2013-06-26 11:18:32 +02:00
|
|
|
/*
|
2022-01-31 22:02:06 +01:00
|
|
|
* Copyright (c) 2013-2022 Joris Vink <joris@coders.se>
|
2013-06-26 11:18:32 +02:00
|
|
|
*
|
|
|
|
|
* Permission to use, copy, modify, and distribute this software for any
|
|
|
|
|
* purpose with or without fee is hereby granted, provided that the above
|
|
|
|
|
* copyright notice and this permission notice appear in all copies.
|
|
|
|
|
*
|
|
|
|
|
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
|
|
|
|
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
|
|
|
|
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
|
|
|
|
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
|
|
|
|
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
|
|
|
|
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
|
|
|
|
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
|
|
|
|
*/
|
|
|
|
|
|
2015-06-14 16:44:37 +02:00
|
|
|
#include <sys/param.h>
|
2019-03-06 09:29:46 +01:00
|
|
|
#include <sys/types.h>
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
#include <sys/stat.h>
|
2013-06-26 16:37:22 +02:00
|
|
|
#include <sys/shm.h>
|
2013-06-26 11:18:32 +02:00
|
|
|
#include <sys/wait.h>
|
2014-07-31 09:14:03 +02:00
|
|
|
#include <sys/time.h>
|
|
|
|
|
#include <sys/resource.h>
|
2015-06-22 21:13:32 +02:00
|
|
|
#include <sys/socket.h>
|
2013-06-26 11:18:32 +02:00
|
|
|
|
2015-04-20 15:17:42 +02:00
|
|
|
#include <fcntl.h>
|
2013-06-26 11:18:32 +02:00
|
|
|
#include <grp.h>
|
2013-07-06 20:55:22 +02:00
|
|
|
#include <pwd.h>
|
2013-06-26 11:18:32 +02:00
|
|
|
#include <signal.h>
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
#include <unistd.h>
|
2013-06-26 11:18:32 +02:00
|
|
|
|
|
|
|
|
#include "kore.h"
|
2015-11-27 16:22:50 +01:00
|
|
|
|
2019-11-06 19:33:53 +01:00
|
|
|
#if defined(KORE_USE_ACME)
|
|
|
|
|
#include "acme.h"
|
|
|
|
|
#endif
|
|
|
|
|
|
2015-11-27 16:22:50 +01:00
|
|
|
#if !defined(KORE_NO_HTTP)
|
2013-06-26 11:18:32 +02:00
|
|
|
#include "http.h"
|
2015-11-27 16:22:50 +01:00
|
|
|
#endif
|
2013-06-26 11:18:32 +02:00
|
|
|
|
2014-03-30 23:54:35 +02:00
|
|
|
#if defined(KORE_USE_PGSQL)
|
2014-07-03 22:14:46 +02:00
|
|
|
#include "pgsql.h"
|
2014-03-30 23:54:35 +02:00
|
|
|
#endif
|
|
|
|
|
|
2014-06-28 16:17:18 +02:00
|
|
|
#if defined(KORE_USE_TASKS)
|
2014-07-03 22:14:46 +02:00
|
|
|
#include "tasks.h"
|
2014-06-28 16:17:18 +02:00
|
|
|
#endif
|
|
|
|
|
|
2017-01-12 23:38:51 +01:00
|
|
|
#if defined(KORE_USE_PYTHON)
|
|
|
|
|
#include "python_api.h"
|
|
|
|
|
#endif
|
|
|
|
|
|
2019-06-13 12:59:17 +02:00
|
|
|
#if defined(KORE_USE_CURL)
|
|
|
|
|
#include "curl.h"
|
|
|
|
|
#endif
|
|
|
|
|
|
2019-10-31 12:52:10 +01:00
|
|
|
#if defined(__linux__)
|
|
|
|
|
#include "seccomp.h"
|
|
|
|
|
#endif
|
|
|
|
|
|
2019-11-06 19:33:53 +01:00
|
|
|
#define WORKER_SOLO_COUNT 3
|
2019-10-04 11:29:45 +02:00
|
|
|
|
2013-07-15 11:24:49 +02:00
|
|
|
#define WORKER(id) \
|
|
|
|
|
(struct kore_worker *)((u_int8_t *)kore_workers + \
|
|
|
|
|
(sizeof(struct kore_worker) * id))
|
2013-06-27 00:22:48 +02:00
|
|
|
|
|
|
|
|
struct wlock {
|
2014-07-30 15:20:09 +02:00
|
|
|
volatile int lock;
|
|
|
|
|
pid_t current;
|
2013-06-27 00:22:48 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static int worker_trylock(void);
|
2014-07-30 15:20:09 +02:00
|
|
|
static void worker_unlock(void);
|
2019-10-31 12:52:10 +01:00
|
|
|
static void worker_reaper(pid_t, int);
|
2021-12-22 09:50:26 +01:00
|
|
|
static void worker_runtime_teardown(void);
|
|
|
|
|
static void worker_runtime_configure(void);
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
static void worker_domain_check(struct kore_domain *);
|
2013-06-27 00:22:48 +02:00
|
|
|
|
2021-12-22 09:50:26 +01:00
|
|
|
static struct kore_runtime_call *worker_runtime_signal(void);
|
|
|
|
|
|
2019-03-21 10:17:08 +01:00
|
|
|
static inline int worker_acceptlock_obtain(void);
|
2019-03-21 14:03:11 +01:00
|
|
|
static inline void worker_acceptlock_release(void);
|
|
|
|
|
static void worker_accept_avail(struct kore_msg *, const void *);
|
2013-06-26 16:37:22 +02:00
|
|
|
|
2018-07-11 09:44:29 +02:00
|
|
|
static void worker_entropy_recv(struct kore_msg *, const void *);
|
2019-01-14 11:41:50 +01:00
|
|
|
static void worker_keymgr_response(struct kore_msg *, const void *);
|
2017-02-28 06:28:35 +01:00
|
|
|
|
2022-02-01 10:34:12 +01:00
|
|
|
static pid_t worker_pgrp;
|
2019-03-21 14:03:11 +01:00
|
|
|
static int accept_avail;
|
2013-06-27 00:22:48 +02:00
|
|
|
static struct kore_worker *kore_workers;
|
2017-03-13 15:32:04 +01:00
|
|
|
static int worker_no_lock;
|
2013-06-26 16:37:22 +02:00
|
|
|
static int shm_accept_key;
|
2013-06-27 08:43:07 +02:00
|
|
|
static struct wlock *accept_lock;
|
2013-06-26 11:18:32 +02:00
|
|
|
|
2013-06-26 16:37:22 +02:00
|
|
|
struct kore_worker *worker = NULL;
|
2015-04-27 10:36:33 +02:00
|
|
|
u_int8_t worker_set_affinity = 1;
|
2018-11-16 11:37:09 +01:00
|
|
|
u_int32_t worker_accept_threshold = 16;
|
2018-10-26 19:19:47 +02:00
|
|
|
u_int32_t worker_rlimit_nofiles = 768;
|
|
|
|
|
u_int32_t worker_max_connections = 512;
|
2013-06-27 00:22:48 +02:00
|
|
|
u_int32_t worker_active_connections = 0;
|
2019-03-22 09:49:50 +01:00
|
|
|
int worker_policy = KORE_WORKER_POLICY_RESTART;
|
2013-06-26 11:18:32 +02:00
|
|
|
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
int
|
2013-06-26 11:18:32 +02:00
|
|
|
kore_worker_init(void)
|
|
|
|
|
{
|
2013-06-27 00:22:48 +02:00
|
|
|
size_t len;
|
2018-12-22 09:25:00 +01:00
|
|
|
struct kore_worker *kw;
|
2019-11-06 19:33:53 +01:00
|
|
|
u_int16_t idx, id, cpu;
|
2013-06-26 11:18:32 +02:00
|
|
|
|
2017-03-13 15:32:04 +01:00
|
|
|
worker_no_lock = 0;
|
|
|
|
|
|
2013-06-26 11:18:32 +02:00
|
|
|
if (worker_count == 0)
|
2018-10-22 21:27:17 +02:00
|
|
|
worker_count = cpu_count;
|
2013-06-26 11:18:32 +02:00
|
|
|
|
2019-11-06 19:33:53 +01:00
|
|
|
/* Account for the keymgr/acme even if we don't end up starting it. */
|
|
|
|
|
worker_count += 2;
|
2016-06-08 13:55:14 +02:00
|
|
|
|
2013-06-27 00:22:48 +02:00
|
|
|
len = sizeof(*accept_lock) +
|
|
|
|
|
(sizeof(struct kore_worker) * worker_count);
|
2013-10-14 11:26:11 +02:00
|
|
|
|
2015-04-28 10:20:36 +02:00
|
|
|
shm_accept_key = shmget(IPC_PRIVATE, len, IPC_CREAT | IPC_EXCL | 0700);
|
|
|
|
|
if (shm_accept_key == -1)
|
|
|
|
|
fatal("kore_worker_init(): shmget() %s", errno_s);
|
2015-03-25 19:42:24 +01:00
|
|
|
if ((accept_lock = shmat(shm_accept_key, NULL, 0)) == (void *)-1)
|
2013-06-26 16:37:22 +02:00
|
|
|
fatal("kore_worker_init(): shmat() %s", errno_s);
|
|
|
|
|
|
2013-06-27 00:22:48 +02:00
|
|
|
accept_lock->lock = 0;
|
|
|
|
|
accept_lock->current = 0;
|
|
|
|
|
|
2013-07-15 11:24:49 +02:00
|
|
|
kore_workers = (struct kore_worker *)((u_int8_t *)accept_lock +
|
|
|
|
|
sizeof(*accept_lock));
|
2013-06-27 00:22:48 +02:00
|
|
|
memset(kore_workers, 0, sizeof(struct kore_worker) * worker_count);
|
2013-06-26 16:37:22 +02:00
|
|
|
|
2013-06-26 11:18:32 +02:00
|
|
|
kore_debug("kore_worker_init(): system has %d cpu's", cpu_count);
|
|
|
|
|
kore_debug("kore_worker_init(): starting %d workers", worker_count);
|
2015-01-19 15:26:53 +01:00
|
|
|
|
|
|
|
|
if (worker_count > cpu_count) {
|
2016-02-12 08:57:58 +01:00
|
|
|
kore_debug("kore_worker_init(): more workers than cpu's");
|
2015-01-19 15:26:53 +01:00
|
|
|
}
|
2013-06-26 11:18:32 +02:00
|
|
|
|
2018-12-22 09:25:00 +01:00
|
|
|
/* Setup log buffers. */
|
2019-11-06 19:33:53 +01:00
|
|
|
for (idx = KORE_WORKER_BASE; idx < worker_count; idx++) {
|
|
|
|
|
kw = WORKER(idx);
|
2018-12-22 09:25:00 +01:00
|
|
|
kw->lb.offset = 0;
|
|
|
|
|
}
|
|
|
|
|
|
2021-10-05 12:29:50 +02:00
|
|
|
if (!kore_quiet)
|
|
|
|
|
kore_log(LOG_INFO, "starting worker processes");
|
2021-09-07 22:14:28 +02:00
|
|
|
|
2022-02-01 10:34:12 +01:00
|
|
|
if ((worker_pgrp = getpgrp()) == -1)
|
|
|
|
|
fatal("%s: getpgrp(): %s", __func__, errno_s);
|
|
|
|
|
|
2019-10-04 11:29:45 +02:00
|
|
|
/* Now start all the workers. */
|
2019-11-06 19:33:53 +01:00
|
|
|
id = 1;
|
2019-10-04 11:29:45 +02:00
|
|
|
cpu = 1;
|
2019-11-06 19:33:53 +01:00
|
|
|
for (idx = KORE_WORKER_BASE; idx < worker_count; idx++) {
|
2019-10-04 11:29:45 +02:00
|
|
|
if (cpu >= cpu_count)
|
2013-06-26 11:18:32 +02:00
|
|
|
cpu = 0;
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
if (!kore_worker_spawn(idx, id++, cpu++))
|
|
|
|
|
return (KORE_RESULT_ERROR);
|
2019-11-06 19:33:53 +01:00
|
|
|
}
|
|
|
|
|
|
2022-02-17 13:45:28 +01:00
|
|
|
if (kore_keymgr_active) {
|
2019-11-06 19:33:53 +01:00
|
|
|
#if defined(KORE_USE_ACME)
|
|
|
|
|
/* The ACME process is only started if we need it. */
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
if (acme_domains) {
|
|
|
|
|
if (!kore_worker_spawn(KORE_WORKER_ACME_IDX,
|
|
|
|
|
KORE_WORKER_ACME, 0))
|
|
|
|
|
return (KORE_RESULT_ERROR);
|
2019-11-06 19:33:53 +01:00
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
/* Now we can start the keymgr. */
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
if (!kore_worker_spawn(KORE_WORKER_KEYMGR_IDX,
|
|
|
|
|
KORE_WORKER_KEYMGR, 0))
|
|
|
|
|
return (KORE_RESULT_ERROR);
|
2013-06-26 11:18:32 +02:00
|
|
|
}
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
|
2021-10-05 12:29:50 +02:00
|
|
|
if (!kore_quiet)
|
|
|
|
|
kore_log(LOG_INFO, "all worker processes started");
|
2021-09-07 22:14:28 +02:00
|
|
|
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
return (KORE_RESULT_OK);
|
2013-06-26 11:18:32 +02:00
|
|
|
}
|
|
|
|
|
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
int
|
2019-11-06 19:33:53 +01:00
|
|
|
kore_worker_spawn(u_int16_t idx, u_int16_t id, u_int16_t cpu)
|
2013-06-26 11:18:32 +02:00
|
|
|
{
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
int cnt;
|
2013-06-26 11:18:32 +02:00
|
|
|
struct kore_worker *kw;
|
2021-09-07 23:05:25 +02:00
|
|
|
#if defined(__linux__)
|
|
|
|
|
int status;
|
|
|
|
|
#endif
|
2013-06-26 11:18:32 +02:00
|
|
|
|
2019-11-06 19:33:53 +01:00
|
|
|
kw = WORKER(idx);
|
2013-06-27 00:22:48 +02:00
|
|
|
kw->id = id;
|
2013-06-26 11:18:32 +02:00
|
|
|
kw->cpu = cpu;
|
2020-01-17 21:48:55 +01:00
|
|
|
kw->running = 1;
|
2021-09-15 11:09:52 +02:00
|
|
|
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
kw->ready = 0;
|
2021-09-15 11:09:52 +02:00
|
|
|
kw->has_lock = 0;
|
|
|
|
|
kw->active_route = NULL;
|
2013-06-27 08:43:07 +02:00
|
|
|
|
2015-06-22 21:13:32 +02:00
|
|
|
if (socketpair(AF_UNIX, SOCK_STREAM, 0, kw->pipe) == -1)
|
|
|
|
|
fatal("socketpair(): %s", errno_s);
|
|
|
|
|
|
2015-06-22 22:11:03 +02:00
|
|
|
if (!kore_connection_nonblock(kw->pipe[0], 0) ||
|
|
|
|
|
!kore_connection_nonblock(kw->pipe[1], 0))
|
2015-06-22 21:13:32 +02:00
|
|
|
fatal("could not set pipe fds to nonblocking: %s", errno_s);
|
|
|
|
|
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
switch (id) {
|
|
|
|
|
case KORE_WORKER_KEYMGR:
|
|
|
|
|
kw->ps = &keymgr_privsep;
|
|
|
|
|
break;
|
|
|
|
|
#if defined(KORE_USE_ACME)
|
|
|
|
|
case KORE_WORKER_ACME:
|
|
|
|
|
kw->ps = &acme_privsep;
|
|
|
|
|
break;
|
|
|
|
|
#endif
|
|
|
|
|
default:
|
|
|
|
|
kw->ps = &worker_privsep;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2013-07-07 14:48:32 +02:00
|
|
|
kw->pid = fork();
|
2013-06-26 11:18:32 +02:00
|
|
|
if (kw->pid == -1)
|
|
|
|
|
fatal("could not spawn worker child: %s", errno_s);
|
|
|
|
|
|
|
|
|
|
if (kw->pid == 0) {
|
|
|
|
|
kw->pid = getpid();
|
|
|
|
|
kore_worker_entry(kw);
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
exit(1);
|
|
|
|
|
} else {
|
2021-09-07 22:14:28 +02:00
|
|
|
for (cnt = 0; cnt < 50; cnt++) {
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
if (kw->ready == 1)
|
|
|
|
|
break;
|
2021-09-07 22:14:28 +02:00
|
|
|
usleep(100000);
|
2021-09-07 23:05:25 +02:00
|
|
|
#if defined(__linux__)
|
|
|
|
|
/*
|
|
|
|
|
* If seccomp_tracing is enabled, make sure we
|
|
|
|
|
* handle the SIGSTOP from the child processes.
|
|
|
|
|
*/
|
|
|
|
|
if (kore_seccomp_tracing) {
|
|
|
|
|
if (waitpid(kw->pid, &status, WNOHANG) > 0)
|
|
|
|
|
kore_seccomp_trace(kw->pid, status);
|
|
|
|
|
}
|
|
|
|
|
#endif
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (kw->ready == 0) {
|
|
|
|
|
kore_log(LOG_NOTICE,
|
|
|
|
|
"worker %d failed to start, shutting down",
|
|
|
|
|
kw->id);
|
|
|
|
|
|
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
2013-06-26 11:18:32 +02:00
|
|
|
}
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
|
|
|
|
|
return (KORE_RESULT_OK);
|
2013-06-26 11:18:32 +02:00
|
|
|
}
|
|
|
|
|
|
2015-06-22 21:13:32 +02:00
|
|
|
struct kore_worker *
|
2022-02-01 10:36:07 +01:00
|
|
|
kore_worker_data(u_int8_t idx)
|
2015-06-22 21:13:32 +02:00
|
|
|
{
|
2022-02-01 10:36:07 +01:00
|
|
|
if (idx >= worker_count)
|
|
|
|
|
fatal("idx %u too large for worker count", idx);
|
2015-06-22 21:13:32 +02:00
|
|
|
|
2022-02-01 10:36:07 +01:00
|
|
|
return (WORKER(idx));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
struct kore_worker *
|
|
|
|
|
kore_worker_data_byid(u_int16_t id)
|
|
|
|
|
{
|
|
|
|
|
struct kore_worker *kw;
|
|
|
|
|
u_int16_t idx;
|
|
|
|
|
|
|
|
|
|
for (idx = 0; idx < worker_count; idx++) {
|
|
|
|
|
kw = WORKER(idx);
|
|
|
|
|
if (kw->id == id)
|
|
|
|
|
return (kw);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (NULL);
|
2015-06-22 21:13:32 +02:00
|
|
|
}
|
|
|
|
|
|
2013-06-26 16:37:22 +02:00
|
|
|
void
|
|
|
|
|
kore_worker_shutdown(void)
|
|
|
|
|
{
|
2013-06-27 00:22:48 +02:00
|
|
|
struct kore_worker *kw;
|
2019-03-22 09:49:50 +01:00
|
|
|
pid_t pid;
|
|
|
|
|
int status;
|
2019-11-06 19:33:53 +01:00
|
|
|
u_int16_t idx, done;
|
2013-06-27 00:22:48 +02:00
|
|
|
|
2018-11-15 16:01:37 +01:00
|
|
|
if (!kore_quiet) {
|
|
|
|
|
kore_log(LOG_NOTICE,
|
|
|
|
|
"waiting for workers to drain and shutdown");
|
|
|
|
|
}
|
|
|
|
|
|
2013-06-27 00:22:48 +02:00
|
|
|
for (;;) {
|
2019-11-06 19:33:53 +01:00
|
|
|
for (idx = 0; idx < worker_count; idx++) {
|
|
|
|
|
kw = WORKER(idx);
|
2020-01-17 21:48:55 +01:00
|
|
|
if (kw->running == 0)
|
|
|
|
|
continue;
|
|
|
|
|
|
2019-03-22 09:49:50 +01:00
|
|
|
if (kw->pid != 0) {
|
|
|
|
|
pid = waitpid(kw->pid, &status, 0);
|
2022-02-16 12:32:20 +01:00
|
|
|
if (pid == -1 && errno != ECHILD)
|
2019-03-22 09:49:50 +01:00
|
|
|
continue;
|
2019-10-31 12:52:10 +01:00
|
|
|
|
|
|
|
|
#if defined(__linux__)
|
2019-11-06 19:33:53 +01:00
|
|
|
kore_seccomp_trace(kw->pid, status);
|
2019-10-31 12:52:10 +01:00
|
|
|
#endif
|
|
|
|
|
|
2020-01-17 21:48:55 +01:00
|
|
|
kw->pid = 0;
|
|
|
|
|
kw->running = 0;
|
2019-10-31 12:52:10 +01:00
|
|
|
|
2021-11-03 17:23:05 +01:00
|
|
|
kw->msg[0]->evt.flags |= KORE_EVENT_READ;
|
|
|
|
|
net_recv_flush(kw->msg[0]);
|
|
|
|
|
|
2020-01-17 21:48:55 +01:00
|
|
|
if (!kore_quiet) {
|
2021-11-03 17:23:05 +01:00
|
|
|
kore_log(LOG_NOTICE,
|
|
|
|
|
"worker %s exited (%d)",
|
|
|
|
|
kore_worker_name(kw->id), status);
|
2019-10-31 12:52:10 +01:00
|
|
|
}
|
2019-03-22 09:49:50 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2013-06-27 00:22:48 +02:00
|
|
|
done = 0;
|
2019-11-06 19:33:53 +01:00
|
|
|
for (idx = 0; idx < worker_count; idx++) {
|
|
|
|
|
kw = WORKER(idx);
|
2020-01-17 21:48:55 +01:00
|
|
|
if (kw->running == 0) {
|
2013-06-27 00:22:48 +02:00
|
|
|
done++;
|
2020-01-17 21:48:55 +01:00
|
|
|
continue;
|
|
|
|
|
}
|
2013-06-27 00:22:48 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (done == worker_count)
|
|
|
|
|
break;
|
|
|
|
|
}
|
2013-06-26 16:37:22 +02:00
|
|
|
|
|
|
|
|
if (shmctl(shm_accept_key, IPC_RMID, NULL) == -1) {
|
|
|
|
|
kore_log(LOG_NOTICE,
|
|
|
|
|
"failed to deleted shm segment: %s", errno_s);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
|
|
|
|
kore_worker_dispatch_signal(int sig)
|
|
|
|
|
{
|
2019-11-06 19:33:53 +01:00
|
|
|
u_int16_t idx;
|
2013-06-26 16:37:22 +02:00
|
|
|
struct kore_worker *kw;
|
|
|
|
|
|
2019-11-06 19:33:53 +01:00
|
|
|
for (idx = 0; idx < worker_count; idx++) {
|
|
|
|
|
kw = WORKER(idx);
|
2020-10-16 13:06:08 +02:00
|
|
|
|
|
|
|
|
if (kw->pid == -1 || kw->pid == 0)
|
|
|
|
|
continue;
|
|
|
|
|
|
2015-01-19 15:26:53 +01:00
|
|
|
if (kill(kw->pid, sig) == -1) {
|
2013-06-26 16:37:22 +02:00
|
|
|
kore_debug("kill(%d, %d): %s", kw->pid, sig, errno_s);
|
2015-01-19 15:26:53 +01:00
|
|
|
}
|
2013-06-26 16:37:22 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2013-06-26 11:18:32 +02:00
|
|
|
void
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
kore_worker_privsep(void)
|
2013-06-26 11:18:32 +02:00
|
|
|
{
|
2016-04-28 03:18:21 +02:00
|
|
|
rlim_t fd;
|
2014-07-31 09:14:03 +02:00
|
|
|
struct rlimit rl;
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
struct passwd *pw;
|
|
|
|
|
|
|
|
|
|
if (worker == NULL)
|
|
|
|
|
fatalx("%s called with no worker", __func__);
|
2013-06-26 11:18:32 +02:00
|
|
|
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
pw = NULL;
|
2018-07-11 09:44:29 +02:00
|
|
|
|
2015-05-18 21:34:39 +02:00
|
|
|
/* Must happen before chroot. */
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
if (worker->ps->skip_runas == 0) {
|
|
|
|
|
if (worker->ps->runas == NULL) {
|
|
|
|
|
fatalx("no runas user given for %s",
|
|
|
|
|
kore_worker_name(worker->id));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ((pw = getpwnam(worker->ps->runas)) == NULL) {
|
2018-08-13 13:01:27 +02:00
|
|
|
fatalx("cannot getpwnam(\"%s\") for user: %s",
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
worker->ps->runas, errno_s);
|
2015-05-18 21:34:39 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
if (worker->ps->skip_chroot == 0) {
|
|
|
|
|
if (chroot(worker->ps->root) == -1) {
|
2018-08-13 13:01:27 +02:00
|
|
|
fatalx("cannot chroot(\"%s\"): %s",
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
worker->ps->root, errno_s);
|
2015-05-20 11:36:02 +02:00
|
|
|
}
|
|
|
|
|
|
2013-11-18 00:42:57 +01:00
|
|
|
if (chdir("/") == -1)
|
2018-08-13 13:01:27 +02:00
|
|
|
fatalx("cannot chdir(\"/\"): %s", errno_s);
|
2018-07-11 09:44:29 +02:00
|
|
|
} else {
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
if (chdir(worker->ps->root) == -1) {
|
|
|
|
|
fatalx("cannot chdir(\"%s\"): %s",
|
|
|
|
|
worker->ps->root, errno_s);
|
|
|
|
|
}
|
2013-11-18 00:42:57 +01:00
|
|
|
}
|
|
|
|
|
|
2015-04-20 15:17:42 +02:00
|
|
|
if (getrlimit(RLIMIT_NOFILE, &rl) == -1) {
|
|
|
|
|
kore_log(LOG_WARNING, "getrlimit(RLIMIT_NOFILE): %s", errno_s);
|
|
|
|
|
} else {
|
|
|
|
|
for (fd = 0; fd < rl.rlim_cur; fd++) {
|
|
|
|
|
if (fcntl(fd, F_GETFD, NULL) != -1) {
|
|
|
|
|
worker_rlimit_nofiles++;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-04-09 10:06:18 +02:00
|
|
|
rl.rlim_cur = worker_rlimit_nofiles;
|
|
|
|
|
rl.rlim_max = worker_rlimit_nofiles;
|
|
|
|
|
if (setrlimit(RLIMIT_NOFILE, &rl) == -1) {
|
2019-02-11 14:00:28 +01:00
|
|
|
kore_log(LOG_ERR, "setrlimit(RLIMIT_NOFILE, %u): %s",
|
2015-04-09 10:06:18 +02:00
|
|
|
worker_rlimit_nofiles, errno_s);
|
|
|
|
|
}
|
|
|
|
|
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
if (worker->ps->skip_runas == 0) {
|
2013-11-18 00:42:57 +01:00
|
|
|
if (setgroups(1, &pw->pw_gid) ||
|
2015-06-14 16:44:37 +02:00
|
|
|
#if defined(__MACH__) || defined(NetBSD)
|
2015-06-14 16:50:10 +02:00
|
|
|
setgid(pw->pw_gid) || setegid(pw->pw_gid) ||
|
2013-11-18 00:42:57 +01:00
|
|
|
setuid(pw->pw_uid) || seteuid(pw->pw_uid))
|
2013-07-17 20:17:00 +02:00
|
|
|
#else
|
2013-11-18 00:42:57 +01:00
|
|
|
setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) ||
|
|
|
|
|
setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
|
2013-07-17 20:17:00 +02:00
|
|
|
#endif
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
fatalx("cannot drop privileges (%s)", errno_s);
|
2013-11-18 00:42:57 +01:00
|
|
|
}
|
2018-07-31 06:51:34 +02:00
|
|
|
|
2019-09-25 14:25:49 +02:00
|
|
|
kore_platform_sandbox();
|
2016-06-08 13:55:14 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
|
|
|
|
kore_worker_entry(struct kore_worker *kw)
|
|
|
|
|
{
|
2021-12-22 09:50:26 +01:00
|
|
|
struct kore_runtime_call *sigcall;
|
2019-09-27 12:22:35 +02:00
|
|
|
u_int64_t last_seed;
|
2021-12-22 09:50:26 +01:00
|
|
|
int quit, had_lock, sig;
|
2020-06-26 12:25:07 +02:00
|
|
|
u_int64_t netwait, now, next_timeo;
|
2016-06-08 13:55:14 +02:00
|
|
|
|
|
|
|
|
worker = kw;
|
2013-06-26 11:18:32 +02:00
|
|
|
|
2021-09-06 13:28:38 +02:00
|
|
|
if (!kore_foreground)
|
|
|
|
|
closelog();
|
|
|
|
|
|
2019-10-31 12:52:10 +01:00
|
|
|
#if defined(__linux__)
|
|
|
|
|
kore_seccomp_traceme();
|
|
|
|
|
#endif
|
|
|
|
|
|
2019-11-06 19:33:53 +01:00
|
|
|
kore_platform_proctitle(kore_worker_name(kw->id));
|
2015-04-27 10:36:33 +02:00
|
|
|
|
|
|
|
|
if (worker_set_affinity == 1)
|
|
|
|
|
kore_platform_worker_setcpu(kw);
|
2013-06-26 11:18:32 +02:00
|
|
|
|
|
|
|
|
kore_pid = kw->pid;
|
2018-05-25 20:49:02 +02:00
|
|
|
kore_signal_setup();
|
2014-07-31 13:27:04 +02:00
|
|
|
|
2016-06-08 13:55:14 +02:00
|
|
|
if (kw->id == KORE_WORKER_KEYMGR) {
|
|
|
|
|
kore_keymgr_run();
|
|
|
|
|
exit(0);
|
|
|
|
|
}
|
2019-09-27 12:22:35 +02:00
|
|
|
|
2019-11-06 19:33:53 +01:00
|
|
|
#if defined(KORE_USE_ACME)
|
|
|
|
|
if (kw->id == KORE_WORKER_ACME) {
|
|
|
|
|
kore_acme_run();
|
|
|
|
|
exit(0);
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
2018-08-13 13:07:32 +02:00
|
|
|
net_init();
|
|
|
|
|
kore_connection_init();
|
2018-08-13 13:01:27 +02:00
|
|
|
kore_platform_event_init();
|
|
|
|
|
kore_msg_worker_init();
|
2016-06-08 13:55:14 +02:00
|
|
|
|
2019-09-27 12:22:35 +02:00
|
|
|
#if defined(KORE_USE_TASKS)
|
|
|
|
|
kore_task_init();
|
|
|
|
|
#endif
|
|
|
|
|
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
kore_worker_privsep();
|
2016-06-08 13:55:14 +02:00
|
|
|
|
2015-11-27 16:22:50 +01:00
|
|
|
#if !defined(KORE_NO_HTTP)
|
2013-06-26 11:18:32 +02:00
|
|
|
http_init();
|
2018-07-08 17:51:35 +02:00
|
|
|
kore_filemap_resolve_paths();
|
2015-11-27 16:22:50 +01:00
|
|
|
kore_accesslog_worker_init();
|
|
|
|
|
#endif
|
2015-04-06 18:54:35 +02:00
|
|
|
kore_timer_init();
|
2018-06-28 13:27:44 +02:00
|
|
|
kore_fileref_init();
|
2022-02-17 13:45:28 +01:00
|
|
|
kore_tls_keymgr_init();
|
2013-06-26 11:18:32 +02:00
|
|
|
|
|
|
|
|
quit = 0;
|
2014-07-30 15:20:09 +02:00
|
|
|
had_lock = 0;
|
2020-06-26 12:25:07 +02:00
|
|
|
next_timeo = 0;
|
2019-03-21 14:03:11 +01:00
|
|
|
accept_avail = 1;
|
2016-12-04 16:49:42 +01:00
|
|
|
worker_active_connections = 0;
|
|
|
|
|
|
2017-02-28 06:28:35 +01:00
|
|
|
last_seed = 0;
|
2019-10-04 19:20:37 +02:00
|
|
|
|
2022-02-17 13:45:28 +01:00
|
|
|
if (kore_keymgr_active) {
|
2019-10-04 19:20:37 +02:00
|
|
|
kore_msg_register(KORE_MSG_CRL, worker_keymgr_response);
|
|
|
|
|
kore_msg_register(KORE_MSG_ENTROPY_RESP, worker_entropy_recv);
|
|
|
|
|
kore_msg_register(KORE_MSG_CERTIFICATE, worker_keymgr_response);
|
|
|
|
|
|
|
|
|
|
if (worker->restarted) {
|
|
|
|
|
kore_msg_send(KORE_WORKER_KEYMGR,
|
|
|
|
|
KORE_MSG_CERTIFICATE_REQ, NULL, 0);
|
|
|
|
|
}
|
2019-11-06 19:33:53 +01:00
|
|
|
#if defined(KORE_USE_ACME)
|
|
|
|
|
kore_msg_register(KORE_ACME_CHALLENGE_SET_CERT,
|
|
|
|
|
worker_keymgr_response);
|
|
|
|
|
kore_msg_register(KORE_ACME_CHALLENGE_CLEAR_CERT,
|
|
|
|
|
worker_keymgr_response);
|
|
|
|
|
#endif
|
2018-07-11 09:44:29 +02:00
|
|
|
}
|
2017-02-28 06:28:35 +01:00
|
|
|
|
2019-03-21 14:03:11 +01:00
|
|
|
kore_msg_register(KORE_MSG_ACCEPT_AVAILABLE, worker_accept_avail);
|
|
|
|
|
|
2017-03-13 15:32:04 +01:00
|
|
|
if (nlisteners == 0)
|
|
|
|
|
worker_no_lock = 1;
|
|
|
|
|
|
2021-12-22 09:50:26 +01:00
|
|
|
worker_runtime_configure();
|
2017-02-01 17:12:11 +01:00
|
|
|
|
2017-01-26 13:26:55 +01:00
|
|
|
kore_module_onload();
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
kore_domain_callback(worker_domain_check);
|
|
|
|
|
|
|
|
|
|
kore_worker_started();
|
2018-07-11 09:44:29 +02:00
|
|
|
worker->restarted = 0;
|
2013-06-27 08:43:07 +02:00
|
|
|
|
2021-12-22 09:50:26 +01:00
|
|
|
sigcall = worker_runtime_signal();
|
|
|
|
|
|
2013-06-26 11:18:32 +02:00
|
|
|
for (;;) {
|
2014-10-22 21:16:49 +02:00
|
|
|
now = kore_time_ms();
|
|
|
|
|
|
2022-02-17 13:45:28 +01:00
|
|
|
if (kore_keymgr_active &&
|
|
|
|
|
(now - last_seed) > KORE_RESEED_TIME) {
|
2017-02-28 06:28:35 +01:00
|
|
|
kore_msg_send(KORE_WORKER_KEYMGR,
|
|
|
|
|
KORE_MSG_ENTROPY_REQ, NULL, 0);
|
|
|
|
|
last_seed = now;
|
|
|
|
|
}
|
|
|
|
|
|
2019-03-21 14:03:11 +01:00
|
|
|
if (!worker->has_lock && accept_avail) {
|
2019-03-21 10:17:08 +01:00
|
|
|
if (worker_acceptlock_obtain()) {
|
2020-09-08 11:51:06 +02:00
|
|
|
accept_avail = 0;
|
2014-10-22 21:16:49 +02:00
|
|
|
if (had_lock == 0) {
|
|
|
|
|
kore_platform_enable_accept();
|
|
|
|
|
had_lock = 1;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2014-07-30 15:20:09 +02:00
|
|
|
|
2019-03-21 10:17:08 +01:00
|
|
|
netwait = kore_timer_next_run(now);
|
2019-05-29 15:27:44 +02:00
|
|
|
|
2019-10-22 17:06:32 +02:00
|
|
|
if (netwait == KORE_WAIT_INFINITE) {
|
2020-06-16 17:29:45 +02:00
|
|
|
if (sig_recv != 0)
|
|
|
|
|
netwait = 10;
|
2019-09-20 09:37:02 +02:00
|
|
|
#if !defined(KORE_NO_HTTP)
|
2019-10-22 17:06:32 +02:00
|
|
|
if (http_request_count > 0)
|
|
|
|
|
netwait = 100;
|
2019-09-20 09:37:02 +02:00
|
|
|
#endif
|
2020-12-07 11:11:21 +01:00
|
|
|
}
|
|
|
|
|
|
2019-10-22 17:06:32 +02:00
|
|
|
#if defined(KORE_USE_PYTHON)
|
2020-12-07 11:11:21 +01:00
|
|
|
if (kore_python_coro_pending())
|
|
|
|
|
netwait = 0;
|
2019-10-22 17:06:32 +02:00
|
|
|
#endif
|
2019-05-29 15:27:44 +02:00
|
|
|
|
2018-12-22 09:25:00 +01:00
|
|
|
kore_platform_event_wait(netwait);
|
2019-03-21 10:17:08 +01:00
|
|
|
now = kore_time_ms();
|
2018-12-22 09:25:00 +01:00
|
|
|
|
2019-03-21 14:03:11 +01:00
|
|
|
if (worker->has_lock)
|
|
|
|
|
worker_acceptlock_release();
|
2018-02-14 13:48:49 +01:00
|
|
|
|
|
|
|
|
if (!worker->has_lock) {
|
|
|
|
|
if (had_lock == 1) {
|
|
|
|
|
had_lock = 0;
|
|
|
|
|
kore_platform_disable_accept();
|
|
|
|
|
}
|
2014-10-22 21:16:49 +02:00
|
|
|
}
|
2013-06-27 08:43:07 +02:00
|
|
|
|
2021-12-22 09:50:26 +01:00
|
|
|
sig = sig_recv;
|
|
|
|
|
if (sig != 0) {
|
|
|
|
|
switch (sig) {
|
2018-10-26 19:19:47 +02:00
|
|
|
case SIGHUP:
|
|
|
|
|
kore_module_reload(1);
|
|
|
|
|
break;
|
|
|
|
|
case SIGQUIT:
|
|
|
|
|
case SIGINT:
|
|
|
|
|
case SIGTERM:
|
|
|
|
|
quit = 1;
|
|
|
|
|
break;
|
|
|
|
|
case SIGCHLD:
|
|
|
|
|
#if defined(KORE_USE_PYTHON)
|
|
|
|
|
kore_python_proc_reap();
|
|
|
|
|
#endif
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2021-12-22 09:50:26 +01:00
|
|
|
if (sigcall != NULL)
|
|
|
|
|
kore_runtime_signal(sigcall, sig);
|
|
|
|
|
|
|
|
|
|
if (sig == sig_recv)
|
|
|
|
|
sig_recv = 0;
|
2018-10-26 19:19:47 +02:00
|
|
|
}
|
|
|
|
|
|
2018-12-22 09:25:00 +01:00
|
|
|
if (quit)
|
|
|
|
|
break;
|
|
|
|
|
|
2019-03-21 10:17:08 +01:00
|
|
|
kore_timer_run(now);
|
2019-06-13 12:59:17 +02:00
|
|
|
#if defined(KORE_USE_CURL)
|
2020-08-17 15:15:04 +02:00
|
|
|
kore_curl_run_scheduled();
|
2019-06-13 12:59:17 +02:00
|
|
|
kore_curl_do_timeout();
|
|
|
|
|
#endif
|
2015-11-27 16:22:50 +01:00
|
|
|
#if !defined(KORE_NO_HTTP)
|
2013-06-26 11:18:32 +02:00
|
|
|
http_process();
|
2015-11-27 16:22:50 +01:00
|
|
|
#endif
|
2018-10-15 20:18:54 +02:00
|
|
|
#if defined(KORE_USE_PYTHON)
|
|
|
|
|
kore_python_coro_run();
|
2019-06-13 12:59:17 +02:00
|
|
|
#endif
|
2020-06-26 12:25:07 +02:00
|
|
|
if (next_timeo <= now) {
|
2018-02-14 13:48:49 +01:00
|
|
|
kore_connection_check_timeout(now);
|
2020-06-26 12:25:07 +02:00
|
|
|
next_timeo = now + 500;
|
2018-02-14 13:48:49 +01:00
|
|
|
}
|
2020-06-26 12:25:07 +02:00
|
|
|
|
|
|
|
|
kore_connection_prune(KORE_CONNECTION_PRUNE_DISCONNECT);
|
2013-06-26 11:18:32 +02:00
|
|
|
}
|
|
|
|
|
|
2021-12-22 09:50:26 +01:00
|
|
|
worker_runtime_teardown();
|
2019-09-27 20:00:35 +02:00
|
|
|
kore_server_cleanup();
|
|
|
|
|
|
2016-01-04 22:40:14 +01:00
|
|
|
kore_platform_event_cleanup();
|
|
|
|
|
kore_connection_cleanup();
|
2016-02-01 12:30:20 +01:00
|
|
|
kore_domain_cleanup();
|
2022-02-17 13:45:28 +01:00
|
|
|
kore_tls_cleanup();
|
2016-06-08 13:55:14 +02:00
|
|
|
kore_module_cleanup();
|
2015-12-29 20:39:39 +01:00
|
|
|
#if !defined(KORE_NO_HTTP)
|
2016-01-04 22:40:14 +01:00
|
|
|
http_cleanup();
|
2015-12-29 20:39:39 +01:00
|
|
|
#endif
|
2016-01-04 22:40:14 +01:00
|
|
|
net_cleanup();
|
2016-06-08 13:55:14 +02:00
|
|
|
|
2017-01-12 23:38:51 +01:00
|
|
|
#if defined(KORE_USE_PYTHON)
|
|
|
|
|
kore_python_cleanup();
|
|
|
|
|
#endif
|
|
|
|
|
|
2017-02-06 11:42:53 +01:00
|
|
|
#if defined(KORE_USE_PGSQL)
|
|
|
|
|
kore_pgsql_sys_cleanup();
|
|
|
|
|
#endif
|
|
|
|
|
|
2013-06-26 11:18:32 +02:00
|
|
|
kore_debug("worker %d shutting down", kw->id);
|
2017-02-06 11:42:53 +01:00
|
|
|
|
|
|
|
|
kore_mem_cleanup();
|
2013-06-26 11:18:32 +02:00
|
|
|
exit(0);
|
|
|
|
|
}
|
|
|
|
|
|
2013-06-26 16:37:22 +02:00
|
|
|
void
|
2019-03-22 09:49:50 +01:00
|
|
|
kore_worker_reap(void)
|
2013-06-26 16:37:22 +02:00
|
|
|
{
|
|
|
|
|
pid_t pid;
|
|
|
|
|
int status;
|
|
|
|
|
|
2022-02-01 10:34:12 +01:00
|
|
|
for (;;) {
|
|
|
|
|
pid = waitpid(-worker_pgrp, &status, WNOHANG);
|
2013-06-26 16:37:22 +02:00
|
|
|
|
2022-02-01 10:34:12 +01:00
|
|
|
if (pid == -1) {
|
|
|
|
|
if (errno != ECHILD && errno != EINTR) {
|
|
|
|
|
kore_log(LOG_ERR,
|
|
|
|
|
"%s: waitpid(): %s", __func__, errno_s);
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
}
|
2019-03-22 09:49:50 +01:00
|
|
|
|
2022-02-01 10:34:12 +01:00
|
|
|
if (pid == 0)
|
|
|
|
|
break;
|
2019-10-31 12:52:10 +01:00
|
|
|
|
2022-02-01 10:34:12 +01:00
|
|
|
worker_reaper(pid, status);
|
|
|
|
|
}
|
2019-10-31 12:52:10 +01:00
|
|
|
}
|
2013-06-26 16:37:22 +02:00
|
|
|
|
2019-10-31 12:52:10 +01:00
|
|
|
void
|
|
|
|
|
kore_worker_make_busy(void)
|
|
|
|
|
{
|
|
|
|
|
if (worker_count == WORKER_SOLO_COUNT || worker_no_lock == 1)
|
2013-06-26 16:37:22 +02:00
|
|
|
return;
|
|
|
|
|
|
2019-10-31 12:52:10 +01:00
|
|
|
if (worker->has_lock) {
|
|
|
|
|
worker_unlock();
|
|
|
|
|
worker->has_lock = 0;
|
|
|
|
|
kore_msg_send(KORE_MSG_WORKER_ALL,
|
|
|
|
|
KORE_MSG_ACCEPT_AVAILABLE, NULL, 0);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-11-06 19:33:53 +01:00
|
|
|
int
|
|
|
|
|
kore_worker_keymgr_response_verify(struct kore_msg *msg, const void *data,
|
|
|
|
|
struct kore_domain **out)
|
|
|
|
|
{
|
|
|
|
|
struct kore_server *srv;
|
|
|
|
|
struct kore_domain *dom;
|
|
|
|
|
const struct kore_x509_msg *req;
|
|
|
|
|
|
|
|
|
|
if (msg->length < sizeof(*req)) {
|
|
|
|
|
kore_log(LOG_WARNING,
|
|
|
|
|
"short keymgr message (%zu)", msg->length);
|
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
req = (const struct kore_x509_msg *)data;
|
|
|
|
|
if (msg->length != (sizeof(*req) + req->data_len)) {
|
|
|
|
|
kore_log(LOG_WARNING,
|
|
|
|
|
"invalid keymgr payload (%zu)", msg->length);
|
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (req->domain[KORE_DOMAINNAME_LEN] != '\0') {
|
|
|
|
|
kore_log(LOG_WARNING, "domain not NUL-terminated");
|
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (out == NULL)
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
|
2019-11-13 11:23:02 +01:00
|
|
|
dom = NULL;
|
|
|
|
|
|
2019-11-06 19:33:53 +01:00
|
|
|
LIST_FOREACH(srv, &kore_servers, list) {
|
|
|
|
|
dom = NULL;
|
|
|
|
|
|
|
|
|
|
if (srv->tls == 0)
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
TAILQ_FOREACH(dom, &srv->domains, list) {
|
|
|
|
|
if (!strcmp(dom->domain, req->domain))
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (dom != NULL)
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (dom == NULL) {
|
|
|
|
|
kore_log(LOG_WARNING,
|
|
|
|
|
"got keymgr response for domain that does not exist");
|
|
|
|
|
return (KORE_RESULT_ERROR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
*out = dom;
|
|
|
|
|
|
|
|
|
|
return (KORE_RESULT_OK);
|
|
|
|
|
}
|
|
|
|
|
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
void
|
|
|
|
|
kore_worker_started(void)
|
|
|
|
|
{
|
|
|
|
|
const char *chroot;
|
|
|
|
|
|
|
|
|
|
if (worker->ps->skip_chroot)
|
|
|
|
|
chroot = "root";
|
|
|
|
|
else
|
|
|
|
|
chroot = "chroot";
|
|
|
|
|
|
|
|
|
|
if (!kore_quiet) {
|
|
|
|
|
kore_log(LOG_NOTICE,
|
2021-09-15 11:09:52 +02:00
|
|
|
"started (#%d %s=%s%s%s)",
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
getpid(), chroot, worker->ps->root,
|
|
|
|
|
worker->ps->skip_runas ? "" : " user=",
|
|
|
|
|
worker->ps->skip_runas ? "" : worker->ps->runas);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
worker->ready = 1;
|
|
|
|
|
}
|
|
|
|
|
|
2021-12-22 09:50:26 +01:00
|
|
|
static void
|
|
|
|
|
worker_runtime_configure(void)
|
|
|
|
|
{
|
|
|
|
|
struct kore_runtime_call *rcall;
|
|
|
|
|
|
|
|
|
|
rcall = NULL;
|
|
|
|
|
|
|
|
|
|
#if defined(KORE_USE_PYTHON)
|
|
|
|
|
rcall = kore_runtime_getcall(KORE_PYTHON_WORKER_START_HOOK);
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
if (rcall == NULL)
|
|
|
|
|
rcall = kore_runtime_getcall("kore_worker_configure");
|
|
|
|
|
|
|
|
|
|
if (rcall != NULL) {
|
|
|
|
|
kore_runtime_execute(rcall);
|
|
|
|
|
kore_free(rcall);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static struct kore_runtime_call *
|
|
|
|
|
worker_runtime_signal(void)
|
|
|
|
|
{
|
|
|
|
|
struct kore_runtime_call *rcall;
|
|
|
|
|
|
|
|
|
|
rcall = NULL;
|
|
|
|
|
|
|
|
|
|
#if defined(KORE_USE_PYTHON)
|
|
|
|
|
rcall = kore_runtime_getcall(KORE_PYTHON_SIGNAL_HOOK);
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
if (rcall == NULL)
|
|
|
|
|
rcall = kore_runtime_getcall("kore_worker_signal");
|
|
|
|
|
|
|
|
|
|
return (rcall);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
worker_runtime_teardown(void)
|
|
|
|
|
{
|
|
|
|
|
struct kore_runtime_call *rcall;
|
|
|
|
|
|
|
|
|
|
rcall = NULL;
|
|
|
|
|
|
|
|
|
|
#if defined(KORE_USE_PYTHON)
|
|
|
|
|
rcall = kore_runtime_getcall(KORE_PYTHON_WORKER_STOP_HOOK);
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
if (rcall == NULL)
|
|
|
|
|
rcall = kore_runtime_getcall("kore_worker_teardown");
|
|
|
|
|
|
|
|
|
|
if (rcall != NULL) {
|
|
|
|
|
kore_runtime_execute(rcall);
|
|
|
|
|
kore_free(rcall);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
static void
|
|
|
|
|
worker_domain_check(struct kore_domain *dom)
|
|
|
|
|
{
|
|
|
|
|
struct stat st;
|
|
|
|
|
|
|
|
|
|
if (dom->cafile != NULL) {
|
|
|
|
|
if (stat(dom->cafile, &st) == -1)
|
|
|
|
|
fatalx("'%s': %s", dom->cafile, errno_s);
|
|
|
|
|
if (access(dom->cafile, R_OK) == -1)
|
|
|
|
|
fatalx("'%s': not readable", dom->cafile, errno_s);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-10-31 12:52:10 +01:00
|
|
|
static void
|
|
|
|
|
worker_reaper(pid_t pid, int status)
|
|
|
|
|
{
|
2019-11-06 19:33:53 +01:00
|
|
|
u_int16_t idx;
|
2019-10-31 12:52:10 +01:00
|
|
|
struct kore_worker *kw;
|
|
|
|
|
const char *func;
|
|
|
|
|
|
|
|
|
|
#if defined(__linux__)
|
2019-11-06 19:33:53 +01:00
|
|
|
if (kore_seccomp_trace(pid, status))
|
|
|
|
|
return;
|
2019-10-31 12:52:10 +01:00
|
|
|
#endif
|
|
|
|
|
|
2019-11-06 19:33:53 +01:00
|
|
|
for (idx = 0; idx < worker_count; idx++) {
|
|
|
|
|
kw = WORKER(idx);
|
|
|
|
|
if (kw->pid != pid)
|
|
|
|
|
continue;
|
|
|
|
|
|
2021-11-03 17:23:05 +01:00
|
|
|
kw->msg[0]->evt.flags |= KORE_EVENT_READ;
|
|
|
|
|
net_recv_flush(kw->msg[0]);
|
|
|
|
|
|
2019-03-22 09:49:50 +01:00
|
|
|
if (!kore_quiet) {
|
2019-03-22 10:29:14 +01:00
|
|
|
kore_log(LOG_NOTICE,
|
2020-09-15 12:09:15 +02:00
|
|
|
"worker %s (%d) exited with status %d",
|
|
|
|
|
kore_worker_name(kw->id), pid, status);
|
2018-11-15 16:01:37 +01:00
|
|
|
}
|
2013-06-26 16:37:22 +02:00
|
|
|
|
2020-08-10 09:33:34 +02:00
|
|
|
kw->running = 0;
|
|
|
|
|
|
2019-10-31 12:52:10 +01:00
|
|
|
if (WIFEXITED(status) && WEXITSTATUS(status) == 0) {
|
|
|
|
|
kw->pid = 0;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2019-03-22 10:29:14 +01:00
|
|
|
func = "none";
|
2018-07-17 14:28:43 +02:00
|
|
|
#if !defined(KORE_NO_HTTP)
|
2021-09-15 11:09:52 +02:00
|
|
|
if (kw->active_route != NULL)
|
|
|
|
|
func = kw->active_route->func;
|
2018-07-17 14:28:43 +02:00
|
|
|
#endif
|
2019-03-22 10:29:14 +01:00
|
|
|
kore_log(LOG_NOTICE,
|
|
|
|
|
"worker %d (pid: %d) (hdlr: %s) gone",
|
|
|
|
|
kw->id, kw->pid, func);
|
2013-07-05 20:19:50 +02:00
|
|
|
|
2019-09-25 14:25:49 +02:00
|
|
|
#if defined(__linux__)
|
|
|
|
|
if (WIFSIGNALED(status) && WTERMSIG(status) == SIGSYS) {
|
|
|
|
|
kore_log(LOG_NOTICE,
|
|
|
|
|
"worker %d died from sandbox violation", kw->id);
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
2019-11-06 19:33:53 +01:00
|
|
|
if (kw->id == KORE_WORKER_KEYMGR ||
|
|
|
|
|
kw->id == KORE_WORKER_ACME) {
|
|
|
|
|
kore_log(LOG_CRIT,
|
|
|
|
|
"keymgr or acme process gone, stopping");
|
2019-03-22 10:29:14 +01:00
|
|
|
kw->pid = 0;
|
2022-08-08 11:02:27 +02:00
|
|
|
kore_quit = KORE_QUIT_FATAL;
|
2019-03-22 10:29:14 +01:00
|
|
|
break;
|
|
|
|
|
}
|
2016-06-08 13:55:14 +02:00
|
|
|
|
2019-03-22 10:29:14 +01:00
|
|
|
if (kw->pid == accept_lock->current &&
|
|
|
|
|
worker_no_lock == 0)
|
|
|
|
|
worker_unlock();
|
2013-07-07 14:48:32 +02:00
|
|
|
|
2018-07-17 14:28:43 +02:00
|
|
|
#if !defined(KORE_NO_HTTP)
|
2021-09-15 11:09:52 +02:00
|
|
|
if (kw->active_route != NULL) {
|
|
|
|
|
kw->active_route->errors++;
|
2019-03-22 10:29:14 +01:00
|
|
|
kore_log(LOG_NOTICE,
|
|
|
|
|
"hdlr %s has caused %d error(s)",
|
2021-09-15 11:09:52 +02:00
|
|
|
kw->active_route->func,
|
|
|
|
|
kw->active_route->errors);
|
2019-03-22 10:29:14 +01:00
|
|
|
}
|
2018-07-17 14:28:43 +02:00
|
|
|
#endif
|
2013-07-05 20:19:50 +02:00
|
|
|
|
2019-03-22 10:29:14 +01:00
|
|
|
if (worker_policy == KORE_WORKER_POLICY_TERMINATE) {
|
|
|
|
|
kw->pid = 0;
|
2013-06-27 08:43:07 +02:00
|
|
|
kore_log(LOG_NOTICE,
|
2019-03-22 10:29:14 +01:00
|
|
|
"worker policy is 'terminate', stopping");
|
2022-08-08 11:02:27 +02:00
|
|
|
kore_quit = KORE_QUIT_FATAL;
|
2019-03-22 10:29:14 +01:00
|
|
|
break;
|
2013-06-26 16:37:22 +02:00
|
|
|
}
|
2013-06-27 00:22:48 +02:00
|
|
|
|
2022-08-08 11:02:27 +02:00
|
|
|
if (kore_quit == KORE_QUIT_NONE) {
|
2021-11-03 17:23:05 +01:00
|
|
|
kore_log(LOG_NOTICE, "restarting worker %d", kw->id);
|
|
|
|
|
kw->restarted = 1;
|
|
|
|
|
kore_msg_parent_remove(kw);
|
2019-03-22 10:29:14 +01:00
|
|
|
|
2021-11-03 17:23:05 +01:00
|
|
|
if (!kore_worker_spawn(idx, kw->id, kw->cpu)) {
|
2022-08-08 11:02:27 +02:00
|
|
|
kore_quit = KORE_QUIT_FATAL;
|
2021-11-03 17:23:05 +01:00
|
|
|
kore_log(LOG_ERR, "failed to restart worker");
|
|
|
|
|
} else {
|
|
|
|
|
kore_msg_parent_add(kw);
|
|
|
|
|
}
|
Rework worker startup/privsep config.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
2021-09-07 21:59:22 +02:00
|
|
|
|
2021-11-03 17:23:05 +01:00
|
|
|
break;
|
|
|
|
|
}
|
2013-06-26 16:37:22 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-03-21 14:03:11 +01:00
|
|
|
static inline void
|
2019-03-21 10:17:08 +01:00
|
|
|
worker_acceptlock_release(void)
|
2013-10-24 09:05:46 +02:00
|
|
|
{
|
2018-02-14 13:48:49 +01:00
|
|
|
if (worker_count == WORKER_SOLO_COUNT || worker_no_lock == 1)
|
2019-03-21 14:03:11 +01:00
|
|
|
return;
|
2013-10-24 09:05:46 +02:00
|
|
|
|
|
|
|
|
if (worker->has_lock != 1)
|
2019-03-21 14:03:11 +01:00
|
|
|
return;
|
2018-02-14 13:48:49 +01:00
|
|
|
|
|
|
|
|
if (worker_active_connections < worker_max_connections) {
|
|
|
|
|
#if !defined(KORE_NO_HTTP)
|
|
|
|
|
if (http_request_count < http_request_limit)
|
2019-03-21 14:03:11 +01:00
|
|
|
return;
|
2018-02-14 13:48:49 +01:00
|
|
|
#else
|
2019-03-21 14:03:11 +01:00
|
|
|
return;
|
2018-02-14 13:48:49 +01:00
|
|
|
#endif
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#if defined(WORKER_DEBUG)
|
|
|
|
|
kore_log(LOG_DEBUG, "worker busy, releasing lock");
|
|
|
|
|
#endif
|
2013-10-24 09:05:46 +02:00
|
|
|
|
2014-07-30 15:20:09 +02:00
|
|
|
worker_unlock();
|
|
|
|
|
worker->has_lock = 0;
|
2018-02-14 13:48:49 +01:00
|
|
|
|
2019-03-21 14:03:11 +01:00
|
|
|
kore_msg_send(KORE_MSG_WORKER_ALL, KORE_MSG_ACCEPT_AVAILABLE, NULL, 0);
|
2013-10-24 09:05:46 +02:00
|
|
|
}
|
|
|
|
|
|
2014-10-22 21:16:49 +02:00
|
|
|
static inline int
|
2019-03-21 10:17:08 +01:00
|
|
|
worker_acceptlock_obtain(void)
|
2013-06-26 16:37:22 +02:00
|
|
|
{
|
2014-07-28 23:27:58 +02:00
|
|
|
int r;
|
|
|
|
|
|
2014-10-22 21:16:49 +02:00
|
|
|
if (worker->has_lock == 1)
|
|
|
|
|
return (1);
|
|
|
|
|
|
2018-02-14 13:48:49 +01:00
|
|
|
if (worker_count == WORKER_SOLO_COUNT || worker_no_lock == 1) {
|
2013-06-27 08:43:07 +02:00
|
|
|
worker->has_lock = 1;
|
2014-07-28 23:27:58 +02:00
|
|
|
return (1);
|
2013-06-26 16:37:22 +02:00
|
|
|
}
|
|
|
|
|
|
2014-07-30 15:20:09 +02:00
|
|
|
if (worker_active_connections >= worker_max_connections)
|
|
|
|
|
return (0);
|
2014-07-28 23:27:58 +02:00
|
|
|
|
2018-02-13 11:56:51 +01:00
|
|
|
#if !defined(KORE_NO_HTTP)
|
|
|
|
|
if (http_request_count >= http_request_limit)
|
|
|
|
|
return (0);
|
|
|
|
|
#endif
|
|
|
|
|
|
2014-07-30 15:20:09 +02:00
|
|
|
r = 0;
|
2013-06-27 00:22:48 +02:00
|
|
|
if (worker_trylock()) {
|
2014-07-30 15:20:09 +02:00
|
|
|
r = 1;
|
|
|
|
|
worker->has_lock = 1;
|
2018-02-14 13:48:49 +01:00
|
|
|
#if defined(WORKER_DEBUG)
|
|
|
|
|
kore_log(LOG_DEBUG, "got lock");
|
|
|
|
|
#endif
|
2013-06-26 16:37:22 +02:00
|
|
|
}
|
2014-07-28 23:27:58 +02:00
|
|
|
|
|
|
|
|
return (r);
|
2013-06-26 16:37:22 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int
|
2013-06-27 00:22:48 +02:00
|
|
|
worker_trylock(void)
|
2013-06-26 16:37:22 +02:00
|
|
|
{
|
2014-07-30 15:20:09 +02:00
|
|
|
if (!__sync_bool_compare_and_swap(&(accept_lock->lock), 0, 1))
|
2013-06-27 00:22:48 +02:00
|
|
|
return (0);
|
2013-06-26 16:37:22 +02:00
|
|
|
|
2014-07-30 15:20:09 +02:00
|
|
|
accept_lock->current = worker->pid;
|
2013-06-26 16:37:22 +02:00
|
|
|
|
2013-06-27 00:22:48 +02:00
|
|
|
return (1);
|
2013-06-26 16:37:22 +02:00
|
|
|
}
|
|
|
|
|
|
2013-06-27 00:22:48 +02:00
|
|
|
static void
|
2014-07-30 15:20:09 +02:00
|
|
|
worker_unlock(void)
|
2013-06-27 00:22:48 +02:00
|
|
|
{
|
2014-07-30 15:20:09 +02:00
|
|
|
accept_lock->current = 0;
|
|
|
|
|
if (!__sync_bool_compare_and_swap(&(accept_lock->lock), 1, 0))
|
2020-09-08 12:49:46 +02:00
|
|
|
kore_log(LOG_NOTICE, "worker_unlock(): wasn't locked");
|
2013-06-27 00:22:48 +02:00
|
|
|
}
|
2017-02-28 06:28:35 +01:00
|
|
|
|
2019-03-21 14:03:11 +01:00
|
|
|
static void
|
|
|
|
|
worker_accept_avail(struct kore_msg *msg, const void *data)
|
|
|
|
|
{
|
|
|
|
|
accept_avail = 1;
|
|
|
|
|
}
|
|
|
|
|
|
2017-02-28 06:28:35 +01:00
|
|
|
static void
|
|
|
|
|
worker_entropy_recv(struct kore_msg *msg, const void *data)
|
|
|
|
|
{
|
2017-02-28 06:31:09 +01:00
|
|
|
if (msg->length != 1024) {
|
|
|
|
|
kore_log(LOG_WARNING,
|
2018-07-11 09:44:29 +02:00
|
|
|
"invalid entropy response (got:%zu - wanted:1024)",
|
2017-02-28 06:31:09 +01:00
|
|
|
msg->length);
|
|
|
|
|
}
|
|
|
|
|
|
2022-02-17 13:45:28 +01:00
|
|
|
kore_tls_seed(data, msg->length);
|
2017-02-28 06:28:35 +01:00
|
|
|
}
|
2018-07-11 09:44:29 +02:00
|
|
|
|
|
|
|
|
static void
|
2019-01-14 11:41:50 +01:00
|
|
|
worker_keymgr_response(struct kore_msg *msg, const void *data)
|
|
|
|
|
{
|
|
|
|
|
struct kore_domain *dom;
|
|
|
|
|
const struct kore_x509_msg *req;
|
|
|
|
|
|
2019-11-06 19:33:53 +01:00
|
|
|
if (!kore_worker_keymgr_response_verify(msg, data, &dom))
|
2019-01-14 11:41:50 +01:00
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
req = (const struct kore_x509_msg *)data;
|
|
|
|
|
|
|
|
|
|
switch (msg->id) {
|
|
|
|
|
case KORE_MSG_CERTIFICATE:
|
2022-02-17 13:45:28 +01:00
|
|
|
kore_tls_domain_setup(dom, KORE_PEM_CERT_CHAIN,
|
2019-11-06 19:33:53 +01:00
|
|
|
req->data, req->data_len);
|
2019-01-14 11:41:50 +01:00
|
|
|
break;
|
|
|
|
|
case KORE_MSG_CRL:
|
2022-02-17 13:45:28 +01:00
|
|
|
kore_tls_domain_crl(dom, req->data, req->data_len);
|
2019-01-14 11:41:50 +01:00
|
|
|
break;
|
2019-11-06 19:33:53 +01:00
|
|
|
#if defined(KORE_USE_ACME)
|
|
|
|
|
case KORE_ACME_CHALLENGE_SET_CERT:
|
2022-02-18 10:20:28 +01:00
|
|
|
if (dom->tls_ctx == NULL) {
|
2022-02-17 13:45:28 +01:00
|
|
|
kore_tls_domain_setup(dom, KORE_DER_CERT_DATA,
|
2019-11-06 19:33:53 +01:00
|
|
|
req->data, req->data_len);
|
2019-09-27 12:22:35 +02:00
|
|
|
}
|
|
|
|
|
|
2019-11-06 19:33:53 +01:00
|
|
|
kore_free(dom->acme_cert);
|
|
|
|
|
dom->acme_cert_len = req->data_len;
|
|
|
|
|
dom->acme_cert = kore_calloc(1, req->data_len);
|
|
|
|
|
memcpy(dom->acme_cert, req->data, req->data_len);
|
2018-07-11 09:44:29 +02:00
|
|
|
|
2019-11-06 19:33:53 +01:00
|
|
|
kore_log(LOG_NOTICE, "[%s] tls-alpn-01 challenge active",
|
|
|
|
|
dom->domain);
|
|
|
|
|
dom->acme_challenge = 1;
|
|
|
|
|
break;
|
|
|
|
|
case KORE_ACME_CHALLENGE_CLEAR_CERT:
|
|
|
|
|
dom->acme_cert_len = 0;
|
|
|
|
|
dom->acme_challenge = 0;
|
2021-12-19 00:14:33 +01:00
|
|
|
|
2019-11-06 19:33:53 +01:00
|
|
|
kore_free(dom->acme_cert);
|
2021-12-19 00:14:33 +01:00
|
|
|
dom->acme_cert = NULL;
|
|
|
|
|
|
2019-11-06 19:33:53 +01:00
|
|
|
kore_log(LOG_NOTICE, "[%s] tls-alpn-01 challenge disabled",
|
|
|
|
|
dom->domain);
|
|
|
|
|
break;
|
|
|
|
|
#endif
|
|
|
|
|
default:
|
|
|
|
|
kore_log(LOG_WARNING, "unknown keymgr request %u", msg->id);
|
|
|
|
|
break;
|
2018-07-11 09:44:29 +02:00
|
|
|
}
|
|
|
|
|
}
|
