mirrors
/
kore
mirror of https://git.kore.io/kore.git
1
0
Fork 1
Code Issues Projects Releases Wiki Activity
1,454 Commits 5 Branches 45 Tags 4.4 MiB
Commit Graph

1454 Commits

Author SHA1 Message Date
Joris Vink 6ef8d59f7d more directly include assets.h 2018-08-13 09:16:28 +02:00
Joris Vink d1c8f95590 Show the reason why regcomp() failed if it does. 2018-08-10 08:06:09 +02:00
Joris Vink 03b927dd64 missing EPOLLET when we reschedule read/write 2018-08-01 12:17:16 +02:00
Joris Vink a927acb7ee Add pledge support under OpenBSD. 
All worker processes will now call pledge(2) after dropping
privileges (even if -rn was specified).

By default Kore will use the following promises:
	"stdio rpath inet error"

If your application requires more privileges, you can add more pledges
by setting them in your configuration using the 'pledge' directive:
	pledge dns wpath
 2018-07-31 06:51:34 +02:00
Joris Vink 69922598e7 Missing EV_CLEAR for schedule read/write on BSD. 2018-07-30 15:58:47 +02:00
Joris Vink 5b3cee3428 Use a synchronous query to issue a ROLLBACK. 2018-07-28 22:28:19 +02:00
Joris Vink 43234cd36e be less spammy if stat fails with ENOENT. 2018-07-28 22:27:38 +02:00
Joris Vink f126ba5a86 sprinkle more const around 2018-07-25 09:54:34 +02:00
Joris Vink cf1f624367 let filerefs to operate on ms precision for mtime. 2018-07-24 19:56:36 +02:00
Joris Vink a6e662a805 Add KORE_HTTP_STATE() helper macro. 
defines as KORE_HTTP_STATE(f) (#f, f) so we can get a literal representing
the name of the state function which makes debugging a little easier.
 2018-07-23 06:14:17 +02:00
Joris Vink 7f820c96e8 Make kore_auth_* public. 2018-07-19 10:28:38 +02:00
Joris Vink 67e4c8e6ba Merge branch 'master' into 3.0.0-releng 2018-07-18 16:25:49 +02:00
Joris Vink 821c1df8ec use method not allowed when required 2018-07-18 16:24:28 +02:00
Joris Vink bc4560c5e1 Merge branch 'master' into 3.0.0-releng 2018-07-18 16:13:26 +02:00
Joris Vink 916ce222b4 better fix for 5a5d9fd0. 
Don't let net_recv_flush() do things as long as the HTTP layer
owns the buffer. When we have sent a response kick the read end
back into gear ourselves by calling net_recv_flush().
 2018-07-18 16:10:41 +02:00
Joris Vink 086e2e3d5e len is a size_t, not ssize_t 2018-07-18 16:09:05 +02:00
Joris Vink 3946894e9e Merge branch 'master' into 3.0.0-releng 2018-07-18 15:14:23 +02:00
Joris Vink 25c8dfbdaa missing rpath pledge for openbsd 2018-07-18 15:14:07 +02:00
Joris Vink 64a6e3527f move to 3.1.0-release 2018-07-18 15:04:39 +02:00
Joris Vink 4e163c991c Merge branch 'master' into 3.0.0-releng 2018-07-18 15:00:23 +02:00
Joris Vink 5a5d9fd0c2 alloc space for nb->buf after taking ownership. 2018-07-18 14:36:13 +02:00
Joris Vink 27d1746940 Consume all notifications on a connection. 2018-07-18 11:40:59 +02:00
Joris Vink 2e321f14de Add KORE_PGSQL_STATE_NOTIFY. 
Issue a LISTEN channel on a kore_pgsql, bind a callback to it and you
will get called with pgsql->state being KORE_PGSQL_STATE_NOTIFY.
 2018-07-18 11:38:17 +02:00
Joris Vink 1447f6573f better http header validation. 2018-07-17 20:17:05 +02:00
Joris Vink 3312a2882f Let KORE_PREFIX override builtin prefix for kodev. 2018-07-17 15:59:59 +02:00
Joris Vink 05cccef77c toot toot 2018-07-17 15:16:27 +02:00
Joris Vink ac5a89fbeb pull in openssl/sha.h for body digest 2018-07-17 15:07:26 +02:00
Joris Vink c2289471b1 forcefully limit filemaps to GET | HEAD. 2018-07-17 15:05:20 +02:00
Joris Vink 616af063e3 Calculate an md over the incoming HTTP body. 
This is calculated while the HTTP body is incoming over the wire, once
the body is fully received the digest will be available for the page
handlers to obtain.

You can obtain a hex string for this md via http_body_digest() or
dereferences the http_request and look at http_body_digest manually
for the bytes.
 2018-07-17 14:53:55 +02:00
Joris Vink 9f2759e7b2 missing newline in error 2018-07-17 14:36:21 +02:00
Joris Vink 40a81a17ba remove kore_module_handle for NOHTTP=1 builds. 2018-07-17 14:28:43 +02:00
Joris Vink 0726a26c0c Allow restriction of methods for paths. 
Now Kore will automatically send a 400 bad request in case the
method was not allowed on the path.
 2018-07-17 14:23:57 +02:00
Joris Vink 993c5d2ac2 pledge keymgr process on openbsd 2018-07-14 21:14:02 +02:00
Joris Vink b957d26335 Let kore_worker_make_busy() not unlock solo workers 2018-07-13 21:04:59 +02:00
Joris Vink 02e7359970 Add kore_worker_make_busy(). 
Calling this from your page handler will cause your current worker
to give up the acceptlock (if it holds it).

This is particularly useful if you are about to run code that may block
a bit longer then you are comfortable with. Calling this will cause
the acceptlock to shuffle to another free worker which in turn makes
sure your application can keep accepting requests.
 2018-07-11 18:00:16 +02:00
Joris Vink 52d14a3fbf Unbreak building with LibreSSL. 2018-07-11 12:50:50 +02:00
Joris Vink 2b3119d0e2 add overview of how the keymgr works 2018-07-11 11:53:56 +02:00
Joris Vink 6cf3b3c0dc Only use kore_root_path if its explicitly set. 
Otherwise a relative path works well enough.
 2018-07-11 11:08:44 +02:00
Joris Vink 207faad3c2 we're not in GH anymore. 2018-07-11 10:04:23 +02:00
Joris Vink 77e0439225 better log messages for TLS configuration missing. 2018-07-11 09:52:05 +02:00
Joris Vink cffb7ec379 Allow on-the-fly reloading of certificates/keys. 
This commit introduces the ability for the keymgr process
to reload the certificates/keys for domains when receiving
a SIGUSR1 signal.

The keymgr receives 2 new configuration options:
	- keymgr_root_path
		The root path where the keymgr will live.
		If -n is not specified when the application starts the
		keymgr process will chroot into here.

	- keymgr_runas_user
		The user the keymgr will drop privileges towards if
		-r was not specified.

All certfile and certkey configuration options are now relative to the
keymgr_root_path configuration setting.

The keymgr process will now also load the certificate for the domain
(rather then the workers) and submit these to the worker processes so
they can be reloaded when required.

Worker processes will refuse connections until the TLS configuration
for a given domain is completed (aka: the workers receive the certificate
for that domain).

Other changes:
	- client_certificates renamed to client_verify.
	- the chroot configuration option is now called root.
	- kore is a little more verbose if privsep options are missing.
	- filemaps are now relative to the root configuration option.
 2018-07-11 09:44:29 +02:00
Joris Vink bf6c0e150f Let kore_worker_privdrop() take user and chroot. 
This will make it easier when the keymgr gets its own user/chroot settings.
 2018-07-11 06:53:51 +02:00
Joris Vink 2bf8cce43c even better 2018-07-09 14:17:39 +02:00
Joris Vink 3269fcef80 spacing 2018-07-09 14:17:10 +02:00
Joris Vink adb661b171 Merge branch 'master' into 3.0.0-releng 2018-07-09 14:06:06 +02:00
Joris Vink ac6fcf8981 deal with sendfile() in newer linux kernels. 2018-07-09 10:00:38 +00:00
Joris Vink 83bcab415f Merge branch 'master' into 3.0.0-releng 2018-07-09 09:45:49 +02:00
Joris Vink 570f9ac986 move optimzations back to -O2, not -O3. 2018-07-09 09:45:10 +02:00
Joris Vink bc1206c4fc better README now that we're moving from GH 2018-07-09 09:10:57 +02:00
Joris Vink 93c94eb9c1 add minisign public key 2018-07-09 07:42:18 +02:00