[-]
[+]
|
Deleted |
Pound.spec
|
@@ -1,190 +0,0 @@
-%define pound_user pound
-%define pound_group pound
-%define pound_home %{_localstatedir}/lib/pound
-
-Name: Pound
-Version: 2.5
-Release: 1%{?dist}
-Summary: Reverse proxy and load balancer
-
-Group: System Environment/Daemons
-License: GPLv3
-URL: http://www.apsis.ch/pound
-BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
-
-
-BuildRequires: openssl-devel, pcre-devel
-
-# tcmalloc doesn't exist on ppc yet (#238390)
-# or sparc arches
-%ifnarch ppc ppc64 sparcv9 sparc64
-BuildRequires: google-perftools-devel
-%endif
-
-Requires(pre): %{_sbindir}/useradd
-Requires(pre): %{_sbindir}/groupadd
-Requires(post): /sbin/chkconfig
-Requires(preun): /sbin/chkconfig, /sbin/service
-Requires(postun): /sbin/service
-
-Source0: http://www.apsis.ch/pound/%{name}-%{version}.tgz
-Source1: pound.init
-Source2: pound.cfg
-Patch0: pound-remove-owner.patch
-
-%description
-The Pound program is a reverse proxy, load balancer and
-HTTPS front-end for Web server(s). Pound was developed
-to enable distributing the load among several Web-servers
-and to allow for a convenient SSL wrapper for those Web
-servers that do not offer it natively. Pound is distributed
-under the GPL - no warranty, it's free to use, copy and
-give away
-
-%prep
-%setup -q
-%patch0 -p1 -b .remove-owner
-
-%build
-%configure
-make %{?_smp_mflags}
-
-%install
-rm -rf %{buildroot}
-make install DESTDIR=%{buildroot}
-
-%{__install} -d %{buildroot}%{pound_home}
-%{__install} -p -D -m 755 %{SOURCE1} %{buildroot}%{_initrddir}/pound
-%{__install} -p -D -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/pound.cfg
-
-mkdir -p %{buildroot}%{_sysconfdir}/pki/tls/certs
-touch %{buildroot}%{_sysconfdir}/pki/tls/certs/pound.pem
-
-%clean
-rm -rf %{buildroot}
-
-%pre
-%{_sbindir}/groupadd -f -r %{pound_group}
-id %{pound_user} >/dev/null 2>&1 || \
- %{_sbindir}/useradd -r -g %{pound_group} -d %{pound_home} -s /sbin/nologin \
- -c "Pound user" %{pound_user}
-
-%post
-/sbin/chkconfig --add pound
-
-# generate dummy certificate
-exec > /dev/null 2> /dev/null
-if [ ! -f %{_sysconfdir}/pki/tls/certs/pound.pem ] ; then
-pushd %{_sysconfdir}/pki/tls/certs
-umask 077
-cat << EOF | make pound.pem
---
-SomeState
-SomeCity
-Pound Example Certificate
-SomeOrganizationalUnit
-localhost.localdomain
-root@localhost.localdomain
-EOF
-chown root:pound pound.pem
-chmod 640 pound.pem
-popd
-fi
-exit 0
-
-%preun
-if [ $1 = 0 ]; then
- /sbin/service pound stop >/dev/null 2>&1
- /sbin/chkconfig --del pound
-fi
-
-%postun
-if [ $1 -ge 1 ] ; then
- /sbin/service pound condrestart > /dev/null 2>&1 || :
-fi
-
-%files
-%defattr(-,root,root,-)
-%doc CHANGELOG FAQ GPL.txt README
-%{_mandir}/man8/pound.8*
-%{_mandir}/man8/poundctl.8*
-%{_sbindir}/pound
-%{_sbindir}/poundctl
-%{_initrddir}/pound
-%config(noreplace) %{_sysconfdir}/pound.cfg
-%ghost %config(noreplace) %{_sysconfdir}/pki/tls/certs/pound.pem
-%attr(-,%{pound_user},%{pound_group}) %dir %{pound_home}
-
-%changelog
-* Sat Nov 20 2010 Carsten Schoene <cs@linux-administrator.com> - 2.5-1
-- update to release 2.5
-
-* Thu Jan 15 2009 Ruben Kerkhof <ruben@rubenkerkhof.com> 2.4.4-1
-- upstream released new version
-
-* Mon Oct 13 2008 Ruben Kerkhof <ruben@rubenkerkhof.com> 2.4.3-1
-- Upstream released new version
-
-* Fri Jun 27 2008 Dennis Gilmore <dennis@ausil.us> 2.4-2
-- sparc arches dont have tcmalloc
-
-* Sat Feb 16 2008 Ruben Kerkhof <ruben@rubenkerkhof.com> 2.4-1
-- New stable version
-
-* Sat Feb 09 2008 Ruben Kerkhof <ruben@rubenkerkhof.com> - 2.4-0.2f
-- Upstream released new version
-
-* Wed Dec 05 2007 Release Engineering <rel-eng at fedoraproject dot org> - 2.4-0.2
-- Rebuild for deps
-
-* Sun Dec 01 2007 Ruben Kerkhof <ruben@rubenkerkhof.com> 2.4.0-1e
-- Update to experimental version 2.4e
-* Thu Aug 16 2007 Ruben Kerkhof <ruben@rubenkerkhof.com> 2.4.0-1d
-- Update to experimental version 2.4d
-- Upstream changed license to GPLv3
-* Wed Jun 04 2007 Ruben Kerkhof <ruben@rubenkerkhof.com> 2.4.0-1c
-- Upstream released new version
-* Sat May 26 2007 Ruben Kerkhof <ruben@rubenkerkhof.com> 2.4.0-2b
-- Disable linking with tcmalloc on ppc (#238390)
-* Fri May 25 2007 Ruben Kerkhof <ruben@rubenkerkhof.com> 2.4-0.1b
-- Update to experimental version 2.4b
-- Better handling of user creation
-- Build with tcmalloc for increased performance
-* Wed Apr 11 2007 Ruben Kerkhof <ruben@rubenkerkhof.com> 2.3-1
-- Update to 2.3
-* Thu Apr 05 2007 <ruben@rubenkerkhof.com> 2.2.8-1
-- Sync with upstream
-* Mon Mar 12 2007 <ruben@rubenkerkhof.com> 2.2.7-1
-- Sync with upstream
-* Sun Mar 04 2007 <ruben@rubenkerkhof.com> 2.2.6-1
-- Sync with upstream
-* Wed Feb 21 2007 <ruben@rubenkerkhof.com> 2.2.5-1
-- Sync with upstream
-* Sat Feb 10 2007 <ruben@rubenkerkhof.com> 2.2.4-1
-- Sync with upstream
-* Sat Jan 20 2007 <ruben@rubenkerkhof.com> 2.2.3-1
-- Fix problems in bad 2.2.2 release
-* Mon Jan 15 2007 <ruben@rubenkerkhof.com> 2.2.2-1
-- Sync with upstream
-* Wed Jan 03 2007 <ruben@rubenkerkhof.com> 2.2.1-1
-- Sync with new beta release from upstream
-* Sun Dec 17 2006 <ruben@rubenkerkhof.com> 2.2-2
-- Fixed empty debuginfo rpm (bz 219942)
-* Sat Dec 16 2006 <ruben@rubenkerkhof.com> 2.2-1
-- Sync with upstream
-* Sat Dec 09 2006 <ruben@rubenkerkhof.com> 2.1.8-1
-- Sync with upstream
-* Thu Dec 07 2006 <ruben@rubenkerkhof.com> 2.1.7-1
-- Sync with upstream
-* Wed Nov 08 2006 <ruben@rubenkerkhof.com> 2.1.6-2
-- Changed hardcoded paths into rpmmacros
-* Mon Nov 06 2006 <ruben@rubenkerkhof.com> 2.1.6-1
-- Synced with upstream version
-- Changed Summary
-- Added an init script
-- Added pound.cfg with an example configuration
-- Added pound user and group
-- A self-signed ssl certificate is created in %%post
-* Fri Nov 03 2006 <ruben@rubenkerkhof.com> 2.1.5-1
-- initial version
-
|
[-]
[+]
|
Added |
pound.spec
^
|
|
[-]
[+]
|
Deleted |
pound-remove-owner.patch
^
|
@@ -1,18 +0,0 @@
---- Pound-2.2.3/Makefile.in.remove-owner 2007-01-21 01:45:44.000000000 +0100
-+++ Pound-2.2.3/Makefile.in 2007-01-21 01:46:59.000000000 +0100
-@@ -50,11 +50,11 @@
-
- install: all
- @INSTALL@ -d ${DESTDIR}@sbindir@
-- @INSTALL@ -o @I_OWNER@ -g @I_GRP@ -m 555 pound ${DESTDIR}@sbindir@/pound
-- @INSTALL@ -o @I_OWNER@ -g @I_GRP@ -m 555 poundctl ${DESTDIR}@sbindir@/poundctl
-+ @INSTALL@ -p -m 755 pound ${DESTDIR}@sbindir@/pound
-+ @INSTALL@ -p -m 755 poundctl ${DESTDIR}@sbindir@/poundctl
- @INSTALL@ -d ${DESTDIR}@mandir@/man8
-- @INSTALL@ -o @I_OWNER@ -g @I_GRP@ -m 644 pound.8 ${DESTDIR}@mandir@/man8/pound.8
-- @INSTALL@ -o @I_OWNER@ -g @I_GRP@ -m 644 poundctl.8 ${DESTDIR}@mandir@/man8/poundctl.8
-+ @INSTALL@ -p -m 644 pound.8 ${DESTDIR}@mandir@/man8/pound.8
-+ @INSTALL@ -p -m 644 poundctl.8 ${DESTDIR}@mandir@/man8/poundctl.8
-
- clean:
- rm -f pound $(OBJS) poundctl poundctl.o
|
[-]
[+]
|
Added |
pound.diff
^
|
@@ -0,0 +1,18 @@
+--- Makefile.in
++++ Makefile.in
+@@ -50,11 +50,11 @@
+
+ install: all
+ @INSTALL@ -d ${DESTDIR}@sbindir@
+- @INSTALL@ -o @I_OWNER@ -g @I_GRP@ -m 555 pound ${DESTDIR}@sbindir@/pound
+- @INSTALL@ -o @I_OWNER@ -g @I_GRP@ -m 555 poundctl ${DESTDIR}@sbindir@/poundctl
++ @INSTALL@ -m 555 pound ${DESTDIR}@sbindir@/pound
++ @INSTALL@ -m 755 poundctl ${DESTDIR}@sbindir@/poundctl
+ @INSTALL@ -d ${DESTDIR}@mandir@/man8
+- @INSTALL@ -o @I_OWNER@ -g @I_GRP@ -m 644 pound.8 ${DESTDIR}@mandir@/man8/pound.8
+- @INSTALL@ -o @I_OWNER@ -g @I_GRP@ -m 644 poundctl.8 ${DESTDIR}@mandir@/man8/poundctl.8
++ @INSTALL@ -m 644 pound.8 ${DESTDIR}@mandir@/man8/pound.8
++ @INSTALL@ -m 644 poundctl.8 ${DESTDIR}@mandir@/man8/poundctl.8
+
+ clean:
+ rm -f pound $(OBJS) poundctl poundctl.o
|
[-]
[+]
|
Changed |
Pound-2.4.1.tar.bz2/CHANGELOG
^
|
@@ -1,141 +1,4 @@
------------------------------------------------------------------------
-r67 | roseg | 2010-02-02 12:49:00 +0100 (Tue, 02 Feb 2010) | 9 lines
-
-Release 2.5
-
-Enhancements:
-
-Bug fixes:
- - fixed XML format to avoid problems with brain-dead parsers
- - fixed Redirect to accept "/" as a path, so that "Redirect http://x/" is
- considered an absolute path, but "Redirect http://x" is not
-
-------------------------------------------------------------------------
-r66 | roseg | 2010-01-04 17:20:55 +0100 (Mon, 04 Jan 2010) | 7 lines
-
-Release 2.5e
-
-Enhancements:
- - added support for symbolic host names in poundctl
-
-Bug fixes:
-
-------------------------------------------------------------------------
-r65 | roseg | 2009-12-07 17:01:21 +0100 (Mon, 07 Dec 2009) | 9 lines
-
-Release 2.5d
-
-Enhancements:
- - added support for --disable-pcreposix, --disable--tcmalloc, --disable-hoard in configuration script
-
-Bug fixes:
- - fixed problem with long input lines in http.c
- - if libpcreposix is present, then pcreposix.h must also be present
-
-------------------------------------------------------------------------
-r64 | roseg | 2009-09-21 13:16:57 +0200 (Mon, 21 Sep 2009) | 8 lines
-
-Release 2.5c
-
-Enhancements:
- - added support for HTTPS backends
-
-Bug fixes:
- - fixed problem with sub-patterns in session parameters
-
-------------------------------------------------------------------------
-r63 | roseg | 2009-08-19 17:44:07 +0200 (Wed, 19 Aug 2009) | 10 lines
-
-Release 2.5b
-
-Enhancements:
- - support for ConnTO directive
- - support for IgnoreCase directive
-
-Bug fixes:
- - fixed problem in conf_fgets (\n confuses the regexp)
- - changed RSA ephemeral keys regeneration default time (every 30 minutes)
-
-------------------------------------------------------------------------
-r62 | roseg | 2009-08-06 17:23:30 +0200 (Thu, 06 Aug 2009) | 9 lines
-
-Release 2.5a
-
-Enhancements:
- - support for include directive
-
-Bug fixes:
- - fixed generation of ephemeral RSA keys (avoid premature locking)
- - added pre-generated DH parameters
-
-------------------------------------------------------------------------
-r61 | roseg | 2009-06-29 17:53:55 +0200 (Mon, 29 Jun 2009) | 13 lines
-
-Release 2.4.5
-
-Stable release 2.4.5
-
-Enhancements:
- - log back-end killed/disabled/enabled (thanks to Joe Gooch and Jon Garvin)
- - kill a BE on connection failure only if it has no HAport defined (thanks to Albert); the request may still fail!
-
-Bug fixes:
- - fixed parantheses problems in need_rewrite (thanks to SBR)
- - added call to free_headers in http.c (thanks to SBR)
- - fixed maximal path length in UNIX domain sockets (thanks to Ricardo Gameiro)
-
-------------------------------------------------------------------------
-r60 | roseg | 2009-01-14 17:39:52 +0100 (Wed, 14 Jan 2009) | 18 lines
-
-Release 2.4.4
-
-Stable release 2.4.4
-
-Enhancements:
- - added support for UNSUBSCRIBE and NOTIFY in xHTTP 3 and 4
- - added support for BPROPFIND in xHTTP 4
- - on SSL connections always pass the cipher used to the back-end (thanks to Magnus Sandin)
-
-Bug fixes:
- - save and restore errno value in cur_time() (thanks to Albert)
- - fixed problem in timer thread (thanks to Albert)
- - added shutdown for failed socket connection (thanks to Albert)
- - fixed problem with CC containing spaces in Makefile.in (thanks to Elan Ruusamäe)
- - increased MAXBUF to default 4096
- - increased T_RSA default to 30 minutes
- - fixed a problem with Unix sockets back-ends (thanks to Ricardo Gameiro)
-
-------------------------------------------------------------------------
-r59 | roseg | 2008-05-31 12:25:41 +0200 (Sat, 31 May 2008) | 11 lines
-
-Release 2.4.3
-
-Stable release 2.4.3
-
-Enhancements:
-
-Bug fixes:
- - fixed problem in session access time updating (thanks to Piotr Jakubowski)
- - fixed problem in session removal (thanks to Doriam Mori)
- - fixed problem in Redirect logging (thanks to Albert)
-
-------------------------------------------------------------------------
-r58 | roseg | 2008-04-24 16:31:28 +0200 (Thu, 24 Apr 2008) | 13 lines
-
-Release 2.4.2
-
-Stable release 2.4.2
-
-Enhancements:
-
-Bug fixes:
- - fixed problem with session TTL -1 (thanks to Scott Royston for pointing it out)
- - fixed problem with back-end killing on failed connect
- - fixed a small problem in the poundctl XML output (thanks to johnlr for the fix)
- - added hints in call to getaddrinfo() (for Solaris 10 support)
- - fixed redirection problem (missing slash in Location/Content-location)
-
-------------------------------------------------------------------------
r57 | roseg | 2008-04-05 11:45:41 +0200 (Sat, 05 Apr 2008) | 12 lines
Release 2.4.1
|
[-]
[+]
|
Changed |
Pound-2.4.1.tar.bz2/Makefile.in
^
|
@@ -1,5 +1,5 @@
# Pound - the reverse-proxy load-balancer
-# Copyright (C) 2002-2010 Apsis GmbH
+# Copyright (C) 2002-2007 Apsis GmbH
#
# This file is part of Pound.
#
@@ -8,7 +8,7 @@
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
-# Pound is distributed in the hope that it will be useful,
+# Foobar is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
@@ -21,9 +21,10 @@
# P.O.Box
# 8707 Uetikon am See
# Switzerland
+# Tel: +41-44-920 4904
# EMail: roseg@apsis.ch
-CC=@PTHREAD_CC@
+CC="@PTHREAD_CC@"
VERSION="@PACKAGE_VERSION@"
C_SSL="@C_SSL@"
C_T_RSA="@C_T_RSA@"
@@ -54,16 +55,7 @@
poundctl: poundctl.o
${CC} @LDFLAGS@ -o poundctl poundctl.o $(LIBS)
-dh512.h:
- openssl dhparam -5 -C -noout 512 > dh512.h
-
-dh1024.h:
- openssl dhparam -5 -C -noout 1024 > dh1024.h
-
-$(OBJS): pound.h config.h
-
-svc.o: svc.c dh512.h dh1024.h
- gcc ${CFLAGS} -c -o svc.o svc.c
+$(OBJS): pound.h
install: all
@INSTALL@ -d ${DESTDIR}@sbindir@
@@ -75,7 +67,6 @@
clean:
rm -f pound $(OBJS) poundctl poundctl.o
- rm -f dh512.h dh1024.h
distclean: clean
-rm -f config.h config.log config.status Makefile
|
[-]
[+]
|
Changed |
Pound-2.4.1.tar.bz2/README
^
|
@@ -128,7 +128,7 @@
--disable-super -- disable supervisor process (default: enabled)
--with-t_rsa=nnn -- timeout of the RSA ephemeral keys regeneration
- (default: 1800 seconds).
+ (default: 300 seconds).
--with-owner=owner -- name of installed binaries owner (default is
system-dependent).
|
[-]
[+]
|
Changed |
Pound-2.4.1.tar.bz2/config.c
^
|
@@ -1,6 +1,6 @@
/*
* Pound - the reverse-proxy load-balancer
- * Copyright (C) 2002-2010 Apsis GmbH
+ * Copyright (C) 2002-2007 Apsis GmbH
*
* This file is part of Pound.
*
@@ -9,7 +9,7 @@
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
- * Pound is distributed in the hope that it will be useful,
+ * Foobar is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
@@ -22,6 +22,7 @@
* P.O.Box
* 8707 Uetikon am See
* Switzerland
+ * Tel: +41-44-920 4904
* EMail: roseg@apsis.ch
*/
@@ -77,7 +78,7 @@
static regex_t Service, ServiceName, URL, HeadRequire, HeadDeny, BackEnd, Emergency, Priority, HAport, HAportAddr;
static regex_t Redirect, RedirectN, TimeOut, Session, Type, TTL, ID, DynScale;
static regex_t ClientCert, AddHeader, Ciphers, CAlist, VerifyList, CRLlist, NoHTTPS11;
-static regex_t Grace, Include, ConnTO, IgnoreCase, HTTPS, HTTPSCert;
+static regex_t Grace;
static regmatch_t matches[5];
@@ -85,92 +86,22 @@
"^(GET|POST|HEAD) ([^ ]+) HTTP/1.[01]$",
"^(GET|POST|HEAD|PUT|DELETE) ([^ ]+) HTTP/1.[01]$",
"^(GET|POST|HEAD|PUT|DELETE|LOCK|UNLOCK|PROPFIND|PROPPATCH|SEARCH|MKCOL|MOVE|COPY|OPTIONS|TRACE|MKACTIVITY|CHECKOUT|MERGE|REPORT) ([^ ]+) HTTP/1.[01]$",
- "^(GET|POST|HEAD|PUT|DELETE|LOCK|UNLOCK|PROPFIND|PROPPATCH|SEARCH|MKCOL|MOVE|COPY|OPTIONS|TRACE|MKACTIVITY|CHECKOUT|MERGE|REPORT|SUBSCRIBE|UNSUBSCRIBE|BPROPPATCH|POLL|BMOVE|BCOPY|BDELETE|BPROPFIND|NOTIFY|CONNECT) ([^ ]+) HTTP/1.[01]$",
- "^(GET|POST|HEAD|PUT|DELETE|LOCK|UNLOCK|PROPFIND|PROPPATCH|SEARCH|MKCOL|MOVE|COPY|OPTIONS|TRACE|MKACTIVITY|CHECKOUT|MERGE|REPORT|SUBSCRIBE|UNSUBSCRIBE|BPROPPATCH|POLL|BMOVE|BCOPY|BDELETE|BPROPFIND|NOTIFY|CONNECT|RPC_IN_DATA|RPC_OUT_DATA) ([^ ]+) HTTP/1.[01]$",
+ "^(GET|POST|HEAD|PUT|DELETE|LOCK|UNLOCK|PROPFIND|PROPPATCH|SEARCH|MKCOL|MOVE|COPY|OPTIONS|TRACE|MKACTIVITY|CHECKOUT|MERGE|REPORT|SUBSCRIBE|BPROPPATCH|POLL|BMOVE|BCOPY|BDELETE|CONNECT) ([^ ]+) HTTP/1.[01]$",
+ "^(GET|POST|HEAD|PUT|DELETE|LOCK|UNLOCK|PROPFIND|PROPPATCH|SEARCH|MKCOL|MOVE|COPY|OPTIONS|TRACE|MKACTIVITY|CHECKOUT|MERGE|REPORT|SUBSCRIBE|BPROPPATCH|POLL|BMOVE|BCOPY|BDELETE|CONNECT|RPC_IN_DATA|RPC_OUT_DATA) ([^ ]+) HTTP/1.[01]$",
};
static int log_level = 1;
static int def_facility = LOG_DAEMON;
static int clnt_to = 10;
static int be_to = 15;
-static int be_connto = 15;
+static int n_lin = 0;
static int dynscale = 0;
-static int ignore_case = 0;
-
-#define MAX_FIN 8
-
-static FILE *f_in[MAX_FIN];
-static char *f_name[MAX_FIN];
-static int n_lin[MAX_FIN];
-static int cur_fin;
-
-static
-conf_init(const char *name)
-{
- if((f_name[0] = strdup(name)) == NULL) {
- logmsg(LOG_ERR, "open %s: out of memory", name);
- exit(1);
- }
- if((f_in[0] = fopen(name, "rt")) == NULL) {
- logmsg(LOG_ERR, "can't open open %s", name);
- exit(1);
- }
- n_lin[0] = 0;
- cur_fin = 0;
- return 0;
-}
-
-void
-conf_err(const char *msg)
-{
- logmsg(LOG_ERR, "%s line %d: %s", f_name[cur_fin], n_lin[cur_fin], msg);
- exit(1);
-}
-
-static char *
-conf_fgets(char *buf, const int max)
-{
- int i;
-
- for(;;) {
- if(fgets(buf, max, f_in[cur_fin]) == NULL) {
- fclose(f_in[cur_fin]);
- if(cur_fin > 0) {
- cur_fin--;
- continue;
- } else
- return NULL;
- }
- n_lin[cur_fin]++;
- for(i = 0; i < max; i++)
- if(buf[i] == '\n' || buf[i] == '\r') {
- buf[i] = '\0';
- break;
- }
- if(!regexec(&Empty, buf, 4, matches, 0) || !regexec(&Comment, buf, 4, matches, 0))
- /* comment or empty line */
- continue;
- if(!regexec(&Include, buf, 4, matches, 0)) {
- buf[matches[1].rm_eo] = '\0';
- if(cur_fin == (MAX_FIN - 1))
- conf_err("Include nesting too deep");
- cur_fin++;
- if((f_name[cur_fin] = strdup(&buf[matches[1].rm_so])) == NULL)
- conf_err("Include out of memory");
- if((f_in[cur_fin] = fopen(&buf[matches[1].rm_so], "rt")) == NULL)
- conf_err("can't open included file");
- n_lin[cur_fin] = 0;
- continue;
- }
- return buf;
- }
-}
/*
* parse a back-end
*/
static BACKEND *
-parse_be(const int is_emergency)
+parse_be(FILE *const f_conf, const int is_emergency)
{
char lin[MAXBUF];
BACKEND *res;
@@ -179,40 +110,41 @@
struct sockaddr_in in;
struct sockaddr_in6 in6;
- if((res = (BACKEND *)malloc(sizeof(BACKEND))) == NULL)
- conf_err("BackEnd config: out of memory - aborted");
+ if((res = (BACKEND *)malloc(sizeof(BACKEND))) == NULL) {
+ logmsg(LOG_ERR, "line %d: BackEnd config: out of memory - aborted", n_lin);
+ exit(1);
+ }
memset(res, 0, sizeof(BACKEND));
res->be_type = 0;
res->addr.ai_socktype = SOCK_STREAM;
res->to = is_emergency? 120: be_to;
- res->conn_to = is_emergency? 120: be_connto;
res->alive = 1;
memset(&res->addr, 0, sizeof(res->addr));
res->priority = 5;
memset(&res->ha_addr, 0, sizeof(res->ha_addr));
res->url = NULL;
res->next = NULL;
- res->ctx = NULL;
has_addr = has_port = 0;
pthread_mutex_init(&res->mut, NULL);
- while(conf_fgets(lin, MAXBUF)) {
+ while(fgets(lin, MAXBUF, f_conf)) {
+ n_lin++;
if(strlen(lin) > 0 && lin[strlen(lin) - 1] == '\n')
lin[strlen(lin) - 1] = '\0';
- if(!regexec(&Address, lin, 4, matches, 0)) {
+ if(!regexec(&Empty, lin, 4, matches, 0) || !regexec(&Comment, lin, 4, matches, 0)) {
+ /* comment or empty line */
+ continue;
+ } else if(!regexec(&Address, lin, 4, matches, 0)) {
lin[matches[1].rm_eo] = '\0';
if(get_host(lin + matches[1].rm_so, &res->addr)) {
/* if we can't resolve it assume this is a UNIX domain socket */
res->addr.ai_socktype = SOCK_STREAM;
res->addr.ai_family = AF_UNIX;
res->addr.ai_protocol = 0;
- if((res->addr.ai_addr = (struct sockaddr *)malloc(sizeof(struct sockaddr_un))) == NULL)
- conf_err("out of memory");
- if((strlen(lin + matches[1].rm_so) + 1) > UNIX_PATH_MAX)
- conf_err("UNIX path name too long");
+ if((res->addr.ai_addr = (struct sockaddr *)strdup(lin + matches[1].rm_so)) == NULL) {
+ logmsg(LOG_ERR, "line %d: out of memory", n_lin);
+ exit(1);
+ }
res->addr.ai_addrlen = strlen(lin + matches[1].rm_so) + 1;
- res->addr.ai_addr->sa_family = AF_UNIX;
- strcpy(res->addr.ai_addr->sa_data, lin + matches[1].rm_so);
- res->addr.ai_addrlen = sizeof( struct sockaddr_un );
}
has_addr = 1;
} else if(!regexec(&Port, lin, 4, matches, 0)) {
@@ -228,23 +160,28 @@
memcpy(res->addr.ai_addr, &in6, sizeof(in6));
break;
default:
- conf_err("Port is supported only for INET/INET6 back-ends");
+ logmsg(LOG_ERR, "line %d: Port is supported only for INET/INET6 back-ends", n_lin);
+ exit(1);
}
has_port = 1;
} else if(!regexec(&Priority, lin, 4, matches, 0)) {
- if(is_emergency)
- conf_err("Priority is not supported for Emergency back-ends");
+ if(is_emergency) {
+ logmsg(LOG_ERR, "line %d: Priority is not supported for Emergency back-ends", n_lin);
+ exit(1);
+ }
res->priority = atoi(lin + matches[1].rm_so);
} else if(!regexec(&TimeOut, lin, 4, matches, 0)) {
res->to = atoi(lin + matches[1].rm_so);
- } else if(!regexec(&ConnTO, lin, 4, matches, 0)) {
- res->conn_to = atoi(lin + matches[1].rm_so);
} else if(!regexec(&HAport, lin, 4, matches, 0)) {
- if(is_emergency)
- conf_err("HAport is not supported for Emergency back-ends");
+ if(is_emergency) {
+ logmsg(LOG_ERR, "line %d: HAport is not supported for Emergency back-ends", n_lin);
+ exit(1);
+ }
res->ha_addr = res->addr;
- if((res->ha_addr.ai_addr = (struct sockaddr *)malloc(res->addr.ai_addrlen)) == NULL)
- conf_err("out of memory");
+ if((res->ha_addr.ai_addr = (struct sockaddr *)malloc(res->addr.ai_addrlen)) == NULL) {
+ logmsg(LOG_ERR, "line %d: out of memory", n_lin);
+ exit(1);
+ }
memcpy(res->ha_addr.ai_addr, res->addr.ai_addr, res->addr.ai_addrlen);
switch(res->addr.ai_family) {
case AF_INET:
@@ -258,19 +195,24 @@
memcpy(res->addr.ai_addr, &in6, sizeof(in6));
break;
default:
- conf_err("HAport is supported only for INET/INET6 back-ends");
+ logmsg(LOG_ERR, "line %d: HAport is supported only for INET/INET6 back-ends", n_lin);
+ exit(1);
}
} else if(!regexec(&HAportAddr, lin, 4, matches, 0)) {
- if(is_emergency)
- conf_err("HAportAddr is not supported for Emergency back-ends");
+ if(is_emergency) {
+ logmsg(LOG_ERR, "line %d: HAportAddr is not supported for Emergency back-ends", n_lin);
+ exit(1);
+ }
lin[matches[1].rm_eo] = '\0';
if(get_host(lin + matches[1].rm_so, &res->ha_addr)) {
/* if we can't resolve it assume this is a UNIX domain socket */
res->addr.ai_socktype = SOCK_STREAM;
res->ha_addr.ai_family = AF_UNIX;
res->ha_addr.ai_protocol = 0;
- if((res->ha_addr.ai_addr = (struct sockaddr *)strdup(lin + matches[1].rm_so)) == NULL)
- conf_err("out of memory");
+ if((res->ha_addr.ai_addr = (struct sockaddr *)strdup(lin + matches[1].rm_so)) == NULL) {
+ logmsg(LOG_ERR, "line %d: out of memory", n_lin);
+ exit(1);
+ }
res->addr.ai_addrlen = strlen(lin + matches[1].rm_so) + 1;
} else switch(res->ha_addr.ai_family) {
case AF_INET:
@@ -284,47 +226,27 @@
memcpy(res->ha_addr.ai_addr, &in6, sizeof(in6));
break;
default:
- conf_err("Unknown HA address type");
+ logmsg(LOG_ERR, "line %d: Unknown HA address type", n_lin);
+ exit(1);
}
- } else if(!regexec(&HTTPS, lin, 4, matches, 0)) {
- if((res->ctx = SSL_CTX_new(SSLv23_client_method())) == NULL)
- conf_err("SSL_CTX_new failed - aborted");
- SSL_CTX_set_verify(res->ctx, SSL_VERIFY_NONE, NULL);
- SSL_CTX_set_mode(res->ctx, SSL_MODE_AUTO_RETRY);
- SSL_CTX_set_options(res->ctx, SSL_OP_ALL);
- sprintf(lin, "%d-Pound-%ld", getpid(), random());
- SSL_CTX_set_session_id_context(res->ctx, (unsigned char *)lin, strlen(lin));
- SSL_CTX_set_tmp_rsa_callback(res->ctx, RSA_tmp_callback);
- SSL_CTX_set_tmp_dh_callback(res->ctx, DH_tmp_callback);
- } else if(!regexec(&HTTPSCert, lin, 4, matches, 0)) {
- if((res->ctx = SSL_CTX_new(SSLv23_client_method())) == NULL)
- conf_err("SSL_CTX_new failed - aborted");
- lin[matches[1].rm_eo] = '\0';
- if(SSL_CTX_use_certificate_chain_file(res->ctx, lin + matches[1].rm_so) != 1)
- conf_err("SSL_CTX_use_certificate_chain_file failed - aborted");
- if(SSL_CTX_use_PrivateKey_file(res->ctx, lin + matches[1].rm_so, SSL_FILETYPE_PEM) != 1)
- conf_err("SSL_CTX_use_PrivateKey_file failed - aborted");
- if(SSL_CTX_check_private_key(res->ctx) != 1)
- conf_err("SSL_CTX_check_private_key failed - aborted");
- SSL_CTX_set_verify(res->ctx, SSL_VERIFY_NONE, NULL);
- SSL_CTX_set_mode(res->ctx, SSL_MODE_AUTO_RETRY);
- SSL_CTX_set_options(res->ctx, SSL_OP_ALL);
- sprintf(lin, "%d-Pound-%ld", getpid(), random());
- SSL_CTX_set_session_id_context(res->ctx, (unsigned char *)lin, strlen(lin));
- SSL_CTX_set_tmp_rsa_callback(res->ctx, RSA_tmp_callback);
- SSL_CTX_set_tmp_dh_callback(res->ctx, DH_tmp_callback);
} else if(!regexec(&End, lin, 4, matches, 0)) {
- if(!has_addr)
- conf_err("BackEnd missing Address - aborted");
- if((res->addr.ai_family == AF_INET || res->addr.ai_family == AF_INET6) && !has_port)
- conf_err("BackEnd missing Port - aborted");
+ if(!has_addr) {
+ logmsg(LOG_ERR, "line %d: BackEnd missing Address - aborted", n_lin);
+ exit(1);
+ }
+ if((res->addr.ai_family == AF_INET || res->addr.ai_family == AF_INET6) && !has_port) {
+ logmsg(LOG_ERR, "line %d: BackEnd missing Port - aborted", n_lin);
+ exit(1);
+ }
return res;
} else {
- conf_err("unknown directive");
+ logmsg(LOG_ERR, "line %d: unknown directive \"%s\" - aborted", n_lin, lin);
+ exit(1);
}
}
- conf_err("BackEnd premature EOF");
+ logmsg(LOG_ERR, "line %d: BackEnd premature EOF", n_lin);
+ exit(1);
return NULL;
}
@@ -332,17 +254,22 @@
* parse a session
*/
static void
-parse_sess(SERVICE *const svc)
+parse_sess(FILE *const f_conf, SERVICE *const svc)
{
- char lin[MAXBUF], *cp, *parm;
+ char lin[MAXBUF], *cp;
- parm = NULL;
- while(conf_fgets(lin, MAXBUF)) {
+ while(fgets(lin, MAXBUF, f_conf)) {
+ n_lin++;
if(strlen(lin) > 0 && lin[strlen(lin) - 1] == '\n')
lin[strlen(lin) - 1] = '\0';
- if(!regexec(&Type, lin, 4, matches, 0)) {
- if(svc->sess_type != SESS_NONE)
- conf_err("Multiple Session types in one Service - aborted");
+ if(!regexec(&Empty, lin, 4, matches, 0) || !regexec(&Comment, lin, 4, matches, 0)) {
+ /* comment or empty line */
+ continue;
+ } else if(!regexec(&Type, lin, 4, matches, 0)) {
+ if(svc->sess_type != SESS_NONE) {
+ logmsg(LOG_ERR, "line %d: Multiple Session types in one Service - aborted", n_lin);
+ exit(1);
+ }
lin[matches[1].rm_eo] = '\0';
cp = lin + matches[1].rm_so;
if(!strcasecmp(cp, "IP"))
@@ -357,62 +284,76 @@
svc->sess_type = SESS_BASIC;
else if(!strcasecmp(cp, "HEADER"))
svc->sess_type = SESS_HEADER;
- else
- conf_err("Unknown Session type");
+ else {
+ logmsg(LOG_ERR, "line %d: Unknown Session type \"%s\" - aborted", n_lin, cp);
+ exit(1);
+ }
} else if(!regexec(&TTL, lin, 4, matches, 0)) {
svc->sess_ttl = atoi(lin + matches[1].rm_so);
} else if(!regexec(&ID, lin, 4, matches, 0)) {
- if(svc->sess_type != SESS_COOKIE && svc->sess_type != SESS_URL && svc->sess_type != SESS_HEADER)
- conf_err("no ID permitted unless COOKIE/URL/HEADER Session - aborted");
+ if(svc->sess_type != SESS_COOKIE && svc->sess_type != SESS_URL && svc->sess_type != SESS_HEADER) {
+ logmsg(LOG_ERR, "line %d: no ID permitted unless COOKIE/URL/HEADER Session - aborted", n_lin);
+ exit(1);
+ }
lin[matches[1].rm_eo] = '\0';
- if((parm = strdup(lin + matches[1].rm_so)) == NULL)
- conf_err("ID config: out of memory - aborted");
+ if((svc->sess_parm = strdup(lin + matches[1].rm_so)) == NULL) {
+ logmsg(LOG_ERR, "line %d: ID config: out of memory - aborted", n_lin);
+ exit(1);
+ }
} else if(!regexec(&End, lin, 4, matches, 0)) {
- if(svc->sess_type == SESS_NONE)
- conf_err("Session type not defined - aborted");
- if(svc->sess_ttl == 0)
- conf_err("Session TTL not defined - aborted");
+ if(svc->sess_type == SESS_NONE) {
+ logmsg(LOG_ERR, "line %d: Session type not defined - aborted", n_lin);
+ exit(1);
+ }
+ if(svc->sess_ttl == 0) {
+ logmsg(LOG_ERR, "line %d: Session TTL not defined - aborted", n_lin);
+ exit(1);
+ }
if((svc->sess_type == SESS_COOKIE || svc->sess_type == SESS_URL || svc->sess_type == SESS_HEADER)
- && parm == NULL)
- conf_err("Session ID not defined - aborted");
+ && svc->sess_parm == NULL) {
+ logmsg(LOG_ERR, "line %d: Session ID not defined - aborted", n_lin);
+ exit(1);
+ }
if(svc->sess_type == SESS_COOKIE) {
- snprintf(lin, MAXBUF - 1, "Cookie[^:]*:.*[ \t]%s=", parm);
- if(regcomp(&svc->sess_start, lin, REG_ICASE | REG_NEWLINE | REG_EXTENDED))
- conf_err("COOKIE pattern failed - aborted");
- if(regcomp(&svc->sess_pat, "([^;]*)", REG_ICASE | REG_NEWLINE | REG_EXTENDED))
- conf_err("COOKIE pattern failed - aborted");
+ snprintf(lin, MAXBUF - 1, "Cookie[^:]*:.*[ \t]%s=([^;]*)", svc->sess_parm);
+ if(regcomp(&svc->sess_pat, lin, REG_ICASE | REG_NEWLINE | REG_EXTENDED)) {
+ logmsg(LOG_ERR, "line %d: COOKIE pattern \"%s\" failed - aborted", n_lin, lin);
+ exit(1);
+ }
} else if(svc->sess_type == SESS_URL) {
- snprintf(lin, MAXBUF - 1, "[?&]%s=", parm);
- if(regcomp(&svc->sess_start, lin, REG_ICASE | REG_NEWLINE | REG_EXTENDED))
- conf_err("URL pattern failed - aborted");
- if(regcomp(&svc->sess_pat, "([^&;#]*)", REG_ICASE | REG_NEWLINE | REG_EXTENDED))
- conf_err("URL pattern failed - aborted");
+ snprintf(lin, MAXBUF - 1, "[?&]%s=([^&;#]*)", svc->sess_parm);
+ if(regcomp(&svc->sess_pat, lin, REG_ICASE | REG_NEWLINE | REG_EXTENDED)) {
+ logmsg(LOG_ERR, "line %d: URL pattern \"%s\" failed - aborted", n_lin, lin);
+ exit(1);
+ }
} else if(svc->sess_type == SESS_PARM) {
- if(regcomp(&svc->sess_start, ";", REG_ICASE | REG_NEWLINE | REG_EXTENDED))
- conf_err("PARM pattern failed - aborted");
- if(regcomp(&svc->sess_pat, "([^?]*)", REG_ICASE | REG_NEWLINE | REG_EXTENDED))
- conf_err("PARM pattern failed - aborted");
+ snprintf(lin, MAXBUF - 1, ";([^?]*)");
+ if(regcomp(&svc->sess_pat, lin, REG_ICASE | REG_NEWLINE | REG_EXTENDED)) {
+ logmsg(LOG_ERR, "line %d: PARM pattern \"%s\" failed - aborted", n_lin, lin);
+ exit(1);
+ }
} else if(svc->sess_type == SESS_BASIC) {
- if(regcomp(&svc->sess_start, "Authorization:[ \t]*Basic[ \t]*", REG_ICASE | REG_NEWLINE | REG_EXTENDED))
- conf_err("BASIC pattern failed - aborted");
- if(regcomp(&svc->sess_pat, "([^ \t]*)", REG_ICASE | REG_NEWLINE | REG_EXTENDED))
- conf_err("BASIC pattern failed - aborted");
+ snprintf(lin, MAXBUF - 1, "Authorization:[ \t]*Basic[ \t]*([^ \t]*)[ \t]*");
+ if(regcomp(&svc->sess_pat, lin, REG_ICASE | REG_NEWLINE | REG_EXTENDED)) {
+ logmsg(LOG_ERR, "line %d: BASIC pattern \"%s\" failed - aborted", n_lin, lin);
+ exit(1);
+ }
} else if(svc->sess_type == SESS_HEADER) {
- snprintf(lin, MAXBUF - 1, "%s:[ \t]*", parm);
- if(regcomp(&svc->sess_start, lin, REG_ICASE | REG_NEWLINE | REG_EXTENDED))
- conf_err("HEADER pattern failed - aborted");
- if(regcomp(&svc->sess_pat, "([^ \t]*)", REG_ICASE | REG_NEWLINE | REG_EXTENDED))
- conf_err("HEADER pattern failed - aborted");
+ snprintf(lin, MAXBUF - 1, "%s:[ \t]*([^ \t]*)[ \t]*", svc->sess_parm);
+ if(regcomp(&svc->sess_pat, lin, REG_ICASE | REG_NEWLINE | REG_EXTENDED)) {
+ logmsg(LOG_ERR, "line %d: HEADER pattern \"%s\" failed - aborted", n_lin, lin);
+ exit(1);
+ }
}
- if(parm != NULL)
- free(parm);
return;
} else {
- conf_err("unknown directive");
+ logmsg(LOG_ERR, "line %d: unknown directive \"%s\" - aborted", n_lin, lin);
+ exit(1);
}
}
- conf_err("Session premature EOF");
+ logmsg(LOG_ERR, "line %d: Session premature EOF", n_lin);
+ exit(1);
return;
}
@@ -444,86 +385,114 @@
* parse a service
*/
static SERVICE *
-parse_service(const char *svc_name)
+parse_service(FILE *const f_conf, const char *svc_name)
{
char lin[MAXBUF];
SERVICE *res;
BACKEND *be;
MATCHER *m;
- int ign_case;
- if((res = (SERVICE *)malloc(sizeof(SERVICE))) == NULL)
- conf_err("Service config: out of memory - aborted");
+ if((res = (SERVICE *)malloc(sizeof(SERVICE))) == NULL) {
+ logmsg(LOG_ERR, "line %d: Service config: out of memory - aborted", n_lin);
+ exit(1);
+ }
memset(res, 0, sizeof(SERVICE));
res->sess_type = SESS_NONE;
res->dynscale = dynscale;
pthread_mutex_init(&res->mut, NULL);
if(svc_name)
strncpy(res->name, svc_name, KEY_SIZE);
- if((res->sessions = lh_new(LHASH_HASH_FN(t_hash), LHASH_COMP_FN(t_cmp))) == NULL)
- conf_err("lh_new failed - aborted");
- ign_case = ignore_case;
- while(conf_fgets(lin, MAXBUF)) {
+ if((res->sessions = lh_new(LHASH_HASH_FN(t_hash), LHASH_COMP_FN(t_cmp))) == NULL) {
+ logmsg(LOG_ERR, "line %d: lh_new failed - aborted", n_lin);
+ exit(1);
+ }
+ while(fgets(lin, MAXBUF, f_conf)) {
+ n_lin++;
if(strlen(lin) > 0 && lin[strlen(lin) - 1] == '\n')
lin[strlen(lin) - 1] = '\0';
- if(!regexec(&URL, lin, 4, matches, 0)) {
+ if(!regexec(&Empty, lin, 4, matches, 0) || !regexec(&Comment, lin, 4, matches, 0)) {
+ /* comment or empty line */
+ continue;
+ } else if(!regexec(&URL, lin, 4, matches, 0)) {
if(res->url) {
for(m = res->url; m->next; m = m->next)
;
- if((m->next = (MATCHER *)malloc(sizeof(MATCHER))) == NULL)
- conf_err("URL config: out of memory - aborted");
+ if((m->next = (MATCHER *)malloc(sizeof(MATCHER))) == NULL) {
+ logmsg(LOG_ERR, "line %d: URL config: out of memory - aborted", n_lin);
+ exit(1);
+ }
m = m->next;
} else {
- if((res->url = (MATCHER *)malloc(sizeof(MATCHER))) == NULL)
- conf_err("URL config: out of memory - aborted");
+ if((res->url = (MATCHER *)malloc(sizeof(MATCHER))) == NULL) {
+ logmsg(LOG_ERR, "line %d: URL config: out of memory - aborted", n_lin);
+ exit(1);
+ }
m = res->url;
}
memset(m, 0, sizeof(MATCHER));
lin[matches[1].rm_eo] = '\0';
- if(regcomp(&m->pat, lin + matches[1].rm_so, REG_NEWLINE | REG_EXTENDED | (ign_case? REG_ICASE: 0)))
- conf_err("URL bad pattern - aborted");
+ if(regcomp(&m->pat, lin + matches[1].rm_so, REG_NEWLINE | REG_EXTENDED)) {
+ logmsg(LOG_ERR, "line %d: URL bad pattern \"%s\" - aborted", n_lin, lin + matches[1].rm_so);
+ exit(1);
+ }
} else if(!regexec(&HeadRequire, lin, 4, matches, 0)) {
if(res->req_head) {
for(m = res->req_head; m->next; m = m->next)
;
- if((m->next = (MATCHER *)malloc(sizeof(MATCHER))) == NULL)
- conf_err("HeadRequire config: out of memory - aborted");
+ if((m->next = (MATCHER *)malloc(sizeof(MATCHER))) == NULL) {
+ logmsg(LOG_ERR, "line %d: HeadRequire config: out of memory - aborted", n_lin);
+ exit(1);
+ }
m = m->next;
} else {
- if((res->req_head = (MATCHER *)malloc(sizeof(MATCHER))) == NULL)
- conf_err("HeadRequire config: out of memory - aborted");
+ if((res->req_head = (MATCHER *)malloc(sizeof(MATCHER))) == NULL) {
+ logmsg(LOG_ERR, "line %d: HeadRequire config: out of memory - aborted", n_lin);
+ exit(1);
+ }
m = res->req_head;
}
memset(m, 0, sizeof(MATCHER));
lin[matches[1].rm_eo] = '\0';
- if(regcomp(&m->pat, lin + matches[1].rm_so, REG_ICASE | REG_NEWLINE | REG_EXTENDED))
- conf_err("HeadRequire bad pattern - aborted");
+ if(regcomp(&m->pat, lin + matches[1].rm_so, REG_ICASE | REG_NEWLINE | REG_EXTENDED)) {
+ logmsg(LOG_ERR, "line %d: HeadRequire bad pattern \"%s\" - aborted", n_lin, lin + matches[1].rm_so);
+ exit(1);
+ }
} else if(!regexec(&HeadDeny, lin, 4, matches, 0)) {
if(res->deny_head) {
for(m = res->deny_head; m->next; m = m->next)
;
- if((m->next = (MATCHER *)malloc(sizeof(MATCHER))) == NULL)
- conf_err("HeadDeny config: out of memory - aborted");
+ if((m->next = (MATCHER *)malloc(sizeof(MATCHER))) == NULL) {
+ logmsg(LOG_ERR, "line %d: HeadDeny config: out of memory - aborted", n_lin);
+ exit(1);
+ }
m = m->next;
} else {
- if((res->deny_head = (MATCHER *)malloc(sizeof(MATCHER))) == NULL)
- conf_err("HeadDeny config: out of memory - aborted");
+ if((res->deny_head = (MATCHER *)malloc(sizeof(MATCHER))) == NULL) {
+ logmsg(LOG_ERR, "line %d: HeadDeny config: out of memory - aborted", n_lin);
+ exit(1);
+ }
m = res->deny_head;
}
memset(m, 0, sizeof(MATCHER));
lin[matches[1].rm_eo] = '\0';
- if(regcomp(&m->pat, lin + matches[1].rm_so, REG_ICASE | REG_NEWLINE | REG_EXTENDED))
- conf_err("HeadDeny bad pattern - aborted");
+ if(regcomp(&m->pat, lin + matches[1].rm_so, REG_ICASE | REG_NEWLINE | REG_EXTENDED)) {
+ logmsg(LOG_ERR, "line %d: HeadDeny bad pattern \"%s\" - aborted", n_lin, lin + matches[1].rm_so);
+ exit(1);
+ }
} else if(!regexec(&Redirect, lin, 4, matches, 0)) {
if(res->backends) {
for(be = res->backends; be->next; be = be->next)
;
- if((be->next = (BACKEND *)malloc(sizeof(BACKEND))) == NULL)
- conf_err("Redirect config: out of memory - aborted");
+ if((be->next = (BACKEND *)malloc(sizeof(BACKEND))) == NULL) {
+ logmsg(LOG_ERR, "line %d: Redirect config: out of memory - aborted", n_lin);
+ exit(1);
+ }
be = be->next;
} else {
- if((res->backends = (BACKEND *)malloc(sizeof(BACKEND))) == NULL)
- conf_err("Redirect config: out of memory - aborted");
+ if((res->backends = (BACKEND *)malloc(sizeof(BACKEND))) == NULL) {
+ logmsg(LOG_ERR, "line %d: Redirect config: out of memory - aborted", n_lin);
+ exit(1);
+ }
be = res->backends;
}
memset(be, 0, sizeof(BACKEND));
@@ -532,24 +501,33 @@
be->alive = 1;
pthread_mutex_init(&res->mut, NULL);
lin[matches[1].rm_eo] = '\0';
- if((be->url = strdup(lin + matches[1].rm_so)) == NULL)
- conf_err("Redirector config: out of memory - aborted");
+ if((be->url = strdup(lin + matches[1].rm_so)) == NULL) {
+ logmsg(LOG_ERR, "line %d: Redirector config: out of memory - aborted", n_lin);
+ exit(1);
+ }
/* split the URL into its fields */
- if(regexec(&LOCATION, be->url, 4, matches, 0))
- conf_err("Redirect bad URL - aborted");
- if((be->redir_req = matches[3].rm_eo - matches[3].rm_so) == 1)
- /* the path is a single '/', so remove it */
- be->url[matches[3].rm_so] = '\0';
+ if(regexec(&LOCATION, be->url, 4, matches, 0)) {
+ logmsg(LOG_ERR, "line %d: Redirect bad URL \"%s\" - aborted", n_lin, be->url);
+ exit(1);
+ }
+ if(be->url[matches[3].rm_so] == '/')
+ matches[3].rm_so++;
+ /* if the path component is empty or a sigle slash */
+ be->redir_req = ((matches[3].rm_eo - matches[3].rm_so) < 1);
} else if(!regexec(&RedirectN, lin, 4, matches, 0)) {
if(res->backends) {
for(be = res->backends; be->next; be = be->next)
;
- if((be->next = (BACKEND *)malloc(sizeof(BACKEND))) == NULL)
- conf_err("Redirect config: out of memory - aborted");
+ if((be->next = (BACKEND *)malloc(sizeof(BACKEND))) == NULL) {
+ logmsg(LOG_ERR, "line %d: Redirect config: out of memory - aborted", n_lin);
+ exit(1);
+ }
be = be->next;
} else {
- if((res->backends = (BACKEND *)malloc(sizeof(BACKEND))) == NULL)
- conf_err("Redirect config: out of memory - aborted");
+ if((res->backends = (BACKEND *)malloc(sizeof(BACKEND))) == NULL) {
+ logmsg(LOG_ERR, "line %d: Redirect config: out of memory - aborted", n_lin);
+ exit(1);
+ }
be = res->backends;
}
memset(be, 0, sizeof(BACKEND));
@@ -558,25 +536,30 @@
be->alive = 1;
pthread_mutex_init(&res->mut, NULL);
lin[matches[2].rm_eo] = '\0';
- if((be->url = strdup(lin + matches[2].rm_so)) == NULL)
- conf_err("Redirector config: out of memory - aborted");
+ if((be->url = strdup(lin + matches[2].rm_so)) == NULL) {
+ logmsg(LOG_ERR, "line %d: Redirector config: out of memory - aborted", n_lin);
+ exit(1);
+ }
/* split the URL into its fields */
- if(regexec(&LOCATION, be->url, 4, matches, 0))
- conf_err("Redirect bad URL - aborted");
- if((be->redir_req = matches[3].rm_eo - matches[3].rm_so) == 1)
- /* the path is a single '/', so remove it */
- be->url[matches[3].rm_so] = '\0';
+ if(regexec(&LOCATION, be->url, 4, matches, 0)) {
+ logmsg(LOG_ERR, "line %d: Redirect bad URL \"%s\" - aborted", n_lin, be->url);
+ exit(1);
+ }
+ if(be->url[matches[3].rm_so] == '/')
+ matches[3].rm_so++;
+ /* if the path component is empty or a sigle slash */
+ be->redir_req = ((matches[3].rm_eo - matches[3].rm_so) < 1);
} else if(!regexec(&BackEnd, lin, 4, matches, 0)) {
if(res->backends) {
for(be = res->backends; be->next; be = be->next)
;
- be->next = parse_be(0);
+ be->next = parse_be(f_conf, 0);
} else
- res->backends = parse_be(0);
+ res->backends = parse_be(f_conf, 0);
} else if(!regexec(&Emergency, lin, 4, matches, 0)) {
- res->emergency = parse_be(1);
+ res->emergency = parse_be(f_conf, 1);
} else if(!regexec(&Session, lin, 4, matches, 0)) {
- parse_sess(res);
+ parse_sess(f_conf, res);
} else if(!regexec(&End, lin, 4, matches, 0)) {
for(be = res->backends; be; be = be->next)
res->tot_pri += be->priority;
@@ -584,14 +567,14 @@
return res;
} else if(!regexec(&DynScale, lin, 4, matches, 0)) {
res->dynscale = atoi(lin + matches[1].rm_so);
- } else if(!regexec(&IgnoreCase, lin, 4, matches, 0)) {
- ign_case = atoi(lin + matches[1].rm_so);
} else {
- conf_err("unknown directive");
+ logmsg(LOG_ERR, "line %d: unknown directive \"%s\" - aborted", n_lin, lin);
+ exit(1);
}
}
- conf_err("Service premature EOF");
+ logmsg(LOG_ERR, "line %d: Service premature EOF", n_lin);
+ exit(1);
return NULL;
}
@@ -605,14 +588,22 @@
struct stat st;
int fin;
- if(stat(fname, &st))
- conf_err("can't stat Err file - aborted");
- if((fin = open(fname, O_RDONLY)) < 0)
- conf_err("can't open Err file - aborted");
- if((res = malloc(st.st_size + 1)) == NULL)
- conf_err("can't alloc Err file (out of memory) - aborted");
- if(read(fin, res, st.st_size) != st.st_size)
- conf_err("can't read Err file - aborted");
+ if(stat(fname, &st)) {
+ logmsg(LOG_ERR, "line %d: can't stat Err file \"%s\" (%s) - aborted", n_lin, fname, strerror(errno));
+ exit(1);
+ }
+ if((fin = open(fname, O_RDONLY)) < 0) {
+ logmsg(LOG_ERR, "line %d: can't open Err file \"%s\" (%s) - aborted", n_lin, fname, strerror(errno));
+ exit(1);
+ }
+ if((res = malloc(st.st_size + 1)) == NULL) {
+ logmsg(LOG_ERR, "line %d: can't alloc Err file \"%s\" (out of memory) - aborted", n_lin, fname);
+ exit(1);
+ }
+ if(read(fin, res, st.st_size) != st.st_size) {
+ logmsg(LOG_ERR, "line %d: can't read Err file \"%s\" (%s) - aborted", n_lin, fname, strerror(errno));
+ exit(1);
+ }
res[st.st_size] = '\0';
close(fin);
return res;
@@ -622,7 +613,7 @@
* parse an HTTP listener
*/
static LISTENER *
-parse_HTTP(void)
+parse_HTTP(FILE *const f_conf)
{
char lin[MAXBUF];
LISTENER *res;
@@ -632,8 +623,10 @@
struct sockaddr_in in;
struct sockaddr_in6 in6;
- if((res = (LISTENER *)malloc(sizeof(LISTENER))) == NULL)
- conf_err("ListenHTTP config: out of memory - aborted");
+ if((res = (LISTENER *)malloc(sizeof(LISTENER))) == NULL) {
+ logmsg(LOG_ERR, "line %d: ListenHTTP config: out of memory - aborted", n_lin);
+ exit(1);
+ }
memset(res, 0, sizeof(LISTENER));
res->to = clnt_to;
res->rewr_loc = 1;
@@ -642,18 +635,28 @@
res->err501 = "This method may not be used.";
res->err503 = "The service is not available. Please try again later.";
res->log_level = log_level;
- if(regcomp(&res->verb, xhttp[0], REG_ICASE | REG_NEWLINE | REG_EXTENDED))
- conf_err("xHTTP bad default pattern - aborted");
+ if(regcomp(&res->verb, xhttp[0], REG_ICASE | REG_NEWLINE | REG_EXTENDED)) {
+ logmsg(LOG_ERR, "line %d: xHTTP bad default pattern - aborted", n_lin);
+ exit(1);
+ }
has_addr = has_port = 0;
- while(conf_fgets(lin, MAXBUF)) {
+ while(fgets(lin, MAXBUF, f_conf)) {
+ n_lin++;
if(strlen(lin) > 0 && lin[strlen(lin) - 1] == '\n')
lin[strlen(lin) - 1] = '\0';
- if(!regexec(&Address, lin, 4, matches, 0)) {
+ if(!regexec(&Empty, lin, 4, matches, 0) || !regexec(&Comment, lin, 4, matches, 0)) {
+ /* comment or empty line */
+ continue;
+ } else if(!regexec(&Address, lin, 4, matches, 0)) {
lin[matches[1].rm_eo] = '\0';
- if(get_host(lin + matches[1].rm_so, &res->addr))
- conf_err("Unknown Listener address");
- if(res->addr.ai_family != AF_INET && res->addr.ai_family != AF_INET6)
- conf_err("Unknown Listener address family");
+ if(get_host(lin + matches[1].rm_so, &res->addr)) {
+ logmsg(LOG_ERR, "line %d: Unknown Listener address \"%s\"", n_lin, lin + matches[1].rm_so);
+ exit(1);
+ }
+ if(res->addr.ai_family != AF_INET && res->addr.ai_family != AF_INET6) {
+ logmsg(LOG_ERR, "line %d: Unknown Listener address family %d", n_lin, res->addr.ai_family);
+ exit(1);
+ }
has_addr = 1;
} else if(!regexec(&Port, lin, 4, matches, 0)) {
switch(res->addr.ai_family) {
@@ -668,7 +671,8 @@
memcpy(res->addr.ai_addr, &in6, sizeof(in6));
break;
default:
- conf_err("Unknown Listener address family");
+ logmsg(LOG_ERR, "line %d: Unknown Listener address family %d", n_lin, res->addr.ai_family);
+ exit(1);
}
has_port = 1;
} else if(!regexec(&xHTTP, lin, 4, matches, 0)) {
@@ -676,16 +680,22 @@
n = atoi(lin + matches[1].rm_so);
regfree(&res->verb);
- if(regcomp(&res->verb, xhttp[n], REG_ICASE | REG_NEWLINE | REG_EXTENDED))
- conf_err("xHTTP bad pattern - aborted");
+ if(regcomp(&res->verb, xhttp[n], REG_ICASE | REG_NEWLINE | REG_EXTENDED)) {
+ logmsg(LOG_ERR, "line %d: xHTTP bad pattern %d - aborted", n_lin, n);
+ exit(1);
+ }
} else if(!regexec(&Client, lin, 4, matches, 0)) {
res->to = atoi(lin + matches[1].rm_so);
} else if(!regexec(&CheckURL, lin, 4, matches, 0)) {
- if(res->has_pat)
- conf_err("CheckURL multiple pattern - aborted");
+ if(res->has_pat) {
+ logmsg(LOG_ERR, "line %d: CheckURL multiple pattern - aborted", n_lin);
+ exit(1);
+ }
lin[matches[1].rm_eo] = '\0';
- if(regcomp(&res->url_pat, lin + matches[1].rm_so, REG_NEWLINE | REG_EXTENDED))
- conf_err("CheckURL bad pattern - aborted");
+ if(regcomp(&res->url_pat, lin + matches[1].rm_so, REG_NEWLINE | REG_EXTENDED)) {
+ logmsg(LOG_ERR, "line %d: CheckURL bad pattern \"%s\" - aborted", n_lin, lin + matches[1].rm_so);
+ exit(1);
+ }
res->has_pat = 1;
} else if(!regexec(&Err414, lin, 4, matches, 0)) {
lin[matches[1].rm_eo] = '\0';
@@ -705,22 +715,30 @@
if(res->head_off) {
for(m = res->head_off; m->next; m = m->next)
;
- if((m->next = (MATCHER *)malloc(sizeof(MATCHER))) == NULL)
- conf_err("HeadRemove config: out of memory - aborted");
+ if((m->next = (MATCHER *)malloc(sizeof(MATCHER))) == NULL) {
+ logmsg(LOG_ERR, "line %d: HeadRemove config: out of memory - aborted", n_lin);
+ exit(1);
+ }
m = m->next;
} else {
- if((res->head_off = (MATCHER *)malloc(sizeof(MATCHER))) == NULL)
- conf_err("HeadRemove config: out of memory - aborted");
+ if((res->head_off = (MATCHER *)malloc(sizeof(MATCHER))) == NULL) {
+ logmsg(LOG_ERR, "line %d: HeadRemove config: out of memory - aborted", n_lin);
+ exit(1);
+ }
m = res->head_off;
}
memset(m, 0, sizeof(MATCHER));
lin[matches[1].rm_eo] = '\0';
- if(regcomp(&m->pat, lin + matches[1].rm_so, REG_ICASE | REG_NEWLINE | REG_EXTENDED))
- conf_err("HeadRemove bad pattern - aborted");
+ if(regcomp(&m->pat, lin + matches[1].rm_so, REG_ICASE | REG_NEWLINE | REG_EXTENDED)) {
+ logmsg(LOG_ERR, "line %d: HeadRemove bad pattern \"%s\" - aborted", n_lin, lin + matches[1].rm_so);
+ exit(1);
+ }
} else if(!regexec(&AddHeader, lin, 4, matches, 0)) {
lin[matches[1].rm_eo] = '\0';
- if((res->add_head = strdup(lin + matches[1].rm_so)) == NULL)
- conf_err("AddHeader config: out of memory - aborted");
+ if((res->add_head = strdup(lin + matches[1].rm_so)) == NULL) {
+ logmsg(LOG_ERR, "line %d: AddHeader config: out of memory - aborted", n_lin);
+ exit(1);
+ }
} else if(!regexec(&RewriteLocation, lin, 4, matches, 0)) {
res->rewr_loc = atoi(lin + matches[1].rm_so);
} else if(!regexec(&RewriteDestination, lin, 4, matches, 0)) {
@@ -729,31 +747,35 @@
res->log_level = atoi(lin + matches[1].rm_so);
} else if(!regexec(&Service, lin, 4, matches, 0)) {
if(res->services == NULL)
- res->services = parse_service(NULL);
+ res->services = parse_service(f_conf, NULL);
else {
for(svc = res->services; svc->next; svc = svc->next)
;
- svc->next = parse_service(NULL);
+ svc->next = parse_service(f_conf, NULL);
}
} else if(!regexec(&ServiceName, lin, 4, matches, 0)) {
lin[matches[1].rm_eo] = '\0';
if(res->services == NULL)
- res->services = parse_service(lin + matches[1].rm_so);
+ res->services = parse_service(f_conf, lin + matches[1].rm_so);
else {
for(svc = res->services; svc->next; svc = svc->next)
;
- svc->next = parse_service(lin + matches[1].rm_so);
+ svc->next = parse_service(f_conf, lin + matches[1].rm_so);
}
} else if(!regexec(&End, lin, 4, matches, 0)) {
- if(!has_addr || !has_port)
- conf_err("ListenHTTP missing Address or Port - aborted");
+ if(!has_addr || !has_port) {
+ logmsg(LOG_ERR, "line %d: ListenHTTP missing Address or Port - aborted", n_lin);
+ exit(1);
+ }
return res;
} else {
- conf_err("unknown directive - aborted");
+ logmsg(LOG_ERR, "line %d: unknown directive \"%s\" - aborted", n_lin, lin);
+ exit(1);
}
}
- conf_err("ListenHTTP premature EOF");
+ logmsg(LOG_ERR, "line %d: ListenHTTP premature EOF", n_lin);
+ exit(1);
return NULL;
}
/*
@@ -769,7 +791,7 @@
* parse an HTTPS listener
*/
static LISTENER *
-parse_HTTPS(void)
+parse_HTTPS(FILE *const f_conf)
{
char lin[MAXBUF];
LISTENER *res;
@@ -780,11 +802,15 @@
struct sockaddr_in in;
struct sockaddr_in6 in6;
- if((res = (LISTENER *)malloc(sizeof(LISTENER))) == NULL)
- conf_err("ListenHTTPS config: out of memory - aborted");
+ if((res = (LISTENER *)malloc(sizeof(LISTENER))) == NULL) {
+ logmsg(LOG_ERR, "line %d: ListenHTTPS config: out of memory - aborted", n_lin);
+ exit(1);
+ }
memset(res, 0, sizeof(LISTENER));
- if((res->ctx = SSL_CTX_new(SSLv23_server_method())) == NULL)
- conf_err("SSL_CTX_new failed - aborted");
+ if((res->ctx = SSL_CTX_new(SSLv23_server_method())) == NULL) {
+ logmsg(LOG_ERR, "line %d: SSL_CTX_new failed - aborted", n_lin);
+ exit(1);
+ }
res->to = clnt_to;
res->rewr_loc = 1;
@@ -793,18 +819,28 @@
res->err501 = "This method may not be used.";
res->err503 = "The service is not available. Please try again later.";
res->log_level = log_level;
- if(regcomp(&res->verb, xhttp[0], REG_ICASE | REG_NEWLINE | REG_EXTENDED))
- conf_err("xHTTP bad default pattern - aborted");
+ if(regcomp(&res->verb, xhttp[0], REG_ICASE | REG_NEWLINE | REG_EXTENDED)) {
+ logmsg(LOG_ERR, "line %d: xHTTP bad default pattern - aborted", n_lin);
+ exit(1);
+ }
has_addr = has_port = has_cert = 0;
- while(conf_fgets(lin, MAXBUF)) {
+ while(fgets(lin, MAXBUF, f_conf)) {
+ n_lin++;
if(strlen(lin) > 0 && lin[strlen(lin) - 1] == '\n')
lin[strlen(lin) - 1] = '\0';
- if(!regexec(&Address, lin, 4, matches, 0)) {
+ if(!regexec(&Empty, lin, 4, matches, 0) || !regexec(&Comment, lin, 4, matches, 0)) {
+ /* comment or empty line */
+ continue;
+ } else if(!regexec(&Address, lin, 4, matches, 0)) {
lin[matches[1].rm_eo] = '\0';
- if(get_host(lin + matches[1].rm_so, &res->addr))
- conf_err("Unknown Listener address");
- if(res->addr.ai_family != AF_INET && res->addr.ai_family != AF_INET6)
- conf_err("Unknown Listener address family");
+ if(get_host(lin + matches[1].rm_so, &res->addr)) {
+ logmsg(LOG_ERR, "line %d: Unknown Listener address \"%s\"", n_lin, lin + matches[1].rm_so);
+ exit(1);
+ }
+ if(res->addr.ai_family != AF_INET && res->addr.ai_family != AF_INET6) {
+ logmsg(LOG_ERR, "line %d: Unknown Listener address family %d", n_lin, res->addr.ai_family);
+ exit(1);
+ }
has_addr = 1;
} else if(!regexec(&Port, lin, 4, matches, 0)) {
if(res->addr.ai_family == AF_INET) {
@@ -822,16 +858,22 @@
n = atoi(lin + matches[1].rm_so);
regfree(&res->verb);
- if(regcomp(&res->verb, xhttp[n], REG_ICASE | REG_NEWLINE | REG_EXTENDED))
- conf_err("xHTTP bad pattern - aborted");
+ if(regcomp(&res->verb, xhttp[n], REG_ICASE | REG_NEWLINE | REG_EXTENDED)) {
+ logmsg(LOG_ERR, "line %d: xHTTP bad pattern %d - aborted", n_lin, n);
+ exit(1);
+ }
} else if(!regexec(&Client, lin, 4, matches, 0)) {
res->to = atoi(lin + matches[1].rm_so);
} else if(!regexec(&CheckURL, lin, 4, matches, 0)) {
- if(res->has_pat)
- conf_err("CheckURL multiple pattern - aborted");
+ if(res->has_pat) {
+ logmsg(LOG_ERR, "line %d: CheckURL multiple pattern - aborted", n_lin);
+ exit(1);
+ }
lin[matches[1].rm_eo] = '\0';
- if(regcomp(&res->url_pat, lin + matches[1].rm_so, REG_NEWLINE | REG_EXTENDED))
- conf_err("CheckURL bad pattern - aborted");
+ if(regcomp(&res->url_pat, lin + matches[1].rm_so, REG_NEWLINE | REG_EXTENDED)) {
+ logmsg(LOG_ERR, "line %d: CheckURL bad pattern \"%s\" - aborted", n_lin, lin + matches[1].rm_so);
+ exit(1);
+ }
res->has_pat = 1;
} else if(!regexec(&Err414, lin, 4, matches, 0)) {
lin[matches[1].rm_eo] = '\0';
@@ -851,18 +893,24 @@
if(res->head_off) {
for(m = res->head_off; m->next; m = m->next)
;
- if((m->next = (MATCHER *)malloc(sizeof(MATCHER))) == NULL)
- conf_err("HeadRemove config: out of memory - aborted");
+ if((m->next = (MATCHER *)malloc(sizeof(MATCHER))) == NULL) {
+ logmsg(LOG_ERR, "line %d: HeadRemove config: out of memory - aborted", n_lin);
+ exit(1);
+ }
m = m->next;
} else {
- if((res->head_off = (MATCHER *)malloc(sizeof(MATCHER))) == NULL)
- conf_err("HeadRemove config: out of memory - aborted");
+ if((res->head_off = (MATCHER *)malloc(sizeof(MATCHER))) == NULL) {
+ logmsg(LOG_ERR, "line %d: HeadRemove config: out of memory - aborted", n_lin);
+ exit(1);
+ }
m = res->head_off;
}
memset(m, 0, sizeof(MATCHER));
lin[matches[1].rm_eo] = '\0';
- if(regcomp(&m->pat, lin + matches[1].rm_so, REG_ICASE | REG_NEWLINE | REG_EXTENDED))
- conf_err("HeadRemove bad pattern - aborted");
+ if(regcomp(&m->pat, lin + matches[1].rm_so, REG_ICASE | REG_NEWLINE | REG_EXTENDED)) {
+ logmsg(LOG_ERR, "line %d: HeadRemove bad pattern \"%s\" - aborted", n_lin, lin + matches[1].rm_so);
+ exit(1);
+ }
} else if(!regexec(&RewriteLocation, lin, 4, matches, 0)) {
res->rewr_loc = atoi(lin + matches[1].rm_so);
} else if(!regexec(&RewriteDestination, lin, 4, matches, 0)) {
@@ -871,12 +919,24 @@
res->log_level = atoi(lin + matches[1].rm_so);
} else if(!regexec(&Cert, lin, 4, matches, 0)) {
lin[matches[1].rm_eo] = '\0';
- if(SSL_CTX_use_certificate_chain_file(res->ctx, lin + matches[1].rm_so) != 1)
- conf_err("SSL_CTX_use_certificate_chain_file failed - aborted");
- if(SSL_CTX_use_PrivateKey_file(res->ctx, lin + matches[1].rm_so, SSL_FILETYPE_PEM) != 1)
- conf_err("SSL_CTX_use_PrivateKey_file failed - aborted");
- if(SSL_CTX_check_private_key(res->ctx) != 1)
- conf_err("SSL_CTX_check_private_key failed - aborted");
+ if(SSL_CTX_use_certificate_chain_file(res->ctx, lin + matches[1].rm_so) != 1) {
+ logmsg(LOG_ERR, "line %d: SSL_CTX_use_certificate_chain_file \"%s\" failed - aborted", n_lin,
+ lin + matches[1].rm_so);
+ logmsg(LOG_ERR, "%s", ERR_error_string(ERR_get_error(), NULL));
+ exit(1);
+ }
+ if(SSL_CTX_use_PrivateKey_file(res->ctx, lin + matches[1].rm_so, SSL_FILETYPE_PEM) != 1) {
+ logmsg(LOG_ERR, "line %d: SSL_CTX_use_PrivateKey_file \"%s\" failed - aborted", n_lin,
+ lin + matches[1].rm_so);
+ logmsg(LOG_ERR, "%s", ERR_error_string(ERR_get_error(), NULL));
+ exit(1);
+ }
+ if(SSL_CTX_check_private_key(res->ctx) != 1) {
+ logmsg(LOG_ERR, "line %d: SSL_CTX_check_private_key \"%s\" failed - aborted", n_lin,
+ lin + matches[1].rm_so);
+ logmsg(LOG_ERR, "%s", ERR_error_string(ERR_get_error(), NULL));
+ exit(1);
+ }
has_cert = 1;
} else if(!regexec(&ClientCert, lin, 4, matches, 0)) {
switch(res->clnt_check = atoi(lin + matches[1].rm_so)) {
@@ -902,8 +962,10 @@
}
} else if(!regexec(&AddHeader, lin, 4, matches, 0)) {
lin[matches[1].rm_eo] = '\0';
- if((res->add_head = strdup(lin + matches[1].rm_so)) == NULL)
- conf_err("AddHeader config: out of memory - aborted");
+ if((res->add_head = strdup(lin + matches[1].rm_so)) == NULL) {
+ logmsg(LOG_ERR, "line %d: AddHeader config: out of memory - aborted", n_lin);
+ exit(1);
+ }
} else if(!regexec(&Ciphers, lin, 4, matches, 0)) {
lin[matches[1].rm_eo] = '\0';
SSL_CTX_set_cipher_list(res->ctx, lin + matches[1].rm_so);
@@ -911,13 +973,21 @@
STACK_OF(X509_NAME) *cert_names;
lin[matches[1].rm_eo] = '\0';
- if((cert_names = SSL_load_client_CA_file(lin + matches[1].rm_so)) == NULL)
- conf_err("SSL_load_client_CA_file failed - aborted");
+ if((cert_names = SSL_load_client_CA_file(lin + matches[1].rm_so)) == NULL) {
+ logmsg(LOG_ERR, "line %d: SSL_load_client_CA_file \"%s\" failed - aborted", n_lin,
+ lin + matches[1].rm_so);
+ logmsg(LOG_ERR, "%s", ERR_error_string(ERR_get_error(), NULL));
+ exit(1);
+ }
SSL_CTX_set_client_CA_list(res->ctx, cert_names);
} else if(!regexec(&VerifyList, lin, 4, matches, 0)) {
lin[matches[1].rm_eo] = '\0';
- if(SSL_CTX_load_verify_locations(res->ctx, lin + matches[1].rm_so, NULL) != 1)
- conf_err("SSL_CTX_load_verify_locations failed - aborted");
+ if(SSL_CTX_load_verify_locations(res->ctx, lin + matches[1].rm_so, NULL) != 1) {
+ logmsg(LOG_ERR, "line %d: SSL_CTX_load_verify_locations \"%s\" failed - aborted", n_lin,
+ lin + matches[1].rm_so);
+ logmsg(LOG_ERR, "%s", ERR_error_string(ERR_get_error(), NULL));
+ exit(1);
+ }
} else if(!regexec(&CRLlist, lin, 4, matches, 0)) {
#if HAVE_X509_STORE_SET_FLAGS
X509_STORE *store;
@@ -925,51 +995,61 @@
lin[matches[1].rm_eo] = '\0';
store = SSL_CTX_get_cert_store(res->ctx);
- if((lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file())) == NULL)
- conf_err("X509_STORE_add_lookup failed - aborted");
- if(X509_load_crl_file(lookup, lin + matches[1].rm_so, X509_FILETYPE_PEM) != 1)
- conf_err("X509_load_crl_file failed - aborted");
+ if((lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file())) == NULL) {
+ logmsg(LOG_ERR, "line %d: X509_STORE_add_lookup \"%s\" failed - aborted", n_lin,
+ lin + matches[1].rm_so);
+ logmsg(LOG_ERR, "%s", ERR_error_string(ERR_get_error(), NULL));
+ exit(1);
+ }
+ if(X509_load_crl_file(lookup, lin + matches[1].rm_so, X509_FILETYPE_PEM) != 1) {
+ logmsg(LOG_ERR, "line %d: X509_load_crl_file \"%s\" failed - aborted", n_lin, lin + matches[1].rm_so);
+ logmsg(LOG_ERR, "%s", ERR_error_string(ERR_get_error(), NULL));
+ exit(1);
+ }
X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);
#else
- conf_err("your version of OpenSSL does not support CRL checking");
+ logmsg(LOG_ERR, "line %d: your version of OpenSSL does not support CRL checking", n_lin);
#endif
} else if(!regexec(&NoHTTPS11, lin, 4, matches, 0)) {
res->noHTTPS11 = atoi(lin + matches[1].rm_so);
} else if(!regexec(&Service, lin, 4, matches, 0)) {
if(res->services == NULL)
- res->services = parse_service(NULL);
+ res->services = parse_service(f_conf, NULL);
else {
for(svc = res->services; svc->next; svc = svc->next)
;
- svc->next = parse_service(NULL);
+ svc->next = parse_service(f_conf, NULL);
}
} else if(!regexec(&ServiceName, lin, 4, matches, 0)) {
lin[matches[1].rm_eo] = '\0';
if(res->services == NULL)
- res->services = parse_service(lin + matches[1].rm_so);
+ res->services = parse_service(f_conf, lin + matches[1].rm_so);
else {
for(svc = res->services; svc->next; svc = svc->next)
;
- svc->next = parse_service(lin + matches[1].rm_so);
+ svc->next = parse_service(f_conf, lin + matches[1].rm_so);
}
} else if(!regexec(&End, lin, 4, matches, 0)) {
X509_STORE *store;
- if(!has_addr || !has_port || !has_cert)
- conf_err("ListenHTTPS missing Address, Port or Certificate - aborted");
+ if(!has_addr || !has_port || !has_cert) {
+ logmsg(LOG_ERR, "line %d: ListenHTTPS missing Address, Port or Certificate - aborted", n_lin);
+ exit(1);
+ }
SSL_CTX_set_mode(res->ctx, SSL_MODE_AUTO_RETRY);
SSL_CTX_set_options(res->ctx, SSL_OP_ALL);
sprintf(lin, "%d-Pound-%ld", getpid(), random());
SSL_CTX_set_session_id_context(res->ctx, (unsigned char *)lin, strlen(lin));
SSL_CTX_set_tmp_rsa_callback(res->ctx, RSA_tmp_callback);
- SSL_CTX_set_tmp_dh_callback(res->ctx, DH_tmp_callback);
return res;
} else {
- conf_err("unknown directive");
+ logmsg(LOG_ERR, "line %d: unknown directive \"%s\" - aborted", n_lin, lin);
+ exit(1);
}
}
- conf_err("ListenHTTPS premature EOF");
+ logmsg(LOG_ERR, "line %d: ListenHTTPS premature EOF", n_lin);
+ exit(1);
return NULL;
}
@@ -977,7 +1057,7 @@
* parse the config file
*/
static void
-parse_file(void)
+parse_file(FILE *const f_conf)
{
char lin[MAXBUF];
SERVICE *svc;
@@ -987,21 +1067,31 @@
ENGINE *e;
#endif
- while(conf_fgets(lin, MAXBUF)) {
+ while(fgets(lin, MAXBUF, f_conf)) {
+ n_lin++;
if(strlen(lin) > 0 && lin[strlen(lin) - 1] == '\n')
lin[strlen(lin) - 1] = '\0';
- if(!regexec(&User, lin, 4, matches, 0)) {
+ if(!regexec(&Empty, lin, 4, matches, 0) || !regexec(&Comment, lin, 4, matches, 0)) {
+ /* comment or empty line */
+ continue;
+ } else if(!regexec(&User, lin, 4, matches, 0)) {
lin[matches[1].rm_eo] = '\0';
- if((user = strdup(lin + matches[1].rm_so)) == NULL)
- conf_err("User config: out of memory - aborted");
+ if((user = strdup(lin + matches[1].rm_so)) == NULL) {
+ logmsg(LOG_ERR, "line %d: User config: out of memory - aborted", n_lin);
+ exit(1);
+ }
} else if(!regexec(&Group, lin, 4, matches, 0)) {
lin[matches[1].rm_eo] = '\0';
- if((group = strdup(lin + matches[1].rm_so)) == NULL)
- conf_err("Group config: out of memory - aborted");
+ if((group = strdup(lin + matches[1].rm_so)) == NULL) {
+ logmsg(LOG_ERR, "line %d: Group config: out of memory - aborted", n_lin);
+ exit(1);
+ }
} else if(!regexec(&RootJail, lin, 4, matches, 0)) {
lin[matches[1].rm_eo] = '\0';
- if((root_jail = strdup(lin + matches[1].rm_so)) == NULL)
- conf_err("RootJail config: out of memory - aborted");
+ if((root_jail = strdup(lin + matches[1].rm_so)) == NULL) {
+ logmsg(LOG_ERR, "line %d: RootJail config: out of memory - aborted", n_lin);
+ exit(1);
+ }
} else if(!regexec(&Daemon, lin, 4, matches, 0)) {
daemonize = atoi(lin + matches[1].rm_so);
} else if(!regexec(&LogFacility, lin, 4, matches, 0)) {
@@ -1026,69 +1116,72 @@
dynscale = atoi(lin + matches[1].rm_so);
} else if(!regexec(&TimeOut, lin, 4, matches, 0)) {
be_to = atoi(lin + matches[1].rm_so);
- } else if(!regexec(&ConnTO, lin, 4, matches, 0)) {
- be_connto = atoi(lin + matches[1].rm_so);
- } else if(!regexec(&IgnoreCase, lin, 4, matches, 0)) {
- ignore_case = atoi(lin + matches[1].rm_so);
#if HAVE_OPENSSL_ENGINE_H
} else if(!regexec(&SSLEngine, lin, 4, matches, 0)) {
lin[matches[1].rm_eo] = '\0';
#if OPENSSL_VERSION_NUMBER >= 0x00907000L
ENGINE_load_builtin_engines();
#endif
- if (!(e = ENGINE_by_id(lin + matches[1].rm_so)))
- conf_err("could not find engine");
+ if (!(e = ENGINE_by_id(lin + matches[1].rm_so))) {
+ logmsg(LOG_ERR, "line %d: could not find %s engine", n_lin, lin + matches[1].rm_so);
+ exit(1);
+ }
if(!ENGINE_init(e)) {
ENGINE_free(e);
- conf_err("could not init engine");
+ logmsg(LOG_ERR, "line %d: could not init %s engine", n_lin, lin + matches[1].rm_so);
+ exit(1);
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
ENGINE_free(e);
- conf_err("could not set all defaults");
+ logmsg(LOG_ERR, "line %d: could not set all defaults", n_lin);
+ exit(1);
}
ENGINE_finish(e);
ENGINE_free(e);
#endif
} else if(!regexec(&Control, lin, 4, matches, 0)) {
- if(ctrl_name != NULL)
- conf_err("Control multiply defined - aborted");
+ if(ctrl_name != NULL) {
+ logmsg(LOG_ERR, "line %d: Control multiply defined - aborted", n_lin);
+ exit(1);
+ }
lin[matches[1].rm_eo] = '\0';
ctrl_name = strdup(lin + matches[1].rm_so);
} else if(!regexec(&ListenHTTP, lin, 4, matches, 0)) {
if(listeners == NULL)
- listeners = parse_HTTP();
+ listeners = parse_HTTP(f_conf);
else {
for(lstn = listeners; lstn->next; lstn = lstn->next)
;
- lstn->next = parse_HTTP();
+ lstn->next = parse_HTTP(f_conf);
}
} else if(!regexec(&ListenHTTPS, lin, 4, matches, 0)) {
if(listeners == NULL)
- listeners = parse_HTTPS();
+ listeners = parse_HTTPS(f_conf);
else {
for(lstn = listeners; lstn->next; lstn = lstn->next)
;
- lstn->next = parse_HTTPS();
+ lstn->next = parse_HTTPS(f_conf);
}
} else if(!regexec(&Service, lin, 4, matches, 0)) {
if(services == NULL)
- services = parse_service(NULL);
+ services = parse_service(f_conf, NULL);
else {
for(svc = services; svc->next; svc = svc->next)
;
- svc->next = parse_service(NULL);
+ svc->next = parse_service(f_conf, NULL);
}
} else if(!regexec(&ServiceName, lin, 4, matches, 0)) {
lin[matches[1].rm_eo] = '\0';
if(services == NULL)
- services = parse_service(lin + matches[1].rm_so);
+ services = parse_service(f_conf, lin + matches[1].rm_so);
else {
for(svc = services; svc->next; svc = svc->next)
;
- svc->next = parse_service(lin + matches[1].rm_so);
+ svc->next = parse_service(f_conf, lin + matches[1].rm_so);
}
} else {
- conf_err("unknown directive - aborted");
+ logmsg(LOG_ERR, "line %d: unknown directive \"%s\" - aborted", n_lin, lin);
+ exit(1);
}
}
return;
@@ -1158,11 +1251,6 @@
|| regcomp(&VerifyList, "^[ \t]*VerifyList[ \t]+\"(.+)\"[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED)
|| regcomp(&CRLlist, "^[ \t]*CRLlist[ \t]+\"(.+)\"[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED)
|| regcomp(&NoHTTPS11, "^[ \t]*NoHTTPS11[ \t]+([0-2])[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED)
- || regcomp(&Include, "^[ \t]*Include[ \t]+\"(.+)\"[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED)
- || regcomp(&ConnTO, "^[ \t]*ConnTO[ \t]+([1-9][0-9]*)[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED)
- || regcomp(&IgnoreCase, "^[ \t]*IgnoreCase[ \t]+([01])[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED)
- || regcomp(&HTTPS, "^[ \t]*HTTPS[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED)
- || regcomp(&HTTPSCert, "^[ \t]*HTTPS[ \t]+\"(.+)\"[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED)
) {
logmsg(LOG_ERR, "bad config Regex - aborted");
exit(1);
@@ -1232,7 +1320,10 @@
exit(1);
}
- conf_init(conf_name);
+ if((f_conf = fopen(conf_name, "rt")) == NULL) {
+ logmsg(LOG_ERR, "can't open configuration file \"%s\" (%s) - aborted", conf_name, strerror(errno));
+ exit(1);
+ }
user = NULL;
group = NULL;
@@ -1246,7 +1337,9 @@
services = NULL;
listeners = NULL;
- parse_file();
+ parse_file(f_conf);
+
+ fclose(f_conf);
if(check_only) {
logmsg(LOG_INFO, "Config file %s is OK", conf_name);
@@ -1312,11 +1405,6 @@
regfree(&VerifyList);
regfree(&CRLlist);
regfree(&NoHTTPS11);
- regfree(&Include);
- regfree(&ConnTO);
- regfree(&IgnoreCase);
- regfree(&HTTPS);
- regfree(&HTTPSCert);
/* set the facility only here to ensure the syslog gets opened if necessary */
log_facility = def_facility;
|
[-]
[+]
|
Changed |
Pound-2.4.1.tar.bz2/config.h.in
^
|
@@ -36,9 +36,6 @@
/* Define to 1 if you have the `dl' library (-ldl). */
#undef HAVE_LIBDL
-/* Define if libpcreposix is available */
-#undef HAVE_LIBPCREPOSIX
-
/* Define to 1 if you have the `localtime_r' function. */
#undef HAVE_LOCALTIME_R
|
[-]
[+]
|
Changed |
Pound-2.4.1.tar.bz2/configure
^
|
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.61 for pound 2.5.
+# Generated by GNU Autoconf 2.61 for pound 2.4.1.
#
# Report bugs to <roseg@apsis.ch>.
#
@@ -574,8 +574,8 @@
# Identity of this package.
PACKAGE_NAME='pound'
PACKAGE_TARNAME='pound'
-PACKAGE_VERSION='2.5'
-PACKAGE_STRING='pound 2.5'
+PACKAGE_VERSION='2.4.1'
+PACKAGE_STRING='pound 2.4.1'
PACKAGE_BUGREPORT='roseg@apsis.ch'
ac_unique_file="pound.c"
@@ -1204,7 +1204,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures pound 2.5 to adapt to many kinds of systems.
+\`configure' configures pound 2.4.1 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1270,7 +1270,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of pound 2.5:";;
+ short | recursive ) echo "Configuration of pound 2.4.1:";;
esac
cat <<\_ACEOF
@@ -1281,19 +1281,13 @@
(default: enabled)
--enable-cert1l enable or disable single-line certificate (default:
disabled)
- --enable-pcreposix enable or disable using the pcreposix library
- (default: enabled if available)
- --enable-tcmalloc enable or disable using the tcmalloc library
- (default: enabled if available)
- --enable-hoard enable or disable using the hoard library (default:
- enabled if available and ctmalloc NOT available)
Optional Packages:
--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
--without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
--with-ssl=directory location of OpenSSL package
--with-t_rsa=nnn Time-out for RSA ephemeral keys generation
- --with-maxbuf=nnn Value of the MAXBUF parameter (default: 4096)
+ --with-maxbuf=nnn Value of the MAXBUF parameter (default: 1024)
--with-owner=name The account that will own the files installed by
Pound
--with-group=name The group that will own the files installed by Pound
@@ -1372,7 +1366,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-pound configure 2.5
+pound configure 2.4.1
generated by GNU Autoconf 2.61
Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
@@ -1386,7 +1380,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by pound $as_me 2.5, which was
+It was created by pound $as_me 2.4.1, which was
generated by GNU Autoconf 2.61. Invocation command line was
$ $0 $@
@@ -2911,7 +2905,7 @@
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
-# Pound is distributed in the hope that it will be useful,
+# Foobar is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
@@ -3469,36 +3463,15 @@
# Check whether --enable-cert1l was given.
if test "${enable_cert1l+set}" = set; then
enableval=$enable_cert1l; test ${enableval} = "yes" && CFLAGS="${CFLAGS} -DCERT1L"; C_CERT1L="1"
-fi
-
-
-
-# Check whether --enable-pcreposix was given.
-if test "${enable_pcreposix+set}" = set; then
- enableval=$enable_pcreposix; C_PCREPOSIX=${enableval}
else
- C_PCREPOSIX=yes
+ C_CERT1L="0"
fi
-# Check whether --enable-tcmalloc was given.
-if test "${enable_tcmalloc+set}" = set; then
- enableval=$enable_tcmalloc; C_TCMALLOC=${enableval}
-else
- C_TCMALLOC=yes
-fi
-
-
-# Check whether --enable-hoard was given.
-if test "${enable_hoard+set}" = set; then
- enableval=$enable_hoard; C_HOARD=${enableval}
-else
- C_HOARD=yes
-fi
-
{ echo "$as_me:$LINENO: *** Checking for libraries ***" >&5
echo "$as_me: *** Checking for libraries ***" >&6;}
+
LIBS="${LIBS} -lm"
{ echo "$as_me:$LINENO: checking for dlopen in -ldl" >&5
@@ -3835,7 +3808,6 @@
echo 'Missing OpenSSL (-lssl) - aborted'; exit 1
fi
-if test x"$C_PCREPOSIX" = xyes; then
{ echo "$as_me:$LINENO: checking for regcomp in -lpcreposix" >&5
echo $ECHO_N "checking for regcomp in -lpcreposix... $ECHO_C" >&6; }
if test "${ac_cv_lib_pcreposix_regcomp+set}" = set; then
@@ -3898,11 +3870,7 @@
{ echo "$as_me:$LINENO: result: $ac_cv_lib_pcreposix_regcomp" >&5
echo "${ECHO_T}$ac_cv_lib_pcreposix_regcomp" >&6; }
if test $ac_cv_lib_pcreposix_regcomp = yes; then
- LIBS="-lpcreposix ${LIBS}";
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_LIBPCREPOSIX 1
-_ACEOF
-
+ LIBS="-lpcreposix ${LIBS}"
else
save_LIBS="$LIBS"
@@ -3969,11 +3937,7 @@
{ echo "$as_me:$LINENO: result: $ac_cv_lib_pcreposix_regexec" >&5
echo "${ECHO_T}$ac_cv_lib_pcreposix_regexec" >&6; }
if test $ac_cv_lib_pcreposix_regexec = yes; then
- LIBS="-lpcreposix -lpcre $save_LIBS";
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_LIBPCREPOSIX 1
-_ACEOF
-
+ LIBS="-lpcreposix -lpcre $save_LIBS"
else
LIBS="$save_LIBS"
fi
@@ -3981,8 +3945,6 @@
fi
-fi
-if test x"$C_TCMALLOC" = xyes; then
{ echo "$as_me:$LINENO: checking for malloc in -ltcmalloc" >&5
echo $ECHO_N "checking for malloc in -ltcmalloc... $ECHO_C" >&6; }
if test "${ac_cv_lib_tcmalloc_malloc+set}" = set; then
@@ -4048,8 +4010,7 @@
LIBS="${LIBS} -ltcmalloc"
fi
-else
-if test x"$C_HOARD" = xyes; then
+if test "${ac_cv_lib_tcmalloc_malloc}" = "no"; then
{ echo "$as_me:$LINENO: checking for malloc in -lhoard" >&5
echo $ECHO_N "checking for malloc in -lhoard... $ECHO_C" >&6; }
if test "${ac_cv_lib_hoard_malloc+set}" = set; then
@@ -4116,7 +4077,6 @@
fi
fi
-fi
{ echo "$as_me:$LINENO: checking for pthread_attr_setstacksize in LIBS=$LIBS with CFLAGS=$CFLAGS" >&5
echo $ECHO_N "checking for pthread_attr_setstacksize in LIBS=$LIBS with CFLAGS=$CFLAGS... $ECHO_C" >&6; }
@@ -7579,7 +7539,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by pound $as_me 2.5, which was
+This file was extended by pound $as_me 2.4.1, which was
generated by GNU Autoconf 2.61. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -7628,7 +7588,7 @@
_ACEOF
cat >>$CONFIG_STATUS <<_ACEOF
ac_cs_version="\\
-pound config.status 2.5
+pound config.status 2.4.1
configured by $0, generated by GNU Autoconf 2.61,
with options \\"`echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\"
|
[-]
[+]
|
Changed |
Pound-2.4.1.tar.bz2/http.c
^
|
@@ -1,6 +1,6 @@
/*
* Pound - the reverse-proxy load-balancer
- * Copyright (C) 2002-2010 Apsis GmbH
+ * Copyright (C) 2002-2007 Apsis GmbH
*
* This file is part of Pound.
*
@@ -9,7 +9,7 @@
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
- * Pound is distributed in the hope that it will be useful,
+ * Foobar is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
@@ -22,6 +22,7 @@
* P.O.Box
* 8707 Uetikon am See
* Switzerland
+ * Tel: +41-44-920 4904
* EMail: roseg@apsis.ch
*/
@@ -52,25 +53,14 @@
static void
redirect_reply(BIO *const c, const char *url, const int code)
{
- char rep[MAXBUF], cont[MAXBUF], *code_msg;
+ char rep[MAXBUF], cont[MAXBUF];
- switch(code) {
- case 301:
- code_msg = "Moved Permanently";
- break;
- case 307:
- code_msg = "Temporary Redirect";
- break;
- default:
- code_msg = "Found";
- break;
- }
snprintf(cont, sizeof(cont),
"<html><head><title>Redirect</title></head><body><h1>Redirect</h1><p>You should go to <a href=\"%s\">%s</a></p></body></html>",
url, url);
snprintf(rep, sizeof(rep),
- "HTTP/1.0 %d %s\r\nLocation: %s\r\nContent-Type: text/html\r\nContent-Length: %d\r\n\r\n",
- code, code_msg, url, strlen(cont));
+ "HTTP/1.0 %d Found\r\nLocation: %s\r\nContent-Type: text/html\r\nContent-Length: %d\r\n\r\n",
+ code, url, strlen(cont));
BIO_write(c, rep, strlen(rep));
BIO_write(c, cont, strlen(cont));
BIO_flush(c);
@@ -125,7 +115,7 @@
case -1:
return 1;
default:
- for(i = n_read; i < bufsize && buf[i]; i++)
+ for(i = n_read; i < bufsize; i++)
if(buf[i] == '\n' || buf[i] == '\r') {
buf[i] = '\0';
return 0;
@@ -442,11 +432,8 @@
#ifdef HAVE_GETTIMEOFDAY
struct timeval tv;
struct timezone tz;
- int sv_errno;
- sv_errno = errno;
gettimeofday(&tv, &tz);
- errno = sv_errno;
return tv.tv_sec * 1000000.0 + tv.tv_usec;
#else
return time(NULL) * 1000000.0;
@@ -486,15 +473,15 @@
int cl_11, be_11, res, chunked, n, sock, no_cont, skip, conn_closed, force_10, sock_proto;
LISTENER *lstn;
SERVICE *svc;
- BACKEND *backend, *cur_backend, *old_backend;
- struct addrinfo from_host, z_addr;
+ BACKEND *backend, *cur_backend;
+ struct addrinfo from_host;
struct sockaddr_storage from_host_addr;
BIO *cl, *be, *bb, *b64;
X509 *x509;
char request[MAXBUF], response[MAXBUF], buf[MAXBUF], url[MAXBUF], loc_path[MAXBUF], **headers,
headers_ok[MAXHEADERS], v_host[MAXBUF], referer[MAXBUF], u_agent[MAXBUF], u_name[MAXBUF],
caddr[MAXBUF], req_time[LOG_TIME_SIZE], s_res_bytes[LOG_BYTES_SIZE], *mh;
- SSL *ssl, *be_ssl;
+ SSL *ssl;
long cont, res_bytes;
regmatch_t matches[4];
struct linger l;
@@ -781,23 +768,12 @@
clean_all();
pthread_exit(NULL);
}
- if(connect_nb(sock, &backend->addr, backend->conn_to) < 0) {
+ if(connect_nb(sock, &backend->addr, backend->to) < 0) {
str_be(buf, MAXBUF - 1, backend);
logmsg(LOG_WARNING, "(%lx) backend %s connect: %s", pthread_self(), buf, strerror(errno));
- shutdown(sock, 2);
close(sock);
- /*
- * kill the back-end only if no HAport is defined for it
- * otherwise allow the HAport mechanism to do its job
- */
- memset(&z_addr, 0, sizeof(z_addr));
- if(memcmp(&(backend->ha_addr), &(z_addr), sizeof(z_addr)) == 0)
- kill_be(svc, backend, BE_KILL);
- /*
- * ...but make sure we don't get into a loop with the same back-end
- */
- old_backend = backend;
- if((backend = get_backend(svc, &from_host, url, &headers[1])) == NULL || backend == old_backend) {
+ kill_be(svc, backend, 0);
+ if((backend = get_backend(svc, &from_host, url, &headers[1])) == NULL) {
addr2str(caddr, MAXBUF - 1, &from_host, 1);
logmsg(LOG_NOTICE, "(%lx) e503 no back-end \"%s\" from %s", pthread_self(), request, caddr);
err_reply(cl, h503, lstn->err503);
@@ -834,35 +810,6 @@
BIO_set_callback_arg(be, (char *)&backend->to);
BIO_set_callback(be, bio_callback);
}
- if(backend->ctx != NULL) {
- if((be_ssl = SSL_new(backend->ctx)) == NULL) {
- logmsg(LOG_WARNING, "(%lx) be SSL_new: failed", pthread_self());
- err_reply(cl, h503, lstn->err503);
- free_headers(headers);
- clean_all();
- pthread_exit(NULL);
- }
- SSL_set_bio(be_ssl, be, be);
- if((bb = BIO_new(BIO_f_ssl())) == NULL) {
- logmsg(LOG_WARNING, "(%lx) BIO_new(Bio_f_ssl()) failed", pthread_self());
- err_reply(cl, h503, lstn->err503);
- free_headers(headers);
- clean_all();
- pthread_exit(NULL);
- }
- BIO_set_ssl(bb, be_ssl, BIO_CLOSE);
- BIO_set_ssl_mode(bb, 1);
- be = bb;
- if(BIO_do_handshake(be) <= 0) {
- str_be(buf, MAXBUF - 1, backend);
- logmsg(LOG_NOTICE, "BIO_do_handshake with %s failed: %s", buf,
- ERR_error_string(ERR_get_error(), NULL));
- err_reply(cl, h503, lstn->err503);
- free_headers(headers);
- clean_all();
- pthread_exit(NULL);
- }
- }
if((bb = BIO_new(BIO_f_buffer())) == NULL) {
logmsg(LOG_WARNING, "(%lx) e503 BIO_new(buffer) server failed", pthread_self());
err_reply(cl, h503, lstn->err503);
@@ -926,7 +873,6 @@
logmsg(LOG_WARNING, "(%lx) e500 error write HTTPSHeader to %s: %s (%.3f sec)",
pthread_self(), buf, strerror(errno), (end_req - start_req) / 1000000.0);
err_reply(cl, h500, lstn->err500);
- free_headers(headers);
clean_all();
pthread_exit(NULL);
}
@@ -937,20 +883,6 @@
if(cur_backend->be_type == 0 && ssl != NULL) {
SSL_CIPHER *cipher;
- if((cipher = SSL_get_current_cipher(ssl)) != NULL) {
- SSL_CIPHER_description(cipher, buf, MAXBUF - 1);
- strip_eol(buf);
- if(BIO_printf(be, "X-SSL-cipher: %s\r\n", buf) <= 0) {
- str_be(buf, MAXBUF - 1, cur_backend);
- end_req = cur_time();
- logmsg(LOG_WARNING, "(%lx) e500 error write X-SSL-cipher to %s: %s (%.3f sec)",
- pthread_self(), buf, strerror(errno), (end_req - start_req) / 1000000.0);
- err_reply(cl, h500, lstn->err500);
- clean_all();
- pthread_exit(NULL);
- }
- }
-
if(lstn->clnt_check > 0 && x509 != NULL && (bb = BIO_new(BIO_s_mem())) != NULL) {
X509_NAME_print_ex(bb, X509_get_subject_name(x509), 8, XN_FLAG_ONELINE & ~ASN1_STRFLGS_ESC_MSB);
get_line(bb, buf, MAXBUF);
@@ -1074,6 +1006,19 @@
}
}
#endif
+ if((cipher = SSL_get_current_cipher(ssl)) != NULL) {
+ SSL_CIPHER_description(cipher, buf, MAXBUF - 1);
+ strip_eol(buf);
+ if(BIO_printf(be, "X-SSL-cipher: %s\r\n", buf) <= 0) {
+ str_be(buf, MAXBUF - 1, cur_backend);
+ end_req = cur_time();
+ logmsg(LOG_WARNING, "(%lx) e500 error write X-SSL-cipher to %s: %s (%.3f sec)",
+ pthread_self(), buf, strerror(errno), (end_req - start_req) / 1000000.0);
+ err_reply(cl, h500, lstn->err500);
+ clean_all();
+ pthread_exit(NULL);
+ }
+ }
BIO_free_all(bb);
}
}
@@ -1142,7 +1087,7 @@
/* if we have a redirector */
if(cur_backend->be_type) {
memset(buf, 0, sizeof(buf));
- if(!cur_backend->redir_req)
+ if(cur_backend->redir_req)
snprintf(buf, sizeof(buf) - 1, "%s%s", cur_backend->url, url);
else
strncpy(buf, cur_backend->url, sizeof(buf) - 1);
@@ -1157,16 +1102,16 @@
break;
case 3:
if(v_host[0])
- logmsg(LOG_INFO, "%s %s - %s [%s] \"%s\" %d 0 \"%s\" \"%s\"", v_host, caddr,
- u_name[0]? u_name: "-", req_time, request, cur_backend->be_type, referer, u_agent);
+ logmsg(LOG_INFO, "%s %s - %s [%s] \"%s\" 302 0 \"%s\" \"%s\"", v_host, caddr,
+ u_name[0]? u_name: "-", req_time, request, referer, u_agent);
else
- logmsg(LOG_INFO, "%s - %s [%s] \"%s\" %d 0 \"%s\" \"%s\"", caddr,
- u_name[0]? u_name: "-", req_time, request, cur_backend->be_type, referer, u_agent);
+ logmsg(LOG_INFO, "%s - %s [%s] \"%s\" 302 0 \"%s\" \"%s\"", caddr,
+ u_name[0]? u_name: "-", req_time, request, referer, u_agent);
break;
case 4:
case 5:
- logmsg(LOG_INFO, "%s - %s [%s] \"%s\" %d 0 \"%s\" \"%s\"", caddr,
- u_name[0]? u_name: "-", req_time, request, cur_backend->be_type, referer, u_agent);
+ logmsg(LOG_INFO, "%s - %s [%s] \"%s\" 302 0 \"%s\" \"%s\"", caddr,
+ u_name[0]? u_name: "-", req_time, request, referer, u_agent);
break;
}
if(!cl_11 || conn_closed || force_10)
@@ -1211,7 +1156,7 @@
break;
case HEADER_LOCATION:
if(v_host[0] && need_rewrite(lstn->rewr_loc, buf, loc_path, lstn, cur_backend)) {
- snprintf(buf, MAXBUF, "Location: %s://%s/%s",
+ snprintf(buf, MAXBUF, "Location: %s://%s%s",
(ssl == NULL? "http": "https"), v_host, loc_path);
free(headers[n]);
if((headers[n] = strdup(buf)) == NULL) {
@@ -1225,7 +1170,7 @@
break;
case HEADER_CONTLOCATION:
if(v_host[0] && need_rewrite(lstn->rewr_loc, buf, loc_path, lstn, cur_backend)) {
- snprintf(buf, MAXBUF, "Content-location: %s://%s/%s",
+ snprintf(buf, MAXBUF, "Content-location: %s://%s%s",
(ssl == NULL? "http": "https"), v_host, loc_path);
free(headers[n]);
if((headers[n] = strdup(buf)) == NULL) {
|
[-]
[+]
|
Changed |
Pound-2.4.1.tar.bz2/pound.8
^
|
@@ -1,4 +1,4 @@
-.TH POUND "8" "Jan 2010" "pound" "System Manager's Manual"
+.TH POUND "8" "May 2002" "pound" "System Manager's Manual"
.SH NAME
pound \- HTTP/HTTPS reverse-proxy and load-balancer
.SH SYNOPSIS
@@ -243,10 +243,6 @@
used).
This value can be overridden for specific listeners.
.TP
-\fBIgnoreCase\fR 0|1
-Ignore case when matching URLs (default: 0). This value can be
-overridden for specific services.
-.TP
\fBDynScale\fR 0|1
Enable or disable the dynamic rescaling code (default: 0). If enabled
.B Pound
@@ -279,13 +275,6 @@
wait for a response from the back-end (in seconds). Default: 15 seconds.
This value can be overridden for specific back-ends.
.TP
-\fBConnTO\fR value
-How long should
-.B Pound
-wait for a connection to the back-end (in seconds). Default: the
-.B TimeOut
-value. This value can be overridden for specific back-ends.
-.TP
\fBGrace\fR value
How long should
.B Pound
@@ -351,8 +340,8 @@
CHECKOUT, MERGE, REPORT).
.IP
.I 3
-additionally allow MS extensions WebDAV verbs (SUBSCRIBE, UNSUBSCRIBE,
-NOTIFY, BPROPFIND, BPROPPATCH, POLL, BMOVE, BCOPY, BDELETE, CONNECT).
+additionally allow MS extensions WebDAV verbs (SUBSCRIBE, BPROPPATCH,
+POLL, BMOVE, BCOPY, BDELETE, CONNECT).
.IP
.I 4
additionally allow MS RPC extensions verbs (RPC_IN_DATA, RPC_OUT_DATA).
@@ -517,14 +506,7 @@
.I URL
conditions per service. If no
.I URL
-was defined then all requests match. The matching is by default case-sensitive,
-but this can be overridden by specifying
-.B IgnoreCase 1
-.TP
-\fBIgnoreCase\fR 0|1
-Override the global
-.B IgnoreCase
-setting.
+was defined then all requests match.
.TP
\fBHeadRequire\fR "pattern"
The request must contain at least on header matching the given pattern.
@@ -562,7 +544,7 @@
.B Pound
will attempt to load-balance between them.
.TP
-\fBRedirect\fR [code] "url"
+\fBRedirect\fR "url"
This is a special type of back-end. Instead of sending the request to a back-end
.B Pound
replies immediately with a redirection to the given URL. You may define multiple
@@ -605,8 +587,7 @@
should reply with a "307 Temporary Redirect" status. Unfortunately, that is not
yet supported by all clients (in particular HTTP 1.0 ones), so
.B Pound
-currently replies by default with a "302 Found" instead. You may override this
-behaviour by specifying the code to be used (301, 302 or 307).
+currently replies with a "302 Found" instead.
.TP
\fBEmergency\fR
Directives enclosed between an
@@ -654,13 +635,6 @@
.B mandatory
parameter for non Unix-domain back-ends.
.TP
-\fBHTTPS\fR [ "cert" ]
-The back-end is using HTTPS. If the optional parameter
-.I cert
-is specified,
-.B Pound
-will present this certificate to the back-end.
-.TP
\fBPriority\fR val
The priority of this back-end (between 1 and 9, 5 is default). Higher priority
back-ends will be used more often than lower priority ones, so you should
@@ -671,11 +645,6 @@
.I TimeOut
value.
.TP
-\fBConnTO\fR val
-Override the global
-.I ConnTO
-value.
-.TP
\fBHAport\fR [ address ] port
A port (and optional address) to be used for server function checks. See below
the "High Availability" section for a more detailed discussion. By default
@@ -1159,7 +1128,7 @@
.SH "REPORTING BUGS"
Report bugs to <roseg@apsis.ch>.
.SH COPYRIGHT
-Copyright \(co 2002-2010 Apsis GmbH.
+Copyright \(co 2002-2006 Apsis GmbH.
.br
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
[-]
[+]
|
Changed |
Pound-2.4.1.tar.bz2/pound.c
^
|
@@ -1,6 +1,6 @@
/*
* Pound - the reverse-proxy load-balancer
- * Copyright (C) 2002-2010 Apsis GmbH
+ * Copyright (C) 2002-2007 Apsis GmbH
*
* This file is part of Pound.
*
@@ -9,7 +9,7 @@
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
- * Pound is distributed in the hope that it will be useful,
+ * Foobar is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
@@ -22,6 +22,7 @@
* P.O.Box
* 8707 Uetikon am See
* Switzerland
+ * Tel: +41-44-920 4904
* EMail: roseg@apsis.ch
*/
|
[-]
[+]
|
Changed |
Pound-2.4.1.tar.bz2/pound.h
^
|
@@ -1,6 +1,6 @@
/*
* Pound - the reverse-proxy load-balancer
- * Copyright (C) 2002-2010 Apsis GmbH
+ * Copyright (C) 2002-2007 Apsis GmbH
*
* This file is part of Pound.
*
@@ -9,7 +9,7 @@
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
- * Pound is distributed in the hope that it will be useful,
+ * Foobar is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
@@ -22,6 +22,7 @@
* P.O.Box
* 8707 Uetikon am See
* Switzerland
+ * Tel: +41-44-920 4904
* EMail: roseg@apsis.ch
*/
@@ -96,11 +97,6 @@
#error "Pound needs sys/un.h"
#endif
-#ifndef UNIX_PATH_MAX
-/* on Linux this is defined in linux/un.h rather than sys/un.h - go figure */
-#define UNIX_PATH_MAX 108
-#endif
-
#if HAVE_NETINET_IN_H
#include <netinet/in.h>
#else
@@ -179,14 +175,10 @@
#error "Pound needs signal.h"
#endif
-#if HAVE_LIBPCREPOSIX
#if HAVE_PCREPOSIX_H
#include <pcreposix.h>
#elif HAVE_PCRE_PCREPOSIX
#include <pcre/pcreposix.h>
-#else
-#error "You have libpcreposix, but the header files are missing. Use --disable-pcreposix"
-#endif
#elif HAVE_REGEX_H
#include <regex.h>
#else
@@ -268,7 +260,7 @@
#endif /* NO_EXTERNALS */
#ifndef MAXBUF
-#define MAXBUF 4096
+#define MAXBUF 1024
#endif
#define MAXHEADERS 128
@@ -292,15 +284,13 @@
/* back-end definition */
typedef struct _backend {
- int be_type; /* 0 if real back-end, otherwise code (301, 302/default, 307) */
+ int be_type; /* 0 if real back-end, other wise code (301, 302/default, 307) */
struct addrinfo addr; /* IPv4/6 address */
int priority; /* priority */
- int to; /* read/write time-out */
- int conn_to; /* connection time-out */
+ int to;
struct addrinfo ha_addr; /* HA address/port */
char *url; /* for redirectors */
int redir_req; /* the redirect should include the request path */
- SSL_CTX *ctx; /* CTX for SSL connections */
pthread_mutex_t mut; /* mutex for this back-end */
int n_requests; /* number of requests seen */
double t_requests; /* time to answer these requests */
@@ -335,8 +325,8 @@
pthread_mutex_t mut; /* mutex for this service */
SESS_TYPE sess_type;
int sess_ttl; /* session time-to-live */
- regex_t sess_start; /* pattern to identify the session data */
regex_t sess_pat; /* pattern to match the session data */
+ char *sess_parm; /* session cookie or parameter */
LHASH *sessions; /* currently active sessions */
int dynscale; /* true if the back-ends should be dynamically rescaled */
int disabled; /* true if the service is disabled */
@@ -481,9 +471,6 @@
*/
extern int check_header(const char *, char *);
-#define BE_DISABLE -1
-#define BE_KILL 1
-#define BE_ENABLE 0
/*
* mark a backend host as dead;
* do nothing if no resurection code is active
@@ -526,7 +513,7 @@
*/
#define N_RSA_KEYS 11
#ifndef T_RSA_KEYS
-#define T_RSA_KEYS 1800
+#define T_RSA_KEYS 300
#endif
/*
@@ -535,11 +522,6 @@
extern RSA *RSA_tmp_callback(SSL *, int, int);
/*
- * return a pre-generated RSA key
- */
-extern DH *DH_tmp_callback(SSL *, int, int);
-
-/*
* expiration stuff
*/
#ifndef EXPIRE_TO
|
[-]
[+]
|
Changed |
Pound-2.4.1.tar.bz2/poundctl.8
^
|
@@ -1,9 +1,9 @@
-.TH POUNDCTL "8" "Jan 2010" "poundctl" "System Manager's Manual"
+.TH POUNDCTL "8" "October 2006" "poundctl" "System Manager's Manual"
.SH NAME
poundctl \- control the pound(8) daemon
.SH SYNOPSIS
.TP
-.B poundctl \fI-c /path/to/socket\fR [\fI-L/-l\fR] [\fI-S/-s\fR] [\fI-B/-b\fR] [\fI-N/-n\fR] [\fI-H\fR] [\fI-X\fR]
+.B poundctl \fI-c /path/to/socket\fR [\fI-L/-l\fR] [\fI-S/-s\fR] [\fI-B/-b\fR] [\fI-N/-n\fR]
.SH DESCRIPTION
.PP
.B Poundctl
@@ -48,13 +48,6 @@
The parameters n, m and r refer to the number assigned to a particular listener,
service and back-end in the listings. A listener number of -1 refers by convention
to the global context.
-.TP
-\fB\-H\fR
-Try to resolve the addresses to symbolic names. Depending on your configuration,
-this may require an active DNS.
-.TP
-\fB\-X\fR
-Show the results in XML format.
.PP
When called without flags
.B poundctl
@@ -66,7 +59,7 @@
.SH "REPORTING BUGS"
Report bugs to <roseg@apsis.ch>.
.SH COPYRIGHT
-Copyright \(co 2002-2010 Apsis GmbH.
+Copyright \(co 2002-2006 Apsis GmbH.
.br
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
[-]
[+]
|
Changed |
Pound-2.4.1.tar.bz2/poundctl.c
^
|
@@ -1,6 +1,6 @@
/*
* Pound - the reverse-proxy load-balancer
- * Copyright (C) 2002-2010 Apsis GmbH
+ * Copyright (C) 2002-2007 Apsis GmbH
*
* This file is part of Pound.
*
@@ -9,7 +9,7 @@
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
- * Pound is distributed in the hope that it will be useful,
+ * Foobar is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
@@ -22,13 +22,13 @@
* P.O.Box
* 8707 Uetikon am See
* Switzerland
+ * Tel: +41-44-920 4904
* EMail: roseg@apsis.ch
*/
#define NO_EXTERNALS 1
#include "pound.h"
static int xml_out = 0;
-static int host_names = 0;
static void
usage(const char *arg0)
@@ -45,8 +45,7 @@
fprintf(stderr, "\t-n n m k - remove a session with key k r in service m in listener n\n");
fprintf(stderr, "\n");
fprintf(stderr, "\tentering the command without arguments lists the current configuration.\n");
- fprintf(stderr, "\tthe -X flag results in XML output.\n");
- fprintf(stderr, "\tthe -H flag shows symbolic host names instead of addresses.\n");
+ fprintf(stderr, "\tthe -X flags results in XML output.\n");
exit(1);
}
@@ -56,40 +55,36 @@
static char *
prt_addr(const struct addrinfo *addr)
{
- static char res[UNIX_PATH_MAX];
- char buf[UNIX_PATH_MAX];
+ static char res[64];
+ char buf[64];
int port;
void *src;
- memset(buf, 0, UNIX_PATH_MAX);
+ memset(buf, 0, 64);
#ifdef HAVE_INET_NTOP
switch(addr->ai_family) {
case AF_INET:
src = (void *)&((struct sockaddr_in *)addr->ai_addr)->sin_addr.s_addr;
port = ntohs(((struct sockaddr_in *)addr->ai_addr)->sin_port);
- if(host_names && !getnameinfo(addr->ai_addr, addr->ai_addrlen, buf, UNIX_PATH_MAX - 1, NULL, 0, 0))
- break;
- if(inet_ntop(AF_INET, src, buf, UNIX_PATH_MAX - 1) == NULL)
- strncpy(buf, "(UNKNOWN)", UNIX_PATH_MAX - 1);
+ if(inet_ntop(AF_INET, src, buf, 63) == NULL)
+ strncpy(buf, "(UNKNOWN)", 63);
break;
case AF_INET6:
src = (void *)&((struct sockaddr_in6 *)addr->ai_addr)->sin6_addr.s6_addr;
port = ntohs(((struct sockaddr_in6 *)addr->ai_addr)->sin6_port);
- if(host_names && !getnameinfo(addr->ai_addr, addr->ai_addrlen, buf, UNIX_PATH_MAX - 1, NULL, 0, 0))
- break;
- if(inet_ntop(AF_INET6, src, buf, UNIX_PATH_MAX - 1) == NULL)
- strncpy(buf, "(UNKNOWN)", UNIX_PATH_MAX - 1);
+ if(inet_ntop(AF_INET6, src, buf, 63) == NULL)
+ strncpy(buf, "(UNKNOWN)", 63);
break;
case AF_UNIX:
- strncpy(buf, (char *)addr->ai_addr, UNIX_PATH_MAX - 1);
+ strncpy(buf, (char *)addr->ai_addr, 63);
port = 0;
break;
default:
- strncpy(buf, "(UNKNOWN)", UNIX_PATH_MAX - 1);
+ strncpy(buf, "(UNKNOWN)", 63);
port = 0;
break;
}
- snprintf(res, UNIX_PATH_MAX - 1, "%s:%d", buf, port);
+ snprintf(res, 63, "%s:%d", buf, port);
#else
#error "Pound needs inet_ntop()"
#endif
@@ -114,10 +109,9 @@
be.ha_addr.ai_addr = (struct sockaddr *)&h;
}
if(xml_out)
- printf("<backend index=\"%d\" address=\"%s\" avg=\"%.3f\" priority=\"%d\" alive=\"%s\" status=\"%s\" />\n",
- n_be++,
- prt_addr(&be.addr), be.t_average / 1000000, be.priority, be.alive? "yes": "DEAD",
- be.disabled? "DISABLED": "active");
+ printf("<backend index=\"%d\" address=\"%s\" average=\"%.3f\" priority=\"%d\"%s%s />\n", n_be++,
+ prt_addr(&be.addr), be.t_average / 1000000, be.priority, be.alive? "": " DEAD",
+ be.disabled? " DISABLED": "");
else
printf(" %3d. Backend %s %s (%d %.3f sec) %s\n", n_be++, prt_addr(&be.addr),
be.disabled? "DISABLED": "active", be.priority, be.t_average / 1000000, be.alive? "alive": "DEAD");
@@ -151,7 +145,7 @@
escaped[j++] = '"';
} else
escaped[j++] = buf[i];
- escaped[j] = '\0';
+ buf[j] = '\0';
printf("<session index=\"%d\" key=\"%s\" backend=\"%d\" />\n", n_sess++, escaped, n_be);
} else
printf(" %3d. Session %s -> %d\n", n_sess++, buf, n_be);
@@ -171,8 +165,7 @@
break;
if(xml_out) {
if(svc.name[0])
- printf("<service index=\"%d\" name=\"%s\" status=\"%s\">\n",
- n_svc++, svc.name, svc.disabled? "DISABLED": "active");
+ printf("<service index=\"%d\" name=\"%s\"%s>\n", n_svc++, svc.name, svc.disabled? " DISABLED": "");
else
printf("<service index=\"%d\"%s>\n", n_svc++, svc.disabled? " DISABLED": "");
} else {
@@ -228,7 +221,7 @@
memset(&cmd, 0, sizeof(cmd));
opterr = 0;
i = 0;
- while(!i && (c_opt = getopt(argc, argv, "c:LlSsBbNnXH")) > 0)
+ while(!i && (c_opt = getopt(argc, argv, "c:LlSsBbNnX")) > 0)
switch(c_opt) {
case 'c':
sock_name = optarg;
@@ -276,9 +269,6 @@
usage(arg0);
d_sess = is_set = 1;
break;
- case 'H':
- host_names = 1;
- break;
default:
if(optopt == '1') {
optind--;
@@ -350,9 +340,8 @@
read(sock, &a, lstn.addr.ai_addrlen);
lstn.addr.ai_addr = (struct sockaddr *)&a;
if(xml_out)
- printf("<listener index=\"%d\" protocol=\"%s\" address=\"%s\" status=\"%s\">\n",
- n_lstn++, lstn.ctx? "HTTPS": "http",
- prt_addr(&lstn.addr), lstn.disabled? "DISABLED": "active");
+ printf("<listener index=\"%d\" %s address=\"%s\"%s>\n", n_lstn++, lstn.ctx? "HTTPS": "HTTP",
+ prt_addr(&lstn.addr), lstn.disabled? " DISABLED": "");
else
printf("%3d. %s Listener %s %s\n", n_lstn++, lstn.ctx? "HTTPS" : "http",
prt_addr(&lstn.addr), lstn.disabled? "*D": "a");
|
[-]
[+]
|
Changed |
Pound-2.4.1.tar.bz2/svc.c
^
|
@@ -1,6 +1,6 @@
/*
* Pound - the reverse-proxy load-balancer
- * Copyright (C) 2002-2010 Apsis GmbH
+ * Copyright (C) 2002-2007 Apsis GmbH
*
* This file is part of Pound.
*
@@ -9,7 +9,7 @@
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
- * Pound is distributed in the hope that it will be useful,
+ * Foobar is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
@@ -22,6 +22,7 @@
* P.O.Box
* 8707 Uetikon am See
* Switzerland
+ * Tel: +41-44-920 4904
* EMail: roseg@apsis.ch
*/
@@ -73,10 +74,8 @@
TABNODE t, *res;
t.key = key;
- if((res = (TABNODE *)lh_retrieve(tab, &t)) != NULL) {
- res->last_acc = time(NULL);
+ if((res = (TABNODE *)lh_retrieve(tab, &t)) != NULL)
return res->content;
- }
return NULL;
}
@@ -140,7 +139,7 @@
ALL_ARG *a;
a = (ALL_ARG *)arg;
- if(memcmp(t->content, a->content, a->cont_len) == 0)
+ if(memcmp(t->content, a->content, a->cont_len))
lh_delete(a->tab, t);
return;
}
@@ -367,21 +366,16 @@
static int
get_REQUEST(char *res, const SERVICE *svc, const char *request)
{
- int n, s;
+ int n;
regmatch_t matches[4];
- if(regexec(&svc->sess_start, request, 4, matches, 0)) {
- res[0] = '\0';
- return 0;
- }
- s = matches[0].rm_eo;
- if(regexec(&svc->sess_pat, request + s, 4, matches, 0)) {
+ if(regexec(&svc->sess_pat, request, 4, matches, 0)) {
res[0] = '\0';
return 0;
}
if((n = matches[1].rm_eo - matches[1].rm_so) > KEY_SIZE)
n = KEY_SIZE;
- strncpy(res, request + s + matches[1].rm_so, n);
+ strncpy(res, request + matches[1].rm_so, n);
res[n] = '\0';
return 1;
}
@@ -389,7 +383,7 @@
static int
get_HEADERS(char *res, const SERVICE *svc, char **const headers)
{
- int i, n, s;
+ int i, n;
regmatch_t matches[4];
/* this will match SESS_COOKIE, SESS_HEADER and SESS_BASIC */
@@ -397,14 +391,11 @@
for(i = 0; i < (MAXHEADERS - 1); i++) {
if(headers[i] == NULL)
continue;
- if(regexec(&svc->sess_start, headers[i], 4, matches, 0))
- continue;
- s = matches[0].rm_eo;
- if(regexec(&svc->sess_pat, headers[i] + s, 4, matches, 0))
+ if(regexec(&svc->sess_pat, headers[i], 4, matches, 0))
continue;
if((n = matches[1].rm_eo - matches[1].rm_so) > KEY_SIZE)
n = KEY_SIZE;
- strncpy(res, headers[i] + s + matches[1].rm_so, n);
+ strncpy(res, headers[i] + matches[1].rm_so, n);
res[n] = '\0';
}
return res[0] != '\0';
@@ -488,7 +479,7 @@
case SESS_IP:
addr2str(key, KEY_SIZE, from_host, 1);
if(svc->sess_ttl < 0)
- res = hash_backend(svc->backends, svc->abs_pri, key);
+ return hash_backend(svc->backends, svc->abs_pri, key);
else if((vp = t_find(svc->sessions, key)) == NULL) {
/* no session yet - create one */
res = rand_backend(svc->backends, random() % svc->tot_pri);
@@ -500,7 +491,7 @@
case SESS_PARM:
if(get_REQUEST(key, svc, request)) {
if(svc->sess_ttl < 0)
- res = hash_backend(svc->backends, svc->abs_pri, key);
+ return hash_backend(svc->backends, svc->abs_pri, key);
else if((vp = t_find(svc->sessions, key)) == NULL) {
/* no session yet - create one */
res = rand_backend(svc->backends, random() % svc->tot_pri);
@@ -515,7 +506,7 @@
/* this works for SESS_BASIC, SESS_HEADER and SESS_COOKIE */
if(get_HEADERS(key, svc, headers)) {
if(svc->sess_ttl < 0)
- res = hash_backend(svc->backends, svc->abs_pri, key);
+ return hash_backend(svc->backends, svc->abs_pri, key);
else if((vp = t_find(svc->sessions, key)) == NULL) {
/* no session yet - create one */
res = rand_backend(svc->backends, random() % svc->tot_pri);
@@ -561,41 +552,32 @@
* disable_only == -1: mark as enabled
*/
void
-kill_be(SERVICE *const svc, const BACKEND *be, const int disable_mode)
+kill_be(SERVICE *const svc, const BACKEND *be, const int disable_only)
{
BACKEND *b;
int ret_val;
- char buf[MAXBUF];
if(ret_val = pthread_mutex_lock(&svc->mut))
logmsg(LOG_WARNING, "kill_be() lock: %s", strerror(ret_val));
svc->tot_pri = 0;
for(b = svc->backends; b; b = b->next) {
if(b == be)
- switch(disable_mode) {
- case BE_DISABLE:
+ switch(disable_only) {
+ case 1:
b->disabled = 1;
- str_be(buf, MAXBUF - 1, b);
- logmsg(LOG_NOTICE, "(%lx) BackEnd %s disabled", pthread_self(), buf);
- break;
- case BE_KILL:
- b->alive = 0;
- str_be(buf, MAXBUF - 1, b);
- logmsg(LOG_NOTICE, "(%lx) BackEnd %s dead (killed)", pthread_self(), buf);
- t_clean(svc->sessions, &be, sizeof(be));
break;
- case BE_ENABLE:
- str_be(buf, MAXBUF - 1, b);
- logmsg(LOG_NOTICE, "(%lx) BackEnd %s enabled", pthread_self(), buf);
+ case -1:
b->disabled = 0;
break;
default:
- logmsg(LOG_WARNING, "kill_be(): unknown mode %d", disable_mode);
+ b->alive = 0;
break;
}
if(b->alive && !b->disabled)
svc->tot_pri += b->priority;
}
+ if(disable_only >= 0)
+ t_clean(svc->sessions, &be, sizeof(be));
if(ret_val = pthread_mutex_unlock(&svc->mut))
logmsg(LOG_WARNING, "kill_be() unlock: %s", strerror(ret_val));
return;
@@ -632,15 +614,10 @@
get_host(char *const name, struct addrinfo *res)
{
struct addrinfo *chain, *ap;
- struct addrinfo hints;
int ret_val;
#ifdef HAVE_INET_NTOP
- memset (&hints, 0, sizeof(hints));
- hints.ai_family = PF_UNSPEC;
- hints.ai_socktype = SOCK_STREAM;
- hints.ai_flags = AI_CANONNAME;
- if((ret_val = getaddrinfo(name, NULL, &hints, &chain)) == 0) {
+ if((ret_val = getaddrinfo(name, NULL, NULL, &chain)) == 0) {
for(ap = chain; ap != NULL; ap = ap->ai_next)
if(ap->ai_socktype == SOCK_STREAM)
break;
@@ -763,8 +740,8 @@
* check if the Location points to the Listener but with the wrong port or protocol
*/
if(memcmp(&be_addr.sin_addr.s_addr, &in_addr.sin_addr.s_addr, sizeof(in_addr.sin_addr.s_addr)) == 0
- && (memcmp(&be_addr.sin_port, &in_addr.sin_port, sizeof(in_addr.sin_port)) != 0
- || strcasecmp(proto, (lstn->ctx == NULL)? "http": "https"))) {
+ && (memcmp(&be_addr.sin_port, &in_addr.sin_port, sizeof(in_addr.sin_port) != 0
+ || strcasecmp(proto, (lstn->ctx == NULL)? "http": "https")))) {
free(addr.ai_addr);
return 1;
}
@@ -775,8 +752,8 @@
* check if the Location points to the Listener but with the wrong port or protocol
*/
if(memcmp(&be6_addr.sin6_addr.s6_addr, &in6_addr.sin6_addr.s6_addr, sizeof(in6_addr.sin6_addr.s6_addr)) == 0
- && (memcmp(&be6_addr.sin6_port, &in6_addr.sin6_port, sizeof(in6_addr.sin6_port)) != 0
- || strcasecmp(proto, (lstn->ctx == NULL)? "http": "https"))) {
+ && (memcmp(&be6_addr.sin6_port, &in6_addr.sin6_port, sizeof(in6_addr.sin6_port) != 0
+ || strcasecmp(proto, (lstn->ctx == NULL)? "http": "https")))) {
free(addr.ai_addr);
return 1;
}
@@ -904,8 +881,8 @@
default:
continue;
}
- if(connect_nb(sock, &be->ha_addr, be->conn_to) != 0) {
- kill_be(svc, be, BE_KILL);
+ if(connect_nb(sock, &be->ha_addr, be->to) != 0) {
+ kill_be(svc, be, 0);
str_be(buf, MAXBUF - 1, be);
logmsg(LOG_NOTICE, "BackEnd %s is dead (HA)", buf);
}
@@ -940,8 +917,8 @@
default:
continue;
}
- if(connect_nb(sock, &be->ha_addr, be->conn_to) != 0) {
- kill_be(svc, be, BE_KILL);
+ if(connect_nb(sock, &be->ha_addr, be->to) != 0) {
+ kill_be(svc, be, 0);
str_be(buf, MAXBUF - 1, be);
logmsg(LOG_NOTICE, "BackEnd %s is dead (HA)", buf);
}
@@ -995,7 +972,7 @@
}
addr = &be->ha_addr;
}
- if(connect_nb(sock, addr, be->conn_to) == 0) {
+ if(connect_nb(sock, addr, be->to) == 0) {
be->resurrect = 1;
modified = 1;
}
@@ -1064,7 +1041,7 @@
}
addr = &be->ha_addr;
}
- if(connect_nb(sock, addr, be->conn_to) == 0) {
+ if(connect_nb(sock, addr, be->to) == 0) {
be->resurrect = 1;
modified = 1;
}
@@ -1296,38 +1273,20 @@
do_RSAgen(void)
{
int n, ret_val;
- RSA *t_RSA512_keys[N_RSA_KEYS];
- RSA *t_RSA1024_keys[N_RSA_KEYS];
- for(n = 0; n < N_RSA_KEYS; n++) {
- t_RSA512_keys[n] = RSA_generate_key(512, RSA_F4, NULL, NULL);
- t_RSA1024_keys[n] = RSA_generate_key(1024, RSA_F4, NULL, NULL);
- }
if(ret_val = pthread_mutex_lock(&RSA_mut))
logmsg(LOG_WARNING, "thr_RSAgen() lock: %s", strerror(ret_val));
for(n = 0; n < N_RSA_KEYS; n++) {
RSA_free(RSA512_keys[n]);
- RSA512_keys[n] = t_RSA512_keys[n];
+ RSA512_keys[n] = RSA_generate_key(512, RSA_F4, NULL, NULL);
RSA_free(RSA1024_keys[n]);
- RSA1024_keys[n] = t_RSA1024_keys[n];
+ RSA1024_keys[n] = RSA_generate_key(1024, RSA_F4, NULL, NULL);
}
if(ret_val = pthread_mutex_unlock(&RSA_mut))
logmsg(LOG_WARNING, "thr_RSAgen() unlock: %s", strerror(ret_val));
return;
}
-#include "dh512.h"
-#include "dh1024.h"
-
-DH *
-DH_tmp_callback(/* not used */SSL *s, /* not used */int is_export, int keylength)
-{
- if(keylength == 512)
- return get_dh512();
- else
- return get_dh1024();
-}
-
static time_t last_RSA, last_rescale, last_alive, last_expire;
/*
@@ -1385,19 +1344,19 @@
if((n_remain = n_wait - (cur_time - last_time)) > 0)
sleep(n_remain);
last_time = time(NULL);
- if((last_time - last_RSA) >= T_RSA_KEYS) {
+ if((last_time - last_RSA) > T_RSA_KEYS) {
last_RSA = time(NULL);
do_RSAgen();
}
- if((last_time - last_rescale) >= RESCALE_TO) {
+ if((last_time - last_rescale) > RESCALE_TO) {
last_rescale = time(NULL);
do_rescale();
}
- if((last_time - last_alive) >= alive_to) {
+ if((last_time - last_alive) > alive_to) {
last_alive = time(NULL);
do_resurect();
}
- if((last_time - last_expire) >= EXPIRE_TO) {
+ if((last_time - last_expire) > EXPIRE_TO) {
last_expire = time(NULL);
do_expire();
}
@@ -1431,7 +1390,6 @@
write(a->control_sock, t->key, sz);
return;
}
-
IMPLEMENT_LHASH_DOALL_ARG_FN(t_dump, TABNODE *, void *)
/*
@@ -1626,7 +1584,7 @@
if((be = sel_be(&cmd)) == NULL)
logmsg(LOG_INFO, "thr_control() bad backend %d/%d/%d", cmd.listener, cmd.service, cmd.backend);
else
- kill_be(svc, be, BE_ENABLE);
+ kill_be(svc, be, -1);
break;
case CTRL_DE_BE:
if((svc = sel_svc(&cmd)) == NULL) {
@@ -1636,7 +1594,7 @@
if((be = sel_be(&cmd)) == NULL)
logmsg(LOG_INFO, "thr_control() bad backend %d/%d/%d", cmd.listener, cmd.service, cmd.backend);
else
- kill_be(svc, be, BE_DISABLE);
+ kill_be(svc, be, 1);
break;
case CTRL_ADD_SESS:
if((svc = sel_svc(&cmd)) == NULL) {
|
[-]
[+]
|
Changed |
Pound-2.4.3.tar.bz2/CHANGELOG
^
|
@@ -1,41 +1,4 @@
------------------------------------------------------------------------
-r61 | roseg | 2009-06-29 17:53:55 +0200 (Mon, 29 Jun 2009) | 13 lines
-
-Release 2.4.5
-
-Stable release 2.4.5
-
-Enhancements:
- - log back-end killed/disabled/enabled (thanks to Joe Gooch and Jon Garvin)
- - kill a BE on connection failure only if it has no HAport defined (thanks to Albert); the request may still fail!
-
-Bug fixes:
- - fixed parantheses problems in need_rewrite (thanks to SBR)
- - added call to free_headers in http.c (thanks to SBR)
- - fixed maximal path length in UNIX domain sockets (thanks to Ricardo Gameiro)
-
-------------------------------------------------------------------------
-r60 | roseg | 2009-01-14 17:39:52 +0100 (Wed, 14 Jan 2009) | 18 lines
-
-Release 2.4.4
-
-Stable release 2.4.4
-
-Enhancements:
- - added support for UNSUBSCRIBE and NOTIFY in xHTTP 3 and 4
- - added support for BPROPFIND in xHTTP 4
- - on SSL connections always pass the cipher used to the back-end (thanks to Magnus Sandin)
-
-Bug fixes:
- - save and restore errno value in cur_time() (thanks to Albert)
- - fixed problem in timer thread (thanks to Albert)
- - added shutdown for failed socket connection (thanks to Albert)
- - fixed problem with CC containing spaces in Makefile.in (thanks to Elan Ruusamäe)
- - increased MAXBUF to default 4096
- - increased T_RSA default to 30 minutes
- - fixed a problem with Unix sockets back-ends (thanks to Ricardo Gameiro)
-
-------------------------------------------------------------------------
r59 | roseg | 2008-05-31 12:25:41 +0200 (Sat, 31 May 2008) | 11 lines
Release 2.4.3
|
[-]
[+]
|
Changed |
Pound-2.4.3.tar.bz2/Makefile.in
^
|
@@ -24,7 +24,7 @@
# Tel: +41-44-920 4904
# EMail: roseg@apsis.ch
-CC=@PTHREAD_CC@
+CC="@PTHREAD_CC@"
VERSION="@PACKAGE_VERSION@"
C_SSL="@C_SSL@"
C_T_RSA="@C_T_RSA@"
|
[-]
[+]
|
Changed |
Pound-2.4.3.tar.bz2/README
^
|
@@ -128,7 +128,7 @@
--disable-super -- disable supervisor process (default: enabled)
--with-t_rsa=nnn -- timeout of the RSA ephemeral keys regeneration
- (default: 1800 seconds).
+ (default: 300 seconds).
--with-owner=owner -- name of installed binaries owner (default is
system-dependent).
|
[-]
[+]
|
Changed |
Pound-2.4.3.tar.bz2/config.c
^
|
@@ -86,8 +86,8 @@
"^(GET|POST|HEAD) ([^ ]+) HTTP/1.[01]$",
"^(GET|POST|HEAD|PUT|DELETE) ([^ ]+) HTTP/1.[01]$",
"^(GET|POST|HEAD|PUT|DELETE|LOCK|UNLOCK|PROPFIND|PROPPATCH|SEARCH|MKCOL|MOVE|COPY|OPTIONS|TRACE|MKACTIVITY|CHECKOUT|MERGE|REPORT) ([^ ]+) HTTP/1.[01]$",
- "^(GET|POST|HEAD|PUT|DELETE|LOCK|UNLOCK|PROPFIND|PROPPATCH|SEARCH|MKCOL|MOVE|COPY|OPTIONS|TRACE|MKACTIVITY|CHECKOUT|MERGE|REPORT|SUBSCRIBE|UNSUBSCRIBE|BPROPPATCH|POLL|BMOVE|BCOPY|BDELETE|BPROPFIND|NOTIFY|CONNECT) ([^ ]+) HTTP/1.[01]$",
- "^(GET|POST|HEAD|PUT|DELETE|LOCK|UNLOCK|PROPFIND|PROPPATCH|SEARCH|MKCOL|MOVE|COPY|OPTIONS|TRACE|MKACTIVITY|CHECKOUT|MERGE|REPORT|SUBSCRIBE|UNSUBSCRIBE|BPROPPATCH|POLL|BMOVE|BCOPY|BDELETE|BPROPFIND|NOTIFY|CONNECT|RPC_IN_DATA|RPC_OUT_DATA) ([^ ]+) HTTP/1.[01]$",
+ "^(GET|POST|HEAD|PUT|DELETE|LOCK|UNLOCK|PROPFIND|PROPPATCH|SEARCH|MKCOL|MOVE|COPY|OPTIONS|TRACE|MKACTIVITY|CHECKOUT|MERGE|REPORT|SUBSCRIBE|BPROPPATCH|POLL|BMOVE|BCOPY|BDELETE|CONNECT) ([^ ]+) HTTP/1.[01]$",
+ "^(GET|POST|HEAD|PUT|DELETE|LOCK|UNLOCK|PROPFIND|PROPPATCH|SEARCH|MKCOL|MOVE|COPY|OPTIONS|TRACE|MKACTIVITY|CHECKOUT|MERGE|REPORT|SUBSCRIBE|BPROPPATCH|POLL|BMOVE|BCOPY|BDELETE|CONNECT|RPC_IN_DATA|RPC_OUT_DATA) ([^ ]+) HTTP/1.[01]$",
};
static int log_level = 1;
@@ -140,18 +140,11 @@
res->addr.ai_socktype = SOCK_STREAM;
res->addr.ai_family = AF_UNIX;
res->addr.ai_protocol = 0;
- if((res->addr.ai_addr = (struct sockaddr *)malloc(sizeof(struct sockaddr_un))) == NULL) {
+ if((res->addr.ai_addr = (struct sockaddr *)strdup(lin + matches[1].rm_so)) == NULL) {
logmsg(LOG_ERR, "line %d: out of memory", n_lin);
exit(1);
}
- if((strlen(lin + matches[1].rm_so) + 1) > UNIX_PATH_MAX) {
- logmsg(LOG_ERR, "line %d: UNIX path name too long (greater than %d)", n_lin, UNIX_PATH_MAX - 1);
- exit(1);
- }
res->addr.ai_addrlen = strlen(lin + matches[1].rm_so) + 1;
- res->addr.ai_addr->sa_family = AF_UNIX;
- strcpy(res->addr.ai_addr->sa_data, lin + matches[1].rm_so);
- res->addr.ai_addrlen = sizeof( struct sockaddr_un );
}
has_addr = 1;
} else if(!regexec(&Port, lin, 4, matches, 0)) {
|
[-]
[+]
|
Changed |
Pound-2.4.3.tar.bz2/configure
^
|
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.61 for pound 2.4.5.
+# Generated by GNU Autoconf 2.61 for pound 2.4.3.
#
# Report bugs to <roseg@apsis.ch>.
#
@@ -574,8 +574,8 @@
# Identity of this package.
PACKAGE_NAME='pound'
PACKAGE_TARNAME='pound'
-PACKAGE_VERSION='2.4.5'
-PACKAGE_STRING='pound 2.4.5'
+PACKAGE_VERSION='2.4.3'
+PACKAGE_STRING='pound 2.4.3'
PACKAGE_BUGREPORT='roseg@apsis.ch'
ac_unique_file="pound.c"
@@ -1204,7 +1204,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures pound 2.4.5 to adapt to many kinds of systems.
+\`configure' configures pound 2.4.3 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1270,7 +1270,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of pound 2.4.5:";;
+ short | recursive ) echo "Configuration of pound 2.4.3:";;
esac
cat <<\_ACEOF
@@ -1287,7 +1287,7 @@
--without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
--with-ssl=directory location of OpenSSL package
--with-t_rsa=nnn Time-out for RSA ephemeral keys generation
- --with-maxbuf=nnn Value of the MAXBUF parameter (default: 4096)
+ --with-maxbuf=nnn Value of the MAXBUF parameter (default: 1024)
--with-owner=name The account that will own the files installed by
Pound
--with-group=name The group that will own the files installed by Pound
@@ -1366,7 +1366,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-pound configure 2.4.5
+pound configure 2.4.3
generated by GNU Autoconf 2.61
Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
@@ -1380,7 +1380,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by pound $as_me 2.4.5, which was
+It was created by pound $as_me 2.4.3, which was
generated by GNU Autoconf 2.61. Invocation command line was
$ $0 $@
@@ -7539,7 +7539,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by pound $as_me 2.4.5, which was
+This file was extended by pound $as_me 2.4.3, which was
generated by GNU Autoconf 2.61. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -7588,7 +7588,7 @@
_ACEOF
cat >>$CONFIG_STATUS <<_ACEOF
ac_cs_version="\\
-pound config.status 2.4.5
+pound config.status 2.4.3
configured by $0, generated by GNU Autoconf 2.61,
with options \\"`echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\"
|
[-]
[+]
|
Changed |
Pound-2.4.3.tar.bz2/http.c
^
|
@@ -443,11 +443,8 @@
#ifdef HAVE_GETTIMEOFDAY
struct timeval tv;
struct timezone tz;
- int sv_errno;
- sv_errno = errno;
gettimeofday(&tv, &tz);
- errno = sv_errno;
return tv.tv_sec * 1000000.0 + tv.tv_usec;
#else
return time(NULL) * 1000000.0;
@@ -487,8 +484,8 @@
int cl_11, be_11, res, chunked, n, sock, no_cont, skip, conn_closed, force_10, sock_proto;
LISTENER *lstn;
SERVICE *svc;
- BACKEND *backend, *cur_backend, *old_backend;
- struct addrinfo from_host, z_addr;
+ BACKEND *backend, *cur_backend;
+ struct addrinfo from_host;
struct sockaddr_storage from_host_addr;
BIO *cl, *be, *bb, *b64;
X509 *x509;
@@ -785,20 +782,9 @@
if(connect_nb(sock, &backend->addr, backend->to) < 0) {
str_be(buf, MAXBUF - 1, backend);
logmsg(LOG_WARNING, "(%lx) backend %s connect: %s", pthread_self(), buf, strerror(errno));
- shutdown(sock, 2);
close(sock);
- /*
- * kill the back-end only if no HAport is defined for it
- * otherwise allow the HAport mechanism to do its job
- */
- memset(&z_addr, 0, sizeof(z_addr));
- if(memcmp(&(backend->ha_addr), &(z_addr), sizeof(z_addr)) == 0)
- kill_be(svc, backend, BE_KILL);
- /*
- * ...but make sure we don't get into a loop with the same back-end
- */
- old_backend = backend;
- if((backend = get_backend(svc, &from_host, url, &headers[1])) == NULL || backend == old_backend) {
+ kill_be(svc, backend, BE_KILL);
+ if((backend = get_backend(svc, &from_host, url, &headers[1])) == NULL) {
addr2str(caddr, MAXBUF - 1, &from_host, 1);
logmsg(LOG_NOTICE, "(%lx) e503 no back-end \"%s\" from %s", pthread_self(), request, caddr);
err_reply(cl, h503, lstn->err503);
@@ -898,7 +884,6 @@
logmsg(LOG_WARNING, "(%lx) e500 error write HTTPSHeader to %s: %s (%.3f sec)",
pthread_self(), buf, strerror(errno), (end_req - start_req) / 1000000.0);
err_reply(cl, h500, lstn->err500);
- free_headers(headers);
clean_all();
pthread_exit(NULL);
}
@@ -909,20 +894,6 @@
if(cur_backend->be_type == 0 && ssl != NULL) {
SSL_CIPHER *cipher;
- if((cipher = SSL_get_current_cipher(ssl)) != NULL) {
- SSL_CIPHER_description(cipher, buf, MAXBUF - 1);
- strip_eol(buf);
- if(BIO_printf(be, "X-SSL-cipher: %s\r\n", buf) <= 0) {
- str_be(buf, MAXBUF - 1, cur_backend);
- end_req = cur_time();
- logmsg(LOG_WARNING, "(%lx) e500 error write X-SSL-cipher to %s: %s (%.3f sec)",
- pthread_self(), buf, strerror(errno), (end_req - start_req) / 1000000.0);
- err_reply(cl, h500, lstn->err500);
- clean_all();
- pthread_exit(NULL);
- }
- }
-
if(lstn->clnt_check > 0 && x509 != NULL && (bb = BIO_new(BIO_s_mem())) != NULL) {
X509_NAME_print_ex(bb, X509_get_subject_name(x509), 8, XN_FLAG_ONELINE & ~ASN1_STRFLGS_ESC_MSB);
get_line(bb, buf, MAXBUF);
@@ -1046,6 +1017,19 @@
}
}
#endif
+ if((cipher = SSL_get_current_cipher(ssl)) != NULL) {
+ SSL_CIPHER_description(cipher, buf, MAXBUF - 1);
+ strip_eol(buf);
+ if(BIO_printf(be, "X-SSL-cipher: %s\r\n", buf) <= 0) {
+ str_be(buf, MAXBUF - 1, cur_backend);
+ end_req = cur_time();
+ logmsg(LOG_WARNING, "(%lx) e500 error write X-SSL-cipher to %s: %s (%.3f sec)",
+ pthread_self(), buf, strerror(errno), (end_req - start_req) / 1000000.0);
+ err_reply(cl, h500, lstn->err500);
+ clean_all();
+ pthread_exit(NULL);
+ }
+ }
BIO_free_all(bb);
}
}
|
[-]
[+]
|
Changed |
Pound-2.4.3.tar.bz2/pound.8
^
|
@@ -340,8 +340,8 @@
CHECKOUT, MERGE, REPORT).
.IP
.I 3
-additionally allow MS extensions WebDAV verbs (SUBSCRIBE, UNSUBSCRIBE,
-NOTIFY, BPROPFIND, BPROPPATCH, POLL, BMOVE, BCOPY, BDELETE, CONNECT).
+additionally allow MS extensions WebDAV verbs (SUBSCRIBE, BPROPPATCH,
+POLL, BMOVE, BCOPY, BDELETE, CONNECT).
.IP
.I 4
additionally allow MS RPC extensions verbs (RPC_IN_DATA, RPC_OUT_DATA).
|
[-]
[+]
|
Changed |
Pound-2.4.3.tar.bz2/pound.h
^
|
@@ -97,11 +97,6 @@
#error "Pound needs sys/un.h"
#endif
-#ifndef UNIX_PATH_MAX
-/* on Linux this is defined in linux/un.h rather than sys/un.h - go figure */
-#define UNIX_PATH_MAX 108
-#endif
-
#if HAVE_NETINET_IN_H
#include <netinet/in.h>
#else
@@ -265,7 +260,7 @@
#endif /* NO_EXTERNALS */
#ifndef MAXBUF
-#define MAXBUF 4096
+#define MAXBUF 1024
#endif
#define MAXHEADERS 128
@@ -521,7 +516,7 @@
*/
#define N_RSA_KEYS 11
#ifndef T_RSA_KEYS
-#define T_RSA_KEYS 1800
+#define T_RSA_KEYS 300
#endif
/*
|
[-]
[+]
|
Changed |
Pound-2.4.3.tar.bz2/poundctl.c
^
|
@@ -55,36 +55,36 @@
static char *
prt_addr(const struct addrinfo *addr)
{
- static char res[UNIX_PATH_MAX];
- char buf[UNIX_PATH_MAX];
+ static char res[64];
+ char buf[64];
int port;
void *src;
- memset(buf, 0, UNIX_PATH_MAX);
+ memset(buf, 0, 64);
#ifdef HAVE_INET_NTOP
switch(addr->ai_family) {
case AF_INET:
src = (void *)&((struct sockaddr_in *)addr->ai_addr)->sin_addr.s_addr;
port = ntohs(((struct sockaddr_in *)addr->ai_addr)->sin_port);
- if(inet_ntop(AF_INET, src, buf, UNIX_PATH_MAX - 1) == NULL)
- strncpy(buf, "(UNKNOWN)", UNIX_PATH_MAX - 1);
+ if(inet_ntop(AF_INET, src, buf, 63) == NULL)
+ strncpy(buf, "(UNKNOWN)", 63);
break;
case AF_INET6:
src = (void *)&((struct sockaddr_in6 *)addr->ai_addr)->sin6_addr.s6_addr;
port = ntohs(((struct sockaddr_in6 *)addr->ai_addr)->sin6_port);
- if(inet_ntop(AF_INET6, src, buf, UNIX_PATH_MAX - 1) == NULL)
- strncpy(buf, "(UNKNOWN)", UNIX_PATH_MAX - 1);
+ if(inet_ntop(AF_INET6, src, buf, 63) == NULL)
+ strncpy(buf, "(UNKNOWN)", 63);
break;
case AF_UNIX:
- strncpy(buf, (char *)addr->ai_addr, UNIX_PATH_MAX - 1);
+ strncpy(buf, (char *)addr->ai_addr, 63);
port = 0;
break;
default:
- strncpy(buf, "(UNKNOWN)", UNIX_PATH_MAX - 1);
+ strncpy(buf, "(UNKNOWN)", 63);
port = 0;
break;
}
- snprintf(res, UNIX_PATH_MAX - 1, "%s:%d", buf, port);
+ snprintf(res, 63, "%s:%d", buf, port);
#else
#error "Pound needs inet_ntop()"
#endif
|
[-]
[+]
|
Changed |
Pound-2.4.3.tar.bz2/svc.c
^
|
@@ -558,7 +558,6 @@
{
BACKEND *b;
int ret_val;
- char buf[MAXBUF];
if(ret_val = pthread_mutex_lock(&svc->mut))
logmsg(LOG_WARNING, "kill_be() lock: %s", strerror(ret_val));
@@ -568,18 +567,12 @@
switch(disable_mode) {
case BE_DISABLE:
b->disabled = 1;
- str_be(buf, MAXBUF - 1, b);
- logmsg(LOG_NOTICE, "(%lx) BackEnd %s disabled", pthread_self(), buf);
break;
case BE_KILL:
b->alive = 0;
- str_be(buf, MAXBUF - 1, b);
- logmsg(LOG_NOTICE, "(%lx) BackEnd %s dead (killed)", pthread_self(), buf);
t_clean(svc->sessions, &be, sizeof(be));
break;
case BE_ENABLE:
- str_be(buf, MAXBUF - 1, b);
- logmsg(LOG_NOTICE, "(%lx) BackEnd %s enabled", pthread_self(), buf);
b->disabled = 0;
break;
default:
@@ -756,8 +749,8 @@
* check if the Location points to the Listener but with the wrong port or protocol
*/
if(memcmp(&be_addr.sin_addr.s_addr, &in_addr.sin_addr.s_addr, sizeof(in_addr.sin_addr.s_addr)) == 0
- && (memcmp(&be_addr.sin_port, &in_addr.sin_port, sizeof(in_addr.sin_port)) != 0
- || strcasecmp(proto, (lstn->ctx == NULL)? "http": "https"))) {
+ && (memcmp(&be_addr.sin_port, &in_addr.sin_port, sizeof(in_addr.sin_port) != 0
+ || strcasecmp(proto, (lstn->ctx == NULL)? "http": "https")))) {
free(addr.ai_addr);
return 1;
}
@@ -768,8 +761,8 @@
* check if the Location points to the Listener but with the wrong port or protocol
*/
if(memcmp(&be6_addr.sin6_addr.s6_addr, &in6_addr.sin6_addr.s6_addr, sizeof(in6_addr.sin6_addr.s6_addr)) == 0
- && (memcmp(&be6_addr.sin6_port, &in6_addr.sin6_port, sizeof(in6_addr.sin6_port)) != 0
- || strcasecmp(proto, (lstn->ctx == NULL)? "http": "https"))) {
+ && (memcmp(&be6_addr.sin6_port, &in6_addr.sin6_port, sizeof(in6_addr.sin6_port) != 0
+ || strcasecmp(proto, (lstn->ctx == NULL)? "http": "https")))) {
free(addr.ai_addr);
return 1;
}
@@ -1360,19 +1353,19 @@
if((n_remain = n_wait - (cur_time - last_time)) > 0)
sleep(n_remain);
last_time = time(NULL);
- if((last_time - last_RSA) >= T_RSA_KEYS) {
+ if((last_time - last_RSA) > T_RSA_KEYS) {
last_RSA = time(NULL);
do_RSAgen();
}
- if((last_time - last_rescale) >= RESCALE_TO) {
+ if((last_time - last_rescale) > RESCALE_TO) {
last_rescale = time(NULL);
do_rescale();
}
- if((last_time - last_alive) >= alive_to) {
+ if((last_time - last_alive) > alive_to) {
last_alive = time(NULL);
do_resurect();
}
- if((last_time - last_expire) >= EXPIRE_TO) {
+ if((last_time - last_expire) > EXPIRE_TO) {
last_expire = time(NULL);
do_expire();
}
@@ -1406,7 +1399,6 @@
write(a->control_sock, t->key, sz);
return;
}
-
IMPLEMENT_LHASH_DOALL_ARG_FN(t_dump, TABNODE *, void *)
/*
|
[-]
[+]
|
Deleted |
Pound-2.5.tgz/GPL.txt
^
|
@@ -1,674 +0,0 @@
- GNU GENERAL PUBLIC LICENSE
- Version 3, 29 June 2007
-
- Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
- Everyone is permitted to copy and distribute verbatim copies
- of this license document, but changing it is not allowed.
-
- Preamble
-
- The GNU General Public License is a free, copyleft license for
-software and other kinds of works.
-
- The licenses for most software and other practical works are designed
-to take away your freedom to share and change the works. By contrast,
-the GNU General Public License is intended to guarantee your freedom to
-share and change all versions of a program--to make sure it remains free
-software for all its users. We, the Free Software Foundation, use the
-GNU General Public License for most of our software; it applies also to
-any other work released this way by its authors. You can apply it to
-your programs, too.
-
- When we speak of free software, we are referring to freedom, not
-price. Our General Public Licenses are designed to make sure that you
-have the freedom to distribute copies of free software (and charge for
-them if you wish), that you receive source code or can get it if you
-want it, that you can change the software or use pieces of it in new
-free programs, and that you know you can do these things.
-
- To protect your rights, we need to prevent others from denying you
-these rights or asking you to surrender the rights. Therefore, you have
-certain responsibilities if you distribute copies of the software, or if
-you modify it: responsibilities to respect the freedom of others.
-
- For example, if you distribute copies of such a program, whether
-gratis or for a fee, you must pass on to the recipients the same
-freedoms that you received. You must make sure that they, too, receive
-or can get the source code. And you must show them these terms so they
-know their rights.
-
- Developers that use the GNU GPL protect your rights with two steps:
-(1) assert copyright on the software, and (2) offer you this License
-giving you legal permission to copy, distribute and/or modify it.
-
- For the developers' and authors' protection, the GPL clearly explains
-that there is no warranty for this free software. For both users' and
-authors' sake, the GPL requires that modified versions be marked as
-changed, so that their problems will not be attributed erroneously to
-authors of previous versions.
-
- Some devices are designed to deny users access to install or run
-modified versions of the software inside them, although the manufacturer
-can do so. This is fundamentally incompatible with the aim of
-protecting users' freedom to change the software. The systematic
-pattern of such abuse occurs in the area of products for individuals to
-use, which is precisely where it is most unacceptable. Therefore, we
-have designed this version of the GPL to prohibit the practice for those
-products. If such problems arise substantially in other domains, we
-stand ready to extend this provision to those domains in future versions
-of the GPL, as needed to protect the freedom of users.
-
- Finally, every program is threatened constantly by software patents.
-States should not allow patents to restrict development and use of
-software on general-purpose computers, but in those that do, we wish to
-avoid the special danger that patents applied to a free program could
-make it effectively proprietary. To prevent this, the GPL assures that
-patents cannot be used to render the program non-free.
-
- The precise terms and conditions for copying, distribution and
-modification follow.
-
- TERMS AND CONDITIONS
-
- 0. Definitions.
-
- "This License" refers to version 3 of the GNU General Public License.
-
- "Copyright" also means copyright-like laws that apply to other kinds of
-works, such as semiconductor masks.
-
- "The Program" refers to any copyrightable work licensed under this
-License. Each licensee is addressed as "you". "Licensees" and
-"recipients" may be individuals or organizations.
-
- To "modify" a work means to copy from or adapt all or part of the work
-in a fashion requiring copyright permission, other than the making of an
-exact copy. The resulting work is called a "modified version" of the
-earlier work or a work "based on" the earlier work.
-
- A "covered work" means either the unmodified Program or a work based
-on the Program.
-
- To "propagate" a work means to do anything with it that, without
-permission, would make you directly or secondarily liable for
-infringement under applicable copyright law, except executing it on a
-computer or modifying a private copy. Propagation includes copying,
-distribution (with or without modification), making available to the
-public, and in some countries other activities as well.
-
- To "convey" a work means any kind of propagation that enables other
-parties to make or receive copies. Mere interaction with a user through
-a computer network, with no transfer of a copy, is not conveying.
-
- An interactive user interface displays "Appropriate Legal Notices"
-to the extent that it includes a convenient and prominently visible
-feature that (1) displays an appropriate copyright notice, and (2)
-tells the user that there is no warranty for the work (except to the
-extent that warranties are provided), that licensees may convey the
-work under this License, and how to view a copy of this License. If
-the interface presents a list of user commands or options, such as a
-menu, a prominent item in the list meets this criterion.
-
- 1. Source Code.
-
- The "source code" for a work means the preferred form of the work
-for making modifications to it. "Object code" means any non-source
-form of a work.
-
- A "Standard Interface" means an interface that either is an official
-standard defined by a recognized standards body, or, in the case of
-interfaces specified for a particular programming language, one that
-is widely used among developers working in that language.
-
- The "System Libraries" of an executable work include anything, other
-than the work as a whole, that (a) is included in the normal form of
-packaging a Major Component, but which is not part of that Major
-Component, and (b) serves only to enable use of the work with that
-Major Component, or to implement a Standard Interface for which an
-implementation is available to the public in source code form. A
-"Major Component", in this context, means a major essential component
-(kernel, window system, and so on) of the specific operating system
-(if any) on which the executable work runs, or a compiler used to
-produce the work, or an object code interpreter used to run it.
-
- The "Corresponding Source" for a work in object code form means all
-the source code needed to generate, install, and (for an executable
-work) run the object code and to modify the work, including scripts to
-control those activities. However, it does not include the work's
-System Libraries, or general-purpose tools or generally available free
-programs which are used unmodified in performing those activities but
-which are not part of the work. For example, Corresponding Source
-includes interface definition files associated with source files for
-the work, and the source code for shared libraries and dynamically
-linked subprograms that the work is specifically designed to require,
-such as by intimate data communication or control flow between those
-subprograms and other parts of the work.
-
- The Corresponding Source need not include anything that users
-can regenerate automatically from other parts of the Corresponding
-Source.
-
- The Corresponding Source for a work in source code form is that
-same work.
-
- 2. Basic Permissions.
-
- All rights granted under this License are granted for the term of
-copyright on the Program, and are irrevocable provided the stated
-conditions are met. This License explicitly affirms your unlimited
-permission to run the unmodified Program. The output from running a
-covered work is covered by this License only if the output, given its
-content, constitutes a covered work. This License acknowledges your
-rights of fair use or other equivalent, as provided by copyright law.
-
- You may make, run and propagate covered works that you do not
-convey, without conditions so long as your license otherwise remains
-in force. You may convey covered works to others for the sole purpose
-of having them make modifications exclusively for you, or provide you
-with facilities for running those works, provided that you comply with
-the terms of this License in conveying all material for which you do
-not control copyright. Those thus making or running the covered works
-for you must do so exclusively on your behalf, under your direction
-and control, on terms that prohibit them from making any copies of
-your copyrighted material outside their relationship with you.
-
- Conveying under any other circumstances is permitted solely under
-the conditions stated below. Sublicensing is not allowed; section 10
-makes it unnecessary.
-
- 3. Protecting Users' Legal Rights From Anti-Circumvention Law.
-
- No covered work shall be deemed part of an effective technological
-measure under any applicable law fulfilling obligations under article
-11 of the WIPO copyright treaty adopted on 20 December 1996, or
-similar laws prohibiting or restricting circumvention of such
-measures.
-
- When you convey a covered work, you waive any legal power to forbid
-circumvention of technological measures to the extent such circumvention
-is effected by exercising rights under this License with respect to
-the covered work, and you disclaim any intention to limit operation or
-modification of the work as a means of enforcing, against the work's
-users, your or third parties' legal rights to forbid circumvention of
-technological measures.
-
- 4. Conveying Verbatim Copies.
-
- You may convey verbatim copies of the Program's source code as you
-receive it, in any medium, provided that you conspicuously and
-appropriately publish on each copy an appropriate copyright notice;
-keep intact all notices stating that this License and any
-non-permissive terms added in accord with section 7 apply to the code;
-keep intact all notices of the absence of any warranty; and give all
-recipients a copy of this License along with the Program.
-
- You may charge any price or no price for each copy that you convey,
-and you may offer support or warranty protection for a fee.
-
- 5. Conveying Modified Source Versions.
-
- You may convey a work based on the Program, or the modifications to
-produce it from the Program, in the form of source code under the
-terms of section 4, provided that you also meet all of these conditions:
-
- a) The work must carry prominent notices stating that you modified
- it, and giving a relevant date.
-
- b) The work must carry prominent notices stating that it is
- released under this License and any conditions added under section
- 7. This requirement modifies the requirement in section 4 to
- "keep intact all notices".
-
- c) You must license the entire work, as a whole, under this
- License to anyone who comes into possession of a copy. This
- License will therefore apply, along with any applicable section 7
- additional terms, to the whole of the work, and all its parts,
- regardless of how they are packaged. This License gives no
- permission to license the work in any other way, but it does not
- invalidate such permission if you have separately received it.
-
- d) If the work has interactive user interfaces, each must display
- Appropriate Legal Notices; however, if the Program has interactive
- interfaces that do not display Appropriate Legal Notices, your
- work need not make them do so.
-
- A compilation of a covered work with other separate and independent
-works, which are not by their nature extensions of the covered work,
-and which are not combined with it such as to form a larger program,
-in or on a volume of a storage or distribution medium, is called an
-"aggregate" if the compilation and its resulting copyright are not
-used to limit the access or legal rights of the compilation's users
-beyond what the individual works permit. Inclusion of a covered work
-in an aggregate does not cause this License to apply to the other
-parts of the aggregate.
-
- 6. Conveying Non-Source Forms.
-
- You may convey a covered work in object code form under the terms
-of sections 4 and 5, provided that you also convey the
-machine-readable Corresponding Source under the terms of this License,
-in one of these ways:
-
- a) Convey the object code in, or embodied in, a physical product
- (including a physical distribution medium), accompanied by the
- Corresponding Source fixed on a durable physical medium
- customarily used for software interchange.
-
- b) Convey the object code in, or embodied in, a physical product
- (including a physical distribution medium), accompanied by a
- written offer, valid for at least three years and valid for as
- long as you offer spare parts or customer support for that product
- model, to give anyone who possesses the object code either (1) a
- copy of the Corresponding Source for all the software in the
- product that is covered by this License, on a durable physical
- medium customarily used for software interchange, for a price no
- more than your reasonable cost of physically performing this
- conveying of source, or (2) access to copy the
- Corresponding Source from a network server at no charge.
-
- c) Convey individual copies of the object code with a copy of the
- written offer to provide the Corresponding Source. This
- alternative is allowed only occasionally and noncommercially, and
- only if you received the object code with such an offer, in accord
- with subsection 6b.
-
- d) Convey the object code by offering access from a designated
- place (gratis or for a charge), and offer equivalent access to the
- Corresponding Source in the same way through the same place at no
- further charge. You need not require recipients to copy the
- Corresponding Source along with the object code. If the place to
- copy the object code is a network server, the Corresponding Source
- may be on a different server (operated by you or a third party)
- that supports equivalent copying facilities, provided you maintain
- clear directions next to the object code saying where to find the
- Corresponding Source. Regardless of what server hosts the
- Corresponding Source, you remain obligated to ensure that it is
- available for as long as needed to satisfy these requirements.
-
- e) Convey the object code using peer-to-peer transmission, provided
- you inform other peers where the object code and Corresponding
- Source of the work are being offered to the general public at no
- charge under subsection 6d.
-
- A separable portion of the object code, whose source code is excluded
-from the Corresponding Source as a System Library, need not be
-included in conveying the object code work.
-
- A "User Product" is either (1) a "consumer product", which means any
-tangible personal property which is normally used for personal, family,
-or household purposes, or (2) anything designed or sold for incorporation
-into a dwelling. In determining whether a product is a consumer product,
-doubtful cases shall be resolved in favor of coverage. For a particular
-product received by a particular user, "normally used" refers to a
-typical or common use of that class of product, regardless of the status
-of the particular user or of the way in which the particular user
-actually uses, or expects or is expected to use, the product. A product
-is a consumer product regardless of whether the product has substantial
-commercial, industrial or non-consumer uses, unless such uses represent
-the only significant mode of use of the product.
-
- "Installation Information" for a User Product means any methods,
-procedures, authorization keys, or other information required to install
-and execute modified versions of a covered work in that User Product from
-a modified version of its Corresponding Source. The information must
-suffice to ensure that the continued functioning of the modified object
-code is in no case prevented or interfered with solely because
-modification has been made.
-
- If you convey an object code work under this section in, or with, or
-specifically for use in, a User Product, and the conveying occurs as
-part of a transaction in which the right of possession and use of the
-User Product is transferred to the recipient in perpetuity or for a
-fixed term (regardless of how the transaction is characterized), the
-Corresponding Source conveyed under this section must be accompanied
-by the Installation Information. But this requirement does not apply
-if neither you nor any third party retains the ability to install
-modified object code on the User Product (for example, the work has
-been installed in ROM).
-
- The requirement to provide Installation Information does not include a
-requirement to continue to provide support service, warranty, or updates
-for a work that has been modified or installed by the recipient, or for
-the User Product in which it has been modified or installed. Access to a
-network may be denied when the modification itself materially and
-adversely affects the operation of the network or violates the rules and
-protocols for communication across the network.
-
- Corresponding Source conveyed, and Installation Information provided,
-in accord with this section must be in a format that is publicly
-documented (and with an implementation available to the public in
-source code form), and must require no special password or key for
-unpacking, reading or copying.
-
- 7. Additional Terms.
-
- "Additional permissions" are terms that supplement the terms of this
-License by making exceptions from one or more of its conditions.
-Additional permissions that are applicable to the entire Program shall
-be treated as though they were included in this License, to the extent
-that they are valid under applicable law. If additional permissions
-apply only to part of the Program, that part may be used separately
-under those permissions, but the entire Program remains governed by
-this License without regard to the additional permissions.
-
- When you convey a copy of a covered work, you may at your option
-remove any additional permissions from that copy, or from any part of
-it. (Additional permissions may be written to require their own
-removal in certain cases when you modify the work.) You may place
-additional permissions on material, added by you to a covered work,
-for which you have or can give appropriate copyright permission.
-
- Notwithstanding any other provision of this License, for material you
-add to a covered work, you may (if authorized by the copyright holders of
-that material) supplement the terms of this License with terms:
-
- a) Disclaiming warranty or limiting liability differently from the
- terms of sections 15 and 16 of this License; or
-
- b) Requiring preservation of specified reasonable legal notices or
- author attributions in that material or in the Appropriate Legal
- Notices displayed by works containing it; or
-
- c) Prohibiting misrepresentation of the origin of that material, or
- requiring that modified versions of such material be marked in
- reasonable ways as different from the original version; or
-
- d) Limiting the use for publicity purposes of names of licensors or
- authors of the material; or
-
- e) Declining to grant rights under trademark law for use of some
- trade names, trademarks, or service marks; or
-
- f) Requiring indemnification of licensors and authors of that
- material by anyone who conveys the material (or modified versions of
- it) with contractual assumptions of liability to the recipient, for
- any liability that these contractual assumptions directly impose on
- those licensors and authors.
-
- All other non-permissive additional terms are considered "further
-restrictions" within the meaning of section 10. If the Program as you
-received it, or any part of it, contains a notice stating that it is
-governed by this License along with a term that is a further
-restriction, you may remove that term. If a license document contains
-a further restriction but permits relicensing or conveying under this
-License, you may add to a covered work material governed by the terms
-of that license document, provided that the further restriction does
-not survive such relicensing or conveying.
-
- If you add terms to a covered work in accord with this section, you
-must place, in the relevant source files, a statement of the
-additional terms that apply to those files, or a notice indicating
-where to find the applicable terms.
-
- Additional terms, permissive or non-permissive, may be stated in the
-form of a separately written license, or stated as exceptions;
-the above requirements apply either way.
-
- 8. Termination.
-
- You may not propagate or modify a covered work except as expressly
-provided under this License. Any attempt otherwise to propagate or
-modify it is void, and will automatically terminate your rights under
-this License (including any patent licenses granted under the third
-paragraph of section 11).
-
- However, if you cease all violation of this License, then your
-license from a particular copyright holder is reinstated (a)
-provisionally, unless and until the copyright holder explicitly and
-finally terminates your license, and (b) permanently, if the copyright
-holder fails to notify you of the violation by some reasonable means
-prior to 60 days after the cessation.
-
- Moreover, your license from a particular copyright holder is
-reinstated permanently if the copyright holder notifies you of the
-violation by some reasonable means, this is the first time you have
-received notice of violation of this License (for any work) from that
-copyright holder, and you cure the violation prior to 30 days after
-your receipt of the notice.
-
- Termination of your rights under this section does not terminate the
-licenses of parties who have received copies or rights from you under
-this License. If your rights have been terminated and not permanently
-reinstated, you do not qualify to receive new licenses for the same
-material under section 10.
-
- 9. Acceptance Not Required for Having Copies.
-
- You are not required to accept this License in order to receive or
-run a copy of the Program. Ancillary propagation of a covered work
-occurring solely as a consequence of using peer-to-peer transmission
-to receive a copy likewise does not require acceptance. However,
-nothing other than this License grants you permission to propagate or
-modify any covered work. These actions infringe copyright if you do
-not accept this License. Therefore, by modifying or propagating a
-covered work, you indicate your acceptance of this License to do so.
-
- 10. Automatic Licensing of Downstream Recipients.
-
- Each time you convey a covered work, the recipient automatically
-receives a license from the original licensors, to run, modify and
-propagate that work, subject to this License. You are not responsible
-for enforcing compliance by third parties with this License.
-
- An "entity transaction" is a transaction transferring control of an
-organization, or substantially all assets of one, or subdividing an
-organization, or merging organizations. If propagation of a covered
-work results from an entity transaction, each party to that
-transaction who receives a copy of the work also receives whatever
-licenses to the work the party's predecessor in interest had or could
-give under the previous paragraph, plus a right to possession of the
-Corresponding Source of the work from the predecessor in interest, if
-the predecessor has it or can get it with reasonable efforts.
-
- You may not impose any further restrictions on the exercise of the
-rights granted or affirmed under this License. For example, you may
-not impose a license fee, royalty, or other charge for exercise of
-rights granted under this License, and you may not initiate litigation
-(including a cross-claim or counterclaim in a lawsuit) alleging that
-any patent claim is infringed by making, using, selling, offering for
-sale, or importing the Program or any portion of it.
-
- 11. Patents.
-
- A "contributor" is a copyright holder who authorizes use under this
-License of the Program or a work on which the Program is based. The
-work thus licensed is called the contributor's "contributor version".
-
- A contributor's "essential patent claims" are all patent claims
-owned or controlled by the contributor, whether already acquired or
-hereafter acquired, that would be infringed by some manner, permitted
-by this License, of making, using, or selling its contributor version,
-but do not include claims that would be infringed only as a
-consequence of further modification of the contributor version. For
-purposes of this definition, "control" includes the right to grant
-patent sublicenses in a manner consistent with the requirements of
-this License.
-
- Each contributor grants you a non-exclusive, worldwide, royalty-free
-patent license under the contributor's essential patent claims, to
-make, use, sell, offer for sale, import and otherwise run, modify and
-propagate the contents of its contributor version.
-
- In the following three paragraphs, a "patent license" is any express
-agreement or commitment, however denominated, not to enforce a patent
-(such as an express permission to practice a patent or covenant not to
-sue for patent infringement). To "grant" such a patent license to a
-party means to make such an agreement or commitment not to enforce a
-patent against the party.
-
- If you convey a covered work, knowingly relying on a patent license,
-and the Corresponding Source of the work is not available for anyone
-to copy, free of charge and under the terms of this License, through a
-publicly available network server or other readily accessible means,
-then you must either (1) cause the Corresponding Source to be so
-available, or (2) arrange to deprive yourself of the benefit of the
-patent license for this particular work, or (3) arrange, in a manner
-consistent with the requirements of this License, to extend the patent
-license to downstream recipients. "Knowingly relying" means you have
-actual knowledge that, but for the patent license, your conveying the
-covered work in a country, or your recipient's use of the covered work
-in a country, would infringe one or more identifiable patents in that
-country that you have reason to believe are valid.
-
- If, pursuant to or in connection with a single transaction or
-arrangement, you convey, or propagate by procuring conveyance of, a
-covered work, and grant a patent license to some of the parties
-receiving the covered work authorizing them to use, propagate, modify
-or convey a specific copy of the covered work, then the patent license
-you grant is automatically extended to all recipients of the covered
-work and works based on it.
-
- A patent license is "discriminatory" if it does not include within
-the scope of its coverage, prohibits the exercise of, or is
-conditioned on the non-exercise of one or more of the rights that are
-specifically granted under this License. You may not convey a covered
-work if you are a party to an arrangement with a third party that is
-in the business of distributing software, under which you make payment
-to the third party based on the extent of your activity of conveying
-the work, and under which the third party grants, to any of the
-parties who would receive the covered work from you, a discriminatory
-patent license (a) in connection with copies of the covered work
-conveyed by you (or copies made from those copies), or (b) primarily
-for and in connection with specific products or compilations that
-contain the covered work, unless you entered into that arrangement,
-or that patent license was granted, prior to 28 March 2007.
-
- Nothing in this License shall be construed as excluding or limiting
-any implied license or other defenses to infringement that may
-otherwise be available to you under applicable patent law.
-
- 12. No Surrender of Others' Freedom.
-
- If conditions are imposed on you (whether by court order, agreement or
-otherwise) that contradict the conditions of this License, they do not
-excuse you from the conditions of this License. If you cannot convey a
-covered work so as to satisfy simultaneously your obligations under this
-License and any other pertinent obligations, then as a consequence you may
-not convey it at all. For example, if you agree to terms that obligate you
-to collect a royalty for further conveying from those to whom you convey
-the Program, the only way you could satisfy both those terms and this
-License would be to refrain entirely from conveying the Program.
-
- 13. Use with the GNU Affero General Public License.
-
- Notwithstanding any other provision of this License, you have
-permission to link or combine any covered work with a work licensed
-under version 3 of the GNU Affero General Public License into a single
-combined work, and to convey the resulting work. The terms of this
-License will continue to apply to the part which is the covered work,
-but the special requirements of the GNU Affero General Public License,
-section 13, concerning interaction through a network will apply to the
-combination as such.
-
- 14. Revised Versions of this License.
-
- The Free Software Foundation may publish revised and/or new versions of
-the GNU General Public License from time to time. Such new versions will
-be similar in spirit to the present version, but may differ in detail to
-address new problems or concerns.
-
- Each version is given a distinguishing version number. If the
-Program specifies that a certain numbered version of the GNU General
-Public License "or any later version" applies to it, you have the
-option of following the terms and conditions either of that numbered
-version or of any later version published by the Free Software
-Foundation. If the Program does not specify a version number of the
-GNU General Public License, you may choose any version ever published
-by the Free Software Foundation.
-
- If the Program specifies that a proxy can decide which future
-versions of the GNU General Public License can be used, that proxy's
-public statement of acceptance of a version permanently authorizes you
-to choose that version for the Program.
-
- Later license versions may give you additional or different
-permissions. However, no additional obligations are imposed on any
-author or copyright holder as a result of your choosing to follow a
-later version.
-
- 15. Disclaimer of Warranty.
-
- THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
-APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
-HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
-OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
-THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
-IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
-ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
-
- 16. Limitation of Liability.
-
- IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
-WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
-THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
-GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
-USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
-DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
-PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
-EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGES.
-
- 17. Interpretation of Sections 15 and 16.
-
- If the disclaimer of warranty and limitation of liability provided
-above cannot be given local legal effect according to their terms,
-reviewing courts shall apply local law that most closely approximates
-an absolute waiver of all civil liability in connection with the
-Program, unless a warranty or assumption of liability accompanies a
-copy of the Program in return for a fee.
-
- END OF TERMS AND CONDITIONS
-
- How to Apply These Terms to Your New Programs
-
- If you develop a new program, and you want it to be of the greatest
-possible use to the public, the best way to achieve this is to make it
-free software which everyone can redistribute and change under these terms.
-
- To do so, attach the following notices to the program. It is safest
-to attach them to the start of each source file to most effectively
-state the exclusion of warranty; and each file should have at least
-the "copyright" line and a pointer to where the full notice is found.
-
- <one line to give the program's name and a brief idea of what it does.>
- Copyright (C) <year> <name of author>
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-
-Also add information on how to contact you by electronic and paper mail.
-
- If the program does terminal interaction, make it output a short
-notice like this when it starts in an interactive mode:
-
- <program> Copyright (C) <year> <name of author>
- This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
- This is free software, and you are welcome to redistribute it
- under certain conditions; type `show c' for details.
-
-The hypothetical commands `show w' and `show c' should show the appropriate
-parts of the General Public License. Of course, your program's commands
-might be different; for a GUI interface, you would use an "about box".
-
- You should also get your employer (if you work as a programmer) or school,
-if any, to sign a "copyright disclaimer" for the program, if necessary.
-For more information on this, and how to apply and follow the GNU GPL, see
-<http://www.gnu.org/licenses/>.
-
- The GNU General Public License does not permit incorporating your program
-into proprietary programs. If your program is a subroutine library, you
-may consider it more useful to permit linking proprietary applications with
-the library. If this is what you want to do, use the GNU Lesser General
-Public License instead of this License. But first, please read
-<http://www.gnu.org/philosophy/why-not-lgpl.html>.
|
|
Added |
debian.tar.gz
^
|
[-]
[+]
|
Added |
init.pound
^
|
@@ -0,0 +1,72 @@
+#! /bin/sh
+# Copyright (c) 1995-1998 SuSE GmbH Nuernberg, Germany.
+#
+# Author: adrian@suse.de, template by ro@suse.de
+#
+# /etc/init.d/pound
+# and its symbolic link
+# /usr/sbin/rcpound
+#
+### BEGIN INIT INFO
+# Provides: pound
+# Required-Start: $time $remote_fs $named $syslog
+# Required-Stop:
+# Default-Start: 3 5
+# Default-Stop: 0 1 2 4 6
+# Description: A lightweight HTTP proxy
+# Short-Description: A lightweight HTTP proxy
+### END INIT INFO
+
+. /etc/rc.status
+
+
+# Determine the base and follow a runlevel link name.
+base=${0##*/}
+link=${base#*[SK][0-9][0-9]}
+
+# Force execution if not called by a runlevel directory.
+test -x /usr/sbin/pound || exit 0
+
+rc_reset
+case "$1" in
+ start)
+ echo -n "Starting Pound HTTP Proxy"
+ startproc /usr/sbin/pound
+ rc_status -v
+ ;;
+ stop)
+ echo -n "Shutting down Pound HTTP Proxy"
+ killproc -TERM /usr/sbin/pound
+ rc_status -v
+ ;;
+ restart)
+ ## If first returns OK call the second, if first or
+ ## second command fails, set echo return value.
+ $0 stop && $0 start
+ rc_status
+ ;;
+ force-reload)
+ ## If first returns OK call the second, if first or
+ ## second command fails, set echo return value.
+ $0 stop; sleep 1 && $0 start
+ rc_status
+ ;;
+ reload)
+ $0 stop; sleep 1 && $0 start
+ rc_status
+ ;;
+ status)
+ echo -n "Checking for Pound HTTP Proxy Daemon: "
+ checkproc /usr/sbin/pound
+ rc_status -v
+ ;;
+ configtest)
+ echo "Checking Pound configuration ..."
+ eval /usr/sbin/pound -c
+ ;;
+ *)
+ echo "Usage: $0 {start|stop|status|restart|reload|configtest}"
+ exit 1
+ ;;
+esac
+rc_exit
|
[-]
[+]
|
Changed |
pound.cfg
^
|
@@ -1,35 +1,22 @@
-#
-# Default pound.cfg
-#
-# Pound listens on port 80 for HTTP and port 443 for HTTPS
-# and distributes requests to 2 backends running on localhost.
-# see pound(8) for configuration directives.
-# You can enable/disable backends with poundctl(8).
-#
+# This is a simple configuration example.
+# It sends all requests from port 80 to port 8080 on the same machine.
-User "pound"
+# Start pound as User with Group
+User "pound"
Group "pound"
-Control "/var/lib/pound/pound.cfg"
+# Replace "localhost" by your IP or host name
ListenHTTP
- Address 0.0.0.0
- Port 80
-End
+ Address localhost
+ Port 80
-ListenHTTPS
- Address 0.0.0.0
- Port 443
- Cert "/etc/pki/tls/certs/pound.pem"
-End
+ Service
+ HeadRequire "Host: .*localhost.*"
-Service
- BackEnd
- Address 127.0.0.1
- Port 8000
- End
-
- BackEnd
- Address 127.0.0.1
- Port 8001
+ BackEnd
+ Address localhost
+ Port 8080
+ End
End
End
+
|
[-]
[+]
|
Added |
pound.dsc
^
|
@@ -0,0 +1,13 @@
+Format: 1.0
+Source: pound
+Binary: pound
+Architecture: any
+Version: 2.4.1-1
+Maintainer: Michael Mende <debian@menole.net>
+Uploaders: Michael Piefel <piefel@debian.org>
+Homepage: http://www.apsis.ch/pound/
+Standards-Version: 3.7.3
+Build-Depends: autotools-dev, debhelper (>= 5), libpcre3-dev, libssl-dev (>= 0.9.7)
+Files:
+ 16450962d535215719442955f6101829 169138 Pound-2.4.1.tar.gz
+ 28db12afac91ca5c28b09a7ead069e56 6188 pound_2.4-2.diff.gz
|
[-]
[+]
|
Deleted |
pound.init
^
|
@@ -1,62 +0,0 @@
-#!/bin/bash
-#
-# pound This shell script starts the Pound load-balancer
-#
-# Author: Ruben Kerkhof <ruben@rubenkerkhof.com>
-#
-# chkconfig: - 85 15
-#
-# description: Pound is a reverse proxy and load-balancer
-# processname: pound
-# config: /etc/pound.cfg
-# pidfile: /var/run/pound.pid
-#
-
-# source function library
-. /etc/rc.d/init.d/functions
-
-RETVAL=0
-
-start() {
- echo -n $"Starting Pound: "
- daemon pound
- RETVAL=$?
- echo
- [ $RETVAL -eq 0 ] && touch /var/lock/subsys/pound
-}
-
-stop() {
- echo -n $"Stopping Pound: "
- killproc pound
- echo
- [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/pound
-}
-
-restart() {
- stop
- start
-}
-
-case "$1" in
- start)
- start
- ;;
- stop)
- stop
- ;;
- restart|force-reload|reload)
- restart
- ;;
- condrestart)
- [ -f /var/lock/subsys/pound ] && restart
- ;;
- status)
- status pound
- RETVAL=$?
- ;;
- *)
- echo $"Usage: $0 {start|stop|status|restart|reload|force-reload|condrestart}"
- exit 1
-esac
-
-exit $RETVAL
|