}
|
||||
| STYLE COMBINED {
|
||||
conf->log_format = LOG_FORMAT_COMBINED;
|
||||
}
|
||||
| STYLE CONDENSED {
|
||||
conf->log_format = LOG_FORMAT_CONDENSED;
|
||||
}
|
||||
| STYLE LEGACY {
|
||||
conf->log_format = LOG_FORMAT_LEGACY;
|
||||
| STYLE string {
|
||||
if (!strcmp("combined", $2))
|
||||
conf->log_format = LOG_FORMAT_COMBINED;
|
||||
else if (!strcmp("common", $2))
|
||||
conf->log_format = LOG_FORMAT_COMMON;
|
||||
else if (!strcmp("condensed", $2))
|
||||
conf->log_format = LOG_FORMAT_CONDENSED;
|
||||
else if (!strcmp("legacy", $2))
|
||||
conf->log_format = LOG_FORMAT_LEGACY;
|
||||
else
|
||||
yyerror("unknown log style: %s", $2);
|
||||
free($2);
|
||||
}
|
||||
| SYSLOG FACILITY string {
|
||||
const char *str = $3;
|
||||
|
@ -617,7 +615,7 @@ mediaopts_l : mediaopts_l mediaoptsl nl
|
|||
mediaoptsl : STRING {
|
||||
free(current_media);
|
||||
current_media = $1;
|
||||
} medianames_l optsemicolon
|
||||
} medianames_l
|
||||
| include
|
||||
;
|
||||
|
||||
|
@ -633,17 +631,13 @@ medianamesl : numberstring {
|
|||
;
|
||||
|
||||
nl : '\n' optnl
|
||||
| ';' optnl
|
||||
;
|
||||
|
||||
optnl : '\n' optnl /* zero or more newlines */
|
||||
| ';' optnl /* semicolons too */
|
||||
optnl : nl
|
||||
| /*empty*/
|
||||
;
|
||||
|
||||
optsemicolon : ';'
|
||||
|
|
||||
;
|
||||
|
||||
%%
|
||||
|
||||
static const struct keyword {
|
||||
|
@ -659,9 +653,6 @@ static const struct keyword {
|
|||
{"cert", CERT},
|
||||
{"chroot", CHROOT},
|
||||
{"client", CLIENT},
|
||||
{"combined", COMBINED},
|
||||
{"common", COMMON},
|
||||
{"condensed", CONDENSED},
|
||||
{"default", DEFAULT},
|
||||
{"facility", FACILITY},
|
||||
{"fastcgi", FASTCGI},
|
||||
|
@ -671,7 +662,6 @@ static const struct keyword {
|
|||
{"ipv6", IPV6},
|
||||
{"key", KEY},
|
||||
{"lang", LANG},
|
||||
{"legacy", LEGACY},
|
||||
{"listen", LISTEN},
|
||||
{"location", LOCATION},
|
||||
{"log", LOG},
|
||||
|
@ -1211,16 +1201,6 @@ check_strip_no(int n)
|
|||
return n;
|
||||
}
|
||||
|
||||
int
|
||||
check_port_num(int n)
|
||||
{
|
||||
if (n <= 0 || n >= UINT16_MAX)
|
||||
yyerror("port number is %s: %d",
|
||||
n <= 0 ? "too small" : "too large",
|
||||
n);
|
||||
return n;
|
||||
}
|
||||
|
||||
int
|
||||
check_prefork_num(int n)
|
||||
{
|
||||
|
@ -1243,25 +1223,6 @@ advance_proxy(void)
|
|||
TAILQ_INSERT_TAIL(&host->proxies, proxy, proxies);
|
||||
}
|
||||
|
||||
void
|
||||
parsehp(char *str, char **host, const char **port, const char *def)
|
||||
{
|
||||
char *at;
|
||||
const char *errstr;
|
||||
|
||||
*host = str;
|
||||
|
||||
if ((at = strchr(str, ':')) != NULL) {
|
||||
*at++ = '\0';
|
||||
*port = at;
|
||||
} else
|
||||
*port = def;
|
||||
|
||||
strtonum(*port, 1, UINT16_MAX, &errstr);
|
||||
if (errstr != NULL)
|
||||
yyerror("port is %s: %s", errstr, *port);
|
||||
}
|
||||
|
||||
int
|
||||
fastcgi_conf(const char *path, const char *port)
|
||||
{
|
||||
|
|
14
proc.c
14
proc.c
|
@ -671,9 +671,9 @@ proc_dispatch(int fd, short event, void *arg)
|
|||
*/
|
||||
switch (imsg.hdr.type) {
|
||||
case IMSG_CTL_PROCFD:
|
||||
IMSG_SIZE_CHECK(&imsg, &pf);
|
||||
memcpy(&pf, imsg.data, sizeof(pf));
|
||||
proc_accept(ps, imsg.fd, pf.pf_procid,
|
||||
if (imsg_get_data(&imsg, &pf, sizeof(pf)))
|
||||
fatalx("bad length imsg CTL_PROCFD");
|
||||
proc_accept(ps, imsg_get_fd(&imsg), pf.pf_procid,
|
||||
pf.pf_instance);
|
||||
break;
|
||||
default:
|
||||
|
@ -799,14 +799,6 @@ proc_composev(struct privsep *ps, enum privsep_procid id,
|
|||
return (proc_composev_imsg(ps, id, -1, type, -1, -1, iov, iovcnt));
|
||||
}
|
||||
|
||||
int
|
||||
proc_forward_imsg(struct privsep *ps, struct imsg *imsg,
|
||||
enum privsep_procid id, int n)
|
||||
{
|
||||
return (proc_compose_imsg(ps, id, n, imsg->hdr.type,
|
||||
imsg->hdr.peerid, imsg->fd, imsg->data, IMSG_DATA_SIZE(imsg)));
|
||||
}
|
||||
|
||||
struct imsgbuf *
|
||||
proc_ibuf(struct privsep *ps, enum privsep_procid id, int n)
|
||||
{
|
||||
|
|
2
proc.h
2
proc.h
|
@ -114,8 +114,6 @@ int proc_composev_imsg(struct privsep *, enum privsep_procid, int,
|
|||
uint16_t, uint32_t, int, const struct iovec *, int);
|
||||
int proc_composev(struct privsep *, enum privsep_procid,
|
||||
uint16_t, const struct iovec *, int);
|
||||
int proc_forward_imsg(struct privsep *, struct imsg *,
|
||||
enum privsep_procid, int);
|
||||
struct imsgbuf *
|
||||
proc_ibuf(struct privsep *, enum privsep_procid, int);
|
||||
struct imsgev *
|
||||
|
|
|
@ -20,6 +20,9 @@ fi
|
|||
run_test test_punycode
|
||||
run_test test_iri
|
||||
|
||||
# Run configuration dumping test.
|
||||
run_test test_dump_config
|
||||
|
||||
if [ "${SKIP_RUNTIME_TESTS:-0}" -eq 1 ]; then
|
||||
echo
|
||||
echo "======================"
|
||||
|
|
|
@ -8,6 +8,34 @@ test_iri() {
|
|||
./iri_test
|
||||
}
|
||||
|
||||
test_dump_config() {
|
||||
dont_check_server_alive=yes
|
||||
gen_config '' ''
|
||||
|
||||
exp="$(mktemp)"
|
||||
got="$(mktemp)"
|
||||
cat <<EOF >$exp
|
||||
prefork 3
|
||||
|
||||
server "localhost" {
|
||||
cert "$PWD/localhost.pem"
|
||||
key "$PWD/localhost.key"
|
||||
}
|
||||
EOF
|
||||
|
||||
$gmid -nn -c reg.conf > $got 2>/dev/null
|
||||
|
||||
ret=0
|
||||
if ! cmp -s "$exp" "$got"; then
|
||||
echo "config differs!" >&2
|
||||
diff -u "$exp" "$got" >&2
|
||||
ret=1
|
||||
fi
|
||||
|
||||
rm "$exp" "$got"
|
||||
return $ret
|
||||
}
|
||||
|
||||
test_gemexp() {
|
||||
dont_check_server_alive=yes
|
||||
|
||||
|
@ -287,6 +315,7 @@ test_fastcgi_deprecated_syntax() {
|
|||
test_macro_expansion() {
|
||||
cat <<EOF > reg.conf
|
||||
pwd = "$PWD"
|
||||
common = "lang it; auto index on"
|
||||
|
||||
server "localhost" {
|
||||
# the quoting of \$ is for sh
|
||||
|
@ -294,6 +323,7 @@ server "localhost" {
|
|||
key \$pwd "/localhost.key"
|
||||
root \$pwd "/testdata"
|
||||
listen on $REGRESS_HOST port $port
|
||||
@common
|
||||
}
|
||||
EOF
|
||||
|
||||
|
@ -305,7 +335,7 @@ EOF
|
|||
run
|
||||
|
||||
fetch /
|
||||
check_reply "20 text/gemini" "# hello world"
|
||||
check_reply "20 text/gemini;lang=it" "# hello world"
|
||||
}
|
||||
|
||||
test_proxy_relay_to() {
|
||||
|
|
11
server.c
11
server.c
|
@ -1329,15 +1329,6 @@ server_accept(int sock, short et, void *d)
|
|||
connected_clients++;
|
||||
}
|
||||
|
||||
struct client *
|
||||
client_by_id(int id)
|
||||
{
|
||||
struct client find;
|
||||
|
||||
find.id = id;
|
||||
return SPLAY_FIND(client_tree_id, &clients, &find);
|
||||
}
|
||||
|
||||
static void
|
||||
handle_siginfo(int fd, short ev, void *d)
|
||||
{
|
||||
|
@ -1496,7 +1487,7 @@ server_dispatch_parent(int fd, struct privsep_proc *p, struct imsg *imsg)
|
|||
struct privsep *ps = p->p_ps;
|
||||
struct conf *conf = ps->ps_env;
|
||||
|
||||
switch (imsg->hdr.type) {
|
||||
switch (imsg_get_type(imsg)) {
|
||||
case IMSG_RECONF_START:
|
||||
case IMSG_RECONF_LOG_FMT:
|
||||
case IMSG_RECONF_MIME:
|
||||
|
|
|
@ -21,7 +21,7 @@ REPOLOGY_URL = https://repology.org/project/gmid/versions
|
|||
|
||||
SUBST = ./subst GITHUB=https://github.com/omar-polo/gmid \
|
||||
SITE=https://ftp.omarpolo.com \
|
||||
VERS=2.0 \
|
||||
VERS=2.0.2 \
|
||||
PUBKEY=gmid-2.0.pub \
|
||||
TREE=https://github.com/omar-polo/gmid/blob/master
|
||||
|
||||
|
|
|
@ -1,5 +1,19 @@
|
|||
# change log
|
||||
|
||||
## 2024/04/04 - 2.0.2 “Lady Stardust” bugfix release
|
||||
|
||||
- fix `log access path' with `chroot' enabled.
|
||||
- fix config dumping (-nn).
|
||||
- rework grammar to allow semicolons after top-level statements.
|
||||
- don't make the log styles reserved keywords.
|
||||
- contrib/vim: fixed indent, from Anna “CyberTailor”, thanks!
|
||||
|
||||
## 2024/01/24 - 2.0.1 “Lady Stardust” bugfix release
|
||||
|
||||
* convert gmid to the new imsg API
|
||||
* update bundled imsg
|
||||
* configure: fix --mandir handling; from Anna “CyberTailor”, thanks!
|
||||
|
||||
## 2024/01/11 - 2.0 “Lady Stardust”
|
||||
|
||||
### New Features
|
||||
|
@ -33,6 +47,7 @@
|
|||
|
||||
### Breaking Changes
|
||||
|
||||
* removed CGI support
|
||||
* gg now warns when the server doesn't use TLS' close_notify
|
||||
* deprecated the global `ipv6' and `port' settings in favour of the per-server `listen on` directive
|
||||
* removed the already deprecated config options `mime' and `map'
|
||||
|
|
|
@ -46,7 +46,7 @@ $ sudo make install # eventually
|
|||
A SHA256 file is available. However, it only checks for accidental corruption. You can use signify (gmid-VERS.sha256.sig) and the public key PUBKEY to cryptographically verify the downloaded tarball. The signify public key for the previous and the next release is included in the tarball.
|
||||
|
||||
=> SITE/gmid-VERS.sha256 gmid-VERS.sha256
|
||||
=> SITE/gmid-VERS.sha25.sig gmid-VERS.sha256.sig
|
||||
=> SITE/gmid-VERS.sha256.sig gmid-VERS.sha256.sig
|
||||
|
||||
To verify the signatures with signify(1):
|
||||
|
||||
|
|
Loading…
Reference in New Issue