mirror of https://github.com/omar-polo/gmid.git
Compare commits
42 Commits
Author | SHA1 | Date |
---|---|---|
Omar Polo | c9ea70a36f | |
Omar Polo | 7c723cf05f | |
Omar Polo | b5dd7091ad | |
Omar Polo | 5b549c2805 | |
Omar Polo | b00f71ba97 | |
Omar Polo | 6ff8de1f8a | |
Omar Polo | 9f675805d0 | |
Omar Polo | a91b0892bf | |
Omar Polo | 610a4666cd | |
Omar Polo | 2f4926259f | |
Omar Polo | cd12ad1132 | |
Omar Polo | b2782022c9 | |
Omar Polo | 1ef0cd0cdb | |
Omar Polo | 42e2af25ae | |
Omar Polo | 89dca7ab54 | |
Omar Polo | 359c56ce35 | |
Omar Polo | c2dcb5fa6e | |
Omar Polo | 5d12e6a104 | |
Omar Polo | 0d8eb9b60c | |
Omar Polo | 5864f3ce3c | |
Omar Polo | 9536c8ca63 | |
Omar Polo | 40b71b6861 | |
Omar Polo | 42235e3fc2 | |
Omar Polo | f53f5e5fe1 | |
Omar Polo | 40ea7b163e | |
Omar Polo | be265175c6 | |
Omar Polo | 8aba5d8b21 | |
Omar Polo | 7c83689428 | |
Omar Polo | 248fb833f9 | |
Omar Polo | 0ed763b03d | |
Omar Polo | 9f1cce3d0e | |
Omar Polo | 8f543d941e | |
Omar Polo | acf244c516 | |
Anna “CyberTailor” | 53ad458e22 | |
Omar Polo | bb5a25d287 | |
Omar Polo | f862d389ff | |
Omar Polo | 574f71f7a3 | |
Omar Polo | ebe2e54900 | |
Omar Polo | ddb089c157 | |
Omar Polo | 3524375abe | |
Omar Polo | fe37d79200 | |
Omar Polo | 33a5425235 |
24
.cirrus.yml
24
.cirrus.yml
|
@ -1,6 +1,9 @@
|
|||
# gcc' -Werror=use-after-free gets tripped by vis.c: it sees a use
|
||||
# after free where it's not possible and breaks the CI.
|
||||
|
||||
# seems that inside the CI it's not currently possible to bind to ::1
|
||||
# so set HAVE_IPV6=no.
|
||||
|
||||
linux_amd64_task:
|
||||
container:
|
||||
image: alpine:latest
|
||||
|
@ -8,7 +11,7 @@ linux_amd64_task:
|
|||
- apk add alpine-sdk linux-headers bison libretls-dev libevent-dev
|
||||
- ./configure CFLAGS='-O2 -pipe -Wno-deprecated-declarations -Wno-use-after-free' -Werror
|
||||
- make
|
||||
- make regress REGRESS_HOST="*"
|
||||
- make regress REGRESS_HOST="*" HAVE_IPV6=no
|
||||
|
||||
linux_arm_task:
|
||||
arm_container:
|
||||
|
@ -17,20 +20,25 @@ linux_arm_task:
|
|||
- apk add alpine-sdk linux-headers bison libretls-dev libevent-dev
|
||||
- ./configure CFLAGS='-O2 -pipe -Wno-deprecated-declarations -Wno-use-after-free' -Werror
|
||||
- make
|
||||
- make regress REGRESS_HOST="*"
|
||||
- make regress REGRESS_HOST="*" HAVE_IPV6=no
|
||||
|
||||
freebsd_13_task:
|
||||
freebsd_14_task:
|
||||
freebsd_instance:
|
||||
image_family: freebsd-13-0
|
||||
test_script:
|
||||
- pkg install -y libevent libressl pkgconf
|
||||
image_family: freebsd-14-0
|
||||
install_script: pkg install -y libevent libressl pkgconf
|
||||
script:
|
||||
- ./configure CFLAGS='-O2 -pipe -Wno-deprecated-declarations' -Werror
|
||||
- make
|
||||
- make regress
|
||||
- make regress HAVE_IPV6=no
|
||||
|
||||
#
|
||||
# There are some issues with imsg fd passing on macos at the moment that
|
||||
# seem to be triggered only in applications that do a heavy use of them,
|
||||
# like gmid or opensmtpd. Still, keep macos to ensure gmid builds here.
|
||||
#
|
||||
mac_task:
|
||||
macos_instance:
|
||||
image: ghcr.io/cirruslabs/macos-ventura-xcode:latest
|
||||
image: ghcr.io/cirruslabs/macos-sonoma-xcode:latest
|
||||
test_script:
|
||||
- brew install libevent openssl libretls
|
||||
- PKG_CONFIG_PATH="$(brew --prefix openssl)/lib/pkgconfig" ./configure CFLAGS='-O2 -pipe -Wno-deprecated-declarations' -Werror
|
||||
|
|
|
@ -0,0 +1,33 @@
|
|||
name: release docker image
|
||||
on:
|
||||
push:
|
||||
tags:
|
||||
env:
|
||||
IMAGE_NAME: "gmid"
|
||||
jobs:
|
||||
build:
|
||||
permissions: write-all
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v1
|
||||
|
||||
- name: build the image
|
||||
run: docker build -f contrib/Dockerfile -t gmid:alpine .
|
||||
|
||||
- name: login to ghcr.io
|
||||
uses: docker/login-action@v2
|
||||
with:
|
||||
registry: ghcr.io
|
||||
username: ${{ github.actor }}
|
||||
password: ${{ secrets.GITHUB_TOKEN }}
|
||||
|
||||
- name: push the image
|
||||
run: |
|
||||
IMAGE_ID=ghcr.io/${{ github.repository_owner }}/$IMAGE_NAME
|
||||
IMAGE_ID=$(echo $IMAGE_ID | tr A-Z a-z)
|
||||
# strip git ref prefix from version
|
||||
VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')
|
||||
echo IMAGE_ID=$IMAGE_ID
|
||||
echo VERSION=$VERSION
|
||||
docker tag gmid:alpine $IMAGE_ID:$VERSION
|
||||
docker push $IMAGE_ID:$VERSION
|
24
ChangeLog
24
ChangeLog
|
@ -1,3 +1,27 @@
|
|||
2024-04-03 Omar Polo <op@omarpolo.com>
|
||||
|
||||
* configure: improve function checking in the configure
|
||||
* have/landlock.c: fix landlock test
|
||||
* gmid.c (main_print_conf): fix config dumping with -nn
|
||||
|
||||
2024-03-03 Omar Polo <op@omarpolo.com>
|
||||
|
||||
* gmid.c: fix `log access path' with a chroot
|
||||
|
||||
2024-01-30 Anna “CyberTailor”
|
||||
|
||||
* contrib/vim/indent/gmid.vim: fix indent
|
||||
|
||||
2024-01-30 Omar Polo <op@omarpolo.com>
|
||||
|
||||
* parse.y: don't make log styles reserved keywords. Unbreaks the
|
||||
example in the manpage with `common = ...'.
|
||||
|
||||
2024-01-26 Omar Polo <op@omarpolo.com>
|
||||
|
||||
* parse.y: rework grammar to allow the semicolon after
|
||||
variables/macros definition and top-level options
|
||||
|
||||
2024-01-24 Omar Polo <op@omarpolo.com>
|
||||
|
||||
* configure (VERSION): release 2.0.1
|
||||
|
|
2
Makefile
2
Makefile
|
@ -131,7 +131,7 @@ y.tab.c: parse.y
|
|||
lint:
|
||||
man -Tlint -Wstyle -l gmid.8 gmid.conf.5 gemexp.1 gg.1 titan.1
|
||||
|
||||
PUBKEY = keys/gmid-${VERSION}.pub
|
||||
PUBKEY = keys/gmid-2.0.pub
|
||||
PRIVKEY = set-PRIVKEY
|
||||
DISTFILES = .cirrus.yml .dockerignore .gitignore ChangeLog LICENSE \
|
||||
Makefile README.md config.c configure crypto.c dirs.c fcgi.c \
|
||||
|
|
|
@ -19,7 +19,7 @@
|
|||
set -e
|
||||
|
||||
RELEASE=no
|
||||
VERSION=2.0.1
|
||||
VERSION=2.0.2-current
|
||||
|
||||
usage()
|
||||
{
|
||||
|
@ -59,6 +59,10 @@ CDIAGFLAGS="${CDIAGFLAGS} -Wsign-compare -Wno-unused-parameter" # -Wshadow
|
|||
CDIAGFLAGS="${CDIAGFLAGS} -Wno-missing-field-initializers"
|
||||
CDIAGFLAGS="${CDIAGFLAGS} -Wno-pointer-sign"
|
||||
|
||||
# On all OSes except OpenBSD use the bundled one. It may crash at
|
||||
# runtime otherwise since we depend on the libtls internals for the
|
||||
# privsep crypto engine.
|
||||
# See <https://codeberg.org/op/gmid/issues/2>.
|
||||
LIBTLS=bundled # or system
|
||||
if [ "$(uname || true)" = OpenBSD ]; then
|
||||
LIBTLS=system
|
||||
|
@ -142,7 +146,7 @@ NEED_OPENBSD_SOURCE=0
|
|||
NEED_LIBBSD_OPENBSD_VIS=0
|
||||
|
||||
COMPATS=
|
||||
COMP="${CC} ${CFLAGS} -Wno-unused -Werror"
|
||||
COMP="${CC} ${CFLAGS} -Werror=implicit-function-declaration"
|
||||
|
||||
# singletest name var extra-cflags extra-libs msg
|
||||
singletest() {
|
||||
|
|
|
@ -6,8 +6,6 @@ Wants=network-online.target
|
|||
|
||||
[Service]
|
||||
Type=simple
|
||||
User=gmid
|
||||
Group=nobody
|
||||
ExecStart=/usr/local/bin/gmid -f -c /etc/gmid.conf
|
||||
ExecStop=/bin/kill -TERM $MAINPID
|
||||
ExecReload=/bin/kill -HUP $MAINPID
|
||||
|
|
|
@ -9,3 +9,5 @@ setlocal indentexpr=
|
|||
setlocal cindent
|
||||
" Just make sure that the comments are not reset as defs would be.
|
||||
setlocal cinkeys-=0#
|
||||
" And indentation works correctly without semicolons.
|
||||
setlocal cinoptions=+0
|
||||
|
|
4
gg.1
4
gg.1
|
@ -20,7 +20,7 @@
|
|||
.Sh SYNOPSIS
|
||||
.Nm
|
||||
.Bk -words
|
||||
.Op Fl 23Nn
|
||||
.Op Fl 23Nnq
|
||||
.Op Fl C Ar cert
|
||||
.Op Fl d Ar mode
|
||||
.Op Fl H Ar sni
|
||||
|
@ -82,6 +82,8 @@ and
|
|||
to do the request instead of the ones extracted by the IRI.
|
||||
.Ar port
|
||||
is by default 1965.
|
||||
.It Fl q
|
||||
Don't print server error messages to standard error.
|
||||
.It Fl T Ar seconds
|
||||
Kill
|
||||
.Nm
|
||||
|
|
15
gg.c
15
gg.c
|
@ -41,6 +41,7 @@ int flag3;
|
|||
int nop;
|
||||
int redirects = 5;
|
||||
int timer;
|
||||
int quiet;
|
||||
const char *cert;
|
||||
const char *key;
|
||||
const char *proxy_host;
|
||||
|
@ -308,8 +309,11 @@ get(const char *r)
|
|||
assert(t != NULL);
|
||||
if (code < 20 || code >= 30) {
|
||||
*t = '\0';
|
||||
fprintf(stderr, "Server says: ");
|
||||
safeprint(stderr, buf + 3); /* skip return code */
|
||||
if (!quiet) {
|
||||
fprintf(stderr, "Server says: ");
|
||||
/* skip return code */
|
||||
safeprint(stderr, buf + 3);
|
||||
}
|
||||
}
|
||||
t += 2; /* skip \r\n */
|
||||
len -= t - buf;
|
||||
|
@ -335,7 +339,7 @@ static void __attribute__((noreturn))
|
|||
usage(void)
|
||||
{
|
||||
fprintf(stderr, "version: " GG_STRING "\n");
|
||||
fprintf(stderr, "usage: %s [-23Nn] [-C cert] [-d mode] [-H sni] "
|
||||
fprintf(stderr, "usage: %s [-23Nnq] [-C cert] [-d mode] [-H sni] "
|
||||
"[-K key] [-P host[:port]]\n",
|
||||
getprogname());
|
||||
fprintf(stderr, " [-T seconds] gemini://...\n");
|
||||
|
@ -385,7 +389,7 @@ main(int argc, char **argv)
|
|||
|
||||
setlocale(LC_CTYPE, "");
|
||||
|
||||
while ((ch = getopt(argc, argv, "23C:d:H:K:NP:T:")) != -1) {
|
||||
while ((ch = getopt(argc, argv, "23C:d:H:K:nNP:qT:")) != -1) {
|
||||
switch (ch) {
|
||||
case '2':
|
||||
flag2 = 1;
|
||||
|
@ -415,6 +419,9 @@ main(int argc, char **argv)
|
|||
parse_proxy(optarg);
|
||||
dont_verify_name = 1;
|
||||
break;
|
||||
case 'q':
|
||||
quiet = 1;
|
||||
break;
|
||||
case 'T':
|
||||
timer = strtonum(optarg, 1, 1000, &errstr);
|
||||
if (errstr != NULL)
|
||||
|
|
7
gmid.8
7
gmid.8
|
@ -1,4 +1,4 @@
|
|||
.\" Copyright (c) 2021, 2022, 2023 Omar Polo <op@omarpolo.com>
|
||||
.\" Copyright (c) 2021, 2022, 2023, 2024 Omar Polo <op@omarpolo.com>
|
||||
.\"
|
||||
.\" Permission to use, copy, modify, and distribute this software for any
|
||||
.\" purpose with or without fee is hereby granted, provided that the above
|
||||
|
@ -11,7 +11,7 @@
|
|||
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
.Dd October 20, 2023
|
||||
.Dd April 27, 2024
|
||||
.Dt GMID 8
|
||||
.Os
|
||||
.Sh NAME
|
||||
|
@ -52,7 +52,8 @@ Overrides the definition of
|
|||
.Ar macro
|
||||
in the config file if present.
|
||||
.It Fl f
|
||||
Stays and logs on the foreground.
|
||||
Do not daemonize.
|
||||
Stay and log in the foreground.
|
||||
.It Fl h , Fl -help
|
||||
Print the usage and exit.
|
||||
.It Fl n
|
||||
|
|
6
gmid.c
6
gmid.c
|
@ -412,7 +412,7 @@ main_send_logfd(struct conf *conf)
|
|||
goto done;
|
||||
}
|
||||
|
||||
fd = open(conf->log_access, O_WRONLY|O_CREAT|O_APPEND, 0600);
|
||||
fd = open(path, O_WRONLY|O_CREAT|O_APPEND, 0600);
|
||||
if (fd == -1)
|
||||
log_warn("can't open %s", conf->log_access);
|
||||
}
|
||||
|
@ -605,8 +605,8 @@ main_print_conf(struct conf *conf)
|
|||
|
||||
TAILQ_FOREACH(h, &conf->hosts, vhosts) {
|
||||
printf("\nserver \"%s\" {\n", h->domain);
|
||||
printf(" cert \"%s\"\n", h->cert);
|
||||
printf(" key \"%s\"\n", h->key);
|
||||
printf(" cert \"%s\"\n", h->cert_path);
|
||||
printf(" key \"%s\"\n", h->key_path);
|
||||
/* TODO: print locations... */
|
||||
printf("}\n");
|
||||
}
|
||||
|
|
|
@ -11,7 +11,7 @@
|
|||
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
.Dd January 11, 2024
|
||||
.Dd April 4, 2024
|
||||
.Dt GMID.CONF 5
|
||||
.Os
|
||||
.Sh NAME
|
||||
|
@ -384,7 +384,7 @@ The port the server is listening on.
|
|||
.Dq GEMINI
|
||||
.It Ev SERVER_SOFTWARE
|
||||
The name and version of the server, i.e.
|
||||
.Dq gmid/2.0.1
|
||||
.Dq gmid/2.0.2
|
||||
.It Ev REMOTE_USER
|
||||
The subject of the client certificate if provided, otherwise unset.
|
||||
.It Ev TLS_CLIENT_ISSUER
|
||||
|
|
4
gmid.h
4
gmid.h
|
@ -114,6 +114,9 @@ struct address {
|
|||
socklen_t slen;
|
||||
int16_t port;
|
||||
|
||||
/* pretty-printed version of `ss' */
|
||||
char pp[NI_MAXHOST];
|
||||
|
||||
/* used in the server */
|
||||
struct conf *conf;
|
||||
int sock;
|
||||
|
@ -412,7 +415,6 @@ void mark_nonblock(int);
|
|||
void client_write(struct bufferevent *, void *);
|
||||
int start_reply(struct client*, int, const char*);
|
||||
void client_close(struct client *);
|
||||
struct client *client_by_id(int);
|
||||
void server_accept(int, short, void *);
|
||||
void server_init(struct privsep *, struct privsep_proc *, void *);
|
||||
int server_configure_done(struct conf *);
|
||||
|
|
|
@ -19,6 +19,8 @@
|
|||
#include <sys/stat.h>
|
||||
#include <sys/syscall.h>
|
||||
|
||||
#include <stddef.h>
|
||||
|
||||
#ifndef landlock_create_ruleset
|
||||
static inline int
|
||||
landlock_create_ruleset(const struct landlock_ruleset_attr *attr, size_t size,
|
||||
|
|
48
iri.c
48
iri.c
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright (c) 2020, 2022 Omar Polo <op@omarpolo.com>
|
||||
* Copyright (c) 2020, 2022, 2024 Omar Polo <op@omarpolo.com>
|
||||
*
|
||||
* Permission to use, copy, modify, and distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
|
@ -177,25 +177,47 @@ parse_port(struct parser *p)
|
|||
return 1;
|
||||
}
|
||||
|
||||
/* TODO: add support for ip-literal and ipv4addr ? */
|
||||
/* *( unreserved / sub-delims / pct-encoded ) */
|
||||
static int
|
||||
parse_authority(struct parser *p)
|
||||
{
|
||||
p->parsed->host = p->iri;
|
||||
struct addrinfo hints, *ai;
|
||||
char *end;
|
||||
int err;
|
||||
|
||||
while (unreserved(*p->iri)
|
||||
|| sub_delimiters(*p->iri)
|
||||
|| parse_pct_encoded(p)
|
||||
|| valid_multibyte_utf8(p)) {
|
||||
/* normalize the host name. */
|
||||
if (*p->iri < 0x7F)
|
||||
*p->iri = tolower(*p->iri);
|
||||
if (*p->iri == '[') {
|
||||
p->iri++;
|
||||
}
|
||||
p->parsed->host = p->iri;
|
||||
if ((end = strchr(p->iri, ']')) == NULL) {
|
||||
p->err = "invalid IPv6 address";
|
||||
return 0;
|
||||
}
|
||||
*end++ = '\0';
|
||||
p->iri = end;
|
||||
|
||||
if (p->err != NULL)
|
||||
return 0;
|
||||
memset(&hints, 0, sizeof(hints));
|
||||
hints.ai_flags = AI_NUMERICHOST;
|
||||
err = getaddrinfo(p->parsed->host, NULL, &hints, &ai);
|
||||
if (err != 0) {
|
||||
p->err = "invalid IPv6 address";
|
||||
return 0;
|
||||
}
|
||||
freeaddrinfo(ai);
|
||||
} else {
|
||||
p->parsed->host = p->iri;
|
||||
while (unreserved(*p->iri)
|
||||
|| sub_delimiters(*p->iri)
|
||||
|| parse_pct_encoded(p)
|
||||
|| valid_multibyte_utf8(p)) {
|
||||
/* normalize the host name. */
|
||||
if (*p->iri < 0x7F)
|
||||
*p->iri = tolower(*p->iri);
|
||||
p->iri++;
|
||||
}
|
||||
|
||||
if (p->err != NULL)
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (*p->iri == ':') {
|
||||
*p->iri = '\0';
|
||||
|
|
103
parse.y
103
parse.y
|
@ -1,7 +1,7 @@
|
|||
%{
|
||||
|
||||
/*
|
||||
* Copyright (c) 2021, 2022, 2023 Omar Polo <op@omarpolo.com>
|
||||
* Copyright (c) 2021-2024 Omar Polo <op@omarpolo.com>
|
||||
* Copyright (c) 2018 Florian Obser <florian@openbsd.org>
|
||||
* Copyright (c) 2004, 2005 Esben Norby <norby@openbsd.org>
|
||||
* Copyright (c) 2004 Ryan McBride <mcbride@openbsd.org>
|
||||
|
@ -46,7 +46,7 @@ static struct file {
|
|||
TAILQ_ENTRY(file) entry;
|
||||
FILE *stream;
|
||||
char *name;
|
||||
size_t ungetpos;
|
||||
size_t ungetpos;
|
||||
size_t ungetsize;
|
||||
u_char *ungetbuf;
|
||||
int eof_reached;
|
||||
|
@ -92,11 +92,9 @@ char *ensure_absolute_path(char*);
|
|||
int check_block_code(int);
|
||||
char *check_block_fmt(char*);
|
||||
int check_strip_no(int);
|
||||
int check_port_num(int);
|
||||
int check_prefork_num(int);
|
||||
void advance_loc(void);
|
||||
void advance_proxy(void);
|
||||
void parsehp(char *, char **, const char **, const char *);
|
||||
int fastcgi_conf(const char *, const char *);
|
||||
void add_param(char *, char *);
|
||||
int getservice(const char *);
|
||||
|
@ -125,12 +123,12 @@ typedef struct {
|
|||
|
||||
%token ACCESS ALIAS AUTO
|
||||
%token BLOCK
|
||||
%token CA CERT CHROOT CLIENT COMBINED COMMON CONDENSED
|
||||
%token CA CERT CHROOT CLIENT
|
||||
%token DEFAULT
|
||||
%token FACILITY FASTCGI FOR_HOST
|
||||
%token INCLUDE INDEX IPV6
|
||||
%token KEY
|
||||
%token LANG LEGACY LISTEN LOCATION LOG
|
||||
%token LANG LISTEN LOCATION LOG
|
||||
%token OCSP OFF ON
|
||||
%token PARAM PORT PREFORK PROTO PROTOCOLS PROXY
|
||||
%token RELAY_TO REQUIRE RETURN ROOT
|
||||
|
@ -150,13 +148,12 @@ typedef struct {
|
|||
%%
|
||||
|
||||
conf : /* empty */
|
||||
| conf include '\n'
|
||||
| conf '\n'
|
||||
| conf varset '\n'
|
||||
| conf option '\n'
|
||||
| conf vhost '\n'
|
||||
| conf types '\n'
|
||||
| conf error '\n' { file->errors++; }
|
||||
| conf include nl
|
||||
| conf varset nl
|
||||
| conf option nl
|
||||
| conf vhost nl
|
||||
| conf types nl
|
||||
| conf error nl { file->errors++; }
|
||||
;
|
||||
|
||||
include : INCLUDE STRING {
|
||||
|
@ -265,17 +262,18 @@ logopt : ACCESS string {
|
|||
free(conf->log_access);
|
||||
conf->log_access = $2;
|
||||
}
|
||||
| STYLE COMMON {
|
||||
conf->log_format = LOG_FORMAT_COMMON;
|
||||
}
|
||||
| STYLE COMBINED {
|
||||
conf->log_format = LOG_FORMAT_COMBINED;
|
||||
}
|
||||
| STYLE CONDENSED {
|
||||
conf->log_format = LOG_FORMAT_CONDENSED;
|
||||
}
|
||||
| STYLE LEGACY {
|
||||
conf->log_format = LOG_FORMAT_LEGACY;
|
||||
| STYLE string {
|
||||
if (!strcmp("combined", $2))
|
||||
conf->log_format = LOG_FORMAT_COMBINED;
|
||||
else if (!strcmp("common", $2))
|
||||
conf->log_format = LOG_FORMAT_COMMON;
|
||||
else if (!strcmp("condensed", $2))
|
||||
conf->log_format = LOG_FORMAT_CONDENSED;
|
||||
else if (!strcmp("legacy", $2))
|
||||
conf->log_format = LOG_FORMAT_LEGACY;
|
||||
else
|
||||
yyerror("unknown log style: %s", $2);
|
||||
free($2);
|
||||
}
|
||||
| SYSLOG FACILITY string {
|
||||
const char *str = $3;
|
||||
|
@ -617,7 +615,7 @@ mediaopts_l : mediaopts_l mediaoptsl nl
|
|||
mediaoptsl : STRING {
|
||||
free(current_media);
|
||||
current_media = $1;
|
||||
} medianames_l optsemicolon
|
||||
} medianames_l
|
||||
| include
|
||||
;
|
||||
|
||||
|
@ -633,17 +631,13 @@ medianamesl : numberstring {
|
|||
;
|
||||
|
||||
nl : '\n' optnl
|
||||
| ';' optnl
|
||||
;
|
||||
|
||||
optnl : '\n' optnl /* zero or more newlines */
|
||||
| ';' optnl /* semicolons too */
|
||||
optnl : nl
|
||||
| /*empty*/
|
||||
;
|
||||
|
||||
optsemicolon : ';'
|
||||
|
|
||||
;
|
||||
|
||||
%%
|
||||
|
||||
static const struct keyword {
|
||||
|
@ -659,9 +653,6 @@ static const struct keyword {
|
|||
{"cert", CERT},
|
||||
{"chroot", CHROOT},
|
||||
{"client", CLIENT},
|
||||
{"combined", COMBINED},
|
||||
{"common", COMMON},
|
||||
{"condensed", CONDENSED},
|
||||
{"default", DEFAULT},
|
||||
{"facility", FACILITY},
|
||||
{"fastcgi", FASTCGI},
|
||||
|
@ -671,7 +662,6 @@ static const struct keyword {
|
|||
{"ipv6", IPV6},
|
||||
{"key", KEY},
|
||||
{"lang", LANG},
|
||||
{"legacy", LEGACY},
|
||||
{"listen", LISTEN},
|
||||
{"location", LOCATION},
|
||||
{"log", LOG},
|
||||
|
@ -1211,16 +1201,6 @@ check_strip_no(int n)
|
|||
return n;
|
||||
}
|
||||
|
||||
int
|
||||
check_port_num(int n)
|
||||
{
|
||||
if (n <= 0 || n >= UINT16_MAX)
|
||||
yyerror("port number is %s: %d",
|
||||
n <= 0 ? "too small" : "too large",
|
||||
n);
|
||||
return n;
|
||||
}
|
||||
|
||||
int
|
||||
check_prefork_num(int n)
|
||||
{
|
||||
|
@ -1243,25 +1223,6 @@ advance_proxy(void)
|
|||
TAILQ_INSERT_TAIL(&host->proxies, proxy, proxies);
|
||||
}
|
||||
|
||||
void
|
||||
parsehp(char *str, char **host, const char **port, const char *def)
|
||||
{
|
||||
char *at;
|
||||
const char *errstr;
|
||||
|
||||
*host = str;
|
||||
|
||||
if ((at = strchr(str, ':')) != NULL) {
|
||||
*at++ = '\0';
|
||||
*port = at;
|
||||
} else
|
||||
*port = def;
|
||||
|
||||
strtonum(*port, 1, UINT16_MAX, &errstr);
|
||||
if (errstr != NULL)
|
||||
yyerror("port is %s: %s", errstr, *port);
|
||||
}
|
||||
|
||||
int
|
||||
fastcgi_conf(const char *path, const char *port)
|
||||
{
|
||||
|
@ -1319,7 +1280,7 @@ getservice(const char *n)
|
|||
}
|
||||
|
||||
static void
|
||||
add_to_addr_queue(struct addrhead *a, struct addrinfo *ai)
|
||||
add_to_addr_queue(struct addrhead *a, struct addrinfo *ai, const char *pp)
|
||||
{
|
||||
struct address *addr;
|
||||
struct sockaddr_in *sin;
|
||||
|
@ -1345,6 +1306,7 @@ add_to_addr_queue(struct addrhead *a, struct addrinfo *ai)
|
|||
addr->ai_protocol = ai->ai_protocol;
|
||||
addr->slen = ai->ai_addrlen;
|
||||
memcpy(&addr->ss, ai->ai_addr, ai->ai_addrlen);
|
||||
strlcpy(addr->pp, pp, sizeof(addr->pp));
|
||||
|
||||
/* for commodity */
|
||||
switch (addr->ai_family) {
|
||||
|
@ -1369,6 +1331,7 @@ void
|
|||
listen_on(const char *hostname, const char *servname)
|
||||
{
|
||||
struct addrinfo hints, *res, *res0;
|
||||
char pp[NI_MAXHOST];
|
||||
int error;
|
||||
|
||||
memset(&hints, 0, sizeof(hints));
|
||||
|
@ -1383,8 +1346,14 @@ listen_on(const char *hostname, const char *servname)
|
|||
}
|
||||
|
||||
for (res = res0; res; res = res->ai_next) {
|
||||
add_to_addr_queue(&host->addrs, res);
|
||||
add_to_addr_queue(&conf->addrs, res);
|
||||
if (getnameinfo(res->ai_addr, res->ai_addrlen, pp, sizeof(pp),
|
||||
NULL, 0, NI_NUMERICHOST) == -1) {
|
||||
yyerror("getnameinfo failed: %s", strerror(errno));
|
||||
break;
|
||||
}
|
||||
|
||||
add_to_addr_queue(&host->addrs, res, pp);
|
||||
add_to_addr_queue(&conf->addrs, res, pp);
|
||||
}
|
||||
|
||||
freeaddrinfo(res0);
|
||||
|
|
4
proxy.c
4
proxy.c
|
@ -22,7 +22,7 @@
|
|||
|
||||
#include "log.h"
|
||||
|
||||
#define MIN(a, b) ((a) < (b) ? (a) : (b))
|
||||
#define MINIMUM(a, b) ((a) < (b) ? (a) : (b))
|
||||
|
||||
static const struct timeval handshake_timeout = { 5, 0 };
|
||||
|
||||
|
@ -50,7 +50,7 @@ proxy_tls_readcb(int fd, short event, void *d)
|
|||
}
|
||||
|
||||
if (bufev->wm_read.high != 0)
|
||||
howmuch = MIN(sizeof(buf), bufev->wm_read.high);
|
||||
howmuch = MINIMUM(sizeof(buf), bufev->wm_read.high);
|
||||
|
||||
switch (ret = tls_read(c->proxyctx, buf, howmuch)) {
|
||||
case TLS_WANT_POLLIN:
|
||||
|
|
|
@ -7,6 +7,9 @@ GENCERT_FLAGS=
|
|||
# host to bind to during regress
|
||||
REGRESS_HOST = localhost
|
||||
|
||||
# set to no if don't have IPv6 working (need to listen on ::1)
|
||||
HAVE_IPV6 = yes
|
||||
|
||||
DISTFILES = Makefile \
|
||||
env \
|
||||
err \
|
||||
|
@ -39,7 +42,7 @@ IRI_OBJS = ${IRI_SRCS:.c=.o} ${REG_COMPATS}
|
|||
.PHONY: all data clean dist
|
||||
|
||||
all: data puny-test iri_test fcgi-test
|
||||
env REGRESS_HOST="${REGRESS_HOST}" ./regress ${TESTS}
|
||||
env HAVE_IPV6="${HAVE_IPV6}" REGRESS_HOST="${REGRESS_HOST}" ./regress ${TESTS}
|
||||
|
||||
data: testdata localhost.pem testca.pem valid.crt invalid.pem
|
||||
|
||||
|
|
|
@ -162,6 +162,14 @@ main(void)
|
|||
PASS,
|
||||
IRI("gemini", "naïve.omarpolo.com", "", "", "", ""),
|
||||
"Can percent decode hostnames");
|
||||
TEST("gemini://100.64.3.27/",
|
||||
PASS,
|
||||
IRI("gemini", "100.64.3.27", "", "", "", ""),
|
||||
"Accepts IPv4 addresses");
|
||||
TEST("gemini://[::1]/",
|
||||
PASS,
|
||||
IRI("gemini", "::1", "", "", "", ""),
|
||||
"Accepts IPv6 addresses");
|
||||
|
||||
/* path */
|
||||
TEST("gemini://omarpolo.com/foo/bar/baz",
|
||||
|
|
|
@ -6,9 +6,12 @@ gemexp="./../gemexp"
|
|||
gg="./../gg"
|
||||
gmid="./../gmid"
|
||||
current_test=
|
||||
server_name=
|
||||
gghost=
|
||||
|
||||
run_test() {
|
||||
ggflags=
|
||||
host="$REGRESS_HOST"
|
||||
port=10965
|
||||
config_common="log syslog off"
|
||||
hdr=
|
||||
|
@ -18,9 +21,15 @@ run_test() {
|
|||
ran_no=$((ran_no + 1))
|
||||
|
||||
current_test=$1
|
||||
server_name=localhost
|
||||
gghost=localhost
|
||||
|
||||
rm -f reg.conf
|
||||
|
||||
if ! $1; then
|
||||
if [ "$2" = "need_ipv6" -a "$HAVE_IPV6" != "yes" ]; then
|
||||
echo "$1 skipped (needs HAVE_IPV6='yes')"
|
||||
return
|
||||
elif ! $1; then
|
||||
echo "$1 failed"
|
||||
failed="$failed $1"
|
||||
failed_no=$((failed_no + 1))
|
||||
|
@ -58,11 +67,11 @@ gen_config() {
|
|||
cat <<EOF > reg.conf
|
||||
$config_common
|
||||
$1
|
||||
server "localhost" {
|
||||
server "$server_name" {
|
||||
cert "$PWD/localhost.pem"
|
||||
key "$PWD/localhost.key"
|
||||
root "$PWD/testdata"
|
||||
listen on $REGRESS_HOST port $port
|
||||
listen on $host port $port
|
||||
$2
|
||||
}
|
||||
EOF
|
||||
|
@ -77,7 +86,7 @@ set_proxy() {
|
|||
server "localhost.local" {
|
||||
cert "$PWD/localhost.pem"
|
||||
key "$PWD/localhost.key"
|
||||
listen on $REGRESS_HOST port $port
|
||||
listen on $host port $port
|
||||
proxy {
|
||||
relay-to localhost port $port
|
||||
$1
|
||||
|
@ -108,13 +117,13 @@ setup_simple_test() {
|
|||
# usage: get <path>
|
||||
# return the body of the request on stdout
|
||||
get() {
|
||||
$gg -T10 $ggflags "gemini://localhost:10965/$1" || true
|
||||
$gg -q -T10 $ggflags "gemini://$gghost:10965/$1" || true
|
||||
}
|
||||
|
||||
# usage: head <path>
|
||||
# return the meta response line on stdout
|
||||
head() {
|
||||
$gg -T10 -d header $ggflags "gemini://localhost:10965/$1" || true
|
||||
$gg -q -T10 -d header $ggflags "gemini://$gghost:10965/$1" || true
|
||||
}
|
||||
|
||||
# usage: fetch <path>
|
||||
|
|
|
@ -20,6 +20,9 @@ fi
|
|||
run_test test_punycode
|
||||
run_test test_iri
|
||||
|
||||
# Run configuration dumping test.
|
||||
run_test test_dump_config
|
||||
|
||||
if [ "${SKIP_RUNTIME_TESTS:-0}" -eq 1 ]; then
|
||||
echo
|
||||
echo "======================"
|
||||
|
@ -59,6 +62,9 @@ run_test test_proxy_with_certs
|
|||
# run_test test_unknown_host # XXX: breaks on some distro
|
||||
run_test test_include_mime
|
||||
run_test test_log_file
|
||||
run_test test_ipv4_addr
|
||||
run_test test_ipv6_addr need_ipv6
|
||||
run_test test_ipv6_server need_ipv6
|
||||
|
||||
# TODO: add test that uses only a TLSv1.2 or TLSv1.3
|
||||
# TODO: add a test that attempt to serve a non-regular file
|
||||
|
|
|
@ -8,6 +8,34 @@ test_iri() {
|
|||
./iri_test
|
||||
}
|
||||
|
||||
test_dump_config() {
|
||||
dont_check_server_alive=yes
|
||||
gen_config '' ''
|
||||
|
||||
exp="$(mktemp)"
|
||||
got="$(mktemp)"
|
||||
cat <<EOF >$exp
|
||||
prefork 3
|
||||
|
||||
server "localhost" {
|
||||
cert "$PWD/localhost.pem"
|
||||
key "$PWD/localhost.key"
|
||||
}
|
||||
EOF
|
||||
|
||||
$gmid -nn -c reg.conf > $got 2>/dev/null
|
||||
|
||||
ret=0
|
||||
if ! cmp -s "$exp" "$got"; then
|
||||
echo "config differs!" >&2
|
||||
diff -u "$exp" "$got" >&2
|
||||
ret=1
|
||||
fi
|
||||
|
||||
rm "$exp" "$got"
|
||||
return $ret
|
||||
}
|
||||
|
||||
test_gemexp() {
|
||||
dont_check_server_alive=yes
|
||||
|
||||
|
@ -287,13 +315,15 @@ test_fastcgi_deprecated_syntax() {
|
|||
test_macro_expansion() {
|
||||
cat <<EOF > reg.conf
|
||||
pwd = "$PWD"
|
||||
common = "lang it; auto index on"
|
||||
|
||||
server "localhost" {
|
||||
# the quoting of \$ is for sh
|
||||
cert \$pwd "/localhost.pem"
|
||||
key \$pwd "/localhost.key"
|
||||
root \$pwd "/testdata"
|
||||
listen on $REGRESS_HOST port $port
|
||||
listen on $host port $port
|
||||
@common
|
||||
}
|
||||
EOF
|
||||
|
||||
|
@ -305,7 +335,7 @@ EOF
|
|||
run
|
||||
|
||||
fetch /
|
||||
check_reply "20 text/gemini" "# hello world"
|
||||
check_reply "20 text/gemini;lang=it" "# hello world"
|
||||
}
|
||||
|
||||
test_proxy_relay_to() {
|
||||
|
@ -400,3 +430,36 @@ log style legacy'
|
|||
rm -f log log.edited
|
||||
return 0
|
||||
}
|
||||
|
||||
test_ipv4_addr() {
|
||||
server_name="*"
|
||||
host="127.0.0.1"
|
||||
gghost=127.0.0.1
|
||||
ggflags=-N
|
||||
setup_simple_test
|
||||
|
||||
fetch /
|
||||
check_reply "20 text/gemini" "# hello world" || return 1
|
||||
}
|
||||
|
||||
test_ipv6_addr() {
|
||||
server_name="*"
|
||||
host="::1"
|
||||
gghost="[::1]"
|
||||
ggflags=-N
|
||||
setup_simple_test
|
||||
|
||||
fetch /
|
||||
check_reply "20 text/gemini" "# hello world" || return 1
|
||||
}
|
||||
|
||||
test_ipv6_server() {
|
||||
server_name="::1"
|
||||
host="::1"
|
||||
gghost="[::1]"
|
||||
ggflags=-N
|
||||
setup_simple_test
|
||||
|
||||
fetch /
|
||||
check_reply "20 text/gemini" "# hello world" || return 1
|
||||
}
|
||||
|
|
32
server.c
32
server.c
|
@ -31,7 +31,7 @@
|
|||
#include "log.h"
|
||||
#include "proc.h"
|
||||
|
||||
#define MIN(a, b) ((a) < (b) ? (a) : (b))
|
||||
#define MINIMUM(a, b) ((a) < (b) ? (a) : (b))
|
||||
|
||||
#ifndef nitems
|
||||
#define nitems(_a) (sizeof((_a)) / sizeof((_a)[0]))
|
||||
|
@ -119,6 +119,9 @@ match_host(struct vhost *v, struct client *c)
|
|||
if (addr == NULL)
|
||||
return 0;
|
||||
|
||||
if (*c->domain == '\0')
|
||||
strlcpy(c->domain, addr->pp, sizeof(c->domain));
|
||||
|
||||
if (matches(v->domain, c->domain))
|
||||
return 1;
|
||||
|
||||
|
@ -403,16 +406,19 @@ handle_handshake(int fd, short ev, void *d)
|
|||
evbuffer_unfreeze(c->bev->output, 1);
|
||||
#endif
|
||||
|
||||
if ((servname = tls_conn_servername(c->ctx)) == NULL) {
|
||||
if ((servname = tls_conn_servername(c->ctx)) == NULL)
|
||||
log_debug("handshake: missing SNI");
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (!puny_decode(servname, c->domain, sizeof(c->domain), &parse_err)) {
|
||||
log_info("puny_decode: %s", parse_err);
|
||||
goto err;
|
||||
start_reply(c, BAD_REQUEST, "Wrong/malformed host");
|
||||
return;
|
||||
}
|
||||
|
||||
/*
|
||||
* match_addr will serialize the (matching) address if c->domain
|
||||
* is empty, so that we can support requests for raw IPv6 address
|
||||
* that can't have a SNI.
|
||||
*/
|
||||
TAILQ_FOREACH(h, &conf->hosts, vhosts)
|
||||
if (match_host(h, c))
|
||||
break;
|
||||
|
@ -428,8 +434,7 @@ handle_handshake(int fd, short ev, void *d)
|
|||
return;
|
||||
}
|
||||
|
||||
err:
|
||||
start_reply(c, BAD_REQUEST, "Wrong/malformed host or missing SNI");
|
||||
start_reply(c, BAD_REQUEST, "Wrong/malformed host");
|
||||
}
|
||||
|
||||
static void
|
||||
|
@ -853,7 +858,7 @@ client_tls_readcb(int fd, short event, void *d)
|
|||
}
|
||||
|
||||
if (bufev->wm_read.high != 0)
|
||||
howmuch = MIN(sizeof(buf), bufev->wm_read.high);
|
||||
howmuch = MINIMUM(sizeof(buf), bufev->wm_read.high);
|
||||
|
||||
switch (ret = tls_read(client->ctx, buf, howmuch)) {
|
||||
case TLS_WANT_POLLIN:
|
||||
|
@ -1329,15 +1334,6 @@ server_accept(int sock, short et, void *d)
|
|||
connected_clients++;
|
||||
}
|
||||
|
||||
struct client *
|
||||
client_by_id(int id)
|
||||
{
|
||||
struct client find;
|
||||
|
||||
find.id = id;
|
||||
return SPLAY_FIND(client_tree_id, &clients, &find);
|
||||
}
|
||||
|
||||
static void
|
||||
handle_siginfo(int fd, short ev, void *d)
|
||||
{
|
||||
|
|
|
@ -21,7 +21,7 @@ REPOLOGY_URL = https://repology.org/project/gmid/versions
|
|||
|
||||
SUBST = ./subst GITHUB=https://github.com/omar-polo/gmid \
|
||||
SITE=https://ftp.omarpolo.com \
|
||||
VERS=2.0.1 \
|
||||
VERS=2.0.2 \
|
||||
PUBKEY=gmid-2.0.pub \
|
||||
TREE=https://github.com/omar-polo/gmid/blob/master
|
||||
|
||||
|
|
|
@ -1,5 +1,13 @@
|
|||
# change log
|
||||
|
||||
## 2024/04/04 - 2.0.2 “Lady Stardust” bugfix release
|
||||
|
||||
- fix `log access path' with `chroot' enabled.
|
||||
- fix config dumping (-nn).
|
||||
- rework grammar to allow semicolons after top-level statements.
|
||||
- don't make the log styles reserved keywords.
|
||||
- contrib/vim: fixed indent, from Anna “CyberTailor”, thanks!
|
||||
|
||||
## 2024/01/24 - 2.0.1 “Lady Stardust” bugfix release
|
||||
|
||||
* convert gmid to the new imsg API
|
||||
|
|
Loading…
Reference in New Issue