commit - 3826d7de43d3b9078c5e18e0074799a3a9ee682e
commit + 226f13ece0b309abeee0ae8a4d8c9f049fe896a7
blob - d939839f11b24c07652588fa75b81db20025b4d3
blob + 753bb7267b7a86e0c7c8568d4f0cc2c0892f5a9e
--- config.c
+++ config.c
ps = conf->ps;
use_privsep_crypto = conf->use_privsep_crypto;
+ free(conf->log_access);
free_mime(&conf->mime);
TAILQ_FOREACH_SAFE(f, &conf->fcgi, fcgi, tf) {
TAILQ_REMOVE(&conf->fcgi, f, fcgi);
blob - 663de426bfd7c13107510938e06c320df759965f
blob + 6a7132c19fdb68aaecf8d099ef114d99e1c5b41c
--- gmid.c
+++ gmid.c
main_configure(struct conf *conf)
{
struct privsep *ps = conf->ps;
+ int fd = -1;
+
+ if (!debug) {
+ if (conf->log_access && (fd = open(conf->log_access,
+ O_WRONLY|O_CREAT|O_APPEND, 0600)) == -1)
+ log_warn("can't open %s", conf->log_access);
+ if (proc_compose_imsg(ps, PROC_LOGGER, -1, IMSG_LOG_TYPE,
+ -1, fd, NULL, 0) == -1)
+ return -1;
+ }
conf->reload = conf->prefork + 1; /* servers, crypto */
blob - 0a1c175d0479b48648a7f6a79797e380d23d79a1
blob + dda781cdcdaf9f808a06c94e2e1e810d9f0790c6
--- gmid.conf.5
+++ gmid.conf.5
Defaults to the
.Ic user
home directory, if provided.
+.It Ic log Ar options
+Specify logging options.
+Multiple options may be provided within curly braces.
+The available options are as follows:
+.Bl -tag -width Ds
+.It Ic syslog
+Log to syslog.
+This is the default behaviour.
+.It Ic access Ar file
+Log the requests to
+.Ar file .
+.El
.It Ic prefork Ar number
Run the specified number of server processes.
This increases the performance and prevents delays when connecting to
blob - fbeeecbd11131d3f6ed77d79cf22e6e926f7cb8d
blob + 734ad54ee4b25530727537e969aaeb313b944ca2
--- gmid.h
+++ gmid.h
char user[LOGIN_NAME_MAX];
int prefork;
int reload;
+ char *log_access;
int use_privsep_crypto;
struct fcgihead fcgi;
blob - 479c094fcd564cd9c1d5a60a456c3cd20fb51160
blob + 674437b99bf55b57b54204be396b4a192fc14197
--- parse.y
+++ parse.y
/* for bison: */
/* %define parse.error verbose */
-%token ALIAS AUTO
+%token ACCESS ALIAS AUTO
%token BLOCK
%token CA CERT CHROOT CLIENT
%token DEFAULT
%token OCSP OFF ON
%token PARAM PORT PREFORK PROTO PROTOCOLS PROXY
%token RELAY_TO REQUIRE RETURN ROOT
-%token SERVER SNI SOCKET STRIP
+%token SERVER SNI SOCKET STRIP SYSLOG
%token TCP TOEXT TYPE TYPES
%token USE_TLS USER
%token VERIFYNAME
else
default_host = "0.0.0.0";
}
+ | log
| PORT NUM {
yywarn("option `port' is deprecated,"
" please use `listen on'");
yyerror("user name too long");
free($2);
}
+ ;
+
+log : LOG '{' optnl logopts '}'
+ | LOG logopt
;
+logopts : /* empty */
+ | logopts logopt optnl
+ ;
+
+logopt : SYSLOG {
+ free(conf->log_access);
+ conf->log_access = NULL;
+ }
+ | ACCESS string {
+ free(conf->log_access);
+ conf->log_access = $2;
+ }
+ ;
+
vhost : SERVER string {
host = new_vhost();
TAILQ_INSERT_HEAD(&conf->hosts, host, vhosts);
int token;
} keywords[] = {
/* these MUST be sorted */
+ {"access", ACCESS},
{"alias", ALIAS},
{"auto", AUTO},
{"block", BLOCK},
{"sni", SNI},
{"socket", SOCKET},
{"strip", STRIP},
+ {"syslog", SYSLOG},
{"tcp", TCP},
{"to-ext", TOEXT},
{"type", TYPE},
blob - 57ed6d856157cdc4192ca340f8b103f32bf8eff2
blob + 0e7e4ada9d08a1068809c56aa8cfb75d00b8f3e1
--- sandbox.c
+++ sandbox.c
void
sandbox_main_process(void)
{
- if (pledge("stdio rpath inet dns sendfd", NULL) == -1)
+ if (pledge("stdio rpath wpath cpath inet dns sendfd", NULL) == -1)
fatal("pledge");
}