X-Git-Url: http://mj.ucw.cz/gitweb/?a=blobdiff_plain;f=submit%2Fsubmitd.c;h=d062815b46cd6ab8014ab6f4396c6b5b97e63732;hb=7f2e359de204a796c750d3187d4619792510af8b;hp=e8578f601437ee06ca87ddea4506b77c56d6be00;hpb=6324cb417d421274a384cfae916b039cbe56d6e0;p=moe.git diff --git a/submit/submitd.c b/submit/submitd.c index e8578f6..d062815 100644 --- a/submit/submitd.c +++ b/submit/submitd.c @@ -25,24 +25,34 @@ /*** CONFIGURATION ***/ -static byte *log_name; +static char *log_name; static uns port = 8888; static uns dh_bits = 1024; static uns max_conn = 10; static uns session_timeout; -static byte *ca_cert_name = "?"; -static byte *server_cert_name = "?"; -static byte *server_key_name = "?"; +uns max_versions; +static char *ca_cert_name = "?"; +static char *server_cert_name = "?"; +static char *server_key_name = "?"; +char *history_format; static clist access_rules; static uns trace_tls; uns max_request_size; uns max_attachment_size; uns trace_commands; +static struct cf_section ip_node_conf = { + CF_TYPE(struct ip_node), + CF_ITEMS { + CF_USER("IP", PTR_TO(struct ip_node, addrmask), &ip_addrmask_type), + CF_END + } +}; + static struct cf_section access_conf = { CF_TYPE(struct access_rule), CF_ITEMS { - CF_USER("IP", PTR_TO(struct access_rule, addrmask), &ip_addrmask_type), + CF_LIST("IP", PTR_TO(struct access_rule, ip_list), &ip_node_conf), CF_UNS("Admin", PTR_TO(struct access_rule, allow_admin)), CF_UNS("PlainText", PTR_TO(struct access_rule, plain_text)), CF_UNS("MaxConn", PTR_TO(struct access_rule, max_conn)), @@ -59,9 +69,11 @@ static struct cf_section submitd_conf = { CF_UNS("SessionTimeout", &session_timeout), CF_UNS("MaxRequestSize", &max_request_size), CF_UNS("MaxAttachSize", &max_attachment_size), + CF_UNS("MaxVersions", &max_versions), CF_STRING("CACert", &ca_cert_name), CF_STRING("ServerCert", &server_cert_name), CF_STRING("ServerKey", &server_key_name), + CF_STRING("History", &history_format), CF_LIST("Access", &access_rules, &access_conf), CF_UNS("TraceTLS", &trace_tls), CF_UNS("TraceCommands", &trace_commands), @@ -105,8 +117,9 @@ static struct access_rule * lookup_rule(u32 ip) { CLIST_FOR_EACH(struct access_rule *, r, access_rules) - if (ip_addrmask_match(&r->addrmask, ip)) - return r; + CLIST_FOR_EACH(struct ip_node *, n, r->ip_list) + if (ip_addrmask_match(&n->addrmask, ip)) + return r; return NULL; } @@ -156,7 +169,7 @@ tls_new_session(int sk) int err; err = gnutls_init(&s, GNUTLS_SERVER); TLS_CHECK(gnutls_init); - err = gnutls_set_default_priority(s); TLS_CHECK(gnutls_set_default_priority); // FIXME + err = gnutls_set_default_priority(s); TLS_CHECK(gnutls_set_default_priority); gnutls_credentials_set(s, GNUTLS_CRD_CERTIFICATE, cert_cred); gnutls_certificate_server_set_request(s, GNUTLS_CERT_REQUEST); gnutls_dh_set_prime_bits(s, dh_bits); @@ -197,7 +210,7 @@ tls_verify_cert(struct conn *c) return "Cannot import certificate"; /* XXX: We do not check expiration and activation since the keys are generated for a single contest only anyway. */ - byte dn[256]; + char dn[256]; size_t dn_len = sizeof(dn); err = gnutls_x509_crt_get_dn_by_oid(cert, GNUTLS_OID_X520_COMMON_NAME, 0, 0, dn, &dn_len); if (err < 0) @@ -207,7 +220,7 @@ tls_verify_cert(struct conn *c) c->cert_name = xstrdup(dn); /* Check certificate purpose */ - byte purp[256]; + char purp[256]; int purpi = 0; do { @@ -407,7 +420,7 @@ sigchld_handler(int sig UNUSED) static void reap_child(pid_t pid, int status) { - byte buf[EXIT_STATUS_MSG_SIZE]; + char buf[EXIT_STATUS_MSG_SIZE]; if (format_exit_status(buf, status)) msg(L_ERROR, "Child %d %s", (int)pid, buf); @@ -457,7 +470,7 @@ sk_accept(void) die("accept: %m"); } - byte ipbuf[INET_ADDRSTRLEN]; + char ipbuf[INET_ADDRSTRLEN]; inet_ntop(AF_INET, &sa.sin_addr, ipbuf, sizeof(ipbuf)); u32 addr = ntohl(sa.sin_addr.s_addr); uns port = ntohs(sa.sin_port); @@ -525,7 +538,7 @@ reject2: ; int main(int argc, char **argv) { setproctitle_init(argc, argv); - cf_def_file = "submit/config"; + cf_def_file = "cf/submitd"; cf_declare_section("SubmitD", &submitd_conf, 0); cf_declare_section("Tasks", &tasks_conf, 0);