Document TEXT_x_COMMENT.

[eval.git] / submit / submitd.c

diff --git a/submit/submitd.c b/submit/submitd.c
index 3aadc75f7352e952ae250c200f0f262d1202f384..b3a52b6dd54520a2fe465e814bb753b5f7cdd682 100644 (file)
--- a/submit/submitd.c
+++ b/submit/submitd.c
@@ -6,9 +6,9 @@
 
 #undef LOCAL_DEBUG
 
-#include "lib/lib.h"
-#include "lib/conf.h"
-#include "lib/getopt.h"
+#include "ucw/lib.h"
+#include "ucw/conf.h"
+#include "ucw/getopt.h"
 
 #include <string.h>
 #include <stdlib.h>
@@ -25,23 +25,34 @@
 
 /*** CONFIGURATION ***/
 
+static char *log_name;
 static uns port = 8888;
 static uns dh_bits = 1024;
 static uns max_conn = 10;
 static uns session_timeout;
-static byte *ca_cert_name = "?";
-static byte *server_cert_name = "?";
-static byte *server_key_name = "?";
+uns max_versions;
+static char *ca_cert_name = "?";
+static char *server_cert_name = "?";
+static char *server_key_name = "?";
+char *history_format;
 static clist access_rules;
 static uns trace_tls;
 uns max_request_size;
 uns max_attachment_size;
 uns trace_commands;
 
+static struct cf_section ip_node_conf = {
+  CF_TYPE(struct ip_node),
+  CF_ITEMS {
+    CF_USER("IP", PTR_TO(struct ip_node, addrmask), &ip_addrmask_type),
+    CF_END
+  }
+};
+
 static struct cf_section access_conf = {
   CF_TYPE(struct access_rule),
   CF_ITEMS {
-    CF_USER("IP", PTR_TO(struct access_rule, addrmask), &ip_addrmask_type),
+    CF_LIST("IP", PTR_TO(struct access_rule, ip_list), &ip_node_conf),
     CF_UNS("Admin", PTR_TO(struct access_rule, allow_admin)),
     CF_UNS("PlainText", PTR_TO(struct access_rule, plain_text)),
     CF_UNS("MaxConn", PTR_TO(struct access_rule, max_conn)),
@@ -51,15 +62,18 @@ static struct cf_section access_conf = {
 
 static struct cf_section submitd_conf = {
   CF_ITEMS {
+    CF_STRING("LogFile", &log_name),
     CF_UNS("Port", &port),
     CF_UNS("DHBits", &dh_bits),
     CF_UNS("MaxConn", &max_conn),
     CF_UNS("SessionTimeout", &session_timeout),
     CF_UNS("MaxRequestSize", &max_request_size),
     CF_UNS("MaxAttachSize", &max_attachment_size),
+    CF_UNS("MaxVersions", &max_versions),
     CF_STRING("CACert", &ca_cert_name),
     CF_STRING("ServerCert", &server_cert_name),
     CF_STRING("ServerKey", &server_key_name),
+    CF_STRING("History", &history_format),
     CF_LIST("Access", &access_rules, &access_conf),
     CF_UNS("TraceTLS", &trace_tls),
     CF_UNS("TraceCommands", &trace_commands),
@@ -103,8 +117,9 @@ static struct access_rule *
 lookup_rule(u32 ip)
 {
   CLIST_FOR_EACH(struct access_rule *, r, access_rules)
-    if (ip_addrmask_match(&r->addrmask, ip))
-      return r;
+    CLIST_FOR_EACH(struct ip_node *, n, r->ip_list)
+      if (ip_addrmask_match(&n->addrmask, ip))
+       return r;
   return NULL;
 }
 
@@ -154,7 +169,7 @@ tls_new_session(int sk)
   int err;
 
   err = gnutls_init(&s, GNUTLS_SERVER); TLS_CHECK(gnutls_init);
-  err = gnutls_set_default_priority(s); TLS_CHECK(gnutls_set_default_priority);                        // FIXME
+  err = gnutls_set_default_priority(s); TLS_CHECK(gnutls_set_default_priority);
   gnutls_credentials_set(s, GNUTLS_CRD_CERTIFICATE, cert_cred);
   gnutls_certificate_server_set_request(s, GNUTLS_CERT_REQUEST);
   gnutls_dh_set_prime_bits(s, dh_bits);
@@ -195,17 +210,17 @@ tls_verify_cert(struct conn *c)
     return "Cannot import certificate";
   /* XXX: We do not check expiration and activation since the keys are generated for a single contest only anyway. */
 
-  byte dn[256];
+  char dn[256];
   size_t dn_len = sizeof(dn);
   err = gnutls_x509_crt_get_dn_by_oid(cert, GNUTLS_OID_X520_COMMON_NAME, 0, 0, dn, &dn_len);
   if (err < 0)
     return "Cannot retrieve common name";
   if (trace_tls)
-    log(L_INFO, "Cert CN: %s", dn);
+    msg(L_INFO, "Cert CN: %s", dn);
   c->cert_name = xstrdup(dn);
 
   /* Check certificate purpose */
-  byte purp[256];
+  char purp[256];
   int purpi = 0;
   do
     {
@@ -234,7 +249,7 @@ tls_log_params(struct conn *c)
   const char *comp = gnutls_compression_get_name(gnutls_compression_get(s));
   const char *cipher = gnutls_cipher_get_name(gnutls_cipher_get(s));
   const char *mac = gnutls_mac_get_name(gnutls_mac_get(s));
-  log(L_DEBUG, "TLS params: proto=%s kx=%s cert=%s comp=%s cipher=%s mac=%s",
+  msg(L_DEBUG, "TLS params: proto=%s kx=%s cert=%s comp=%s cipher=%s mac=%s",
     proto, kx, cert, comp, cipher, mac);
 }
 
@@ -245,7 +260,7 @@ client_error(char *msg, ...)
 {
   va_list args;
   va_start(args, msg);
-  vlog_msg(L_ERROR_R, msg, args);
+  vmsg(L_ERROR_R, msg, args);
   exit(0);
 }
 
@@ -375,7 +390,7 @@ client_loop(struct conn *c)
 
   alarm(session_timeout);
   if (!process_init(c))
-    log(L_ERROR, "Protocol handshake failed");
+    msg(L_ERROR, "Protocol handshake failed");
   else
     {
       setproctitle("submitd: client %s (%s)", c->ip_string, c->user);
@@ -405,18 +420,18 @@ sigchld_handler(int sig UNUSED)
 static void
 reap_child(pid_t pid, int status)
 {
-  byte msg[EXIT_STATUS_MSG_SIZE];
-  if (format_exit_status(msg, status))
-    log(L_ERROR, "Child %d %s", (int)pid, msg);
+  char buf[EXIT_STATUS_MSG_SIZE];
+  if (format_exit_status(buf, status))
+    msg(L_ERROR, "Child %d %s", (int)pid, buf);
 
   CLIST_FOR_EACH(struct conn *, c, connections)
     if (c->pid == pid)
       {
-       log(L_INFO, "Connection %d closed", c->id);
+       msg(L_INFO, "Connection %d closed", c->id);
        conn_free(c);
        return;
       }
-  log(L_ERROR, "Cannot find connection for child process %d", (int)pid);
+  msg(L_ERROR, "Cannot find connection for child process %d", (int)pid);
 }
 
 static int listen_sk;
@@ -455,7 +470,7 @@ sk_accept(void)
       die("accept: %m");
     }
 
-  byte ipbuf[INET_ADDRSTRLEN];
+  char ipbuf[INET_ADDRSTRLEN];
   inet_ntop(AF_INET, &sa.sin_addr, ipbuf, sizeof(ipbuf));
   u32 addr = ntohl(sa.sin_addr.s_addr);
   uns port = ntohs(sa.sin_port);
@@ -481,7 +496,7 @@ sk_accept(void)
     }
 
   struct conn *c = conn_new();
-  log(L_INFO, "Connection from %s:%d (id %d, %s, %s)",
+  msg(L_INFO, "Connection from %s:%d (id %d, %s, %s)",
        ipbuf, port, c->id,
        (rule->plain_text ? "plain-text" : "TLS"),
        (rule->allow_admin ? "admin" : "user"));
@@ -495,7 +510,7 @@ sk_accept(void)
     {
       conn_free(c);
       err = "Server overloaded";
-      log(L_ERROR, "Fork failed: %m");
+      msg(L_ERROR, "Fork failed: %m");
       goto reject2;
     }
   if (!c->pid)
@@ -508,12 +523,12 @@ sk_accept(void)
   return;
 
 reject:
-  log(L_ERROR_R, "Connection from %s:%d rejected (%s)", ipbuf, port, err);
+  msg(L_ERROR_R, "Connection from %s:%d rejected (%s)", ipbuf, port, err);
 reject2: ;
   // Write an error message to the socket, but do not allow it to slow us down
   struct linger ling = { .l_onoff=0 };
   if (setsockopt(sk, SOL_SOCKET, SO_LINGER, &ling, sizeof(ling)) < 0)
-    log(L_ERROR, "Cannot set SO_LINGER: %m");
+    msg(L_ERROR, "Cannot set SO_LINGER: %m");
   write(sk, "-", 1);
   write(sk, err, strlen(err));
   write(sk, "\n", 1);
@@ -523,7 +538,7 @@ reject2: ;
 int main(int argc, char **argv)
 {
   setproctitle_init(argc, argv);
-  cf_def_file = "submit/config";
+  cf_def_file = "cf/submitd";
   cf_declare_section("SubmitD", &submitd_conf, 0);
   cf_declare_section("Tasks", &tasks_conf, 0);
 
@@ -531,12 +546,14 @@ int main(int argc, char **argv)
   if ((opt = cf_getopt(argc, argv, CF_SHORT_OPTS, CF_NO_LONG_OPTS, NULL)) >= 0)
     die("This program has no options");
 
-  log(L_INFO, "Initializing TLS");
+  log_file(log_name);
+
+  msg(L_INFO, "Initializing TLS");
   tls_init();
 
   conn_init();
   sk_init();
-  log(L_INFO, "Listening on port %d", port);
+  msg(L_INFO, "Listening on port %d", port);
 
   struct sigaction sa = {
     .sa_handler = sigchld_handler