/*** CONFIGURATION ***/
-static byte *log_name;
+static char *log_name;
static uns port = 8888;
static uns dh_bits = 1024;
static uns max_conn = 10;
static uns session_timeout;
-static byte *ca_cert_name = "?";
-static byte *server_cert_name = "?";
-static byte *server_key_name = "?";
+uns max_versions;
+static char *ca_cert_name = "?";
+static char *server_cert_name = "?";
+static char *server_key_name = "?";
+char *history_format;
static clist access_rules;
static uns trace_tls;
uns max_request_size;
uns max_attachment_size;
uns trace_commands;
+static struct cf_section ip_node_conf = {
+ CF_TYPE(struct ip_node),
+ CF_ITEMS {
+ CF_USER("IP", PTR_TO(struct ip_node, addrmask), &ip_addrmask_type),
+ CF_END
+ }
+};
+
static struct cf_section access_conf = {
CF_TYPE(struct access_rule),
CF_ITEMS {
- CF_USER("IP", PTR_TO(struct access_rule, addrmask), &ip_addrmask_type),
+ CF_LIST("IP", PTR_TO(struct access_rule, ip_list), &ip_node_conf),
CF_UNS("Admin", PTR_TO(struct access_rule, allow_admin)),
CF_UNS("PlainText", PTR_TO(struct access_rule, plain_text)),
CF_UNS("MaxConn", PTR_TO(struct access_rule, max_conn)),
CF_UNS("SessionTimeout", &session_timeout),
CF_UNS("MaxRequestSize", &max_request_size),
CF_UNS("MaxAttachSize", &max_attachment_size),
+ CF_UNS("MaxVersions", &max_versions),
CF_STRING("CACert", &ca_cert_name),
CF_STRING("ServerCert", &server_cert_name),
CF_STRING("ServerKey", &server_key_name),
+ CF_STRING("History", &history_format),
CF_LIST("Access", &access_rules, &access_conf),
CF_UNS("TraceTLS", &trace_tls),
CF_UNS("TraceCommands", &trace_commands),
lookup_rule(u32 ip)
{
CLIST_FOR_EACH(struct access_rule *, r, access_rules)
- if (ip_addrmask_match(&r->addrmask, ip))
- return r;
+ CLIST_FOR_EACH(struct ip_node *, n, r->ip_list)
+ if (ip_addrmask_match(&n->addrmask, ip))
+ return r;
return NULL;
}
int err;
err = gnutls_init(&s, GNUTLS_SERVER); TLS_CHECK(gnutls_init);
- err = gnutls_set_default_priority(s); TLS_CHECK(gnutls_set_default_priority); // FIXME
+ err = gnutls_set_default_priority(s); TLS_CHECK(gnutls_set_default_priority);
gnutls_credentials_set(s, GNUTLS_CRD_CERTIFICATE, cert_cred);
gnutls_certificate_server_set_request(s, GNUTLS_CERT_REQUEST);
gnutls_dh_set_prime_bits(s, dh_bits);
return "Cannot import certificate";
/* XXX: We do not check expiration and activation since the keys are generated for a single contest only anyway. */
- byte dn[256];
+ char dn[256];
size_t dn_len = sizeof(dn);
err = gnutls_x509_crt_get_dn_by_oid(cert, GNUTLS_OID_X520_COMMON_NAME, 0, 0, dn, &dn_len);
if (err < 0)
c->cert_name = xstrdup(dn);
/* Check certificate purpose */
- byte purp[256];
+ char purp[256];
int purpi = 0;
do
{
static void
reap_child(pid_t pid, int status)
{
- byte buf[EXIT_STATUS_MSG_SIZE];
+ char buf[EXIT_STATUS_MSG_SIZE];
if (format_exit_status(buf, status))
msg(L_ERROR, "Child %d %s", (int)pid, buf);
die("accept: %m");
}
- byte ipbuf[INET_ADDRSTRLEN];
+ char ipbuf[INET_ADDRSTRLEN];
inet_ntop(AF_INET, &sa.sin_addr, ipbuf, sizeof(ipbuf));
u32 addr = ntohl(sa.sin_addr.s_addr);
uns port = ntohs(sa.sin_port);