X-Git-Url: http://mj.ucw.cz/gitweb/?a=blobdiff_plain;f=submit%2Fsubmitd.c;h=b3a52b6dd54520a2fe465e814bb753b5f7cdd682;hb=9fcd780fa33e62f56e9449837fdcbbb223e28d6c;hp=211cc1b12a4b5ba104dbd2531e61b1c933112efc;hpb=bdd61c84b621a5b53a78c7401094720ac1529126;p=moe.git diff --git a/submit/submitd.c b/submit/submitd.c index 211cc1b..b3a52b6 100644 --- a/submit/submitd.c +++ b/submit/submitd.c @@ -4,16 +4,11 @@ * (c) 2007 Martin Mares */ -/* - * FIXME: - * - competition timeout & per-contestant exceptions - */ - #undef LOCAL_DEBUG -#include "lib/lib.h" -#include "lib/conf.h" -#include "lib/getopt.h" +#include "ucw/lib.h" +#include "ucw/conf.h" +#include "ucw/getopt.h" #include #include @@ -30,23 +25,34 @@ /*** CONFIGURATION ***/ +static char *log_name; static uns port = 8888; static uns dh_bits = 1024; static uns max_conn = 10; static uns session_timeout; -static byte *ca_cert_name = "?"; -static byte *server_cert_name = "?"; -static byte *server_key_name = "?"; +uns max_versions; +static char *ca_cert_name = "?"; +static char *server_cert_name = "?"; +static char *server_key_name = "?"; +char *history_format; static clist access_rules; static uns trace_tls; uns max_request_size; uns max_attachment_size; uns trace_commands; +static struct cf_section ip_node_conf = { + CF_TYPE(struct ip_node), + CF_ITEMS { + CF_USER("IP", PTR_TO(struct ip_node, addrmask), &ip_addrmask_type), + CF_END + } +}; + static struct cf_section access_conf = { CF_TYPE(struct access_rule), CF_ITEMS { - CF_USER("IP", PTR_TO(struct access_rule, addrmask), &ip_addrmask_type), + CF_LIST("IP", PTR_TO(struct access_rule, ip_list), &ip_node_conf), CF_UNS("Admin", PTR_TO(struct access_rule, allow_admin)), CF_UNS("PlainText", PTR_TO(struct access_rule, plain_text)), CF_UNS("MaxConn", PTR_TO(struct access_rule, max_conn)), @@ -54,25 +60,20 @@ static struct cf_section access_conf = { } }; -static byte * -config_init(void) -{ - clist_init(&access_rules); - return NULL; -} - static struct cf_section submitd_conf = { - CF_INIT(config_init), CF_ITEMS { + CF_STRING("LogFile", &log_name), CF_UNS("Port", &port), CF_UNS("DHBits", &dh_bits), CF_UNS("MaxConn", &max_conn), CF_UNS("SessionTimeout", &session_timeout), CF_UNS("MaxRequestSize", &max_request_size), CF_UNS("MaxAttachSize", &max_attachment_size), + CF_UNS("MaxVersions", &max_versions), CF_STRING("CACert", &ca_cert_name), CF_STRING("ServerCert", &server_cert_name), CF_STRING("ServerKey", &server_key_name), + CF_STRING("History", &history_format), CF_LIST("Access", &access_rules, &access_conf), CF_UNS("TraceTLS", &trace_tls), CF_UNS("TraceCommands", &trace_commands), @@ -116,8 +117,9 @@ static struct access_rule * lookup_rule(u32 ip) { CLIST_FOR_EACH(struct access_rule *, r, access_rules) - if (ip_addrmask_match(&r->addrmask, ip)) - return r; + CLIST_FOR_EACH(struct ip_node *, n, r->ip_list) + if (ip_addrmask_match(&n->addrmask, ip)) + return r; return NULL; } @@ -167,7 +169,7 @@ tls_new_session(int sk) int err; err = gnutls_init(&s, GNUTLS_SERVER); TLS_CHECK(gnutls_init); - err = gnutls_set_default_priority(s); TLS_CHECK(gnutls_set_default_priority); // FIXME + err = gnutls_set_default_priority(s); TLS_CHECK(gnutls_set_default_priority); gnutls_credentials_set(s, GNUTLS_CRD_CERTIFICATE, cert_cred); gnutls_certificate_server_set_request(s, GNUTLS_CERT_REQUEST); gnutls_dh_set_prime_bits(s, dh_bits); @@ -208,17 +210,17 @@ tls_verify_cert(struct conn *c) return "Cannot import certificate"; /* XXX: We do not check expiration and activation since the keys are generated for a single contest only anyway. */ - byte dn[256]; + char dn[256]; size_t dn_len = sizeof(dn); err = gnutls_x509_crt_get_dn_by_oid(cert, GNUTLS_OID_X520_COMMON_NAME, 0, 0, dn, &dn_len); if (err < 0) return "Cannot retrieve common name"; if (trace_tls) - log(L_INFO, "Cert CN: %s", dn); + msg(L_INFO, "Cert CN: %s", dn); c->cert_name = xstrdup(dn); /* Check certificate purpose */ - byte purp[256]; + char purp[256]; int purpi = 0; do { @@ -247,7 +249,7 @@ tls_log_params(struct conn *c) const char *comp = gnutls_compression_get_name(gnutls_compression_get(s)); const char *cipher = gnutls_cipher_get_name(gnutls_cipher_get(s)); const char *mac = gnutls_mac_get_name(gnutls_mac_get(s)); - log(L_DEBUG, "TLS params: proto=%s kx=%s cert=%s comp=%s cipher=%s mac=%s", + msg(L_DEBUG, "TLS params: proto=%s kx=%s cert=%s comp=%s cipher=%s mac=%s", proto, kx, cert, comp, cipher, mac); } @@ -258,7 +260,7 @@ client_error(char *msg, ...) { va_list args; va_start(args, msg); - vlog_msg(L_ERROR_R, msg, args); + vmsg(L_ERROR_R, msg, args); exit(0); } @@ -388,7 +390,7 @@ client_loop(struct conn *c) alarm(session_timeout); if (!process_init(c)) - log(L_ERROR, "Protocol handshake failed"); + msg(L_ERROR, "Protocol handshake failed"); else { setproctitle("submitd: client %s (%s)", c->ip_string, c->user); @@ -418,18 +420,18 @@ sigchld_handler(int sig UNUSED) static void reap_child(pid_t pid, int status) { - byte msg[EXIT_STATUS_MSG_SIZE]; - if (format_exit_status(msg, status)) - log(L_ERROR, "Child %d %s", (int)pid, msg); + char buf[EXIT_STATUS_MSG_SIZE]; + if (format_exit_status(buf, status)) + msg(L_ERROR, "Child %d %s", (int)pid, buf); CLIST_FOR_EACH(struct conn *, c, connections) if (c->pid == pid) { - log(L_INFO, "Connection %d closed", c->id); + msg(L_INFO, "Connection %d closed", c->id); conn_free(c); return; } - log(L_ERROR, "Cannot find connection for child process %d", (int)pid); + msg(L_ERROR, "Cannot find connection for child process %d", (int)pid); } static int listen_sk; @@ -468,7 +470,7 @@ sk_accept(void) die("accept: %m"); } - byte ipbuf[INET_ADDRSTRLEN]; + char ipbuf[INET_ADDRSTRLEN]; inet_ntop(AF_INET, &sa.sin_addr, ipbuf, sizeof(ipbuf)); u32 addr = ntohl(sa.sin_addr.s_addr); uns port = ntohs(sa.sin_port); @@ -494,7 +496,7 @@ sk_accept(void) } struct conn *c = conn_new(); - log(L_INFO, "Connection from %s:%d (id %d, %s, %s)", + msg(L_INFO, "Connection from %s:%d (id %d, %s, %s)", ipbuf, port, c->id, (rule->plain_text ? "plain-text" : "TLS"), (rule->allow_admin ? "admin" : "user")); @@ -508,7 +510,7 @@ sk_accept(void) { conn_free(c); err = "Server overloaded"; - log(L_ERROR, "Fork failed: %m"); + msg(L_ERROR, "Fork failed: %m"); goto reject2; } if (!c->pid) @@ -521,12 +523,12 @@ sk_accept(void) return; reject: - log(L_ERROR_R, "Connection from %s:%d rejected (%s)", ipbuf, port, err); + msg(L_ERROR_R, "Connection from %s:%d rejected (%s)", ipbuf, port, err); reject2: ; // Write an error message to the socket, but do not allow it to slow us down struct linger ling = { .l_onoff=0 }; if (setsockopt(sk, SOL_SOCKET, SO_LINGER, &ling, sizeof(ling)) < 0) - log(L_ERROR, "Cannot set SO_LINGER: %m"); + msg(L_ERROR, "Cannot set SO_LINGER: %m"); write(sk, "-", 1); write(sk, err, strlen(err)); write(sk, "\n", 1); @@ -536,19 +538,22 @@ reject2: ; int main(int argc, char **argv) { setproctitle_init(argc, argv); - cf_def_file = "config"; + cf_def_file = "cf/submitd"; cf_declare_section("SubmitD", &submitd_conf, 0); + cf_declare_section("Tasks", &tasks_conf, 0); int opt; if ((opt = cf_getopt(argc, argv, CF_SHORT_OPTS, CF_NO_LONG_OPTS, NULL)) >= 0) die("This program has no options"); - log(L_INFO, "Initializing TLS"); + log_file(log_name); + + msg(L_INFO, "Initializing TLS"); tls_init(); conn_init(); sk_init(); - log(L_INFO, "Listening on port %d", port); + msg(L_INFO, "Listening on port %d", port); struct sigaction sa = { .sa_handler = sigchld_handler