static int
configure_load(char **argv)
{
if (argv[1] == NULL)
return (KORE_RESULT_ERROR);
kore_module_load(argv[1]);
return (KORE_RESULT_OK);
}
int
main(int argc, char *argv[])
{
int ch, flags;
flags = 0;
#if !defined(KORE_SINGLE_BINARY)
while ((ch = getopt(argc, argv, "c:dfhnrv")) != -1) {
#else
while ((ch = getopt(argc, argv, "dfhnrv")) != -1) {
#endif
flags++;
switch (ch) {
#if !defined(KORE_SINGLE_BINARY)
case 'c':
config_file = optarg;
break;
#endif
#if defined(KORE_DEBUG)
case 'd':
kore_debug = 1;
break;
#endif
case 'f':
foreground = 1;
break;
case 'h':
usage();
break;
case 'n':
skip_chroot = 1;
break;
case 'r':
skip_runas = 1;
break;
case 'v':
version();
break;
default:
usage();
}
}
argc -= optind;
argv += optind;
kore_mem_init();
#if !defined(KORE_SINGLE_BINARY)
if (argc > 0) {
if (flags)
fatal("You cannot specify kore flags and a command");
return (kore_cli_main(argc, argv));
}
#endif
kore_pid = getpid();
nlisteners = 0;
LIST_INIT(&listeners);
kore_log_init();
#if !defined(KORE_NO_HTTP)
kore_auth_init();
kore_validator_init();
#endif
kore_domain_init();
kore_module_init();
kore_server_sslstart();
#if !defined(KORE_SINGLE_BINARY)
if (config_file == NULL)
usage();
#else
kore_module_load(NULL, NULL);
#endif
kore_parse_config();
kore_platform_init();
#if !defined(KORE_NO_HTTP)
kore_accesslog_init();
if (http_body_disk_offload > 0) {
if (mkdir(http_body_disk_path, 0700) == -1 && errno != EEXIST) {
printf("can't create http_body_disk_path '%s': %s\n",
http_body_disk_path, errno_s);
return (KORE_RESULT_ERROR);
}
}
#endif
sig_recv = 0;
signal(SIGHUP, kore_signal);
signal(SIGQUIT, kore_signal);
signal(SIGTERM, kore_signal);
if (foreground)
signal(SIGINT, kore_signal);
else
signal(SIGINT, SIG_IGN);
kore_server_start();
kore_log(LOG_NOTICE, "server shutting down");
kore_worker_shutdown();
if (!foreground)
unlink(kore_pidfile);
kore_listener_cleanup();
kore_log(LOG_NOTICE, "goodbye");
return (0);
}
#if !defined(KORE_NO_TLS)
int
kore_tls_sni_cb(SSL *ssl, int *ad, void *arg)
{
struct kore_domain *dom;
const char *sname;
sname = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
kore_debug("kore_tls_sni_cb(): received host %s", sname);
if (sname != NULL && (dom = kore_domain_lookup(sname)) != NULL) {
kore_debug("kore_ssl_sni_cb(): Using %s CTX", sname);
SSL_set_SSL_CTX(ssl, dom->ssl_ctx);
if (dom->cafile != NULL) {
SSL_set_verify(ssl, SSL_VERIFY_PEER |
SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL);
} else {
SSL_set_verify(ssl, SSL_VERIFY_NONE, NULL);
}
return (SSL_TLSEXT_ERR_OK);
}
return (SSL_TLSEXT_ERR_NOACK);
}
void
kore_tls_info_callback(const SSL *ssl, int flags, int ret)
{
struct connection *c;
if (flags & SSL_CB_HANDSHAKE_START) {
if ((c = SSL_get_app_data(ssl)) == NULL)
fatal("no SSL_get_app_data");
c->tls_reneg++;
}
}
#endif
int
kore_server_bind(const char *ip, const char *port, const char *ccb)
{
struct listener *l;
int on, r;
struct addrinfo hints, *results;
kore_debug("kore_server_bind(%s, %s)", ip, port);
memset(&hints, 0, sizeof(hints));
hints.ai_family = AF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;
hints.ai_protocol = IPPROTO_TCP;
hints.ai_flags = 0;
r = getaddrinfo(ip, port, &hints, &results);
if (r != 0)
fatal("getaddrinfo(%s): %s", ip, gai_strerror(r));
l = kore_malloc(sizeof(struct listener));
l->type = KORE_TYPE_LISTENER;
l->addrtype = results->ai_family;
if (l->addrtype != AF_INET && l->addrtype != AF_INET6)
fatal("getaddrinfo(): unknown address family %d", l->addrtype);
if ((l->fd = socket(results->ai_family, SOCK_STREAM, 0)) == -1) {
kore_free(l);
freeaddrinfo(results);
kore_debug("socket(): %s", errno_s);
printf("failed to create socket: %s\n", errno_s);
return (KORE_RESULT_ERROR);
}
if (!kore_connection_nonblock(l->fd, 1)) {
kore_free(l);
freeaddrinfo(results);
printf("failed to make socket non blocking: %s\n", errno_s);
return (KORE_RESULT_ERROR);
}
on = 1;
if (setsockopt(l->fd, SOL_SOCKET,
SO_REUSEADDR, (const char *)&on, sizeof(on)) == -1) {
close(l->fd);
kore_free(l);
freeaddrinfo(results);
kore_debug("setsockopt(): %s", errno_s);
printf("failed to set SO_REUSEADDR: %s\n", errno_s);
return (KORE_RESULT_ERROR);
}
if (bind(l->fd, results->ai_addr, results->ai_addrlen) == -1) {
close(l->fd);
kore_free(l);
freeaddrinfo(results);
kore_debug("bind(): %s", errno_s);
printf("failed to bind to %s port %s: %s\n", ip, port, errno_s);
return (KORE_RESULT_ERROR);
}
freeaddrinfo(results);
if (listen(l->fd, kore_socket_backlog) == -1) {
close(l->fd);
kore_free(l);
kore_debug("listen(): %s", errno_s);
printf("failed to listen on socket: %s\n", errno_s);
return (KORE_RESULT_ERROR);
}
if (ccb != NULL) {
*(void **)&(l->connect) = kore_module_getsym(ccb);
if (l->connect == NULL) {
printf("no such callback: '%s'\n", ccb);
close(l->fd);
kore_free(l);
return (KORE_RESULT_ERROR);
}
} else {
l->connect = NULL;
}
nlisteners++;
LIST_INSERT_HEAD(&listeners, l, list);
if (foreground) {
#if !defined(KORE_NO_TLS)
kore_log(LOG_NOTICE, "running on https://%s:%s", ip, port);
#else
kore_log(LOG_NOTICE, "running on http://%s:%s", ip, port);
#endif
}
return (KORE_RESULT_OK);
}
void
kore_listener_cleanup(void)
{
struct listener *l;
while (!LIST_EMPTY(&listeners)) {
l = LIST_FIRST(&listeners);
LIST_REMOVE(l, list);
close(l->fd);
kore_free(l);
}
}
void
kore_signal(int sig)
{
sig_recv = sig;
}
static void
kore_server_sslstart(void)
{
#if !defined(KORE_NO_TLS)
kore_debug("kore_server_sslstart()");
SSL_library_init();
SSL_load_error_strings();
#endif
}
