mirrors
/
kore
mirror of https://git.kore.io/kore.git
1
0
Fork 1
Code Issues Projects Releases Wiki Activity
kore/src/config.c

1016 lines
23 KiB
C
Raw Normal View History

add missing config.c
2013-05-01 17:17:16 +02:00
/*
Bump copyright to 2015
2015-04-07 13:08:26 +02:00
* Copyright (c) 2013-2015 Joris Vink <joris@coders.se>
add missing config.c
2013-05-01 17:17:16 +02:00
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
Missing sys/stat.h, from James Turner
2014-03-07 09:55:28 +01:00
#include <sys/stat.h>
add missing config.c
2013-05-01 17:17:16 +02:00
#include <ctype.h>
Add a callback that Kore can call in your module every given interval. The callback is run from the parent process (which runs as root). Adds kore_cb and kore_cb_interval configuration options.
2013-09-02 08:52:16 +02:00
#include <limits.h>
add missing config.c
2013-05-01 17:17:16 +02:00
#include <fcntl.h>
refactor code quite a bit.
2013-06-26 11:18:32 +02:00
#include <pwd.h>
add missing config.c
2013-05-01 17:17:16 +02:00
#include "kore.h"
Add http_header_max and http_postbody_max configuration variables. - http_header_max: Maximum size of HTTP headers (in non SPDY connections). - http_postbody_max: Maximum size of an HTTP POST body (both in SPDY and HTTP mode). Right now Kore will simply DC the client, ideally we want to send a 413 (entity too large) to the client however. See modules/examples/module.conf for more.
2013-09-22 20:05:24 +02:00
#include "http.h"
add missing config.c
2013-05-01 17:17:16 +02:00
Add pgsql_conn_max configuration parameter. Allows you to tune how many pgsql connections kore will make at one time.
2014-07-04 09:14:05 +02:00
#if defined(KORE_USE_PGSQL)
#include "pgsql.h"
#endif
Add authentication blocks for Kore. Using authentication blocks one can define "authentication" mechanisms in Kore for page handlers. This can be used to require a session cookie (validated by your own validator) for certain page handlers, and hopefully in the future provide a framework for adding more authentication things (like HTTP Auth). Right now only cookie checking is available.
2014-01-22 22:55:10 +01:00
/* XXX - This is becoming a clusterfuck. Fix it. */
Allow us to include config files with "include"
2014-04-22 13:15:19 +02:00
static int configure_include(char **);
write main process pid to /var/run/kore.pid (changable in configuration)
2013-06-04 16:53:30 +02:00
static int configure_bind(char **);
static int configure_load(char **);
static int configure_handler(char **);
static int configure_domain(char **);
static int configure_chroot(char **);
static int configure_runas(char **);
static int configure_workers(char **);
static int configure_pidfile(char **);
add SNI support, and change domain configuration a bit.
2013-06-24 11:32:45 +02:00
static int configure_accesslog(char **);
Introduce certfile and certkey in the configuration to specify where the certificate file and keys are located on a system. Free unused vars in the main process after starting.
2013-06-05 09:47:08 +02:00
static int configure_certfile(char **);
static int configure_certkey(char **);
Add worker_rlimit_nofiles as a configurable option.
2014-07-31 09:14:03 +02:00
static int configure_rlimit_nofiles(char **);
Add a form of synchronization between what worker will be accepting new connections and which ones will not be notified for it. Fixes the thundering herd problem, and nicely spreads out load between all the workers equally. A configuration option (workers_max_connections) is available to tweak how many connections a worker will have before giving up the accept lock. Two ways are added to this commit for access locking: - Locking via semaphores. - Locking via GCC's builtin atomic methods. The default is running with semaphores disabled (OpenBSD cannot do sem_init() with pshared set to 1, which is required). If you want to use semaphores add KORE_USE_SEMAPHORES to CFLAGS, and -lpthread to LDFLAGS in the Makefile. Other fixes: - BSD: add a timeout to kevent(). - Merge kore_worker_wait together, linux knows waitpid() as well. - Send the correct SIGQUIT signal to workers instead of SIGINT. - Fix kore_time_ms(). - Log fatal worker messages in syslog. - Refactor code even more. - Do not free our own kore_worker structure.
2013-06-26 16:37:22 +02:00
static int configure_max_connections(char **);
Introduce new config option worker_accept_treshold This configuration option limits the maximum number of connections a worker process can accept() in a single event loop. It can be used to more evenly spread out incoming connections across workers when new connections arrive in a burst.
2015-04-23 10:24:00 +02:00
static int configure_accept_treshold(char **);
- Better spread load between all worker processes. - Introduce own memory management system on top of malloc to keep track of all our allocations and free's. Later we should introduce a pooling mechanism for fixed size allocations (http_request comes to mind). - Introduce ssl_cipher in configuration. Memory usage is kind of high right now, but it seems its OpenSSL doing it rather then Kore.
2013-06-27 08:43:07 +02:00
static int configure_ssl_cipher(char **);
Add support for ephemeral key exchange mechanisms, ssl_dhparam configuration option must be set (and point to a file containing a generated DH key).
2013-08-07 16:51:39 +02:00
static int configure_ssl_dhparam(char **);
add ssl_no_compression option to allow one to disable OpenSSL compression.
2013-08-07 16:59:45 +02:00
static int configure_ssl_no_compression(char **);
Kore can now disconnect SPDY session if they've been idle too long. Configurable via spdy_idle_time in your configuration file. Setting this to 0 will keep SPDY sessions open indefinately.
2013-07-13 20:19:01 +02:00
static int configure_spdy_idle_time(char **);
Add http_header_max and http_postbody_max configuration variables. - http_header_max: Maximum size of HTTP headers (in non SPDY connections). - http_postbody_max: Maximum size of an HTTP POST body (both in SPDY and HTTP mode). Right now Kore will simply DC the client, ideally we want to send a 413 (entity too large) to the client however. See modules/examples/module.conf for more.
2013-09-22 20:05:24 +02:00
static int configure_http_header_max(char **);
Add PUT/DELETE/HEAD methods (finally). This commit renames certain POST centric variable and configuration naming to the correct HTTP body stuff. API changes include http_postbody_text() and http_postbody_bytes() to have become http_body_text() and http_body_bytes(). The developer is still responsible for validating the method their page handler is called with. Hopefully this becomes a configuration option soon enough.
2014-10-08 11:03:14 +02:00
static int configure_http_body_max(char **);
Add http_hsts_enable (enabled by default with max-age=31536000) to Kore's configuration file. If enabled Kore adds the HSTS header to every response. - Additionally, fix some typos in the example configuration. - Change default SSL cipher list again, no more RC4 and almost PFS for all browsers.
2013-10-15 10:44:56 +02:00
static int configure_http_hsts_enable(char **);
Add http_keepalive_time configuration parameter. Allows you to configure maximum amount of seconds an HTTP connection can stay open (does not affect SPDY connections). If set to 0 it will disable keep-alive all together. Add some inttypes fluff.
2013-10-15 11:10:45 +02:00
static int configure_http_keepalive_time(char **);
Improve very heavy load handling. Introduces two new configuration knobs: * socket_backlog (backlog for listen(2)) * http_request_limit The second one is the most interesting one. Before, kore would iterate over all received HTTP requests in its queue before returning out of http_process(). Under heavy load this queue can cause Kore to spend a considerable amount of time iterating over said queue. With the http_request_limit, kore will process at MOST http_request_limit requests before returning back to the event loop. This means responses to processed requests are sent out much quicker and allows kore to handle any other incoming requests more gracefully.
2015-04-09 15:29:44 +02:00
static int configure_http_request_limit(char **);
Add validators to kore, specified in the configuration using 'validator' keyword. Example: validator v_id function v_id_function validator v_url regex ^/url/path/[a-z]*$ You can then call these using kore_validator_run(char *, char *), example: if (!kore_validator_run("v_url", req->path)) [req->path is bad];
2013-11-09 16:21:52 +01:00
static int configure_validator(char **);
Kore now supports GET parameters and automatic validation of GET/POST parameters. Kore will automatically removes invalid parameters as a security measure. See modules/examples/module.conf for an example of how this works.
2013-11-10 15:17:15 +01:00
static int configure_params(char **);
static int configure_validate(char **);
Add CRL support. Allow Kore to use per domain CRLs when requiring client certificates. The require_client_cert configuration option has been renamed to a more sane client_certificates and can optionally take a second argument which is the CRL in pem format. You'll need a restart in case the CRLs get updated.
2014-10-18 02:32:05 +02:00
static int configure_client_certificates(char **);
Add authentication blocks for Kore. Using authentication blocks one can define "authentication" mechanisms in Kore for page handlers. This can be used to require a session cookie (validated by your own validator) for certain page handlers, and hopefully in the future provide a framework for adding more authentication things (like HTTP Auth). Right now only cookie checking is available.
2014-01-22 22:55:10 +01:00
static int configure_authentication(char **);
static int configure_authentication_uri(char **);
static int configure_authentication_type(char **);
static int configure_authentication_value(char **);
static int configure_authentication_validator(char **);
Add websocket support to Kore. Introduces a few new api functions: - kore_websocket_handshake(struct http_request *): Performs the handshake on an HTTP request (coming from page handler) - kore_websocket_send(struct connection *, u_int8_t, void *, size_t): Sends data to a websocket connection. - kore_websocket_broadcast(struct connection *, u_int8_t, void *, size_t, int): Broadcast the given websocket op and data to all connected websocket clients on the worker. Note that as of right now the WEBSOCKET_BROADCAST_GLOBAL scope option does not work yet and messages broadcasted will be restricted to workers only. - kore_worker_websocket_broadcast(struct connection *, void *, void *): Backend function used by kore_websocket_broadcast(). Could prove useful for developers to have access to. A simple example is given under examples/websocket. Known issues: Kore does not support PING or CONT frames just yet.
2014-11-24 11:01:12 +01:00
static int configure_websocket_maxframe(char **);
static int configure_websocket_timeout(char **);
Improve very heavy load handling. Introduces two new configuration knobs: * socket_backlog (backlog for listen(2)) * http_request_limit The second one is the most interesting one. Before, kore would iterate over all received HTTP requests in its queue before returning out of http_process(). Under heavy load this queue can cause Kore to spend a considerable amount of time iterating over said queue. With the http_request_limit, kore will process at MOST http_request_limit requests before returning back to the event loop. This means responses to processed requests are sent out much quicker and allows kore to handle any other incoming requests more gracefully.
2015-04-09 15:29:44 +02:00
static int configure_socket_backlog(char **);
Add authentication blocks for Kore. Using authentication blocks one can define "authentication" mechanisms in Kore for page handlers. This can be used to require a session cookie (validated by your own validator) for certain page handlers, and hopefully in the future provide a framework for adding more authentication things (like HTTP Auth). Right now only cookie checking is available.
2014-01-22 22:55:10 +01:00
Add pgsql_conn_max configuration parameter. Allows you to tune how many pgsql connections kore will make at one time.
2014-07-04 09:14:05 +02:00
#if defined(KORE_USE_PGSQL)
static int configure_pgsql_conn_max(char **);
#endif
add SNI support, and change domain configuration a bit.
2013-06-24 11:32:45 +02:00
static void domain_sslstart(void);
Allow us to include config files with "include"
2014-04-22 13:15:19 +02:00
static void kore_parse_config_file(char *);
add missing config.c
2013-05-01 17:17:16 +02:00
static struct {
const char *name;
int (*configure)(char **);
} config_names[] = {
Allow us to include config files with "include"
2014-04-22 13:15:19 +02:00
{ "include", configure_include },
Add a form of synchronization between what worker will be accepting new connections and which ones will not be notified for it. Fixes the thundering herd problem, and nicely spreads out load between all the workers equally. A configuration option (workers_max_connections) is available to tweak how many connections a worker will have before giving up the accept lock. Two ways are added to this commit for access locking: - Locking via semaphores. - Locking via GCC's builtin atomic methods. The default is running with semaphores disabled (OpenBSD cannot do sem_init() with pshared set to 1, which is required). If you want to use semaphores add KORE_USE_SEMAPHORES to CFLAGS, and -lpthread to LDFLAGS in the Makefile. Other fixes: - BSD: add a timeout to kevent(). - Merge kore_worker_wait together, linux knows waitpid() as well. - Send the correct SIGQUIT signal to workers instead of SIGINT. - Fix kore_time_ms(). - Log fatal worker messages in syslog. - Refactor code even more. - Do not free our own kore_worker structure.
2013-06-26 16:37:22 +02:00
{ "bind", configure_bind },
{ "load", configure_load },
{ "static", configure_handler },
{ "dynamic", configure_handler },
- Better spread load between all worker processes. - Introduce own memory management system on top of malloc to keep track of all our allocations and free's. Later we should introduce a pooling mechanism for fixed size allocations (http_request comes to mind). - Introduce ssl_cipher in configuration. Memory usage is kind of high right now, but it seems its OpenSSL doing it rather then Kore.
2013-06-27 08:43:07 +02:00
{ "ssl_cipher", configure_ssl_cipher },
Add support for ephemeral key exchange mechanisms, ssl_dhparam configuration option must be set (and point to a file containing a generated DH key).
2013-08-07 16:51:39 +02:00
{ "ssl_dhparam", configure_ssl_dhparam },
add ssl_no_compression option to allow one to disable OpenSSL compression.
2013-08-07 16:59:45 +02:00
{ "ssl_no_compression", configure_ssl_no_compression },
Kore can now disconnect SPDY session if they've been idle too long. Configurable via spdy_idle_time in your configuration file. Setting this to 0 will keep SPDY sessions open indefinately.
2013-07-13 20:19:01 +02:00
{ "spdy_idle_time", configure_spdy_idle_time },
Add a form of synchronization between what worker will be accepting new connections and which ones will not be notified for it. Fixes the thundering herd problem, and nicely spreads out load between all the workers equally. A configuration option (workers_max_connections) is available to tweak how many connections a worker will have before giving up the accept lock. Two ways are added to this commit for access locking: - Locking via semaphores. - Locking via GCC's builtin atomic methods. The default is running with semaphores disabled (OpenBSD cannot do sem_init() with pshared set to 1, which is required). If you want to use semaphores add KORE_USE_SEMAPHORES to CFLAGS, and -lpthread to LDFLAGS in the Makefile. Other fixes: - BSD: add a timeout to kevent(). - Merge kore_worker_wait together, linux knows waitpid() as well. - Send the correct SIGQUIT signal to workers instead of SIGINT. - Fix kore_time_ms(). - Log fatal worker messages in syslog. - Refactor code even more. - Do not free our own kore_worker structure.
2013-06-26 16:37:22 +02:00
{ "domain", configure_domain },
{ "chroot", configure_chroot },
{ "runas", configure_runas },
{ "workers", configure_workers },
{ "worker_max_connections", configure_max_connections },
Add worker_rlimit_nofiles as a configurable option.
2014-07-31 09:14:03 +02:00
{ "worker_rlimit_nofiles", configure_rlimit_nofiles },
Introduce new config option worker_accept_treshold This configuration option limits the maximum number of connections a worker process can accept() in a single event loop. It can be used to more evenly spread out incoming connections across workers when new connections arrive in a burst.
2015-04-23 10:24:00 +02:00
{ "worker_accept_treshold", configure_accept_treshold },
Add a form of synchronization between what worker will be accepting new connections and which ones will not be notified for it. Fixes the thundering herd problem, and nicely spreads out load between all the workers equally. A configuration option (workers_max_connections) is available to tweak how many connections a worker will have before giving up the accept lock. Two ways are added to this commit for access locking: - Locking via semaphores. - Locking via GCC's builtin atomic methods. The default is running with semaphores disabled (OpenBSD cannot do sem_init() with pshared set to 1, which is required). If you want to use semaphores add KORE_USE_SEMAPHORES to CFLAGS, and -lpthread to LDFLAGS in the Makefile. Other fixes: - BSD: add a timeout to kevent(). - Merge kore_worker_wait together, linux knows waitpid() as well. - Send the correct SIGQUIT signal to workers instead of SIGINT. - Fix kore_time_ms(). - Log fatal worker messages in syslog. - Refactor code even more. - Do not free our own kore_worker structure.
2013-06-26 16:37:22 +02:00
{ "pidfile", configure_pidfile },
{ "accesslog", configure_accesslog },
{ "certfile", configure_certfile },
{ "certkey", configure_certkey },
Add CRL support. Allow Kore to use per domain CRLs when requiring client certificates. The require_client_cert configuration option has been renamed to a more sane client_certificates and can optionally take a second argument which is the CRL in pem format. You'll need a restart in case the CRLs get updated.
2014-10-18 02:32:05 +02:00
{ "client_certificates", configure_client_certificates },
Add http_header_max and http_postbody_max configuration variables. - http_header_max: Maximum size of HTTP headers (in non SPDY connections). - http_postbody_max: Maximum size of an HTTP POST body (both in SPDY and HTTP mode). Right now Kore will simply DC the client, ideally we want to send a 413 (entity too large) to the client however. See modules/examples/module.conf for more.
2013-09-22 20:05:24 +02:00
{ "http_header_max", configure_http_header_max },
Add PUT/DELETE/HEAD methods (finally). This commit renames certain POST centric variable and configuration naming to the correct HTTP body stuff. API changes include http_postbody_text() and http_postbody_bytes() to have become http_body_text() and http_body_bytes(). The developer is still responsible for validating the method their page handler is called with. Hopefully this becomes a configuration option soon enough.
2014-10-08 11:03:14 +02:00
{ "http_body_max", configure_http_body_max },
Add http_hsts_enable (enabled by default with max-age=31536000) to Kore's configuration file. If enabled Kore adds the HSTS header to every response. - Additionally, fix some typos in the example configuration. - Change default SSL cipher list again, no more RC4 and almost PFS for all browsers.
2013-10-15 10:44:56 +02:00
{ "http_hsts_enable", configure_http_hsts_enable },
Add http_keepalive_time configuration parameter. Allows you to configure maximum amount of seconds an HTTP connection can stay open (does not affect SPDY connections). If set to 0 it will disable keep-alive all together. Add some inttypes fluff.
2013-10-15 11:10:45 +02:00
{ "http_keepalive_time", configure_http_keepalive_time },
Improve very heavy load handling. Introduces two new configuration knobs: * socket_backlog (backlog for listen(2)) * http_request_limit The second one is the most interesting one. Before, kore would iterate over all received HTTP requests in its queue before returning out of http_process(). Under heavy load this queue can cause Kore to spend a considerable amount of time iterating over said queue. With the http_request_limit, kore will process at MOST http_request_limit requests before returning back to the event loop. This means responses to processed requests are sent out much quicker and allows kore to handle any other incoming requests more gracefully.
2015-04-09 15:29:44 +02:00
{ "http_request_limit", configure_http_request_limit },
Add validators to kore, specified in the configuration using 'validator' keyword. Example: validator v_id function v_id_function validator v_url regex ^/url/path/[a-z]*$ You can then call these using kore_validator_run(char *, char *), example: if (!kore_validator_run("v_url", req->path)) [req->path is bad];
2013-11-09 16:21:52 +01:00
{ "validator", configure_validator },
Kore now supports GET parameters and automatic validation of GET/POST parameters. Kore will automatically removes invalid parameters as a security measure. See modules/examples/module.conf for an example of how this works.
2013-11-10 15:17:15 +01:00
{ "params", configure_params },
{ "validate", configure_validate },
Add authentication blocks for Kore. Using authentication blocks one can define "authentication" mechanisms in Kore for page handlers. This can be used to require a session cookie (validated by your own validator) for certain page handlers, and hopefully in the future provide a framework for adding more authentication things (like HTTP Auth). Right now only cookie checking is available.
2014-01-22 22:55:10 +01:00
{ "authentication", configure_authentication },
{ "authentication_uri", configure_authentication_uri },
{ "authentication_type", configure_authentication_type },
{ "authentication_value", configure_authentication_value },
{ "authentication_validator", configure_authentication_validator },
Add websocket support to Kore. Introduces a few new api functions: - kore_websocket_handshake(struct http_request *): Performs the handshake on an HTTP request (coming from page handler) - kore_websocket_send(struct connection *, u_int8_t, void *, size_t): Sends data to a websocket connection. - kore_websocket_broadcast(struct connection *, u_int8_t, void *, size_t, int): Broadcast the given websocket op and data to all connected websocket clients on the worker. Note that as of right now the WEBSOCKET_BROADCAST_GLOBAL scope option does not work yet and messages broadcasted will be restricted to workers only. - kore_worker_websocket_broadcast(struct connection *, void *, void *): Backend function used by kore_websocket_broadcast(). Could prove useful for developers to have access to. A simple example is given under examples/websocket. Known issues: Kore does not support PING or CONT frames just yet.
2014-11-24 11:01:12 +01:00
{ "websocket_maxframe", configure_websocket_maxframe },
{ "websocket_timeout", configure_websocket_timeout },
Improve very heavy load handling. Introduces two new configuration knobs: * socket_backlog (backlog for listen(2)) * http_request_limit The second one is the most interesting one. Before, kore would iterate over all received HTTP requests in its queue before returning out of http_process(). Under heavy load this queue can cause Kore to spend a considerable amount of time iterating over said queue. With the http_request_limit, kore will process at MOST http_request_limit requests before returning back to the event loop. This means responses to processed requests are sent out much quicker and allows kore to handle any other incoming requests more gracefully.
2015-04-09 15:29:44 +02:00
{ "socket_backlog", configure_socket_backlog },
Add pgsql_conn_max configuration parameter. Allows you to tune how many pgsql connections kore will make at one time.
2014-07-04 09:14:05 +02:00
#if defined(KORE_USE_PGSQL)
{ "pgsql_conn_max", configure_pgsql_conn_max },
#endif
Add a form of synchronization between what worker will be accepting new connections and which ones will not be notified for it. Fixes the thundering herd problem, and nicely spreads out load between all the workers equally. A configuration option (workers_max_connections) is available to tweak how many connections a worker will have before giving up the accept lock. Two ways are added to this commit for access locking: - Locking via semaphores. - Locking via GCC's builtin atomic methods. The default is running with semaphores disabled (OpenBSD cannot do sem_init() with pshared set to 1, which is required). If you want to use semaphores add KORE_USE_SEMAPHORES to CFLAGS, and -lpthread to LDFLAGS in the Makefile. Other fixes: - BSD: add a timeout to kevent(). - Merge kore_worker_wait together, linux knows waitpid() as well. - Send the correct SIGQUIT signal to workers instead of SIGINT. - Fix kore_time_ms(). - Log fatal worker messages in syslog. - Refactor code even more. - Do not free our own kore_worker structure.
2013-06-26 16:37:22 +02:00
{ NULL, NULL },
add missing config.c
2013-05-01 17:17:16 +02:00
};
Kore now supports GET parameters and automatic validation of GET/POST parameters. Kore will automatically removes invalid parameters as a security measure. See modules/examples/module.conf for an example of how this works.
2013-11-10 15:17:15 +01:00
char *config_file = NULL;
static u_int8_t current_method = 0;
Add authentication blocks for Kore. Using authentication blocks one can define "authentication" mechanisms in Kore for page handlers. This can be used to require a session cookie (validated by your own validator) for certain page handlers, and hopefully in the future provide a framework for adding more authentication things (like HTTP Auth). Right now only cookie checking is available.
2014-01-22 22:55:10 +01:00
static struct kore_auth *current_auth = NULL;
Kore now supports GET parameters and automatic validation of GET/POST parameters. Kore will automatically removes invalid parameters as a security measure. See modules/examples/module.conf for an example of how this works.
2013-11-10 15:17:15 +01:00
static struct kore_domain *current_domain = NULL;
static struct kore_module_handle *current_handler = NULL;
from now on configuration files must specify a domain for the handlers that follow. This allows for easy subdomain configuration. example: domain joris.local static / serve_index domain .joris.local static / serve_another_index
2013-05-02 13:30:13 +02:00
add missing config.c
2013-05-01 17:17:16 +02:00
void
refactor code quite a bit.
2013-06-26 11:18:32 +02:00
kore_parse_config(void)
Allow us to include config files with "include"
2014-04-22 13:15:19 +02:00
{
Make some configuration options fallback to defaults. * If no runas_user is given, use current user. * If no chroot path is given, don't complain if -n * If no workers is set, use the default 1.
2014-07-31 13:59:42 +02:00
char *p;
Allow us to include config files with "include"
2014-04-22 13:15:19 +02:00
kore_parse_config_file(config_file);
if (!kore_module_loaded())
fatal("no site module was loaded");
Make some configuration options fallback to defaults. * If no runas_user is given, use current user. * If no chroot path is given, don't complain if -n * If no workers is set, use the default 1.
2014-07-31 13:59:42 +02:00
Allow us to include config files with "include"
2014-04-22 13:15:19 +02:00
if (LIST_EMPTY(&listeners))
fatal("no listeners defined");
Make some configuration options fallback to defaults. * If no runas_user is given, use current user. * If no chroot path is given, don't complain if -n * If no workers is set, use the default 1.
2014-07-31 13:59:42 +02:00
if (skip_chroot != 1 && chroot_path == NULL)
Allow us to include config files with "include"
2014-04-22 13:15:19 +02:00
fatal("missing a chroot path");
Make some configuration options fallback to defaults. * If no runas_user is given, use current user. * If no chroot path is given, don't complain if -n * If no workers is set, use the default 1.
2014-07-31 13:59:42 +02:00
if (runas_user == NULL) {
if ((p = getlogin()) == NULL)
fatal("missing a username to run as");
/* runas_user is free'd later down the line. */
runas_user = kore_strdup(p);
}
Allow us to include config files with "include"
2014-04-22 13:15:19 +02:00
if ((pw = getpwnam(runas_user)) == NULL)
fatal("user '%s' does not exist", runas_user);
if (getuid() != 0 && skip_chroot == 0)
fatal("Cannot chroot(), use -n to skip it");
}
static void
kore_parse_config_file(char *fpath)
add missing config.c
2013-05-01 17:17:16 +02:00
{
FILE *fp;
int i, lineno;
introduce kore_split_string() to properly split strings apart. introduce kore_date_to_time() to conver http-date formatted strings to time_t.
2013-05-01 20:10:45 +02:00
char buf[BUFSIZ], *p, *t, *argv[5];
add missing config.c
2013-05-01 17:17:16 +02:00
Allow us to include config files with "include"
2014-04-22 13:15:19 +02:00
if ((fp = fopen(fpath, "r")) == NULL)
fatal("configuration given cannot be opened: %s", fpath);
refactor code quite a bit.
2013-06-26 11:18:32 +02:00
Allow us to include config files with "include"
2014-04-22 13:15:19 +02:00
kore_debug("parsing configuration file '%s'", fpath);
add missing config.c
2013-05-01 17:17:16 +02:00
lineno = 1;
while (fgets(buf, sizeof(buf), fp) != NULL) {
p = buf;
buf[strcspn(buf, "\n")] = '\0';
while (isspace(*p))
p++;
if (p[0] == '#' || p[0] == '\0') {
lineno++;
continue;
}
for (t = p; *t != '\0'; t++) {
if (*t == '\t')
*t = ' ';
}
Kore now supports GET parameters and automatic validation of GET/POST parameters. Kore will automatically removes invalid parameters as a security measure. See modules/examples/module.conf for an example of how this works.
2013-11-10 15:17:15 +01:00
if (!strcmp(p, "}") && current_handler != NULL) {
lineno++;
current_handler = NULL;
continue;
}
Add authentication blocks for Kore. Using authentication blocks one can define "authentication" mechanisms in Kore for page handlers. This can be used to require a session cookie (validated by your own validator) for certain page handlers, and hopefully in the future provide a framework for adding more authentication things (like HTTP Auth). Right now only cookie checking is available.
2014-01-22 22:55:10 +01:00
if (!strcmp(p, "}") && current_auth != NULL) {
if (current_auth->validator == NULL) {
fatal("no authentication validator for %s",
current_auth->name);
}
lineno++;
current_auth = NULL;
continue;
}
add SNI support, and change domain configuration a bit.
2013-06-24 11:32:45 +02:00
if (!strcmp(p, "}") && current_domain != NULL)
domain_sslstart();
introduce kore_split_string() to properly split strings apart. introduce kore_date_to_time() to conver http-date formatted strings to time_t.
2013-05-01 20:10:45 +02:00
kore_split_string(p, " ", argv, 5);
add missing config.c
2013-05-01 17:17:16 +02:00
for (i = 0; config_names[i].name != NULL; i++) {
if (!strcmp(config_names[i].name, argv[0])) {
if (!config_names[i].configure(argv)) {
fatal("configuration error on line %d",
lineno);
}
break;
}
}
lineno++;
}
refactor code quite a bit.
2013-06-26 11:18:32 +02:00
Close fp after reading configuration
2014-04-09 14:43:23 +02:00
fclose(fp);
Allow us to include config files with "include"
2014-04-22 13:15:19 +02:00
}
Close fp after reading configuration
2014-04-09 14:43:23 +02:00
Allow us to include config files with "include"
2014-04-22 13:15:19 +02:00
static int
configure_include(char **argv)
{
if (argv[1] == NULL) {
printf("No file given in include directive\n");
return (KORE_RESULT_ERROR);
}
Kore no longer requires root to be started.
2013-11-18 00:42:57 +01:00
Allow us to include config files with "include"
2014-04-22 13:15:19 +02:00
kore_parse_config_file(argv[1]);
return (KORE_RESULT_OK);
add missing config.c
2013-05-01 17:17:16 +02:00
}
static int
configure_bind(char **argv)
{
if (argv[1] == NULL || argv[2] == NULL)
return (KORE_RESULT_ERROR);
add IPv6 support and support for multiple listeners.
2013-07-27 20:56:15 +02:00
return (kore_server_bind(argv[1], argv[2]));
add missing config.c
2013-05-01 17:17:16 +02:00
}
static int
configure_load(char **argv)
{
if (argv[1] == NULL)
return (KORE_RESULT_ERROR);
Allow Kore to load multiple modules at once.
2013-12-15 01:11:56 +01:00
kore_module_load(argv[1], argv[2]);
allow onload to be given in the config file. onload specifies what function in your module to call when the module has been loaded or reloaded.
2013-05-30 21:26:39 +02:00
return (KORE_RESULT_OK);
}
- Better spread load between all worker processes. - Introduce own memory management system on top of malloc to keep track of all our allocations and free's. Later we should introduce a pooling mechanism for fixed size allocations (http_request comes to mind). - Introduce ssl_cipher in configuration. Memory usage is kind of high right now, but it seems its OpenSSL doing it rather then Kore.
2013-06-27 08:43:07 +02:00
static int
configure_ssl_cipher(char **argv)
{
if (argv[1] == NULL)
return (KORE_RESULT_ERROR);
if (strcmp(kore_ssl_cipher_list, KORE_DEFAULT_CIPHER_LIST)) {
kore_debug("duplicate ssl_cipher directive specified");
return (KORE_RESULT_ERROR);
}
kore_ssl_cipher_list = kore_strdup(argv[1]);
return (KORE_RESULT_OK);
}
Add support for ephemeral key exchange mechanisms, ssl_dhparam configuration option must be set (and point to a file containing a generated DH key).
2013-08-07 16:51:39 +02:00
static int
configure_ssl_dhparam(char **argv)
{
Add a BENCHMARK compile option which compiles without OpenSSL. Personally use this for testing Kore its performance without letting the OpenSSL stack get in the way too much. Note that it leaves data structures as is, and just removes any calls to OpenSSL (and removes the linking vs OpenSSL).
2014-08-01 10:22:32 +02:00
#if !defined(KORE_BENCHMARK)
Add support for ephemeral key exchange mechanisms, ssl_dhparam configuration option must be set (and point to a file containing a generated DH key).
2013-08-07 16:51:39 +02:00
BIO *bio;
if (argv[1] == NULL)
return (KORE_RESULT_ERROR);
if (ssl_dhparam != NULL) {
kore_debug("duplicate ssl_dhparam directive specified");
return (KORE_RESULT_ERROR);
}
if ((bio = BIO_new_file(argv[1], "r")) == NULL) {
Be more verbose when configuration errors pop up.
2013-09-22 20:11:56 +02:00
printf("%s did not exist\n", argv[1]);
Add support for ephemeral key exchange mechanisms, ssl_dhparam configuration option must be set (and point to a file containing a generated DH key).
2013-08-07 16:51:39 +02:00
return (KORE_RESULT_ERROR);
}
ssl_dhparam = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
BIO_free(bio);
if (ssl_dhparam == NULL) {
Be more verbose when configuration errors pop up.
2013-09-22 20:11:56 +02:00
printf("PEM_read_bio_DHparams(): %s\n", ssl_errno_s);
Add support for ephemeral key exchange mechanisms, ssl_dhparam configuration option must be set (and point to a file containing a generated DH key).
2013-08-07 16:51:39 +02:00
return (KORE_RESULT_ERROR);
}
Add a BENCHMARK compile option which compiles without OpenSSL. Personally use this for testing Kore its performance without letting the OpenSSL stack get in the way too much. Note that it leaves data structures as is, and just removes any calls to OpenSSL (and removes the linking vs OpenSSL).
2014-08-01 10:22:32 +02:00
#endif
Add support for ephemeral key exchange mechanisms, ssl_dhparam configuration option must be set (and point to a file containing a generated DH key).
2013-08-07 16:51:39 +02:00
return (KORE_RESULT_OK);
}
add ssl_no_compression option to allow one to disable OpenSSL compression.
2013-08-07 16:59:45 +02:00
static int
configure_ssl_no_compression(char **argv)
{
Deprecate ssl_no_compression config option, its always on.
2014-08-05 13:07:32 +02:00
printf("ssl_no_compression is deprecated, and always on by default\n");
add ssl_no_compression option to allow one to disable OpenSSL compression.
2013-08-07 16:59:45 +02:00
return (KORE_RESULT_OK);
}
Kore can now disconnect SPDY session if they've been idle too long. Configurable via spdy_idle_time in your configuration file. Setting this to 0 will keep SPDY sessions open indefinately.
2013-07-13 20:19:01 +02:00
static int
configure_spdy_idle_time(char **argv)
{
int err;
if (argv[1] == NULL)
return (KORE_RESULT_ERROR);
Pass the base for strtoll() to kore_strtonum(), breakage ensues if we depend on the "auto" detection that happens when we pass 0 to strtoll() as base.
2013-08-13 16:13:43 +02:00
spdy_idle_time = kore_strtonum(argv[1], 10, 0, 65535, &err);
Kore can now disconnect SPDY session if they've been idle too long. Configurable via spdy_idle_time in your configuration file. Setting this to 0 will keep SPDY sessions open indefinately.
2013-07-13 20:19:01 +02:00
if (err != KORE_RESULT_OK) {
Be more verbose when configuration errors pop up.
2013-09-22 20:11:56 +02:00
printf("spdy_idle_time has invalid value: %s\n", argv[1]);
Kore can now disconnect SPDY session if they've been idle too long. Configurable via spdy_idle_time in your configuration file. Setting this to 0 will keep SPDY sessions open indefinately.
2013-07-13 20:19:01 +02:00
return (KORE_RESULT_ERROR);
}
spdy_idle_time = spdy_idle_time * 1000;
return (KORE_RESULT_OK);
}
from now on configuration files must specify a domain for the handlers that follow. This allows for easy subdomain configuration. example: domain joris.local static / serve_index domain .joris.local static / serve_another_index
2013-05-02 13:30:13 +02:00
static int
configure_domain(char **argv)
{
add SNI support, and change domain configuration a bit.
2013-06-24 11:32:45 +02:00
if (argv[2] == NULL)
from now on configuration files must specify a domain for the handlers that follow. This allows for easy subdomain configuration. example: domain joris.local static / serve_index domain .joris.local static / serve_another_index
2013-05-02 13:30:13 +02:00
return (KORE_RESULT_ERROR);
add SNI support, and change domain configuration a bit.
2013-06-24 11:32:45 +02:00
if (current_domain != NULL) {
Be more verbose when configuration errors pop up.
2013-09-22 20:11:56 +02:00
printf("previous domain configuration not closed\n");
add SNI support, and change domain configuration a bit.
2013-06-24 11:32:45 +02:00
return (KORE_RESULT_ERROR);
}
if (strcmp(argv[2], "{")) {
Be more verbose when configuration errors pop up.
2013-09-22 20:11:56 +02:00
printf("missing { for domain directive\n");
add SNI support, and change domain configuration a bit.
2013-06-24 11:32:45 +02:00
return (KORE_RESULT_ERROR);
}
if (!kore_domain_new(argv[1])) {
Be more verbose when configuration errors pop up.
2013-09-22 20:11:56 +02:00
printf("could not create new domain %s\n", argv[1]);
switch dynamic handlers to regex based patterns, much easier.
2013-05-29 14:29:46 +02:00
return (KORE_RESULT_ERROR);
}
from now on configuration files must specify a domain for the handlers that follow. This allows for easy subdomain configuration. example: domain joris.local static / serve_index domain .joris.local static / serve_another_index
2013-05-02 13:30:13 +02:00
add SNI support, and change domain configuration a bit.
2013-06-24 11:32:45 +02:00
current_domain = kore_domain_lookup(argv[1]);
from now on configuration files must specify a domain for the handlers that follow. This allows for easy subdomain configuration. example: domain joris.local static / serve_index domain .joris.local static / serve_another_index
2013-05-02 13:30:13 +02:00
return (KORE_RESULT_OK);
}
add missing config.c
2013-05-01 17:17:16 +02:00
static int
configure_handler(char **argv)
{
int type;
from now on configuration files must specify a domain for the handlers that follow. This allows for easy subdomain configuration. example: domain joris.local static / serve_index domain .joris.local static / serve_another_index
2013-05-02 13:30:13 +02:00
if (current_domain == NULL) {
Be more verbose when configuration errors pop up.
2013-09-22 20:11:56 +02:00
printf("missing domain for page handler\n");
from now on configuration files must specify a domain for the handlers that follow. This allows for easy subdomain configuration. example: domain joris.local static / serve_index domain .joris.local static / serve_another_index
2013-05-02 13:30:13 +02:00
return (KORE_RESULT_ERROR);
}
add missing config.c
2013-05-01 17:17:16 +02:00
if (argv[1] == NULL || argv[2] == NULL)
return (KORE_RESULT_ERROR);
if (!strcmp(argv[0], "static"))
type = HANDLER_TYPE_STATIC;
else if (!strcmp(argv[0], "dynamic"))
type = HANDLER_TYPE_DYNAMIC;
else
return (KORE_RESULT_ERROR);
add SNI support, and change domain configuration a bit.
2013-06-24 11:32:45 +02:00
if (!kore_module_handler_new(argv[1],
Add authentication blocks for Kore. Using authentication blocks one can define "authentication" mechanisms in Kore for page handlers. This can be used to require a session cookie (validated by your own validator) for certain page handlers, and hopefully in the future provide a framework for adding more authentication things (like HTTP Auth). Right now only cookie checking is available.
2014-01-22 22:55:10 +01:00
current_domain->domain, argv[2], argv[3], type)) {
rename kore_log to kore_debug, and allow one to turn it off.
2013-06-04 16:30:53 +02:00
kore_debug("cannot create handler for %s", argv[1]);
add missing config.c
2013-05-01 17:17:16 +02:00
return (KORE_RESULT_ERROR);
}
return (KORE_RESULT_OK);
}
add chroot and runas directives so we can chroot and drop privilegs properly
2013-05-04 22:18:27 +02:00
Add support for client certificates
2013-12-14 16:31:07 +01:00
static int
Add CRL support. Allow Kore to use per domain CRLs when requiring client certificates. The require_client_cert configuration option has been renamed to a more sane client_certificates and can optionally take a second argument which is the CRL in pem format. You'll need a restart in case the CRLs get updated.
2014-10-18 02:32:05 +02:00
configure_client_certificates(char **argv)
Add support for client certificates
2013-12-14 16:31:07 +01:00
{
if (current_domain == NULL) {
Add CRL support. Allow Kore to use per domain CRLs when requiring client certificates. The require_client_cert configuration option has been renamed to a more sane client_certificates and can optionally take a second argument which is the CRL in pem format. You'll need a restart in case the CRLs get updated.
2014-10-18 02:32:05 +02:00
printf("missing domain for require_client_cert\n");
Add support for client certificates
2013-12-14 16:31:07 +01:00
return (KORE_RESULT_ERROR);
}
if (argv[1] == NULL) {
printf("missing argument for require_client_cert\n");
return (KORE_RESULT_ERROR);
}
if (current_domain->cafile != NULL) {
printf("require_client_cert already set for %s\n",
current_domain->domain);
return (KORE_RESULT_ERROR);
}
current_domain->cafile = kore_strdup(argv[1]);
Add CRL support. Allow Kore to use per domain CRLs when requiring client certificates. The require_client_cert configuration option has been renamed to a more sane client_certificates and can optionally take a second argument which is the CRL in pem format. You'll need a restart in case the CRLs get updated.
2014-10-18 02:32:05 +02:00
if (argv[2] != NULL)
current_domain->crlfile = kore_strdup(argv[2]);
Add support for client certificates
2013-12-14 16:31:07 +01:00
return (KORE_RESULT_OK);
}
add chroot and runas directives so we can chroot and drop privilegs properly
2013-05-04 22:18:27 +02:00
static int
configure_chroot(char **argv)
{
if (chroot_path != NULL) {
rename kore_log to kore_debug, and allow one to turn it off.
2013-06-04 16:30:53 +02:00
kore_debug("duplicate chroot path specified");
add chroot and runas directives so we can chroot and drop privilegs properly
2013-05-04 22:18:27 +02:00
return (KORE_RESULT_ERROR);
}
if (argv[1] == NULL)
return (KORE_RESULT_ERROR);
chroot_path = kore_strdup(argv[1]);
return (KORE_RESULT_OK);
}
static int
configure_runas(char **argv)
{
if (runas_user != NULL) {
rename kore_log to kore_debug, and allow one to turn it off.
2013-06-04 16:30:53 +02:00
kore_debug("duplicate runas user specified");
add chroot and runas directives so we can chroot and drop privilegs properly
2013-05-04 22:18:27 +02:00
return (KORE_RESULT_ERROR);
}
if (argv[1] == NULL)
return (KORE_RESULT_ERROR);
runas_user = kore_strdup(argv[1]);
return (KORE_RESULT_OK);
}
move to a worker based threading approach where we delegate http requests to workers in a round robin basis (later this should be swapped to find the laziest worker and assign the request to that instead).
2013-05-30 19:36:42 +02:00
static int
configure_workers(char **argv)
{
int err;
if (worker_count != 0) {
rename kore_log to kore_debug, and allow one to turn it off.
2013-06-04 16:30:53 +02:00
kore_debug("duplicate worker directive specified");
move to a worker based threading approach where we delegate http requests to workers in a round robin basis (later this should be swapped to find the laziest worker and assign the request to that instead).
2013-05-30 19:36:42 +02:00
return (KORE_RESULT_ERROR);
}
if (argv[1] == NULL)
return (KORE_RESULT_ERROR);
Pass the base for strtoll() to kore_strtonum(), breakage ensues if we depend on the "auto" detection that happens when we pass 0 to strtoll() as base.
2013-08-13 16:13:43 +02:00
worker_count = kore_strtonum(argv[1], 10, 1, 255, &err);
move to a worker based threading approach where we delegate http requests to workers in a round robin basis (later this should be swapped to find the laziest worker and assign the request to that instead).
2013-05-30 19:36:42 +02:00
if (err != KORE_RESULT_OK) {
Be more verbose when configuration errors pop up.
2013-09-22 20:11:56 +02:00
printf("%s is not a correct worker number\n", argv[1]);
move to a worker based threading approach where we delegate http requests to workers in a round robin basis (later this should be swapped to find the laziest worker and assign the request to that instead).
2013-05-30 19:36:42 +02:00
return (KORE_RESULT_ERROR);
}
return (KORE_RESULT_OK);
}
write main process pid to /var/run/kore.pid (changable in configuration)
2013-06-04 16:53:30 +02:00
static int
configure_pidfile(char **argv)
{
if (argv[1] == NULL)
return (KORE_RESULT_ERROR);
if (strcmp(kore_pidfile, KORE_PIDFILE_DEFAULT)) {
kore_debug("duplicate pidfile directive specified");
return (KORE_RESULT_ERROR);
}
kore_pidfile = kore_strdup(argv[1]);
return (KORE_RESULT_OK);
}
Introduce certfile and certkey in the configuration to specify where the certificate file and keys are located on a system. Free unused vars in the main process after starting.
2013-06-05 09:47:08 +02:00
static int
add SNI support, and change domain configuration a bit.
2013-06-24 11:32:45 +02:00
configure_accesslog(char **argv)
Introduce certfile and certkey in the configuration to specify where the certificate file and keys are located on a system. Free unused vars in the main process after starting.
2013-06-05 09:47:08 +02:00
{
if (argv[1] == NULL)
return (KORE_RESULT_ERROR);
add SNI support, and change domain configuration a bit.
2013-06-24 11:32:45 +02:00
if (current_domain == NULL) {
kore_debug("missing domain for accesslog");
Introduce certfile and certkey in the configuration to specify where the certificate file and keys are located on a system. Free unused vars in the main process after starting.
2013-06-05 09:47:08 +02:00
return (KORE_RESULT_ERROR);
}
add SNI support, and change domain configuration a bit.
2013-06-24 11:32:45 +02:00
if (current_domain->accesslog != -1) {
kore_debug("domain %s already has an open accesslog",
current_domain->domain);
Introduce certfile and certkey in the configuration to specify where the certificate file and keys are located on a system. Free unused vars in the main process after starting.
2013-06-05 09:47:08 +02:00
return (KORE_RESULT_ERROR);
add SNI support, and change domain configuration a bit.
2013-06-24 11:32:45 +02:00
}
Introduce certfile and certkey in the configuration to specify where the certificate file and keys are located on a system. Free unused vars in the main process after starting.
2013-06-05 09:47:08 +02:00
add SNI support, and change domain configuration a bit.
2013-06-24 11:32:45 +02:00
current_domain->accesslog = open(argv[1],
The access log need not be executable. While there use the nice defines rather then straight up mode numbers.
2013-11-19 17:27:14 +01:00
O_CREAT | O_APPEND | O_WRONLY,
S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
add SNI support, and change domain configuration a bit.
2013-06-24 11:32:45 +02:00
if (current_domain->accesslog == -1) {
kore_debug("open(%s): %s", argv[1], errno_s);
Introduce certfile and certkey in the configuration to specify where the certificate file and keys are located on a system. Free unused vars in the main process after starting.
2013-06-05 09:47:08 +02:00
return (KORE_RESULT_ERROR);
}
return (KORE_RESULT_OK);
}
Add access logging to Kore.
2013-06-24 09:36:40 +02:00
static int
add SNI support, and change domain configuration a bit.
2013-06-24 11:32:45 +02:00
configure_certfile(char **argv)
Add access logging to Kore.
2013-06-24 09:36:40 +02:00
{
if (argv[1] == NULL)
return (KORE_RESULT_ERROR);
if (current_domain == NULL) {
Be more verbose when configuration errors pop up.
2013-09-22 20:11:56 +02:00
printf("missing domain for certfile\n");
Add access logging to Kore.
2013-06-24 09:36:40 +02:00
return (KORE_RESULT_ERROR);
}
add SNI support, and change domain configuration a bit.
2013-06-24 11:32:45 +02:00
if (current_domain->certfile != NULL) {
kore_debug("domain already has a certfile set");
Add access logging to Kore.
2013-06-24 09:36:40 +02:00
return (KORE_RESULT_ERROR);
}
add SNI support, and change domain configuration a bit.
2013-06-24 11:32:45 +02:00
current_domain->certfile = kore_strdup(argv[1]);
return (KORE_RESULT_OK);
}
static int
configure_certkey(char **argv)
{
if (argv[1] == NULL)
return (KORE_RESULT_ERROR);
if (current_domain == NULL) {
Be more verbose when configuration errors pop up.
2013-09-22 20:11:56 +02:00
printf("missing domain for certkey\n");
Add access logging to Kore.
2013-06-24 09:36:40 +02:00
return (KORE_RESULT_ERROR);
}
add SNI support, and change domain configuration a bit.
2013-06-24 11:32:45 +02:00
if (current_domain->certkey != NULL) {
kore_debug("domain already has a certkey set");
Add access logging to Kore.
2013-06-24 09:36:40 +02:00
return (KORE_RESULT_ERROR);
}
add SNI support, and change domain configuration a bit.
2013-06-24 11:32:45 +02:00
current_domain->certkey = kore_strdup(argv[1]);
Add access logging to Kore.
2013-06-24 09:36:40 +02:00
return (KORE_RESULT_OK);
}
add SNI support, and change domain configuration a bit.
2013-06-24 11:32:45 +02:00
Add a form of synchronization between what worker will be accepting new connections and which ones will not be notified for it. Fixes the thundering herd problem, and nicely spreads out load between all the workers equally. A configuration option (workers_max_connections) is available to tweak how many connections a worker will have before giving up the accept lock. Two ways are added to this commit for access locking: - Locking via semaphores. - Locking via GCC's builtin atomic methods. The default is running with semaphores disabled (OpenBSD cannot do sem_init() with pshared set to 1, which is required). If you want to use semaphores add KORE_USE_SEMAPHORES to CFLAGS, and -lpthread to LDFLAGS in the Makefile. Other fixes: - BSD: add a timeout to kevent(). - Merge kore_worker_wait together, linux knows waitpid() as well. - Send the correct SIGQUIT signal to workers instead of SIGINT. - Fix kore_time_ms(). - Log fatal worker messages in syslog. - Refactor code even more. - Do not free our own kore_worker structure.
2013-06-26 16:37:22 +02:00
static int
configure_max_connections(char **argv)
{
int err;
if (argv[1] == NULL)
return (KORE_RESULT_ERROR);
Use UINT_MAX for limit of worker_max_connections.
2015-04-09 08:56:12 +02:00
worker_max_connections = kore_strtonum(argv[1], 10, 1, UINT_MAX, &err);
Be more verbose when configuration errors pop up.
2013-09-22 20:11:56 +02:00
if (err != KORE_RESULT_OK) {
printf("bad value for worker_max_connections: %s\n", argv[1]);
Add a form of synchronization between what worker will be accepting new connections and which ones will not be notified for it. Fixes the thundering herd problem, and nicely spreads out load between all the workers equally. A configuration option (workers_max_connections) is available to tweak how many connections a worker will have before giving up the accept lock. Two ways are added to this commit for access locking: - Locking via semaphores. - Locking via GCC's builtin atomic methods. The default is running with semaphores disabled (OpenBSD cannot do sem_init() with pshared set to 1, which is required). If you want to use semaphores add KORE_USE_SEMAPHORES to CFLAGS, and -lpthread to LDFLAGS in the Makefile. Other fixes: - BSD: add a timeout to kevent(). - Merge kore_worker_wait together, linux knows waitpid() as well. - Send the correct SIGQUIT signal to workers instead of SIGINT. - Fix kore_time_ms(). - Log fatal worker messages in syslog. - Refactor code even more. - Do not free our own kore_worker structure.
2013-06-26 16:37:22 +02:00
return (KORE_RESULT_ERROR);
Be more verbose when configuration errors pop up.
2013-09-22 20:11:56 +02:00
}
Add a form of synchronization between what worker will be accepting new connections and which ones will not be notified for it. Fixes the thundering herd problem, and nicely spreads out load between all the workers equally. A configuration option (workers_max_connections) is available to tweak how many connections a worker will have before giving up the accept lock. Two ways are added to this commit for access locking: - Locking via semaphores. - Locking via GCC's builtin atomic methods. The default is running with semaphores disabled (OpenBSD cannot do sem_init() with pshared set to 1, which is required). If you want to use semaphores add KORE_USE_SEMAPHORES to CFLAGS, and -lpthread to LDFLAGS in the Makefile. Other fixes: - BSD: add a timeout to kevent(). - Merge kore_worker_wait together, linux knows waitpid() as well. - Send the correct SIGQUIT signal to workers instead of SIGINT. - Fix kore_time_ms(). - Log fatal worker messages in syslog. - Refactor code even more. - Do not free our own kore_worker structure.
2013-06-26 16:37:22 +02:00
return (KORE_RESULT_OK);
}
Add worker_rlimit_nofiles as a configurable option.
2014-07-31 09:14:03 +02:00
static int
configure_rlimit_nofiles(char **argv)
{
int err;
if (argv[1] == NULL)
return (KORE_RESULT_ERROR);
worker_rlimit_nofiles = kore_strtonum(argv[1], 10, 1, UINT_MAX, &err);
if (err != KORE_RESULT_OK) {
printf("bad value for worker_rlimit_nofiles: %s\n", argv[1]);
return (KORE_RESULT_ERROR);
Introduce new config option worker_accept_treshold This configuration option limits the maximum number of connections a worker process can accept() in a single event loop. It can be used to more evenly spread out incoming connections across workers when new connections arrive in a burst.
2015-04-23 10:24:00 +02:00
}
return (KORE_RESULT_OK);
}
static int
configure_accept_treshold(char **argv)
{
int err;
if (argv[1] == NULL)
return (KORE_RESULT_ERROR);
worker_accept_treshold = kore_strtonum(argv[1], 0, 1, UINT_MAX, &err);
if (err != KORE_RESULT_OK) {
printf("bad value for worker_accept_treshold: %s\n", argv[1]);
return (KORE_RESULT_ERROR);
Add worker_rlimit_nofiles as a configurable option.
2014-07-31 09:14:03 +02:00
}
return (KORE_RESULT_OK);
}
Add http_header_max and http_postbody_max configuration variables. - http_header_max: Maximum size of HTTP headers (in non SPDY connections). - http_postbody_max: Maximum size of an HTTP POST body (both in SPDY and HTTP mode). Right now Kore will simply DC the client, ideally we want to send a 413 (entity too large) to the client however. See modules/examples/module.conf for more.
2013-09-22 20:05:24 +02:00
static int
configure_http_header_max(char **argv)
{
int err;
if (argv[1] == NULL)
return (KORE_RESULT_ERROR);
if (http_header_max != HTTP_HEADER_MAX_LEN) {
kore_debug("http_header_max already set");
return (KORE_RESULT_ERROR);
}
http_header_max = kore_strtonum(argv[1], 10, 1, 65535, &err);
if (err != KORE_RESULT_OK) {
printf("bad http_header_max value: %s\n", argv[1]);
return (KORE_RESULT_ERROR);
}
return (KORE_RESULT_OK);
}
static int
Add PUT/DELETE/HEAD methods (finally). This commit renames certain POST centric variable and configuration naming to the correct HTTP body stuff. API changes include http_postbody_text() and http_postbody_bytes() to have become http_body_text() and http_body_bytes(). The developer is still responsible for validating the method their page handler is called with. Hopefully this becomes a configuration option soon enough.
2014-10-08 11:03:14 +02:00
configure_http_body_max(char **argv)
Add http_header_max and http_postbody_max configuration variables. - http_header_max: Maximum size of HTTP headers (in non SPDY connections). - http_postbody_max: Maximum size of an HTTP POST body (both in SPDY and HTTP mode). Right now Kore will simply DC the client, ideally we want to send a 413 (entity too large) to the client however. See modules/examples/module.conf for more.
2013-09-22 20:05:24 +02:00
{
int err;
if (argv[1] == NULL)
return (KORE_RESULT_ERROR);
Add PUT/DELETE/HEAD methods (finally). This commit renames certain POST centric variable and configuration naming to the correct HTTP body stuff. API changes include http_postbody_text() and http_postbody_bytes() to have become http_body_text() and http_body_bytes(). The developer is still responsible for validating the method their page handler is called with. Hopefully this becomes a configuration option soon enough.
2014-10-08 11:03:14 +02:00
if (http_body_max != HTTP_BODY_MAX_LEN) {
kore_debug("http_body_max already set");
Add http_header_max and http_postbody_max configuration variables. - http_header_max: Maximum size of HTTP headers (in non SPDY connections). - http_postbody_max: Maximum size of an HTTP POST body (both in SPDY and HTTP mode). Right now Kore will simply DC the client, ideally we want to send a 413 (entity too large) to the client however. See modules/examples/module.conf for more.
2013-09-22 20:05:24 +02:00
return (KORE_RESULT_ERROR);
}
Add PUT/DELETE/HEAD methods (finally). This commit renames certain POST centric variable and configuration naming to the correct HTTP body stuff. API changes include http_postbody_text() and http_postbody_bytes() to have become http_body_text() and http_body_bytes(). The developer is still responsible for validating the method their page handler is called with. Hopefully this becomes a configuration option soon enough.
2014-10-08 11:03:14 +02:00
http_body_max = kore_strtonum(argv[1], 10, 1, LONG_MAX, &err);
Add http_header_max and http_postbody_max configuration variables. - http_header_max: Maximum size of HTTP headers (in non SPDY connections). - http_postbody_max: Maximum size of an HTTP POST body (both in SPDY and HTTP mode). Right now Kore will simply DC the client, ideally we want to send a 413 (entity too large) to the client however. See modules/examples/module.conf for more.
2013-09-22 20:05:24 +02:00
if (err != KORE_RESULT_OK) {
Add PUT/DELETE/HEAD methods (finally). This commit renames certain POST centric variable and configuration naming to the correct HTTP body stuff. API changes include http_postbody_text() and http_postbody_bytes() to have become http_body_text() and http_body_bytes(). The developer is still responsible for validating the method their page handler is called with. Hopefully this becomes a configuration option soon enough.
2014-10-08 11:03:14 +02:00
printf("bad http_body_max value: %s\n", argv[1]);
Add http_header_max and http_postbody_max configuration variables. - http_header_max: Maximum size of HTTP headers (in non SPDY connections). - http_postbody_max: Maximum size of an HTTP POST body (both in SPDY and HTTP mode). Right now Kore will simply DC the client, ideally we want to send a 413 (entity too large) to the client however. See modules/examples/module.conf for more.
2013-09-22 20:05:24 +02:00
return (KORE_RESULT_ERROR);
}
return (KORE_RESULT_OK);
}
Add http_hsts_enable (enabled by default with max-age=31536000) to Kore's configuration file. If enabled Kore adds the HSTS header to every response. - Additionally, fix some typos in the example configuration. - Change default SSL cipher list again, no more RC4 and almost PFS for all browsers.
2013-10-15 10:44:56 +02:00
static int
configure_http_hsts_enable(char **argv)
{
int err;
if (argv[1] == NULL)
return (KORE_RESULT_ERROR);
if (http_hsts_enable != HTTP_HSTS_ENABLE) {
kore_debug("http_hsts_enable already set");
return (KORE_RESULT_ERROR);
}
ULONG_MAX -> LONG_MAX
2013-12-16 18:00:33 +01:00
http_hsts_enable = kore_strtonum(argv[1], 10, 0, LONG_MAX, &err);
Add http_hsts_enable (enabled by default with max-age=31536000) to Kore's configuration file. If enabled Kore adds the HSTS header to every response. - Additionally, fix some typos in the example configuration. - Change default SSL cipher list again, no more RC4 and almost PFS for all browsers.
2013-10-15 10:44:56 +02:00
if (err != KORE_RESULT_OK) {
printf("bad http_hsts_enable value: %s\n", argv[1]);
return (KORE_RESULT_ERROR);
}
return (KORE_RESULT_OK);
}
Add http_keepalive_time configuration parameter. Allows you to configure maximum amount of seconds an HTTP connection can stay open (does not affect SPDY connections). If set to 0 it will disable keep-alive all together. Add some inttypes fluff.
2013-10-15 11:10:45 +02:00
static int
configure_http_keepalive_time(char **argv)
{
int err;
if (argv[1] == NULL)
return (KORE_RESULT_ERROR);
if (http_keepalive_time != HTTP_KEEPALIVE_TIME) {
kore_debug("http_keepalive_time already set");
return (KORE_RESULT_ERROR);
}
http_keepalive_time = kore_strtonum(argv[1], 10, 0, USHRT_MAX, &err);
if (err != KORE_RESULT_OK) {
printf("bad http_keepalive_time value: %s\n", argv[1]);
return (KORE_RESULT_ERROR);
}
return (KORE_RESULT_OK);
}
Improve very heavy load handling. Introduces two new configuration knobs: * socket_backlog (backlog for listen(2)) * http_request_limit The second one is the most interesting one. Before, kore would iterate over all received HTTP requests in its queue before returning out of http_process(). Under heavy load this queue can cause Kore to spend a considerable amount of time iterating over said queue. With the http_request_limit, kore will process at MOST http_request_limit requests before returning back to the event loop. This means responses to processed requests are sent out much quicker and allows kore to handle any other incoming requests more gracefully.
2015-04-09 15:29:44 +02:00
static int
configure_http_request_limit(char **argv)
{
int err;
if (argv[1] == NULL)
return (KORE_RESULT_ERROR);
http_request_limit = kore_strtonum(argv[1], 10, 0, UINT_MAX, &err);
if (err != KORE_RESULT_OK) {
printf("bad http_request_limit value: %s\n", argv[1]);
return (KORE_RESULT_ERROR);
}
return (KORE_RESULT_OK);
}
Add validators to kore, specified in the configuration using 'validator' keyword. Example: validator v_id function v_id_function validator v_url regex ^/url/path/[a-z]*$ You can then call these using kore_validator_run(char *, char *), example: if (!kore_validator_run("v_url", req->path)) [req->path is bad];
2013-11-09 16:21:52 +01:00
static int
configure_validator(char **argv)
{
u_int8_t type;
if (argv[3] == NULL)
return (KORE_RESULT_ERROR);
if (!strcmp(argv[2], "regex")) {
type = KORE_VALIDATOR_TYPE_REGEX;
} else if (!strcmp(argv[2], "function")) {
type = KORE_VALIDATOR_TYPE_FUNCTION;
} else {
printf("bad type for validator %s\n", argv[1]);
return (KORE_RESULT_ERROR);
}
if (!kore_validator_add(argv[1], type, argv[3])) {
printf("bad validator specified: %s\n", argv[1]);
return (KORE_RESULT_ERROR);
}
return (KORE_RESULT_OK);
}
Kore now supports GET parameters and automatic validation of GET/POST parameters. Kore will automatically removes invalid parameters as a security measure. See modules/examples/module.conf for an example of how this works.
2013-11-10 15:17:15 +01:00
static int
configure_params(char **argv)
{
struct kore_module_handle *hdlr;
if (current_domain == NULL) {
printf("params keyword used in wrong context\n");
return (KORE_RESULT_ERROR);
}
if (current_handler != NULL) {
printf("previous params block not closed\n");
return (KORE_RESULT_ERROR);
}
if (argv[2] == NULL)
return (KORE_RESULT_ERROR);
if (!strcasecmp(argv[1], "post")) {
current_method = HTTP_METHOD_POST;
} else if (!strcasecmp(argv[1], "get")) {
current_method = HTTP_METHOD_GET;
Support PUT, DELETE, and HEAD methods in cofigs. The primary usecase for this is RESTful APIs where PUT, DELETE, and HEAD can be useful methods to support.
2015-04-09 01:46:27 +02:00
} else if (!strcasecmp(argv[1], "put")) {
current_method = HTTP_METHOD_PUT;
} else if (!strcasecmp(argv[1], "delete")) {
current_method = HTTP_METHOD_DELETE;
} else if (!strcasecmp(argv[1], "head")) {
current_method = HTTP_METHOD_HEAD;
Kore now supports GET parameters and automatic validation of GET/POST parameters. Kore will automatically removes invalid parameters as a security measure. See modules/examples/module.conf for an example of how this works.
2013-11-10 15:17:15 +01:00
} else {
printf("unknown method: %s in params block for %s\n",
argv[1], argv[2]);
return (KORE_RESULT_ERROR);
}
/*
* Find the handler ourselves, otherwise the regex is applied
* in case of a dynamic page.
*/
TAILQ_FOREACH(hdlr, &(current_domain->handlers), list) {
if (!strcmp(hdlr->path, argv[2])) {
current_handler = hdlr;
return (KORE_RESULT_OK);
}
}
printf("params for unknown page handler: %s\n", argv[2]);
return (KORE_RESULT_ERROR);
}
static int
configure_validate(char **argv)
{
struct kore_handler_params *p;
struct kore_validator *val;
if (current_handler == NULL) {
printf("validate keyword used in wrong context\n");
return (KORE_RESULT_ERROR);
}
if (argv[2] == NULL)
return (KORE_RESULT_ERROR);
if ((val = kore_validator_lookup(argv[2])) == NULL) {
printf("unknown validator %s for %s\n", argv[2], argv[1]);
return (KORE_RESULT_ERROR);
}
p = kore_malloc(sizeof(*p));
p->validator = val;
p->method = current_method;
p->name = kore_strdup(argv[1]);
TAILQ_INSERT_TAIL(&(current_handler->params), p, list);
return (KORE_RESULT_OK);
}
Add authentication blocks for Kore. Using authentication blocks one can define "authentication" mechanisms in Kore for page handlers. This can be used to require a session cookie (validated by your own validator) for certain page handlers, and hopefully in the future provide a framework for adding more authentication things (like HTTP Auth). Right now only cookie checking is available.
2014-01-22 22:55:10 +01:00
static int
configure_authentication(char **argv)
{
if (argv[2] == NULL) {
printf("Missing name for authentication block\n");
return (KORE_RESULT_ERROR);
}
if (current_auth != NULL) {
printf("Previous authentication block not closed\n");
return (KORE_RESULT_ERROR);
}
if (strcmp(argv[2], "{")) {
printf("missing { for authentication block\n");
return (KORE_RESULT_ERROR);
}
if (!kore_auth_new(argv[1]))
return (KORE_RESULT_ERROR);
current_auth = kore_auth_lookup(argv[1]);
return (KORE_RESULT_OK);
}
static int
configure_authentication_type(char **argv)
{
if (current_auth == NULL) {
printf("authentication_type outside authentication block\n");
return (KORE_RESULT_ERROR);
}
if (argv[1] == NULL) {
printf("missing parameter for authentication_type\n");
return (KORE_RESULT_ERROR);
}
if (!strcmp(argv[1], "cookie")) {
current_auth->type = KORE_AUTH_TYPE_COOKIE;
Add header as an option for authentication blocks
2014-01-22 23:11:52 +01:00
} else if (!strcmp(argv[1], "header")) {
current_auth->type = KORE_AUTH_TYPE_HEADER;
"request" auth blocks should set their own response.
2015-02-04 12:04:07 +01:00
} else if (!strcmp(argv[1], "request")) {
current_auth->type = KORE_AUTH_TYPE_REQUEST;
Add authentication blocks for Kore. Using authentication blocks one can define "authentication" mechanisms in Kore for page handlers. This can be used to require a session cookie (validated by your own validator) for certain page handlers, and hopefully in the future provide a framework for adding more authentication things (like HTTP Auth). Right now only cookie checking is available.
2014-01-22 22:55:10 +01:00
} else {
printf("unknown authentication type '%s'\n", argv[1]);
return (KORE_RESULT_ERROR);
}
return (KORE_RESULT_OK);
}
static int
configure_authentication_value(char **argv)
{
if (current_auth == NULL) {
printf("authentication_value outside authentication block\n");
return (KORE_RESULT_ERROR);
}
if (argv[1] == NULL) {
printf("missing parameter for authentication_value\n");
return (KORE_RESULT_ERROR);
}
if (current_auth->value != NULL) {
printf("duplicate authentication_value found\n");
return (KORE_RESULT_ERROR);
}
current_auth->value = kore_strdup(argv[1]);
return (KORE_RESULT_OK);
}
static int
configure_authentication_validator(char **argv)
{
struct kore_validator *val;
if (current_auth == NULL) {
printf("authentication_validator outside authentication\n");
return (KORE_RESULT_ERROR);
}
if (argv[1] == NULL) {
printf("missing parameter for authentication_validator\n");
return (KORE_RESULT_ERROR);
}
if (current_auth->validator != NULL) {
printf("duplicate authentication_validator found\n");
return (KORE_RESULT_ERROR);
}
if ((val = kore_validator_lookup(argv[1])) == NULL) {
printf("authentication validator '%s' not found\n", argv[1]);
return (KORE_RESULT_ERROR);
}
current_auth->validator = val;
return (KORE_RESULT_OK);
}
static int
configure_authentication_uri(char **argv)
{
if (current_auth == NULL) {
printf("authentication_uri outside authentication block\n");
return (KORE_RESULT_ERROR);
}
if (argv[1] == NULL) {
printf("missing parameter for authentication_uri\n");
return (KORE_RESULT_ERROR);
}
if (current_auth->redirect != NULL) {
printf("duplicate authentication_uri found\n");
return (KORE_RESULT_ERROR);
}
current_auth->redirect = kore_strdup(argv[1]);
return (KORE_RESULT_OK);
}
Add websocket support to Kore. Introduces a few new api functions: - kore_websocket_handshake(struct http_request *): Performs the handshake on an HTTP request (coming from page handler) - kore_websocket_send(struct connection *, u_int8_t, void *, size_t): Sends data to a websocket connection. - kore_websocket_broadcast(struct connection *, u_int8_t, void *, size_t, int): Broadcast the given websocket op and data to all connected websocket clients on the worker. Note that as of right now the WEBSOCKET_BROADCAST_GLOBAL scope option does not work yet and messages broadcasted will be restricted to workers only. - kore_worker_websocket_broadcast(struct connection *, void *, void *): Backend function used by kore_websocket_broadcast(). Could prove useful for developers to have access to. A simple example is given under examples/websocket. Known issues: Kore does not support PING or CONT frames just yet.
2014-11-24 11:01:12 +01:00
static int
configure_websocket_maxframe(char **argv)
{
int err;
if (argv[1] == NULL) {
printf("missing parameter for kore_websocket_maxframe\n");
return (KORE_RESULT_ERROR);
}
kore_websocket_maxframe = kore_strtonum64(argv[1], 1, &err);
if (err != KORE_RESULT_OK) {
printf("bad kore_websocket_maxframe value\n");
return (KORE_RESULT_ERROR);
}
return (KORE_RESULT_OK);
}
static int
configure_websocket_timeout(char **argv)
{
int err;
if (argv[1] == NULL) {
printf("missing parameter for kore_websocket_timeout\n");
return (KORE_RESULT_ERROR);
}
kore_websocket_timeout = kore_strtonum64(argv[1], 1, &err);
if (err != KORE_RESULT_OK) {
printf("bad kore_websocket_timeout value\n");
return (KORE_RESULT_ERROR);
}
kore_websocket_timeout = kore_websocket_timeout * 1000;
return (KORE_RESULT_OK);
}
Improve very heavy load handling. Introduces two new configuration knobs: * socket_backlog (backlog for listen(2)) * http_request_limit The second one is the most interesting one. Before, kore would iterate over all received HTTP requests in its queue before returning out of http_process(). Under heavy load this queue can cause Kore to spend a considerable amount of time iterating over said queue. With the http_request_limit, kore will process at MOST http_request_limit requests before returning back to the event loop. This means responses to processed requests are sent out much quicker and allows kore to handle any other incoming requests more gracefully.
2015-04-09 15:29:44 +02:00
static int
configure_socket_backlog(char **argv)
{
int err;
if (argv[1] == NULL)
return (KORE_RESULT_ERROR);
kore_socket_backlog = kore_strtonum(argv[1], 10, 0, UINT_MAX, &err);
if (err != KORE_RESULT_OK) {
printf("bad socket_backlog value: %s\n", argv[1]);
return (KORE_RESULT_ERROR);
}
return (KORE_RESULT_OK);
}
add SNI support, and change domain configuration a bit.
2013-06-24 11:32:45 +02:00
static void
domain_sslstart(void)
{
kore_domain_sslstart(current_domain);
current_domain = NULL;
}
Add pgsql_conn_max configuration parameter. Allows you to tune how many pgsql connections kore will make at one time.
2014-07-04 09:14:05 +02:00
#if defined(KORE_USE_PGSQL)
static int
configure_pgsql_conn_max(char **argv)
{
int err;
if (argv[1] == NULL) {
printf("missing parameter for pgsql_conn_max\n");
return (KORE_RESULT_ERROR);
}
pgsql_conn_max = kore_strtonum(argv[1], 10, 0, USHRT_MAX, &err);
if (err != KORE_RESULT_OK) {
printf("bad value for pgsql_conn_max: %s\n", argv[1]);
return (KORE_RESULT_ERROR);
}
return (KORE_RESULT_OK);
}
#endif