| Age | Commit message (Collapse) | Author |
|---|
|
This feature has been requested many times over the years. Various patches
were provided by Asherah Connor, Rivo Nurges, Markus Läll and maybe others.
These patches always stalled for various reasons.
From Sören Tempel, mostly based on Asherah's latest patch.
ok florian tb
|
|
it's a noop; nowadays both LibreSSL and OpenSSL libcrypto and libssl
initialize themselves automatically before doing anything.
ok tb
|
|
ok tb
|
|
children to just before. That way the parent disasociates from its
controling terminal and shell, but not from its children.
Remove the dup2() bits that were copied from daemon() to solve the
problem that the children still had the stdio fds open. This is now
done in the parent earlier.
Remove the setsid() and setpgid(). It is unclear what their intent
was, but they dont seem to make sense, as daemon() covers this as well
and there seems to be no reason the cildren procs need to do that.
ok claudio@ bluhm@
|
|
Only has one return value and it's never checked.
ok martijn@, tb@
|
|
fails to report the path that the failure occured on. Suggested by
deraadt@ after some tech discussion.
Work done and verified by Ashton Fagg <ashton@fagg.id.au>
ok deraadt@ semarie@ claudio@
|
|
to privsep_procid.
ok mortimer
|
|
daemons. This avoids giving an additional permission (in this case unveil(2)
"c") to the daemon just to be able to delete the socket and we already discussed
in the past that leaving that file behind doesn't cause any problems.
Discussed with deraadt@ rob@ florian@
OK rob@ benno@ deraadt@
|
|
to add new objects easier if so desired and should handle a lot more
corner-cases.
This commit should also fix the following:
- On most (all) tables it omits the *Entry elements, making it not map to
OPENBSD-RELAYD-MIB.txt.
- sstolen returns the size of the sockaddr_in{,6}, instead of the
sin{,6}_addr resulting in garbage data to be put in the ip-field.
- relaydSessionPortIn and relaydSessionPortOut are swapped
- relaydSessions only uses relaydSessionIndex, while
OPENBSD-RELAYD-MIB.txt says it should have 2 indices
- miscellaneous minor things related to the AGENTX-protocol, like wonky
index handeling and returning NOSUCHINSTANCE where NOSUCHOBJECT
should be returned, etc.
This commit does remove traps, but it's large enough as is and I intent
on adding it soon(tm). It also deprecates the snmp keyword in favour of
an agentx keyword. The snmp keyword is still available, but will be
removed in the future.
Tweaks and OK denis@ on the relayd parts
Tweaks and OK claudio@ on the agentx parts
"Get it in" deraadt@
|
|
this allows reading from anywhere in the filesystem (in order to read the
config file and those ones included from it), but also executing, which I
missed from my last attempt, because it's required for "check script(s)".
even though it's a broad permission, and the main proc cannot be pledged due to
forbidden ioctls, then this at least prevents it from creating/writing/deleting
files which is not required here.
OK benno@ a long time ago
|
|
benno@ and reky@. Man page tweaks from jmc@.
ok benno@
|
|
filesystem.
"Well the first step is to back the commit out" deraadt@
|
|
Many thanks to Bruno Flueckiger who independently sent a very similar
patch. He also tested the one I'm committing that it works as
expected.
OK tb@
|
|
Tested by many (thanks!)
Feedback & OK rob@
|
|
Moving the certs out of the relay struct will help to add multiple SNI certs.
Tested by many users (thanks!)
Feedback & OK rob@
|
|
Pass the *env as an explicit argument instead of using the global
pointer: The relay_load_certfiles() function is called early before
the *env is set up. This does not change anything in the current code
as *env is not used by anything in the function (not even
ssl_load_key() that is taking it as an argument) but it will be needed
by upcoming changes for SNI.
Ok rob@
|
|
- Don't expect the Connection header to equal Upgrade, it may include Upgrade
- Reshuffle the code to check the Upgrade/Connection headers in one place
Reported and tested by Rivo Nurges
OK and input from benno@
Cvs: ----------------------------------------------------------------------
|
|
ok benno@ deraadt@
|
|
proc_init(). As a consequence httpd(8) and relayd(8) child processes
did not detach from the terminal anymore. Dup /dev/null to the
stdio file descriptors in the children.
OK benno@
|
|
process. If env->sc_snmp is initialized with 0, snmp_init() closes
it. Set it to -1 to prevent the close(2).
OK reyk@ benno@ millert@
|
|
log updates|all
with
log state changes
log host checks
log connection [errors]
The first two control the logging of host check results: either changes in host state only or
all checks.
The third option controls logging of connections in relay mode:
Either log all connections, or only errors.
Additionaly, errors will be logged with LOG_WARN and good connections
will be logged with LOG_INFO, so they can be differentiated in syslog.
ok and feedback from claudio@
|
|
From Kapetanakis Giannis, thanks.
ok claudio@
|
|
the ca file (having all the trusted certs in them) can be so big that loading
via imsg fails.
OK beck@
|
|
if pkey_add() fails.
|
|
From Hiltjo Posthuma hiltjo -AT codemadness -DOT- org, thanks!
ok florian, claudio
|
|
engine but at least we can use a sane API for new features.
Going in now so it is possible to work with this in tree.
General agreement at d2k17.
|
|
OK reyk@, deraadt@ (previous version)
|
|
where it is used.
Currently pf is opened on every reload, that will no longer be
possible in the future with pledged programms that do ioctls.
This prepares relayd for that change.
ok deraadt@, meinetwegen reyk@
|
|
This replaces log_verbose() and "extern int verbose" with the two functions
log_setverbose() and log_getverbose().
Pointed out by benno@
OK krw@ eric@ gilles@ (OK gilles@ for the snmpd bits as well)
|
|
startup, for a short time, so we needed a rlimit hack in relayd.c.
Sync the fix from httpd: rzalamena@ has fixed proc.c and I added the
proc_flush_imsg() mechanism that makes sure that each fd is
immediately closed after forwarding it to a child process instead of
queueing it up.
OK rzalamena@ jca@ benno@
|
|
|
|
config option. Due to reordering of the code, the variable
http_methods was initialized to late. Insert a relay_http() before
load_config().
Found by make run-regress-args-http-filter-method.pl; OK reyk@
|
|
for httpd with some (current and previous) changes for relayd. Once
again, both daemons now share the same proc.c where most of the
privsep "magic" happens.
OK benno@ rzalamena@
|
|
relayd_config". This way we can send all the relevant global
configuration to the children, not just the flags and the opts.
With input from and
OK claudio@ benno@
|
|
OK benno@ rzalamena@
|
|
or killing child processes. - Based on rzalamena@'s diff for httpd.
OK deraadt@ rzalamena@
|
|
nature of relayd) to tls session tickets to do TLS session resumption.
TLS session tickets do not need to store SSL session data in the server but
instead send an encrypted ticket to the clients that allows to resume the
session. This is mostly stateless (apart from the encryption keys).
relayd now ensures that all relay processes use the same key to encrypt
the tickets. Keys are rotated every 2h and there is a primary and backup key.
The tls session timeout is set to 2h to hint to the clients how long the
session tickets is supposed to be alive.
Input and OK benno@, reyk@
|
|
(btw. hostated-hoststated-relayd's 10th birthday is on Dec 16.)
|
|
- Respond with a 400 (Bad Request) if there is more than one Host:
header to prevent ambiguities.
- Make sure that the host in the optional absolute form of
request-target (eg. GET http://www.target.com/ HTTP/1.1) matches the
Host: value. Proxies are supposed to ignore the Host: value if the
request-target exists, but relayd used to ignore the absolute
request-target form instead. In HTTP terminology, relayd is a gateway
and not a proxy, but it has to make sure that the host is validated
consistently.
OK benno@ bluhm@
|
|
titles (including flags) to distinguish between daemons, this makes it
possible to manage multiple copies of a daemon using the normal infrastructure
by symlinking rc.d scripts to a new name. ok jung@ ajacoutot@, smtpd ok gilles@
|
|
ok jung@ tedu@ deraadt@
|
|
ok mmcc@ millert@
|
|
|
|
so add a shortcut proc_compose*() that skips all of them. Only use the
full argument list if needed. The functions with full argument lists can
eventually be replaced with a nicer transaction-based approach later.
OK benno@
|
|
Move getrtable() from pfe to parent process, since its in the way of
pledge.
ok deraadt@, feedback from reyk@ on previous version.
|
|
OK benno@
|
|
include the process name, and replace all calls of fatal*(NULL) with
fatal(__func__) for better debugging.
OK benno@
|
|
strndup().
ok millert@
|
|
Pointed out by Michael McConville
|
|
protocols would be ignored, reported and fixed by J. Fischer (lists
-AT- mistrust -DOT- net) and reminded by (trondd -AT- kagu-tsuchi -DOT-
com), thanks!
ok deraadt@
|
