Commits
- Commit:
8af9da984379ae26d5ee17f47a6b12763a780851
- From:
- Omar Polo <op@omarpolo.com>
- Date:
fix the build with some yacc implementations
- Commit:
5af19830c3bbec71b3db5c2c19335e5e0c7ff76f
- From:
- Omar Polo <op@omarpolo.com>
- Date:
move print_conf and make it take the config as argument
- Commit:
792f302acee3122ed0f9469d8676dbb271f60849
- From:
- Omar Polo <op@omarpolo.com>
- Date:
use fatal/fatalx instead of err/errx in daemon code
- Commit:
68368f4c29e208c67724b04fd0142e233a247a2a
- From:
- Omar Polo <op@omarpolo.com>
- Date:
parse_conf: don't die on error, return -1
this avoids having the daemon dieing on SIGHUP with a bad config
file.
- Commit:
af1dab18702cf135aa80bf15065f73050c915347
- From:
- Omar Polo <op@omarpolo.com>
- Date:
don't have the config being a global
- Commit:
e45334e6ae0b658a2d3d4f47bc3e9ddfdb83a44f
- From:
- Omar Polo <op@omarpolo.com>
- Date:
move hosts into the config struct
- Commit:
5d22294a59e7e9cbe6457b9e6244fff2ede09956
- From:
- Omar Polo <op@omarpolo.com>
- Date:
move fastcgi from global var to the config struct
while here also make them a list rather than a fixed-size array.
- Commit:
deadd9e1311204415754dcfa404bec4bf3cd557c
- From:
- Omar Polo <op@omarpolo.com>
- Date:
readd proxy certs and `require client ca' support
Was temporarly disabled during the transition to real privsep.
While here, fix a memory leak when using `require client ca'.
Also, avoid leaking info about the parent address space layout to
server processes by not sending pointer values.
- Commit:
1c6967b33a31b4c24881a72dc0ab95286ece8f62
- From:
- Omar Polo <op@omarpolo.com>
- Date:
keep cert/key/ocsp path as strings and don't send them via imsg
- Commit:
fc9cc497e075cf321fe0dcf4c6783e2eeb8b9d43
- From:
- Omar Polo <op@omarpolo.com>
- Date:
move some new_* functions from parse.y to utils.c
- Commit:
c26f2460e42aa0822c283c805958989f339e7d8b
- From:
- Omar Polo <op@omarpolo.com>
- Date:
rework the daemon to do fork+exec
It uses the 'common' proc.c from various OpenBSD-daemons.
gmid grew organically bit by bit and it was also the first place where I
tried to implement privsep. It wasn't done very well, in fact the
parent process (that retains root privileges) just fork()s a generation
of servers, all sharing *exactly* the same address space. No good!
Now, we fork() and re-exec() ourselves, so that each process has a fresh
address space.
Some features (require client ca for example) are temporarly disabled,
will be fixed in subsequent commits. The "ge" program is also
temporarly disabled as it needs tweaks to do privsep too.
- Commit:
2dd5994ae172ed8162aff397b907e4fc476fbaae
- From:
- Omar Polo <op@omarpolo.com>
- Date:
use fatal() in code used in the daemon
- Commit:
eae52ad493f582222b4f2b748c0043c42bb851cb
- From:
- Omar Polo <op@omarpolo.com>
- Date:
switch to the more usual log.c
- Commit:
3a8c76eab2203c2e19ac63a2e22cea79e250cbea
- From:
- Omar Polo <op@omarpolo.com>
- Date:
rename PROC_MAX to PREFORK_MAX
- Commit:
df5058c919cbd1538d0a04cb2a4c179c0291566f
- From:
- Omar Polo <op@omarpolo.com>
- Date:
provide a more usual fatal
fatal usually appends the error string. Add 'fatalx' that doesn't.
Fix callers and move the prototypes to log.h