2013-05-01 17:17:16 +02:00
|
|
|
|
/*
|
2022-01-31 22:02:06 +01:00
|
|
|
|
* Copyright (c) 2013-2022 Joris Vink <joris@coders.se>
|
2013-05-01 17:17:16 +02:00
|
|
|
|
*
|
|
|
|
|
* Permission to use, copy, modify, and distribute this software for any
|
|
|
|
|
* purpose with or without fee is hereby granted, provided that the above
|
|
|
|
|
* copyright notice and this permission notice appear in all copies.
|
|
|
|
|
*
|
|
|
|
|
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
|
|
|
|
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
|
|
|
|
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
|
|
|
|
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
|
|
|
|
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
|
|
|
|
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
|
|
|
|
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
|
|
|
|
*/
|
|
|
|
|
|
2016-07-06 16:16:15 +02:00
|
|
|
|
#include <sys/param.h>
|
2019-03-06 09:29:46 +01:00
|
|
|
|
#include <sys/types.h>
|
2014-03-07 09:55:28 +01:00
|
|
|
|
#include <sys/stat.h>
|
|
|
|
|
|
2016-01-22 12:08:13 +01:00
|
|
|
|
#include <stdio.h>
|
|
|
|
|
#include <string.h>
|
2017-02-06 12:13:29 +01:00
|
|
|
|
#include <stdint.h>
|
2013-05-01 17:17:16 +02:00
|
|
|
|
#include <ctype.h>
|
2013-09-02 08:52:16 +02:00
|
|
|
|
#include <limits.h>
|
2013-05-01 17:17:16 +02:00
|
|
|
|
#include <fcntl.h>
|
2013-06-26 11:18:32 +02:00
|
|
|
|
#include <pwd.h>
|
2013-05-01 17:17:16 +02:00
|
|
|
|
|
|
|
|
|
#include "kore.h"
|
2013-09-22 20:05:24 +02:00
|
|
|
|
#include "http.h"
|
2013-05-01 17:17:16 +02:00
|
|
|
|
|
2014-07-04 09:14:05 +02:00
|
|
|
|
#if defined(KORE_USE_PGSQL)
|
|
|
|
|
#include "pgsql.h"
|
|
|
|
|
#endif
|
|
|
|
|
|
2015-06-04 10:29:22 +02:00
|
|
|
|
#if defined(KORE_USE_TASKS)
|
|
|
|
|
#include "tasks.h"
|
|
|
|
|
#endif
|
|
|
|
|
|
2017-01-12 23:38:51 +01:00
|
|
|
|
#if defined(KORE_USE_PYTHON)
|
|
|
|
|
#include "python_api.h"
|
|
|
|
|
#endif
|
|
|
|
|
|
2019-04-24 00:10:47 +02:00
|
|
|
|
#if defined(KORE_USE_CURL)
|
|
|
|
|
#include "curl.h"
|
|
|
|
|
#endif
|
|
|
|
|
|
2019-11-06 19:33:53 +01:00
|
|
|
|
#if defined(KORE_USE_ACME)
|
|
|
|
|
#include "acme.h"
|
|
|
|
|
#endif
|
|
|
|
|
|
2019-10-31 12:52:10 +01:00
|
|
|
|
#if defined(__linux__)
|
|
|
|
|
#include "seccomp.h"
|
|
|
|
|
#endif
|
|
|
|
|
|
2014-01-22 22:55:10 +01:00
|
|
|
|
/* XXX - This is becoming a clusterfuck. Fix it. */
|
|
|
|
|
|
2019-11-06 19:33:53 +01:00
|
|
|
|
static int configure_load(char *);
|
2021-09-05 17:53:09 +02:00
|
|
|
|
static char *configure_resolve_var(char *);
|
2019-11-06 19:33:53 +01:00
|
|
|
|
static void configure_check_var(char **, const char *, const char *);
|
2017-01-26 13:13:23 +01:00
|
|
|
|
|
|
|
|
|
#if defined(KORE_SINGLE_BINARY)
|
2016-07-06 16:16:15 +02:00
|
|
|
|
static FILE *config_file_write(void);
|
|
|
|
|
extern u_int8_t asset_builtin_kore_conf[];
|
|
|
|
|
extern u_int32_t asset_len_builtin_kore_conf;
|
2019-09-26 15:49:00 +02:00
|
|
|
|
#elif defined(KORE_USE_PYTHON)
|
|
|
|
|
static int configure_file(char *);
|
2016-07-06 16:16:15 +02:00
|
|
|
|
#endif
|
|
|
|
|
|
2019-11-06 19:33:53 +01:00
|
|
|
|
#if defined(KORE_USE_ACME)
|
|
|
|
|
static int configure_acme(char *);
|
2020-01-13 11:00:40 +01:00
|
|
|
|
static int configure_acme_email(char *);
|
2019-11-06 19:33:53 +01:00
|
|
|
|
static int configure_acme_provider(char *);
|
|
|
|
|
#endif
|
|
|
|
|
|
2019-09-27 12:22:35 +02:00
|
|
|
|
static int configure_tls(char *);
|
2019-09-27 20:00:35 +02:00
|
|
|
|
static int configure_server(char *);
|
2016-02-01 21:33:51 +01:00
|
|
|
|
static int configure_include(char *);
|
|
|
|
|
static int configure_bind(char *);
|
2018-10-07 20:49:16 +02:00
|
|
|
|
static int configure_bind_unix(char *);
|
2019-09-27 12:22:35 +02:00
|
|
|
|
static int configure_attach(char *);
|
2016-02-01 21:33:51 +01:00
|
|
|
|
static int configure_domain(char *);
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
|
static int configure_privsep(char *);
|
2021-09-10 13:34:57 +02:00
|
|
|
|
static int configure_logfile(char *);
|
2016-02-01 21:33:51 +01:00
|
|
|
|
static int configure_workers(char *);
|
|
|
|
|
static int configure_pidfile(char *);
|
|
|
|
|
static int configure_rlimit_nofiles(char *);
|
|
|
|
|
static int configure_max_connections(char *);
|
|
|
|
|
static int configure_accept_threshold(char *);
|
2019-03-22 09:49:50 +01:00
|
|
|
|
static int configure_death_policy(char *);
|
2016-02-01 21:33:51 +01:00
|
|
|
|
static int configure_set_affinity(char *);
|
|
|
|
|
static int configure_socket_backlog(char *);
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
|
static int configure_privsep_skip(char *);
|
|
|
|
|
static int configure_privsep_root(char *);
|
|
|
|
|
static int configure_privsep_runas(char *);
|
2015-11-27 16:22:50 +01:00
|
|
|
|
|
2018-07-31 06:51:34 +02:00
|
|
|
|
#if defined(KORE_USE_PLATFORM_PLEDGE)
|
|
|
|
|
static int configure_add_pledge(char *);
|
|
|
|
|
#endif
|
|
|
|
|
|
2017-02-28 05:58:04 +01:00
|
|
|
|
static int configure_rand_file(char *);
|
2016-02-01 21:33:51 +01:00
|
|
|
|
static int configure_certfile(char *);
|
|
|
|
|
static int configure_certkey(char *);
|
|
|
|
|
static int configure_tls_version(char *);
|
|
|
|
|
static int configure_tls_cipher(char *);
|
|
|
|
|
static int configure_tls_dhparam(char *);
|
2018-07-11 09:44:29 +02:00
|
|
|
|
static int configure_client_verify(char *);
|
2018-06-09 12:50:50 +02:00
|
|
|
|
static int configure_client_verify_depth(char *);
|
2015-11-27 16:22:50 +01:00
|
|
|
|
|
|
|
|
|
#if !defined(KORE_NO_HTTP)
|
2019-11-15 08:11:02 +01:00
|
|
|
|
static int configure_route(char *);
|
2021-09-15 11:09:52 +02:00
|
|
|
|
static int configure_route_methods(char *);
|
2021-09-15 22:16:22 +02:00
|
|
|
|
static int configure_route_handler(char *);
|
2021-12-14 23:15:21 +01:00
|
|
|
|
static int configure_route_on_free(char *);
|
2021-09-15 22:16:22 +02:00
|
|
|
|
static int configure_route_on_headers(char *);
|
2022-01-31 15:13:34 +01:00
|
|
|
|
static int configure_route_authenticate(char *);
|
2021-09-15 22:16:22 +02:00
|
|
|
|
static int configure_route_on_body_chunk(char *);
|
2018-06-28 13:27:44 +02:00
|
|
|
|
static int configure_filemap(char *);
|
2020-03-03 11:28:16 +01:00
|
|
|
|
static int configure_return(char *);
|
2020-02-07 06:42:33 +01:00
|
|
|
|
static int configure_redirect(char *);
|
2016-02-01 21:33:51 +01:00
|
|
|
|
static int configure_static_handler(char *);
|
|
|
|
|
static int configure_dynamic_handler(char *);
|
|
|
|
|
static int configure_accesslog(char *);
|
|
|
|
|
static int configure_http_header_max(char *);
|
2019-04-11 20:51:49 +02:00
|
|
|
|
static int configure_http_header_timeout(char *);
|
2016-02-01 21:33:51 +01:00
|
|
|
|
static int configure_http_body_max(char *);
|
2019-04-11 20:51:49 +02:00
|
|
|
|
static int configure_http_body_timeout(char *);
|
2018-07-03 19:58:43 +02:00
|
|
|
|
static int configure_filemap_ext(char *);
|
2018-06-28 23:00:42 +02:00
|
|
|
|
static int configure_filemap_index(char *);
|
2018-06-28 13:27:44 +02:00
|
|
|
|
static int configure_http_media_type(char *);
|
2016-02-01 21:33:51 +01:00
|
|
|
|
static int configure_http_hsts_enable(char *);
|
|
|
|
|
static int configure_http_keepalive_time(char *);
|
2018-03-14 13:41:17 +01:00
|
|
|
|
static int configure_http_request_ms(char *);
|
2016-02-01 21:33:51 +01:00
|
|
|
|
static int configure_http_request_limit(char *);
|
|
|
|
|
static int configure_http_body_disk_offload(char *);
|
|
|
|
|
static int configure_http_body_disk_path(char *);
|
2020-02-18 22:29:41 +01:00
|
|
|
|
static int configure_http_server_version(char *);
|
2020-03-03 12:53:18 +01:00
|
|
|
|
static int configure_http_pretty_error(char *);
|
2016-02-01 21:33:51 +01:00
|
|
|
|
static int configure_validator(char *);
|
|
|
|
|
static int configure_validate(char *);
|
|
|
|
|
static int configure_authentication(char *);
|
|
|
|
|
static int configure_authentication_uri(char *);
|
|
|
|
|
static int configure_authentication_type(char *);
|
|
|
|
|
static int configure_authentication_value(char *);
|
|
|
|
|
static int configure_authentication_validator(char *);
|
|
|
|
|
static int configure_websocket_maxframe(char *);
|
|
|
|
|
static int configure_websocket_timeout(char *);
|
2015-11-27 16:22:50 +01:00
|
|
|
|
#endif
|
2014-01-22 22:55:10 +01:00
|
|
|
|
|
2014-07-04 09:14:05 +02:00
|
|
|
|
#if defined(KORE_USE_PGSQL)
|
2016-02-01 21:33:51 +01:00
|
|
|
|
static int configure_pgsql_conn_max(char *);
|
2018-02-13 13:21:27 +01:00
|
|
|
|
static int configure_pgsql_queue_limit(char *);
|
2014-07-04 09:14:05 +02:00
|
|
|
|
#endif
|
|
|
|
|
|
2015-06-04 10:29:22 +02:00
|
|
|
|
#if defined(KORE_USE_TASKS)
|
2016-02-01 21:33:51 +01:00
|
|
|
|
static int configure_task_threads(char *);
|
2015-06-04 10:29:22 +02:00
|
|
|
|
#endif
|
|
|
|
|
|
2017-01-12 23:38:51 +01:00
|
|
|
|
#if defined(KORE_USE_PYTHON)
|
2019-09-26 15:49:00 +02:00
|
|
|
|
static int configure_deployment(char *);
|
2021-10-20 11:20:25 +02:00
|
|
|
|
static int configure_python_path(char *);
|
|
|
|
|
static int configure_python_import(char *);
|
2017-01-12 23:38:51 +01:00
|
|
|
|
#endif
|
|
|
|
|
|
2019-04-24 00:10:47 +02:00
|
|
|
|
#if defined(KORE_USE_CURL)
|
|
|
|
|
static int configure_curl_timeout(char *);
|
|
|
|
|
static int configure_curl_recv_max(char *);
|
|
|
|
|
#endif
|
|
|
|
|
|
2019-10-31 12:52:10 +01:00
|
|
|
|
#if defined(__linux__)
|
|
|
|
|
static int configure_seccomp_tracing(char *);
|
|
|
|
|
#endif
|
|
|
|
|
|
2013-05-01 17:17:16 +02:00
|
|
|
|
static struct {
|
|
|
|
|
const char *name;
|
2016-02-01 21:33:51 +01:00
|
|
|
|
int (*configure)(char *);
|
2019-09-26 15:49:00 +02:00
|
|
|
|
} config_directives[] = {
|
2019-09-27 12:22:35 +02:00
|
|
|
|
{ "tls", configure_tls },
|
2019-11-06 19:33:53 +01:00
|
|
|
|
#if defined(KORE_USE_ACME)
|
|
|
|
|
{ "acme", configure_acme },
|
|
|
|
|
#endif
|
2013-06-26 16:37:22 +02:00
|
|
|
|
{ "bind", configure_bind },
|
|
|
|
|
{ "load", configure_load },
|
2019-09-26 15:49:00 +02:00
|
|
|
|
{ "domain", configure_domain },
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
|
{ "privsep", configure_privsep },
|
2019-11-06 19:33:53 +01:00
|
|
|
|
{ "server", configure_server },
|
2019-09-27 12:22:35 +02:00
|
|
|
|
{ "attach", configure_attach },
|
2019-09-26 15:49:00 +02:00
|
|
|
|
{ "certkey", configure_certkey },
|
2019-11-06 19:33:53 +01:00
|
|
|
|
{ "certfile", configure_certfile },
|
|
|
|
|
{ "include", configure_include },
|
|
|
|
|
{ "unix", configure_bind_unix },
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
|
{ "skip", configure_privsep_skip },
|
|
|
|
|
{ "root", configure_privsep_root },
|
|
|
|
|
{ "runas", configure_privsep_runas },
|
2019-09-26 15:49:00 +02:00
|
|
|
|
{ "client_verify", configure_client_verify },
|
|
|
|
|
{ "client_verify_depth", configure_client_verify_depth },
|
2021-10-20 11:20:25 +02:00
|
|
|
|
#if defined(KORE_USE_PYTHON)
|
|
|
|
|
{ "python_path", configure_python_path },
|
|
|
|
|
{ "python_import", configure_python_import },
|
|
|
|
|
#endif
|
2019-09-26 15:49:00 +02:00
|
|
|
|
#if !defined(KORE_NO_HTTP)
|
2021-09-15 11:09:52 +02:00
|
|
|
|
{ "route", configure_route },
|
|
|
|
|
{ "handler", configure_route_handler },
|
2021-09-15 22:16:22 +02:00
|
|
|
|
{ "on_headers", configure_route_on_headers },
|
|
|
|
|
{ "on_body_chunk", configure_route_on_body_chunk },
|
2021-12-14 23:15:21 +01:00
|
|
|
|
{ "on_free", configure_route_on_free },
|
2021-09-15 11:09:52 +02:00
|
|
|
|
{ "methods", configure_route_methods },
|
2022-01-31 15:13:34 +01:00
|
|
|
|
{ "authenticate", configure_route_authenticate },
|
2019-09-26 15:49:00 +02:00
|
|
|
|
{ "filemap", configure_filemap },
|
2020-02-07 06:42:33 +01:00
|
|
|
|
{ "redirect", configure_redirect },
|
2020-03-03 11:28:16 +01:00
|
|
|
|
{ "return", configure_return },
|
2019-09-26 15:49:00 +02:00
|
|
|
|
{ "static", configure_static_handler },
|
|
|
|
|
{ "dynamic", configure_dynamic_handler },
|
|
|
|
|
{ "accesslog", configure_accesslog },
|
|
|
|
|
{ "validator", configure_validator },
|
|
|
|
|
{ "validate", configure_validate },
|
|
|
|
|
{ "authentication", configure_authentication },
|
|
|
|
|
{ "authentication_uri", configure_authentication_uri },
|
|
|
|
|
{ "authentication_type", configure_authentication_type },
|
|
|
|
|
{ "authentication_value", configure_authentication_value },
|
|
|
|
|
{ "authentication_validator", configure_authentication_validator },
|
|
|
|
|
#endif
|
|
|
|
|
{ NULL, NULL },
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static struct {
|
|
|
|
|
const char *name;
|
|
|
|
|
int (*configure)(char *);
|
|
|
|
|
} config_settings[] = {
|
2021-09-10 13:34:57 +02:00
|
|
|
|
{ "logfile", configure_logfile },
|
2013-06-26 16:37:22 +02:00
|
|
|
|
{ "workers", configure_workers },
|
|
|
|
|
{ "worker_max_connections", configure_max_connections },
|
2014-07-31 09:14:03 +02:00
|
|
|
|
{ "worker_rlimit_nofiles", configure_rlimit_nofiles },
|
2015-05-18 12:20:28 +02:00
|
|
|
|
{ "worker_accept_threshold", configure_accept_threshold },
|
2019-03-22 09:49:50 +01:00
|
|
|
|
{ "worker_death_policy", configure_death_policy },
|
2015-04-27 10:36:33 +02:00
|
|
|
|
{ "worker_set_affinity", configure_set_affinity },
|
2013-06-26 16:37:22 +02:00
|
|
|
|
{ "pidfile", configure_pidfile },
|
2015-11-27 16:22:50 +01:00
|
|
|
|
{ "socket_backlog", configure_socket_backlog },
|
|
|
|
|
{ "tls_version", configure_tls_version },
|
|
|
|
|
{ "tls_cipher", configure_tls_cipher },
|
|
|
|
|
{ "tls_dhparam", configure_tls_dhparam },
|
2017-02-28 05:58:04 +01:00
|
|
|
|
{ "rand_file", configure_rand_file },
|
2019-11-06 19:33:53 +01:00
|
|
|
|
#if defined(KORE_USE_ACME)
|
2020-01-13 11:00:40 +01:00
|
|
|
|
{ "acme_email", configure_acme_email },
|
2019-11-06 19:33:53 +01:00
|
|
|
|
{ "acme_provider", configure_acme_provider },
|
|
|
|
|
#endif
|
2019-09-27 12:22:35 +02:00
|
|
|
|
#if defined(KORE_USE_PLATFORM_PLEDGE)
|
|
|
|
|
{ "pledge", configure_add_pledge },
|
2015-11-27 16:22:50 +01:00
|
|
|
|
#endif
|
2019-10-31 12:52:10 +01:00
|
|
|
|
#if defined(__linux__)
|
|
|
|
|
{ "seccomp_tracing", configure_seccomp_tracing },
|
|
|
|
|
#endif
|
2015-11-27 16:22:50 +01:00
|
|
|
|
#if !defined(KORE_NO_HTTP)
|
2018-07-03 19:58:43 +02:00
|
|
|
|
{ "filemap_ext", configure_filemap_ext },
|
2018-06-28 23:00:42 +02:00
|
|
|
|
{ "filemap_index", configure_filemap_index },
|
2018-06-28 13:27:44 +02:00
|
|
|
|
{ "http_media_type", configure_http_media_type },
|
2013-09-22 20:05:24 +02:00
|
|
|
|
{ "http_header_max", configure_http_header_max },
|
2019-04-11 20:51:49 +02:00
|
|
|
|
{ "http_header_timeout", configure_http_header_timeout },
|
2014-10-08 11:03:14 +02:00
|
|
|
|
{ "http_body_max", configure_http_body_max },
|
2019-04-11 20:51:49 +02:00
|
|
|
|
{ "http_body_timeout", configure_http_body_timeout },
|
2013-10-15 10:44:56 +02:00
|
|
|
|
{ "http_hsts_enable", configure_http_hsts_enable },
|
2013-10-15 11:10:45 +02:00
|
|
|
|
{ "http_keepalive_time", configure_http_keepalive_time },
|
2018-03-14 13:41:17 +01:00
|
|
|
|
{ "http_request_ms", configure_http_request_ms },
|
2015-04-09 15:29:44 +02:00
|
|
|
|
{ "http_request_limit", configure_http_request_limit },
|
2016-01-18 11:30:22 +01:00
|
|
|
|
{ "http_body_disk_offload", configure_http_body_disk_offload },
|
|
|
|
|
{ "http_body_disk_path", configure_http_body_disk_path },
|
2020-02-18 22:29:41 +01:00
|
|
|
|
{ "http_server_version", configure_http_server_version },
|
2020-03-03 12:53:18 +01:00
|
|
|
|
{ "http_pretty_error", configure_http_pretty_error },
|
2014-11-24 11:01:12 +01:00
|
|
|
|
{ "websocket_maxframe", configure_websocket_maxframe },
|
|
|
|
|
{ "websocket_timeout", configure_websocket_timeout },
|
2015-11-27 16:22:50 +01:00
|
|
|
|
#endif
|
2019-09-26 15:49:00 +02:00
|
|
|
|
#if defined(KORE_USE_PYTHON)
|
|
|
|
|
{ "deployment", configure_deployment },
|
|
|
|
|
#endif
|
2014-07-04 09:14:05 +02:00
|
|
|
|
#if defined(KORE_USE_PGSQL)
|
|
|
|
|
{ "pgsql_conn_max", configure_pgsql_conn_max },
|
2018-02-13 13:21:27 +01:00
|
|
|
|
{ "pgsql_queue_limit", configure_pgsql_queue_limit },
|
2015-06-04 10:29:22 +02:00
|
|
|
|
#endif
|
|
|
|
|
#if defined(KORE_USE_TASKS)
|
|
|
|
|
{ "task_threads", configure_task_threads },
|
2019-04-24 00:10:47 +02:00
|
|
|
|
#endif
|
|
|
|
|
#if defined(KORE_USE_CURL)
|
|
|
|
|
{ "curl_timeout", configure_curl_timeout },
|
|
|
|
|
{ "curl_recv_max", configure_curl_recv_max },
|
2019-09-26 15:49:00 +02:00
|
|
|
|
#endif
|
|
|
|
|
#if !defined(KORE_SINGLE_BINARY) && defined(KORE_USE_PYTHON)
|
|
|
|
|
{ "file", configure_file },
|
2014-07-04 09:14:05 +02:00
|
|
|
|
#endif
|
2013-06-26 16:37:22 +02:00
|
|
|
|
{ NULL, NULL },
|
2013-05-01 17:17:16 +02:00
|
|
|
|
};
|
|
|
|
|
|
2019-09-26 15:49:00 +02:00
|
|
|
|
static int finalized = 0;
|
|
|
|
|
|
2016-07-06 16:16:15 +02:00
|
|
|
|
#if !defined(KORE_SINGLE_BINARY)
|
2013-11-10 15:17:15 +01:00
|
|
|
|
char *config_file = NULL;
|
2016-07-06 16:16:15 +02:00
|
|
|
|
#endif
|
2015-11-27 16:22:50 +01:00
|
|
|
|
|
|
|
|
|
#if !defined(KORE_NO_HTTP)
|
2014-01-22 22:55:10 +01:00
|
|
|
|
static struct kore_auth *current_auth = NULL;
|
2021-09-15 11:09:52 +02:00
|
|
|
|
static struct kore_route *current_route = NULL;
|
2015-11-27 16:22:50 +01:00
|
|
|
|
#endif
|
|
|
|
|
|
2016-07-06 16:16:15 +02:00
|
|
|
|
extern const char *__progname;
|
2015-11-27 16:22:50 +01:00
|
|
|
|
static struct kore_domain *current_domain = NULL;
|
2019-09-27 20:00:35 +02:00
|
|
|
|
static struct kore_server *current_server = NULL;
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
|
static struct kore_privsep *current_privsep = NULL;
|
2013-05-02 13:30:13 +02:00
|
|
|
|
|
2013-05-01 17:17:16 +02:00
|
|
|
|
void
|
2013-06-26 11:18:32 +02:00
|
|
|
|
kore_parse_config(void)
|
2014-04-22 13:15:19 +02:00
|
|
|
|
{
|
2018-04-09 12:51:20 +02:00
|
|
|
|
FILE *fp;
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
|
struct passwd *pwd;
|
2018-07-11 09:44:29 +02:00
|
|
|
|
char path[PATH_MAX];
|
2018-04-09 12:51:20 +02:00
|
|
|
|
|
2019-09-26 15:49:00 +02:00
|
|
|
|
if (finalized)
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
fp = NULL;
|
|
|
|
|
|
2016-07-06 16:16:15 +02:00
|
|
|
|
#if !defined(KORE_SINGLE_BINARY)
|
2019-09-26 15:49:00 +02:00
|
|
|
|
if (config_file != NULL) {
|
|
|
|
|
if ((fp = fopen(config_file, "r")) == NULL) {
|
|
|
|
|
fatal("configuration given cannot be opened: %s",
|
|
|
|
|
config_file);
|
|
|
|
|
}
|
|
|
|
|
}
|
2016-07-06 16:16:15 +02:00
|
|
|
|
#else
|
2018-04-09 12:51:20 +02:00
|
|
|
|
fp = config_file_write();
|
2016-07-06 16:16:15 +02:00
|
|
|
|
#endif
|
2014-04-22 13:15:19 +02:00
|
|
|
|
|
2019-09-26 15:49:00 +02:00
|
|
|
|
if (fp != NULL) {
|
|
|
|
|
kore_parse_config_file(fp);
|
|
|
|
|
(void)fclose(fp);
|
|
|
|
|
}
|
2018-04-09 12:51:20 +02:00
|
|
|
|
|
2022-02-17 13:45:28 +01:00
|
|
|
|
kore_tls_dh_check();
|
2021-04-21 22:39:35 +02:00
|
|
|
|
|
2014-04-22 13:15:19 +02:00
|
|
|
|
if (!kore_module_loaded())
|
2016-07-06 16:16:15 +02:00
|
|
|
|
fatal("no application module was loaded");
|
2014-07-31 13:59:42 +02:00
|
|
|
|
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
|
if (worker_privsep.root == NULL) {
|
2018-07-11 09:44:29 +02:00
|
|
|
|
if (getcwd(path, sizeof(path)) == NULL)
|
|
|
|
|
fatal("getcwd: %s", errno_s);
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
|
worker_privsep.root = kore_strdup(path);
|
2018-11-15 16:01:37 +01:00
|
|
|
|
|
2021-09-15 11:09:52 +02:00
|
|
|
|
if (!kore_quiet)
|
|
|
|
|
kore_log(LOG_NOTICE, "privsep: no root path set");
|
2015-05-18 21:34:39 +02:00
|
|
|
|
}
|
2015-05-20 11:34:57 +02:00
|
|
|
|
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
|
if (worker_privsep.runas == NULL) {
|
|
|
|
|
if ((pwd = getpwuid(getuid())) == NULL)
|
|
|
|
|
fatal("getpwuid: %s", errno_s);
|
2014-07-31 13:59:42 +02:00
|
|
|
|
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
|
worker_privsep.runas = kore_strdup(pwd->pw_name);
|
2021-09-15 11:09:52 +02:00
|
|
|
|
if (!kore_quiet)
|
|
|
|
|
kore_log(LOG_NOTICE, "privsep: no runas user set");
|
2015-05-20 11:34:57 +02:00
|
|
|
|
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
|
endpwent();
|
|
|
|
|
}
|
2018-07-11 09:44:29 +02:00
|
|
|
|
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
|
configure_check_var(&keymgr_privsep.runas, worker_privsep.runas,
|
2021-09-15 11:09:52 +02:00
|
|
|
|
"privsep: no keymgr runas set");
|
2019-11-06 19:33:53 +01:00
|
|
|
|
#if defined(KORE_USE_ACME)
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
|
configure_check_var(&acme_privsep.runas, worker_privsep.runas,
|
2021-09-15 11:09:52 +02:00
|
|
|
|
"privsep: no acme runas set");
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
configure_check_var(&keymgr_privsep.root, worker_privsep.root,
|
2021-09-15 11:09:52 +02:00
|
|
|
|
"privsep: no keymgr root set");
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
|
#if defined(KORE_USE_ACME)
|
|
|
|
|
configure_check_var(&acme_privsep.root, worker_privsep.root,
|
2021-09-15 11:09:52 +02:00
|
|
|
|
"privsep: no acme root set");
|
2019-11-06 19:33:53 +01:00
|
|
|
|
#endif
|
2018-07-11 09:44:29 +02:00
|
|
|
|
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
|
if (skip_chroot) {
|
|
|
|
|
worker_privsep.skip_chroot = 1;
|
|
|
|
|
keymgr_privsep.skip_chroot = 1;
|
|
|
|
|
#if defined(KORE_USE_ACME)
|
|
|
|
|
acme_privsep.skip_chroot = 1;
|
|
|
|
|
#endif
|
|
|
|
|
}
|
2019-11-06 19:33:53 +01:00
|
|
|
|
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
|
if (skip_runas) {
|
|
|
|
|
worker_privsep.skip_runas = 1;
|
|
|
|
|
keymgr_privsep.skip_runas = 1;
|
2019-11-06 19:33:53 +01:00
|
|
|
|
#if defined(KORE_USE_ACME)
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
|
acme_privsep.skip_runas = 1;
|
2019-11-06 19:33:53 +01:00
|
|
|
|
#endif
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (skip_runas && !kore_quiet)
|
|
|
|
|
kore_log(LOG_NOTICE, "privsep: skipping all runas options");
|
2018-07-11 09:44:29 +02:00
|
|
|
|
|
2018-11-15 16:01:37 +01:00
|
|
|
|
if (skip_chroot && !kore_quiet)
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
|
kore_log(LOG_NOTICE, "privsep: skipping all chroot options");
|
2019-09-26 15:49:00 +02:00
|
|
|
|
|
|
|
|
|
finalized = 1;
|
2014-04-22 13:15:19 +02:00
|
|
|
|
}
|
|
|
|
|
|
2018-04-09 12:51:20 +02:00
|
|
|
|
void
|
|
|
|
|
kore_parse_config_file(FILE *fp)
|
2013-05-01 17:17:16 +02:00
|
|
|
|
{
|
|
|
|
|
int i, lineno;
|
2021-09-05 17:53:09 +02:00
|
|
|
|
char buf[BUFSIZ], *p, *t, *v;
|
2013-05-01 17:17:16 +02:00
|
|
|
|
|
|
|
|
|
lineno = 1;
|
2016-02-01 22:10:10 +01:00
|
|
|
|
while ((p = kore_read_line(fp, buf, sizeof(buf))) != NULL) {
|
|
|
|
|
if (strlen(p) == 0) {
|
2013-05-01 17:17:16 +02:00
|
|
|
|
lineno++;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
|
if (!strcmp(p, "}") && current_privsep != NULL) {
|
|
|
|
|
lineno++;
|
|
|
|
|
current_privsep = NULL;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
2019-09-27 20:00:35 +02:00
|
|
|
|
if (!strcmp(p, "}") && current_server != NULL) {
|
2019-09-27 12:22:35 +02:00
|
|
|
|
lineno++;
|
2019-09-27 20:00:35 +02:00
|
|
|
|
kore_server_finalize(current_server);
|
|
|
|
|
current_server = NULL;
|
2019-09-27 12:22:35 +02:00
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
2015-11-27 16:22:50 +01:00
|
|
|
|
#if !defined(KORE_NO_HTTP)
|
2021-09-15 11:09:52 +02:00
|
|
|
|
if (!strcmp(p, "}") && current_route != NULL) {
|
2013-11-10 15:17:15 +01:00
|
|
|
|
lineno++;
|
2021-09-15 11:09:52 +02:00
|
|
|
|
current_route = NULL;
|
2013-11-10 15:17:15 +01:00
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
2014-01-22 22:55:10 +01:00
|
|
|
|
if (!strcmp(p, "}") && current_auth != NULL) {
|
|
|
|
|
if (current_auth->validator == NULL) {
|
|
|
|
|
fatal("no authentication validator for %s",
|
|
|
|
|
current_auth->name);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
lineno++;
|
|
|
|
|
current_auth = NULL;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
2015-11-27 16:22:50 +01:00
|
|
|
|
#endif
|
2014-01-22 22:55:10 +01:00
|
|
|
|
|
2019-03-26 21:36:45 +01:00
|
|
|
|
if (!strcmp(p, "}") && current_domain != NULL) {
|
2019-09-27 20:00:35 +02:00
|
|
|
|
if (current_domain->server == NULL) {
|
|
|
|
|
fatal("domain '%s' not attached to server",
|
2019-09-27 12:22:35 +02:00
|
|
|
|
current_domain->domain);
|
|
|
|
|
}
|
|
|
|
|
|
2019-11-06 19:33:53 +01:00
|
|
|
|
if (current_domain->server->tls == 1) {
|
|
|
|
|
#if defined(KORE_USE_ACME)
|
|
|
|
|
if (current_domain->acme) {
|
|
|
|
|
lineno++;
|
|
|
|
|
current_domain = NULL;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
if (current_domain->certfile == NULL ||
|
|
|
|
|
current_domain->certkey == NULL) {
|
|
|
|
|
fatal("incomplete TLS setup for '%s'",
|
|
|
|
|
current_domain->domain);
|
|
|
|
|
}
|
2019-03-26 21:36:45 +01:00
|
|
|
|
}
|
2019-09-27 12:22:35 +02:00
|
|
|
|
|
2018-07-11 09:44:29 +02:00
|
|
|
|
current_domain = NULL;
|
2019-03-26 21:36:45 +01:00
|
|
|
|
}
|
2013-06-24 11:32:45 +02:00
|
|
|
|
|
2015-05-07 16:24:08 +02:00
|
|
|
|
if (!strcmp(p, "}")) {
|
|
|
|
|
lineno++;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
2016-02-01 21:33:51 +01:00
|
|
|
|
if ((t = strchr(p, ' ')) == NULL) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_NOTICE,
|
|
|
|
|
"ignoring \"%s\" on line %d", p, lineno++);
|
2016-02-01 21:33:51 +01:00
|
|
|
|
continue;
|
2013-05-01 17:17:16 +02:00
|
|
|
|
}
|
|
|
|
|
|
2016-02-01 21:33:51 +01:00
|
|
|
|
*(t)++ = '\0';
|
|
|
|
|
|
|
|
|
|
p = kore_text_trim(p, strlen(p));
|
|
|
|
|
t = kore_text_trim(t, strlen(t));
|
|
|
|
|
|
|
|
|
|
if (strlen(p) == 0 || strlen(t) == 0) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_NOTICE,
|
|
|
|
|
"ignoring \"%s\" on line %d", p, lineno++);
|
2016-02-01 21:33:51 +01:00
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
2019-09-26 15:49:00 +02:00
|
|
|
|
for (i = 0; config_directives[i].name != NULL; i++) {
|
|
|
|
|
if (!strcmp(config_directives[i].name, p)) {
|
2021-09-05 17:53:09 +02:00
|
|
|
|
if ((v = configure_resolve_var(t)) == NULL)
|
|
|
|
|
fatal("variable %s does not exist", t);
|
|
|
|
|
if (config_directives[i].configure(v))
|
2019-09-26 15:49:00 +02:00
|
|
|
|
break;
|
|
|
|
|
fatal("configuration error on line %d", lineno);
|
|
|
|
|
/* NOTREACHED */
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (config_directives[i].name != NULL) {
|
|
|
|
|
lineno++;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for (i = 0; config_settings[i].name != NULL; i++) {
|
|
|
|
|
if (!strcmp(config_settings[i].name, p)) {
|
2021-09-05 17:53:09 +02:00
|
|
|
|
if ((v = configure_resolve_var(t)) == NULL)
|
|
|
|
|
fatal("variable %s does not exist", t);
|
|
|
|
|
if (config_settings[i].configure(v))
|
2016-02-01 21:33:51 +01:00
|
|
|
|
break;
|
|
|
|
|
fatal("configuration error on line %d", lineno);
|
|
|
|
|
/* NOTREACHED */
|
|
|
|
|
}
|
2015-05-06 10:59:43 +02:00
|
|
|
|
}
|
|
|
|
|
|
2021-09-15 11:09:52 +02:00
|
|
|
|
if (config_settings[i].name == NULL) {
|
|
|
|
|
kore_log(LOG_NOTICE,
|
|
|
|
|
"ignoring \"%s\" on line %d", p, lineno);
|
|
|
|
|
}
|
2019-09-26 15:49:00 +02:00
|
|
|
|
|
2013-05-01 17:17:16 +02:00
|
|
|
|
lineno++;
|
|
|
|
|
}
|
2014-04-22 13:15:19 +02:00
|
|
|
|
}
|
2014-04-09 14:43:23 +02:00
|
|
|
|
|
2019-09-26 15:49:00 +02:00
|
|
|
|
#if defined(KORE_USE_PYTHON)
|
|
|
|
|
int
|
|
|
|
|
kore_configure_setting(const char *name, char *value)
|
|
|
|
|
{
|
|
|
|
|
int i;
|
|
|
|
|
|
|
|
|
|
if (finalized)
|
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
|
|
|
|
|
for (i = 0; config_settings[i].name != NULL; i++) {
|
|
|
|
|
if (!strcmp(config_settings[i].name, name)) {
|
|
|
|
|
if (config_settings[i].configure(value))
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
fatal("bad value '%s' for '%s'", value, name);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
kore_log(LOG_NOTICE, "ignoring unknown kore.config.%s setting", name);
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
2019-11-06 19:33:53 +01:00
|
|
|
|
static void
|
|
|
|
|
configure_check_var(char **var, const char *other, const char *logmsg)
|
|
|
|
|
{
|
|
|
|
|
if (*var == NULL) {
|
|
|
|
|
if (!kore_quiet)
|
|
|
|
|
kore_log(LOG_NOTICE, "%s", logmsg);
|
|
|
|
|
*var = kore_strdup(other);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-09-05 17:53:09 +02:00
|
|
|
|
static char *
|
|
|
|
|
configure_resolve_var(char *var)
|
|
|
|
|
{
|
|
|
|
|
char *v;
|
|
|
|
|
|
|
|
|
|
if (var[0] == '$') {
|
|
|
|
|
if ((v = getenv(&var[1])) == NULL)
|
|
|
|
|
return (NULL);
|
|
|
|
|
} else {
|
|
|
|
|
v = var;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (v);
|
|
|
|
|
}
|
|
|
|
|
|
2014-04-22 13:15:19 +02:00
|
|
|
|
static int
|
2016-02-01 21:33:51 +01:00
|
|
|
|
configure_include(char *path)
|
2014-04-22 13:15:19 +02:00
|
|
|
|
{
|
2018-04-09 12:51:20 +02:00
|
|
|
|
FILE *fp;
|
|
|
|
|
|
|
|
|
|
if ((fp = fopen(path, "r")) == NULL)
|
|
|
|
|
fatal("failed to open include '%s'", path);
|
|
|
|
|
|
|
|
|
|
kore_parse_config_file(fp);
|
2018-04-10 14:39:57 +02:00
|
|
|
|
(void)fclose(fp);
|
2018-02-14 13:48:49 +01:00
|
|
|
|
|
2014-04-22 13:15:19 +02:00
|
|
|
|
return (KORE_RESULT_OK);
|
2013-05-01 17:17:16 +02:00
|
|
|
|
}
|
|
|
|
|
|
2019-09-27 12:22:35 +02:00
|
|
|
|
static int
|
2019-09-27 20:00:35 +02:00
|
|
|
|
configure_server(char *options)
|
2019-09-27 12:22:35 +02:00
|
|
|
|
{
|
2019-09-27 20:00:35 +02:00
|
|
|
|
struct kore_server *srv;
|
2019-09-27 12:22:35 +02:00
|
|
|
|
char *argv[3];
|
|
|
|
|
|
2019-09-27 20:00:35 +02:00
|
|
|
|
if (current_server != NULL) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR, "nested server contexts are not allowed");
|
2019-09-27 12:22:35 +02:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
kore_split_string(options, " ", argv, 3);
|
|
|
|
|
|
|
|
|
|
if (argv[0] == NULL || argv[1] == NULL) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR, "server context invalid");
|
2019-09-27 12:22:35 +02:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (strcmp(argv[1], "{")) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR, "server context not opened correctly");
|
2019-09-27 12:22:35 +02:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
2019-09-27 20:00:35 +02:00
|
|
|
|
if ((srv = kore_server_lookup(argv[0])) != NULL) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR, "server with name '%s' exists", srv->name);
|
2019-09-27 12:22:35 +02:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
2019-09-27 20:00:35 +02:00
|
|
|
|
current_server = kore_server_create(argv[0]);
|
2019-09-27 12:22:35 +02:00
|
|
|
|
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
configure_tls(char *yesno)
|
|
|
|
|
{
|
2022-02-17 13:45:28 +01:00
|
|
|
|
if (!kore_tls_supported()) {
|
|
|
|
|
current_server->tls = 0;
|
|
|
|
|
|
|
|
|
|
if (!strcmp(yesno, "yes")) {
|
|
|
|
|
kore_log(LOG_ERR, "TLS not supported in this build");
|
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
|
2019-09-27 20:00:35 +02:00
|
|
|
|
if (current_server == NULL) {
|
2022-02-17 13:45:28 +01:00
|
|
|
|
kore_log(LOG_ERR, "tls keyword not inside a server context");
|
2019-09-27 12:22:35 +02:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!strcmp(yesno, "no")) {
|
2019-09-27 20:00:35 +02:00
|
|
|
|
current_server->tls = 0;
|
2019-09-27 12:22:35 +02:00
|
|
|
|
} else if (!strcmp(yesno, "yes")) {
|
2019-09-27 20:00:35 +02:00
|
|
|
|
current_server->tls = 1;
|
2019-09-27 12:22:35 +02:00
|
|
|
|
} else {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR, "invalid '%s' for yes|no tls option", yesno);
|
2019-09-27 12:22:35 +02:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
|
2019-11-06 19:33:53 +01:00
|
|
|
|
#if defined(KORE_USE_ACME)
|
|
|
|
|
static int
|
|
|
|
|
configure_acme(char *yesno)
|
|
|
|
|
{
|
|
|
|
|
if (current_domain == NULL) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR, "acme keyword not inside a domain context");
|
2019-11-06 19:33:53 +01:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (strchr(current_domain->domain, '*')) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR,
|
|
|
|
|
"wildcards not supported due to lack of dns-01");
|
2019-11-06 19:33:53 +01:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!strcmp(yesno, "no")) {
|
|
|
|
|
current_domain->acme = 0;
|
|
|
|
|
} else if (!strcmp(yesno, "yes")) {
|
|
|
|
|
current_domain->acme = 1;
|
|
|
|
|
|
|
|
|
|
/* Override keyfile and certfile locations. */
|
|
|
|
|
kore_free(current_domain->certkey);
|
|
|
|
|
kore_free(current_domain->certfile);
|
|
|
|
|
|
2019-11-13 23:01:24 +01:00
|
|
|
|
kore_acme_get_paths(current_domain->domain,
|
|
|
|
|
¤t_domain->certkey, ¤t_domain->certfile);
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
|
acme_domains++;
|
2019-11-06 19:33:53 +01:00
|
|
|
|
} else {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR, "invalid '%s' for yes|no acme option", yesno);
|
2019-11-06 19:33:53 +01:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
|
2020-01-13 11:00:40 +01:00
|
|
|
|
static int
|
|
|
|
|
configure_acme_email(char *email)
|
|
|
|
|
{
|
|
|
|
|
kore_free(acme_email);
|
|
|
|
|
acme_email = kore_strdup(email);
|
|
|
|
|
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
|
2019-11-06 19:33:53 +01:00
|
|
|
|
static int
|
|
|
|
|
configure_acme_provider(char *provider)
|
|
|
|
|
{
|
|
|
|
|
kore_free(acme_provider);
|
|
|
|
|
acme_provider = kore_strdup(provider);
|
|
|
|
|
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#endif
|
|
|
|
|
|
2013-05-01 17:17:16 +02:00
|
|
|
|
static int
|
2016-02-01 21:33:51 +01:00
|
|
|
|
configure_bind(char *options)
|
2013-05-01 17:17:16 +02:00
|
|
|
|
{
|
2016-02-01 21:33:51 +01:00
|
|
|
|
char *argv[4];
|
|
|
|
|
|
2019-09-27 20:00:35 +02:00
|
|
|
|
if (current_server == NULL) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR, "bind keyword not inside a server context");
|
2019-09-27 12:22:35 +02:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
2016-02-01 21:33:51 +01:00
|
|
|
|
kore_split_string(options, " ", argv, 4);
|
|
|
|
|
if (argv[0] == NULL || argv[1] == NULL)
|
2013-05-01 17:17:16 +02:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
|
2019-09-27 20:00:35 +02:00
|
|
|
|
return (kore_server_bind(current_server, argv[0], argv[1], argv[2]));
|
2013-05-01 17:17:16 +02:00
|
|
|
|
}
|
|
|
|
|
|
2018-10-07 20:49:16 +02:00
|
|
|
|
static int
|
|
|
|
|
configure_bind_unix(char *options)
|
|
|
|
|
{
|
|
|
|
|
char *argv[3];
|
|
|
|
|
|
2019-09-27 20:00:35 +02:00
|
|
|
|
if (current_server == NULL) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR,
|
|
|
|
|
"bind_unix keyword not inside a server context");
|
2019-09-27 12:22:35 +02:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
2018-10-07 20:49:16 +02:00
|
|
|
|
kore_split_string(options, " ", argv, 3);
|
|
|
|
|
if (argv[0] == NULL)
|
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
|
2019-09-27 20:00:35 +02:00
|
|
|
|
return (kore_server_bind_unix(current_server, argv[0], argv[1]));
|
2018-10-07 20:49:16 +02:00
|
|
|
|
}
|
|
|
|
|
|
2013-05-01 17:17:16 +02:00
|
|
|
|
static int
|
2016-02-01 21:33:51 +01:00
|
|
|
|
configure_load(char *options)
|
2013-05-01 17:17:16 +02:00
|
|
|
|
{
|
2016-02-01 21:33:51 +01:00
|
|
|
|
char *argv[3];
|
|
|
|
|
|
|
|
|
|
kore_split_string(options, " ", argv, 3);
|
|
|
|
|
if (argv[0] == NULL)
|
2013-05-01 17:17:16 +02:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
|
2017-01-12 23:38:51 +01:00
|
|
|
|
kore_module_load(argv[0], argv[1], KORE_MODULE_NATIVE);
|
2013-05-30 21:26:39 +02:00
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
2017-01-26 13:13:23 +01:00
|
|
|
|
|
|
|
|
|
#if defined(KORE_SINGLE_BINARY)
|
2016-07-06 16:16:15 +02:00
|
|
|
|
static FILE *
|
|
|
|
|
config_file_write(void)
|
|
|
|
|
{
|
|
|
|
|
FILE *fp;
|
|
|
|
|
ssize_t ret;
|
|
|
|
|
int fd, len;
|
|
|
|
|
char fpath[MAXPATHLEN];
|
|
|
|
|
|
2022-08-17 13:16:25 +02:00
|
|
|
|
len = snprintf(fpath, sizeof(fpath), "%s/%s.XXXXXX", KORE_TMPDIR,
|
|
|
|
|
__progname);
|
2016-07-06 16:16:15 +02:00
|
|
|
|
if (len == -1 || (size_t)len >= sizeof(fpath))
|
|
|
|
|
fatal("failed to create temporary path");
|
|
|
|
|
|
|
|
|
|
if ((fd = mkstemp(fpath)) == -1)
|
|
|
|
|
fatal("mkstemp(%s): %s", fpath, errno_s);
|
|
|
|
|
|
|
|
|
|
(void)unlink(fpath);
|
|
|
|
|
|
|
|
|
|
for (;;) {
|
|
|
|
|
ret = write(fd, asset_builtin_kore_conf,
|
|
|
|
|
asset_len_builtin_kore_conf);
|
|
|
|
|
if (ret == -1) {
|
|
|
|
|
if (errno == EINTR)
|
|
|
|
|
continue;
|
|
|
|
|
fatal("failed to write temporary config: %s", errno_s);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ((size_t)ret != asset_len_builtin_kore_conf)
|
|
|
|
|
fatal("failed to write temporary config");
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ((fp = fdopen(fd, "w+")) == NULL)
|
|
|
|
|
fatal("fdopen(): %s", errno_s);
|
|
|
|
|
|
|
|
|
|
rewind(fp);
|
|
|
|
|
|
|
|
|
|
return (fp);
|
|
|
|
|
}
|
2019-09-26 15:49:00 +02:00
|
|
|
|
#elif defined(KORE_USE_PYTHON)
|
|
|
|
|
static int
|
|
|
|
|
configure_file(char *file)
|
|
|
|
|
{
|
2019-09-26 19:58:13 +02:00
|
|
|
|
free(config_file);
|
|
|
|
|
if ((config_file = strdup(file)) == NULL)
|
|
|
|
|
fatal("strdup");
|
2019-09-26 15:49:00 +02:00
|
|
|
|
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
2016-07-06 16:16:15 +02:00
|
|
|
|
#endif
|
2013-05-30 21:26:39 +02:00
|
|
|
|
|
2013-06-27 08:43:07 +02:00
|
|
|
|
static int
|
2016-02-01 21:33:51 +01:00
|
|
|
|
configure_tls_version(char *version)
|
2015-05-06 10:59:43 +02:00
|
|
|
|
{
|
2022-02-17 13:45:28 +01:00
|
|
|
|
int ver;
|
|
|
|
|
|
2018-10-29 20:38:58 +01:00
|
|
|
|
if (!strcmp(version, "1.3")) {
|
2022-02-17 13:45:28 +01:00
|
|
|
|
ver = KORE_TLS_VERSION_1_3;
|
2018-10-29 20:38:58 +01:00
|
|
|
|
} else if (!strcmp(version, "1.2")) {
|
2022-02-17 13:45:28 +01:00
|
|
|
|
ver = KORE_TLS_VERSION_1_2;
|
2016-02-01 21:33:51 +01:00
|
|
|
|
} else if (!strcmp(version, "both")) {
|
2022-02-17 13:45:28 +01:00
|
|
|
|
ver = KORE_TLS_VERSION_BOTH;
|
2015-05-06 10:59:43 +02:00
|
|
|
|
} else {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR,
|
|
|
|
|
"unknown value for tls_version: %s (use 1.3, 1.2, both)",
|
|
|
|
|
version);
|
2015-05-06 10:59:43 +02:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
2022-02-17 13:45:28 +01:00
|
|
|
|
kore_tls_version_set(ver);
|
|
|
|
|
|
2015-05-06 10:59:43 +02:00
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int
|
2016-02-01 21:33:51 +01:00
|
|
|
|
configure_tls_cipher(char *cipherlist)
|
2013-06-27 08:43:07 +02:00
|
|
|
|
{
|
2022-02-17 13:45:28 +01:00
|
|
|
|
return (kore_tls_ciphersuite_set(cipherlist));
|
2013-06-27 08:43:07 +02:00
|
|
|
|
}
|
|
|
|
|
|
2013-08-07 16:51:39 +02:00
|
|
|
|
static int
|
2016-02-01 21:33:51 +01:00
|
|
|
|
configure_tls_dhparam(char *path)
|
2013-08-07 16:51:39 +02:00
|
|
|
|
{
|
2022-02-17 13:45:28 +01:00
|
|
|
|
return (kore_tls_dh_load(path));
|
2013-05-01 17:17:16 +02:00
|
|
|
|
}
|
2013-05-04 22:18:27 +02:00
|
|
|
|
|
2018-06-09 12:50:50 +02:00
|
|
|
|
static int
|
|
|
|
|
configure_client_verify_depth(char *value)
|
|
|
|
|
{
|
|
|
|
|
int err, depth;
|
|
|
|
|
|
|
|
|
|
if (current_domain == NULL) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR,
|
|
|
|
|
"client_verify_depth keyword not in domain context");
|
2018-06-09 12:50:50 +02:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
depth = kore_strtonum(value, 10, 0, INT_MAX, &err);
|
|
|
|
|
if (err != KORE_RESULT_OK) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR, "bad client_verify_depth value: %s", value);
|
2018-06-09 12:50:50 +02:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
current_domain->x509_verify_depth = depth;
|
|
|
|
|
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
|
2013-12-14 16:31:07 +01:00
|
|
|
|
static int
|
2018-07-11 09:44:29 +02:00
|
|
|
|
configure_client_verify(char *options)
|
2013-12-14 16:31:07 +01:00
|
|
|
|
{
|
2016-02-01 21:33:51 +01:00
|
|
|
|
char *argv[3];
|
|
|
|
|
|
2013-12-14 16:31:07 +01:00
|
|
|
|
if (current_domain == NULL) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR,
|
|
|
|
|
"client_verify keyword not in domain context");
|
2013-12-14 16:31:07 +01:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
2016-02-01 21:33:51 +01:00
|
|
|
|
kore_split_string(options, " ", argv, 3);
|
|
|
|
|
if (argv[0] == NULL) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR, "client_verify is missing a parameter");
|
2013-12-14 16:31:07 +01:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (current_domain->cafile != NULL) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR, "client_verify already set for '%s'",
|
2013-12-14 16:31:07 +01:00
|
|
|
|
current_domain->domain);
|
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
2016-02-01 21:33:51 +01:00
|
|
|
|
current_domain->cafile = kore_strdup(argv[0]);
|
|
|
|
|
if (argv[1] != NULL)
|
|
|
|
|
current_domain->crlfile = kore_strdup(argv[1]);
|
2014-10-18 02:32:05 +02:00
|
|
|
|
|
2013-12-14 16:31:07 +01:00
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
|
2017-02-28 05:58:04 +01:00
|
|
|
|
static int
|
|
|
|
|
configure_rand_file(char *path)
|
|
|
|
|
{
|
2022-02-17 13:45:28 +01:00
|
|
|
|
if (kore_rand_file != NULL)
|
|
|
|
|
kore_free(kore_rand_file);
|
2017-02-28 05:58:04 +01:00
|
|
|
|
|
2022-02-17 13:45:28 +01:00
|
|
|
|
kore_rand_file = kore_strdup(path);
|
2017-02-28 05:58:04 +01:00
|
|
|
|
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
|
2013-06-24 09:36:40 +02:00
|
|
|
|
static int
|
2016-02-01 21:33:51 +01:00
|
|
|
|
configure_certfile(char *path)
|
2013-06-24 09:36:40 +02:00
|
|
|
|
{
|
|
|
|
|
if (current_domain == NULL) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR,
|
|
|
|
|
"certfile keyword not specified in domain context");
|
2013-06-24 09:36:40 +02:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
2019-11-06 19:33:53 +01:00
|
|
|
|
kore_free(current_domain->certfile);
|
2016-02-01 21:33:51 +01:00
|
|
|
|
current_domain->certfile = kore_strdup(path);
|
2013-06-24 11:32:45 +02:00
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int
|
2016-02-01 21:33:51 +01:00
|
|
|
|
configure_certkey(char *path)
|
2013-06-24 11:32:45 +02:00
|
|
|
|
{
|
|
|
|
|
if (current_domain == NULL) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR,
|
|
|
|
|
"certkey keyword not specified in domain context");
|
2013-06-24 09:36:40 +02:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
2019-11-06 19:33:53 +01:00
|
|
|
|
kore_free(current_domain->certkey);
|
2016-02-01 21:33:51 +01:00
|
|
|
|
current_domain->certkey = kore_strdup(path);
|
2013-06-24 09:36:40 +02:00
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
2013-06-24 11:32:45 +02:00
|
|
|
|
|
2018-07-11 09:44:29 +02:00
|
|
|
|
static int
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
|
configure_privsep(char *options)
|
|
|
|
|
{
|
|
|
|
|
char *argv[3];
|
|
|
|
|
|
|
|
|
|
if (current_privsep != NULL) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR, "nested privsep contexts are not allowed");
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
kore_split_string(options, " ", argv, 3);
|
|
|
|
|
|
|
|
|
|
if (argv[0] == NULL || argv[1] == NULL) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR, "invalid privsep context");
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (strcmp(argv[1], "{")) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR, "privsep context not opened correctly");
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!strcmp(argv[0], "worker")) {
|
|
|
|
|
current_privsep = &worker_privsep;
|
|
|
|
|
} else if (!strcmp(argv[0], "keymgr")) {
|
|
|
|
|
current_privsep = &keymgr_privsep;
|
|
|
|
|
#if defined(KORE_USE_ACME)
|
2021-12-02 19:33:20 +01:00
|
|
|
|
} else if (!strcmp(argv[0], "acme")) {
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
|
current_privsep = &acme_privsep;
|
|
|
|
|
#endif
|
|
|
|
|
} else {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR, "unknown privsep context: %s", argv[0]);
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
configure_privsep_runas(char *user)
|
2018-07-11 09:44:29 +02:00
|
|
|
|
{
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
|
if (current_privsep == NULL) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR, "runas keyword not in privsep context");
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (current_privsep->runas != NULL)
|
|
|
|
|
kore_free(current_privsep->runas);
|
|
|
|
|
|
|
|
|
|
current_privsep->runas = kore_strdup(user);
|
|
|
|
|
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
configure_privsep_root(char *root)
|
|
|
|
|
{
|
|
|
|
|
if (current_privsep == NULL) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR, "root keyword not in privsep context");
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (current_privsep->root != NULL)
|
|
|
|
|
kore_free(current_privsep->root);
|
|
|
|
|
|
|
|
|
|
current_privsep->root = kore_strdup(root);
|
2018-07-11 09:44:29 +02:00
|
|
|
|
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
|
configure_privsep_skip(char *option)
|
2018-07-11 09:44:29 +02:00
|
|
|
|
{
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
|
if (current_privsep == NULL) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR, "skip keyword not in privsep context");
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!strcmp(option, "chroot")) {
|
|
|
|
|
current_privsep->skip_chroot = 1;
|
|
|
|
|
} else {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR, "unknown skip option '%s'", option);
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
2018-07-11 09:44:29 +02:00
|
|
|
|
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
|
2013-06-26 16:37:22 +02:00
|
|
|
|
static int
|
2016-02-01 21:33:51 +01:00
|
|
|
|
configure_domain(char *options)
|
2013-06-26 16:37:22 +02:00
|
|
|
|
{
|
2016-02-01 21:33:51 +01:00
|
|
|
|
char *argv[3];
|
2013-06-26 16:37:22 +02:00
|
|
|
|
|
2015-11-27 16:22:50 +01:00
|
|
|
|
if (current_domain != NULL) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR, "nested domain contexts are not allowed");
|
2013-06-26 16:37:22 +02:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
2015-11-27 16:22:50 +01:00
|
|
|
|
}
|
2013-06-26 16:37:22 +02:00
|
|
|
|
|
2016-02-01 21:33:51 +01:00
|
|
|
|
kore_split_string(options, " ", argv, 3);
|
|
|
|
|
|
2019-09-27 12:22:35 +02:00
|
|
|
|
if (argv[0] == NULL || argv[1] == NULL) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR, "invalid domain context");
|
2019-09-27 12:22:35 +02:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
2016-02-01 21:33:51 +01:00
|
|
|
|
if (strcmp(argv[1], "{")) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR, "domain context not opened correctly");
|
2015-11-27 16:22:50 +01:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
2016-06-08 13:55:14 +02:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (strlen(argv[0]) >= KORE_DOMAINNAME_LEN - 1) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR, "domain name '%s' too long", argv[0]);
|
2016-06-08 13:55:14 +02:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
2015-11-27 16:22:50 +01:00
|
|
|
|
}
|
|
|
|
|
|
2019-09-27 12:22:35 +02:00
|
|
|
|
current_domain = kore_domain_new(argv[0]);
|
|
|
|
|
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
configure_attach(char *name)
|
|
|
|
|
{
|
2019-09-27 20:00:35 +02:00
|
|
|
|
struct kore_server *srv;
|
2019-09-27 12:22:35 +02:00
|
|
|
|
|
|
|
|
|
if (current_domain == NULL) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR, "attach keyword not in domain context");
|
2019-09-27 12:22:35 +02:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
2019-09-27 20:00:35 +02:00
|
|
|
|
if (current_domain->server != NULL) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR, "domain '%s' already attached to server",
|
2019-09-27 12:22:35 +02:00
|
|
|
|
current_domain->domain);
|
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
2019-09-27 20:00:35 +02:00
|
|
|
|
if ((srv = kore_server_lookup(name)) == NULL) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR, "server '%s' does not exist", name);
|
2019-09-27 12:22:35 +02:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
2019-09-27 20:00:35 +02:00
|
|
|
|
if (!kore_domain_attach(current_domain, srv)) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR, "failed to attach '%s' to '%s'",
|
2019-09-27 12:22:35 +02:00
|
|
|
|
current_domain->domain, name);
|
2013-06-26 16:37:22 +02:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
2013-09-22 20:11:56 +02:00
|
|
|
|
}
|
2013-06-26 16:37:22 +02:00
|
|
|
|
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
|
2015-11-27 16:22:50 +01:00
|
|
|
|
#if !defined(KORE_NO_HTTP)
|
2014-07-31 09:14:03 +02:00
|
|
|
|
static int
|
2016-02-01 21:33:51 +01:00
|
|
|
|
configure_static_handler(char *options)
|
|
|
|
|
{
|
2019-11-15 08:11:02 +01:00
|
|
|
|
kore_log(LOG_NOTICE, "static keyword removed, use route instead");
|
|
|
|
|
return (KORE_RESULT_ERROR);
|
2016-02-01 21:33:51 +01:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
configure_dynamic_handler(char *options)
|
2014-07-31 09:14:03 +02:00
|
|
|
|
{
|
2019-11-15 08:11:02 +01:00
|
|
|
|
kore_log(LOG_NOTICE, "dynamic keyword removed, use route instead");
|
|
|
|
|
return (KORE_RESULT_ERROR);
|
2016-02-01 21:33:51 +01:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int
|
2019-11-15 08:11:02 +01:00
|
|
|
|
configure_route(char *options)
|
2016-02-01 21:33:51 +01:00
|
|
|
|
{
|
2021-09-15 11:09:52 +02:00
|
|
|
|
struct kore_route *rt;
|
|
|
|
|
int type;
|
|
|
|
|
char *argv[4];
|
2014-07-31 09:14:03 +02:00
|
|
|
|
|
2015-11-27 16:22:50 +01:00
|
|
|
|
if (current_domain == NULL) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR, "route keyword not in domain context");
|
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (current_route != NULL) {
|
|
|
|
|
kore_log(LOG_ERR, "nested route contexts not allowed");
|
2015-11-27 16:22:50 +01:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
2016-02-01 21:33:51 +01:00
|
|
|
|
kore_split_string(options, " ", argv, 4);
|
2014-07-31 09:14:03 +02:00
|
|
|
|
|
2021-09-15 11:09:52 +02:00
|
|
|
|
if (argv[1] == NULL || strcmp(argv[1], "{")) {
|
|
|
|
|
kore_log(LOG_ERR, "invalid route context");
|
2015-11-27 16:22:50 +01:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
2016-02-01 21:33:51 +01:00
|
|
|
|
}
|
2015-11-27 16:22:50 +01:00
|
|
|
|
|
2019-11-15 08:11:02 +01:00
|
|
|
|
if (*argv[0] == '/')
|
|
|
|
|
type = HANDLER_TYPE_STATIC;
|
|
|
|
|
else
|
|
|
|
|
type = HANDLER_TYPE_DYNAMIC;
|
|
|
|
|
|
2021-09-15 11:09:52 +02:00
|
|
|
|
if ((rt = kore_route_create(current_domain, argv[0], type)) == NULL) {
|
|
|
|
|
kore_log(LOG_ERR,
|
|
|
|
|
"failed to create route handler for '%s'", argv[0]);
|
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
current_route = rt;
|
|
|
|
|
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
configure_route_handler(char *name)
|
|
|
|
|
{
|
|
|
|
|
if (current_route == NULL) {
|
|
|
|
|
kore_log(LOG_ERR,
|
|
|
|
|
"handler keyword not inside of route context");
|
2014-07-31 09:14:03 +02:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
2015-04-23 10:24:00 +02:00
|
|
|
|
}
|
|
|
|
|
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_route_callback(current_route, name);
|
|
|
|
|
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
|
2021-09-15 22:16:22 +02:00
|
|
|
|
static int
|
|
|
|
|
configure_route_on_headers(char *name)
|
|
|
|
|
{
|
|
|
|
|
if (current_route == NULL) {
|
|
|
|
|
kore_log(LOG_ERR,
|
|
|
|
|
"on_header keyword not inside of route context");
|
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ((current_route->on_headers = kore_runtime_getcall(name)) == NULL) {
|
|
|
|
|
kore_log(LOG_ERR, "on_headers callback '%s' for '%s' not found",
|
|
|
|
|
name, current_route->path);
|
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
configure_route_on_body_chunk(char *name)
|
|
|
|
|
{
|
|
|
|
|
if (current_route == NULL) {
|
|
|
|
|
kore_log(LOG_ERR,
|
|
|
|
|
"on_body_chunk keyword not inside of route context");
|
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
current_route->on_body_chunk = kore_runtime_getcall(name);
|
|
|
|
|
if (current_route->on_body_chunk == NULL) {
|
|
|
|
|
kore_log(LOG_ERR,
|
|
|
|
|
"on_body_chunk callback '%s' for '%s' not found",
|
|
|
|
|
name, current_route->path);
|
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
2021-12-14 23:15:21 +01:00
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
configure_route_on_free(char *name)
|
|
|
|
|
{
|
|
|
|
|
if (current_route == NULL) {
|
|
|
|
|
kore_log(LOG_ERR,
|
|
|
|
|
"on_free keyword not inside of route context");
|
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ((current_route->on_free = kore_runtime_getcall(name)) == NULL) {
|
|
|
|
|
kore_log(LOG_ERR, "on_free callback '%s' for '%s' not found",
|
|
|
|
|
name, current_route->path);
|
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
2022-01-31 15:13:34 +01:00
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
configure_route_authenticate(char *name)
|
|
|
|
|
{
|
|
|
|
|
if (current_route == NULL) {
|
|
|
|
|
kore_log(LOG_ERR,
|
|
|
|
|
"authenticate keyword not inside of route context");
|
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
current_route->auth = kore_auth_lookup(name);
|
|
|
|
|
|
|
|
|
|
if (current_route->auth == NULL) {
|
|
|
|
|
kore_log(LOG_ERR, "no such authentication '%s' for '%s' found",
|
|
|
|
|
name, current_route->path);
|
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
2021-09-15 22:16:22 +02:00
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
|
2021-09-15 11:09:52 +02:00
|
|
|
|
static int
|
|
|
|
|
configure_route_methods(char *options)
|
|
|
|
|
{
|
|
|
|
|
int i, cnt;
|
|
|
|
|
char *argv[10];
|
|
|
|
|
|
|
|
|
|
if (current_route == NULL) {
|
|
|
|
|
kore_log(LOG_ERR,
|
|
|
|
|
"methods keyword not inside of route context");
|
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
cnt = kore_split_string(options, " ", argv, 10);
|
|
|
|
|
if (cnt < 1) {
|
|
|
|
|
kore_log(LOG_ERR,
|
|
|
|
|
"bad methods option '%s', missing methods", options);
|
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
current_route->methods = 0;
|
|
|
|
|
|
|
|
|
|
for (i = 0; i < cnt; i++) {
|
|
|
|
|
if (!strcasecmp(argv[i], "post")) {
|
|
|
|
|
current_route->methods |= HTTP_METHOD_POST;
|
|
|
|
|
} else if (!strcasecmp(argv[i], "get")) {
|
|
|
|
|
current_route->methods |= HTTP_METHOD_GET;
|
|
|
|
|
} else if (!strcasecmp(argv[i], "put")) {
|
|
|
|
|
current_route->methods |= HTTP_METHOD_PUT;
|
|
|
|
|
} else if (!strcasecmp(argv[i], "delete")) {
|
|
|
|
|
current_route->methods |= HTTP_METHOD_DELETE;
|
|
|
|
|
} else if (!strcasecmp(argv[i], "head")) {
|
|
|
|
|
current_route->methods |= HTTP_METHOD_HEAD;
|
|
|
|
|
} else if (!strcasecmp(argv[i], "patch")) {
|
|
|
|
|
current_route->methods |= HTTP_METHOD_PATCH;
|
|
|
|
|
} else {
|
|
|
|
|
kore_log(LOG_ERR, "unknown method: %s in method for %s",
|
|
|
|
|
argv[i], current_route->path);
|
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-04-23 10:24:00 +02:00
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-03 11:28:16 +01:00
|
|
|
|
static int
|
|
|
|
|
configure_return(char *options)
|
|
|
|
|
{
|
|
|
|
|
char *argv[3];
|
|
|
|
|
int elm, status, err;
|
|
|
|
|
|
|
|
|
|
if (current_domain == NULL) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR, "return keyword not in domain context");
|
2020-03-03 11:28:16 +01:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
elm = kore_split_string(options, " ", argv, 3);
|
|
|
|
|
if (elm != 2) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR, "missing parameters for return");
|
2020-03-03 11:28:16 +01:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
status = kore_strtonum(argv[1], 10, 400, 600, &err);
|
|
|
|
|
if (err != KORE_RESULT_OK) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR,
|
|
|
|
|
"invalid status code on return (%s)", argv[1]);
|
2020-03-03 11:28:16 +01:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!http_redirect_add(current_domain, argv[0], status, NULL)) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR, "invalid regex on return path");
|
2020-03-03 11:28:16 +01:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
|
2020-02-07 06:42:33 +01:00
|
|
|
|
static int
|
|
|
|
|
configure_redirect(char *options)
|
|
|
|
|
{
|
|
|
|
|
char *argv[4];
|
|
|
|
|
int elm, status, err;
|
|
|
|
|
|
|
|
|
|
if (current_domain == NULL) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR, "redirect keyword not in domain context");
|
2020-02-07 06:42:33 +01:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
elm = kore_split_string(options, " ", argv, 4);
|
|
|
|
|
if (elm != 3) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR, "missing parameters for redirect");
|
2020-02-07 06:42:33 +01:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
status = kore_strtonum(argv[1], 10, 300, 399, &err);
|
|
|
|
|
if (err != KORE_RESULT_OK) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR,
|
|
|
|
|
"invalid status code on redirect (%s)", argv[1]);
|
2020-02-07 06:42:33 +01:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!http_redirect_add(current_domain, argv[0], status, argv[2])) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR, "invalid regex on redirect path");
|
2020-02-07 06:42:33 +01:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
|
2018-06-28 13:27:44 +02:00
|
|
|
|
static int
|
|
|
|
|
configure_filemap(char *options)
|
|
|
|
|
{
|
2022-08-10 10:13:01 +02:00
|
|
|
|
char *argv[4];
|
2018-06-28 13:27:44 +02:00
|
|
|
|
|
|
|
|
|
if (current_domain == NULL) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR, "filemap keyword not in domain context");
|
2018-06-28 13:27:44 +02:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
2022-08-10 10:13:01 +02:00
|
|
|
|
kore_split_string(options, " ", argv, 4);
|
2018-06-28 13:27:44 +02:00
|
|
|
|
|
|
|
|
|
if (argv[0] == NULL || argv[1] == NULL) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR, "missing parameters for filemap");
|
2018-06-28 13:27:44 +02:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
2022-08-10 10:20:18 +02:00
|
|
|
|
if (kore_filemap_create(current_domain,
|
|
|
|
|
argv[1], argv[0], argv[2]) == NULL) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR, "cannot create filemap for %s", argv[1]);
|
2018-06-28 13:27:44 +02:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
|
2015-04-23 10:24:00 +02:00
|
|
|
|
static int
|
2016-02-01 21:33:51 +01:00
|
|
|
|
configure_accesslog(char *path)
|
2015-04-23 10:24:00 +02:00
|
|
|
|
{
|
2015-11-27 16:22:50 +01:00
|
|
|
|
if (current_domain == NULL) {
|
2022-08-18 15:20:55 +02:00
|
|
|
|
kore_log(LOG_ERR, "accesslog not specified in domain context");
|
2015-04-23 10:24:00 +02:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
2015-04-27 10:36:33 +02:00
|
|
|
|
}
|
|
|
|
|
|
2015-11-27 16:22:50 +01:00
|
|
|
|
if (current_domain->accesslog != -1) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR, "domain '%s' already has an open accesslog",
|
2015-11-27 16:22:50 +01:00
|
|
|
|
current_domain->domain);
|
2015-04-27 10:36:33 +02:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
2015-11-27 16:22:50 +01:00
|
|
|
|
}
|
2015-04-27 10:36:33 +02:00
|
|
|
|
|
2016-02-01 21:33:51 +01:00
|
|
|
|
current_domain->accesslog = open(path,
|
2015-11-27 16:22:50 +01:00
|
|
|
|
O_CREAT | O_APPEND | O_WRONLY,
|
|
|
|
|
S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
|
|
|
|
|
if (current_domain->accesslog == -1) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR, "accesslog open(%s): %s", path, errno_s);
|
2018-07-17 14:23:57 +02:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
|
2018-07-03 19:58:43 +02:00
|
|
|
|
static int
|
|
|
|
|
configure_filemap_ext(char *ext)
|
|
|
|
|
{
|
|
|
|
|
kore_free(kore_filemap_ext);
|
|
|
|
|
kore_filemap_ext = kore_strdup(ext);
|
|
|
|
|
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
|
2018-06-28 23:00:42 +02:00
|
|
|
|
static int
|
|
|
|
|
configure_filemap_index(char *index)
|
|
|
|
|
{
|
|
|
|
|
kore_free(kore_filemap_index);
|
|
|
|
|
kore_filemap_index = kore_strdup(index);
|
|
|
|
|
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
|
2018-06-28 13:27:44 +02:00
|
|
|
|
static int
|
|
|
|
|
configure_http_media_type(char *type)
|
|
|
|
|
{
|
|
|
|
|
int i;
|
|
|
|
|
char *extensions, *ext[10];
|
|
|
|
|
|
|
|
|
|
extensions = strchr(type, ' ');
|
|
|
|
|
if (extensions == NULL) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR, "bad http_media_type value '%s'", type);
|
2018-06-28 13:27:44 +02:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
*(extensions)++ = '\0';
|
|
|
|
|
|
|
|
|
|
kore_split_string(extensions, " \t", ext, 10);
|
|
|
|
|
for (i = 0; ext[i] != NULL; i++) {
|
|
|
|
|
if (!http_media_register(ext[i], type)) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR,
|
|
|
|
|
"duplicate extension found '%s'", ext[i]);
|
2018-06-28 13:27:44 +02:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (i == 0) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR, "missing extensions in '%s'", type);
|
2018-06-28 13:27:44 +02:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
|
2013-09-22 20:05:24 +02:00
|
|
|
|
static int
|
2016-02-01 21:33:51 +01:00
|
|
|
|
configure_http_header_max(char *option)
|
2013-09-22 20:05:24 +02:00
|
|
|
|
{
|
|
|
|
|
int err;
|
|
|
|
|
|
2016-02-01 21:33:51 +01:00
|
|
|
|
http_header_max = kore_strtonum(option, 10, 1, 65535, &err);
|
2013-09-22 20:05:24 +02:00
|
|
|
|
if (err != KORE_RESULT_OK) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR, "bad http_header_max value '%s'", option);
|
2013-09-22 20:05:24 +02:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
|
2019-04-11 20:51:49 +02:00
|
|
|
|
static int
|
|
|
|
|
configure_http_header_timeout(char *option)
|
|
|
|
|
{
|
|
|
|
|
int err;
|
|
|
|
|
|
|
|
|
|
http_header_timeout = kore_strtonum(option, 10, 1, 65535, &err);
|
|
|
|
|
if (err != KORE_RESULT_OK) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR, "bad http_header_timeout value '%s'", option);
|
2019-04-11 20:51:49 +02:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
|
2013-09-22 20:05:24 +02:00
|
|
|
|
static int
|
2016-02-01 21:33:51 +01:00
|
|
|
|
configure_http_body_max(char *option)
|
2013-09-22 20:05:24 +02:00
|
|
|
|
{
|
|
|
|
|
int err;
|
|
|
|
|
|
2017-02-06 21:28:33 +01:00
|
|
|
|
http_body_max = kore_strtonum(option, 10, 0, LONG_MAX, &err);
|
2013-09-22 20:05:24 +02:00
|
|
|
|
if (err != KORE_RESULT_OK) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR, "bad http_body_max value '%s'", option);
|
2013-09-22 20:05:24 +02:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
|
2019-04-11 20:51:49 +02:00
|
|
|
|
static int
|
|
|
|
|
configure_http_body_timeout(char *option)
|
|
|
|
|
{
|
|
|
|
|
int err;
|
|
|
|
|
|
|
|
|
|
http_body_timeout = kore_strtonum(option, 10, 1, 65535, &err);
|
|
|
|
|
if (err != KORE_RESULT_OK) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR, "bad http_body_timeout value '%s'", option);
|
2019-04-11 20:51:49 +02:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
|
2016-01-18 11:30:22 +01:00
|
|
|
|
static int
|
2016-02-01 21:33:51 +01:00
|
|
|
|
configure_http_body_disk_offload(char *option)
|
2016-01-18 11:30:22 +01:00
|
|
|
|
{
|
|
|
|
|
int err;
|
|
|
|
|
|
2016-02-01 21:33:51 +01:00
|
|
|
|
http_body_disk_offload = kore_strtonum(option, 10, 0, LONG_MAX, &err);
|
2016-01-18 11:30:22 +01:00
|
|
|
|
if (err != KORE_RESULT_OK) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR,
|
|
|
|
|
"bad http_body_disk_offload value '%s'", option);
|
2016-01-18 11:30:22 +01:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int
|
2016-02-01 21:33:51 +01:00
|
|
|
|
configure_http_body_disk_path(char *path)
|
2016-01-18 11:30:22 +01:00
|
|
|
|
{
|
2016-01-18 11:43:10 +01:00
|
|
|
|
if (strcmp(http_body_disk_path, HTTP_BODY_DISK_PATH))
|
2016-07-12 13:54:14 +02:00
|
|
|
|
kore_free(http_body_disk_path);
|
2016-01-18 11:30:22 +01:00
|
|
|
|
|
2016-02-01 21:33:51 +01:00
|
|
|
|
http_body_disk_path = kore_strdup(path);
|
2016-01-18 11:30:22 +01:00
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
|
2020-02-18 22:29:41 +01:00
|
|
|
|
static int
|
|
|
|
|
configure_http_server_version(char *version)
|
|
|
|
|
{
|
|
|
|
|
http_server_version(version);
|
|
|
|
|
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-03 12:53:18 +01:00
|
|
|
|
static int
|
|
|
|
|
configure_http_pretty_error(char *yesno)
|
|
|
|
|
{
|
|
|
|
|
if (!strcmp(yesno, "no")) {
|
|
|
|
|
http_pretty_error = 0;
|
|
|
|
|
} else if (!strcmp(yesno, "yes")) {
|
|
|
|
|
http_pretty_error = 1;
|
|
|
|
|
} else {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR,
|
|
|
|
|
"invalid '%s' for yes|no http_pretty_error option", yesno);
|
2020-03-03 12:53:18 +01:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
|
2013-10-15 10:44:56 +02:00
|
|
|
|
static int
|
2016-02-01 21:33:51 +01:00
|
|
|
|
configure_http_hsts_enable(char *option)
|
2013-10-15 10:44:56 +02:00
|
|
|
|
{
|
|
|
|
|
int err;
|
|
|
|
|
|
2016-02-01 21:33:51 +01:00
|
|
|
|
http_hsts_enable = kore_strtonum(option, 10, 0, LONG_MAX, &err);
|
2013-10-15 10:44:56 +02:00
|
|
|
|
if (err != KORE_RESULT_OK) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR, "bad http_hsts_enable value '%s'", option);
|
2013-10-15 10:44:56 +02:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
|
2013-10-15 11:10:45 +02:00
|
|
|
|
static int
|
2016-02-01 21:33:51 +01:00
|
|
|
|
configure_http_keepalive_time(char *option)
|
2013-10-15 11:10:45 +02:00
|
|
|
|
{
|
|
|
|
|
int err;
|
|
|
|
|
|
2016-02-01 21:33:51 +01:00
|
|
|
|
http_keepalive_time = kore_strtonum(option, 10, 0, USHRT_MAX, &err);
|
2013-10-15 11:10:45 +02:00
|
|
|
|
if (err != KORE_RESULT_OK) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR,
|
|
|
|
|
"bad http_keepalive_time value '%s'", option);
|
2013-10-15 11:10:45 +02:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
|
2018-03-14 13:41:17 +01:00
|
|
|
|
static int
|
|
|
|
|
configure_http_request_ms(char *option)
|
|
|
|
|
{
|
|
|
|
|
int err;
|
|
|
|
|
|
|
|
|
|
http_request_ms = kore_strtonum(option, 10, 0, UINT_MAX, &err);
|
|
|
|
|
if (err != KORE_RESULT_OK) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR, "bad http_request_ms value '%s'", option);
|
2018-03-14 13:41:17 +01:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
|
2015-04-09 15:29:44 +02:00
|
|
|
|
static int
|
2016-02-01 21:33:51 +01:00
|
|
|
|
configure_http_request_limit(char *option)
|
2015-04-09 15:29:44 +02:00
|
|
|
|
{
|
|
|
|
|
int err;
|
|
|
|
|
|
2016-02-01 21:33:51 +01:00
|
|
|
|
http_request_limit = kore_strtonum(option, 10, 0, UINT_MAX, &err);
|
2015-04-09 15:29:44 +02:00
|
|
|
|
if (err != KORE_RESULT_OK) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR, "bad http_request_limit value '%s'", option);
|
2015-04-09 15:29:44 +02:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
|
2013-11-09 16:21:52 +01:00
|
|
|
|
static int
|
2016-02-01 21:33:51 +01:00
|
|
|
|
configure_validator(char *name)
|
2013-11-09 16:21:52 +01:00
|
|
|
|
{
|
|
|
|
|
u_int8_t type;
|
2016-02-01 21:33:51 +01:00
|
|
|
|
char *tname, *value;
|
|
|
|
|
|
|
|
|
|
if ((tname = strchr(name, ' ')) == NULL) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR, "missing validator name");
|
2016-02-01 21:33:51 +01:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
2013-11-09 16:21:52 +01:00
|
|
|
|
|
2016-02-01 21:33:51 +01:00
|
|
|
|
*(tname)++ = '\0';
|
|
|
|
|
tname = kore_text_trim(tname, strlen(tname));
|
|
|
|
|
if ((value = strchr(tname, ' ')) == NULL) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR, "missing validator value");
|
2013-11-09 16:21:52 +01:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
2016-02-01 21:33:51 +01:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
*(value)++ = '\0';
|
|
|
|
|
value = kore_text_trim(value, strlen(value));
|
2013-11-09 16:21:52 +01:00
|
|
|
|
|
2016-02-01 21:33:51 +01:00
|
|
|
|
if (!strcmp(tname, "regex")) {
|
2013-11-09 16:21:52 +01:00
|
|
|
|
type = KORE_VALIDATOR_TYPE_REGEX;
|
2016-02-01 21:33:51 +01:00
|
|
|
|
} else if (!strcmp(tname, "function")) {
|
2013-11-09 16:21:52 +01:00
|
|
|
|
type = KORE_VALIDATOR_TYPE_FUNCTION;
|
|
|
|
|
} else {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR,
|
|
|
|
|
"bad type '%s' for validator '%s'", tname, name);
|
2013-11-09 16:21:52 +01:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
2016-02-01 21:33:51 +01:00
|
|
|
|
if (!kore_validator_add(name, type, value)) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR, "bad validator specified for '%s'", name);
|
2013-11-09 16:21:52 +01:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
|
2013-11-10 15:17:15 +01:00
|
|
|
|
static int
|
2021-09-15 11:09:52 +02:00
|
|
|
|
configure_validate(char *options)
|
2013-11-10 15:17:15 +01:00
|
|
|
|
{
|
2021-09-15 11:09:52 +02:00
|
|
|
|
struct kore_validator *val;
|
|
|
|
|
struct kore_route_params *param;
|
|
|
|
|
char *method, *argv[4];
|
|
|
|
|
int flags, http_method;
|
2013-11-10 15:17:15 +01:00
|
|
|
|
|
2021-09-15 11:09:52 +02:00
|
|
|
|
if (kore_split_string(options, " ", argv, 4) != 3) {
|
|
|
|
|
kore_log(LOG_ERR,
|
|
|
|
|
"validate keyword needs 3 args: method param validator");
|
2013-11-10 15:17:15 +01:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
2021-09-15 11:09:52 +02:00
|
|
|
|
flags = 0;
|
2013-11-10 15:17:15 +01:00
|
|
|
|
|
2018-01-16 18:47:50 +01:00
|
|
|
|
if ((method = strchr(argv[0], ':')) != NULL) {
|
|
|
|
|
*(method)++ = '\0';
|
|
|
|
|
if (!strcasecmp(argv[0], "qs")) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
flags = KORE_PARAMS_QUERY_STRING;
|
2018-01-16 18:47:50 +01:00
|
|
|
|
} else {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR,
|
|
|
|
|
"unknown validate method prefix '%s' for '%s'",
|
|
|
|
|
argv[0], current_route->path);
|
2018-01-16 18:47:50 +01:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
method = argv[0];
|
|
|
|
|
}
|
|
|
|
|
|
2021-09-15 11:09:52 +02:00
|
|
|
|
if ((val = kore_validator_lookup(argv[2])) == NULL) {
|
|
|
|
|
kore_log(LOG_ERR, "unknown validator '%s'", argv[2]);
|
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
2018-01-16 18:47:50 +01:00
|
|
|
|
if (!strcasecmp(method, "post")) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
http_method = HTTP_METHOD_POST;
|
2018-01-16 18:47:50 +01:00
|
|
|
|
} else if (!strcasecmp(method, "get")) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
http_method = HTTP_METHOD_GET;
|
2018-01-16 18:47:50 +01:00
|
|
|
|
/* Let params get /foo {} imply qs:get automatically. */
|
2021-09-15 11:09:52 +02:00
|
|
|
|
flags |= KORE_PARAMS_QUERY_STRING;
|
2018-01-16 18:47:50 +01:00
|
|
|
|
} else if (!strcasecmp(method, "put")) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
http_method = HTTP_METHOD_PUT;
|
2018-01-16 18:47:50 +01:00
|
|
|
|
} else if (!strcasecmp(method, "delete")) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
http_method = HTTP_METHOD_DELETE;
|
2018-01-16 18:47:50 +01:00
|
|
|
|
} else if (!strcasecmp(method, "head")) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
http_method = HTTP_METHOD_HEAD;
|
2018-01-16 18:47:50 +01:00
|
|
|
|
} else if (!strcasecmp(method, "patch")) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
http_method = HTTP_METHOD_PATCH;
|
2013-11-10 15:17:15 +01:00
|
|
|
|
} else {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR, "unknown method: %s in validator for %s",
|
|
|
|
|
method, current_route->path);
|
2013-11-10 15:17:15 +01:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
2021-09-15 11:09:52 +02:00
|
|
|
|
if (!(current_route->methods & http_method)) {
|
|
|
|
|
kore_log(LOG_ERR, "method '%s' not enabled for route '%s'",
|
|
|
|
|
method, current_route->path);
|
2013-11-10 15:17:15 +01:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
2021-09-15 11:09:52 +02:00
|
|
|
|
param = kore_calloc(1, sizeof(*param));
|
2013-11-10 15:17:15 +01:00
|
|
|
|
|
2021-09-15 11:09:52 +02:00
|
|
|
|
param->flags = flags;
|
|
|
|
|
param->validator = val;
|
|
|
|
|
param->method = http_method;
|
|
|
|
|
param->name = kore_strdup(argv[1]);
|
2013-11-10 15:17:15 +01:00
|
|
|
|
|
2021-09-15 11:09:52 +02:00
|
|
|
|
TAILQ_INSERT_TAIL(¤t_route->params, param, list);
|
2013-11-10 15:17:15 +01:00
|
|
|
|
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
|
2014-01-22 22:55:10 +01:00
|
|
|
|
static int
|
2016-02-01 21:33:51 +01:00
|
|
|
|
configure_authentication(char *options)
|
2014-01-22 22:55:10 +01:00
|
|
|
|
{
|
2016-02-01 21:33:51 +01:00
|
|
|
|
char *argv[3];
|
|
|
|
|
|
|
|
|
|
if (current_auth != NULL) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR, "previous authentication block not closed");
|
2014-01-22 22:55:10 +01:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
2016-02-01 21:33:51 +01:00
|
|
|
|
kore_split_string(options, " ", argv, 3);
|
|
|
|
|
if (argv[1] == NULL) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR, "missing name for authentication block");
|
2014-01-22 22:55:10 +01:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
2016-02-01 21:33:51 +01:00
|
|
|
|
if (strcmp(argv[1], "{")) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR, "missing { for authentication block");
|
2014-01-22 22:55:10 +01:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
2016-02-01 21:33:51 +01:00
|
|
|
|
if (!kore_auth_new(argv[0]))
|
2014-01-22 22:55:10 +01:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
|
2016-02-01 21:33:51 +01:00
|
|
|
|
current_auth = kore_auth_lookup(argv[0]);
|
2014-01-22 22:55:10 +01:00
|
|
|
|
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int
|
2016-02-01 21:33:51 +01:00
|
|
|
|
configure_authentication_type(char *option)
|
2014-01-22 22:55:10 +01:00
|
|
|
|
{
|
|
|
|
|
if (current_auth == NULL) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR,
|
|
|
|
|
"authentication_type keyword not in correct context");
|
2014-01-22 22:55:10 +01:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
2016-02-01 21:33:51 +01:00
|
|
|
|
if (!strcmp(option, "cookie")) {
|
2014-01-22 22:55:10 +01:00
|
|
|
|
current_auth->type = KORE_AUTH_TYPE_COOKIE;
|
2016-02-01 21:33:51 +01:00
|
|
|
|
} else if (!strcmp(option, "header")) {
|
2014-01-22 23:11:52 +01:00
|
|
|
|
current_auth->type = KORE_AUTH_TYPE_HEADER;
|
2016-02-01 21:33:51 +01:00
|
|
|
|
} else if (!strcmp(option, "request")) {
|
2015-02-04 12:04:07 +01:00
|
|
|
|
current_auth->type = KORE_AUTH_TYPE_REQUEST;
|
2014-01-22 22:55:10 +01:00
|
|
|
|
} else {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR, "unknown authentication type '%s'", option);
|
2014-01-22 22:55:10 +01:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int
|
2016-02-01 21:33:51 +01:00
|
|
|
|
configure_authentication_value(char *option)
|
2014-01-22 22:55:10 +01:00
|
|
|
|
{
|
|
|
|
|
if (current_auth == NULL) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR,
|
|
|
|
|
"authentication_value keyword not in correct context");
|
2014-01-22 22:55:10 +01:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
2016-02-01 21:33:51 +01:00
|
|
|
|
if (current_auth->value != NULL)
|
2016-07-12 13:54:14 +02:00
|
|
|
|
kore_free(current_auth->value);
|
2016-02-01 21:33:51 +01:00
|
|
|
|
current_auth->value = kore_strdup(option);
|
2014-01-22 22:55:10 +01:00
|
|
|
|
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int
|
2016-02-01 21:33:51 +01:00
|
|
|
|
configure_authentication_validator(char *validator)
|
2014-01-22 22:55:10 +01:00
|
|
|
|
{
|
|
|
|
|
struct kore_validator *val;
|
|
|
|
|
|
|
|
|
|
if (current_auth == NULL) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR,
|
|
|
|
|
"authentication_validator not in correct context");
|
2014-01-22 22:55:10 +01:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
2016-02-01 21:33:51 +01:00
|
|
|
|
if ((val = kore_validator_lookup(validator)) == NULL) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR,
|
|
|
|
|
"authentication validator '%s' not found", validator);
|
2014-01-22 22:55:10 +01:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
current_auth->validator = val;
|
|
|
|
|
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int
|
2016-02-01 21:33:51 +01:00
|
|
|
|
configure_authentication_uri(char *uri)
|
2014-01-22 22:55:10 +01:00
|
|
|
|
{
|
|
|
|
|
if (current_auth == NULL) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR,
|
|
|
|
|
"authentication_uri keyword not in correct context");
|
2014-01-22 22:55:10 +01:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
2016-02-01 21:33:51 +01:00
|
|
|
|
if (current_auth->redirect != NULL)
|
2016-07-12 13:54:14 +02:00
|
|
|
|
kore_free(current_auth->redirect);
|
2016-02-01 21:33:51 +01:00
|
|
|
|
current_auth->redirect = kore_strdup(uri);
|
2014-01-22 22:55:10 +01:00
|
|
|
|
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
|
2014-11-24 11:01:12 +01:00
|
|
|
|
static int
|
2016-02-01 21:33:51 +01:00
|
|
|
|
configure_websocket_maxframe(char *option)
|
2014-11-24 11:01:12 +01:00
|
|
|
|
{
|
|
|
|
|
int err;
|
|
|
|
|
|
2016-02-01 21:33:51 +01:00
|
|
|
|
kore_websocket_maxframe = kore_strtonum64(option, 1, &err);
|
2014-11-24 11:01:12 +01:00
|
|
|
|
if (err != KORE_RESULT_OK) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR,
|
|
|
|
|
"bad kore_websocket_maxframe value '%s'", option);
|
2014-11-24 11:01:12 +01:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int
|
2016-02-01 21:33:51 +01:00
|
|
|
|
configure_websocket_timeout(char *option)
|
2014-11-24 11:01:12 +01:00
|
|
|
|
{
|
|
|
|
|
int err;
|
|
|
|
|
|
2016-02-01 21:33:51 +01:00
|
|
|
|
kore_websocket_timeout = kore_strtonum64(option, 1, &err);
|
2014-11-24 11:01:12 +01:00
|
|
|
|
if (err != KORE_RESULT_OK) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR,
|
|
|
|
|
"bad kore_websocket_timeout value '%s'", option);
|
2014-11-24 11:01:12 +01:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
kore_websocket_timeout = kore_websocket_timeout * 1000;
|
|
|
|
|
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
|
2015-11-27 18:12:08 +01:00
|
|
|
|
#endif /* !KORE_NO_HTTP */
|
2015-11-27 16:22:50 +01:00
|
|
|
|
|
2021-09-10 13:34:57 +02:00
|
|
|
|
static int
|
|
|
|
|
configure_logfile(char *path)
|
|
|
|
|
{
|
|
|
|
|
kore_log_file(path);
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
|
2015-11-27 16:22:50 +01:00
|
|
|
|
static int
|
2016-02-01 21:33:51 +01:00
|
|
|
|
configure_workers(char *option)
|
2015-11-27 16:22:50 +01:00
|
|
|
|
{
|
|
|
|
|
int err;
|
|
|
|
|
|
2019-10-16 12:05:27 +02:00
|
|
|
|
worker_count = kore_strtonum(option, 10, 1, KORE_WORKER_MAX, &err);
|
2015-11-27 16:22:50 +01:00
|
|
|
|
if (err != KORE_RESULT_OK) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR, "bad value for worker '%s'", option);
|
2015-11-27 16:22:50 +01:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int
|
2016-02-01 21:33:51 +01:00
|
|
|
|
configure_pidfile(char *path)
|
2015-11-27 16:22:50 +01:00
|
|
|
|
{
|
2016-02-01 21:33:51 +01:00
|
|
|
|
if (strcmp(kore_pidfile, KORE_PIDFILE_DEFAULT))
|
2016-07-12 13:54:14 +02:00
|
|
|
|
kore_free(kore_pidfile);
|
2016-02-01 21:33:51 +01:00
|
|
|
|
kore_pidfile = kore_strdup(path);
|
2015-11-27 16:22:50 +01:00
|
|
|
|
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int
|
2016-02-01 21:33:51 +01:00
|
|
|
|
configure_max_connections(char *option)
|
2015-11-27 16:22:50 +01:00
|
|
|
|
{
|
|
|
|
|
int err;
|
|
|
|
|
|
2016-02-01 21:33:51 +01:00
|
|
|
|
worker_max_connections = kore_strtonum(option, 10, 1, UINT_MAX, &err);
|
2015-11-27 16:22:50 +01:00
|
|
|
|
if (err != KORE_RESULT_OK) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR,
|
|
|
|
|
"bad value for worker_max_connections '%s'", option);
|
2015-11-27 16:22:50 +01:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int
|
2016-02-01 21:33:51 +01:00
|
|
|
|
configure_rlimit_nofiles(char *option)
|
2015-11-27 16:22:50 +01:00
|
|
|
|
{
|
|
|
|
|
int err;
|
|
|
|
|
|
2016-02-01 21:33:51 +01:00
|
|
|
|
worker_rlimit_nofiles = kore_strtonum(option, 10, 1, UINT_MAX, &err);
|
2015-11-27 16:22:50 +01:00
|
|
|
|
if (err != KORE_RESULT_OK) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR,
|
|
|
|
|
"bad value for worker_rlimit_nofiles '%s'", option);
|
2015-11-27 16:22:50 +01:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int
|
2016-02-01 21:33:51 +01:00
|
|
|
|
configure_accept_threshold(char *option)
|
2015-11-27 16:22:50 +01:00
|
|
|
|
{
|
|
|
|
|
int err;
|
|
|
|
|
|
2016-02-01 21:33:51 +01:00
|
|
|
|
worker_accept_threshold = kore_strtonum(option, 0, 1, UINT_MAX, &err);
|
2015-11-27 16:22:50 +01:00
|
|
|
|
if (err != KORE_RESULT_OK) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR,
|
|
|
|
|
"bad value for worker_accept_threshold '%s'\n", option);
|
2015-11-27 16:22:50 +01:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
2019-03-22 09:49:50 +01:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
configure_death_policy(char *option)
|
|
|
|
|
{
|
|
|
|
|
if (!strcmp(option, "restart")) {
|
|
|
|
|
worker_policy = KORE_WORKER_POLICY_RESTART;
|
|
|
|
|
} else if (!strcmp(option, "terminate")) {
|
|
|
|
|
worker_policy = KORE_WORKER_POLICY_TERMINATE;
|
|
|
|
|
} else {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR,
|
|
|
|
|
"bad value for worker_death_policy '%s'\n", option);
|
2019-03-22 09:49:50 +01:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
2015-11-27 16:22:50 +01:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int
|
2016-02-01 21:33:51 +01:00
|
|
|
|
configure_set_affinity(char *option)
|
2015-11-27 16:22:50 +01:00
|
|
|
|
{
|
|
|
|
|
int err;
|
|
|
|
|
|
2016-02-01 21:33:51 +01:00
|
|
|
|
worker_set_affinity = kore_strtonum(option, 10, 0, 1, &err);
|
2015-11-27 16:22:50 +01:00
|
|
|
|
if (err != KORE_RESULT_OK) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR,
|
|
|
|
|
"bad value for worker_set_affinity '%s'", option);
|
2015-11-27 16:22:50 +01:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
|
2015-04-09 15:29:44 +02:00
|
|
|
|
static int
|
2016-02-01 21:33:51 +01:00
|
|
|
|
configure_socket_backlog(char *option)
|
2015-04-09 15:29:44 +02:00
|
|
|
|
{
|
|
|
|
|
int err;
|
|
|
|
|
|
2016-02-01 21:33:51 +01:00
|
|
|
|
kore_socket_backlog = kore_strtonum(option, 10, 0, UINT_MAX, &err);
|
2015-04-09 15:29:44 +02:00
|
|
|
|
if (err != KORE_RESULT_OK) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR, "bad socket_backlog value: '%s'", option);
|
2015-04-09 15:29:44 +02:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
|
2014-07-04 09:14:05 +02:00
|
|
|
|
#if defined(KORE_USE_PGSQL)
|
|
|
|
|
static int
|
2016-02-01 21:33:51 +01:00
|
|
|
|
configure_pgsql_conn_max(char *option)
|
2014-07-04 09:14:05 +02:00
|
|
|
|
{
|
|
|
|
|
int err;
|
|
|
|
|
|
2016-02-01 21:33:51 +01:00
|
|
|
|
pgsql_conn_max = kore_strtonum(option, 10, 0, USHRT_MAX, &err);
|
2014-07-04 09:14:05 +02:00
|
|
|
|
if (err != KORE_RESULT_OK) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR, "bad value for pgsql_conn_max '%s'", option);
|
2014-07-04 09:14:05 +02:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
2018-02-13 13:21:27 +01:00
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
configure_pgsql_queue_limit(char *option)
|
|
|
|
|
{
|
|
|
|
|
int err;
|
|
|
|
|
|
|
|
|
|
pgsql_queue_limit = kore_strtonum(option, 10, 0, UINT_MAX, &err);
|
|
|
|
|
if (err != KORE_RESULT_OK) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR,
|
|
|
|
|
"bad value for pgsql_queue_limit '%s'", option);
|
2018-02-13 13:21:27 +01:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
2015-06-04 10:29:22 +02:00
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#if defined(KORE_USE_TASKS)
|
|
|
|
|
static int
|
2016-02-01 21:33:51 +01:00
|
|
|
|
configure_task_threads(char *option)
|
2015-06-04 10:29:22 +02:00
|
|
|
|
{
|
|
|
|
|
int err;
|
2014-07-04 09:14:05 +02:00
|
|
|
|
|
2016-02-01 21:33:51 +01:00
|
|
|
|
kore_task_threads = kore_strtonum(option, 10, 0, UCHAR_MAX, &err);
|
2015-06-04 10:29:22 +02:00
|
|
|
|
if (err != KORE_RESULT_OK) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR, "bad value for task_threads: '%s'", option);
|
2015-06-04 10:29:22 +02:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
2014-07-04 09:14:05 +02:00
|
|
|
|
#endif
|
2017-01-12 23:38:51 +01:00
|
|
|
|
|
|
|
|
|
#if defined(KORE_USE_PYTHON)
|
2019-09-26 15:49:00 +02:00
|
|
|
|
static int
|
|
|
|
|
configure_deployment(char *value)
|
|
|
|
|
{
|
2021-05-10 10:27:32 +02:00
|
|
|
|
if (!strcmp(value, "docker")) {
|
|
|
|
|
kore_foreground = 1;
|
2021-05-10 10:32:54 +02:00
|
|
|
|
skip_runas = 0;
|
|
|
|
|
skip_chroot = 0;
|
2021-05-10 10:27:32 +02:00
|
|
|
|
} else if (!strcmp(value, "dev") || !strcmp(value, "development")) {
|
2021-01-11 23:35:16 +01:00
|
|
|
|
kore_foreground = 1;
|
2019-09-26 15:49:00 +02:00
|
|
|
|
skip_runas = 1;
|
|
|
|
|
skip_chroot = 1;
|
|
|
|
|
} else if (!strcmp(value, "production")) {
|
2021-01-11 23:35:16 +01:00
|
|
|
|
kore_foreground = 0;
|
2019-09-26 15:49:00 +02:00
|
|
|
|
skip_runas = 0;
|
|
|
|
|
skip_chroot = 0;
|
|
|
|
|
} else {
|
|
|
|
|
kore_log(LOG_NOTICE,
|
2021-05-02 00:23:11 +02:00
|
|
|
|
"kore.config.deployment: bad value '%s'", value);
|
2019-09-26 15:49:00 +02:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
|
2021-10-20 11:20:25 +02:00
|
|
|
|
static int
|
|
|
|
|
configure_python_path(char *path)
|
|
|
|
|
{
|
|
|
|
|
kore_python_path(path);
|
|
|
|
|
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
configure_python_import(char *module)
|
|
|
|
|
{
|
|
|
|
|
char *argv[3];
|
|
|
|
|
|
|
|
|
|
kore_split_string(module, " ", argv, 3);
|
|
|
|
|
if (argv[0] == NULL)
|
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
|
|
|
|
|
kore_module_load(argv[0], argv[1], KORE_MODULE_PYTHON);
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
2017-01-12 23:38:51 +01:00
|
|
|
|
#endif
|
2018-07-31 06:51:34 +02:00
|
|
|
|
|
|
|
|
|
#if defined(KORE_USE_PLATFORM_PLEDGE)
|
|
|
|
|
static int
|
|
|
|
|
configure_add_pledge(char *pledge)
|
|
|
|
|
{
|
|
|
|
|
kore_platform_add_pledge(pledge);
|
|
|
|
|
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
#endif
|
2019-04-24 00:10:47 +02:00
|
|
|
|
|
|
|
|
|
#if defined(KORE_USE_CURL)
|
|
|
|
|
static int
|
|
|
|
|
configure_curl_recv_max(char *option)
|
|
|
|
|
{
|
|
|
|
|
int err;
|
|
|
|
|
|
|
|
|
|
kore_curl_recv_max = kore_strtonum64(option, 1, &err);
|
|
|
|
|
if (err != KORE_RESULT_OK) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR, "bad curl_recv_max value '%s'\n", option);
|
2019-04-24 00:10:47 +02:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
configure_curl_timeout(char *option)
|
|
|
|
|
{
|
|
|
|
|
int err;
|
|
|
|
|
|
|
|
|
|
kore_curl_timeout = kore_strtonum(option, 10, 0, USHRT_MAX, &err);
|
|
|
|
|
if (err != KORE_RESULT_OK) {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR, "bad kore_curl_timeout value: '%s'", option);
|
2019-04-24 00:10:47 +02:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
#endif
|
2019-10-31 12:52:10 +01:00
|
|
|
|
|
|
|
|
|
#if defined(__linux__)
|
|
|
|
|
static int
|
|
|
|
|
configure_seccomp_tracing(char *opt)
|
|
|
|
|
{
|
|
|
|
|
if (!strcmp(opt, "yes")) {
|
|
|
|
|
kore_seccomp_tracing = 1;
|
|
|
|
|
} else if (!strcmp(opt, "no")) {
|
|
|
|
|
kore_seccomp_tracing = 0;
|
|
|
|
|
} else {
|
2021-09-15 11:09:52 +02:00
|
|
|
|
kore_log(LOG_ERR,
|
|
|
|
|
"bad seccomp_tracing value '%s' (expected yes|no)\n", opt);
|
2019-10-31 12:52:10 +01:00
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
#endif
|