| Age | Commit message (Collapse) | Author |
|---|
|
|
|
any parts of his diff not taken are noted on tech
|
|
initialization.
OK tb
|
|
ok tb
|
|
children to just before. That way the parent disasociates from its
controling terminal and shell, but not from its children.
Remove the dup2() bits that were copied from daemon() to solve the
problem that the children still had the stdio fds open. This is now
done in the parent earlier.
Remove the setsid() and setpgid(). It is unclear what their intent
was, but they dont seem to make sense, as daemon() covers this as well
and there seems to be no reason the cildren procs need to do that.
ok claudio@ bluhm@
|
|
Only has one return value and it's never checked.
ok martijn@, tb@
|
|
This way we don't crash in tls_config_insecure_noverify_cert().
From Mateusz Piotrowski on bugs
ok claudio
|
|
jmc@ dislikes a comma before "then" in a conditional, so leave those
untouched.
ok jmc@
|
|
ok jmc@ sthen@ millert@
|
|
ok millert@ claudio@
|
|
This is a mostly mechanical diff which will hopefully be superseded
soon by work in libtls.
ok jsing
|
|
CA and RELAY process types don't need to communicate with other CA
or RELAY processes respectively, so don't create and distribute ipc
socketpairs.
Tested by and ok denis@
|
|
certificate instead of using it directly because BIO_new_mem_buf()
used to take an non-const buffer. This was changed in 2018, so we
can now remove an XXX and simplify the code.
ok bluhm
|
|
|
|
ok tb@
|
|
not a websockets response.
Reported by Marcus MERIGHI and Jonathon Fletcher, this fix is by Jonathon, Thanks!
ok claudio@
|
|
functions that take "char *" arguments. Where such chars are
assigned to int or passed to ctype functions, explicitly cast them
to unsigned char.
For OpenBSD's clang, -Wpointer-sign has been disabled by default,
but when the parse.y code was built elsewhere, the compiler would
complain.
With help from millert@
ok benno@ deraadt@
|
|
to work with a buffer that is not a real string.
The wpos is decremented in the wrong spot and would affect both
binary and non binary checks.
Simplify this code by using strndup.
OK rob@ benno@
|
|
consistently.
OK benno@
|
|
"%s". Same for the output of relay_expand_http().
with and ok claudio@
Found by Cedric Tessier, thanks!
|
|
As per the manual and lib/libtls/tls.c revision 1.79 from 2018
"Automatically handle library initialisation for libtls." initialisation
is handled automatically by other tls_*(3) functions.
Remove explicit tls_init() calls from base to not give the impression of
it being needed.
Feedback tb
OK Tests mestre
|
|
fails to report the path that the failure occured on. Suggested by
deraadt@ after some tech discussion.
Work done and verified by Ashton Fagg <ashton@fagg.id.au>
ok deraadt@ semarie@ claudio@
|
|
These priv-sep daemons all follow a similar design and use TAILQs
for tracking control process connections. In most cases, the TAILQs
are initialized separate from where they are used. Since the scope
of use is generally confined to a specific control process file,
this commit also removes any extern definitions and exposing the
TAILQ structures to other compilation units.
ok bluhm@, tb@
|
|
a Content-Length header). HTTP RFC 7231 section 4.3.2.
found by niklas@, claudio@ agrees.
|
|
path. These have to be dropped or every subsequent call will cause decrypt
errors. Use a sequence number cookie to keep the systems in sync.
Diff from niklas@ with some minor adjustments by myself.
|
|
previous attempt at running a check script has finished yet, so we
can avoid building up a backlog of check requests.
ok dlg@ tb@ giovanni@
|
|
no objection claudio@
ok tb@ jsing@
|
|
to privsep_procid.
ok mortimer
|
|
OK tb@
|
|
daemons. This avoids giving an additional permission (in this case unveil(2)
"c") to the daemon just to be able to delete the socket and we already discussed
in the past that leaving that file behind doesn't cause any problems.
Discussed with deraadt@ rob@ florian@
OK rob@ benno@ deraadt@
|
|
Feedback by Olivier Cherrier, Hiltjo Posthuma, Mischa
OK benno@
|
|
before accessing anything in ifa_addr.
ok claudio@
|
|
they might be able to find said metrics.
OK denis@ jmc@
|
|
OK denis@
|
|
but better safe then sorry.
OK tb@
|
|
OK tb@
Enthousiasm from Mischa Peters
|
|
|
|
confirmed by tb@. While there remove the "no" in front of the statement.
text from tb@
|
|
ok claudio
|
|
|
|
|
|
This is no issue, since a pointer is always >= 4 bytes, but incorrect is
incorrect.
Found by tb's static analyzer.
OK beck@
|
|
Found the static analyzer from tb@
OK beck@
|
|
to add new objects easier if so desired and should handle a lot more
corner-cases.
This commit should also fix the following:
- On most (all) tables it omits the *Entry elements, making it not map to
OPENBSD-RELAYD-MIB.txt.
- sstolen returns the size of the sockaddr_in{,6}, instead of the
sin{,6}_addr resulting in garbage data to be put in the ip-field.
- relaydSessionPortIn and relaydSessionPortOut are swapped
- relaydSessions only uses relaydSessionIndex, while
OPENBSD-RELAYD-MIB.txt says it should have 2 indices
- miscellaneous minor things related to the AGENTX-protocol, like wonky
index handeling and returning NOSUCHINSTANCE where NOSUCHOBJECT
should be returned, etc.
This commit does remove traps, but it's large enough as is and I intent
on adding it soon(tm). It also deprecates the snmp keyword in favour of
an agentx keyword. The snmp keyword is still available, but will be
removed in the future.
Tweaks and OK denis@ on the relayd parts
Tweaks and OK claudio@ on the agentx parts
"Get it in" deraadt@
|
|
OK millert@, florian@
|
|
this allows reading from anywhere in the filesystem (in order to read the
config file and those ones included from it), but also executing, which I
missed from my last attempt, because it's required for "check script(s)".
even though it's a broad permission, and the main proc cannot be pledged due to
forbidden ioctls, then this at least prevents it from creating/writing/deleting
files which is not required here.
OK benno@ a long time ago
|
|
Prodded by and OK jmc@
|
|
agentx header.
OK denis@
|
|
Reported by Prof. Dr. Steffen Wendzel <wendzel @ hs-worms . de>,
thanks!
OK martijn@ sthen@
|
|
with the help from tb@ jsing@; ok tb@
|
