Changes - j0ke.net Open Build Service

@@ -1,190 +0,0 @@ -%define pound_user pound -%define pound_group pound -%define pound_home %{_localstatedir}/lib/pound - -Name: Pound -Version: 2.5 -Release: 1%{?dist} -Summary: Reverse proxy and load balancer - -Group: System Environment/Daemons -License: GPLv3 -URL: http://www.apsis.ch/pound -BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) - - -BuildRequires: openssl-devel, pcre-devel - -# tcmalloc doesn't exist on ppc yet (#238390) -# or sparc arches -%ifnarch ppc ppc64 sparcv9 sparc64 -BuildRequires: google-perftools-devel -%endif - -Requires(pre): %{_sbindir}/useradd -Requires(pre): %{_sbindir}/groupadd -Requires(post): /sbin/chkconfig -Requires(preun): /sbin/chkconfig, /sbin/service -Requires(postun): /sbin/service - -Source0: http://www.apsis.ch/pound/%{name}-%{version}.tgz -Source1: pound.init -Source2: pound.cfg -Patch0: pound-remove-owner.patch - -%description -The Pound program is a reverse proxy, load balancer and -HTTPS front-end for Web server(s). Pound was developed -to enable distributing the load among several Web-servers -and to allow for a convenient SSL wrapper for those Web -servers that do not offer it natively. Pound is distributed -under the GPL - no warranty, it's free to use, copy and -give away - -%prep -%setup -q -%patch0 -p1 -b .remove-owner - -%build -%configure -make %{?_smp_mflags} - -%install -rm -rf %{buildroot} -make install DESTDIR=%{buildroot} - -%{__install} -d %{buildroot}%{pound_home} -%{__install} -p -D -m 755 %{SOURCE1} %{buildroot}%{_initrddir}/pound -%{__install} -p -D -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/pound.cfg - -mkdir -p %{buildroot}%{_sysconfdir}/pki/tls/certs -touch %{buildroot}%{_sysconfdir}/pki/tls/certs/pound.pem - -%clean -rm -rf %{buildroot} - -%pre -%{_sbindir}/groupadd -f -r %{pound_group} -id %{pound_user} >/dev/null 2>&1 || \ - %{_sbindir}/useradd -r -g %{pound_group} -d %{pound_home} -s /sbin/nologin \ - -c "Pound user" %{pound_user} - -%post -/sbin/chkconfig --add pound - -# generate dummy certificate -exec > /dev/null 2> /dev/null -if [ ! -f %{_sysconfdir}/pki/tls/certs/pound.pem ] ; then -pushd %{_sysconfdir}/pki/tls/certs -umask 077 -cat << EOF | make pound.pem --- -SomeState -SomeCity -Pound Example Certificate -SomeOrganizationalUnit -localhost.localdomain -root@localhost.localdomain -EOF -chown root:pound pound.pem -chmod 640 pound.pem -popd -fi -exit 0 - -%preun -if [ $1 = 0 ]; then - /sbin/service pound stop >/dev/null 2>&1 - /sbin/chkconfig --del pound -fi - -%postun -if [ $1 -ge 1 ] ; then - /sbin/service pound condrestart > /dev/null 2>&1 || : -fi - -%files -%defattr(-,root,root,-) -%doc CHANGELOG FAQ GPL.txt README -%{_mandir}/man8/pound.8* -%{_mandir}/man8/poundctl.8* -%{_sbindir}/pound -%{_sbindir}/poundctl -%{_initrddir}/pound -%config(noreplace) %{_sysconfdir}/pound.cfg -%ghost %config(noreplace) %{_sysconfdir}/pki/tls/certs/pound.pem -%attr(-,%{pound_user},%{pound_group}) %dir %{pound_home} - -%changelog -* Sat Nov 20 2010 Carsten Schoene <cs@linux-administrator.com> - 2.5-1 -- update to release 2.5 - -* Thu Jan 15 2009 Ruben Kerkhof <ruben@rubenkerkhof.com> 2.4.4-1 -- upstream released new version - -* Mon Oct 13 2008 Ruben Kerkhof <ruben@rubenkerkhof.com> 2.4.3-1 -- Upstream released new version - -* Fri Jun 27 2008 Dennis Gilmore <dennis@ausil.us> 2.4-2 -- sparc arches dont have tcmalloc - -* Sat Feb 16 2008 Ruben Kerkhof <ruben@rubenkerkhof.com> 2.4-1 -- New stable version - -* Sat Feb 09 2008 Ruben Kerkhof <ruben@rubenkerkhof.com> - 2.4-0.2f -- Upstream released new version - -* Wed Dec 05 2007 Release Engineering <rel-eng at fedoraproject dot org> - 2.4-0.2 -- Rebuild for deps - -* Sun Dec 01 2007 Ruben Kerkhof <ruben@rubenkerkhof.com> 2.4.0-1e -- Update to experimental version 2.4e -* Thu Aug 16 2007 Ruben Kerkhof <ruben@rubenkerkhof.com> 2.4.0-1d -- Update to experimental version 2.4d -- Upstream changed license to GPLv3 -* Wed Jun 04 2007 Ruben Kerkhof <ruben@rubenkerkhof.com> 2.4.0-1c -- Upstream released new version -* Sat May 26 2007 Ruben Kerkhof <ruben@rubenkerkhof.com> 2.4.0-2b -- Disable linking with tcmalloc on ppc (#238390) -* Fri May 25 2007 Ruben Kerkhof <ruben@rubenkerkhof.com> 2.4-0.1b -- Update to experimental version 2.4b -- Better handling of user creation -- Build with tcmalloc for increased performance -* Wed Apr 11 2007 Ruben Kerkhof <ruben@rubenkerkhof.com> 2.3-1 -- Update to 2.3 -* Thu Apr 05 2007 <ruben@rubenkerkhof.com> 2.2.8-1 -- Sync with upstream -* Mon Mar 12 2007 <ruben@rubenkerkhof.com> 2.2.7-1 -- Sync with upstream -* Sun Mar 04 2007 <ruben@rubenkerkhof.com> 2.2.6-1 -- Sync with upstream -* Wed Feb 21 2007 <ruben@rubenkerkhof.com> 2.2.5-1 -- Sync with upstream -* Sat Feb 10 2007 <ruben@rubenkerkhof.com> 2.2.4-1 -- Sync with upstream -* Sat Jan 20 2007 <ruben@rubenkerkhof.com> 2.2.3-1 -- Fix problems in bad 2.2.2 release -* Mon Jan 15 2007 <ruben@rubenkerkhof.com> 2.2.2-1 -- Sync with upstream -* Wed Jan 03 2007 <ruben@rubenkerkhof.com> 2.2.1-1 -- Sync with new beta release from upstream -* Sun Dec 17 2006 <ruben@rubenkerkhof.com> 2.2-2 -- Fixed empty debuginfo rpm (bz 219942) -* Sat Dec 16 2006 <ruben@rubenkerkhof.com> 2.2-1 -- Sync with upstream -* Sat Dec 09 2006 <ruben@rubenkerkhof.com> 2.1.8-1 -- Sync with upstream -* Thu Dec 07 2006 <ruben@rubenkerkhof.com> 2.1.7-1 -- Sync with upstream -* Wed Nov 08 2006 <ruben@rubenkerkhof.com> 2.1.6-2 -- Changed hardcoded paths into rpmmacros -* Mon Nov 06 2006 <ruben@rubenkerkhof.com> 2.1.6-1 -- Synced with upstream version -- Changed Summary -- Added an init script -- Added pound.cfg with an example configuration -- Added pound user and group -- A self-signed ssl certificate is created in %%post -* Fri Nov 03 2006 <ruben@rubenkerkhof.com> 2.1.5-1 -- initial version -

@@ -1,18 +0,0 @@ ---- Pound-2.2.3/Makefile.in.remove-owner 2007-01-21 01:45:44.000000000 +0100 -+++ Pound-2.2.3/Makefile.in 2007-01-21 01:46:59.000000000 +0100 -@@ -50,11 +50,11 @@ - - install: all - @INSTALL@ -d ${DESTDIR}@sbindir@ -- @INSTALL@ -o @I_OWNER@ -g @I_GRP@ -m 555 pound ${DESTDIR}@sbindir@/pound -- @INSTALL@ -o @I_OWNER@ -g @I_GRP@ -m 555 poundctl ${DESTDIR}@sbindir@/poundctl -+ @INSTALL@ -p -m 755 pound ${DESTDIR}@sbindir@/pound -+ @INSTALL@ -p -m 755 poundctl ${DESTDIR}@sbindir@/poundctl - @INSTALL@ -d ${DESTDIR}@mandir@/man8 -- @INSTALL@ -o @I_OWNER@ -g @I_GRP@ -m 644 pound.8 ${DESTDIR}@mandir@/man8/pound.8 -- @INSTALL@ -o @I_OWNER@ -g @I_GRP@ -m 644 poundctl.8 ${DESTDIR}@mandir@/man8/poundctl.8 -+ @INSTALL@ -p -m 644 pound.8 ${DESTDIR}@mandir@/man8/pound.8 -+ @INSTALL@ -p -m 644 poundctl.8 ${DESTDIR}@mandir@/man8/poundctl.8 - - clean: - rm -f pound $(OBJS) poundctl poundctl.o

@@ -0,0 +1,18 @@ +--- Makefile.in ++++ Makefile.in +@@ -50,11 +50,11 @@ + + install: all + @INSTALL@ -d ${DESTDIR}@sbindir@ +- @INSTALL@ -o @I_OWNER@ -g @I_GRP@ -m 555 pound ${DESTDIR}@sbindir@/pound +- @INSTALL@ -o @I_OWNER@ -g @I_GRP@ -m 555 poundctl ${DESTDIR}@sbindir@/poundctl ++ @INSTALL@ -m 555 pound ${DESTDIR}@sbindir@/pound ++ @INSTALL@ -m 755 poundctl ${DESTDIR}@sbindir@/poundctl + @INSTALL@ -d ${DESTDIR}@mandir@/man8 +- @INSTALL@ -o @I_OWNER@ -g @I_GRP@ -m 644 pound.8 ${DESTDIR}@mandir@/man8/pound.8 +- @INSTALL@ -o @I_OWNER@ -g @I_GRP@ -m 644 poundctl.8 ${DESTDIR}@mandir@/man8/poundctl.8 ++ @INSTALL@ -m 644 pound.8 ${DESTDIR}@mandir@/man8/pound.8 ++ @INSTALL@ -m 644 poundctl.8 ${DESTDIR}@mandir@/man8/poundctl.8 + + clean: + rm -f pound $(OBJS) poundctl poundctl.o

@@ -1,141 +1,4 @@ ------------------------------------------------------------------------ -r67 | roseg | 2010-02-02 12:49:00 +0100 (Tue, 02 Feb 2010) | 9 lines - -Release 2.5 - -Enhancements: - -Bug fixes: - - fixed XML format to avoid problems with brain-dead parsers - - fixed Redirect to accept "/" as a path, so that "Redirect http://x/" is - considered an absolute path, but "Redirect http://x" is not - ------------------------------------------------------------------------- -r66 | roseg | 2010-01-04 17:20:55 +0100 (Mon, 04 Jan 2010) | 7 lines - -Release 2.5e - -Enhancements: - - added support for symbolic host names in poundctl - -Bug fixes: - ------------------------------------------------------------------------- -r65 | roseg | 2009-12-07 17:01:21 +0100 (Mon, 07 Dec 2009) | 9 lines - -Release 2.5d - -Enhancements: - - added support for --disable-pcreposix, --disable--tcmalloc, --disable-hoard in configuration script - -Bug fixes: - - fixed problem with long input lines in http.c - - if libpcreposix is present, then pcreposix.h must also be present - ------------------------------------------------------------------------- -r64 | roseg | 2009-09-21 13:16:57 +0200 (Mon, 21 Sep 2009) | 8 lines - -Release 2.5c - -Enhancements: - - added support for HTTPS backends - -Bug fixes: - - fixed problem with sub-patterns in session parameters - ------------------------------------------------------------------------- -r63 | roseg | 2009-08-19 17:44:07 +0200 (Wed, 19 Aug 2009) | 10 lines - -Release 2.5b - -Enhancements: - - support for ConnTO directive - - support for IgnoreCase directive - -Bug fixes: - - fixed problem in conf_fgets (\n confuses the regexp) - - changed RSA ephemeral keys regeneration default time (every 30 minutes) - ------------------------------------------------------------------------- -r62 | roseg | 2009-08-06 17:23:30 +0200 (Thu, 06 Aug 2009) | 9 lines - -Release 2.5a - -Enhancements: - - support for include directive - -Bug fixes: - - fixed generation of ephemeral RSA keys (avoid premature locking) - - added pre-generated DH parameters - ------------------------------------------------------------------------- -r61 | roseg | 2009-06-29 17:53:55 +0200 (Mon, 29 Jun 2009) | 13 lines - -Release 2.4.5 - -Stable release 2.4.5 - -Enhancements: - - log back-end killed/disabled/enabled (thanks to Joe Gooch and Jon Garvin) - - kill a BE on connection failure only if it has no HAport defined (thanks to Albert); the request may still fail! - -Bug fixes: - - fixed parantheses problems in need_rewrite (thanks to SBR) - - added call to free_headers in http.c (thanks to SBR) - - fixed maximal path length in UNIX domain sockets (thanks to Ricardo Gameiro) - ------------------------------------------------------------------------- -r60 | roseg | 2009-01-14 17:39:52 +0100 (Wed, 14 Jan 2009) | 18 lines - -Release 2.4.4 - -Stable release 2.4.4 - -Enhancements: - - added support for UNSUBSCRIBE and NOTIFY in xHTTP 3 and 4 - - added support for BPROPFIND in xHTTP 4 - - on SSL connections always pass the cipher used to the back-end (thanks to Magnus Sandin) - -Bug fixes: - - save and restore errno value in cur_time() (thanks to Albert) - - fixed problem in timer thread (thanks to Albert) - - added shutdown for failed socket connection (thanks to Albert) - - fixed problem with CC containing spaces in Makefile.in (thanks to Elan Ruusamäe) - - increased MAXBUF to default 4096 - - increased T_RSA default to 30 minutes - - fixed a problem with Unix sockets back-ends (thanks to Ricardo Gameiro) - ------------------------------------------------------------------------- -r59 | roseg | 2008-05-31 12:25:41 +0200 (Sat, 31 May 2008) | 11 lines - -Release 2.4.3 - -Stable release 2.4.3 - -Enhancements: - -Bug fixes: - - fixed problem in session access time updating (thanks to Piotr Jakubowski) - - fixed problem in session removal (thanks to Doriam Mori) - - fixed problem in Redirect logging (thanks to Albert) - ------------------------------------------------------------------------- -r58 | roseg | 2008-04-24 16:31:28 +0200 (Thu, 24 Apr 2008) | 13 lines - -Release 2.4.2 - -Stable release 2.4.2 - -Enhancements: - -Bug fixes: - - fixed problem with session TTL -1 (thanks to Scott Royston for pointing it out) - - fixed problem with back-end killing on failed connect - - fixed a small problem in the poundctl XML output (thanks to johnlr for the fix) - - added hints in call to getaddrinfo() (for Solaris 10 support) - - fixed redirection problem (missing slash in Location/Content-location) - ------------------------------------------------------------------------- r57 | roseg | 2008-04-05 11:45:41 +0200 (Sat, 05 Apr 2008) | 12 lines Release 2.4.1

@@ -1,5 +1,5 @@ # Pound - the reverse-proxy load-balancer -# Copyright (C) 2002-2010 Apsis GmbH +# Copyright (C) 2002-2007 Apsis GmbH # # This file is part of Pound. # @@ -8,7 +8,7 @@ # the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. # -# Pound is distributed in the hope that it will be useful, +# Foobar is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. @@ -21,9 +21,10 @@ # P.O.Box # 8707 Uetikon am See # Switzerland +# Tel: +41-44-920 4904 # EMail: roseg@apsis.ch -CC=@PTHREAD_CC@ +CC="@PTHREAD_CC@" VERSION="@PACKAGE_VERSION@" C_SSL="@C_SSL@" C_T_RSA="@C_T_RSA@" @@ -54,16 +55,7 @@ poundctl: poundctl.o ${CC} @LDFLAGS@ -o poundctl poundctl.o $(LIBS) -dh512.h: - openssl dhparam -5 -C -noout 512 > dh512.h - -dh1024.h: - openssl dhparam -5 -C -noout 1024 > dh1024.h - -$(OBJS): pound.h config.h - -svc.o: svc.c dh512.h dh1024.h - gcc ${CFLAGS} -c -o svc.o svc.c +$(OBJS): pound.h install: all @INSTALL@ -d ${DESTDIR}@sbindir@ @@ -75,7 +67,6 @@ clean: rm -f pound $(OBJS) poundctl poundctl.o - rm -f dh512.h dh1024.h distclean: clean -rm -f config.h config.log config.status Makefile

@@ -128,7 +128,7 @@ --disable-super -- disable supervisor process (default: enabled) --with-t_rsa=nnn -- timeout of the RSA ephemeral keys regeneration - (default: 1800 seconds). + (default: 300 seconds). --with-owner=owner -- name of installed binaries owner (default is system-dependent).

@@ -1,6 +1,6 @@ /* * Pound - the reverse-proxy load-balancer - * Copyright (C) 2002-2010 Apsis GmbH + * Copyright (C) 2002-2007 Apsis GmbH * * This file is part of Pound. * @@ -9,7 +9,7 @@ * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * - * Pound is distributed in the hope that it will be useful, + * Foobar is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. @@ -22,6 +22,7 @@ * P.O.Box * 8707 Uetikon am See * Switzerland + * Tel: +41-44-920 4904 * EMail: roseg@apsis.ch */ @@ -77,7 +78,7 @@ static regex_t Service, ServiceName, URL, HeadRequire, HeadDeny, BackEnd, Emergency, Priority, HAport, HAportAddr; static regex_t Redirect, RedirectN, TimeOut, Session, Type, TTL, ID, DynScale; static regex_t ClientCert, AddHeader, Ciphers, CAlist, VerifyList, CRLlist, NoHTTPS11; -static regex_t Grace, Include, ConnTO, IgnoreCase, HTTPS, HTTPSCert; +static regex_t Grace; static regmatch_t matches[5]; @@ -85,92 +86,22 @@ "^(GET|POST|HEAD) ([^ ]+) HTTP/1.[01]$", "^(GET|POST|HEAD|PUT|DELETE) ([^ ]+) HTTP/1.[01]$", "^(GET|POST|HEAD|PUT|DELETE|LOCK|UNLOCK|PROPFIND|PROPPATCH|SEARCH|MKCOL|MOVE|COPY|OPTIONS|TRACE|MKACTIVITY|CHECKOUT|MERGE|REPORT) ([^ ]+) HTTP/1.[01]$", - "^(GET|POST|HEAD|PUT|DELETE|LOCK|UNLOCK|PROPFIND|PROPPATCH|SEARCH|MKCOL|MOVE|COPY|OPTIONS|TRACE|MKACTIVITY|CHECKOUT|MERGE|REPORT|SUBSCRIBE|UNSUBSCRIBE|BPROPPATCH|POLL|BMOVE|BCOPY|BDELETE|BPROPFIND|NOTIFY|CONNECT) ([^ ]+) HTTP/1.[01]$", - "^(GET|POST|HEAD|PUT|DELETE|LOCK|UNLOCK|PROPFIND|PROPPATCH|SEARCH|MKCOL|MOVE|COPY|OPTIONS|TRACE|MKACTIVITY|CHECKOUT|MERGE|REPORT|SUBSCRIBE|UNSUBSCRIBE|BPROPPATCH|POLL|BMOVE|BCOPY|BDELETE|BPROPFIND|NOTIFY|CONNECT|RPC_IN_DATA|RPC_OUT_DATA) ([^ ]+) HTTP/1.[01]$", + "^(GET|POST|HEAD|PUT|DELETE|LOCK|UNLOCK|PROPFIND|PROPPATCH|SEARCH|MKCOL|MOVE|COPY|OPTIONS|TRACE|MKACTIVITY|CHECKOUT|MERGE|REPORT|SUBSCRIBE|BPROPPATCH|POLL|BMOVE|BCOPY|BDELETE|CONNECT) ([^ ]+) HTTP/1.[01]$", + "^(GET|POST|HEAD|PUT|DELETE|LOCK|UNLOCK|PROPFIND|PROPPATCH|SEARCH|MKCOL|MOVE|COPY|OPTIONS|TRACE|MKACTIVITY|CHECKOUT|MERGE|REPORT|SUBSCRIBE|BPROPPATCH|POLL|BMOVE|BCOPY|BDELETE|CONNECT|RPC_IN_DATA|RPC_OUT_DATA) ([^ ]+) HTTP/1.[01]$", }; static int log_level = 1; static int def_facility = LOG_DAEMON; static int clnt_to = 10; static int be_to = 15; -static int be_connto = 15; +static int n_lin = 0; static int dynscale = 0; -static int ignore_case = 0; - -#define MAX_FIN 8 - -static FILE *f_in[MAX_FIN]; -static char *f_name[MAX_FIN]; -static int n_lin[MAX_FIN]; -static int cur_fin; - -static -conf_init(const char *name) -{ - if((f_name[0] = strdup(name)) == NULL) { - logmsg(LOG_ERR, "open %s: out of memory", name); - exit(1); - } - if((f_in[0] = fopen(name, "rt")) == NULL) { - logmsg(LOG_ERR, "can't open open %s", name); - exit(1); - } - n_lin[0] = 0; - cur_fin = 0; - return 0; -} - -void -conf_err(const char *msg) -{ - logmsg(LOG_ERR, "%s line %d: %s", f_name[cur_fin], n_lin[cur_fin], msg); - exit(1); -} - -static char * -conf_fgets(char *buf, const int max) -{ - int i; - - for(;;) { - if(fgets(buf, max, f_in[cur_fin]) == NULL) { - fclose(f_in[cur_fin]); - if(cur_fin > 0) { - cur_fin--; - continue; - } else - return NULL; - } - n_lin[cur_fin]++; - for(i = 0; i < max; i++) - if(buf[i] == '\n' || buf[i] == '\r') { - buf[i] = '\0'; - break; - } - if(!regexec(&Empty, buf, 4, matches, 0) || !regexec(&Comment, buf, 4, matches, 0)) - /* comment or empty line */ - continue; - if(!regexec(&Include, buf, 4, matches, 0)) { - buf[matches[1].rm_eo] = '\0'; - if(cur_fin == (MAX_FIN - 1)) - conf_err("Include nesting too deep"); - cur_fin++; - if((f_name[cur_fin] = strdup(&buf[matches[1].rm_so])) == NULL) - conf_err("Include out of memory"); - if((f_in[cur_fin] = fopen(&buf[matches[1].rm_so], "rt")) == NULL) - conf_err("can't open included file"); - n_lin[cur_fin] = 0; - continue; - } - return buf; - } -} /* * parse a back-end */ static BACKEND * -parse_be(const int is_emergency) +parse_be(FILE *const f_conf, const int is_emergency) { char lin[MAXBUF]; BACKEND *res; @@ -179,40 +110,41 @@ struct sockaddr_in in; struct sockaddr_in6 in6; - if((res = (BACKEND *)malloc(sizeof(BACKEND))) == NULL) - conf_err("BackEnd config: out of memory - aborted"); + if((res = (BACKEND *)malloc(sizeof(BACKEND))) == NULL) { + logmsg(LOG_ERR, "line %d: BackEnd config: out of memory - aborted", n_lin); + exit(1); + } memset(res, 0, sizeof(BACKEND)); res->be_type = 0; res->addr.ai_socktype = SOCK_STREAM; res->to = is_emergency? 120: be_to; - res->conn_to = is_emergency? 120: be_connto; res->alive = 1; memset(&res->addr, 0, sizeof(res->addr)); res->priority = 5; memset(&res->ha_addr, 0, sizeof(res->ha_addr)); res->url = NULL; res->next = NULL; - res->ctx = NULL; has_addr = has_port = 0; pthread_mutex_init(&res->mut, NULL); - while(conf_fgets(lin, MAXBUF)) { + while(fgets(lin, MAXBUF, f_conf)) { + n_lin++; if(strlen(lin) > 0 && lin[strlen(lin) - 1] == '\n') lin[strlen(lin) - 1] = '\0'; - if(!regexec(&Address, lin, 4, matches, 0)) { + if(!regexec(&Empty, lin, 4, matches, 0) || !regexec(&Comment, lin, 4, matches, 0)) { + /* comment or empty line */ + continue; + } else if(!regexec(&Address, lin, 4, matches, 0)) { lin[matches[1].rm_eo] = '\0'; if(get_host(lin + matches[1].rm_so, &res->addr)) { /* if we can't resolve it assume this is a UNIX domain socket */ res->addr.ai_socktype = SOCK_STREAM; res->addr.ai_family = AF_UNIX; res->addr.ai_protocol = 0; - if((res->addr.ai_addr = (struct sockaddr *)malloc(sizeof(struct sockaddr_un))) == NULL) - conf_err("out of memory"); - if((strlen(lin + matches[1].rm_so) + 1) > UNIX_PATH_MAX) - conf_err("UNIX path name too long"); + if((res->addr.ai_addr = (struct sockaddr *)strdup(lin + matches[1].rm_so)) == NULL) { + logmsg(LOG_ERR, "line %d: out of memory", n_lin); + exit(1); + } res->addr.ai_addrlen = strlen(lin + matches[1].rm_so) + 1; - res->addr.ai_addr->sa_family = AF_UNIX; - strcpy(res->addr.ai_addr->sa_data, lin + matches[1].rm_so); - res->addr.ai_addrlen = sizeof( struct sockaddr_un ); } has_addr = 1; } else if(!regexec(&Port, lin, 4, matches, 0)) { @@ -228,23 +160,28 @@ memcpy(res->addr.ai_addr, &in6, sizeof(in6)); break; default: - conf_err("Port is supported only for INET/INET6 back-ends"); + logmsg(LOG_ERR, "line %d: Port is supported only for INET/INET6 back-ends", n_lin); + exit(1); } has_port = 1; } else if(!regexec(&Priority, lin, 4, matches, 0)) { - if(is_emergency) - conf_err("Priority is not supported for Emergency back-ends"); + if(is_emergency) { + logmsg(LOG_ERR, "line %d: Priority is not supported for Emergency back-ends", n_lin); + exit(1); + } res->priority = atoi(lin + matches[1].rm_so); } else if(!regexec(&TimeOut, lin, 4, matches, 0)) { res->to = atoi(lin + matches[1].rm_so); - } else if(!regexec(&ConnTO, lin, 4, matches, 0)) { - res->conn_to = atoi(lin + matches[1].rm_so); } else if(!regexec(&HAport, lin, 4, matches, 0)) { - if(is_emergency) - conf_err("HAport is not supported for Emergency back-ends"); + if(is_emergency) { + logmsg(LOG_ERR, "line %d: HAport is not supported for Emergency back-ends", n_lin); + exit(1); + } res->ha_addr = res->addr; - if((res->ha_addr.ai_addr = (struct sockaddr *)malloc(res->addr.ai_addrlen)) == NULL) - conf_err("out of memory"); + if((res->ha_addr.ai_addr = (struct sockaddr *)malloc(res->addr.ai_addrlen)) == NULL) { + logmsg(LOG_ERR, "line %d: out of memory", n_lin); + exit(1); + } memcpy(res->ha_addr.ai_addr, res->addr.ai_addr, res->addr.ai_addrlen); switch(res->addr.ai_family) { case AF_INET: @@ -258,19 +195,24 @@ memcpy(res->addr.ai_addr, &in6, sizeof(in6)); break; default: - conf_err("HAport is supported only for INET/INET6 back-ends"); + logmsg(LOG_ERR, "line %d: HAport is supported only for INET/INET6 back-ends", n_lin); + exit(1); } } else if(!regexec(&HAportAddr, lin, 4, matches, 0)) { - if(is_emergency) - conf_err("HAportAddr is not supported for Emergency back-ends"); + if(is_emergency) { + logmsg(LOG_ERR, "line %d: HAportAddr is not supported for Emergency back-ends", n_lin); + exit(1); + } lin[matches[1].rm_eo] = '\0'; if(get_host(lin + matches[1].rm_so, &res->ha_addr)) { /* if we can't resolve it assume this is a UNIX domain socket */ res->addr.ai_socktype = SOCK_STREAM; res->ha_addr.ai_family = AF_UNIX; res->ha_addr.ai_protocol = 0; - if((res->ha_addr.ai_addr = (struct sockaddr *)strdup(lin + matches[1].rm_so)) == NULL) - conf_err("out of memory"); + if((res->ha_addr.ai_addr = (struct sockaddr *)strdup(lin + matches[1].rm_so)) == NULL) { + logmsg(LOG_ERR, "line %d: out of memory", n_lin); + exit(1); + } res->addr.ai_addrlen = strlen(lin + matches[1].rm_so) + 1; } else switch(res->ha_addr.ai_family) { case AF_INET: @@ -284,47 +226,27 @@ memcpy(res->ha_addr.ai_addr, &in6, sizeof(in6)); break; default: - conf_err("Unknown HA address type"); + logmsg(LOG_ERR, "line %d: Unknown HA address type", n_lin); + exit(1); } - } else if(!regexec(&HTTPS, lin, 4, matches, 0)) { - if((res->ctx = SSL_CTX_new(SSLv23_client_method())) == NULL) - conf_err("SSL_CTX_new failed - aborted"); - SSL_CTX_set_verify(res->ctx, SSL_VERIFY_NONE, NULL); - SSL_CTX_set_mode(res->ctx, SSL_MODE_AUTO_RETRY); - SSL_CTX_set_options(res->ctx, SSL_OP_ALL); - sprintf(lin, "%d-Pound-%ld", getpid(), random()); - SSL_CTX_set_session_id_context(res->ctx, (unsigned char *)lin, strlen(lin)); - SSL_CTX_set_tmp_rsa_callback(res->ctx, RSA_tmp_callback); - SSL_CTX_set_tmp_dh_callback(res->ctx, DH_tmp_callback); - } else if(!regexec(&HTTPSCert, lin, 4, matches, 0)) { - if((res->ctx = SSL_CTX_new(SSLv23_client_method())) == NULL) - conf_err("SSL_CTX_new failed - aborted"); - lin[matches[1].rm_eo] = '\0'; - if(SSL_CTX_use_certificate_chain_file(res->ctx, lin + matches[1].rm_so) != 1) - conf_err("SSL_CTX_use_certificate_chain_file failed - aborted"); - if(SSL_CTX_use_PrivateKey_file(res->ctx, lin + matches[1].rm_so, SSL_FILETYPE_PEM) != 1) - conf_err("SSL_CTX_use_PrivateKey_file failed - aborted"); - if(SSL_CTX_check_private_key(res->ctx) != 1) - conf_err("SSL_CTX_check_private_key failed - aborted"); - SSL_CTX_set_verify(res->ctx, SSL_VERIFY_NONE, NULL); - SSL_CTX_set_mode(res->ctx, SSL_MODE_AUTO_RETRY); - SSL_CTX_set_options(res->ctx, SSL_OP_ALL); - sprintf(lin, "%d-Pound-%ld", getpid(), random()); - SSL_CTX_set_session_id_context(res->ctx, (unsigned char *)lin, strlen(lin)); - SSL_CTX_set_tmp_rsa_callback(res->ctx, RSA_tmp_callback); - SSL_CTX_set_tmp_dh_callback(res->ctx, DH_tmp_callback); } else if(!regexec(&End, lin, 4, matches, 0)) { - if(!has_addr) - conf_err("BackEnd missing Address - aborted"); - if((res->addr.ai_family == AF_INET || res->addr.ai_family == AF_INET6) && !has_port) - conf_err("BackEnd missing Port - aborted"); + if(!has_addr) { + logmsg(LOG_ERR, "line %d: BackEnd missing Address - aborted", n_lin); + exit(1); + } + if((res->addr.ai_family == AF_INET || res->addr.ai_family == AF_INET6) && !has_port) { + logmsg(LOG_ERR, "line %d: BackEnd missing Port - aborted", n_lin); + exit(1); + } return res; } else { - conf_err("unknown directive"); + logmsg(LOG_ERR, "line %d: unknown directive \"%s\" - aborted", n_lin, lin); + exit(1); } } - conf_err("BackEnd premature EOF"); + logmsg(LOG_ERR, "line %d: BackEnd premature EOF", n_lin); + exit(1); return NULL; } @@ -332,17 +254,22 @@ * parse a session */ static void -parse_sess(SERVICE *const svc) +parse_sess(FILE *const f_conf, SERVICE *const svc) { - char lin[MAXBUF], *cp, *parm; + char lin[MAXBUF], *cp; - parm = NULL; - while(conf_fgets(lin, MAXBUF)) { + while(fgets(lin, MAXBUF, f_conf)) { + n_lin++; if(strlen(lin) > 0 && lin[strlen(lin) - 1] == '\n') lin[strlen(lin) - 1] = '\0'; - if(!regexec(&Type, lin, 4, matches, 0)) { - if(svc->sess_type != SESS_NONE) - conf_err("Multiple Session types in one Service - aborted"); + if(!regexec(&Empty, lin, 4, matches, 0) || !regexec(&Comment, lin, 4, matches, 0)) { + /* comment or empty line */ + continue; + } else if(!regexec(&Type, lin, 4, matches, 0)) { + if(svc->sess_type != SESS_NONE) { + logmsg(LOG_ERR, "line %d: Multiple Session types in one Service - aborted", n_lin); + exit(1); + } lin[matches[1].rm_eo] = '\0'; cp = lin + matches[1].rm_so; if(!strcasecmp(cp, "IP")) @@ -357,62 +284,76 @@ svc->sess_type = SESS_BASIC; else if(!strcasecmp(cp, "HEADER")) svc->sess_type = SESS_HEADER; - else - conf_err("Unknown Session type"); + else { + logmsg(LOG_ERR, "line %d: Unknown Session type \"%s\" - aborted", n_lin, cp); + exit(1); + } } else if(!regexec(&TTL, lin, 4, matches, 0)) { svc->sess_ttl = atoi(lin + matches[1].rm_so); } else if(!regexec(&ID, lin, 4, matches, 0)) { - if(svc->sess_type != SESS_COOKIE && svc->sess_type != SESS_URL && svc->sess_type != SESS_HEADER) - conf_err("no ID permitted unless COOKIE/URL/HEADER Session - aborted"); + if(svc->sess_type != SESS_COOKIE && svc->sess_type != SESS_URL && svc->sess_type != SESS_HEADER) { + logmsg(LOG_ERR, "line %d: no ID permitted unless COOKIE/URL/HEADER Session - aborted", n_lin); + exit(1); + } lin[matches[1].rm_eo] = '\0'; - if((parm = strdup(lin + matches[1].rm_so)) == NULL) - conf_err("ID config: out of memory - aborted"); + if((svc->sess_parm = strdup(lin + matches[1].rm_so)) == NULL) { + logmsg(LOG_ERR, "line %d: ID config: out of memory - aborted", n_lin); + exit(1); + } } else if(!regexec(&End, lin, 4, matches, 0)) { - if(svc->sess_type == SESS_NONE) - conf_err("Session type not defined - aborted"); - if(svc->sess_ttl == 0) - conf_err("Session TTL not defined - aborted"); + if(svc->sess_type == SESS_NONE) { + logmsg(LOG_ERR, "line %d: Session type not defined - aborted", n_lin); + exit(1); + } + if(svc->sess_ttl == 0) { + logmsg(LOG_ERR, "line %d: Session TTL not defined - aborted", n_lin); + exit(1); + } if((svc->sess_type == SESS_COOKIE || svc->sess_type == SESS_URL || svc->sess_type == SESS_HEADER) - && parm == NULL) - conf_err("Session ID not defined - aborted"); + && svc->sess_parm == NULL) { + logmsg(LOG_ERR, "line %d: Session ID not defined - aborted", n_lin); + exit(1); + } if(svc->sess_type == SESS_COOKIE) { - snprintf(lin, MAXBUF - 1, "Cookie[^:]*:.*[ \t]%s=", parm); - if(regcomp(&svc->sess_start, lin, REG_ICASE | REG_NEWLINE | REG_EXTENDED)) - conf_err("COOKIE pattern failed - aborted"); - if(regcomp(&svc->sess_pat, "([^;]*)", REG_ICASE | REG_NEWLINE | REG_EXTENDED)) - conf_err("COOKIE pattern failed - aborted"); + snprintf(lin, MAXBUF - 1, "Cookie[^:]*:.*[ \t]%s=([^;]*)", svc->sess_parm); + if(regcomp(&svc->sess_pat, lin, REG_ICASE | REG_NEWLINE | REG_EXTENDED)) { + logmsg(LOG_ERR, "line %d: COOKIE pattern \"%s\" failed - aborted", n_lin, lin); + exit(1); + } } else if(svc->sess_type == SESS_URL) { - snprintf(lin, MAXBUF - 1, "[?&]%s=", parm); - if(regcomp(&svc->sess_start, lin, REG_ICASE | REG_NEWLINE | REG_EXTENDED)) - conf_err("URL pattern failed - aborted"); - if(regcomp(&svc->sess_pat, "([^&;#]*)", REG_ICASE | REG_NEWLINE | REG_EXTENDED)) - conf_err("URL pattern failed - aborted"); + snprintf(lin, MAXBUF - 1, "[?&]%s=([^&;#]*)", svc->sess_parm); + if(regcomp(&svc->sess_pat, lin, REG_ICASE | REG_NEWLINE | REG_EXTENDED)) { + logmsg(LOG_ERR, "line %d: URL pattern \"%s\" failed - aborted", n_lin, lin); + exit(1); + } } else if(svc->sess_type == SESS_PARM) { - if(regcomp(&svc->sess_start, ";", REG_ICASE | REG_NEWLINE | REG_EXTENDED)) - conf_err("PARM pattern failed - aborted"); - if(regcomp(&svc->sess_pat, "([^?]*)", REG_ICASE | REG_NEWLINE | REG_EXTENDED)) - conf_err("PARM pattern failed - aborted"); + snprintf(lin, MAXBUF - 1, ";([^?]*)"); + if(regcomp(&svc->sess_pat, lin, REG_ICASE | REG_NEWLINE | REG_EXTENDED)) { + logmsg(LOG_ERR, "line %d: PARM pattern \"%s\" failed - aborted", n_lin, lin); + exit(1); + } } else if(svc->sess_type == SESS_BASIC) { - if(regcomp(&svc->sess_start, "Authorization:[ \t]*Basic[ \t]*", REG_ICASE | REG_NEWLINE | REG_EXTENDED)) - conf_err("BASIC pattern failed - aborted"); - if(regcomp(&svc->sess_pat, "([^ \t]*)", REG_ICASE | REG_NEWLINE | REG_EXTENDED)) - conf_err("BASIC pattern failed - aborted"); + snprintf(lin, MAXBUF - 1, "Authorization:[ \t]*Basic[ \t]*([^ \t]*)[ \t]*"); + if(regcomp(&svc->sess_pat, lin, REG_ICASE | REG_NEWLINE | REG_EXTENDED)) { + logmsg(LOG_ERR, "line %d: BASIC pattern \"%s\" failed - aborted", n_lin, lin); + exit(1); + } } else if(svc->sess_type == SESS_HEADER) { - snprintf(lin, MAXBUF - 1, "%s:[ \t]*", parm); - if(regcomp(&svc->sess_start, lin, REG_ICASE | REG_NEWLINE | REG_EXTENDED)) - conf_err("HEADER pattern failed - aborted"); - if(regcomp(&svc->sess_pat, "([^ \t]*)", REG_ICASE | REG_NEWLINE | REG_EXTENDED)) - conf_err("HEADER pattern failed - aborted"); + snprintf(lin, MAXBUF - 1, "%s:[ \t]*([^ \t]*)[ \t]*", svc->sess_parm); + if(regcomp(&svc->sess_pat, lin, REG_ICASE | REG_NEWLINE | REG_EXTENDED)) { + logmsg(LOG_ERR, "line %d: HEADER pattern \"%s\" failed - aborted", n_lin, lin); + exit(1); + } } - if(parm != NULL) - free(parm); return; } else { - conf_err("unknown directive"); + logmsg(LOG_ERR, "line %d: unknown directive \"%s\" - aborted", n_lin, lin); + exit(1); } } - conf_err("Session premature EOF"); + logmsg(LOG_ERR, "line %d: Session premature EOF", n_lin); + exit(1); return; } @@ -444,86 +385,114 @@ * parse a service */ static SERVICE * -parse_service(const char *svc_name) +parse_service(FILE *const f_conf, const char *svc_name) { char lin[MAXBUF]; SERVICE *res; BACKEND *be; MATCHER *m; - int ign_case; - if((res = (SERVICE *)malloc(sizeof(SERVICE))) == NULL) - conf_err("Service config: out of memory - aborted"); + if((res = (SERVICE *)malloc(sizeof(SERVICE))) == NULL) { + logmsg(LOG_ERR, "line %d: Service config: out of memory - aborted", n_lin); + exit(1); + } memset(res, 0, sizeof(SERVICE)); res->sess_type = SESS_NONE; res->dynscale = dynscale; pthread_mutex_init(&res->mut, NULL); if(svc_name) strncpy(res->name, svc_name, KEY_SIZE); - if((res->sessions = lh_new(LHASH_HASH_FN(t_hash), LHASH_COMP_FN(t_cmp))) == NULL) - conf_err("lh_new failed - aborted"); - ign_case = ignore_case; - while(conf_fgets(lin, MAXBUF)) { + if((res->sessions = lh_new(LHASH_HASH_FN(t_hash), LHASH_COMP_FN(t_cmp))) == NULL) { + logmsg(LOG_ERR, "line %d: lh_new failed - aborted", n_lin); + exit(1); + } + while(fgets(lin, MAXBUF, f_conf)) { + n_lin++; if(strlen(lin) > 0 && lin[strlen(lin) - 1] == '\n') lin[strlen(lin) - 1] = '\0'; - if(!regexec(&URL, lin, 4, matches, 0)) { + if(!regexec(&Empty, lin, 4, matches, 0) || !regexec(&Comment, lin, 4, matches, 0)) { + /* comment or empty line */ + continue; + } else if(!regexec(&URL, lin, 4, matches, 0)) { if(res->url) { for(m = res->url; m->next; m = m->next) ; - if((m->next = (MATCHER *)malloc(sizeof(MATCHER))) == NULL) - conf_err("URL config: out of memory - aborted"); + if((m->next = (MATCHER *)malloc(sizeof(MATCHER))) == NULL) { + logmsg(LOG_ERR, "line %d: URL config: out of memory - aborted", n_lin); + exit(1); + } m = m->next; } else { - if((res->url = (MATCHER *)malloc(sizeof(MATCHER))) == NULL) - conf_err("URL config: out of memory - aborted"); + if((res->url = (MATCHER *)malloc(sizeof(MATCHER))) == NULL) { + logmsg(LOG_ERR, "line %d: URL config: out of memory - aborted", n_lin); + exit(1); + } m = res->url; } memset(m, 0, sizeof(MATCHER)); lin[matches[1].rm_eo] = '\0'; - if(regcomp(&m->pat, lin + matches[1].rm_so, REG_NEWLINE | REG_EXTENDED | (ign_case? REG_ICASE: 0))) - conf_err("URL bad pattern - aborted"); + if(regcomp(&m->pat, lin + matches[1].rm_so, REG_NEWLINE | REG_EXTENDED)) { + logmsg(LOG_ERR, "line %d: URL bad pattern \"%s\" - aborted", n_lin, lin + matches[1].rm_so); + exit(1); + } } else if(!regexec(&HeadRequire, lin, 4, matches, 0)) { if(res->req_head) { for(m = res->req_head; m->next; m = m->next) ; - if((m->next = (MATCHER *)malloc(sizeof(MATCHER))) == NULL) - conf_err("HeadRequire config: out of memory - aborted"); + if((m->next = (MATCHER *)malloc(sizeof(MATCHER))) == NULL) { + logmsg(LOG_ERR, "line %d: HeadRequire config: out of memory - aborted", n_lin); + exit(1); + } m = m->next; } else { - if((res->req_head = (MATCHER *)malloc(sizeof(MATCHER))) == NULL) - conf_err("HeadRequire config: out of memory - aborted"); + if((res->req_head = (MATCHER *)malloc(sizeof(MATCHER))) == NULL) { + logmsg(LOG_ERR, "line %d: HeadRequire config: out of memory - aborted", n_lin); + exit(1); + } m = res->req_head; } memset(m, 0, sizeof(MATCHER)); lin[matches[1].rm_eo] = '\0'; - if(regcomp(&m->pat, lin + matches[1].rm_so, REG_ICASE | REG_NEWLINE | REG_EXTENDED)) - conf_err("HeadRequire bad pattern - aborted"); + if(regcomp(&m->pat, lin + matches[1].rm_so, REG_ICASE | REG_NEWLINE | REG_EXTENDED)) { + logmsg(LOG_ERR, "line %d: HeadRequire bad pattern \"%s\" - aborted", n_lin, lin + matches[1].rm_so); + exit(1); + } } else if(!regexec(&HeadDeny, lin, 4, matches, 0)) { if(res->deny_head) { for(m = res->deny_head; m->next; m = m->next) ; - if((m->next = (MATCHER *)malloc(sizeof(MATCHER))) == NULL) - conf_err("HeadDeny config: out of memory - aborted"); + if((m->next = (MATCHER *)malloc(sizeof(MATCHER))) == NULL) { + logmsg(LOG_ERR, "line %d: HeadDeny config: out of memory - aborted", n_lin); + exit(1); + } m = m->next; } else { - if((res->deny_head = (MATCHER *)malloc(sizeof(MATCHER))) == NULL) - conf_err("HeadDeny config: out of memory - aborted"); + if((res->deny_head = (MATCHER *)malloc(sizeof(MATCHER))) == NULL) { + logmsg(LOG_ERR, "line %d: HeadDeny config: out of memory - aborted", n_lin); + exit(1); + } m = res->deny_head; } memset(m, 0, sizeof(MATCHER)); lin[matches[1].rm_eo] = '\0'; - if(regcomp(&m->pat, lin + matches[1].rm_so, REG_ICASE | REG_NEWLINE | REG_EXTENDED)) - conf_err("HeadDeny bad pattern - aborted"); + if(regcomp(&m->pat, lin + matches[1].rm_so, REG_ICASE | REG_NEWLINE | REG_EXTENDED)) { + logmsg(LOG_ERR, "line %d: HeadDeny bad pattern \"%s\" - aborted", n_lin, lin + matches[1].rm_so); + exit(1); + } } else if(!regexec(&Redirect, lin, 4, matches, 0)) { if(res->backends) { for(be = res->backends; be->next; be = be->next) ; - if((be->next = (BACKEND *)malloc(sizeof(BACKEND))) == NULL) - conf_err("Redirect config: out of memory - aborted"); + if((be->next = (BACKEND *)malloc(sizeof(BACKEND))) == NULL) { + logmsg(LOG_ERR, "line %d: Redirect config: out of memory - aborted", n_lin); + exit(1); + } be = be->next; } else { - if((res->backends = (BACKEND *)malloc(sizeof(BACKEND))) == NULL) - conf_err("Redirect config: out of memory - aborted"); + if((res->backends = (BACKEND *)malloc(sizeof(BACKEND))) == NULL) { + logmsg(LOG_ERR, "line %d: Redirect config: out of memory - aborted", n_lin); + exit(1); + } be = res->backends; } memset(be, 0, sizeof(BACKEND)); @@ -532,24 +501,33 @@ be->alive = 1; pthread_mutex_init(&res->mut, NULL); lin[matches[1].rm_eo] = '\0'; - if((be->url = strdup(lin + matches[1].rm_so)) == NULL) - conf_err("Redirector config: out of memory - aborted"); + if((be->url = strdup(lin + matches[1].rm_so)) == NULL) { + logmsg(LOG_ERR, "line %d: Redirector config: out of memory - aborted", n_lin); + exit(1); + } /* split the URL into its fields */ - if(regexec(&LOCATION, be->url, 4, matches, 0)) - conf_err("Redirect bad URL - aborted"); - if((be->redir_req = matches[3].rm_eo - matches[3].rm_so) == 1) - /* the path is a single '/', so remove it */ - be->url[matches[3].rm_so] = '\0'; + if(regexec(&LOCATION, be->url, 4, matches, 0)) { + logmsg(LOG_ERR, "line %d: Redirect bad URL \"%s\" - aborted", n_lin, be->url); + exit(1); + } + if(be->url[matches[3].rm_so] == '/') + matches[3].rm_so++; + /* if the path component is empty or a sigle slash */ + be->redir_req = ((matches[3].rm_eo - matches[3].rm_so) < 1); } else if(!regexec(&RedirectN, lin, 4, matches, 0)) { if(res->backends) { for(be = res->backends; be->next; be = be->next) ; - if((be->next = (BACKEND *)malloc(sizeof(BACKEND))) == NULL) - conf_err("Redirect config: out of memory - aborted"); + if((be->next = (BACKEND *)malloc(sizeof(BACKEND))) == NULL) { + logmsg(LOG_ERR, "line %d: Redirect config: out of memory - aborted", n_lin); + exit(1); + } be = be->next; } else { - if((res->backends = (BACKEND *)malloc(sizeof(BACKEND))) == NULL) - conf_err("Redirect config: out of memory - aborted"); + if((res->backends = (BACKEND *)malloc(sizeof(BACKEND))) == NULL) { + logmsg(LOG_ERR, "line %d: Redirect config: out of memory - aborted", n_lin); + exit(1); + } be = res->backends; } memset(be, 0, sizeof(BACKEND)); @@ -558,25 +536,30 @@ be->alive = 1; pthread_mutex_init(&res->mut, NULL); lin[matches[2].rm_eo] = '\0'; - if((be->url = strdup(lin + matches[2].rm_so)) == NULL) - conf_err("Redirector config: out of memory - aborted"); + if((be->url = strdup(lin + matches[2].rm_so)) == NULL) { + logmsg(LOG_ERR, "line %d: Redirector config: out of memory - aborted", n_lin); + exit(1); + } /* split the URL into its fields */ - if(regexec(&LOCATION, be->url, 4, matches, 0)) - conf_err("Redirect bad URL - aborted"); - if((be->redir_req = matches[3].rm_eo - matches[3].rm_so) == 1) - /* the path is a single '/', so remove it */ - be->url[matches[3].rm_so] = '\0'; + if(regexec(&LOCATION, be->url, 4, matches, 0)) { + logmsg(LOG_ERR, "line %d: Redirect bad URL \"%s\" - aborted", n_lin, be->url); + exit(1); + } + if(be->url[matches[3].rm_so] == '/') + matches[3].rm_so++; + /* if the path component is empty or a sigle slash */ + be->redir_req = ((matches[3].rm_eo - matches[3].rm_so) < 1); } else if(!regexec(&BackEnd, lin, 4, matches, 0)) { if(res->backends) { for(be = res->backends; be->next; be = be->next) ; - be->next = parse_be(0); + be->next = parse_be(f_conf, 0); } else - res->backends = parse_be(0); + res->backends = parse_be(f_conf, 0); } else if(!regexec(&Emergency, lin, 4, matches, 0)) { - res->emergency = parse_be(1); + res->emergency = parse_be(f_conf, 1); } else if(!regexec(&Session, lin, 4, matches, 0)) { - parse_sess(res); + parse_sess(f_conf, res); } else if(!regexec(&End, lin, 4, matches, 0)) { for(be = res->backends; be; be = be->next) res->tot_pri += be->priority; @@ -584,14 +567,14 @@ return res; } else if(!regexec(&DynScale, lin, 4, matches, 0)) { res->dynscale = atoi(lin + matches[1].rm_so); - } else if(!regexec(&IgnoreCase, lin, 4, matches, 0)) { - ign_case = atoi(lin + matches[1].rm_so); } else { - conf_err("unknown directive"); + logmsg(LOG_ERR, "line %d: unknown directive \"%s\" - aborted", n_lin, lin); + exit(1); } } - conf_err("Service premature EOF"); + logmsg(LOG_ERR, "line %d: Service premature EOF", n_lin); + exit(1); return NULL; } @@ -605,14 +588,22 @@ struct stat st; int fin; - if(stat(fname, &st)) - conf_err("can't stat Err file - aborted"); - if((fin = open(fname, O_RDONLY)) < 0) - conf_err("can't open Err file - aborted"); - if((res = malloc(st.st_size + 1)) == NULL) - conf_err("can't alloc Err file (out of memory) - aborted"); - if(read(fin, res, st.st_size) != st.st_size) - conf_err("can't read Err file - aborted"); + if(stat(fname, &st)) { + logmsg(LOG_ERR, "line %d: can't stat Err file \"%s\" (%s) - aborted", n_lin, fname, strerror(errno)); + exit(1); + } + if((fin = open(fname, O_RDONLY)) < 0) { + logmsg(LOG_ERR, "line %d: can't open Err file \"%s\" (%s) - aborted", n_lin, fname, strerror(errno)); + exit(1); + } + if((res = malloc(st.st_size + 1)) == NULL) { + logmsg(LOG_ERR, "line %d: can't alloc Err file \"%s\" (out of memory) - aborted", n_lin, fname); + exit(1); + } + if(read(fin, res, st.st_size) != st.st_size) { + logmsg(LOG_ERR, "line %d: can't read Err file \"%s\" (%s) - aborted", n_lin, fname, strerror(errno)); + exit(1); + } res[st.st_size] = '\0'; close(fin); return res; @@ -622,7 +613,7 @@ * parse an HTTP listener */ static LISTENER * -parse_HTTP(void) +parse_HTTP(FILE *const f_conf) { char lin[MAXBUF]; LISTENER *res; @@ -632,8 +623,10 @@ struct sockaddr_in in; struct sockaddr_in6 in6; - if((res = (LISTENER *)malloc(sizeof(LISTENER))) == NULL) - conf_err("ListenHTTP config: out of memory - aborted"); + if((res = (LISTENER *)malloc(sizeof(LISTENER))) == NULL) { + logmsg(LOG_ERR, "line %d: ListenHTTP config: out of memory - aborted", n_lin); + exit(1); + } memset(res, 0, sizeof(LISTENER)); res->to = clnt_to; res->rewr_loc = 1; @@ -642,18 +635,28 @@ res->err501 = "This method may not be used."; res->err503 = "The service is not available. Please try again later."; res->log_level = log_level; - if(regcomp(&res->verb, xhttp[0], REG_ICASE | REG_NEWLINE | REG_EXTENDED)) - conf_err("xHTTP bad default pattern - aborted"); + if(regcomp(&res->verb, xhttp[0], REG_ICASE | REG_NEWLINE | REG_EXTENDED)) { + logmsg(LOG_ERR, "line %d: xHTTP bad default pattern - aborted", n_lin); + exit(1); + } has_addr = has_port = 0; - while(conf_fgets(lin, MAXBUF)) { + while(fgets(lin, MAXBUF, f_conf)) { + n_lin++; if(strlen(lin) > 0 && lin[strlen(lin) - 1] == '\n') lin[strlen(lin) - 1] = '\0'; - if(!regexec(&Address, lin, 4, matches, 0)) { + if(!regexec(&Empty, lin, 4, matches, 0) || !regexec(&Comment, lin, 4, matches, 0)) { + /* comment or empty line */ + continue; + } else if(!regexec(&Address, lin, 4, matches, 0)) { lin[matches[1].rm_eo] = '\0'; - if(get_host(lin + matches[1].rm_so, &res->addr)) - conf_err("Unknown Listener address"); - if(res->addr.ai_family != AF_INET && res->addr.ai_family != AF_INET6) - conf_err("Unknown Listener address family"); + if(get_host(lin + matches[1].rm_so, &res->addr)) { + logmsg(LOG_ERR, "line %d: Unknown Listener address \"%s\"", n_lin, lin + matches[1].rm_so); + exit(1); + } + if(res->addr.ai_family != AF_INET && res->addr.ai_family != AF_INET6) { + logmsg(LOG_ERR, "line %d: Unknown Listener address family %d", n_lin, res->addr.ai_family); + exit(1); + } has_addr = 1; } else if(!regexec(&Port, lin, 4, matches, 0)) { switch(res->addr.ai_family) { @@ -668,7 +671,8 @@ memcpy(res->addr.ai_addr, &in6, sizeof(in6)); break; default: - conf_err("Unknown Listener address family"); + logmsg(LOG_ERR, "line %d: Unknown Listener address family %d", n_lin, res->addr.ai_family); + exit(1); } has_port = 1; } else if(!regexec(&xHTTP, lin, 4, matches, 0)) { @@ -676,16 +680,22 @@ n = atoi(lin + matches[1].rm_so); regfree(&res->verb); - if(regcomp(&res->verb, xhttp[n], REG_ICASE | REG_NEWLINE | REG_EXTENDED)) - conf_err("xHTTP bad pattern - aborted"); + if(regcomp(&res->verb, xhttp[n], REG_ICASE | REG_NEWLINE | REG_EXTENDED)) { + logmsg(LOG_ERR, "line %d: xHTTP bad pattern %d - aborted", n_lin, n); + exit(1); + } } else if(!regexec(&Client, lin, 4, matches, 0)) { res->to = atoi(lin + matches[1].rm_so); } else if(!regexec(&CheckURL, lin, 4, matches, 0)) { - if(res->has_pat) - conf_err("CheckURL multiple pattern - aborted"); + if(res->has_pat) { + logmsg(LOG_ERR, "line %d: CheckURL multiple pattern - aborted", n_lin); + exit(1); + } lin[matches[1].rm_eo] = '\0'; - if(regcomp(&res->url_pat, lin + matches[1].rm_so, REG_NEWLINE | REG_EXTENDED)) - conf_err("CheckURL bad pattern - aborted"); + if(regcomp(&res->url_pat, lin + matches[1].rm_so, REG_NEWLINE | REG_EXTENDED)) { + logmsg(LOG_ERR, "line %d: CheckURL bad pattern \"%s\" - aborted", n_lin, lin + matches[1].rm_so); + exit(1); + } res->has_pat = 1; } else if(!regexec(&Err414, lin, 4, matches, 0)) { lin[matches[1].rm_eo] = '\0'; @@ -705,22 +715,30 @@ if(res->head_off) { for(m = res->head_off; m->next; m = m->next) ; - if((m->next = (MATCHER *)malloc(sizeof(MATCHER))) == NULL) - conf_err("HeadRemove config: out of memory - aborted"); + if((m->next = (MATCHER *)malloc(sizeof(MATCHER))) == NULL) { + logmsg(LOG_ERR, "line %d: HeadRemove config: out of memory - aborted", n_lin); + exit(1); + } m = m->next; } else { - if((res->head_off = (MATCHER *)malloc(sizeof(MATCHER))) == NULL) - conf_err("HeadRemove config: out of memory - aborted"); + if((res->head_off = (MATCHER *)malloc(sizeof(MATCHER))) == NULL) { + logmsg(LOG_ERR, "line %d: HeadRemove config: out of memory - aborted", n_lin); + exit(1); + } m = res->head_off; } memset(m, 0, sizeof(MATCHER)); lin[matches[1].rm_eo] = '\0'; - if(regcomp(&m->pat, lin + matches[1].rm_so, REG_ICASE | REG_NEWLINE | REG_EXTENDED)) - conf_err("HeadRemove bad pattern - aborted"); + if(regcomp(&m->pat, lin + matches[1].rm_so, REG_ICASE | REG_NEWLINE | REG_EXTENDED)) { + logmsg(LOG_ERR, "line %d: HeadRemove bad pattern \"%s\" - aborted", n_lin, lin + matches[1].rm_so); + exit(1); + } } else if(!regexec(&AddHeader, lin, 4, matches, 0)) { lin[matches[1].rm_eo] = '\0'; - if((res->add_head = strdup(lin + matches[1].rm_so)) == NULL) - conf_err("AddHeader config: out of memory - aborted"); + if((res->add_head = strdup(lin + matches[1].rm_so)) == NULL) { + logmsg(LOG_ERR, "line %d: AddHeader config: out of memory - aborted", n_lin); + exit(1); + } } else if(!regexec(&RewriteLocation, lin, 4, matches, 0)) { res->rewr_loc = atoi(lin + matches[1].rm_so); } else if(!regexec(&RewriteDestination, lin, 4, matches, 0)) { @@ -729,31 +747,35 @@ res->log_level = atoi(lin + matches[1].rm_so); } else if(!regexec(&Service, lin, 4, matches, 0)) { if(res->services == NULL) - res->services = parse_service(NULL); + res->services = parse_service(f_conf, NULL); else { for(svc = res->services; svc->next; svc = svc->next) ; - svc->next = parse_service(NULL); + svc->next = parse_service(f_conf, NULL); } } else if(!regexec(&ServiceName, lin, 4, matches, 0)) { lin[matches[1].rm_eo] = '\0'; if(res->services == NULL) - res->services = parse_service(lin + matches[1].rm_so); + res->services = parse_service(f_conf, lin + matches[1].rm_so); else { for(svc = res->services; svc->next; svc = svc->next) ; - svc->next = parse_service(lin + matches[1].rm_so); + svc->next = parse_service(f_conf, lin + matches[1].rm_so); } } else if(!regexec(&End, lin, 4, matches, 0)) { - if(!has_addr || !has_port) - conf_err("ListenHTTP missing Address or Port - aborted"); + if(!has_addr || !has_port) { + logmsg(LOG_ERR, "line %d: ListenHTTP missing Address or Port - aborted", n_lin); + exit(1); + } return res; } else { - conf_err("unknown directive - aborted"); + logmsg(LOG_ERR, "line %d: unknown directive \"%s\" - aborted", n_lin, lin); + exit(1); } } - conf_err("ListenHTTP premature EOF"); + logmsg(LOG_ERR, "line %d: ListenHTTP premature EOF", n_lin); + exit(1); return NULL; } /* @@ -769,7 +791,7 @@ * parse an HTTPS listener */ static LISTENER * -parse_HTTPS(void) +parse_HTTPS(FILE *const f_conf) { char lin[MAXBUF]; LISTENER *res; @@ -780,11 +802,15 @@ struct sockaddr_in in; struct sockaddr_in6 in6; - if((res = (LISTENER *)malloc(sizeof(LISTENER))) == NULL) - conf_err("ListenHTTPS config: out of memory - aborted"); + if((res = (LISTENER *)malloc(sizeof(LISTENER))) == NULL) { + logmsg(LOG_ERR, "line %d: ListenHTTPS config: out of memory - aborted", n_lin); + exit(1); + } memset(res, 0, sizeof(LISTENER)); - if((res->ctx = SSL_CTX_new(SSLv23_server_method())) == NULL) - conf_err("SSL_CTX_new failed - aborted"); + if((res->ctx = SSL_CTX_new(SSLv23_server_method())) == NULL) { + logmsg(LOG_ERR, "line %d: SSL_CTX_new failed - aborted", n_lin); + exit(1); + } res->to = clnt_to; res->rewr_loc = 1; @@ -793,18 +819,28 @@ res->err501 = "This method may not be used."; res->err503 = "The service is not available. Please try again later."; res->log_level = log_level; - if(regcomp(&res->verb, xhttp[0], REG_ICASE | REG_NEWLINE | REG_EXTENDED)) - conf_err("xHTTP bad default pattern - aborted"); + if(regcomp(&res->verb, xhttp[0], REG_ICASE | REG_NEWLINE | REG_EXTENDED)) { + logmsg(LOG_ERR, "line %d: xHTTP bad default pattern - aborted", n_lin); + exit(1); + } has_addr = has_port = has_cert = 0; - while(conf_fgets(lin, MAXBUF)) { + while(fgets(lin, MAXBUF, f_conf)) { + n_lin++; if(strlen(lin) > 0 && lin[strlen(lin) - 1] == '\n') lin[strlen(lin) - 1] = '\0'; - if(!regexec(&Address, lin, 4, matches, 0)) { + if(!regexec(&Empty, lin, 4, matches, 0) || !regexec(&Comment, lin, 4, matches, 0)) { + /* comment or empty line */ + continue; + } else if(!regexec(&Address, lin, 4, matches, 0)) { lin[matches[1].rm_eo] = '\0'; - if(get_host(lin + matches[1].rm_so, &res->addr)) - conf_err("Unknown Listener address"); - if(res->addr.ai_family != AF_INET && res->addr.ai_family != AF_INET6) - conf_err("Unknown Listener address family"); + if(get_host(lin + matches[1].rm_so, &res->addr)) { + logmsg(LOG_ERR, "line %d: Unknown Listener address \"%s\"", n_lin, lin + matches[1].rm_so); + exit(1); + } + if(res->addr.ai_family != AF_INET && res->addr.ai_family != AF_INET6) { + logmsg(LOG_ERR, "line %d: Unknown Listener address family %d", n_lin, res->addr.ai_family); + exit(1); + } has_addr = 1; } else if(!regexec(&Port, lin, 4, matches, 0)) { if(res->addr.ai_family == AF_INET) { @@ -822,16 +858,22 @@ n = atoi(lin + matches[1].rm_so); regfree(&res->verb); - if(regcomp(&res->verb, xhttp[n], REG_ICASE | REG_NEWLINE | REG_EXTENDED)) - conf_err("xHTTP bad pattern - aborted"); + if(regcomp(&res->verb, xhttp[n], REG_ICASE | REG_NEWLINE | REG_EXTENDED)) { + logmsg(LOG_ERR, "line %d: xHTTP bad pattern %d - aborted", n_lin, n); + exit(1); + } } else if(!regexec(&Client, lin, 4, matches, 0)) { res->to = atoi(lin + matches[1].rm_so); } else if(!regexec(&CheckURL, lin, 4, matches, 0)) { - if(res->has_pat) - conf_err("CheckURL multiple pattern - aborted"); + if(res->has_pat) { + logmsg(LOG_ERR, "line %d: CheckURL multiple pattern - aborted", n_lin); + exit(1); + } lin[matches[1].rm_eo] = '\0'; - if(regcomp(&res->url_pat, lin + matches[1].rm_so, REG_NEWLINE | REG_EXTENDED)) - conf_err("CheckURL bad pattern - aborted"); + if(regcomp(&res->url_pat, lin + matches[1].rm_so, REG_NEWLINE | REG_EXTENDED)) { + logmsg(LOG_ERR, "line %d: CheckURL bad pattern \"%s\" - aborted", n_lin, lin + matches[1].rm_so); + exit(1); + } res->has_pat = 1; } else if(!regexec(&Err414, lin, 4, matches, 0)) { lin[matches[1].rm_eo] = '\0'; @@ -851,18 +893,24 @@ if(res->head_off) { for(m = res->head_off; m->next; m = m->next) ; - if((m->next = (MATCHER *)malloc(sizeof(MATCHER))) == NULL) - conf_err("HeadRemove config: out of memory - aborted"); + if((m->next = (MATCHER *)malloc(sizeof(MATCHER))) == NULL) { + logmsg(LOG_ERR, "line %d: HeadRemove config: out of memory - aborted", n_lin); + exit(1); + } m = m->next; } else { - if((res->head_off = (MATCHER *)malloc(sizeof(MATCHER))) == NULL) - conf_err("HeadRemove config: out of memory - aborted"); + if((res->head_off = (MATCHER *)malloc(sizeof(MATCHER))) == NULL) { + logmsg(LOG_ERR, "line %d: HeadRemove config: out of memory - aborted", n_lin); + exit(1); + } m = res->head_off; } memset(m, 0, sizeof(MATCHER)); lin[matches[1].rm_eo] = '\0'; - if(regcomp(&m->pat, lin + matches[1].rm_so, REG_ICASE | REG_NEWLINE | REG_EXTENDED)) - conf_err("HeadRemove bad pattern - aborted"); + if(regcomp(&m->pat, lin + matches[1].rm_so, REG_ICASE | REG_NEWLINE | REG_EXTENDED)) { + logmsg(LOG_ERR, "line %d: HeadRemove bad pattern \"%s\" - aborted", n_lin, lin + matches[1].rm_so); + exit(1); + } } else if(!regexec(&RewriteLocation, lin, 4, matches, 0)) { res->rewr_loc = atoi(lin + matches[1].rm_so); } else if(!regexec(&RewriteDestination, lin, 4, matches, 0)) { @@ -871,12 +919,24 @@ res->log_level = atoi(lin + matches[1].rm_so); } else if(!regexec(&Cert, lin, 4, matches, 0)) { lin[matches[1].rm_eo] = '\0'; - if(SSL_CTX_use_certificate_chain_file(res->ctx, lin + matches[1].rm_so) != 1) - conf_err("SSL_CTX_use_certificate_chain_file failed - aborted"); - if(SSL_CTX_use_PrivateKey_file(res->ctx, lin + matches[1].rm_so, SSL_FILETYPE_PEM) != 1) - conf_err("SSL_CTX_use_PrivateKey_file failed - aborted"); - if(SSL_CTX_check_private_key(res->ctx) != 1) - conf_err("SSL_CTX_check_private_key failed - aborted"); + if(SSL_CTX_use_certificate_chain_file(res->ctx, lin + matches[1].rm_so) != 1) { + logmsg(LOG_ERR, "line %d: SSL_CTX_use_certificate_chain_file \"%s\" failed - aborted", n_lin, + lin + matches[1].rm_so); + logmsg(LOG_ERR, "%s", ERR_error_string(ERR_get_error(), NULL)); + exit(1); + } + if(SSL_CTX_use_PrivateKey_file(res->ctx, lin + matches[1].rm_so, SSL_FILETYPE_PEM) != 1) { + logmsg(LOG_ERR, "line %d: SSL_CTX_use_PrivateKey_file \"%s\" failed - aborted", n_lin, + lin + matches[1].rm_so); + logmsg(LOG_ERR, "%s", ERR_error_string(ERR_get_error(), NULL)); + exit(1); + } + if(SSL_CTX_check_private_key(res->ctx) != 1) { + logmsg(LOG_ERR, "line %d: SSL_CTX_check_private_key \"%s\" failed - aborted", n_lin, + lin + matches[1].rm_so); + logmsg(LOG_ERR, "%s", ERR_error_string(ERR_get_error(), NULL)); + exit(1); + } has_cert = 1; } else if(!regexec(&ClientCert, lin, 4, matches, 0)) { switch(res->clnt_check = atoi(lin + matches[1].rm_so)) { @@ -902,8 +962,10 @@ } } else if(!regexec(&AddHeader, lin, 4, matches, 0)) { lin[matches[1].rm_eo] = '\0'; - if((res->add_head = strdup(lin + matches[1].rm_so)) == NULL) - conf_err("AddHeader config: out of memory - aborted"); + if((res->add_head = strdup(lin + matches[1].rm_so)) == NULL) { + logmsg(LOG_ERR, "line %d: AddHeader config: out of memory - aborted", n_lin); + exit(1); + } } else if(!regexec(&Ciphers, lin, 4, matches, 0)) { lin[matches[1].rm_eo] = '\0'; SSL_CTX_set_cipher_list(res->ctx, lin + matches[1].rm_so); @@ -911,13 +973,21 @@ STACK_OF(X509_NAME) *cert_names; lin[matches[1].rm_eo] = '\0'; - if((cert_names = SSL_load_client_CA_file(lin + matches[1].rm_so)) == NULL) - conf_err("SSL_load_client_CA_file failed - aborted"); + if((cert_names = SSL_load_client_CA_file(lin + matches[1].rm_so)) == NULL) { + logmsg(LOG_ERR, "line %d: SSL_load_client_CA_file \"%s\" failed - aborted", n_lin, + lin + matches[1].rm_so); + logmsg(LOG_ERR, "%s", ERR_error_string(ERR_get_error(), NULL)); + exit(1); + } SSL_CTX_set_client_CA_list(res->ctx, cert_names); } else if(!regexec(&VerifyList, lin, 4, matches, 0)) { lin[matches[1].rm_eo] = '\0'; - if(SSL_CTX_load_verify_locations(res->ctx, lin + matches[1].rm_so, NULL) != 1) - conf_err("SSL_CTX_load_verify_locations failed - aborted"); + if(SSL_CTX_load_verify_locations(res->ctx, lin + matches[1].rm_so, NULL) != 1) { + logmsg(LOG_ERR, "line %d: SSL_CTX_load_verify_locations \"%s\" failed - aborted", n_lin, + lin + matches[1].rm_so); + logmsg(LOG_ERR, "%s", ERR_error_string(ERR_get_error(), NULL)); + exit(1); + } } else if(!regexec(&CRLlist, lin, 4, matches, 0)) { #if HAVE_X509_STORE_SET_FLAGS X509_STORE *store; @@ -925,51 +995,61 @@ lin[matches[1].rm_eo] = '\0'; store = SSL_CTX_get_cert_store(res->ctx); - if((lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file())) == NULL) - conf_err("X509_STORE_add_lookup failed - aborted"); - if(X509_load_crl_file(lookup, lin + matches[1].rm_so, X509_FILETYPE_PEM) != 1) - conf_err("X509_load_crl_file failed - aborted"); + if((lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file())) == NULL) { + logmsg(LOG_ERR, "line %d: X509_STORE_add_lookup \"%s\" failed - aborted", n_lin, + lin + matches[1].rm_so); + logmsg(LOG_ERR, "%s", ERR_error_string(ERR_get_error(), NULL)); + exit(1); + } + if(X509_load_crl_file(lookup, lin + matches[1].rm_so, X509_FILETYPE_PEM) != 1) { + logmsg(LOG_ERR, "line %d: X509_load_crl_file \"%s\" failed - aborted", n_lin, lin + matches[1].rm_so); + logmsg(LOG_ERR, "%s", ERR_error_string(ERR_get_error(), NULL)); + exit(1); + } X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL); #else - conf_err("your version of OpenSSL does not support CRL checking"); + logmsg(LOG_ERR, "line %d: your version of OpenSSL does not support CRL checking", n_lin); #endif } else if(!regexec(&NoHTTPS11, lin, 4, matches, 0)) { res->noHTTPS11 = atoi(lin + matches[1].rm_so); } else if(!regexec(&Service, lin, 4, matches, 0)) { if(res->services == NULL) - res->services = parse_service(NULL); + res->services = parse_service(f_conf, NULL); else { for(svc = res->services; svc->next; svc = svc->next) ; - svc->next = parse_service(NULL); + svc->next = parse_service(f_conf, NULL); } } else if(!regexec(&ServiceName, lin, 4, matches, 0)) { lin[matches[1].rm_eo] = '\0'; if(res->services == NULL) - res->services = parse_service(lin + matches[1].rm_so); + res->services = parse_service(f_conf, lin + matches[1].rm_so); else { for(svc = res->services; svc->next; svc = svc->next) ; - svc->next = parse_service(lin + matches[1].rm_so); + svc->next = parse_service(f_conf, lin + matches[1].rm_so); } } else if(!regexec(&End, lin, 4, matches, 0)) { X509_STORE *store; - if(!has_addr || !has_port || !has_cert) - conf_err("ListenHTTPS missing Address, Port or Certificate - aborted"); + if(!has_addr || !has_port || !has_cert) { + logmsg(LOG_ERR, "line %d: ListenHTTPS missing Address, Port or Certificate - aborted", n_lin); + exit(1); + } SSL_CTX_set_mode(res->ctx, SSL_MODE_AUTO_RETRY); SSL_CTX_set_options(res->ctx, SSL_OP_ALL); sprintf(lin, "%d-Pound-%ld", getpid(), random()); SSL_CTX_set_session_id_context(res->ctx, (unsigned char *)lin, strlen(lin)); SSL_CTX_set_tmp_rsa_callback(res->ctx, RSA_tmp_callback); - SSL_CTX_set_tmp_dh_callback(res->ctx, DH_tmp_callback); return res; } else { - conf_err("unknown directive"); + logmsg(LOG_ERR, "line %d: unknown directive \"%s\" - aborted", n_lin, lin); + exit(1); } } - conf_err("ListenHTTPS premature EOF"); + logmsg(LOG_ERR, "line %d: ListenHTTPS premature EOF", n_lin); + exit(1); return NULL; } @@ -977,7 +1057,7 @@ * parse the config file */ static void -parse_file(void) +parse_file(FILE *const f_conf) { char lin[MAXBUF]; SERVICE *svc; @@ -987,21 +1067,31 @@ ENGINE *e; #endif - while(conf_fgets(lin, MAXBUF)) { + while(fgets(lin, MAXBUF, f_conf)) { + n_lin++; if(strlen(lin) > 0 && lin[strlen(lin) - 1] == '\n') lin[strlen(lin) - 1] = '\0'; - if(!regexec(&User, lin, 4, matches, 0)) { + if(!regexec(&Empty, lin, 4, matches, 0) || !regexec(&Comment, lin, 4, matches, 0)) { + /* comment or empty line */ + continue; + } else if(!regexec(&User, lin, 4, matches, 0)) { lin[matches[1].rm_eo] = '\0'; - if((user = strdup(lin + matches[1].rm_so)) == NULL) - conf_err("User config: out of memory - aborted"); + if((user = strdup(lin + matches[1].rm_so)) == NULL) { + logmsg(LOG_ERR, "line %d: User config: out of memory - aborted", n_lin); + exit(1); + } } else if(!regexec(&Group, lin, 4, matches, 0)) { lin[matches[1].rm_eo] = '\0'; - if((group = strdup(lin + matches[1].rm_so)) == NULL) - conf_err("Group config: out of memory - aborted"); + if((group = strdup(lin + matches[1].rm_so)) == NULL) { + logmsg(LOG_ERR, "line %d: Group config: out of memory - aborted", n_lin); + exit(1); + } } else if(!regexec(&RootJail, lin, 4, matches, 0)) { lin[matches[1].rm_eo] = '\0'; - if((root_jail = strdup(lin + matches[1].rm_so)) == NULL) - conf_err("RootJail config: out of memory - aborted"); + if((root_jail = strdup(lin + matches[1].rm_so)) == NULL) { + logmsg(LOG_ERR, "line %d: RootJail config: out of memory - aborted", n_lin); + exit(1); + } } else if(!regexec(&Daemon, lin, 4, matches, 0)) { daemonize = atoi(lin + matches[1].rm_so); } else if(!regexec(&LogFacility, lin, 4, matches, 0)) { @@ -1026,69 +1116,72 @@ dynscale = atoi(lin + matches[1].rm_so); } else if(!regexec(&TimeOut, lin, 4, matches, 0)) { be_to = atoi(lin + matches[1].rm_so); - } else if(!regexec(&ConnTO, lin, 4, matches, 0)) { - be_connto = atoi(lin + matches[1].rm_so); - } else if(!regexec(&IgnoreCase, lin, 4, matches, 0)) { - ignore_case = atoi(lin + matches[1].rm_so); #if HAVE_OPENSSL_ENGINE_H } else if(!regexec(&SSLEngine, lin, 4, matches, 0)) { lin[matches[1].rm_eo] = '\0'; #if OPENSSL_VERSION_NUMBER >= 0x00907000L ENGINE_load_builtin_engines(); #endif - if (!(e = ENGINE_by_id(lin + matches[1].rm_so))) - conf_err("could not find engine"); + if (!(e = ENGINE_by_id(lin + matches[1].rm_so))) { + logmsg(LOG_ERR, "line %d: could not find %s engine", n_lin, lin + matches[1].rm_so); + exit(1); + } if(!ENGINE_init(e)) { ENGINE_free(e); - conf_err("could not init engine"); + logmsg(LOG_ERR, "line %d: could not init %s engine", n_lin, lin + matches[1].rm_so); + exit(1); } if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) { ENGINE_free(e); - conf_err("could not set all defaults"); + logmsg(LOG_ERR, "line %d: could not set all defaults", n_lin); + exit(1); } ENGINE_finish(e); ENGINE_free(e); #endif } else if(!regexec(&Control, lin, 4, matches, 0)) { - if(ctrl_name != NULL) - conf_err("Control multiply defined - aborted"); + if(ctrl_name != NULL) { + logmsg(LOG_ERR, "line %d: Control multiply defined - aborted", n_lin); + exit(1); + } lin[matches[1].rm_eo] = '\0'; ctrl_name = strdup(lin + matches[1].rm_so); } else if(!regexec(&ListenHTTP, lin, 4, matches, 0)) { if(listeners == NULL) - listeners = parse_HTTP(); + listeners = parse_HTTP(f_conf); else { for(lstn = listeners; lstn->next; lstn = lstn->next) ; - lstn->next = parse_HTTP(); + lstn->next = parse_HTTP(f_conf); } } else if(!regexec(&ListenHTTPS, lin, 4, matches, 0)) { if(listeners == NULL) - listeners = parse_HTTPS(); + listeners = parse_HTTPS(f_conf); else { for(lstn = listeners; lstn->next; lstn = lstn->next) ; - lstn->next = parse_HTTPS(); + lstn->next = parse_HTTPS(f_conf); } } else if(!regexec(&Service, lin, 4, matches, 0)) { if(services == NULL) - services = parse_service(NULL); + services = parse_service(f_conf, NULL); else { for(svc = services; svc->next; svc = svc->next) ; - svc->next = parse_service(NULL); + svc->next = parse_service(f_conf, NULL); } } else if(!regexec(&ServiceName, lin, 4, matches, 0)) { lin[matches[1].rm_eo] = '\0'; if(services == NULL) - services = parse_service(lin + matches[1].rm_so); + services = parse_service(f_conf, lin + matches[1].rm_so); else { for(svc = services; svc->next; svc = svc->next) ; - svc->next = parse_service(lin + matches[1].rm_so); + svc->next = parse_service(f_conf, lin + matches[1].rm_so); } } else { - conf_err("unknown directive - aborted"); + logmsg(LOG_ERR, "line %d: unknown directive \"%s\" - aborted", n_lin, lin); + exit(1); } } return; @@ -1158,11 +1251,6 @@ || regcomp(&VerifyList, "^[ \t]*VerifyList[ \t]+\"(.+)\"[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) || regcomp(&CRLlist, "^[ \t]*CRLlist[ \t]+\"(.+)\"[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) || regcomp(&NoHTTPS11, "^[ \t]*NoHTTPS11[ \t]+([0-2])[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) - || regcomp(&Include, "^[ \t]*Include[ \t]+\"(.+)\"[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) - || regcomp(&ConnTO, "^[ \t]*ConnTO[ \t]+([1-9][0-9]*)[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) - || regcomp(&IgnoreCase, "^[ \t]*IgnoreCase[ \t]+([01])[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) - || regcomp(&HTTPS, "^[ \t]*HTTPS[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) - || regcomp(&HTTPSCert, "^[ \t]*HTTPS[ \t]+\"(.+)\"[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) ) { logmsg(LOG_ERR, "bad config Regex - aborted"); exit(1); @@ -1232,7 +1320,10 @@ exit(1); } - conf_init(conf_name); + if((f_conf = fopen(conf_name, "rt")) == NULL) { + logmsg(LOG_ERR, "can't open configuration file \"%s\" (%s) - aborted", conf_name, strerror(errno)); + exit(1); + } user = NULL; group = NULL; @@ -1246,7 +1337,9 @@ services = NULL; listeners = NULL; - parse_file(); + parse_file(f_conf); + + fclose(f_conf); if(check_only) { logmsg(LOG_INFO, "Config file %s is OK", conf_name); @@ -1312,11 +1405,6 @@ regfree(&VerifyList); regfree(&CRLlist); regfree(&NoHTTPS11); - regfree(&Include); - regfree(&ConnTO); - regfree(&IgnoreCase); - regfree(&HTTPS); - regfree(&HTTPSCert); /* set the facility only here to ensure the syslog gets opened if necessary */ log_facility = def_facility;

@@ -36,9 +36,6 @@ /* Define to 1 if you have the `dl' library (-ldl). */ #undef HAVE_LIBDL -/* Define if libpcreposix is available */ -#undef HAVE_LIBPCREPOSIX - /* Define to 1 if you have the `localtime_r' function. */ #undef HAVE_LOCALTIME_R

@@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.61 for pound 2.5. +# Generated by GNU Autoconf 2.61 for pound 2.4.1. # # Report bugs to <roseg@apsis.ch>. # @@ -574,8 +574,8 @@ # Identity of this package. PACKAGE_NAME='pound' PACKAGE_TARNAME='pound' -PACKAGE_VERSION='2.5' -PACKAGE_STRING='pound 2.5' +PACKAGE_VERSION='2.4.1' +PACKAGE_STRING='pound 2.4.1' PACKAGE_BUGREPORT='roseg@apsis.ch' ac_unique_file="pound.c" @@ -1204,7 +1204,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures pound 2.5 to adapt to many kinds of systems. +\`configure' configures pound 2.4.1 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1270,7 +1270,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of pound 2.5:";; + short | recursive ) echo "Configuration of pound 2.4.1:";; esac cat <<\_ACEOF @@ -1281,19 +1281,13 @@ (default: enabled) --enable-cert1l enable or disable single-line certificate (default: disabled) - --enable-pcreposix enable or disable using the pcreposix library - (default: enabled if available) - --enable-tcmalloc enable or disable using the tcmalloc library - (default: enabled if available) - --enable-hoard enable or disable using the hoard library (default: - enabled if available and ctmalloc NOT available) Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) --with-ssl=directory location of OpenSSL package --with-t_rsa=nnn Time-out for RSA ephemeral keys generation - --with-maxbuf=nnn Value of the MAXBUF parameter (default: 4096) + --with-maxbuf=nnn Value of the MAXBUF parameter (default: 1024) --with-owner=name The account that will own the files installed by Pound --with-group=name The group that will own the files installed by Pound @@ -1372,7 +1366,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -pound configure 2.5 +pound configure 2.4.1 generated by GNU Autoconf 2.61 Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, @@ -1386,7 +1380,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by pound $as_me 2.5, which was +It was created by pound $as_me 2.4.1, which was generated by GNU Autoconf 2.61. Invocation command line was $ $0 $@ @@ -2911,7 +2905,7 @@ # the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. # -# Pound is distributed in the hope that it will be useful, +# Foobar is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. @@ -3469,36 +3463,15 @@ # Check whether --enable-cert1l was given. if test "${enable_cert1l+set}" = set; then enableval=$enable_cert1l; test ${enableval} = "yes" && CFLAGS="${CFLAGS} -DCERT1L"; C_CERT1L="1" -fi - - - -# Check whether --enable-pcreposix was given. -if test "${enable_pcreposix+set}" = set; then - enableval=$enable_pcreposix; C_PCREPOSIX=${enableval} else - C_PCREPOSIX=yes + C_CERT1L="0" fi -# Check whether --enable-tcmalloc was given. -if test "${enable_tcmalloc+set}" = set; then - enableval=$enable_tcmalloc; C_TCMALLOC=${enableval} -else - C_TCMALLOC=yes -fi - - -# Check whether --enable-hoard was given. -if test "${enable_hoard+set}" = set; then - enableval=$enable_hoard; C_HOARD=${enableval} -else - C_HOARD=yes -fi - { echo "$as_me:$LINENO: *** Checking for libraries ***" >&5 echo "$as_me: *** Checking for libraries ***" >&6;} + LIBS="${LIBS} -lm" { echo "$as_me:$LINENO: checking for dlopen in -ldl" >&5 @@ -3835,7 +3808,6 @@ echo 'Missing OpenSSL (-lssl) - aborted'; exit 1 fi -if test x"$C_PCREPOSIX" = xyes; then { echo "$as_me:$LINENO: checking for regcomp in -lpcreposix" >&5 echo $ECHO_N "checking for regcomp in -lpcreposix... $ECHO_C" >&6; } if test "${ac_cv_lib_pcreposix_regcomp+set}" = set; then @@ -3898,11 +3870,7 @@ { echo "$as_me:$LINENO: result: $ac_cv_lib_pcreposix_regcomp" >&5 echo "${ECHO_T}$ac_cv_lib_pcreposix_regcomp" >&6; } if test $ac_cv_lib_pcreposix_regcomp = yes; then - LIBS="-lpcreposix ${LIBS}"; -cat >>confdefs.h <<\_ACEOF -#define HAVE_LIBPCREPOSIX 1 -_ACEOF - + LIBS="-lpcreposix ${LIBS}" else save_LIBS="$LIBS" @@ -3969,11 +3937,7 @@ { echo "$as_me:$LINENO: result: $ac_cv_lib_pcreposix_regexec" >&5 echo "${ECHO_T}$ac_cv_lib_pcreposix_regexec" >&6; } if test $ac_cv_lib_pcreposix_regexec = yes; then - LIBS="-lpcreposix -lpcre $save_LIBS"; -cat >>confdefs.h <<\_ACEOF -#define HAVE_LIBPCREPOSIX 1 -_ACEOF - + LIBS="-lpcreposix -lpcre $save_LIBS" else LIBS="$save_LIBS" fi @@ -3981,8 +3945,6 @@ fi -fi -if test x"$C_TCMALLOC" = xyes; then { echo "$as_me:$LINENO: checking for malloc in -ltcmalloc" >&5 echo $ECHO_N "checking for malloc in -ltcmalloc... $ECHO_C" >&6; } if test "${ac_cv_lib_tcmalloc_malloc+set}" = set; then @@ -4048,8 +4010,7 @@ LIBS="${LIBS} -ltcmalloc" fi -else -if test x"$C_HOARD" = xyes; then +if test "${ac_cv_lib_tcmalloc_malloc}" = "no"; then { echo "$as_me:$LINENO: checking for malloc in -lhoard" >&5 echo $ECHO_N "checking for malloc in -lhoard... $ECHO_C" >&6; } if test "${ac_cv_lib_hoard_malloc+set}" = set; then @@ -4116,7 +4077,6 @@ fi fi -fi { echo "$as_me:$LINENO: checking for pthread_attr_setstacksize in LIBS=$LIBS with CFLAGS=$CFLAGS" >&5 echo $ECHO_N "checking for pthread_attr_setstacksize in LIBS=$LIBS with CFLAGS=$CFLAGS... $ECHO_C" >&6; } @@ -7579,7 +7539,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by pound $as_me 2.5, which was +This file was extended by pound $as_me 2.4.1, which was generated by GNU Autoconf 2.61. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -7628,7 +7588,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF ac_cs_version="\\ -pound config.status 2.5 +pound config.status 2.4.1 configured by $0, generated by GNU Autoconf 2.61, with options \\"`echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\"

@@ -1,6 +1,6 @@ /* * Pound - the reverse-proxy load-balancer - * Copyright (C) 2002-2010 Apsis GmbH + * Copyright (C) 2002-2007 Apsis GmbH * * This file is part of Pound. * @@ -9,7 +9,7 @@ * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * - * Pound is distributed in the hope that it will be useful, + * Foobar is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. @@ -22,6 +22,7 @@ * P.O.Box * 8707 Uetikon am See * Switzerland + * Tel: +41-44-920 4904 * EMail: roseg@apsis.ch */ @@ -52,25 +53,14 @@ static void redirect_reply(BIO *const c, const char *url, const int code) { - char rep[MAXBUF], cont[MAXBUF], *code_msg; + char rep[MAXBUF], cont[MAXBUF]; - switch(code) { - case 301: - code_msg = "Moved Permanently"; - break; - case 307: - code_msg = "Temporary Redirect"; - break; - default: - code_msg = "Found"; - break; - } snprintf(cont, sizeof(cont), "<html><head><title>Redirect</title></head><body><h1>Redirect</h1><p>You should go to <a href=\"%s\">%s</a></p></body></html>", url, url); snprintf(rep, sizeof(rep), - "HTTP/1.0 %d %s\r\nLocation: %s\r\nContent-Type: text/html\r\nContent-Length: %d\r\n\r\n", - code, code_msg, url, strlen(cont)); + "HTTP/1.0 %d Found\r\nLocation: %s\r\nContent-Type: text/html\r\nContent-Length: %d\r\n\r\n", + code, url, strlen(cont)); BIO_write(c, rep, strlen(rep)); BIO_write(c, cont, strlen(cont)); BIO_flush(c); @@ -125,7 +115,7 @@ case -1: return 1; default: - for(i = n_read; i < bufsize && buf[i]; i++) + for(i = n_read; i < bufsize; i++) if(buf[i] == '\n' || buf[i] == '\r') { buf[i] = '\0'; return 0; @@ -442,11 +432,8 @@ #ifdef HAVE_GETTIMEOFDAY struct timeval tv; struct timezone tz; - int sv_errno; - sv_errno = errno; gettimeofday(&tv, &tz); - errno = sv_errno; return tv.tv_sec * 1000000.0 + tv.tv_usec; #else return time(NULL) * 1000000.0; @@ -486,15 +473,15 @@ int cl_11, be_11, res, chunked, n, sock, no_cont, skip, conn_closed, force_10, sock_proto; LISTENER *lstn; SERVICE *svc; - BACKEND *backend, *cur_backend, *old_backend; - struct addrinfo from_host, z_addr; + BACKEND *backend, *cur_backend; + struct addrinfo from_host; struct sockaddr_storage from_host_addr; BIO *cl, *be, *bb, *b64; X509 *x509; char request[MAXBUF], response[MAXBUF], buf[MAXBUF], url[MAXBUF], loc_path[MAXBUF], **headers, headers_ok[MAXHEADERS], v_host[MAXBUF], referer[MAXBUF], u_agent[MAXBUF], u_name[MAXBUF], caddr[MAXBUF], req_time[LOG_TIME_SIZE], s_res_bytes[LOG_BYTES_SIZE], *mh; - SSL *ssl, *be_ssl; + SSL *ssl; long cont, res_bytes; regmatch_t matches[4]; struct linger l; @@ -781,23 +768,12 @@ clean_all(); pthread_exit(NULL); } - if(connect_nb(sock, &backend->addr, backend->conn_to) < 0) { + if(connect_nb(sock, &backend->addr, backend->to) < 0) { str_be(buf, MAXBUF - 1, backend); logmsg(LOG_WARNING, "(%lx) backend %s connect: %s", pthread_self(), buf, strerror(errno)); - shutdown(sock, 2); close(sock); - /* - * kill the back-end only if no HAport is defined for it - * otherwise allow the HAport mechanism to do its job - */ - memset(&z_addr, 0, sizeof(z_addr)); - if(memcmp(&(backend->ha_addr), &(z_addr), sizeof(z_addr)) == 0) - kill_be(svc, backend, BE_KILL); - /* - * ...but make sure we don't get into a loop with the same back-end - */ - old_backend = backend; - if((backend = get_backend(svc, &from_host, url, &headers[1])) == NULL || backend == old_backend) { + kill_be(svc, backend, 0); + if((backend = get_backend(svc, &from_host, url, &headers[1])) == NULL) { addr2str(caddr, MAXBUF - 1, &from_host, 1); logmsg(LOG_NOTICE, "(%lx) e503 no back-end \"%s\" from %s", pthread_self(), request, caddr); err_reply(cl, h503, lstn->err503); @@ -834,35 +810,6 @@ BIO_set_callback_arg(be, (char *)&backend->to); BIO_set_callback(be, bio_callback); } - if(backend->ctx != NULL) { - if((be_ssl = SSL_new(backend->ctx)) == NULL) { - logmsg(LOG_WARNING, "(%lx) be SSL_new: failed", pthread_self()); - err_reply(cl, h503, lstn->err503); - free_headers(headers); - clean_all(); - pthread_exit(NULL); - } - SSL_set_bio(be_ssl, be, be); - if((bb = BIO_new(BIO_f_ssl())) == NULL) { - logmsg(LOG_WARNING, "(%lx) BIO_new(Bio_f_ssl()) failed", pthread_self()); - err_reply(cl, h503, lstn->err503); - free_headers(headers); - clean_all(); - pthread_exit(NULL); - } - BIO_set_ssl(bb, be_ssl, BIO_CLOSE); - BIO_set_ssl_mode(bb, 1); - be = bb; - if(BIO_do_handshake(be) <= 0) { - str_be(buf, MAXBUF - 1, backend); - logmsg(LOG_NOTICE, "BIO_do_handshake with %s failed: %s", buf, - ERR_error_string(ERR_get_error(), NULL)); - err_reply(cl, h503, lstn->err503); - free_headers(headers); - clean_all(); - pthread_exit(NULL); - } - } if((bb = BIO_new(BIO_f_buffer())) == NULL) { logmsg(LOG_WARNING, "(%lx) e503 BIO_new(buffer) server failed", pthread_self()); err_reply(cl, h503, lstn->err503); @@ -926,7 +873,6 @@ logmsg(LOG_WARNING, "(%lx) e500 error write HTTPSHeader to %s: %s (%.3f sec)", pthread_self(), buf, strerror(errno), (end_req - start_req) / 1000000.0); err_reply(cl, h500, lstn->err500); - free_headers(headers); clean_all(); pthread_exit(NULL); } @@ -937,20 +883,6 @@ if(cur_backend->be_type == 0 && ssl != NULL) { SSL_CIPHER *cipher; - if((cipher = SSL_get_current_cipher(ssl)) != NULL) { - SSL_CIPHER_description(cipher, buf, MAXBUF - 1); - strip_eol(buf); - if(BIO_printf(be, "X-SSL-cipher: %s\r\n", buf) <= 0) { - str_be(buf, MAXBUF - 1, cur_backend); - end_req = cur_time(); - logmsg(LOG_WARNING, "(%lx) e500 error write X-SSL-cipher to %s: %s (%.3f sec)", - pthread_self(), buf, strerror(errno), (end_req - start_req) / 1000000.0); - err_reply(cl, h500, lstn->err500); - clean_all(); - pthread_exit(NULL); - } - } - if(lstn->clnt_check > 0 && x509 != NULL && (bb = BIO_new(BIO_s_mem())) != NULL) { X509_NAME_print_ex(bb, X509_get_subject_name(x509), 8, XN_FLAG_ONELINE & ~ASN1_STRFLGS_ESC_MSB); get_line(bb, buf, MAXBUF); @@ -1074,6 +1006,19 @@ } } #endif + if((cipher = SSL_get_current_cipher(ssl)) != NULL) { + SSL_CIPHER_description(cipher, buf, MAXBUF - 1); + strip_eol(buf); + if(BIO_printf(be, "X-SSL-cipher: %s\r\n", buf) <= 0) { + str_be(buf, MAXBUF - 1, cur_backend); + end_req = cur_time(); + logmsg(LOG_WARNING, "(%lx) e500 error write X-SSL-cipher to %s: %s (%.3f sec)", + pthread_self(), buf, strerror(errno), (end_req - start_req) / 1000000.0); + err_reply(cl, h500, lstn->err500); + clean_all(); + pthread_exit(NULL); + } + } BIO_free_all(bb); } } @@ -1142,7 +1087,7 @@ /* if we have a redirector */ if(cur_backend->be_type) { memset(buf, 0, sizeof(buf)); - if(!cur_backend->redir_req) + if(cur_backend->redir_req) snprintf(buf, sizeof(buf) - 1, "%s%s", cur_backend->url, url); else strncpy(buf, cur_backend->url, sizeof(buf) - 1); @@ -1157,16 +1102,16 @@ break; case 3: if(v_host[0]) - logmsg(LOG_INFO, "%s %s - %s [%s] \"%s\" %d 0 \"%s\" \"%s\"", v_host, caddr, - u_name[0]? u_name: "-", req_time, request, cur_backend->be_type, referer, u_agent); + logmsg(LOG_INFO, "%s %s - %s [%s] \"%s\" 302 0 \"%s\" \"%s\"", v_host, caddr, + u_name[0]? u_name: "-", req_time, request, referer, u_agent); else - logmsg(LOG_INFO, "%s - %s [%s] \"%s\" %d 0 \"%s\" \"%s\"", caddr, - u_name[0]? u_name: "-", req_time, request, cur_backend->be_type, referer, u_agent); + logmsg(LOG_INFO, "%s - %s [%s] \"%s\" 302 0 \"%s\" \"%s\"", caddr, + u_name[0]? u_name: "-", req_time, request, referer, u_agent); break; case 4: case 5: - logmsg(LOG_INFO, "%s - %s [%s] \"%s\" %d 0 \"%s\" \"%s\"", caddr, - u_name[0]? u_name: "-", req_time, request, cur_backend->be_type, referer, u_agent); + logmsg(LOG_INFO, "%s - %s [%s] \"%s\" 302 0 \"%s\" \"%s\"", caddr, + u_name[0]? u_name: "-", req_time, request, referer, u_agent); break; } if(!cl_11 || conn_closed || force_10) @@ -1211,7 +1156,7 @@ break; case HEADER_LOCATION: if(v_host[0] && need_rewrite(lstn->rewr_loc, buf, loc_path, lstn, cur_backend)) { - snprintf(buf, MAXBUF, "Location: %s://%s/%s", + snprintf(buf, MAXBUF, "Location: %s://%s%s", (ssl == NULL? "http": "https"), v_host, loc_path); free(headers[n]); if((headers[n] = strdup(buf)) == NULL) { @@ -1225,7 +1170,7 @@ break; case HEADER_CONTLOCATION: if(v_host[0] && need_rewrite(lstn->rewr_loc, buf, loc_path, lstn, cur_backend)) { - snprintf(buf, MAXBUF, "Content-location: %s://%s/%s", + snprintf(buf, MAXBUF, "Content-location: %s://%s%s", (ssl == NULL? "http": "https"), v_host, loc_path); free(headers[n]); if((headers[n] = strdup(buf)) == NULL) {

@@ -1,4 +1,4 @@ -.TH POUND "8" "Jan 2010" "pound" "System Manager's Manual" +.TH POUND "8" "May 2002" "pound" "System Manager's Manual" .SH NAME pound \- HTTP/HTTPS reverse-proxy and load-balancer .SH SYNOPSIS @@ -243,10 +243,6 @@ used). This value can be overridden for specific listeners. .TP -\fBIgnoreCase\fR 0|1 -Ignore case when matching URLs (default: 0). This value can be -overridden for specific services. -.TP \fBDynScale\fR 0|1 Enable or disable the dynamic rescaling code (default: 0). If enabled .B Pound @@ -279,13 +275,6 @@ wait for a response from the back-end (in seconds). Default: 15 seconds. This value can be overridden for specific back-ends. .TP -\fBConnTO\fR value -How long should -.B Pound -wait for a connection to the back-end (in seconds). Default: the -.B TimeOut -value. This value can be overridden for specific back-ends. -.TP \fBGrace\fR value How long should .B Pound @@ -351,8 +340,8 @@ CHECKOUT, MERGE, REPORT). .IP .I 3 -additionally allow MS extensions WebDAV verbs (SUBSCRIBE, UNSUBSCRIBE, -NOTIFY, BPROPFIND, BPROPPATCH, POLL, BMOVE, BCOPY, BDELETE, CONNECT). +additionally allow MS extensions WebDAV verbs (SUBSCRIBE, BPROPPATCH, +POLL, BMOVE, BCOPY, BDELETE, CONNECT). .IP .I 4 additionally allow MS RPC extensions verbs (RPC_IN_DATA, RPC_OUT_DATA). @@ -517,14 +506,7 @@ .I URL conditions per service. If no .I URL -was defined then all requests match. The matching is by default case-sensitive, -but this can be overridden by specifying -.B IgnoreCase 1 -.TP -\fBIgnoreCase\fR 0|1 -Override the global -.B IgnoreCase -setting. +was defined then all requests match. .TP \fBHeadRequire\fR "pattern" The request must contain at least on header matching the given pattern. @@ -562,7 +544,7 @@ .B Pound will attempt to load-balance between them. .TP -\fBRedirect\fR [code] "url" +\fBRedirect\fR "url" This is a special type of back-end. Instead of sending the request to a back-end .B Pound replies immediately with a redirection to the given URL. You may define multiple @@ -605,8 +587,7 @@ should reply with a "307 Temporary Redirect" status. Unfortunately, that is not yet supported by all clients (in particular HTTP 1.0 ones), so .B Pound -currently replies by default with a "302 Found" instead. You may override this -behaviour by specifying the code to be used (301, 302 or 307). +currently replies with a "302 Found" instead. .TP \fBEmergency\fR Directives enclosed between an @@ -654,13 +635,6 @@ .B mandatory parameter for non Unix-domain back-ends. .TP -\fBHTTPS\fR [ "cert" ] -The back-end is using HTTPS. If the optional parameter -.I cert -is specified, -.B Pound -will present this certificate to the back-end. -.TP \fBPriority\fR val The priority of this back-end (between 1 and 9, 5 is default). Higher priority back-ends will be used more often than lower priority ones, so you should @@ -671,11 +645,6 @@ .I TimeOut value. .TP -\fBConnTO\fR val -Override the global -.I ConnTO -value. -.TP \fBHAport\fR [ address ] port A port (and optional address) to be used for server function checks. See below the "High Availability" section for a more detailed discussion. By default @@ -1159,7 +1128,7 @@ .SH "REPORTING BUGS" Report bugs to <roseg@apsis.ch>. .SH COPYRIGHT -Copyright \(co 2002-2010 Apsis GmbH. +Copyright \(co 2002-2006 Apsis GmbH. .br This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

@@ -1,6 +1,6 @@ /* * Pound - the reverse-proxy load-balancer - * Copyright (C) 2002-2010 Apsis GmbH + * Copyright (C) 2002-2007 Apsis GmbH * * This file is part of Pound. * @@ -9,7 +9,7 @@ * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * - * Pound is distributed in the hope that it will be useful, + * Foobar is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. @@ -22,6 +22,7 @@ * P.O.Box * 8707 Uetikon am See * Switzerland + * Tel: +41-44-920 4904 * EMail: roseg@apsis.ch */

@@ -1,6 +1,6 @@ /* * Pound - the reverse-proxy load-balancer - * Copyright (C) 2002-2010 Apsis GmbH + * Copyright (C) 2002-2007 Apsis GmbH * * This file is part of Pound. * @@ -9,7 +9,7 @@ * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * - * Pound is distributed in the hope that it will be useful, + * Foobar is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. @@ -22,6 +22,7 @@ * P.O.Box * 8707 Uetikon am See * Switzerland + * Tel: +41-44-920 4904 * EMail: roseg@apsis.ch */ @@ -96,11 +97,6 @@ #error "Pound needs sys/un.h" #endif -#ifndef UNIX_PATH_MAX -/* on Linux this is defined in linux/un.h rather than sys/un.h - go figure */ -#define UNIX_PATH_MAX 108 -#endif - #if HAVE_NETINET_IN_H #include <netinet/in.h> #else @@ -179,14 +175,10 @@ #error "Pound needs signal.h" #endif -#if HAVE_LIBPCREPOSIX #if HAVE_PCREPOSIX_H #include <pcreposix.h> #elif HAVE_PCRE_PCREPOSIX #include <pcre/pcreposix.h> -#else -#error "You have libpcreposix, but the header files are missing. Use --disable-pcreposix" -#endif #elif HAVE_REGEX_H #include <regex.h> #else @@ -268,7 +260,7 @@ #endif /* NO_EXTERNALS */ #ifndef MAXBUF -#define MAXBUF 4096 +#define MAXBUF 1024 #endif #define MAXHEADERS 128 @@ -292,15 +284,13 @@ /* back-end definition */ typedef struct _backend { - int be_type; /* 0 if real back-end, otherwise code (301, 302/default, 307) */ + int be_type; /* 0 if real back-end, other wise code (301, 302/default, 307) */ struct addrinfo addr; /* IPv4/6 address */ int priority; /* priority */ - int to; /* read/write time-out */ - int conn_to; /* connection time-out */ + int to; struct addrinfo ha_addr; /* HA address/port */ char *url; /* for redirectors */ int redir_req; /* the redirect should include the request path */ - SSL_CTX *ctx; /* CTX for SSL connections */ pthread_mutex_t mut; /* mutex for this back-end */ int n_requests; /* number of requests seen */ double t_requests; /* time to answer these requests */ @@ -335,8 +325,8 @@ pthread_mutex_t mut; /* mutex for this service */ SESS_TYPE sess_type; int sess_ttl; /* session time-to-live */ - regex_t sess_start; /* pattern to identify the session data */ regex_t sess_pat; /* pattern to match the session data */ + char *sess_parm; /* session cookie or parameter */ LHASH *sessions; /* currently active sessions */ int dynscale; /* true if the back-ends should be dynamically rescaled */ int disabled; /* true if the service is disabled */ @@ -481,9 +471,6 @@ */ extern int check_header(const char *, char *); -#define BE_DISABLE -1 -#define BE_KILL 1 -#define BE_ENABLE 0 /* * mark a backend host as dead; * do nothing if no resurection code is active @@ -526,7 +513,7 @@ */ #define N_RSA_KEYS 11 #ifndef T_RSA_KEYS -#define T_RSA_KEYS 1800 +#define T_RSA_KEYS 300 #endif /* @@ -535,11 +522,6 @@ extern RSA *RSA_tmp_callback(SSL *, int, int); /* - * return a pre-generated RSA key - */ -extern DH *DH_tmp_callback(SSL *, int, int); - -/* * expiration stuff */ #ifndef EXPIRE_TO

@@ -1,9 +1,9 @@ -.TH POUNDCTL "8" "Jan 2010" "poundctl" "System Manager's Manual" +.TH POUNDCTL "8" "October 2006" "poundctl" "System Manager's Manual" .SH NAME poundctl \- control the pound(8) daemon .SH SYNOPSIS .TP -.B poundctl \fI-c /path/to/socket\fR [\fI-L/-l\fR] [\fI-S/-s\fR] [\fI-B/-b\fR] [\fI-N/-n\fR] [\fI-H\fR] [\fI-X\fR] +.B poundctl \fI-c /path/to/socket\fR [\fI-L/-l\fR] [\fI-S/-s\fR] [\fI-B/-b\fR] [\fI-N/-n\fR] .SH DESCRIPTION .PP .B Poundctl @@ -48,13 +48,6 @@ The parameters n, m and r refer to the number assigned to a particular listener, service and back-end in the listings. A listener number of -1 refers by convention to the global context. -.TP -\fB\-H\fR -Try to resolve the addresses to symbolic names. Depending on your configuration, -this may require an active DNS. -.TP -\fB\-X\fR -Show the results in XML format. .PP When called without flags .B poundctl @@ -66,7 +59,7 @@ .SH "REPORTING BUGS" Report bugs to <roseg@apsis.ch>. .SH COPYRIGHT -Copyright \(co 2002-2010 Apsis GmbH. +Copyright \(co 2002-2006 Apsis GmbH. .br This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

@@ -1,6 +1,6 @@ /* * Pound - the reverse-proxy load-balancer - * Copyright (C) 2002-2010 Apsis GmbH + * Copyright (C) 2002-2007 Apsis GmbH * * This file is part of Pound. * @@ -9,7 +9,7 @@ * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * - * Pound is distributed in the hope that it will be useful, + * Foobar is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. @@ -22,13 +22,13 @@ * P.O.Box * 8707 Uetikon am See * Switzerland + * Tel: +41-44-920 4904 * EMail: roseg@apsis.ch */ #define NO_EXTERNALS 1 #include "pound.h" static int xml_out = 0; -static int host_names = 0; static void usage(const char *arg0) @@ -45,8 +45,7 @@ fprintf(stderr, "\t-n n m k - remove a session with key k r in service m in listener n\n"); fprintf(stderr, "\n"); fprintf(stderr, "\tentering the command without arguments lists the current configuration.\n"); - fprintf(stderr, "\tthe -X flag results in XML output.\n"); - fprintf(stderr, "\tthe -H flag shows symbolic host names instead of addresses.\n"); + fprintf(stderr, "\tthe -X flags results in XML output.\n"); exit(1); } @@ -56,40 +55,36 @@ static char * prt_addr(const struct addrinfo *addr) { - static char res[UNIX_PATH_MAX]; - char buf[UNIX_PATH_MAX]; + static char res[64]; + char buf[64]; int port; void *src; - memset(buf, 0, UNIX_PATH_MAX); + memset(buf, 0, 64); #ifdef HAVE_INET_NTOP switch(addr->ai_family) { case AF_INET: src = (void *)&((struct sockaddr_in *)addr->ai_addr)->sin_addr.s_addr; port = ntohs(((struct sockaddr_in *)addr->ai_addr)->sin_port); - if(host_names && !getnameinfo(addr->ai_addr, addr->ai_addrlen, buf, UNIX_PATH_MAX - 1, NULL, 0, 0)) - break; - if(inet_ntop(AF_INET, src, buf, UNIX_PATH_MAX - 1) == NULL) - strncpy(buf, "(UNKNOWN)", UNIX_PATH_MAX - 1); + if(inet_ntop(AF_INET, src, buf, 63) == NULL) + strncpy(buf, "(UNKNOWN)", 63); break; case AF_INET6: src = (void *)&((struct sockaddr_in6 *)addr->ai_addr)->sin6_addr.s6_addr; port = ntohs(((struct sockaddr_in6 *)addr->ai_addr)->sin6_port); - if(host_names && !getnameinfo(addr->ai_addr, addr->ai_addrlen, buf, UNIX_PATH_MAX - 1, NULL, 0, 0)) - break; - if(inet_ntop(AF_INET6, src, buf, UNIX_PATH_MAX - 1) == NULL) - strncpy(buf, "(UNKNOWN)", UNIX_PATH_MAX - 1); + if(inet_ntop(AF_INET6, src, buf, 63) == NULL) + strncpy(buf, "(UNKNOWN)", 63); break; case AF_UNIX: - strncpy(buf, (char *)addr->ai_addr, UNIX_PATH_MAX - 1); + strncpy(buf, (char *)addr->ai_addr, 63); port = 0; break; default: - strncpy(buf, "(UNKNOWN)", UNIX_PATH_MAX - 1); + strncpy(buf, "(UNKNOWN)", 63); port = 0; break; } - snprintf(res, UNIX_PATH_MAX - 1, "%s:%d", buf, port); + snprintf(res, 63, "%s:%d", buf, port); #else #error "Pound needs inet_ntop()" #endif @@ -114,10 +109,9 @@ be.ha_addr.ai_addr = (struct sockaddr *)&h; } if(xml_out) - printf("<backend index=\"%d\" address=\"%s\" avg=\"%.3f\" priority=\"%d\" alive=\"%s\" status=\"%s\" />\n", - n_be++, - prt_addr(&be.addr), be.t_average / 1000000, be.priority, be.alive? "yes": "DEAD", - be.disabled? "DISABLED": "active"); + printf("<backend index=\"%d\" address=\"%s\" average=\"%.3f\" priority=\"%d\"%s%s />\n", n_be++, + prt_addr(&be.addr), be.t_average / 1000000, be.priority, be.alive? "": " DEAD", + be.disabled? " DISABLED": ""); else printf(" %3d. Backend %s %s (%d %.3f sec) %s\n", n_be++, prt_addr(&be.addr), be.disabled? "DISABLED": "active", be.priority, be.t_average / 1000000, be.alive? "alive": "DEAD"); @@ -151,7 +145,7 @@ escaped[j++] = '"'; } else escaped[j++] = buf[i]; - escaped[j] = '\0'; + buf[j] = '\0'; printf("<session index=\"%d\" key=\"%s\" backend=\"%d\" />\n", n_sess++, escaped, n_be); } else printf(" %3d. Session %s -> %d\n", n_sess++, buf, n_be); @@ -171,8 +165,7 @@ break; if(xml_out) { if(svc.name[0]) - printf("<service index=\"%d\" name=\"%s\" status=\"%s\">\n", - n_svc++, svc.name, svc.disabled? "DISABLED": "active"); + printf("<service index=\"%d\" name=\"%s\"%s>\n", n_svc++, svc.name, svc.disabled? " DISABLED": ""); else printf("<service index=\"%d\"%s>\n", n_svc++, svc.disabled? " DISABLED": ""); } else { @@ -228,7 +221,7 @@ memset(&cmd, 0, sizeof(cmd)); opterr = 0; i = 0; - while(!i && (c_opt = getopt(argc, argv, "c:LlSsBbNnXH")) > 0) + while(!i && (c_opt = getopt(argc, argv, "c:LlSsBbNnX")) > 0) switch(c_opt) { case 'c': sock_name = optarg; @@ -276,9 +269,6 @@ usage(arg0); d_sess = is_set = 1; break; - case 'H': - host_names = 1; - break; default: if(optopt == '1') { optind--; @@ -350,9 +340,8 @@ read(sock, &a, lstn.addr.ai_addrlen); lstn.addr.ai_addr = (struct sockaddr *)&a; if(xml_out) - printf("<listener index=\"%d\" protocol=\"%s\" address=\"%s\" status=\"%s\">\n", - n_lstn++, lstn.ctx? "HTTPS": "http", - prt_addr(&lstn.addr), lstn.disabled? "DISABLED": "active"); + printf("<listener index=\"%d\" %s address=\"%s\"%s>\n", n_lstn++, lstn.ctx? "HTTPS": "HTTP", + prt_addr(&lstn.addr), lstn.disabled? " DISABLED": ""); else printf("%3d. %s Listener %s %s\n", n_lstn++, lstn.ctx? "HTTPS" : "http", prt_addr(&lstn.addr), lstn.disabled? "*D": "a");

@@ -1,6 +1,6 @@ /* * Pound - the reverse-proxy load-balancer - * Copyright (C) 2002-2010 Apsis GmbH + * Copyright (C) 2002-2007 Apsis GmbH * * This file is part of Pound. * @@ -9,7 +9,7 @@ * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * - * Pound is distributed in the hope that it will be useful, + * Foobar is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. @@ -22,6 +22,7 @@ * P.O.Box * 8707 Uetikon am See * Switzerland + * Tel: +41-44-920 4904 * EMail: roseg@apsis.ch */ @@ -73,10 +74,8 @@ TABNODE t, *res; t.key = key; - if((res = (TABNODE *)lh_retrieve(tab, &t)) != NULL) { - res->last_acc = time(NULL); + if((res = (TABNODE *)lh_retrieve(tab, &t)) != NULL) return res->content; - } return NULL; } @@ -140,7 +139,7 @@ ALL_ARG *a; a = (ALL_ARG *)arg; - if(memcmp(t->content, a->content, a->cont_len) == 0) + if(memcmp(t->content, a->content, a->cont_len)) lh_delete(a->tab, t); return; } @@ -367,21 +366,16 @@ static int get_REQUEST(char *res, const SERVICE *svc, const char *request) { - int n, s; + int n; regmatch_t matches[4]; - if(regexec(&svc->sess_start, request, 4, matches, 0)) { - res[0] = '\0'; - return 0; - } - s = matches[0].rm_eo; - if(regexec(&svc->sess_pat, request + s, 4, matches, 0)) { + if(regexec(&svc->sess_pat, request, 4, matches, 0)) { res[0] = '\0'; return 0; } if((n = matches[1].rm_eo - matches[1].rm_so) > KEY_SIZE) n = KEY_SIZE; - strncpy(res, request + s + matches[1].rm_so, n); + strncpy(res, request + matches[1].rm_so, n); res[n] = '\0'; return 1; } @@ -389,7 +383,7 @@ static int get_HEADERS(char *res, const SERVICE *svc, char **const headers) { - int i, n, s; + int i, n; regmatch_t matches[4]; /* this will match SESS_COOKIE, SESS_HEADER and SESS_BASIC */ @@ -397,14 +391,11 @@ for(i = 0; i < (MAXHEADERS - 1); i++) { if(headers[i] == NULL) continue; - if(regexec(&svc->sess_start, headers[i], 4, matches, 0)) - continue; - s = matches[0].rm_eo; - if(regexec(&svc->sess_pat, headers[i] + s, 4, matches, 0)) + if(regexec(&svc->sess_pat, headers[i], 4, matches, 0)) continue; if((n = matches[1].rm_eo - matches[1].rm_so) > KEY_SIZE) n = KEY_SIZE; - strncpy(res, headers[i] + s + matches[1].rm_so, n); + strncpy(res, headers[i] + matches[1].rm_so, n); res[n] = '\0'; } return res[0] != '\0'; @@ -488,7 +479,7 @@ case SESS_IP: addr2str(key, KEY_SIZE, from_host, 1); if(svc->sess_ttl < 0) - res = hash_backend(svc->backends, svc->abs_pri, key); + return hash_backend(svc->backends, svc->abs_pri, key); else if((vp = t_find(svc->sessions, key)) == NULL) { /* no session yet - create one */ res = rand_backend(svc->backends, random() % svc->tot_pri); @@ -500,7 +491,7 @@ case SESS_PARM: if(get_REQUEST(key, svc, request)) { if(svc->sess_ttl < 0) - res = hash_backend(svc->backends, svc->abs_pri, key); + return hash_backend(svc->backends, svc->abs_pri, key); else if((vp = t_find(svc->sessions, key)) == NULL) { /* no session yet - create one */ res = rand_backend(svc->backends, random() % svc->tot_pri); @@ -515,7 +506,7 @@ /* this works for SESS_BASIC, SESS_HEADER and SESS_COOKIE */ if(get_HEADERS(key, svc, headers)) { if(svc->sess_ttl < 0) - res = hash_backend(svc->backends, svc->abs_pri, key); + return hash_backend(svc->backends, svc->abs_pri, key); else if((vp = t_find(svc->sessions, key)) == NULL) { /* no session yet - create one */ res = rand_backend(svc->backends, random() % svc->tot_pri); @@ -561,41 +552,32 @@ * disable_only == -1: mark as enabled */ void -kill_be(SERVICE *const svc, const BACKEND *be, const int disable_mode) +kill_be(SERVICE *const svc, const BACKEND *be, const int disable_only) { BACKEND *b; int ret_val; - char buf[MAXBUF]; if(ret_val = pthread_mutex_lock(&svc->mut)) logmsg(LOG_WARNING, "kill_be() lock: %s", strerror(ret_val)); svc->tot_pri = 0; for(b = svc->backends; b; b = b->next) { if(b == be) - switch(disable_mode) { - case BE_DISABLE: + switch(disable_only) { + case 1: b->disabled = 1; - str_be(buf, MAXBUF - 1, b); - logmsg(LOG_NOTICE, "(%lx) BackEnd %s disabled", pthread_self(), buf); - break; - case BE_KILL: - b->alive = 0; - str_be(buf, MAXBUF - 1, b); - logmsg(LOG_NOTICE, "(%lx) BackEnd %s dead (killed)", pthread_self(), buf); - t_clean(svc->sessions, &be, sizeof(be)); break; - case BE_ENABLE: - str_be(buf, MAXBUF - 1, b); - logmsg(LOG_NOTICE, "(%lx) BackEnd %s enabled", pthread_self(), buf); + case -1: b->disabled = 0; break; default: - logmsg(LOG_WARNING, "kill_be(): unknown mode %d", disable_mode); + b->alive = 0; break; } if(b->alive && !b->disabled) svc->tot_pri += b->priority; } + if(disable_only >= 0) + t_clean(svc->sessions, &be, sizeof(be)); if(ret_val = pthread_mutex_unlock(&svc->mut)) logmsg(LOG_WARNING, "kill_be() unlock: %s", strerror(ret_val)); return; @@ -632,15 +614,10 @@ get_host(char *const name, struct addrinfo *res) { struct addrinfo *chain, *ap; - struct addrinfo hints; int ret_val; #ifdef HAVE_INET_NTOP - memset (&hints, 0, sizeof(hints)); - hints.ai_family = PF_UNSPEC; - hints.ai_socktype = SOCK_STREAM; - hints.ai_flags = AI_CANONNAME; - if((ret_val = getaddrinfo(name, NULL, &hints, &chain)) == 0) { + if((ret_val = getaddrinfo(name, NULL, NULL, &chain)) == 0) { for(ap = chain; ap != NULL; ap = ap->ai_next) if(ap->ai_socktype == SOCK_STREAM) break; @@ -763,8 +740,8 @@ * check if the Location points to the Listener but with the wrong port or protocol */ if(memcmp(&be_addr.sin_addr.s_addr, &in_addr.sin_addr.s_addr, sizeof(in_addr.sin_addr.s_addr)) == 0 - && (memcmp(&be_addr.sin_port, &in_addr.sin_port, sizeof(in_addr.sin_port)) != 0 - || strcasecmp(proto, (lstn->ctx == NULL)? "http": "https"))) { + && (memcmp(&be_addr.sin_port, &in_addr.sin_port, sizeof(in_addr.sin_port) != 0 + || strcasecmp(proto, (lstn->ctx == NULL)? "http": "https")))) { free(addr.ai_addr); return 1; } @@ -775,8 +752,8 @@ * check if the Location points to the Listener but with the wrong port or protocol */ if(memcmp(&be6_addr.sin6_addr.s6_addr, &in6_addr.sin6_addr.s6_addr, sizeof(in6_addr.sin6_addr.s6_addr)) == 0 - && (memcmp(&be6_addr.sin6_port, &in6_addr.sin6_port, sizeof(in6_addr.sin6_port)) != 0 - || strcasecmp(proto, (lstn->ctx == NULL)? "http": "https"))) { + && (memcmp(&be6_addr.sin6_port, &in6_addr.sin6_port, sizeof(in6_addr.sin6_port) != 0 + || strcasecmp(proto, (lstn->ctx == NULL)? "http": "https")))) { free(addr.ai_addr); return 1; } @@ -904,8 +881,8 @@ default: continue; } - if(connect_nb(sock, &be->ha_addr, be->conn_to) != 0) { - kill_be(svc, be, BE_KILL); + if(connect_nb(sock, &be->ha_addr, be->to) != 0) { + kill_be(svc, be, 0); str_be(buf, MAXBUF - 1, be); logmsg(LOG_NOTICE, "BackEnd %s is dead (HA)", buf); } @@ -940,8 +917,8 @@ default: continue; } - if(connect_nb(sock, &be->ha_addr, be->conn_to) != 0) { - kill_be(svc, be, BE_KILL); + if(connect_nb(sock, &be->ha_addr, be->to) != 0) { + kill_be(svc, be, 0); str_be(buf, MAXBUF - 1, be); logmsg(LOG_NOTICE, "BackEnd %s is dead (HA)", buf); } @@ -995,7 +972,7 @@ } addr = &be->ha_addr; } - if(connect_nb(sock, addr, be->conn_to) == 0) { + if(connect_nb(sock, addr, be->to) == 0) { be->resurrect = 1; modified = 1; } @@ -1064,7 +1041,7 @@ } addr = &be->ha_addr; } - if(connect_nb(sock, addr, be->conn_to) == 0) { + if(connect_nb(sock, addr, be->to) == 0) { be->resurrect = 1; modified = 1; } @@ -1296,38 +1273,20 @@ do_RSAgen(void) { int n, ret_val; - RSA *t_RSA512_keys[N_RSA_KEYS]; - RSA *t_RSA1024_keys[N_RSA_KEYS]; - for(n = 0; n < N_RSA_KEYS; n++) { - t_RSA512_keys[n] = RSA_generate_key(512, RSA_F4, NULL, NULL); - t_RSA1024_keys[n] = RSA_generate_key(1024, RSA_F4, NULL, NULL); - } if(ret_val = pthread_mutex_lock(&RSA_mut)) logmsg(LOG_WARNING, "thr_RSAgen() lock: %s", strerror(ret_val)); for(n = 0; n < N_RSA_KEYS; n++) { RSA_free(RSA512_keys[n]); - RSA512_keys[n] = t_RSA512_keys[n]; + RSA512_keys[n] = RSA_generate_key(512, RSA_F4, NULL, NULL); RSA_free(RSA1024_keys[n]); - RSA1024_keys[n] = t_RSA1024_keys[n]; + RSA1024_keys[n] = RSA_generate_key(1024, RSA_F4, NULL, NULL); } if(ret_val = pthread_mutex_unlock(&RSA_mut)) logmsg(LOG_WARNING, "thr_RSAgen() unlock: %s", strerror(ret_val)); return; } -#include "dh512.h" -#include "dh1024.h" - -DH * -DH_tmp_callback(/* not used */SSL *s, /* not used */int is_export, int keylength) -{ - if(keylength == 512) - return get_dh512(); - else - return get_dh1024(); -} - static time_t last_RSA, last_rescale, last_alive, last_expire; /* @@ -1385,19 +1344,19 @@ if((n_remain = n_wait - (cur_time - last_time)) > 0) sleep(n_remain); last_time = time(NULL); - if((last_time - last_RSA) >= T_RSA_KEYS) { + if((last_time - last_RSA) > T_RSA_KEYS) { last_RSA = time(NULL); do_RSAgen(); } - if((last_time - last_rescale) >= RESCALE_TO) { + if((last_time - last_rescale) > RESCALE_TO) { last_rescale = time(NULL); do_rescale(); } - if((last_time - last_alive) >= alive_to) { + if((last_time - last_alive) > alive_to) { last_alive = time(NULL); do_resurect(); } - if((last_time - last_expire) >= EXPIRE_TO) { + if((last_time - last_expire) > EXPIRE_TO) { last_expire = time(NULL); do_expire(); } @@ -1431,7 +1390,6 @@ write(a->control_sock, t->key, sz); return; } - IMPLEMENT_LHASH_DOALL_ARG_FN(t_dump, TABNODE *, void *) /* @@ -1626,7 +1584,7 @@ if((be = sel_be(&cmd)) == NULL) logmsg(LOG_INFO, "thr_control() bad backend %d/%d/%d", cmd.listener, cmd.service, cmd.backend); else - kill_be(svc, be, BE_ENABLE); + kill_be(svc, be, -1); break; case CTRL_DE_BE: if((svc = sel_svc(&cmd)) == NULL) { @@ -1636,7 +1594,7 @@ if((be = sel_be(&cmd)) == NULL) logmsg(LOG_INFO, "thr_control() bad backend %d/%d/%d", cmd.listener, cmd.service, cmd.backend); else - kill_be(svc, be, BE_DISABLE); + kill_be(svc, be, 1); break; case CTRL_ADD_SESS: if((svc = sel_svc(&cmd)) == NULL) {

@@ -1,41 +1,4 @@ ------------------------------------------------------------------------ -r61 | roseg | 2009-06-29 17:53:55 +0200 (Mon, 29 Jun 2009) | 13 lines - -Release 2.4.5 - -Stable release 2.4.5 - -Enhancements: - - log back-end killed/disabled/enabled (thanks to Joe Gooch and Jon Garvin) - - kill a BE on connection failure only if it has no HAport defined (thanks to Albert); the request may still fail! - -Bug fixes: - - fixed parantheses problems in need_rewrite (thanks to SBR) - - added call to free_headers in http.c (thanks to SBR) - - fixed maximal path length in UNIX domain sockets (thanks to Ricardo Gameiro) - ------------------------------------------------------------------------- -r60 | roseg | 2009-01-14 17:39:52 +0100 (Wed, 14 Jan 2009) | 18 lines - -Release 2.4.4 - -Stable release 2.4.4 - -Enhancements: - - added support for UNSUBSCRIBE and NOTIFY in xHTTP 3 and 4 - - added support for BPROPFIND in xHTTP 4 - - on SSL connections always pass the cipher used to the back-end (thanks to Magnus Sandin) - -Bug fixes: - - save and restore errno value in cur_time() (thanks to Albert) - - fixed problem in timer thread (thanks to Albert) - - added shutdown for failed socket connection (thanks to Albert) - - fixed problem with CC containing spaces in Makefile.in (thanks to Elan Ruusamäe) - - increased MAXBUF to default 4096 - - increased T_RSA default to 30 minutes - - fixed a problem with Unix sockets back-ends (thanks to Ricardo Gameiro) - ------------------------------------------------------------------------- r59 | roseg | 2008-05-31 12:25:41 +0200 (Sat, 31 May 2008) | 11 lines Release 2.4.3

@@ -24,7 +24,7 @@ # Tel: +41-44-920 4904 # EMail: roseg@apsis.ch -CC=@PTHREAD_CC@ +CC="@PTHREAD_CC@" VERSION="@PACKAGE_VERSION@" C_SSL="@C_SSL@" C_T_RSA="@C_T_RSA@"

@@ -128,7 +128,7 @@ --disable-super -- disable supervisor process (default: enabled) --with-t_rsa=nnn -- timeout of the RSA ephemeral keys regeneration - (default: 1800 seconds). + (default: 300 seconds). --with-owner=owner -- name of installed binaries owner (default is system-dependent).

@@ -86,8 +86,8 @@ "^(GET|POST|HEAD) ([^ ]+) HTTP/1.[01]$", "^(GET|POST|HEAD|PUT|DELETE) ([^ ]+) HTTP/1.[01]$", "^(GET|POST|HEAD|PUT|DELETE|LOCK|UNLOCK|PROPFIND|PROPPATCH|SEARCH|MKCOL|MOVE|COPY|OPTIONS|TRACE|MKACTIVITY|CHECKOUT|MERGE|REPORT) ([^ ]+) HTTP/1.[01]$", - "^(GET|POST|HEAD|PUT|DELETE|LOCK|UNLOCK|PROPFIND|PROPPATCH|SEARCH|MKCOL|MOVE|COPY|OPTIONS|TRACE|MKACTIVITY|CHECKOUT|MERGE|REPORT|SUBSCRIBE|UNSUBSCRIBE|BPROPPATCH|POLL|BMOVE|BCOPY|BDELETE|BPROPFIND|NOTIFY|CONNECT) ([^ ]+) HTTP/1.[01]$", - "^(GET|POST|HEAD|PUT|DELETE|LOCK|UNLOCK|PROPFIND|PROPPATCH|SEARCH|MKCOL|MOVE|COPY|OPTIONS|TRACE|MKACTIVITY|CHECKOUT|MERGE|REPORT|SUBSCRIBE|UNSUBSCRIBE|BPROPPATCH|POLL|BMOVE|BCOPY|BDELETE|BPROPFIND|NOTIFY|CONNECT|RPC_IN_DATA|RPC_OUT_DATA) ([^ ]+) HTTP/1.[01]$", + "^(GET|POST|HEAD|PUT|DELETE|LOCK|UNLOCK|PROPFIND|PROPPATCH|SEARCH|MKCOL|MOVE|COPY|OPTIONS|TRACE|MKACTIVITY|CHECKOUT|MERGE|REPORT|SUBSCRIBE|BPROPPATCH|POLL|BMOVE|BCOPY|BDELETE|CONNECT) ([^ ]+) HTTP/1.[01]$", + "^(GET|POST|HEAD|PUT|DELETE|LOCK|UNLOCK|PROPFIND|PROPPATCH|SEARCH|MKCOL|MOVE|COPY|OPTIONS|TRACE|MKACTIVITY|CHECKOUT|MERGE|REPORT|SUBSCRIBE|BPROPPATCH|POLL|BMOVE|BCOPY|BDELETE|CONNECT|RPC_IN_DATA|RPC_OUT_DATA) ([^ ]+) HTTP/1.[01]$", }; static int log_level = 1; @@ -140,18 +140,11 @@ res->addr.ai_socktype = SOCK_STREAM; res->addr.ai_family = AF_UNIX; res->addr.ai_protocol = 0; - if((res->addr.ai_addr = (struct sockaddr *)malloc(sizeof(struct sockaddr_un))) == NULL) { + if((res->addr.ai_addr = (struct sockaddr *)strdup(lin + matches[1].rm_so)) == NULL) { logmsg(LOG_ERR, "line %d: out of memory", n_lin); exit(1); } - if((strlen(lin + matches[1].rm_so) + 1) > UNIX_PATH_MAX) { - logmsg(LOG_ERR, "line %d: UNIX path name too long (greater than %d)", n_lin, UNIX_PATH_MAX - 1); - exit(1); - } res->addr.ai_addrlen = strlen(lin + matches[1].rm_so) + 1; - res->addr.ai_addr->sa_family = AF_UNIX; - strcpy(res->addr.ai_addr->sa_data, lin + matches[1].rm_so); - res->addr.ai_addrlen = sizeof( struct sockaddr_un ); } has_addr = 1; } else if(!regexec(&Port, lin, 4, matches, 0)) {

@@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.61 for pound 2.4.5. +# Generated by GNU Autoconf 2.61 for pound 2.4.3. # # Report bugs to <roseg@apsis.ch>. # @@ -574,8 +574,8 @@ # Identity of this package. PACKAGE_NAME='pound' PACKAGE_TARNAME='pound' -PACKAGE_VERSION='2.4.5' -PACKAGE_STRING='pound 2.4.5' +PACKAGE_VERSION='2.4.3' +PACKAGE_STRING='pound 2.4.3' PACKAGE_BUGREPORT='roseg@apsis.ch' ac_unique_file="pound.c" @@ -1204,7 +1204,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures pound 2.4.5 to adapt to many kinds of systems. +\`configure' configures pound 2.4.3 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1270,7 +1270,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of pound 2.4.5:";; + short | recursive ) echo "Configuration of pound 2.4.3:";; esac cat <<\_ACEOF @@ -1287,7 +1287,7 @@ --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) --with-ssl=directory location of OpenSSL package --with-t_rsa=nnn Time-out for RSA ephemeral keys generation - --with-maxbuf=nnn Value of the MAXBUF parameter (default: 4096) + --with-maxbuf=nnn Value of the MAXBUF parameter (default: 1024) --with-owner=name The account that will own the files installed by Pound --with-group=name The group that will own the files installed by Pound @@ -1366,7 +1366,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -pound configure 2.4.5 +pound configure 2.4.3 generated by GNU Autoconf 2.61 Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, @@ -1380,7 +1380,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by pound $as_me 2.4.5, which was +It was created by pound $as_me 2.4.3, which was generated by GNU Autoconf 2.61. Invocation command line was $ $0 $@ @@ -7539,7 +7539,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by pound $as_me 2.4.5, which was +This file was extended by pound $as_me 2.4.3, which was generated by GNU Autoconf 2.61. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -7588,7 +7588,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF ac_cs_version="\\ -pound config.status 2.4.5 +pound config.status 2.4.3 configured by $0, generated by GNU Autoconf 2.61, with options \\"`echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\"

@@ -443,11 +443,8 @@ #ifdef HAVE_GETTIMEOFDAY struct timeval tv; struct timezone tz; - int sv_errno; - sv_errno = errno; gettimeofday(&tv, &tz); - errno = sv_errno; return tv.tv_sec * 1000000.0 + tv.tv_usec; #else return time(NULL) * 1000000.0; @@ -487,8 +484,8 @@ int cl_11, be_11, res, chunked, n, sock, no_cont, skip, conn_closed, force_10, sock_proto; LISTENER *lstn; SERVICE *svc; - BACKEND *backend, *cur_backend, *old_backend; - struct addrinfo from_host, z_addr; + BACKEND *backend, *cur_backend; + struct addrinfo from_host; struct sockaddr_storage from_host_addr; BIO *cl, *be, *bb, *b64; X509 *x509; @@ -785,20 +782,9 @@ if(connect_nb(sock, &backend->addr, backend->to) < 0) { str_be(buf, MAXBUF - 1, backend); logmsg(LOG_WARNING, "(%lx) backend %s connect: %s", pthread_self(), buf, strerror(errno)); - shutdown(sock, 2); close(sock); - /* - * kill the back-end only if no HAport is defined for it - * otherwise allow the HAport mechanism to do its job - */ - memset(&z_addr, 0, sizeof(z_addr)); - if(memcmp(&(backend->ha_addr), &(z_addr), sizeof(z_addr)) == 0) - kill_be(svc, backend, BE_KILL); - /* - * ...but make sure we don't get into a loop with the same back-end - */ - old_backend = backend; - if((backend = get_backend(svc, &from_host, url, &headers[1])) == NULL || backend == old_backend) { + kill_be(svc, backend, BE_KILL); + if((backend = get_backend(svc, &from_host, url, &headers[1])) == NULL) { addr2str(caddr, MAXBUF - 1, &from_host, 1); logmsg(LOG_NOTICE, "(%lx) e503 no back-end \"%s\" from %s", pthread_self(), request, caddr); err_reply(cl, h503, lstn->err503); @@ -898,7 +884,6 @@ logmsg(LOG_WARNING, "(%lx) e500 error write HTTPSHeader to %s: %s (%.3f sec)", pthread_self(), buf, strerror(errno), (end_req - start_req) / 1000000.0); err_reply(cl, h500, lstn->err500); - free_headers(headers); clean_all(); pthread_exit(NULL); } @@ -909,20 +894,6 @@ if(cur_backend->be_type == 0 && ssl != NULL) { SSL_CIPHER *cipher; - if((cipher = SSL_get_current_cipher(ssl)) != NULL) { - SSL_CIPHER_description(cipher, buf, MAXBUF - 1); - strip_eol(buf); - if(BIO_printf(be, "X-SSL-cipher: %s\r\n", buf) <= 0) { - str_be(buf, MAXBUF - 1, cur_backend); - end_req = cur_time(); - logmsg(LOG_WARNING, "(%lx) e500 error write X-SSL-cipher to %s: %s (%.3f sec)", - pthread_self(), buf, strerror(errno), (end_req - start_req) / 1000000.0); - err_reply(cl, h500, lstn->err500); - clean_all(); - pthread_exit(NULL); - } - } - if(lstn->clnt_check > 0 && x509 != NULL && (bb = BIO_new(BIO_s_mem())) != NULL) { X509_NAME_print_ex(bb, X509_get_subject_name(x509), 8, XN_FLAG_ONELINE & ~ASN1_STRFLGS_ESC_MSB); get_line(bb, buf, MAXBUF); @@ -1046,6 +1017,19 @@ } } #endif + if((cipher = SSL_get_current_cipher(ssl)) != NULL) { + SSL_CIPHER_description(cipher, buf, MAXBUF - 1); + strip_eol(buf); + if(BIO_printf(be, "X-SSL-cipher: %s\r\n", buf) <= 0) { + str_be(buf, MAXBUF - 1, cur_backend); + end_req = cur_time(); + logmsg(LOG_WARNING, "(%lx) e500 error write X-SSL-cipher to %s: %s (%.3f sec)", + pthread_self(), buf, strerror(errno), (end_req - start_req) / 1000000.0); + err_reply(cl, h500, lstn->err500); + clean_all(); + pthread_exit(NULL); + } + } BIO_free_all(bb); } }

@@ -340,8 +340,8 @@ CHECKOUT, MERGE, REPORT). .IP .I 3 -additionally allow MS extensions WebDAV verbs (SUBSCRIBE, UNSUBSCRIBE, -NOTIFY, BPROPFIND, BPROPPATCH, POLL, BMOVE, BCOPY, BDELETE, CONNECT). +additionally allow MS extensions WebDAV verbs (SUBSCRIBE, BPROPPATCH, +POLL, BMOVE, BCOPY, BDELETE, CONNECT). .IP .I 4 additionally allow MS RPC extensions verbs (RPC_IN_DATA, RPC_OUT_DATA).

@@ -97,11 +97,6 @@ #error "Pound needs sys/un.h" #endif -#ifndef UNIX_PATH_MAX -/* on Linux this is defined in linux/un.h rather than sys/un.h - go figure */ -#define UNIX_PATH_MAX 108 -#endif - #if HAVE_NETINET_IN_H #include <netinet/in.h> #else @@ -265,7 +260,7 @@ #endif /* NO_EXTERNALS */ #ifndef MAXBUF -#define MAXBUF 4096 +#define MAXBUF 1024 #endif #define MAXHEADERS 128 @@ -521,7 +516,7 @@ */ #define N_RSA_KEYS 11 #ifndef T_RSA_KEYS -#define T_RSA_KEYS 1800 +#define T_RSA_KEYS 300 #endif /*

@@ -55,36 +55,36 @@ static char * prt_addr(const struct addrinfo *addr) { - static char res[UNIX_PATH_MAX]; - char buf[UNIX_PATH_MAX]; + static char res[64]; + char buf[64]; int port; void *src; - memset(buf, 0, UNIX_PATH_MAX); + memset(buf, 0, 64); #ifdef HAVE_INET_NTOP switch(addr->ai_family) { case AF_INET: src = (void *)&((struct sockaddr_in *)addr->ai_addr)->sin_addr.s_addr; port = ntohs(((struct sockaddr_in *)addr->ai_addr)->sin_port); - if(inet_ntop(AF_INET, src, buf, UNIX_PATH_MAX - 1) == NULL) - strncpy(buf, "(UNKNOWN)", UNIX_PATH_MAX - 1); + if(inet_ntop(AF_INET, src, buf, 63) == NULL) + strncpy(buf, "(UNKNOWN)", 63); break; case AF_INET6: src = (void *)&((struct sockaddr_in6 *)addr->ai_addr)->sin6_addr.s6_addr; port = ntohs(((struct sockaddr_in6 *)addr->ai_addr)->sin6_port); - if(inet_ntop(AF_INET6, src, buf, UNIX_PATH_MAX - 1) == NULL) - strncpy(buf, "(UNKNOWN)", UNIX_PATH_MAX - 1); + if(inet_ntop(AF_INET6, src, buf, 63) == NULL) + strncpy(buf, "(UNKNOWN)", 63); break; case AF_UNIX: - strncpy(buf, (char *)addr->ai_addr, UNIX_PATH_MAX - 1); + strncpy(buf, (char *)addr->ai_addr, 63); port = 0; break; default: - strncpy(buf, "(UNKNOWN)", UNIX_PATH_MAX - 1); + strncpy(buf, "(UNKNOWN)", 63); port = 0; break; } - snprintf(res, UNIX_PATH_MAX - 1, "%s:%d", buf, port); + snprintf(res, 63, "%s:%d", buf, port); #else #error "Pound needs inet_ntop()" #endif

@@ -558,7 +558,6 @@ { BACKEND *b; int ret_val; - char buf[MAXBUF]; if(ret_val = pthread_mutex_lock(&svc->mut)) logmsg(LOG_WARNING, "kill_be() lock: %s", strerror(ret_val)); @@ -568,18 +567,12 @@ switch(disable_mode) { case BE_DISABLE: b->disabled = 1; - str_be(buf, MAXBUF - 1, b); - logmsg(LOG_NOTICE, "(%lx) BackEnd %s disabled", pthread_self(), buf); break; case BE_KILL: b->alive = 0; - str_be(buf, MAXBUF - 1, b); - logmsg(LOG_NOTICE, "(%lx) BackEnd %s dead (killed)", pthread_self(), buf); t_clean(svc->sessions, &be, sizeof(be)); break; case BE_ENABLE: - str_be(buf, MAXBUF - 1, b); - logmsg(LOG_NOTICE, "(%lx) BackEnd %s enabled", pthread_self(), buf); b->disabled = 0; break; default: @@ -756,8 +749,8 @@ * check if the Location points to the Listener but with the wrong port or protocol */ if(memcmp(&be_addr.sin_addr.s_addr, &in_addr.sin_addr.s_addr, sizeof(in_addr.sin_addr.s_addr)) == 0 - && (memcmp(&be_addr.sin_port, &in_addr.sin_port, sizeof(in_addr.sin_port)) != 0 - || strcasecmp(proto, (lstn->ctx == NULL)? "http": "https"))) { + && (memcmp(&be_addr.sin_port, &in_addr.sin_port, sizeof(in_addr.sin_port) != 0 + || strcasecmp(proto, (lstn->ctx == NULL)? "http": "https")))) { free(addr.ai_addr); return 1; } @@ -768,8 +761,8 @@ * check if the Location points to the Listener but with the wrong port or protocol */ if(memcmp(&be6_addr.sin6_addr.s6_addr, &in6_addr.sin6_addr.s6_addr, sizeof(in6_addr.sin6_addr.s6_addr)) == 0 - && (memcmp(&be6_addr.sin6_port, &in6_addr.sin6_port, sizeof(in6_addr.sin6_port)) != 0 - || strcasecmp(proto, (lstn->ctx == NULL)? "http": "https"))) { + && (memcmp(&be6_addr.sin6_port, &in6_addr.sin6_port, sizeof(in6_addr.sin6_port) != 0 + || strcasecmp(proto, (lstn->ctx == NULL)? "http": "https")))) { free(addr.ai_addr); return 1; } @@ -1360,19 +1353,19 @@ if((n_remain = n_wait - (cur_time - last_time)) > 0) sleep(n_remain); last_time = time(NULL); - if((last_time - last_RSA) >= T_RSA_KEYS) { + if((last_time - last_RSA) > T_RSA_KEYS) { last_RSA = time(NULL); do_RSAgen(); } - if((last_time - last_rescale) >= RESCALE_TO) { + if((last_time - last_rescale) > RESCALE_TO) { last_rescale = time(NULL); do_rescale(); } - if((last_time - last_alive) >= alive_to) { + if((last_time - last_alive) > alive_to) { last_alive = time(NULL); do_resurect(); } - if((last_time - last_expire) >= EXPIRE_TO) { + if((last_time - last_expire) > EXPIRE_TO) { last_expire = time(NULL); do_expire(); } @@ -1406,7 +1399,6 @@ write(a->control_sock, t->key, sz); return; } - IMPLEMENT_LHASH_DOALL_ARG_FN(t_dump, TABNODE *, void *) /*

@@ -1,674 +0,0 @@ - GNU GENERAL PUBLIC LICENSE - Version 3, 29 June 2007 - - Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/> - Everyone is permitted to copy and distribute verbatim copies - of this license document, but changing it is not allowed. - - Preamble - - The GNU General Public License is a free, copyleft license for -software and other kinds of works. - - The licenses for most software and other practical works are designed -to take away your freedom to share and change the works. By contrast, -the GNU General Public License is intended to guarantee your freedom to -share and change all versions of a program--to make sure it remains free -software for all its users. We, the Free Software Foundation, use the -GNU General Public License for most of our software; it applies also to -any other work released this way by its authors. You can apply it to -your programs, too. - - When we speak of free software, we are referring to freedom, not -price. Our General Public Licenses are designed to make sure that you -have the freedom to distribute copies of free software (and charge for -them if you wish), that you receive source code or can get it if you -want it, that you can change the software or use pieces of it in new -free programs, and that you know you can do these things. - - To protect your rights, we need to prevent others from denying you -these rights or asking you to surrender the rights. Therefore, you have -certain responsibilities if you distribute copies of the software, or if -you modify it: responsibilities to respect the freedom of others. - - For example, if you distribute copies of such a program, whether -gratis or for a fee, you must pass on to the recipients the same -freedoms that you received. You must make sure that they, too, receive -or can get the source code. And you must show them these terms so they -know their rights. - - Developers that use the GNU GPL protect your rights with two steps: -(1) assert copyright on the software, and (2) offer you this License -giving you legal permission to copy, distribute and/or modify it. - - For the developers' and authors' protection, the GPL clearly explains -that there is no warranty for this free software. For both users' and -authors' sake, the GPL requires that modified versions be marked as -changed, so that their problems will not be attributed erroneously to -authors of previous versions. - - Some devices are designed to deny users access to install or run -modified versions of the software inside them, although the manufacturer -can do so. This is fundamentally incompatible with the aim of -protecting users' freedom to change the software. The systematic -pattern of such abuse occurs in the area of products for individuals to -use, which is precisely where it is most unacceptable. Therefore, we -have designed this version of the GPL to prohibit the practice for those -products. If such problems arise substantially in other domains, we -stand ready to extend this provision to those domains in future versions -of the GPL, as needed to protect the freedom of users. - - Finally, every program is threatened constantly by software patents. -States should not allow patents to restrict development and use of -software on general-purpose computers, but in those that do, we wish to -avoid the special danger that patents applied to a free program could -make it effectively proprietary. To prevent this, the GPL assures that -patents cannot be used to render the program non-free. - - The precise terms and conditions for copying, distribution and -modification follow. - - TERMS AND CONDITIONS - - 0. Definitions. - - "This License" refers to version 3 of the GNU General Public License. - - "Copyright" also means copyright-like laws that apply to other kinds of -works, such as semiconductor masks. - - "The Program" refers to any copyrightable work licensed under this -License. Each licensee is addressed as "you". "Licensees" and -"recipients" may be individuals or organizations. - - To "modify" a work means to copy from or adapt all or part of the work -in a fashion requiring copyright permission, other than the making of an -exact copy. The resulting work is called a "modified version" of the -earlier work or a work "based on" the earlier work. - - A "covered work" means either the unmodified Program or a work based -on the Program. - - To "propagate" a work means to do anything with it that, without -permission, would make you directly or secondarily liable for -infringement under applicable copyright law, except executing it on a -computer or modifying a private copy. Propagation includes copying, -distribution (with or without modification), making available to the -public, and in some countries other activities as well. - - To "convey" a work means any kind of propagation that enables other -parties to make or receive copies. Mere interaction with a user through -a computer network, with no transfer of a copy, is not conveying. - - An interactive user interface displays "Appropriate Legal Notices" -to the extent that it includes a convenient and prominently visible -feature that (1) displays an appropriate copyright notice, and (2) -tells the user that there is no warranty for the work (except to the -extent that warranties are provided), that licensees may convey the -work under this License, and how to view a copy of this License. If -the interface presents a list of user commands or options, such as a -menu, a prominent item in the list meets this criterion. - - 1. Source Code. - - The "source code" for a work means the preferred form of the work -for making modifications to it. "Object code" means any non-source -form of a work. - - A "Standard Interface" means an interface that either is an official -standard defined by a recognized standards body, or, in the case of -interfaces specified for a particular programming language, one that -is widely used among developers working in that language. - - The "System Libraries" of an executable work include anything, other -than the work as a whole, that (a) is included in the normal form of -packaging a Major Component, but which is not part of that Major -Component, and (b) serves only to enable use of the work with that -Major Component, or to implement a Standard Interface for which an -implementation is available to the public in source code form. A -"Major Component", in this context, means a major essential component -(kernel, window system, and so on) of the specific operating system -(if any) on which the executable work runs, or a compiler used to -produce the work, or an object code interpreter used to run it. - - The "Corresponding Source" for a work in object code form means all -the source code needed to generate, install, and (for an executable -work) run the object code and to modify the work, including scripts to -control those activities. However, it does not include the work's -System Libraries, or general-purpose tools or generally available free -programs which are used unmodified in performing those activities but -which are not part of the work. For example, Corresponding Source -includes interface definition files associated with source files for -the work, and the source code for shared libraries and dynamically -linked subprograms that the work is specifically designed to require, -such as by intimate data communication or control flow between those -subprograms and other parts of the work. - - The Corresponding Source need not include anything that users -can regenerate automatically from other parts of the Corresponding -Source. - - The Corresponding Source for a work in source code form is that -same work. - - 2. Basic Permissions. - - All rights granted under this License are granted for the term of -copyright on the Program, and are irrevocable provided the stated -conditions are met. This License explicitly affirms your unlimited -permission to run the unmodified Program. The output from running a -covered work is covered by this License only if the output, given its -content, constitutes a covered work. This License acknowledges your -rights of fair use or other equivalent, as provided by copyright law. - - You may make, run and propagate covered works that you do not -convey, without conditions so long as your license otherwise remains -in force. You may convey covered works to others for the sole purpose -of having them make modifications exclusively for you, or provide you -with facilities for running those works, provided that you comply with -the terms of this License in conveying all material for which you do -not control copyright. Those thus making or running the covered works -for you must do so exclusively on your behalf, under your direction -and control, on terms that prohibit them from making any copies of -your copyrighted material outside their relationship with you. - - Conveying under any other circumstances is permitted solely under -the conditions stated below. Sublicensing is not allowed; section 10 -makes it unnecessary. - - 3. Protecting Users' Legal Rights From Anti-Circumvention Law. - - No covered work shall be deemed part of an effective technological -measure under any applicable law fulfilling obligations under article -11 of the WIPO copyright treaty adopted on 20 December 1996, or -similar laws prohibiting or restricting circumvention of such -measures. - - When you convey a covered work, you waive any legal power to forbid -circumvention of technological measures to the extent such circumvention -is effected by exercising rights under this License with respect to -the covered work, and you disclaim any intention to limit operation or -modification of the work as a means of enforcing, against the work's -users, your or third parties' legal rights to forbid circumvention of -technological measures. - - 4. Conveying Verbatim Copies. - - You may convey verbatim copies of the Program's source code as you -receive it, in any medium, provided that you conspicuously and -appropriately publish on each copy an appropriate copyright notice; -keep intact all notices stating that this License and any -non-permissive terms added in accord with section 7 apply to the code; -keep intact all notices of the absence of any warranty; and give all -recipients a copy of this License along with the Program. - - You may charge any price or no price for each copy that you convey, -and you may offer support or warranty protection for a fee. - - 5. Conveying Modified Source Versions. - - You may convey a work based on the Program, or the modifications to -produce it from the Program, in the form of source code under the -terms of section 4, provided that you also meet all of these conditions: - - a) The work must carry prominent notices stating that you modified - it, and giving a relevant date. - - b) The work must carry prominent notices stating that it is - released under this License and any conditions added under section - 7. This requirement modifies the requirement in section 4 to - "keep intact all notices". - - c) You must license the entire work, as a whole, under this - License to anyone who comes into possession of a copy. This - License will therefore apply, along with any applicable section 7 - additional terms, to the whole of the work, and all its parts, - regardless of how they are packaged. This License gives no - permission to license the work in any other way, but it does not - invalidate such permission if you have separately received it. - - d) If the work has interactive user interfaces, each must display - Appropriate Legal Notices; however, if the Program has interactive - interfaces that do not display Appropriate Legal Notices, your - work need not make them do so. - - A compilation of a covered work with other separate and independent -works, which are not by their nature extensions of the covered work, -and which are not combined with it such as to form a larger program, -in or on a volume of a storage or distribution medium, is called an -"aggregate" if the compilation and its resulting copyright are not -used to limit the access or legal rights of the compilation's users -beyond what the individual works permit. Inclusion of a covered work -in an aggregate does not cause this License to apply to the other -parts of the aggregate. - - 6. Conveying Non-Source Forms. - - You may convey a covered work in object code form under the terms -of sections 4 and 5, provided that you also convey the -machine-readable Corresponding Source under the terms of this License, -in one of these ways: - - a) Convey the object code in, or embodied in, a physical product - (including a physical distribution medium), accompanied by the - Corresponding Source fixed on a durable physical medium - customarily used for software interchange. - - b) Convey the object code in, or embodied in, a physical product - (including a physical distribution medium), accompanied by a - written offer, valid for at least three years and valid for as - long as you offer spare parts or customer support for that product - model, to give anyone who possesses the object code either (1) a - copy of the Corresponding Source for all the software in the - product that is covered by this License, on a durable physical - medium customarily used for software interchange, for a price no - more than your reasonable cost of physically performing this - conveying of source, or (2) access to copy the - Corresponding Source from a network server at no charge. - - c) Convey individual copies of the object code with a copy of the - written offer to provide the Corresponding Source. This - alternative is allowed only occasionally and noncommercially, and - only if you received the object code with such an offer, in accord - with subsection 6b. - - d) Convey the object code by offering access from a designated - place (gratis or for a charge), and offer equivalent access to the - Corresponding Source in the same way through the same place at no - further charge. You need not require recipients to copy the - Corresponding Source along with the object code. If the place to - copy the object code is a network server, the Corresponding Source - may be on a different server (operated by you or a third party) - that supports equivalent copying facilities, provided you maintain - clear directions next to the object code saying where to find the - Corresponding Source. Regardless of what server hosts the - Corresponding Source, you remain obligated to ensure that it is - available for as long as needed to satisfy these requirements. - - e) Convey the object code using peer-to-peer transmission, provided - you inform other peers where the object code and Corresponding - Source of the work are being offered to the general public at no - charge under subsection 6d. - - A separable portion of the object code, whose source code is excluded -from the Corresponding Source as a System Library, need not be -included in conveying the object code work. - - A "User Product" is either (1) a "consumer product", which means any -tangible personal property which is normally used for personal, family, -or household purposes, or (2) anything designed or sold for incorporation -into a dwelling. In determining whether a product is a consumer product, -doubtful cases shall be resolved in favor of coverage. For a particular -product received by a particular user, "normally used" refers to a -typical or common use of that class of product, regardless of the status -of the particular user or of the way in which the particular user -actually uses, or expects or is expected to use, the product. A product -is a consumer product regardless of whether the product has substantial -commercial, industrial or non-consumer uses, unless such uses represent -the only significant mode of use of the product. - - "Installation Information" for a User Product means any methods, -procedures, authorization keys, or other information required to install -and execute modified versions of a covered work in that User Product from -a modified version of its Corresponding Source. The information must -suffice to ensure that the continued functioning of the modified object -code is in no case prevented or interfered with solely because -modification has been made. - - If you convey an object code work under this section in, or with, or -specifically for use in, a User Product, and the conveying occurs as -part of a transaction in which the right of possession and use of the -User Product is transferred to the recipient in perpetuity or for a -fixed term (regardless of how the transaction is characterized), the -Corresponding Source conveyed under this section must be accompanied -by the Installation Information. But this requirement does not apply -if neither you nor any third party retains the ability to install -modified object code on the User Product (for example, the work has -been installed in ROM). - - The requirement to provide Installation Information does not include a -requirement to continue to provide support service, warranty, or updates -for a work that has been modified or installed by the recipient, or for -the User Product in which it has been modified or installed. Access to a -network may be denied when the modification itself materially and -adversely affects the operation of the network or violates the rules and -protocols for communication across the network. - - Corresponding Source conveyed, and Installation Information provided, -in accord with this section must be in a format that is publicly -documented (and with an implementation available to the public in -source code form), and must require no special password or key for -unpacking, reading or copying. - - 7. Additional Terms. - - "Additional permissions" are terms that supplement the terms of this -License by making exceptions from one or more of its conditions. -Additional permissions that are applicable to the entire Program shall -be treated as though they were included in this License, to the extent -that they are valid under applicable law. If additional permissions -apply only to part of the Program, that part may be used separately -under those permissions, but the entire Program remains governed by -this License without regard to the additional permissions. - - When you convey a copy of a covered work, you may at your option -remove any additional permissions from that copy, or from any part of -it. (Additional permissions may be written to require their own -removal in certain cases when you modify the work.) You may place -additional permissions on material, added by you to a covered work, -for which you have or can give appropriate copyright permission. - - Notwithstanding any other provision of this License, for material you -add to a covered work, you may (if authorized by the copyright holders of -that material) supplement the terms of this License with terms: - - a) Disclaiming warranty or limiting liability differently from the - terms of sections 15 and 16 of this License; or - - b) Requiring preservation of specified reasonable legal notices or - author attributions in that material or in the Appropriate Legal - Notices displayed by works containing it; or - - c) Prohibiting misrepresentation of the origin of that material, or - requiring that modified versions of such material be marked in - reasonable ways as different from the original version; or - - d) Limiting the use for publicity purposes of names of licensors or - authors of the material; or - - e) Declining to grant rights under trademark law for use of some - trade names, trademarks, or service marks; or - - f) Requiring indemnification of licensors and authors of that - material by anyone who conveys the material (or modified versions of - it) with contractual assumptions of liability to the recipient, for - any liability that these contractual assumptions directly impose on - those licensors and authors. - - All other non-permissive additional terms are considered "further -restrictions" within the meaning of section 10. If the Program as you -received it, or any part of it, contains a notice stating that it is -governed by this License along with a term that is a further -restriction, you may remove that term. If a license document contains -a further restriction but permits relicensing or conveying under this -License, you may add to a covered work material governed by the terms -of that license document, provided that the further restriction does -not survive such relicensing or conveying. - - If you add terms to a covered work in accord with this section, you -must place, in the relevant source files, a statement of the -additional terms that apply to those files, or a notice indicating -where to find the applicable terms. - - Additional terms, permissive or non-permissive, may be stated in the -form of a separately written license, or stated as exceptions; -the above requirements apply either way. - - 8. Termination. - - You may not propagate or modify a covered work except as expressly -provided under this License. Any attempt otherwise to propagate or -modify it is void, and will automatically terminate your rights under -this License (including any patent licenses granted under the third -paragraph of section 11). - - However, if you cease all violation of this License, then your -license from a particular copyright holder is reinstated (a) -provisionally, unless and until the copyright holder explicitly and -finally terminates your license, and (b) permanently, if the copyright -holder fails to notify you of the violation by some reasonable means -prior to 60 days after the cessation. - - Moreover, your license from a particular copyright holder is -reinstated permanently if the copyright holder notifies you of the -violation by some reasonable means, this is the first time you have -received notice of violation of this License (for any work) from that -copyright holder, and you cure the violation prior to 30 days after -your receipt of the notice. - - Termination of your rights under this section does not terminate the -licenses of parties who have received copies or rights from you under -this License. If your rights have been terminated and not permanently -reinstated, you do not qualify to receive new licenses for the same -material under section 10. - - 9. Acceptance Not Required for Having Copies. - - You are not required to accept this License in order to receive or -run a copy of the Program. Ancillary propagation of a covered work -occurring solely as a consequence of using peer-to-peer transmission -to receive a copy likewise does not require acceptance. However, -nothing other than this License grants you permission to propagate or -modify any covered work. These actions infringe copyright if you do -not accept this License. Therefore, by modifying or propagating a -covered work, you indicate your acceptance of this License to do so. - - 10. Automatic Licensing of Downstream Recipients. - - Each time you convey a covered work, the recipient automatically -receives a license from the original licensors, to run, modify and -propagate that work, subject to this License. You are not responsible -for enforcing compliance by third parties with this License. - - An "entity transaction" is a transaction transferring control of an -organization, or substantially all assets of one, or subdividing an -organization, or merging organizations. If propagation of a covered -work results from an entity transaction, each party to that -transaction who receives a copy of the work also receives whatever -licenses to the work the party's predecessor in interest had or could -give under the previous paragraph, plus a right to possession of the -Corresponding Source of the work from the predecessor in interest, if -the predecessor has it or can get it with reasonable efforts. - - You may not impose any further restrictions on the exercise of the -rights granted or affirmed under this License. For example, you may -not impose a license fee, royalty, or other charge for exercise of -rights granted under this License, and you may not initiate litigation -(including a cross-claim or counterclaim in a lawsuit) alleging that -any patent claim is infringed by making, using, selling, offering for -sale, or importing the Program or any portion of it. - - 11. Patents. - - A "contributor" is a copyright holder who authorizes use under this -License of the Program or a work on which the Program is based. The -work thus licensed is called the contributor's "contributor version". - - A contributor's "essential patent claims" are all patent claims -owned or controlled by the contributor, whether already acquired or -hereafter acquired, that would be infringed by some manner, permitted -by this License, of making, using, or selling its contributor version, -but do not include claims that would be infringed only as a -consequence of further modification of the contributor version. For -purposes of this definition, "control" includes the right to grant -patent sublicenses in a manner consistent with the requirements of -this License. - - Each contributor grants you a non-exclusive, worldwide, royalty-free -patent license under the contributor's essential patent claims, to -make, use, sell, offer for sale, import and otherwise run, modify and -propagate the contents of its contributor version. - - In the following three paragraphs, a "patent license" is any express -agreement or commitment, however denominated, not to enforce a patent -(such as an express permission to practice a patent or covenant not to -sue for patent infringement). To "grant" such a patent license to a -party means to make such an agreement or commitment not to enforce a -patent against the party. - - If you convey a covered work, knowingly relying on a patent license, -and the Corresponding Source of the work is not available for anyone -to copy, free of charge and under the terms of this License, through a -publicly available network server or other readily accessible means, -then you must either (1) cause the Corresponding Source to be so -available, or (2) arrange to deprive yourself of the benefit of the -patent license for this particular work, or (3) arrange, in a manner -consistent with the requirements of this License, to extend the patent -license to downstream recipients. "Knowingly relying" means you have -actual knowledge that, but for the patent license, your conveying the -covered work in a country, or your recipient's use of the covered work -in a country, would infringe one or more identifiable patents in that -country that you have reason to believe are valid. - - If, pursuant to or in connection with a single transaction or -arrangement, you convey, or propagate by procuring conveyance of, a -covered work, and grant a patent license to some of the parties -receiving the covered work authorizing them to use, propagate, modify -or convey a specific copy of the covered work, then the patent license -you grant is automatically extended to all recipients of the covered -work and works based on it. - - A patent license is "discriminatory" if it does not include within -the scope of its coverage, prohibits the exercise of, or is -conditioned on the non-exercise of one or more of the rights that are -specifically granted under this License. You may not convey a covered -work if you are a party to an arrangement with a third party that is -in the business of distributing software, under which you make payment -to the third party based on the extent of your activity of conveying -the work, and under which the third party grants, to any of the -parties who would receive the covered work from you, a discriminatory -patent license (a) in connection with copies of the covered work -conveyed by you (or copies made from those copies), or (b) primarily -for and in connection with specific products or compilations that -contain the covered work, unless you entered into that arrangement, -or that patent license was granted, prior to 28 March 2007. - - Nothing in this License shall be construed as excluding or limiting -any implied license or other defenses to infringement that may -otherwise be available to you under applicable patent law. - - 12. No Surrender of Others' Freedom. - - If conditions are imposed on you (whether by court order, agreement or -otherwise) that contradict the conditions of this License, they do not -excuse you from the conditions of this License. If you cannot convey a -covered work so as to satisfy simultaneously your obligations under this -License and any other pertinent obligations, then as a consequence you may -not convey it at all. For example, if you agree to terms that obligate you -to collect a royalty for further conveying from those to whom you convey -the Program, the only way you could satisfy both those terms and this -License would be to refrain entirely from conveying the Program. - - 13. Use with the GNU Affero General Public License. - - Notwithstanding any other provision of this License, you have -permission to link or combine any covered work with a work licensed -under version 3 of the GNU Affero General Public License into a single -combined work, and to convey the resulting work. The terms of this -License will continue to apply to the part which is the covered work, -but the special requirements of the GNU Affero General Public License, -section 13, concerning interaction through a network will apply to the -combination as such. - - 14. Revised Versions of this License. - - The Free Software Foundation may publish revised and/or new versions of -the GNU General Public License from time to time. Such new versions will -be similar in spirit to the present version, but may differ in detail to -address new problems or concerns. - - Each version is given a distinguishing version number. If the -Program specifies that a certain numbered version of the GNU General -Public License "or any later version" applies to it, you have the -option of following the terms and conditions either of that numbered -version or of any later version published by the Free Software -Foundation. If the Program does not specify a version number of the -GNU General Public License, you may choose any version ever published -by the Free Software Foundation. - - If the Program specifies that a proxy can decide which future -versions of the GNU General Public License can be used, that proxy's -public statement of acceptance of a version permanently authorizes you -to choose that version for the Program. - - Later license versions may give you additional or different -permissions. However, no additional obligations are imposed on any -author or copyright holder as a result of your choosing to follow a -later version. - - 15. Disclaimer of Warranty. - - THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY -APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT -HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY -OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, -THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM -IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF -ALL NECESSARY SERVICING, REPAIR OR CORRECTION. - - 16. Limitation of Liability. - - IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING -WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS -THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY -GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE -USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF -DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD -PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), -EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF -SUCH DAMAGES. - - 17. Interpretation of Sections 15 and 16. - - If the disclaimer of warranty and limitation of liability provided -above cannot be given local legal effect according to their terms, -reviewing courts shall apply local law that most closely approximates -an absolute waiver of all civil liability in connection with the -Program, unless a warranty or assumption of liability accompanies a -copy of the Program in return for a fee. - - END OF TERMS AND CONDITIONS - - How to Apply These Terms to Your New Programs - - If you develop a new program, and you want it to be of the greatest -possible use to the public, the best way to achieve this is to make it -free software which everyone can redistribute and change under these terms. - - To do so, attach the following notices to the program. It is safest -to attach them to the start of each source file to most effectively -state the exclusion of warranty; and each file should have at least -the "copyright" line and a pointer to where the full notice is found. - - <one line to give the program's name and a brief idea of what it does.> - Copyright (C) <year> <name of author> - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. - -Also add information on how to contact you by electronic and paper mail. - - If the program does terminal interaction, make it output a short -notice like this when it starts in an interactive mode: - - <program> Copyright (C) <year> <name of author> - This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. - This is free software, and you are welcome to redistribute it - under certain conditions; type `show c' for details. - -The hypothetical commands `show w' and `show c' should show the appropriate -parts of the General Public License. Of course, your program's commands -might be different; for a GUI interface, you would use an "about box". - - You should also get your employer (if you work as a programmer) or school, -if any, to sign a "copyright disclaimer" for the program, if necessary. -For more information on this, and how to apply and follow the GNU GPL, see -<http://www.gnu.org/licenses/>. - - The GNU General Public License does not permit incorporating your program -into proprietary programs. If your program is a subroutine library, you -may consider it more useful to permit linking proprietary applications with -the library. If this is what you want to do, use the GNU Lesser General -Public License instead of this License. But first, please read -<http://www.gnu.org/philosophy/why-not-lgpl.html>.

@@ -0,0 +1,72 @@ +#! /bin/sh +# Copyright (c) 1995-1998 SuSE GmbH Nuernberg, Germany. +# +# Author: adrian@suse.de, template by ro@suse.de +# +# /etc/init.d/pound +# and its symbolic link +# /usr/sbin/rcpound +# +### BEGIN INIT INFO +# Provides: pound +# Required-Start: $time $remote_fs $named $syslog +# Required-Stop: +# Default-Start: 3 5 +# Default-Stop: 0 1 2 4 6 +# Description: A lightweight HTTP proxy +# Short-Description: A lightweight HTTP proxy +### END INIT INFO + +. /etc/rc.status + + +# Determine the base and follow a runlevel link name. +base=${0##*/} +link=${base#*[SK][0-9][0-9]} + +# Force execution if not called by a runlevel directory. +test -x /usr/sbin/pound || exit 0 + +rc_reset +case "$1" in + start) + echo -n "Starting Pound HTTP Proxy" + startproc /usr/sbin/pound + rc_status -v + ;; + stop) + echo -n "Shutting down Pound HTTP Proxy" + killproc -TERM /usr/sbin/pound + rc_status -v + ;; + restart) + ## If first returns OK call the second, if first or + ## second command fails, set echo return value. + $0 stop && $0 start + rc_status + ;; + force-reload) + ## If first returns OK call the second, if first or + ## second command fails, set echo return value. + $0 stop; sleep 1 && $0 start + rc_status + ;; + reload) + $0 stop; sleep 1 && $0 start + rc_status + ;; + status) + echo -n "Checking for Pound HTTP Proxy Daemon: " + checkproc /usr/sbin/pound + rc_status -v + ;; + configtest) + echo "Checking Pound configuration ..." + eval /usr/sbin/pound -c + ;; + *) + echo "Usage: $0 {start|stop|status|restart|reload|configtest}" + exit 1 + ;; +esac +rc_exit

@@ -1,35 +1,22 @@ -# -# Default pound.cfg -# -# Pound listens on port 80 for HTTP and port 443 for HTTPS -# and distributes requests to 2 backends running on localhost. -# see pound(8) for configuration directives. -# You can enable/disable backends with poundctl(8). -# +# This is a simple configuration example. +# It sends all requests from port 80 to port 8080 on the same machine. -User "pound" +# Start pound as User with Group +User "pound" Group "pound" -Control "/var/lib/pound/pound.cfg" +# Replace "localhost" by your IP or host name ListenHTTP - Address 0.0.0.0 - Port 80 -End + Address localhost + Port 80 -ListenHTTPS - Address 0.0.0.0 - Port 443 - Cert "/etc/pki/tls/certs/pound.pem" -End + Service + HeadRequire "Host: .*localhost.*" -Service - BackEnd - Address 127.0.0.1 - Port 8000 - End - - BackEnd - Address 127.0.0.1 - Port 8001 + BackEnd + Address localhost + Port 8080 + End End End +

@@ -0,0 +1,13 @@ +Format: 1.0 +Source: pound +Binary: pound +Architecture: any +Version: 2.4.1-1 +Maintainer: Michael Mende <debian@menole.net> +Uploaders: Michael Piefel <piefel@debian.org> +Homepage: http://www.apsis.ch/pound/ +Standards-Version: 3.7.3 +Build-Depends: autotools-dev, debhelper (>= 5), libpcre3-dev, libssl-dev (>= 0.9.7) +Files: + 16450962d535215719442955f6101829 169138 Pound-2.4.1.tar.gz + 28db12afac91ca5c28b09a7ead069e56 6188 pound_2.4-2.diff.gz

@@ -1,62 +0,0 @@ -#!/bin/bash -# -# pound This shell script starts the Pound load-balancer -# -# Author: Ruben Kerkhof <ruben@rubenkerkhof.com> -# -# chkconfig: - 85 15 -# -# description: Pound is a reverse proxy and load-balancer -# processname: pound -# config: /etc/pound.cfg -# pidfile: /var/run/pound.pid -# - -# source function library -. /etc/rc.d/init.d/functions - -RETVAL=0 - -start() { - echo -n $"Starting Pound: " - daemon pound - RETVAL=$? - echo - [ $RETVAL -eq 0 ] && touch /var/lock/subsys/pound -} - -stop() { - echo -n $"Stopping Pound: " - killproc pound - echo - [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/pound -} - -restart() { - stop - start -} - -case "$1" in - start) - start - ;; - stop) - stop - ;; - restart|force-reload|reload) - restart - ;; - condrestart) - [ -f /var/lock/subsys/pound ] && restart - ;; - status) - status pound - RETVAL=$? - ;; - *) - echo $"Usage: $0 {start|stop|status|restart|reload|force-reload|condrestart}" - exit 1 -esac - -exit $RETVAL

[-] [+]	Deleted	Pound.spec
@@ -1,190 +0,0 @@ -%define pound_user pound -%define pound_group pound -%define pound_home %{_localstatedir}/lib/pound - -Name: Pound -Version: 2.5 -Release: 1%{?dist} -Summary: Reverse proxy and load balancer - -Group: System Environment/Daemons -License: GPLv3 -URL: http://www.apsis.ch/pound -BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) - - -BuildRequires: openssl-devel, pcre-devel - -# tcmalloc doesn't exist on ppc yet (#238390) -# or sparc arches -%ifnarch ppc ppc64 sparcv9 sparc64 -BuildRequires: google-perftools-devel -%endif - -Requires(pre): %{_sbindir}/useradd -Requires(pre): %{_sbindir}/groupadd -Requires(post): /sbin/chkconfig -Requires(preun): /sbin/chkconfig, /sbin/service -Requires(postun): /sbin/service - -Source0: http://www.apsis.ch/pound/%{name}-%{version}.tgz -Source1: pound.init -Source2: pound.cfg -Patch0: pound-remove-owner.patch - -%description -The Pound program is a reverse proxy, load balancer and -HTTPS front-end for Web server(s). Pound was developed -to enable distributing the load among several Web-servers -and to allow for a convenient SSL wrapper for those Web -servers that do not offer it natively. Pound is distributed -under the GPL - no warranty, it's free to use, copy and -give away - -%prep -%setup -q -%patch0 -p1 -b .remove-owner - -%build -%configure -make %{?_smp_mflags} - -%install -rm -rf %{buildroot} -make install DESTDIR=%{buildroot} - -%{__install} -d %{buildroot}%{pound_home} -%{__install} -p -D -m 755 %{SOURCE1} %{buildroot}%{_initrddir}/pound -%{__install} -p -D -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/pound.cfg - -mkdir -p %{buildroot}%{_sysconfdir}/pki/tls/certs -touch %{buildroot}%{_sysconfdir}/pki/tls/certs/pound.pem - -%clean -rm -rf %{buildroot} - -%pre -%{_sbindir}/groupadd -f -r %{pound_group} -id %{pound_user} >/dev/null 2>&1 \|\| \ - %{_sbindir}/useradd -r -g %{pound_group} -d %{pound_home} -s /sbin/nologin \ - -c "Pound user" %{pound_user} - -%post -/sbin/chkconfig --add pound - -# generate dummy certificate -exec > /dev/null 2> /dev/null -if [ ! -f %{_sysconfdir}/pki/tls/certs/pound.pem ] ; then -pushd %{_sysconfdir}/pki/tls/certs -umask 077 -cat << EOF \| make pound.pem --- -SomeState -SomeCity -Pound Example Certificate -SomeOrganizationalUnit -localhost.localdomain -root@localhost.localdomain -EOF -chown root:pound pound.pem -chmod 640 pound.pem -popd -fi -exit 0 - -%preun -if [ $1 = 0 ]; then - /sbin/service pound stop >/dev/null 2>&1 - /sbin/chkconfig --del pound -fi - -%postun -if [ $1 -ge 1 ] ; then - /sbin/service pound condrestart > /dev/null 2>&1 \|\| : -fi - -%files -%defattr(-,root,root,-) -%doc CHANGELOG FAQ GPL.txt README -%{_mandir}/man8/pound.8* -%{_mandir}/man8/poundctl.8* -%{_sbindir}/pound -%{_sbindir}/poundctl -%{_initrddir}/pound -%config(noreplace) %{_sysconfdir}/pound.cfg -%ghost %config(noreplace) %{_sysconfdir}/pki/tls/certs/pound.pem -%attr(-,%{pound_user},%{pound_group}) %dir %{pound_home} - -%changelog -* Sat Nov 20 2010 Carsten Schoene <cs@linux-administrator.com> - 2.5-1 -- update to release 2.5 - -* Thu Jan 15 2009 Ruben Kerkhof <ruben@rubenkerkhof.com> 2.4.4-1 -- upstream released new version - -* Mon Oct 13 2008 Ruben Kerkhof <ruben@rubenkerkhof.com> 2.4.3-1 -- Upstream released new version - -* Fri Jun 27 2008 Dennis Gilmore <dennis@ausil.us> 2.4-2 -- sparc arches dont have tcmalloc - -* Sat Feb 16 2008 Ruben Kerkhof <ruben@rubenkerkhof.com> 2.4-1 -- New stable version - -* Sat Feb 09 2008 Ruben Kerkhof <ruben@rubenkerkhof.com> - 2.4-0.2f -- Upstream released new version - -* Wed Dec 05 2007 Release Engineering <rel-eng at fedoraproject dot org> - 2.4-0.2 -- Rebuild for deps - -* Sun Dec 01 2007 Ruben Kerkhof <ruben@rubenkerkhof.com> 2.4.0-1e -- Update to experimental version 2.4e -* Thu Aug 16 2007 Ruben Kerkhof <ruben@rubenkerkhof.com> 2.4.0-1d -- Update to experimental version 2.4d -- Upstream changed license to GPLv3 -* Wed Jun 04 2007 Ruben Kerkhof <ruben@rubenkerkhof.com> 2.4.0-1c -- Upstream released new version -* Sat May 26 2007 Ruben Kerkhof <ruben@rubenkerkhof.com> 2.4.0-2b -- Disable linking with tcmalloc on ppc (#238390) -* Fri May 25 2007 Ruben Kerkhof <ruben@rubenkerkhof.com> 2.4-0.1b -- Update to experimental version 2.4b -- Better handling of user creation -- Build with tcmalloc for increased performance -* Wed Apr 11 2007 Ruben Kerkhof <ruben@rubenkerkhof.com> 2.3-1 -- Update to 2.3 -* Thu Apr 05 2007 <ruben@rubenkerkhof.com> 2.2.8-1 -- Sync with upstream -* Mon Mar 12 2007 <ruben@rubenkerkhof.com> 2.2.7-1 -- Sync with upstream -* Sun Mar 04 2007 <ruben@rubenkerkhof.com> 2.2.6-1 -- Sync with upstream -* Wed Feb 21 2007 <ruben@rubenkerkhof.com> 2.2.5-1 -- Sync with upstream -* Sat Feb 10 2007 <ruben@rubenkerkhof.com> 2.2.4-1 -- Sync with upstream -* Sat Jan 20 2007 <ruben@rubenkerkhof.com> 2.2.3-1 -- Fix problems in bad 2.2.2 release -* Mon Jan 15 2007 <ruben@rubenkerkhof.com> 2.2.2-1 -- Sync with upstream -* Wed Jan 03 2007 <ruben@rubenkerkhof.com> 2.2.1-1 -- Sync with new beta release from upstream -* Sun Dec 17 2006 <ruben@rubenkerkhof.com> 2.2-2 -- Fixed empty debuginfo rpm (bz 219942) -* Sat Dec 16 2006 <ruben@rubenkerkhof.com> 2.2-1 -- Sync with upstream -* Sat Dec 09 2006 <ruben@rubenkerkhof.com> 2.1.8-1 -- Sync with upstream -* Thu Dec 07 2006 <ruben@rubenkerkhof.com> 2.1.7-1 -- Sync with upstream -* Wed Nov 08 2006 <ruben@rubenkerkhof.com> 2.1.6-2 -- Changed hardcoded paths into rpmmacros -* Mon Nov 06 2006 <ruben@rubenkerkhof.com> 2.1.6-1 -- Synced with upstream version -- Changed Summary -- Added an init script -- Added pound.cfg with an example configuration -- Added pound user and group -- A self-signed ssl certificate is created in %%post -* Fri Nov 03 2006 <ruben@rubenkerkhof.com> 2.1.5-1 -- initial version -
[-] [+]	Added	pound.spec ^
@@ -0,0 +1,170 @@ +# +# spec file for package pound (Version 2.4.1) +# +# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. +# This file and all modifications and additions to the pristine +# package are under the same license as the package itself. +# +# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# + +# norootforbuild + + +Name: pound +License: GPL v3 or later; Other uncritical OpenSource License; X11/MIT +Group: Productivity/Networking/Web/Proxy +Summary: Reverse-Proxy and Load-Balancer +Url: http://www.apsis.ch/pound/ +Version: 2.4.3 +Release: 1 +Source0: Pound-%version.tar.bz2 +Source1: pound.cfg +Source2: init.pound +Patch1: pound.diff +BuildRoot: %{_tmppath}/%{name}-%{version}-build +PreReq: pwdutils +BuildRequires: openssl make gcc glibc-devel +%if 0%{suse_version} >= 1030 +BuildRequires: libopenssl-devel +%else +BuildRequires: openssl-devel +%endif + + + + +# insserv_prereq + +%description +The Pound program is a reverse proxy, load balancer and HTTPS front-end +for Web server(s). Pound was developed to enable distributing the load +among several Web-servers and to allow for a convenient SSL wrapper for +those Web servers that do not offer it natively. + + + +Authors: +-------- + Robert Segall <roseg@apsis.ch> + +%package doc +Summary: Doumentation for pound +Group: Documentation/Other + +%description doc +The Pound program is a reverse proxy, load balancer and HTTPS front-end +for Web server(s). Pound was developed to enable distributing the load +among several Web-servers and to allow for a convenient SSL wrapper for +those Web servers that do not offer it natively. + +This package contains the documentation for pound. + + + +Authors: +-------- + Robert Segall <roseg@apsis.ch> + +%prep +%setup -q -n Pound-%version +%patch1 + +%__sed -i 's\|@@LIB@@\|%{_lib}\|g' configure + +%build +%configure --with-maxbuf=8192 +%__make %{?jobs:-j%{jobs}} + +%install +%makeinstall +# Install pound init script +mkdir -p $RPM_BUILD_ROOT/etc/init.d +install -m 0744 %SOURCE2 $RPM_BUILD_ROOT/etc/init.d/pound +install -m 0644 %SOURCE1 $RPM_BUILD_ROOT/etc/pound.cfg +ln -sf ../../etc/init.d/pound $RPM_BUILD_ROOT/usr/sbin/rcpound +mkdir -p %buildroot%_defaultdocdir/%name/examples +install -m644 README FAQ %buildroot%_defaultdocdir/%name/ +install -m755 z2_2_5_1.py z2_2_6_1.py %buildroot%_defaultdocdir/%name/examples/ + +%clean +rm -rf ${RPM_BUILD_ROOT} + +%pre +# Add the "pound" user and group +%{_sbindir}/groupadd -r pound 2> /dev/null \|\| : +%{_sbindir}/useradd -c "Pound" -g pound -r -d /var/lib/pound pound 2> /dev/null \|\| : + +%post +%{fillup_and_insserv -f -n pound pound} + +%postun +%restart_on_update pound +%insserv_cleanup + +%preun +%stop_on_removal pound + +%files +%defattr(-,root,root) +/etc/init.d/pound +%attr(555, root, root) /usr/sbin/pound +%attr(555, root, root) /usr/sbin/poundctl +/usr/sbin/rcpound +%_mandir/man8/pound.8.gz +%_mandir/man8/poundctl.8.gz +%config(noreplace) /etc/pound.cfg + +%files doc +%defattr(-,root,root) +%doc %_defaultdocdir/%name + +%changelog +* Sat Apr 20 2008 jg@internetx.de +- bumped to 2.4.1 +- increased buffer setting to 8192 (default 1024) +* Wed Mar 13 2008 jg@internetx.de +- su103 builddeps +- configure & make routine changed +* Wed Feb 13 2008 joe@suse.de +- update to version 2.4 + - new PARM session type + - full IPv6 support + - pountctl can show status as an XML file + - shutdown grace period (Pound accepts requests for + existing sessions for some time instead of doing a + hard shutdown) +* Fri Nov 09 2007 lrupp@suse.de +- split of doc package +* Fri Nov 09 2007 crrodriguez@suse.de +- update to version 2.3.2 +- add missing PreREq fixes build in BETA +- add missing init script short-description and remote_fs depss +* Thu Jun 21 2007 adrian@suse.de +- fix changelog entry order +* Mon Apr 30 2007 joe@suse.de +- update to version 2.3 + - dynamic scaling + - various bugs fixed +- now using user/group "pound" +* Tue Feb 06 2007 joe@suse.de +- update to version 2.2.3 +- new configuration file syntax +- added a new example configuration file +- added configtest option to init script +* Wed Jan 25 2006 mls@suse.de +- converted neededforbuild to BuildRequires +* Fri Jun 03 2005 joe@suse.de +- upgraded to version 1.9 +- 1.9 contains the fix for CAN-2005-1391 +* Sat Feb 12 2005 joe@suse.de +- upgraded to bugfix version 1.8.1 +* Thu Sep 30 2004 joe@suse.de +- slightly more useful default configuration file that works out of + the box +* Fri Sep 10 2004 joe@suse.de +- latest current snapshot +* Mon Apr 26 2004 joe@suse.de +- initial version of current Pound snapshot +* Fri Jan 23 2004 joe@suse.de +- upgraded to stable version 1.8
[-] [+]	Deleted	pound-remove-owner.patch ^
@@ -1,18 +0,0 @@ ---- Pound-2.2.3/Makefile.in.remove-owner 2007-01-21 01:45:44.000000000 +0100 -+++ Pound-2.2.3/Makefile.in 2007-01-21 01:46:59.000000000 +0100 -@@ -50,11 +50,11 @@ - - install: all - @INSTALL@ -d ${DESTDIR}@sbindir@ -- @INSTALL@ -o @I_OWNER@ -g @I_GRP@ -m 555 pound ${DESTDIR}@sbindir@/pound -- @INSTALL@ -o @I_OWNER@ -g @I_GRP@ -m 555 poundctl ${DESTDIR}@sbindir@/poundctl -+ @INSTALL@ -p -m 755 pound ${DESTDIR}@sbindir@/pound -+ @INSTALL@ -p -m 755 poundctl ${DESTDIR}@sbindir@/poundctl - @INSTALL@ -d ${DESTDIR}@mandir@/man8 -- @INSTALL@ -o @I_OWNER@ -g @I_GRP@ -m 644 pound.8 ${DESTDIR}@mandir@/man8/pound.8 -- @INSTALL@ -o @I_OWNER@ -g @I_GRP@ -m 644 poundctl.8 ${DESTDIR}@mandir@/man8/poundctl.8 -+ @INSTALL@ -p -m 644 pound.8 ${DESTDIR}@mandir@/man8/pound.8 -+ @INSTALL@ -p -m 644 poundctl.8 ${DESTDIR}@mandir@/man8/poundctl.8 - - clean: - rm -f pound $(OBJS) poundctl poundctl.o
[-] [+]	Added	pound.diff ^
@@ -0,0 +1,18 @@ +--- Makefile.in ++++ Makefile.in +@@ -50,11 +50,11 @@ + + install: all + @INSTALL@ -d ${DESTDIR}@sbindir@ +- @INSTALL@ -o @I_OWNER@ -g @I_GRP@ -m 555 pound ${DESTDIR}@sbindir@/pound +- @INSTALL@ -o @I_OWNER@ -g @I_GRP@ -m 555 poundctl ${DESTDIR}@sbindir@/poundctl ++ @INSTALL@ -m 555 pound ${DESTDIR}@sbindir@/pound ++ @INSTALL@ -m 755 poundctl ${DESTDIR}@sbindir@/poundctl + @INSTALL@ -d ${DESTDIR}@mandir@/man8 +- @INSTALL@ -o @I_OWNER@ -g @I_GRP@ -m 644 pound.8 ${DESTDIR}@mandir@/man8/pound.8 +- @INSTALL@ -o @I_OWNER@ -g @I_GRP@ -m 644 poundctl.8 ${DESTDIR}@mandir@/man8/poundctl.8 ++ @INSTALL@ -m 644 pound.8 ${DESTDIR}@mandir@/man8/pound.8 ++ @INSTALL@ -m 644 poundctl.8 ${DESTDIR}@mandir@/man8/poundctl.8 + + clean: + rm -f pound $(OBJS) poundctl poundctl.o
[-] [+]	Changed	Pound-2.4.1.tar.bz2/CHANGELOG ^
@@ -1,141 +1,4 @@ ------------------------------------------------------------------------ -r67 \| roseg \| 2010-02-02 12:49:00 +0100 (Tue, 02 Feb 2010) \| 9 lines - -Release 2.5 - -Enhancements: - -Bug fixes: - - fixed XML format to avoid problems with brain-dead parsers - - fixed Redirect to accept "/" as a path, so that "Redirect http://x/" is - considered an absolute path, but "Redirect http://x" is not - ------------------------------------------------------------------------- -r66 \| roseg \| 2010-01-04 17:20:55 +0100 (Mon, 04 Jan 2010) \| 7 lines - -Release 2.5e - -Enhancements: - - added support for symbolic host names in poundctl - -Bug fixes: - ------------------------------------------------------------------------- -r65 \| roseg \| 2009-12-07 17:01:21 +0100 (Mon, 07 Dec 2009) \| 9 lines - -Release 2.5d - -Enhancements: - - added support for --disable-pcreposix, --disable--tcmalloc, --disable-hoard in configuration script - -Bug fixes: - - fixed problem with long input lines in http.c - - if libpcreposix is present, then pcreposix.h must also be present - ------------------------------------------------------------------------- -r64 \| roseg \| 2009-09-21 13:16:57 +0200 (Mon, 21 Sep 2009) \| 8 lines - -Release 2.5c - -Enhancements: - - added support for HTTPS backends - -Bug fixes: - - fixed problem with sub-patterns in session parameters - ------------------------------------------------------------------------- -r63 \| roseg \| 2009-08-19 17:44:07 +0200 (Wed, 19 Aug 2009) \| 10 lines - -Release 2.5b - -Enhancements: - - support for ConnTO directive - - support for IgnoreCase directive - -Bug fixes: - - fixed problem in conf_fgets (\n confuses the regexp) - - changed RSA ephemeral keys regeneration default time (every 30 minutes) - ------------------------------------------------------------------------- -r62 \| roseg \| 2009-08-06 17:23:30 +0200 (Thu, 06 Aug 2009) \| 9 lines - -Release 2.5a - -Enhancements: - - support for include directive - -Bug fixes: - - fixed generation of ephemeral RSA keys (avoid premature locking) - - added pre-generated DH parameters - ------------------------------------------------------------------------- -r61 \| roseg \| 2009-06-29 17:53:55 +0200 (Mon, 29 Jun 2009) \| 13 lines - -Release 2.4.5 - -Stable release 2.4.5 - -Enhancements: - - log back-end killed/disabled/enabled (thanks to Joe Gooch and Jon Garvin) - - kill a BE on connection failure only if it has no HAport defined (thanks to Albert); the request may still fail! - -Bug fixes: - - fixed parantheses problems in need_rewrite (thanks to SBR) - - added call to free_headers in http.c (thanks to SBR) - - fixed maximal path length in UNIX domain sockets (thanks to Ricardo Gameiro) - ------------------------------------------------------------------------- -r60 \| roseg \| 2009-01-14 17:39:52 +0100 (Wed, 14 Jan 2009) \| 18 lines - -Release 2.4.4 - -Stable release 2.4.4 - -Enhancements: - - added support for UNSUBSCRIBE and NOTIFY in xHTTP 3 and 4 - - added support for BPROPFIND in xHTTP 4 - - on SSL connections always pass the cipher used to the back-end (thanks to Magnus Sandin) - -Bug fixes: - - save and restore errno value in cur_time() (thanks to Albert) - - fixed problem in timer thread (thanks to Albert) - - added shutdown for failed socket connection (thanks to Albert) - - fixed problem with CC containing spaces in Makefile.in (thanks to Elan Ruusamäe) - - increased MAXBUF to default 4096 - - increased T_RSA default to 30 minutes - - fixed a problem with Unix sockets back-ends (thanks to Ricardo Gameiro) - ------------------------------------------------------------------------- -r59 \| roseg \| 2008-05-31 12:25:41 +0200 (Sat, 31 May 2008) \| 11 lines - -Release 2.4.3 - -Stable release 2.4.3 - -Enhancements: - -Bug fixes: - - fixed problem in session access time updating (thanks to Piotr Jakubowski) - - fixed problem in session removal (thanks to Doriam Mori) - - fixed problem in Redirect logging (thanks to Albert) - ------------------------------------------------------------------------- -r58 \| roseg \| 2008-04-24 16:31:28 +0200 (Thu, 24 Apr 2008) \| 13 lines - -Release 2.4.2 - -Stable release 2.4.2 - -Enhancements: - -Bug fixes: - - fixed problem with session TTL -1 (thanks to Scott Royston for pointing it out) - - fixed problem with back-end killing on failed connect - - fixed a small problem in the poundctl XML output (thanks to johnlr for the fix) - - added hints in call to getaddrinfo() (for Solaris 10 support) - - fixed redirection problem (missing slash in Location/Content-location) - ------------------------------------------------------------------------- r57 \| roseg \| 2008-04-05 11:45:41 +0200 (Sat, 05 Apr 2008) \| 12 lines Release 2.4.1
[-] [+]	Changed	Pound-2.4.1.tar.bz2/Makefile.in ^
@@ -1,5 +1,5 @@ # Pound - the reverse-proxy load-balancer -# Copyright (C) 2002-2010 Apsis GmbH +# Copyright (C) 2002-2007 Apsis GmbH # # This file is part of Pound. # @@ -8,7 +8,7 @@ # the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. # -# Pound is distributed in the hope that it will be useful, +# Foobar is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. @@ -21,9 +21,10 @@ # P.O.Box # 8707 Uetikon am See # Switzerland +# Tel: +41-44-920 4904 # EMail: roseg@apsis.ch -CC=@PTHREAD_CC@ +CC="@PTHREAD_CC@" VERSION="@PACKAGE_VERSION@" C_SSL="@C_SSL@" C_T_RSA="@C_T_RSA@" @@ -54,16 +55,7 @@ poundctl: poundctl.o ${CC} @LDFLAGS@ -o poundctl poundctl.o $(LIBS) -dh512.h: - openssl dhparam -5 -C -noout 512 > dh512.h - -dh1024.h: - openssl dhparam -5 -C -noout 1024 > dh1024.h - -$(OBJS): pound.h config.h - -svc.o: svc.c dh512.h dh1024.h - gcc ${CFLAGS} -c -o svc.o svc.c +$(OBJS): pound.h install: all @INSTALL@ -d ${DESTDIR}@sbindir@ @@ -75,7 +67,6 @@ clean: rm -f pound $(OBJS) poundctl poundctl.o - rm -f dh512.h dh1024.h distclean: clean -rm -f config.h config.log config.status Makefile
[-] [+]	Changed	Pound-2.4.1.tar.bz2/README ^
@@ -128,7 +128,7 @@ --disable-super -- disable supervisor process (default: enabled) --with-t_rsa=nnn -- timeout of the RSA ephemeral keys regeneration - (default: 1800 seconds). + (default: 300 seconds). --with-owner=owner -- name of installed binaries owner (default is system-dependent).
[-] [+]	Changed	Pound-2.4.1.tar.bz2/config.c ^
@@ -1,6 +1,6 @@ /* * Pound - the reverse-proxy load-balancer - * Copyright (C) 2002-2010 Apsis GmbH + * Copyright (C) 2002-2007 Apsis GmbH * * This file is part of Pound. * @@ -9,7 +9,7 @@ * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * - * Pound is distributed in the hope that it will be useful, + * Foobar is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. @@ -22,6 +22,7 @@ * P.O.Box * 8707 Uetikon am See * Switzerland + * Tel: +41-44-920 4904 * EMail: roseg@apsis.ch / @@ -77,7 +78,7 @@ static regex_t Service, ServiceName, URL, HeadRequire, HeadDeny, BackEnd, Emergency, Priority, HAport, HAportAddr; static regex_t Redirect, RedirectN, TimeOut, Session, Type, TTL, ID, DynScale; static regex_t ClientCert, AddHeader, Ciphers, CAlist, VerifyList, CRLlist, NoHTTPS11; -static regex_t Grace, Include, ConnTO, IgnoreCase, HTTPS, HTTPSCert; +static regex_t Grace; static regmatch_t matches[5]; @@ -85,92 +86,22 @@ "^(GET\|POST\|HEAD) ([^ ]+) HTTP/1.[01]$", "^(GET\|POST\|HEAD\|PUT\|DELETE) ([^ ]+) HTTP/1.[01]$", "^(GET\|POST\|HEAD\|PUT\|DELETE\|LOCK\|UNLOCK\|PROPFIND\|PROPPATCH\|SEARCH\|MKCOL\|MOVE\|COPY\|OPTIONS\|TRACE\|MKACTIVITY\|CHECKOUT\|MERGE\|REPORT) ([^ ]+) HTTP/1.[01]$", - "^(GET\|POST\|HEAD\|PUT\|DELETE\|LOCK\|UNLOCK\|PROPFIND\|PROPPATCH\|SEARCH\|MKCOL\|MOVE\|COPY\|OPTIONS\|TRACE\|MKACTIVITY\|CHECKOUT\|MERGE\|REPORT\|SUBSCRIBE\|UNSUBSCRIBE\|BPROPPATCH\|POLL\|BMOVE\|BCOPY\|BDELETE\|BPROPFIND\|NOTIFY\|CONNECT) ([^ ]+) HTTP/1.[01]$", - "^(GET\|POST\|HEAD\|PUT\|DELETE\|LOCK\|UNLOCK\|PROPFIND\|PROPPATCH\|SEARCH\|MKCOL\|MOVE\|COPY\|OPTIONS\|TRACE\|MKACTIVITY\|CHECKOUT\|MERGE\|REPORT\|SUBSCRIBE\|UNSUBSCRIBE\|BPROPPATCH\|POLL\|BMOVE\|BCOPY\|BDELETE\|BPROPFIND\|NOTIFY\|CONNECT\|RPC_IN_DATA\|RPC_OUT_DATA) ([^ ]+) HTTP/1.[01]$", + "^(GET\|POST\|HEAD\|PUT\|DELETE\|LOCK\|UNLOCK\|PROPFIND\|PROPPATCH\|SEARCH\|MKCOL\|MOVE\|COPY\|OPTIONS\|TRACE\|MKACTIVITY\|CHECKOUT\|MERGE\|REPORT\|SUBSCRIBE\|BPROPPATCH\|POLL\|BMOVE\|BCOPY\|BDELETE\|CONNECT) ([^ ]+) HTTP/1.[01]$", + "^(GET\|POST\|HEAD\|PUT\|DELETE\|LOCK\|UNLOCK\|PROPFIND\|PROPPATCH\|SEARCH\|MKCOL\|MOVE\|COPY\|OPTIONS\|TRACE\|MKACTIVITY\|CHECKOUT\|MERGE\|REPORT\|SUBSCRIBE\|BPROPPATCH\|POLL\|BMOVE\|BCOPY\|BDELETE\|CONNECT\|RPC_IN_DATA\|RPC_OUT_DATA) ([^ ]+) HTTP/1.[01]$", }; static int log_level = 1; static int def_facility = LOG_DAEMON; static int clnt_to = 10; static int be_to = 15; -static int be_connto = 15; +static int n_lin = 0; static int dynscale = 0; -static int ignore_case = 0; - -#define MAX_FIN 8 - -static FILE f_in[MAX_FIN]; -static char f_name[MAX_FIN]; -static int n_lin[MAX_FIN]; -static int cur_fin; - -static -conf_init(const char name) -{ - if((f_name[0] = strdup(name)) == NULL) { - logmsg(LOG_ERR, "open %s: out of memory", name); - exit(1); - } - if((f_in[0] = fopen(name, "rt")) == NULL) { - logmsg(LOG_ERR, "can't open open %s", name); - exit(1); - } - n_lin[0] = 0; - cur_fin = 0; - return 0; -} - -void -conf_err(const char msg) -{ - logmsg(LOG_ERR, "%s line %d: %s", f_name[cur_fin], n_lin[cur_fin], msg); - exit(1); -} - -static char -conf_fgets(char buf, const int max) -{ - int i; - - for(;;) { - if(fgets(buf, max, f_in[cur_fin]) == NULL) { - fclose(f_in[cur_fin]); - if(cur_fin > 0) { - cur_fin--; - continue; - } else - return NULL; - } - n_lin[cur_fin]++; - for(i = 0; i < max; i++) - if(buf[i] == '\n' \|\| buf[i] == '\r') { - buf[i] = '\0'; - break; - } - if(!regexec(&Empty, buf, 4, matches, 0) \|\| !regexec(&Comment, buf, 4, matches, 0)) - / comment or empty line / - continue; - if(!regexec(&Include, buf, 4, matches, 0)) { - buf[matches[1].rm_eo] = '\0'; - if(cur_fin == (MAX_FIN - 1)) - conf_err("Include nesting too deep"); - cur_fin++; - if((f_name[cur_fin] = strdup(&buf[matches[1].rm_so])) == NULL) - conf_err("Include out of memory"); - if((f_in[cur_fin] = fopen(&buf[matches[1].rm_so], "rt")) == NULL) - conf_err("can't open included file"); - n_lin[cur_fin] = 0; - continue; - } - return buf; - } -} / * parse a back-end / static BACKEND -parse_be(const int is_emergency) +parse_be(FILE const f_conf, const int is_emergency) { char lin[MAXBUF]; BACKEND res; @@ -179,40 +110,41 @@ struct sockaddr_in in; struct sockaddr_in6 in6; - if((res = (BACKEND )malloc(sizeof(BACKEND))) == NULL) - conf_err("BackEnd config: out of memory - aborted"); + if((res = (BACKEND )malloc(sizeof(BACKEND))) == NULL) { + logmsg(LOG_ERR, "line %d: BackEnd config: out of memory - aborted", n_lin); + exit(1); + } memset(res, 0, sizeof(BACKEND)); res->be_type = 0; res->addr.ai_socktype = SOCK_STREAM; res->to = is_emergency? 120: be_to; - res->conn_to = is_emergency? 120: be_connto; res->alive = 1; memset(&res->addr, 0, sizeof(res->addr)); res->priority = 5; memset(&res->ha_addr, 0, sizeof(res->ha_addr)); res->url = NULL; res->next = NULL; - res->ctx = NULL; has_addr = has_port = 0; pthread_mutex_init(&res->mut, NULL); - while(conf_fgets(lin, MAXBUF)) { + while(fgets(lin, MAXBUF, f_conf)) { + n_lin++; if(strlen(lin) > 0 && lin[strlen(lin) - 1] == '\n') lin[strlen(lin) - 1] = '\0'; - if(!regexec(&Address, lin, 4, matches, 0)) { + if(!regexec(&Empty, lin, 4, matches, 0) \|\| !regexec(&Comment, lin, 4, matches, 0)) { + /* comment or empty line / + continue; + } else if(!regexec(&Address, lin, 4, matches, 0)) { lin[matches[1].rm_eo] = '\0'; if(get_host(lin + matches[1].rm_so, &res->addr)) { / if we can't resolve it assume this is a UNIX domain socket / res->addr.ai_socktype = SOCK_STREAM; res->addr.ai_family = AF_UNIX; res->addr.ai_protocol = 0; - if((res->addr.ai_addr = (struct sockaddr )malloc(sizeof(struct sockaddr_un))) == NULL) - conf_err("out of memory"); - if((strlen(lin + matches[1].rm_so) + 1) > UNIX_PATH_MAX) - conf_err("UNIX path name too long"); + if((res->addr.ai_addr = (struct sockaddr )strdup(lin + matches[1].rm_so)) == NULL) { + logmsg(LOG_ERR, "line %d: out of memory", n_lin); + exit(1); + } res->addr.ai_addrlen = strlen(lin + matches[1].rm_so) + 1; - res->addr.ai_addr->sa_family = AF_UNIX; - strcpy(res->addr.ai_addr->sa_data, lin + matches[1].rm_so); - res->addr.ai_addrlen = sizeof( struct sockaddr_un ); } has_addr = 1; } else if(!regexec(&Port, lin, 4, matches, 0)) { @@ -228,23 +160,28 @@ memcpy(res->addr.ai_addr, &in6, sizeof(in6)); break; default: - conf_err("Port is supported only for INET/INET6 back-ends"); + logmsg(LOG_ERR, "line %d: Port is supported only for INET/INET6 back-ends", n_lin); + exit(1); } has_port = 1; } else if(!regexec(&Priority, lin, 4, matches, 0)) { - if(is_emergency) - conf_err("Priority is not supported for Emergency back-ends"); + if(is_emergency) { + logmsg(LOG_ERR, "line %d: Priority is not supported for Emergency back-ends", n_lin); + exit(1); + } res->priority = atoi(lin + matches[1].rm_so); } else if(!regexec(&TimeOut, lin, 4, matches, 0)) { res->to = atoi(lin + matches[1].rm_so); - } else if(!regexec(&ConnTO, lin, 4, matches, 0)) { - res->conn_to = atoi(lin + matches[1].rm_so); } else if(!regexec(&HAport, lin, 4, matches, 0)) { - if(is_emergency) - conf_err("HAport is not supported for Emergency back-ends"); + if(is_emergency) { + logmsg(LOG_ERR, "line %d: HAport is not supported for Emergency back-ends", n_lin); + exit(1); + } res->ha_addr = res->addr; - if((res->ha_addr.ai_addr = (struct sockaddr )malloc(res->addr.ai_addrlen)) == NULL) - conf_err("out of memory"); + if((res->ha_addr.ai_addr = (struct sockaddr )malloc(res->addr.ai_addrlen)) == NULL) { + logmsg(LOG_ERR, "line %d: out of memory", n_lin); + exit(1); + } memcpy(res->ha_addr.ai_addr, res->addr.ai_addr, res->addr.ai_addrlen); switch(res->addr.ai_family) { case AF_INET: @@ -258,19 +195,24 @@ memcpy(res->addr.ai_addr, &in6, sizeof(in6)); break; default: - conf_err("HAport is supported only for INET/INET6 back-ends"); + logmsg(LOG_ERR, "line %d: HAport is supported only for INET/INET6 back-ends", n_lin); + exit(1); } } else if(!regexec(&HAportAddr, lin, 4, matches, 0)) { - if(is_emergency) - conf_err("HAportAddr is not supported for Emergency back-ends"); + if(is_emergency) { + logmsg(LOG_ERR, "line %d: HAportAddr is not supported for Emergency back-ends", n_lin); + exit(1); + } lin[matches[1].rm_eo] = '\0'; if(get_host(lin + matches[1].rm_so, &res->ha_addr)) { / if we can't resolve it assume this is a UNIX domain socket / res->addr.ai_socktype = SOCK_STREAM; res->ha_addr.ai_family = AF_UNIX; res->ha_addr.ai_protocol = 0; - if((res->ha_addr.ai_addr = (struct sockaddr )strdup(lin + matches[1].rm_so)) == NULL) - conf_err("out of memory"); + if((res->ha_addr.ai_addr = (struct sockaddr )strdup(lin + matches[1].rm_so)) == NULL) { + logmsg(LOG_ERR, "line %d: out of memory", n_lin); + exit(1); + } res->addr.ai_addrlen = strlen(lin + matches[1].rm_so) + 1; } else switch(res->ha_addr.ai_family) { case AF_INET: @@ -284,47 +226,27 @@ memcpy(res->ha_addr.ai_addr, &in6, sizeof(in6)); break; default: - conf_err("Unknown HA address type"); + logmsg(LOG_ERR, "line %d: Unknown HA address type", n_lin); + exit(1); } - } else if(!regexec(&HTTPS, lin, 4, matches, 0)) { - if((res->ctx = SSL_CTX_new(SSLv23_client_method())) == NULL) - conf_err("SSL_CTX_new failed - aborted"); - SSL_CTX_set_verify(res->ctx, SSL_VERIFY_NONE, NULL); - SSL_CTX_set_mode(res->ctx, SSL_MODE_AUTO_RETRY); - SSL_CTX_set_options(res->ctx, SSL_OP_ALL); - sprintf(lin, "%d-Pound-%ld", getpid(), random()); - SSL_CTX_set_session_id_context(res->ctx, (unsigned char )lin, strlen(lin)); - SSL_CTX_set_tmp_rsa_callback(res->ctx, RSA_tmp_callback); - SSL_CTX_set_tmp_dh_callback(res->ctx, DH_tmp_callback); - } else if(!regexec(&HTTPSCert, lin, 4, matches, 0)) { - if((res->ctx = SSL_CTX_new(SSLv23_client_method())) == NULL) - conf_err("SSL_CTX_new failed - aborted"); - lin[matches[1].rm_eo] = '\0'; - if(SSL_CTX_use_certificate_chain_file(res->ctx, lin + matches[1].rm_so) != 1) - conf_err("SSL_CTX_use_certificate_chain_file failed - aborted"); - if(SSL_CTX_use_PrivateKey_file(res->ctx, lin + matches[1].rm_so, SSL_FILETYPE_PEM) != 1) - conf_err("SSL_CTX_use_PrivateKey_file failed - aborted"); - if(SSL_CTX_check_private_key(res->ctx) != 1) - conf_err("SSL_CTX_check_private_key failed - aborted"); - SSL_CTX_set_verify(res->ctx, SSL_VERIFY_NONE, NULL); - SSL_CTX_set_mode(res->ctx, SSL_MODE_AUTO_RETRY); - SSL_CTX_set_options(res->ctx, SSL_OP_ALL); - sprintf(lin, "%d-Pound-%ld", getpid(), random()); - SSL_CTX_set_session_id_context(res->ctx, (unsigned char )lin, strlen(lin)); - SSL_CTX_set_tmp_rsa_callback(res->ctx, RSA_tmp_callback); - SSL_CTX_set_tmp_dh_callback(res->ctx, DH_tmp_callback); } else if(!regexec(&End, lin, 4, matches, 0)) { - if(!has_addr) - conf_err("BackEnd missing Address - aborted"); - if((res->addr.ai_family == AF_INET \|\| res->addr.ai_family == AF_INET6) && !has_port) - conf_err("BackEnd missing Port - aborted"); + if(!has_addr) { + logmsg(LOG_ERR, "line %d: BackEnd missing Address - aborted", n_lin); + exit(1); + } + if((res->addr.ai_family == AF_INET \|\| res->addr.ai_family == AF_INET6) && !has_port) { + logmsg(LOG_ERR, "line %d: BackEnd missing Port - aborted", n_lin); + exit(1); + } return res; } else { - conf_err("unknown directive"); + logmsg(LOG_ERR, "line %d: unknown directive \"%s\" - aborted", n_lin, lin); + exit(1); } } - conf_err("BackEnd premature EOF"); + logmsg(LOG_ERR, "line %d: BackEnd premature EOF", n_lin); + exit(1); return NULL; } @@ -332,17 +254,22 @@ parse a session / static void -parse_sess(SERVICE const svc) +parse_sess(FILE const f_conf, SERVICE const svc) { - char lin[MAXBUF], cp, parm; + char lin[MAXBUF], cp; - parm = NULL; - while(conf_fgets(lin, MAXBUF)) { + while(fgets(lin, MAXBUF, f_conf)) { + n_lin++; if(strlen(lin) > 0 && lin[strlen(lin) - 1] == '\n') lin[strlen(lin) - 1] = '\0'; - if(!regexec(&Type, lin, 4, matches, 0)) { - if(svc->sess_type != SESS_NONE) - conf_err("Multiple Session types in one Service - aborted"); + if(!regexec(&Empty, lin, 4, matches, 0) \|\| !regexec(&Comment, lin, 4, matches, 0)) { + / comment or empty line / + continue; + } else if(!regexec(&Type, lin, 4, matches, 0)) { + if(svc->sess_type != SESS_NONE) { + logmsg(LOG_ERR, "line %d: Multiple Session types in one Service - aborted", n_lin); + exit(1); + } lin[matches[1].rm_eo] = '\0'; cp = lin + matches[1].rm_so; if(!strcasecmp(cp, "IP")) @@ -357,62 +284,76 @@ svc->sess_type = SESS_BASIC; else if(!strcasecmp(cp, "HEADER")) svc->sess_type = SESS_HEADER; - else - conf_err("Unknown Session type"); + else { + logmsg(LOG_ERR, "line %d: Unknown Session type \"%s\" - aborted", n_lin, cp); + exit(1); + } } else if(!regexec(&TTL, lin, 4, matches, 0)) { svc->sess_ttl = atoi(lin + matches[1].rm_so); } else if(!regexec(&ID, lin, 4, matches, 0)) { - if(svc->sess_type != SESS_COOKIE && svc->sess_type != SESS_URL && svc->sess_type != SESS_HEADER) - conf_err("no ID permitted unless COOKIE/URL/HEADER Session - aborted"); + if(svc->sess_type != SESS_COOKIE && svc->sess_type != SESS_URL && svc->sess_type != SESS_HEADER) { + logmsg(LOG_ERR, "line %d: no ID permitted unless COOKIE/URL/HEADER Session - aborted", n_lin); + exit(1); + } lin[matches[1].rm_eo] = '\0'; - if((parm = strdup(lin + matches[1].rm_so)) == NULL) - conf_err("ID config: out of memory - aborted"); + if((svc->sess_parm = strdup(lin + matches[1].rm_so)) == NULL) { + logmsg(LOG_ERR, "line %d: ID config: out of memory - aborted", n_lin); + exit(1); + } } else if(!regexec(&End, lin, 4, matches, 0)) { - if(svc->sess_type == SESS_NONE) - conf_err("Session type not defined - aborted"); - if(svc->sess_ttl == 0) - conf_err("Session TTL not defined - aborted"); + if(svc->sess_type == SESS_NONE) { + logmsg(LOG_ERR, "line %d: Session type not defined - aborted", n_lin); + exit(1); + } + if(svc->sess_ttl == 0) { + logmsg(LOG_ERR, "line %d: Session TTL not defined - aborted", n_lin); + exit(1); + } if((svc->sess_type == SESS_COOKIE \|\| svc->sess_type == SESS_URL \|\| svc->sess_type == SESS_HEADER) - && parm == NULL) - conf_err("Session ID not defined - aborted"); + && svc->sess_parm == NULL) { + logmsg(LOG_ERR, "line %d: Session ID not defined - aborted", n_lin); + exit(1); + } if(svc->sess_type == SESS_COOKIE) { - snprintf(lin, MAXBUF - 1, "Cookie[^:]:.[ \t]%s=", parm); - if(regcomp(&svc->sess_start, lin, REG_ICASE \| REG_NEWLINE \| REG_EXTENDED)) - conf_err("COOKIE pattern failed - aborted"); - if(regcomp(&svc->sess_pat, "([^;])", REG_ICASE \| REG_NEWLINE \| REG_EXTENDED)) - conf_err("COOKIE pattern failed - aborted"); + snprintf(lin, MAXBUF - 1, "Cookie[^:]:.[ \t]%s=([^;])", svc->sess_parm); + if(regcomp(&svc->sess_pat, lin, REG_ICASE \| REG_NEWLINE \| REG_EXTENDED)) { + logmsg(LOG_ERR, "line %d: COOKIE pattern \"%s\" failed - aborted", n_lin, lin); + exit(1); + } } else if(svc->sess_type == SESS_URL) { - snprintf(lin, MAXBUF - 1, "[?&]%s=", parm); - if(regcomp(&svc->sess_start, lin, REG_ICASE \| REG_NEWLINE \| REG_EXTENDED)) - conf_err("URL pattern failed - aborted"); - if(regcomp(&svc->sess_pat, "([^&;#])", REG_ICASE \| REG_NEWLINE \| REG_EXTENDED)) - conf_err("URL pattern failed - aborted"); + snprintf(lin, MAXBUF - 1, "[?&]%s=([^&;#])", svc->sess_parm); + if(regcomp(&svc->sess_pat, lin, REG_ICASE \| REG_NEWLINE \| REG_EXTENDED)) { + logmsg(LOG_ERR, "line %d: URL pattern \"%s\" failed - aborted", n_lin, lin); + exit(1); + } } else if(svc->sess_type == SESS_PARM) { - if(regcomp(&svc->sess_start, ";", REG_ICASE \| REG_NEWLINE \| REG_EXTENDED)) - conf_err("PARM pattern failed - aborted"); - if(regcomp(&svc->sess_pat, "([^?])", REG_ICASE \| REG_NEWLINE \| REG_EXTENDED)) - conf_err("PARM pattern failed - aborted"); + snprintf(lin, MAXBUF - 1, ";([^?])"); + if(regcomp(&svc->sess_pat, lin, REG_ICASE \| REG_NEWLINE \| REG_EXTENDED)) { + logmsg(LOG_ERR, "line %d: PARM pattern \"%s\" failed - aborted", n_lin, lin); + exit(1); + } } else if(svc->sess_type == SESS_BASIC) { - if(regcomp(&svc->sess_start, "Authorization:[ \t]Basic[ \t]", REG_ICASE \| REG_NEWLINE \| REG_EXTENDED)) - conf_err("BASIC pattern failed - aborted"); - if(regcomp(&svc->sess_pat, "([^ \t])", REG_ICASE \| REG_NEWLINE \| REG_EXTENDED)) - conf_err("BASIC pattern failed - aborted"); + snprintf(lin, MAXBUF - 1, "Authorization:[ \t]Basic[ \t]([^ \t])[ \t]"); + if(regcomp(&svc->sess_pat, lin, REG_ICASE \| REG_NEWLINE \| REG_EXTENDED)) { + logmsg(LOG_ERR, "line %d: BASIC pattern \"%s\" failed - aborted", n_lin, lin); + exit(1); + } } else if(svc->sess_type == SESS_HEADER) { - snprintf(lin, MAXBUF - 1, "%s:[ \t]", parm); - if(regcomp(&svc->sess_start, lin, REG_ICASE \| REG_NEWLINE \| REG_EXTENDED)) - conf_err("HEADER pattern failed - aborted"); - if(regcomp(&svc->sess_pat, "([^ \t])", REG_ICASE \| REG_NEWLINE \| REG_EXTENDED)) - conf_err("HEADER pattern failed - aborted"); + snprintf(lin, MAXBUF - 1, "%s:[ \t]([^ \t])[ \t]", svc->sess_parm); + if(regcomp(&svc->sess_pat, lin, REG_ICASE \| REG_NEWLINE \| REG_EXTENDED)) { + logmsg(LOG_ERR, "line %d: HEADER pattern \"%s\" failed - aborted", n_lin, lin); + exit(1); + } } - if(parm != NULL) - free(parm); return; } else { - conf_err("unknown directive"); + logmsg(LOG_ERR, "line %d: unknown directive \"%s\" - aborted", n_lin, lin); + exit(1); } } - conf_err("Session premature EOF"); + logmsg(LOG_ERR, "line %d: Session premature EOF", n_lin); + exit(1); return; } @@ -444,86 +385,114 @@ parse a service / static SERVICE -parse_service(const char svc_name) +parse_service(FILE const f_conf, const char svc_name) { char lin[MAXBUF]; SERVICE res; BACKEND be; MATCHER m; - int ign_case; - if((res = (SERVICE )malloc(sizeof(SERVICE))) == NULL) - conf_err("Service config: out of memory - aborted"); + if((res = (SERVICE )malloc(sizeof(SERVICE))) == NULL) { + logmsg(LOG_ERR, "line %d: Service config: out of memory - aborted", n_lin); + exit(1); + } memset(res, 0, sizeof(SERVICE)); res->sess_type = SESS_NONE; res->dynscale = dynscale; pthread_mutex_init(&res->mut, NULL); if(svc_name) strncpy(res->name, svc_name, KEY_SIZE); - if((res->sessions = lh_new(LHASH_HASH_FN(t_hash), LHASH_COMP_FN(t_cmp))) == NULL) - conf_err("lh_new failed - aborted"); - ign_case = ignore_case; - while(conf_fgets(lin, MAXBUF)) { + if((res->sessions = lh_new(LHASH_HASH_FN(t_hash), LHASH_COMP_FN(t_cmp))) == NULL) { + logmsg(LOG_ERR, "line %d: lh_new failed - aborted", n_lin); + exit(1); + } + while(fgets(lin, MAXBUF, f_conf)) { + n_lin++; if(strlen(lin) > 0 && lin[strlen(lin) - 1] == '\n') lin[strlen(lin) - 1] = '\0'; - if(!regexec(&URL, lin, 4, matches, 0)) { + if(!regexec(&Empty, lin, 4, matches, 0) \|\| !regexec(&Comment, lin, 4, matches, 0)) { + /* comment or empty line / + continue; + } else if(!regexec(&URL, lin, 4, matches, 0)) { if(res->url) { for(m = res->url; m->next; m = m->next) ; - if((m->next = (MATCHER )malloc(sizeof(MATCHER))) == NULL) - conf_err("URL config: out of memory - aborted"); + if((m->next = (MATCHER )malloc(sizeof(MATCHER))) == NULL) { + logmsg(LOG_ERR, "line %d: URL config: out of memory - aborted", n_lin); + exit(1); + } m = m->next; } else { - if((res->url = (MATCHER )malloc(sizeof(MATCHER))) == NULL) - conf_err("URL config: out of memory - aborted"); + if((res->url = (MATCHER )malloc(sizeof(MATCHER))) == NULL) { + logmsg(LOG_ERR, "line %d: URL config: out of memory - aborted", n_lin); + exit(1); + } m = res->url; } memset(m, 0, sizeof(MATCHER)); lin[matches[1].rm_eo] = '\0'; - if(regcomp(&m->pat, lin + matches[1].rm_so, REG_NEWLINE \| REG_EXTENDED \| (ign_case? REG_ICASE: 0))) - conf_err("URL bad pattern - aborted"); + if(regcomp(&m->pat, lin + matches[1].rm_so, REG_NEWLINE \| REG_EXTENDED)) { + logmsg(LOG_ERR, "line %d: URL bad pattern \"%s\" - aborted", n_lin, lin + matches[1].rm_so); + exit(1); + } } else if(!regexec(&HeadRequire, lin, 4, matches, 0)) { if(res->req_head) { for(m = res->req_head; m->next; m = m->next) ; - if((m->next = (MATCHER )malloc(sizeof(MATCHER))) == NULL) - conf_err("HeadRequire config: out of memory - aborted"); + if((m->next = (MATCHER )malloc(sizeof(MATCHER))) == NULL) { + logmsg(LOG_ERR, "line %d: HeadRequire config: out of memory - aborted", n_lin); + exit(1); + } m = m->next; } else { - if((res->req_head = (MATCHER )malloc(sizeof(MATCHER))) == NULL) - conf_err("HeadRequire config: out of memory - aborted"); + if((res->req_head = (MATCHER )malloc(sizeof(MATCHER))) == NULL) { + logmsg(LOG_ERR, "line %d: HeadRequire config: out of memory - aborted", n_lin); + exit(1); + } m = res->req_head; } memset(m, 0, sizeof(MATCHER)); lin[matches[1].rm_eo] = '\0'; - if(regcomp(&m->pat, lin + matches[1].rm_so, REG_ICASE \| REG_NEWLINE \| REG_EXTENDED)) - conf_err("HeadRequire bad pattern - aborted"); + if(regcomp(&m->pat, lin + matches[1].rm_so, REG_ICASE \| REG_NEWLINE \| REG_EXTENDED)) { + logmsg(LOG_ERR, "line %d: HeadRequire bad pattern \"%s\" - aborted", n_lin, lin + matches[1].rm_so); + exit(1); + } } else if(!regexec(&HeadDeny, lin, 4, matches, 0)) { if(res->deny_head) { for(m = res->deny_head; m->next; m = m->next) ; - if((m->next = (MATCHER )malloc(sizeof(MATCHER))) == NULL) - conf_err("HeadDeny config: out of memory - aborted"); + if((m->next = (MATCHER )malloc(sizeof(MATCHER))) == NULL) { + logmsg(LOG_ERR, "line %d: HeadDeny config: out of memory - aborted", n_lin); + exit(1); + } m = m->next; } else { - if((res->deny_head = (MATCHER )malloc(sizeof(MATCHER))) == NULL) - conf_err("HeadDeny config: out of memory - aborted"); + if((res->deny_head = (MATCHER )malloc(sizeof(MATCHER))) == NULL) { + logmsg(LOG_ERR, "line %d: HeadDeny config: out of memory - aborted", n_lin); + exit(1); + } m = res->deny_head; } memset(m, 0, sizeof(MATCHER)); lin[matches[1].rm_eo] = '\0'; - if(regcomp(&m->pat, lin + matches[1].rm_so, REG_ICASE \| REG_NEWLINE \| REG_EXTENDED)) - conf_err("HeadDeny bad pattern - aborted"); + if(regcomp(&m->pat, lin + matches[1].rm_so, REG_ICASE \| REG_NEWLINE \| REG_EXTENDED)) { + logmsg(LOG_ERR, "line %d: HeadDeny bad pattern \"%s\" - aborted", n_lin, lin + matches[1].rm_so); + exit(1); + } } else if(!regexec(&Redirect, lin, 4, matches, 0)) { if(res->backends) { for(be = res->backends; be->next; be = be->next) ; - if((be->next = (BACKEND )malloc(sizeof(BACKEND))) == NULL) - conf_err("Redirect config: out of memory - aborted"); + if((be->next = (BACKEND )malloc(sizeof(BACKEND))) == NULL) { + logmsg(LOG_ERR, "line %d: Redirect config: out of memory - aborted", n_lin); + exit(1); + } be = be->next; } else { - if((res->backends = (BACKEND )malloc(sizeof(BACKEND))) == NULL) - conf_err("Redirect config: out of memory - aborted"); + if((res->backends = (BACKEND )malloc(sizeof(BACKEND))) == NULL) { + logmsg(LOG_ERR, "line %d: Redirect config: out of memory - aborted", n_lin); + exit(1); + } be = res->backends; } memset(be, 0, sizeof(BACKEND)); @@ -532,24 +501,33 @@ be->alive = 1; pthread_mutex_init(&res->mut, NULL); lin[matches[1].rm_eo] = '\0'; - if((be->url = strdup(lin + matches[1].rm_so)) == NULL) - conf_err("Redirector config: out of memory - aborted"); + if((be->url = strdup(lin + matches[1].rm_so)) == NULL) { + logmsg(LOG_ERR, "line %d: Redirector config: out of memory - aborted", n_lin); + exit(1); + } / split the URL into its fields / - if(regexec(&LOCATION, be->url, 4, matches, 0)) - conf_err("Redirect bad URL - aborted"); - if((be->redir_req = matches[3].rm_eo - matches[3].rm_so) == 1) - / the path is a single '/', so remove it / - be->url[matches[3].rm_so] = '\0'; + if(regexec(&LOCATION, be->url, 4, matches, 0)) { + logmsg(LOG_ERR, "line %d: Redirect bad URL \"%s\" - aborted", n_lin, be->url); + exit(1); + } + if(be->url[matches[3].rm_so] == '/') + matches[3].rm_so++; + / if the path component is empty or a sigle slash / + be->redir_req = ((matches[3].rm_eo - matches[3].rm_so) < 1); } else if(!regexec(&RedirectN, lin, 4, matches, 0)) { if(res->backends) { for(be = res->backends; be->next; be = be->next) ; - if((be->next = (BACKEND )malloc(sizeof(BACKEND))) == NULL) - conf_err("Redirect config: out of memory - aborted"); + if((be->next = (BACKEND )malloc(sizeof(BACKEND))) == NULL) { + logmsg(LOG_ERR, "line %d: Redirect config: out of memory - aborted", n_lin); + exit(1); + } be = be->next; } else { - if((res->backends = (BACKEND )malloc(sizeof(BACKEND))) == NULL) - conf_err("Redirect config: out of memory - aborted"); + if((res->backends = (BACKEND )malloc(sizeof(BACKEND))) == NULL) { + logmsg(LOG_ERR, "line %d: Redirect config: out of memory - aborted", n_lin); + exit(1); + } be = res->backends; } memset(be, 0, sizeof(BACKEND)); @@ -558,25 +536,30 @@ be->alive = 1; pthread_mutex_init(&res->mut, NULL); lin[matches[2].rm_eo] = '\0'; - if((be->url = strdup(lin + matches[2].rm_so)) == NULL) - conf_err("Redirector config: out of memory - aborted"); + if((be->url = strdup(lin + matches[2].rm_so)) == NULL) { + logmsg(LOG_ERR, "line %d: Redirector config: out of memory - aborted", n_lin); + exit(1); + } / split the URL into its fields / - if(regexec(&LOCATION, be->url, 4, matches, 0)) - conf_err("Redirect bad URL - aborted"); - if((be->redir_req = matches[3].rm_eo - matches[3].rm_so) == 1) - / the path is a single '/', so remove it / - be->url[matches[3].rm_so] = '\0'; + if(regexec(&LOCATION, be->url, 4, matches, 0)) { + logmsg(LOG_ERR, "line %d: Redirect bad URL \"%s\" - aborted", n_lin, be->url); + exit(1); + } + if(be->url[matches[3].rm_so] == '/') + matches[3].rm_so++; + / if the path component is empty or a sigle slash / + be->redir_req = ((matches[3].rm_eo - matches[3].rm_so) < 1); } else if(!regexec(&BackEnd, lin, 4, matches, 0)) { if(res->backends) { for(be = res->backends; be->next; be = be->next) ; - be->next = parse_be(0); + be->next = parse_be(f_conf, 0); } else - res->backends = parse_be(0); + res->backends = parse_be(f_conf, 0); } else if(!regexec(&Emergency, lin, 4, matches, 0)) { - res->emergency = parse_be(1); + res->emergency = parse_be(f_conf, 1); } else if(!regexec(&Session, lin, 4, matches, 0)) { - parse_sess(res); + parse_sess(f_conf, res); } else if(!regexec(&End, lin, 4, matches, 0)) { for(be = res->backends; be; be = be->next) res->tot_pri += be->priority; @@ -584,14 +567,14 @@ return res; } else if(!regexec(&DynScale, lin, 4, matches, 0)) { res->dynscale = atoi(lin + matches[1].rm_so); - } else if(!regexec(&IgnoreCase, lin, 4, matches, 0)) { - ign_case = atoi(lin + matches[1].rm_so); } else { - conf_err("unknown directive"); + logmsg(LOG_ERR, "line %d: unknown directive \"%s\" - aborted", n_lin, lin); + exit(1); } } - conf_err("Service premature EOF"); + logmsg(LOG_ERR, "line %d: Service premature EOF", n_lin); + exit(1); return NULL; } @@ -605,14 +588,22 @@ struct stat st; int fin; - if(stat(fname, &st)) - conf_err("can't stat Err file - aborted"); - if((fin = open(fname, O_RDONLY)) < 0) - conf_err("can't open Err file - aborted"); - if((res = malloc(st.st_size + 1)) == NULL) - conf_err("can't alloc Err file (out of memory) - aborted"); - if(read(fin, res, st.st_size) != st.st_size) - conf_err("can't read Err file - aborted"); + if(stat(fname, &st)) { + logmsg(LOG_ERR, "line %d: can't stat Err file \"%s\" (%s) - aborted", n_lin, fname, strerror(errno)); + exit(1); + } + if((fin = open(fname, O_RDONLY)) < 0) { + logmsg(LOG_ERR, "line %d: can't open Err file \"%s\" (%s) - aborted", n_lin, fname, strerror(errno)); + exit(1); + } + if((res = malloc(st.st_size + 1)) == NULL) { + logmsg(LOG_ERR, "line %d: can't alloc Err file \"%s\" (out of memory) - aborted", n_lin, fname); + exit(1); + } + if(read(fin, res, st.st_size) != st.st_size) { + logmsg(LOG_ERR, "line %d: can't read Err file \"%s\" (%s) - aborted", n_lin, fname, strerror(errno)); + exit(1); + } res[st.st_size] = '\0'; close(fin); return res; @@ -622,7 +613,7 @@ parse an HTTP listener / static LISTENER -parse_HTTP(void) +parse_HTTP(FILE const f_conf) { char lin[MAXBUF]; LISTENER res; @@ -632,8 +623,10 @@ struct sockaddr_in in; struct sockaddr_in6 in6; - if((res = (LISTENER )malloc(sizeof(LISTENER))) == NULL) - conf_err("ListenHTTP config: out of memory - aborted"); + if((res = (LISTENER )malloc(sizeof(LISTENER))) == NULL) { + logmsg(LOG_ERR, "line %d: ListenHTTP config: out of memory - aborted", n_lin); + exit(1); + } memset(res, 0, sizeof(LISTENER)); res->to = clnt_to; res->rewr_loc = 1; @@ -642,18 +635,28 @@ res->err501 = "This method may not be used."; res->err503 = "The service is not available. Please try again later."; res->log_level = log_level; - if(regcomp(&res->verb, xhttp[0], REG_ICASE \| REG_NEWLINE \| REG_EXTENDED)) - conf_err("xHTTP bad default pattern - aborted"); + if(regcomp(&res->verb, xhttp[0], REG_ICASE \| REG_NEWLINE \| REG_EXTENDED)) { + logmsg(LOG_ERR, "line %d: xHTTP bad default pattern - aborted", n_lin); + exit(1); + } has_addr = has_port = 0; - while(conf_fgets(lin, MAXBUF)) { + while(fgets(lin, MAXBUF, f_conf)) { + n_lin++; if(strlen(lin) > 0 && lin[strlen(lin) - 1] == '\n') lin[strlen(lin) - 1] = '\0'; - if(!regexec(&Address, lin, 4, matches, 0)) { + if(!regexec(&Empty, lin, 4, matches, 0) \|\| !regexec(&Comment, lin, 4, matches, 0)) { + /* comment or empty line / + continue; + } else if(!regexec(&Address, lin, 4, matches, 0)) { lin[matches[1].rm_eo] = '\0'; - if(get_host(lin + matches[1].rm_so, &res->addr)) - conf_err("Unknown Listener address"); - if(res->addr.ai_family != AF_INET && res->addr.ai_family != AF_INET6) - conf_err("Unknown Listener address family"); + if(get_host(lin + matches[1].rm_so, &res->addr)) { + logmsg(LOG_ERR, "line %d: Unknown Listener address \"%s\"", n_lin, lin + matches[1].rm_so); + exit(1); + } + if(res->addr.ai_family != AF_INET && res->addr.ai_family != AF_INET6) { + logmsg(LOG_ERR, "line %d: Unknown Listener address family %d", n_lin, res->addr.ai_family); + exit(1); + } has_addr = 1; } else if(!regexec(&Port, lin, 4, matches, 0)) { switch(res->addr.ai_family) { @@ -668,7 +671,8 @@ memcpy(res->addr.ai_addr, &in6, sizeof(in6)); break; default: - conf_err("Unknown Listener address family"); + logmsg(LOG_ERR, "line %d: Unknown Listener address family %d", n_lin, res->addr.ai_family); + exit(1); } has_port = 1; } else if(!regexec(&xHTTP, lin, 4, matches, 0)) { @@ -676,16 +680,22 @@ n = atoi(lin + matches[1].rm_so); regfree(&res->verb); - if(regcomp(&res->verb, xhttp[n], REG_ICASE \| REG_NEWLINE \| REG_EXTENDED)) - conf_err("xHTTP bad pattern - aborted"); + if(regcomp(&res->verb, xhttp[n], REG_ICASE \| REG_NEWLINE \| REG_EXTENDED)) { + logmsg(LOG_ERR, "line %d: xHTTP bad pattern %d - aborted", n_lin, n); + exit(1); + } } else if(!regexec(&Client, lin, 4, matches, 0)) { res->to = atoi(lin + matches[1].rm_so); } else if(!regexec(&CheckURL, lin, 4, matches, 0)) { - if(res->has_pat) - conf_err("CheckURL multiple pattern - aborted"); + if(res->has_pat) { + logmsg(LOG_ERR, "line %d: CheckURL multiple pattern - aborted", n_lin); + exit(1); + } lin[matches[1].rm_eo] = '\0'; - if(regcomp(&res->url_pat, lin + matches[1].rm_so, REG_NEWLINE \| REG_EXTENDED)) - conf_err("CheckURL bad pattern - aborted"); + if(regcomp(&res->url_pat, lin + matches[1].rm_so, REG_NEWLINE \| REG_EXTENDED)) { + logmsg(LOG_ERR, "line %d: CheckURL bad pattern \"%s\" - aborted", n_lin, lin + matches[1].rm_so); + exit(1); + } res->has_pat = 1; } else if(!regexec(&Err414, lin, 4, matches, 0)) { lin[matches[1].rm_eo] = '\0'; @@ -705,22 +715,30 @@ if(res->head_off) { for(m = res->head_off; m->next; m = m->next) ; - if((m->next = (MATCHER )malloc(sizeof(MATCHER))) == NULL) - conf_err("HeadRemove config: out of memory - aborted"); + if((m->next = (MATCHER )malloc(sizeof(MATCHER))) == NULL) { + logmsg(LOG_ERR, "line %d: HeadRemove config: out of memory - aborted", n_lin); + exit(1); + } m = m->next; } else { - if((res->head_off = (MATCHER )malloc(sizeof(MATCHER))) == NULL) - conf_err("HeadRemove config: out of memory - aborted"); + if((res->head_off = (MATCHER )malloc(sizeof(MATCHER))) == NULL) { + logmsg(LOG_ERR, "line %d: HeadRemove config: out of memory - aborted", n_lin); + exit(1); + } m = res->head_off; } memset(m, 0, sizeof(MATCHER)); lin[matches[1].rm_eo] = '\0'; - if(regcomp(&m->pat, lin + matches[1].rm_so, REG_ICASE \| REG_NEWLINE \| REG_EXTENDED)) - conf_err("HeadRemove bad pattern - aborted"); + if(regcomp(&m->pat, lin + matches[1].rm_so, REG_ICASE \| REG_NEWLINE \| REG_EXTENDED)) { + logmsg(LOG_ERR, "line %d: HeadRemove bad pattern \"%s\" - aborted", n_lin, lin + matches[1].rm_so); + exit(1); + } } else if(!regexec(&AddHeader, lin, 4, matches, 0)) { lin[matches[1].rm_eo] = '\0'; - if((res->add_head = strdup(lin + matches[1].rm_so)) == NULL) - conf_err("AddHeader config: out of memory - aborted"); + if((res->add_head = strdup(lin + matches[1].rm_so)) == NULL) { + logmsg(LOG_ERR, "line %d: AddHeader config: out of memory - aborted", n_lin); + exit(1); + } } else if(!regexec(&RewriteLocation, lin, 4, matches, 0)) { res->rewr_loc = atoi(lin + matches[1].rm_so); } else if(!regexec(&RewriteDestination, lin, 4, matches, 0)) { @@ -729,31 +747,35 @@ res->log_level = atoi(lin + matches[1].rm_so); } else if(!regexec(&Service, lin, 4, matches, 0)) { if(res->services == NULL) - res->services = parse_service(NULL); + res->services = parse_service(f_conf, NULL); else { for(svc = res->services; svc->next; svc = svc->next) ; - svc->next = parse_service(NULL); + svc->next = parse_service(f_conf, NULL); } } else if(!regexec(&ServiceName, lin, 4, matches, 0)) { lin[matches[1].rm_eo] = '\0'; if(res->services == NULL) - res->services = parse_service(lin + matches[1].rm_so); + res->services = parse_service(f_conf, lin + matches[1].rm_so); else { for(svc = res->services; svc->next; svc = svc->next) ; - svc->next = parse_service(lin + matches[1].rm_so); + svc->next = parse_service(f_conf, lin + matches[1].rm_so); } } else if(!regexec(&End, lin, 4, matches, 0)) { - if(!has_addr \|\| !has_port) - conf_err("ListenHTTP missing Address or Port - aborted"); + if(!has_addr \|\| !has_port) { + logmsg(LOG_ERR, "line %d: ListenHTTP missing Address or Port - aborted", n_lin); + exit(1); + } return res; } else { - conf_err("unknown directive - aborted"); + logmsg(LOG_ERR, "line %d: unknown directive \"%s\" - aborted", n_lin, lin); + exit(1); } } - conf_err("ListenHTTP premature EOF"); + logmsg(LOG_ERR, "line %d: ListenHTTP premature EOF", n_lin); + exit(1); return NULL; } / @@ -769,7 +791,7 @@ * parse an HTTPS listener / static LISTENER -parse_HTTPS(void) +parse_HTTPS(FILE const f_conf) { char lin[MAXBUF]; LISTENER res; @@ -780,11 +802,15 @@ struct sockaddr_in in; struct sockaddr_in6 in6; - if((res = (LISTENER )malloc(sizeof(LISTENER))) == NULL) - conf_err("ListenHTTPS config: out of memory - aborted"); + if((res = (LISTENER )malloc(sizeof(LISTENER))) == NULL) { + logmsg(LOG_ERR, "line %d: ListenHTTPS config: out of memory - aborted", n_lin); + exit(1); + } memset(res, 0, sizeof(LISTENER)); - if((res->ctx = SSL_CTX_new(SSLv23_server_method())) == NULL) - conf_err("SSL_CTX_new failed - aborted"); + if((res->ctx = SSL_CTX_new(SSLv23_server_method())) == NULL) { + logmsg(LOG_ERR, "line %d: SSL_CTX_new failed - aborted", n_lin); + exit(1); + } res->to = clnt_to; res->rewr_loc = 1; @@ -793,18 +819,28 @@ res->err501 = "This method may not be used."; res->err503 = "The service is not available. Please try again later."; res->log_level = log_level; - if(regcomp(&res->verb, xhttp[0], REG_ICASE \| REG_NEWLINE \| REG_EXTENDED)) - conf_err("xHTTP bad default pattern - aborted"); + if(regcomp(&res->verb, xhttp[0], REG_ICASE \| REG_NEWLINE \| REG_EXTENDED)) { + logmsg(LOG_ERR, "line %d: xHTTP bad default pattern - aborted", n_lin); + exit(1); + } has_addr = has_port = has_cert = 0; - while(conf_fgets(lin, MAXBUF)) { + while(fgets(lin, MAXBUF, f_conf)) { + n_lin++; if(strlen(lin) > 0 && lin[strlen(lin) - 1] == '\n') lin[strlen(lin) - 1] = '\0'; - if(!regexec(&Address, lin, 4, matches, 0)) { + if(!regexec(&Empty, lin, 4, matches, 0) \|\| !regexec(&Comment, lin, 4, matches, 0)) { + /* comment or empty line / + continue; + } else if(!regexec(&Address, lin, 4, matches, 0)) { lin[matches[1].rm_eo] = '\0'; - if(get_host(lin + matches[1].rm_so, &res->addr)) - conf_err("Unknown Listener address"); - if(res->addr.ai_family != AF_INET && res->addr.ai_family != AF_INET6) - conf_err("Unknown Listener address family"); + if(get_host(lin + matches[1].rm_so, &res->addr)) { + logmsg(LOG_ERR, "line %d: Unknown Listener address \"%s\"", n_lin, lin + matches[1].rm_so); + exit(1); + } + if(res->addr.ai_family != AF_INET && res->addr.ai_family != AF_INET6) { + logmsg(LOG_ERR, "line %d: Unknown Listener address family %d", n_lin, res->addr.ai_family); + exit(1); + } has_addr = 1; } else if(!regexec(&Port, lin, 4, matches, 0)) { if(res->addr.ai_family == AF_INET) { @@ -822,16 +858,22 @@ n = atoi(lin + matches[1].rm_so); regfree(&res->verb); - if(regcomp(&res->verb, xhttp[n], REG_ICASE \| REG_NEWLINE \| REG_EXTENDED)) - conf_err("xHTTP bad pattern - aborted"); + if(regcomp(&res->verb, xhttp[n], REG_ICASE \| REG_NEWLINE \| REG_EXTENDED)) { + logmsg(LOG_ERR, "line %d: xHTTP bad pattern %d - aborted", n_lin, n); + exit(1); + } } else if(!regexec(&Client, lin, 4, matches, 0)) { res->to = atoi(lin + matches[1].rm_so); } else if(!regexec(&CheckURL, lin, 4, matches, 0)) { - if(res->has_pat) - conf_err("CheckURL multiple pattern - aborted"); + if(res->has_pat) { + logmsg(LOG_ERR, "line %d: CheckURL multiple pattern - aborted", n_lin); + exit(1); + } lin[matches[1].rm_eo] = '\0'; - if(regcomp(&res->url_pat, lin + matches[1].rm_so, REG_NEWLINE \| REG_EXTENDED)) - conf_err("CheckURL bad pattern - aborted"); + if(regcomp(&res->url_pat, lin + matches[1].rm_so, REG_NEWLINE \| REG_EXTENDED)) { + logmsg(LOG_ERR, "line %d: CheckURL bad pattern \"%s\" - aborted", n_lin, lin + matches[1].rm_so); + exit(1); + } res->has_pat = 1; } else if(!regexec(&Err414, lin, 4, matches, 0)) { lin[matches[1].rm_eo] = '\0'; @@ -851,18 +893,24 @@ if(res->head_off) { for(m = res->head_off; m->next; m = m->next) ; - if((m->next = (MATCHER )malloc(sizeof(MATCHER))) == NULL) - conf_err("HeadRemove config: out of memory - aborted"); + if((m->next = (MATCHER )malloc(sizeof(MATCHER))) == NULL) { + logmsg(LOG_ERR, "line %d: HeadRemove config: out of memory - aborted", n_lin); + exit(1); + } m = m->next; } else { - if((res->head_off = (MATCHER )malloc(sizeof(MATCHER))) == NULL) - conf_err("HeadRemove config: out of memory - aborted"); + if((res->head_off = (MATCHER )malloc(sizeof(MATCHER))) == NULL) { + logmsg(LOG_ERR, "line %d: HeadRemove config: out of memory - aborted", n_lin); + exit(1); + } m = res->head_off; } memset(m, 0, sizeof(MATCHER)); lin[matches[1].rm_eo] = '\0'; - if(regcomp(&m->pat, lin + matches[1].rm_so, REG_ICASE \| REG_NEWLINE \| REG_EXTENDED)) - conf_err("HeadRemove bad pattern - aborted"); + if(regcomp(&m->pat, lin + matches[1].rm_so, REG_ICASE \| REG_NEWLINE \| REG_EXTENDED)) { + logmsg(LOG_ERR, "line %d: HeadRemove bad pattern \"%s\" - aborted", n_lin, lin + matches[1].rm_so); + exit(1); + } } else if(!regexec(&RewriteLocation, lin, 4, matches, 0)) { res->rewr_loc = atoi(lin + matches[1].rm_so); } else if(!regexec(&RewriteDestination, lin, 4, matches, 0)) { @@ -871,12 +919,24 @@ res->log_level = atoi(lin + matches[1].rm_so); } else if(!regexec(&Cert, lin, 4, matches, 0)) { lin[matches[1].rm_eo] = '\0'; - if(SSL_CTX_use_certificate_chain_file(res->ctx, lin + matches[1].rm_so) != 1) - conf_err("SSL_CTX_use_certificate_chain_file failed - aborted"); - if(SSL_CTX_use_PrivateKey_file(res->ctx, lin + matches[1].rm_so, SSL_FILETYPE_PEM) != 1) - conf_err("SSL_CTX_use_PrivateKey_file failed - aborted"); - if(SSL_CTX_check_private_key(res->ctx) != 1) - conf_err("SSL_CTX_check_private_key failed - aborted"); + if(SSL_CTX_use_certificate_chain_file(res->ctx, lin + matches[1].rm_so) != 1) { + logmsg(LOG_ERR, "line %d: SSL_CTX_use_certificate_chain_file \"%s\" failed - aborted", n_lin, + lin + matches[1].rm_so); + logmsg(LOG_ERR, "%s", ERR_error_string(ERR_get_error(), NULL)); + exit(1); + } + if(SSL_CTX_use_PrivateKey_file(res->ctx, lin + matches[1].rm_so, SSL_FILETYPE_PEM) != 1) { + logmsg(LOG_ERR, "line %d: SSL_CTX_use_PrivateKey_file \"%s\" failed - aborted", n_lin, + lin + matches[1].rm_so); + logmsg(LOG_ERR, "%s", ERR_error_string(ERR_get_error(), NULL)); + exit(1); + } + if(SSL_CTX_check_private_key(res->ctx) != 1) { + logmsg(LOG_ERR, "line %d: SSL_CTX_check_private_key \"%s\" failed - aborted", n_lin, + lin + matches[1].rm_so); + logmsg(LOG_ERR, "%s", ERR_error_string(ERR_get_error(), NULL)); + exit(1); + } has_cert = 1; } else if(!regexec(&ClientCert, lin, 4, matches, 0)) { switch(res->clnt_check = atoi(lin + matches[1].rm_so)) { @@ -902,8 +962,10 @@ } } else if(!regexec(&AddHeader, lin, 4, matches, 0)) { lin[matches[1].rm_eo] = '\0'; - if((res->add_head = strdup(lin + matches[1].rm_so)) == NULL) - conf_err("AddHeader config: out of memory - aborted"); + if((res->add_head = strdup(lin + matches[1].rm_so)) == NULL) { + logmsg(LOG_ERR, "line %d: AddHeader config: out of memory - aborted", n_lin); + exit(1); + } } else if(!regexec(&Ciphers, lin, 4, matches, 0)) { lin[matches[1].rm_eo] = '\0'; SSL_CTX_set_cipher_list(res->ctx, lin + matches[1].rm_so); @@ -911,13 +973,21 @@ STACK_OF(X509_NAME) cert_names; lin[matches[1].rm_eo] = '\0'; - if((cert_names = SSL_load_client_CA_file(lin + matches[1].rm_so)) == NULL) - conf_err("SSL_load_client_CA_file failed - aborted"); + if((cert_names = SSL_load_client_CA_file(lin + matches[1].rm_so)) == NULL) { + logmsg(LOG_ERR, "line %d: SSL_load_client_CA_file \"%s\" failed - aborted", n_lin, + lin + matches[1].rm_so); + logmsg(LOG_ERR, "%s", ERR_error_string(ERR_get_error(), NULL)); + exit(1); + } SSL_CTX_set_client_CA_list(res->ctx, cert_names); } else if(!regexec(&VerifyList, lin, 4, matches, 0)) { lin[matches[1].rm_eo] = '\0'; - if(SSL_CTX_load_verify_locations(res->ctx, lin + matches[1].rm_so, NULL) != 1) - conf_err("SSL_CTX_load_verify_locations failed - aborted"); + if(SSL_CTX_load_verify_locations(res->ctx, lin + matches[1].rm_so, NULL) != 1) { + logmsg(LOG_ERR, "line %d: SSL_CTX_load_verify_locations \"%s\" failed - aborted", n_lin, + lin + matches[1].rm_so); + logmsg(LOG_ERR, "%s", ERR_error_string(ERR_get_error(), NULL)); + exit(1); + } } else if(!regexec(&CRLlist, lin, 4, matches, 0)) { #if HAVE_X509_STORE_SET_FLAGS X509_STORE store; @@ -925,51 +995,61 @@ lin[matches[1].rm_eo] = '\0'; store = SSL_CTX_get_cert_store(res->ctx); - if((lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file())) == NULL) - conf_err("X509_STORE_add_lookup failed - aborted"); - if(X509_load_crl_file(lookup, lin + matches[1].rm_so, X509_FILETYPE_PEM) != 1) - conf_err("X509_load_crl_file failed - aborted"); + if((lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file())) == NULL) { + logmsg(LOG_ERR, "line %d: X509_STORE_add_lookup \"%s\" failed - aborted", n_lin, + lin + matches[1].rm_so); + logmsg(LOG_ERR, "%s", ERR_error_string(ERR_get_error(), NULL)); + exit(1); + } + if(X509_load_crl_file(lookup, lin + matches[1].rm_so, X509_FILETYPE_PEM) != 1) { + logmsg(LOG_ERR, "line %d: X509_load_crl_file \"%s\" failed - aborted", n_lin, lin + matches[1].rm_so); + logmsg(LOG_ERR, "%s", ERR_error_string(ERR_get_error(), NULL)); + exit(1); + } X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK \| X509_V_FLAG_CRL_CHECK_ALL); #else - conf_err("your version of OpenSSL does not support CRL checking"); + logmsg(LOG_ERR, "line %d: your version of OpenSSL does not support CRL checking", n_lin); #endif } else if(!regexec(&NoHTTPS11, lin, 4, matches, 0)) { res->noHTTPS11 = atoi(lin + matches[1].rm_so); } else if(!regexec(&Service, lin, 4, matches, 0)) { if(res->services == NULL) - res->services = parse_service(NULL); + res->services = parse_service(f_conf, NULL); else { for(svc = res->services; svc->next; svc = svc->next) ; - svc->next = parse_service(NULL); + svc->next = parse_service(f_conf, NULL); } } else if(!regexec(&ServiceName, lin, 4, matches, 0)) { lin[matches[1].rm_eo] = '\0'; if(res->services == NULL) - res->services = parse_service(lin + matches[1].rm_so); + res->services = parse_service(f_conf, lin + matches[1].rm_so); else { for(svc = res->services; svc->next; svc = svc->next) ; - svc->next = parse_service(lin + matches[1].rm_so); + svc->next = parse_service(f_conf, lin + matches[1].rm_so); } } else if(!regexec(&End, lin, 4, matches, 0)) { X509_STORE store; - if(!has_addr \|\| !has_port \|\| !has_cert) - conf_err("ListenHTTPS missing Address, Port or Certificate - aborted"); + if(!has_addr \|\| !has_port \|\| !has_cert) { + logmsg(LOG_ERR, "line %d: ListenHTTPS missing Address, Port or Certificate - aborted", n_lin); + exit(1); + } SSL_CTX_set_mode(res->ctx, SSL_MODE_AUTO_RETRY); SSL_CTX_set_options(res->ctx, SSL_OP_ALL); sprintf(lin, "%d-Pound-%ld", getpid(), random()); SSL_CTX_set_session_id_context(res->ctx, (unsigned char )lin, strlen(lin)); SSL_CTX_set_tmp_rsa_callback(res->ctx, RSA_tmp_callback); - SSL_CTX_set_tmp_dh_callback(res->ctx, DH_tmp_callback); return res; } else { - conf_err("unknown directive"); + logmsg(LOG_ERR, "line %d: unknown directive \"%s\" - aborted", n_lin, lin); + exit(1); } } - conf_err("ListenHTTPS premature EOF"); + logmsg(LOG_ERR, "line %d: ListenHTTPS premature EOF", n_lin); + exit(1); return NULL; } @@ -977,7 +1057,7 @@ parse the config file / static void -parse_file(void) +parse_file(FILE const f_conf) { char lin[MAXBUF]; SERVICE svc; @@ -987,21 +1067,31 @@ ENGINE e; #endif - while(conf_fgets(lin, MAXBUF)) { + while(fgets(lin, MAXBUF, f_conf)) { + n_lin++; if(strlen(lin) > 0 && lin[strlen(lin) - 1] == '\n') lin[strlen(lin) - 1] = '\0'; - if(!regexec(&User, lin, 4, matches, 0)) { + if(!regexec(&Empty, lin, 4, matches, 0) \|\| !regexec(&Comment, lin, 4, matches, 0)) { + /* comment or empty line / + continue; + } else if(!regexec(&User, lin, 4, matches, 0)) { lin[matches[1].rm_eo] = '\0'; - if((user = strdup(lin + matches[1].rm_so)) == NULL) - conf_err("User config: out of memory - aborted"); + if((user = strdup(lin + matches[1].rm_so)) == NULL) { + logmsg(LOG_ERR, "line %d: User config: out of memory - aborted", n_lin); + exit(1); + } } else if(!regexec(&Group, lin, 4, matches, 0)) { lin[matches[1].rm_eo] = '\0'; - if((group = strdup(lin + matches[1].rm_so)) == NULL) - conf_err("Group config: out of memory - aborted"); + if((group = strdup(lin + matches[1].rm_so)) == NULL) { + logmsg(LOG_ERR, "line %d: Group config: out of memory - aborted", n_lin); + exit(1); + } } else if(!regexec(&RootJail, lin, 4, matches, 0)) { lin[matches[1].rm_eo] = '\0'; - if((root_jail = strdup(lin + matches[1].rm_so)) == NULL) - conf_err("RootJail config: out of memory - aborted"); + if((root_jail = strdup(lin + matches[1].rm_so)) == NULL) { + logmsg(LOG_ERR, "line %d: RootJail config: out of memory - aborted", n_lin); + exit(1); + } } else if(!regexec(&Daemon, lin, 4, matches, 0)) { daemonize = atoi(lin + matches[1].rm_so); } else if(!regexec(&LogFacility, lin, 4, matches, 0)) { @@ -1026,69 +1116,72 @@ dynscale = atoi(lin + matches[1].rm_so); } else if(!regexec(&TimeOut, lin, 4, matches, 0)) { be_to = atoi(lin + matches[1].rm_so); - } else if(!regexec(&ConnTO, lin, 4, matches, 0)) { - be_connto = atoi(lin + matches[1].rm_so); - } else if(!regexec(&IgnoreCase, lin, 4, matches, 0)) { - ignore_case = atoi(lin + matches[1].rm_so); #if HAVE_OPENSSL_ENGINE_H } else if(!regexec(&SSLEngine, lin, 4, matches, 0)) { lin[matches[1].rm_eo] = '\0'; #if OPENSSL_VERSION_NUMBER >= 0x00907000L ENGINE_load_builtin_engines(); #endif - if (!(e = ENGINE_by_id(lin + matches[1].rm_so))) - conf_err("could not find engine"); + if (!(e = ENGINE_by_id(lin + matches[1].rm_so))) { + logmsg(LOG_ERR, "line %d: could not find %s engine", n_lin, lin + matches[1].rm_so); + exit(1); + } if(!ENGINE_init(e)) { ENGINE_free(e); - conf_err("could not init engine"); + logmsg(LOG_ERR, "line %d: could not init %s engine", n_lin, lin + matches[1].rm_so); + exit(1); } if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) { ENGINE_free(e); - conf_err("could not set all defaults"); + logmsg(LOG_ERR, "line %d: could not set all defaults", n_lin); + exit(1); } ENGINE_finish(e); ENGINE_free(e); #endif } else if(!regexec(&Control, lin, 4, matches, 0)) { - if(ctrl_name != NULL) - conf_err("Control multiply defined - aborted"); + if(ctrl_name != NULL) { + logmsg(LOG_ERR, "line %d: Control multiply defined - aborted", n_lin); + exit(1); + } lin[matches[1].rm_eo] = '\0'; ctrl_name = strdup(lin + matches[1].rm_so); } else if(!regexec(&ListenHTTP, lin, 4, matches, 0)) { if(listeners == NULL) - listeners = parse_HTTP(); + listeners = parse_HTTP(f_conf); else { for(lstn = listeners; lstn->next; lstn = lstn->next) ; - lstn->next = parse_HTTP(); + lstn->next = parse_HTTP(f_conf); } } else if(!regexec(&ListenHTTPS, lin, 4, matches, 0)) { if(listeners == NULL) - listeners = parse_HTTPS(); + listeners = parse_HTTPS(f_conf); else { for(lstn = listeners; lstn->next; lstn = lstn->next) ; - lstn->next = parse_HTTPS(); + lstn->next = parse_HTTPS(f_conf); } } else if(!regexec(&Service, lin, 4, matches, 0)) { if(services == NULL) - services = parse_service(NULL); + services = parse_service(f_conf, NULL); else { for(svc = services; svc->next; svc = svc->next) ; - svc->next = parse_service(NULL); + svc->next = parse_service(f_conf, NULL); } } else if(!regexec(&ServiceName, lin, 4, matches, 0)) { lin[matches[1].rm_eo] = '\0'; if(services == NULL) - services = parse_service(lin + matches[1].rm_so); + services = parse_service(f_conf, lin + matches[1].rm_so); else { for(svc = services; svc->next; svc = svc->next) ; - svc->next = parse_service(lin + matches[1].rm_so); + svc->next = parse_service(f_conf, lin + matches[1].rm_so); } } else { - conf_err("unknown directive - aborted"); + logmsg(LOG_ERR, "line %d: unknown directive \"%s\" - aborted", n_lin, lin); + exit(1); } } return; @@ -1158,11 +1251,6 @@ \|\| regcomp(&VerifyList, "^[ \t]VerifyList[ \t]+\"(.+)\"[ \t]$", REG_ICASE \| REG_NEWLINE \| REG_EXTENDED) \|\| regcomp(&CRLlist, "^[ \t]CRLlist[ \t]+\"(.+)\"[ \t]$", REG_ICASE \| REG_NEWLINE \| REG_EXTENDED) \|\| regcomp(&NoHTTPS11, "^[ \t]NoHTTPS11[ \t]+([0-2])[ \t]$", REG_ICASE \| REG_NEWLINE \| REG_EXTENDED) - \|\| regcomp(&Include, "^[ \t]Include[ \t]+\"(.+)\"[ \t]$", REG_ICASE \| REG_NEWLINE \| REG_EXTENDED) - \|\| regcomp(&ConnTO, "^[ \t]ConnTO[ \t]+([1-9][0-9])[ \t]$", REG_ICASE \| REG_NEWLINE \| REG_EXTENDED) - \|\| regcomp(&IgnoreCase, "^[ \t]IgnoreCase[ \t]+([01])[ \t]$", REG_ICASE \| REG_NEWLINE \| REG_EXTENDED) - \|\| regcomp(&HTTPS, "^[ \t]HTTPS[ \t]$", REG_ICASE \| REG_NEWLINE \| REG_EXTENDED) - \|\| regcomp(&HTTPSCert, "^[ \t]HTTPS[ \t]+\"(.+)\"[ \t]$", REG_ICASE \| REG_NEWLINE \| REG_EXTENDED) ) { logmsg(LOG_ERR, "bad config Regex - aborted"); exit(1); @@ -1232,7 +1320,10 @@ exit(1); } - conf_init(conf_name); + if((f_conf = fopen(conf_name, "rt")) == NULL) { + logmsg(LOG_ERR, "can't open configuration file \"%s\" (%s) - aborted", conf_name, strerror(errno)); + exit(1); + } user = NULL; group = NULL; @@ -1246,7 +1337,9 @@ services = NULL; listeners = NULL; - parse_file(); + parse_file(f_conf); + + fclose(f_conf); if(check_only) { logmsg(LOG_INFO, "Config file %s is OK", conf_name); @@ -1312,11 +1405,6 @@ regfree(&VerifyList); regfree(&CRLlist); regfree(&NoHTTPS11); - regfree(&Include); - regfree(&ConnTO); - regfree(&IgnoreCase); - regfree(&HTTPS); - regfree(&HTTPSCert); /* set the facility only here to ensure the syslog gets opened if necessary */ log_facility = def_facility;
[-] [+]	Changed	Pound-2.4.1.tar.bz2/config.h.in ^
@@ -36,9 +36,6 @@ /* Define to 1 if you have the `dl' library (-ldl). / #undef HAVE_LIBDL -/ Define if libpcreposix is available / -#undef HAVE_LIBPCREPOSIX - / Define to 1 if you have the `localtime_r' function. */ #undef HAVE_LOCALTIME_R
[-] [+]	Changed	Pound-2.4.1.tar.bz2/configure ^
@@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.61 for pound 2.5. +# Generated by GNU Autoconf 2.61 for pound 2.4.1. # # Report bugs to <roseg@apsis.ch>. # @@ -574,8 +574,8 @@ # Identity of this package. PACKAGE_NAME='pound' PACKAGE_TARNAME='pound' -PACKAGE_VERSION='2.5' -PACKAGE_STRING='pound 2.5' +PACKAGE_VERSION='2.4.1' +PACKAGE_STRING='pound 2.4.1' PACKAGE_BUGREPORT='roseg@apsis.ch' ac_unique_file="pound.c" @@ -1204,7 +1204,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures pound 2.5 to adapt to many kinds of systems. +\`configure' configures pound 2.4.1 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1270,7 +1270,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short \| recursive ) echo "Configuration of pound 2.5:";; + short \| recursive ) echo "Configuration of pound 2.4.1:";; esac cat <<\_ACEOF @@ -1281,19 +1281,13 @@ (default: enabled) --enable-cert1l enable or disable single-line certificate (default: disabled) - --enable-pcreposix enable or disable using the pcreposix library - (default: enabled if available) - --enable-tcmalloc enable or disable using the tcmalloc library - (default: enabled if available) - --enable-hoard enable or disable using the hoard library (default: - enabled if available and ctmalloc NOT available) Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) --with-ssl=directory location of OpenSSL package --with-t_rsa=nnn Time-out for RSA ephemeral keys generation - --with-maxbuf=nnn Value of the MAXBUF parameter (default: 4096) + --with-maxbuf=nnn Value of the MAXBUF parameter (default: 1024) --with-owner=name The account that will own the files installed by Pound --with-group=name The group that will own the files installed by Pound @@ -1372,7 +1366,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -pound configure 2.5 +pound configure 2.4.1 generated by GNU Autoconf 2.61 Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, @@ -1386,7 +1380,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by pound $as_me 2.5, which was +It was created by pound $as_me 2.4.1, which was generated by GNU Autoconf 2.61. Invocation command line was $ $0 $@ @@ -2911,7 +2905,7 @@ # the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. # -# Pound is distributed in the hope that it will be useful, +# Foobar is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. @@ -3469,36 +3463,15 @@ # Check whether --enable-cert1l was given. if test "${enable_cert1l+set}" = set; then enableval=$enable_cert1l; test ${enableval} = "yes" && CFLAGS="${CFLAGS} -DCERT1L"; C_CERT1L="1" -fi - - - -# Check whether --enable-pcreposix was given. -if test "${enable_pcreposix+set}" = set; then - enableval=$enable_pcreposix; C_PCREPOSIX=${enableval} else - C_PCREPOSIX=yes + C_CERT1L="0" fi -# Check whether --enable-tcmalloc was given. -if test "${enable_tcmalloc+set}" = set; then - enableval=$enable_tcmalloc; C_TCMALLOC=${enableval} -else - C_TCMALLOC=yes -fi - - -# Check whether --enable-hoard was given. -if test "${enable_hoard+set}" = set; then - enableval=$enable_hoard; C_HOARD=${enableval} -else - C_HOARD=yes -fi - { echo "$as_me:$LINENO: * Checking for libraries " >&5 echo "$as_me: Checking for libraries *" >&6;} + LIBS="${LIBS} -lm" { echo "$as_me:$LINENO: checking for dlopen in -ldl" >&5 @@ -3835,7 +3808,6 @@ echo 'Missing OpenSSL (-lssl) - aborted'; exit 1 fi -if test x"$C_PCREPOSIX" = xyes; then { echo "$as_me:$LINENO: checking for regcomp in -lpcreposix" >&5 echo $ECHO_N "checking for regcomp in -lpcreposix... $ECHO_C" >&6; } if test "${ac_cv_lib_pcreposix_regcomp+set}" = set; then @@ -3898,11 +3870,7 @@ { echo "$as_me:$LINENO: result: $ac_cv_lib_pcreposix_regcomp" >&5 echo "${ECHO_T}$ac_cv_lib_pcreposix_regcomp" >&6; } if test $ac_cv_lib_pcreposix_regcomp = yes; then - LIBS="-lpcreposix ${LIBS}"; -cat >>confdefs.h <<\_ACEOF -#define HAVE_LIBPCREPOSIX 1 -_ACEOF - + LIBS="-lpcreposix ${LIBS}" else save_LIBS="$LIBS" @@ -3969,11 +3937,7 @@ { echo "$as_me:$LINENO: result: $ac_cv_lib_pcreposix_regexec" >&5 echo "${ECHO_T}$ac_cv_lib_pcreposix_regexec" >&6; } if test $ac_cv_lib_pcreposix_regexec = yes; then - LIBS="-lpcreposix -lpcre $save_LIBS"; -cat >>confdefs.h <<\_ACEOF -#define HAVE_LIBPCREPOSIX 1 -_ACEOF - + LIBS="-lpcreposix -lpcre $save_LIBS" else LIBS="$save_LIBS" fi @@ -3981,8 +3945,6 @@ fi -fi -if test x"$C_TCMALLOC" = xyes; then { echo "$as_me:$LINENO: checking for malloc in -ltcmalloc" >&5 echo $ECHO_N "checking for malloc in -ltcmalloc... $ECHO_C" >&6; } if test "${ac_cv_lib_tcmalloc_malloc+set}" = set; then @@ -4048,8 +4010,7 @@ LIBS="${LIBS} -ltcmalloc" fi -else -if test x"$C_HOARD" = xyes; then +if test "${ac_cv_lib_tcmalloc_malloc}" = "no"; then { echo "$as_me:$LINENO: checking for malloc in -lhoard" >&5 echo $ECHO_N "checking for malloc in -lhoard... $ECHO_C" >&6; } if test "${ac_cv_lib_hoard_malloc+set}" = set; then @@ -4116,7 +4077,6 @@ fi fi -fi { echo "$as_me:$LINENO: checking for pthread_attr_setstacksize in LIBS=$LIBS with CFLAGS=$CFLAGS" >&5 echo $ECHO_N "checking for pthread_attr_setstacksize in LIBS=$LIBS with CFLAGS=$CFLAGS... $ECHO_C" >&6; } @@ -7579,7 +7539,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by pound $as_me 2.5, which was +This file was extended by pound $as_me 2.4.1, which was generated by GNU Autoconf 2.61. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -7628,7 +7588,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF ac_cs_version="\\ -pound config.status 2.5 +pound config.status 2.4.1 configured by $0, generated by GNU Autoconf 2.61, with options \\"`echo "$ac_configure_args" \| sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\"
[-] [+]	Changed	Pound-2.4.1.tar.bz2/http.c ^
@@ -1,6 +1,6 @@ /* * Pound - the reverse-proxy load-balancer - * Copyright (C) 2002-2010 Apsis GmbH + * Copyright (C) 2002-2007 Apsis GmbH * * This file is part of Pound. * @@ -9,7 +9,7 @@ * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * - * Pound is distributed in the hope that it will be useful, + * Foobar is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. @@ -22,6 +22,7 @@ * P.O.Box * 8707 Uetikon am See * Switzerland + * Tel: +41-44-920 4904 * EMail: roseg@apsis.ch / @@ -52,25 +53,14 @@ static void redirect_reply(BIO const c, const char url, const int code) { - char rep[MAXBUF], cont[MAXBUF], code_msg; + char rep[MAXBUF], cont[MAXBUF]; - switch(code) { - case 301: - code_msg = "Moved Permanently"; - break; - case 307: - code_msg = "Temporary Redirect"; - break; - default: - code_msg = "Found"; - break; - } snprintf(cont, sizeof(cont), "<html><head><title>Redirect</title></head><body><h1>Redirect</h1><p>You should go to <a href=\"%s\">%s</a></p></body></html>", url, url); snprintf(rep, sizeof(rep), - "HTTP/1.0 %d %s\r\nLocation: %s\r\nContent-Type: text/html\r\nContent-Length: %d\r\n\r\n", - code, code_msg, url, strlen(cont)); + "HTTP/1.0 %d Found\r\nLocation: %s\r\nContent-Type: text/html\r\nContent-Length: %d\r\n\r\n", + code, url, strlen(cont)); BIO_write(c, rep, strlen(rep)); BIO_write(c, cont, strlen(cont)); BIO_flush(c); @@ -125,7 +115,7 @@ case -1: return 1; default: - for(i = n_read; i < bufsize && buf[i]; i++) + for(i = n_read; i < bufsize; i++) if(buf[i] == '\n' \|\| buf[i] == '\r') { buf[i] = '\0'; return 0; @@ -442,11 +432,8 @@ #ifdef HAVE_GETTIMEOFDAY struct timeval tv; struct timezone tz; - int sv_errno; - sv_errno = errno; gettimeofday(&tv, &tz); - errno = sv_errno; return tv.tv_sec * 1000000.0 + tv.tv_usec; #else return time(NULL) * 1000000.0; @@ -486,15 +473,15 @@ int cl_11, be_11, res, chunked, n, sock, no_cont, skip, conn_closed, force_10, sock_proto; LISTENER lstn; SERVICE svc; - BACKEND backend, cur_backend, old_backend; - struct addrinfo from_host, z_addr; + BACKEND backend, cur_backend; + struct addrinfo from_host; struct sockaddr_storage from_host_addr; BIO cl, be, bb, b64; X509 x509; char request[MAXBUF], response[MAXBUF], buf[MAXBUF], url[MAXBUF], loc_path[MAXBUF], *headers, headers_ok[MAXHEADERS], v_host[MAXBUF], referer[MAXBUF], u_agent[MAXBUF], u_name[MAXBUF], caddr[MAXBUF], req_time[LOG_TIME_SIZE], s_res_bytes[LOG_BYTES_SIZE], mh; - SSL ssl, be_ssl; + SSL ssl; long cont, res_bytes; regmatch_t matches[4]; struct linger l; @@ -781,23 +768,12 @@ clean_all(); pthread_exit(NULL); } - if(connect_nb(sock, &backend->addr, backend->conn_to) < 0) { + if(connect_nb(sock, &backend->addr, backend->to) < 0) { str_be(buf, MAXBUF - 1, backend); logmsg(LOG_WARNING, "(%lx) backend %s connect: %s", pthread_self(), buf, strerror(errno)); - shutdown(sock, 2); close(sock); - / - * kill the back-end only if no HAport is defined for it - * otherwise allow the HAport mechanism to do its job - / - memset(&z_addr, 0, sizeof(z_addr)); - if(memcmp(&(backend->ha_addr), &(z_addr), sizeof(z_addr)) == 0) - kill_be(svc, backend, BE_KILL); - / - * ...but make sure we don't get into a loop with the same back-end - / - old_backend = backend; - if((backend = get_backend(svc, &from_host, url, &headers[1])) == NULL \|\| backend == old_backend) { + kill_be(svc, backend, 0); + if((backend = get_backend(svc, &from_host, url, &headers[1])) == NULL) { addr2str(caddr, MAXBUF - 1, &from_host, 1); logmsg(LOG_NOTICE, "(%lx) e503 no back-end \"%s\" from %s", pthread_self(), request, caddr); err_reply(cl, h503, lstn->err503); @@ -834,35 +810,6 @@ BIO_set_callback_arg(be, (char )&backend->to); BIO_set_callback(be, bio_callback); } - if(backend->ctx != NULL) { - if((be_ssl = SSL_new(backend->ctx)) == NULL) { - logmsg(LOG_WARNING, "(%lx) be SSL_new: failed", pthread_self()); - err_reply(cl, h503, lstn->err503); - free_headers(headers); - clean_all(); - pthread_exit(NULL); - } - SSL_set_bio(be_ssl, be, be); - if((bb = BIO_new(BIO_f_ssl())) == NULL) { - logmsg(LOG_WARNING, "(%lx) BIO_new(Bio_f_ssl()) failed", pthread_self()); - err_reply(cl, h503, lstn->err503); - free_headers(headers); - clean_all(); - pthread_exit(NULL); - } - BIO_set_ssl(bb, be_ssl, BIO_CLOSE); - BIO_set_ssl_mode(bb, 1); - be = bb; - if(BIO_do_handshake(be) <= 0) { - str_be(buf, MAXBUF - 1, backend); - logmsg(LOG_NOTICE, "BIO_do_handshake with %s failed: %s", buf, - ERR_error_string(ERR_get_error(), NULL)); - err_reply(cl, h503, lstn->err503); - free_headers(headers); - clean_all(); - pthread_exit(NULL); - } - } if((bb = BIO_new(BIO_f_buffer())) == NULL) { logmsg(LOG_WARNING, "(%lx) e503 BIO_new(buffer) server failed", pthread_self()); err_reply(cl, h503, lstn->err503); @@ -926,7 +873,6 @@ logmsg(LOG_WARNING, "(%lx) e500 error write HTTPSHeader to %s: %s (%.3f sec)", pthread_self(), buf, strerror(errno), (end_req - start_req) / 1000000.0); err_reply(cl, h500, lstn->err500); - free_headers(headers); clean_all(); pthread_exit(NULL); } @@ -937,20 +883,6 @@ if(cur_backend->be_type == 0 && ssl != NULL) { SSL_CIPHER cipher; - if((cipher = SSL_get_current_cipher(ssl)) != NULL) { - SSL_CIPHER_description(cipher, buf, MAXBUF - 1); - strip_eol(buf); - if(BIO_printf(be, "X-SSL-cipher: %s\r\n", buf) <= 0) { - str_be(buf, MAXBUF - 1, cur_backend); - end_req = cur_time(); - logmsg(LOG_WARNING, "(%lx) e500 error write X-SSL-cipher to %s: %s (%.3f sec)", - pthread_self(), buf, strerror(errno), (end_req - start_req) / 1000000.0); - err_reply(cl, h500, lstn->err500); - clean_all(); - pthread_exit(NULL); - } - } - if(lstn->clnt_check > 0 && x509 != NULL && (bb = BIO_new(BIO_s_mem())) != NULL) { X509_NAME_print_ex(bb, X509_get_subject_name(x509), 8, XN_FLAG_ONELINE & ~ASN1_STRFLGS_ESC_MSB); get_line(bb, buf, MAXBUF); @@ -1074,6 +1006,19 @@ } } #endif + if((cipher = SSL_get_current_cipher(ssl)) != NULL) { + SSL_CIPHER_description(cipher, buf, MAXBUF - 1); + strip_eol(buf); + if(BIO_printf(be, "X-SSL-cipher: %s\r\n", buf) <= 0) { + str_be(buf, MAXBUF - 1, cur_backend); + end_req = cur_time(); + logmsg(LOG_WARNING, "(%lx) e500 error write X-SSL-cipher to %s: %s (%.3f sec)", + pthread_self(), buf, strerror(errno), (end_req - start_req) / 1000000.0); + err_reply(cl, h500, lstn->err500); + clean_all(); + pthread_exit(NULL); + } + } BIO_free_all(bb); } } @@ -1142,7 +1087,7 @@ / if we have a redirector */ if(cur_backend->be_type) { memset(buf, 0, sizeof(buf)); - if(!cur_backend->redir_req) + if(cur_backend->redir_req) snprintf(buf, sizeof(buf) - 1, "%s%s", cur_backend->url, url); else strncpy(buf, cur_backend->url, sizeof(buf) - 1); @@ -1157,16 +1102,16 @@ break; case 3: if(v_host[0]) - logmsg(LOG_INFO, "%s %s - %s [%s] \"%s\" %d 0 \"%s\" \"%s\"", v_host, caddr, - u_name[0]? u_name: "-", req_time, request, cur_backend->be_type, referer, u_agent); + logmsg(LOG_INFO, "%s %s - %s [%s] \"%s\" 302 0 \"%s\" \"%s\"", v_host, caddr, + u_name[0]? u_name: "-", req_time, request, referer, u_agent); else - logmsg(LOG_INFO, "%s - %s [%s] \"%s\" %d 0 \"%s\" \"%s\"", caddr, - u_name[0]? u_name: "-", req_time, request, cur_backend->be_type, referer, u_agent); + logmsg(LOG_INFO, "%s - %s [%s] \"%s\" 302 0 \"%s\" \"%s\"", caddr, + u_name[0]? u_name: "-", req_time, request, referer, u_agent); break; case 4: case 5: - logmsg(LOG_INFO, "%s - %s [%s] \"%s\" %d 0 \"%s\" \"%s\"", caddr, - u_name[0]? u_name: "-", req_time, request, cur_backend->be_type, referer, u_agent); + logmsg(LOG_INFO, "%s - %s [%s] \"%s\" 302 0 \"%s\" \"%s\"", caddr, + u_name[0]? u_name: "-", req_time, request, referer, u_agent); break; } if(!cl_11 \|\| conn_closed \|\| force_10) @@ -1211,7 +1156,7 @@ break; case HEADER_LOCATION: if(v_host[0] && need_rewrite(lstn->rewr_loc, buf, loc_path, lstn, cur_backend)) { - snprintf(buf, MAXBUF, "Location: %s://%s/%s", + snprintf(buf, MAXBUF, "Location: %s://%s%s", (ssl == NULL? "http": "https"), v_host, loc_path); free(headers[n]); if((headers[n] = strdup(buf)) == NULL) { @@ -1225,7 +1170,7 @@ break; case HEADER_CONTLOCATION: if(v_host[0] && need_rewrite(lstn->rewr_loc, buf, loc_path, lstn, cur_backend)) { - snprintf(buf, MAXBUF, "Content-location: %s://%s/%s", + snprintf(buf, MAXBUF, "Content-location: %s://%s%s", (ssl == NULL? "http": "https"), v_host, loc_path); free(headers[n]); if((headers[n] = strdup(buf)) == NULL) {
[-] [+]	Changed	Pound-2.4.1.tar.bz2/pound.8 ^
@@ -1,4 +1,4 @@ -.TH POUND "8" "Jan 2010" "pound" "System Manager's Manual" +.TH POUND "8" "May 2002" "pound" "System Manager's Manual" .SH NAME pound \- HTTP/HTTPS reverse-proxy and load-balancer .SH SYNOPSIS @@ -243,10 +243,6 @@ used). This value can be overridden for specific listeners. .TP -\fBIgnoreCase\fR 0\|1 -Ignore case when matching URLs (default: 0). This value can be -overridden for specific services. -.TP \fBDynScale\fR 0\|1 Enable or disable the dynamic rescaling code (default: 0). If enabled .B Pound @@ -279,13 +275,6 @@ wait for a response from the back-end (in seconds). Default: 15 seconds. This value can be overridden for specific back-ends. .TP -\fBConnTO\fR value -How long should -.B Pound -wait for a connection to the back-end (in seconds). Default: the -.B TimeOut -value. This value can be overridden for specific back-ends. -.TP \fBGrace\fR value How long should .B Pound @@ -351,8 +340,8 @@ CHECKOUT, MERGE, REPORT). .IP .I 3 -additionally allow MS extensions WebDAV verbs (SUBSCRIBE, UNSUBSCRIBE, -NOTIFY, BPROPFIND, BPROPPATCH, POLL, BMOVE, BCOPY, BDELETE, CONNECT). +additionally allow MS extensions WebDAV verbs (SUBSCRIBE, BPROPPATCH, +POLL, BMOVE, BCOPY, BDELETE, CONNECT). .IP .I 4 additionally allow MS RPC extensions verbs (RPC_IN_DATA, RPC_OUT_DATA). @@ -517,14 +506,7 @@ .I URL conditions per service. If no .I URL -was defined then all requests match. The matching is by default case-sensitive, -but this can be overridden by specifying -.B IgnoreCase 1 -.TP -\fBIgnoreCase\fR 0\|1 -Override the global -.B IgnoreCase -setting. +was defined then all requests match. .TP \fBHeadRequire\fR "pattern" The request must contain at least on header matching the given pattern. @@ -562,7 +544,7 @@ .B Pound will attempt to load-balance between them. .TP -\fBRedirect\fR [code] "url" +\fBRedirect\fR "url" This is a special type of back-end. Instead of sending the request to a back-end .B Pound replies immediately with a redirection to the given URL. You may define multiple @@ -605,8 +587,7 @@ should reply with a "307 Temporary Redirect" status. Unfortunately, that is not yet supported by all clients (in particular HTTP 1.0 ones), so .B Pound -currently replies by default with a "302 Found" instead. You may override this -behaviour by specifying the code to be used (301, 302 or 307). +currently replies with a "302 Found" instead. .TP \fBEmergency\fR Directives enclosed between an @@ -654,13 +635,6 @@ .B mandatory parameter for non Unix-domain back-ends. .TP -\fBHTTPS\fR [ "cert" ] -The back-end is using HTTPS. If the optional parameter -.I cert -is specified, -.B Pound -will present this certificate to the back-end. -.TP \fBPriority\fR val The priority of this back-end (between 1 and 9, 5 is default). Higher priority back-ends will be used more often than lower priority ones, so you should @@ -671,11 +645,6 @@ .I TimeOut value. .TP -\fBConnTO\fR val -Override the global -.I ConnTO -value. -.TP \fBHAport\fR [ address ] port A port (and optional address) to be used for server function checks. See below the "High Availability" section for a more detailed discussion. By default @@ -1159,7 +1128,7 @@ .SH "REPORTING BUGS" Report bugs to <roseg@apsis.ch>. .SH COPYRIGHT -Copyright \(co 2002-2010 Apsis GmbH. +Copyright \(co 2002-2006 Apsis GmbH. .br This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
[-] [+]	Changed	Pound-2.4.1.tar.bz2/pound.c ^
@@ -1,6 +1,6 @@ /* * Pound - the reverse-proxy load-balancer - * Copyright (C) 2002-2010 Apsis GmbH + * Copyright (C) 2002-2007 Apsis GmbH * * This file is part of Pound. * @@ -9,7 +9,7 @@ * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * - * Pound is distributed in the hope that it will be useful, + * Foobar is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. @@ -22,6 +22,7 @@ * P.O.Box * 8707 Uetikon am See * Switzerland + * Tel: +41-44-920 4904 * EMail: roseg@apsis.ch */
[-] [+]	Changed	Pound-2.4.1.tar.bz2/pound.h ^
@@ -1,6 +1,6 @@ /* * Pound - the reverse-proxy load-balancer - * Copyright (C) 2002-2010 Apsis GmbH + * Copyright (C) 2002-2007 Apsis GmbH * * This file is part of Pound. * @@ -9,7 +9,7 @@ * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * - * Pound is distributed in the hope that it will be useful, + * Foobar is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. @@ -22,6 +22,7 @@ * P.O.Box * 8707 Uetikon am See * Switzerland + * Tel: +41-44-920 4904 * EMail: roseg@apsis.ch / @@ -96,11 +97,6 @@ #error "Pound needs sys/un.h" #endif -#ifndef UNIX_PATH_MAX -/ on Linux this is defined in linux/un.h rather than sys/un.h - go figure / -#define UNIX_PATH_MAX 108 -#endif - #if HAVE_NETINET_IN_H #include <netinet/in.h> #else @@ -179,14 +175,10 @@ #error "Pound needs signal.h" #endif -#if HAVE_LIBPCREPOSIX #if HAVE_PCREPOSIX_H #include <pcreposix.h> #elif HAVE_PCRE_PCREPOSIX #include <pcre/pcreposix.h> -#else -#error "You have libpcreposix, but the header files are missing. Use --disable-pcreposix" -#endif #elif HAVE_REGEX_H #include <regex.h> #else @@ -268,7 +260,7 @@ #endif / NO_EXTERNALS / #ifndef MAXBUF -#define MAXBUF 4096 +#define MAXBUF 1024 #endif #define MAXHEADERS 128 @@ -292,15 +284,13 @@ / back-end definition / typedef struct _backend { - int be_type; / 0 if real back-end, otherwise code (301, 302/default, 307) / + int be_type; / 0 if real back-end, other wise code (301, 302/default, 307) / struct addrinfo addr; / IPv4/6 address / int priority; / priority / - int to; / read/write time-out / - int conn_to; / connection time-out / + int to; struct addrinfo ha_addr; / HA address/port / char url; /* for redirectors / int redir_req; / the redirect should include the request path / - SSL_CTX ctx; /* CTX for SSL connections / pthread_mutex_t mut; / mutex for this back-end / int n_requests; / number of requests seen / double t_requests; / time to answer these requests / @@ -335,8 +325,8 @@ pthread_mutex_t mut; / mutex for this service / SESS_TYPE sess_type; int sess_ttl; / session time-to-live / - regex_t sess_start; / pattern to identify the session data / regex_t sess_pat; / pattern to match the session data / + char sess_parm; /* session cookie or parameter / LHASH sessions; /* currently active sessions / int dynscale; / true if the back-ends should be dynamically rescaled / int disabled; / true if the service is disabled / @@ -481,9 +471,6 @@ / extern int check_header(const char , char ); -#define BE_DISABLE -1 -#define BE_KILL 1 -#define BE_ENABLE 0 /* * mark a backend host as dead; * do nothing if no resurection code is active @@ -526,7 +513,7 @@ / #define N_RSA_KEYS 11 #ifndef T_RSA_KEYS -#define T_RSA_KEYS 1800 +#define T_RSA_KEYS 300 #endif / @@ -535,11 +522,6 @@ extern RSA RSA_tmp_callback(SSL , int, int); /* - * return a pre-generated RSA key - / -extern DH DH_tmp_callback(SSL , int, int); - -/ * expiration stuff */ #ifndef EXPIRE_TO
[-] [+]	Changed	Pound-2.4.1.tar.bz2/poundctl.8 ^
@@ -1,9 +1,9 @@ -.TH POUNDCTL "8" "Jan 2010" "poundctl" "System Manager's Manual" +.TH POUNDCTL "8" "October 2006" "poundctl" "System Manager's Manual" .SH NAME poundctl \- control the pound(8) daemon .SH SYNOPSIS .TP -.B poundctl \fI-c /path/to/socket\fR [\fI-L/-l\fR] [\fI-S/-s\fR] [\fI-B/-b\fR] [\fI-N/-n\fR] [\fI-H\fR] [\fI-X\fR] +.B poundctl \fI-c /path/to/socket\fR [\fI-L/-l\fR] [\fI-S/-s\fR] [\fI-B/-b\fR] [\fI-N/-n\fR] .SH DESCRIPTION .PP .B Poundctl @@ -48,13 +48,6 @@ The parameters n, m and r refer to the number assigned to a particular listener, service and back-end in the listings. A listener number of -1 refers by convention to the global context. -.TP -\fB\-H\fR -Try to resolve the addresses to symbolic names. Depending on your configuration, -this may require an active DNS. -.TP -\fB\-X\fR -Show the results in XML format. .PP When called without flags .B poundctl @@ -66,7 +59,7 @@ .SH "REPORTING BUGS" Report bugs to <roseg@apsis.ch>. .SH COPYRIGHT -Copyright \(co 2002-2010 Apsis GmbH. +Copyright \(co 2002-2006 Apsis GmbH. .br This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
[-] [+]	Changed	Pound-2.4.1.tar.bz2/poundctl.c ^
@@ -1,6 +1,6 @@ /* * Pound - the reverse-proxy load-balancer - * Copyright (C) 2002-2010 Apsis GmbH + * Copyright (C) 2002-2007 Apsis GmbH * * This file is part of Pound. * @@ -9,7 +9,7 @@ * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * - * Pound is distributed in the hope that it will be useful, + * Foobar is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. @@ -22,13 +22,13 @@ * P.O.Box * 8707 Uetikon am See * Switzerland + * Tel: +41-44-920 4904 * EMail: roseg@apsis.ch / #define NO_EXTERNALS 1 #include "pound.h" static int xml_out = 0; -static int host_names = 0; static void usage(const char arg0) @@ -45,8 +45,7 @@ fprintf(stderr, "\t-n n m k - remove a session with key k r in service m in listener n\n"); fprintf(stderr, "\n"); fprintf(stderr, "\tentering the command without arguments lists the current configuration.\n"); - fprintf(stderr, "\tthe -X flag results in XML output.\n"); - fprintf(stderr, "\tthe -H flag shows symbolic host names instead of addresses.\n"); + fprintf(stderr, "\tthe -X flags results in XML output.\n"); exit(1); } @@ -56,40 +55,36 @@ static char * prt_addr(const struct addrinfo addr) { - static char res[UNIX_PATH_MAX]; - char buf[UNIX_PATH_MAX]; + static char res[64]; + char buf[64]; int port; void src; - memset(buf, 0, UNIX_PATH_MAX); + memset(buf, 0, 64); #ifdef HAVE_INET_NTOP switch(addr->ai_family) { case AF_INET: src = (void )&((struct sockaddr_in )addr->ai_addr)->sin_addr.s_addr; port = ntohs(((struct sockaddr_in )addr->ai_addr)->sin_port); - if(host_names && !getnameinfo(addr->ai_addr, addr->ai_addrlen, buf, UNIX_PATH_MAX - 1, NULL, 0, 0)) - break; - if(inet_ntop(AF_INET, src, buf, UNIX_PATH_MAX - 1) == NULL) - strncpy(buf, "(UNKNOWN)", UNIX_PATH_MAX - 1); + if(inet_ntop(AF_INET, src, buf, 63) == NULL) + strncpy(buf, "(UNKNOWN)", 63); break; case AF_INET6: src = (void )&((struct sockaddr_in6 )addr->ai_addr)->sin6_addr.s6_addr; port = ntohs(((struct sockaddr_in6 )addr->ai_addr)->sin6_port); - if(host_names && !getnameinfo(addr->ai_addr, addr->ai_addrlen, buf, UNIX_PATH_MAX - 1, NULL, 0, 0)) - break; - if(inet_ntop(AF_INET6, src, buf, UNIX_PATH_MAX - 1) == NULL) - strncpy(buf, "(UNKNOWN)", UNIX_PATH_MAX - 1); + if(inet_ntop(AF_INET6, src, buf, 63) == NULL) + strncpy(buf, "(UNKNOWN)", 63); break; case AF_UNIX: - strncpy(buf, (char )addr->ai_addr, UNIX_PATH_MAX - 1); + strncpy(buf, (char )addr->ai_addr, 63); port = 0; break; default: - strncpy(buf, "(UNKNOWN)", UNIX_PATH_MAX - 1); + strncpy(buf, "(UNKNOWN)", 63); port = 0; break; } - snprintf(res, UNIX_PATH_MAX - 1, "%s:%d", buf, port); + snprintf(res, 63, "%s:%d", buf, port); #else #error "Pound needs inet_ntop()" #endif @@ -114,10 +109,9 @@ be.ha_addr.ai_addr = (struct sockaddr )&h; } if(xml_out) - printf("<backend index=\"%d\" address=\"%s\" avg=\"%.3f\" priority=\"%d\" alive=\"%s\" status=\"%s\" />\n", - n_be++, - prt_addr(&be.addr), be.t_average / 1000000, be.priority, be.alive? "yes": "DEAD", - be.disabled? "DISABLED": "active"); + printf("<backend index=\"%d\" address=\"%s\" average=\"%.3f\" priority=\"%d\"%s%s />\n", n_be++, + prt_addr(&be.addr), be.t_average / 1000000, be.priority, be.alive? "": " DEAD", + be.disabled? " DISABLED": ""); else printf(" %3d. Backend %s %s (%d %.3f sec) %s\n", n_be++, prt_addr(&be.addr), be.disabled? "DISABLED": "active", be.priority, be.t_average / 1000000, be.alive? "alive": "DEAD"); @@ -151,7 +145,7 @@ escaped[j++] = '"'; } else escaped[j++] = buf[i]; - escaped[j] = '\0'; + buf[j] = '\0'; printf("<session index=\"%d\" key=\"%s\" backend=\"%d\" />\n", n_sess++, escaped, n_be); } else printf(" %3d. Session %s -> %d\n", n_sess++, buf, n_be); @@ -171,8 +165,7 @@ break; if(xml_out) { if(svc.name[0]) - printf("<service index=\"%d\" name=\"%s\" status=\"%s\">\n", - n_svc++, svc.name, svc.disabled? "DISABLED": "active"); + printf("<service index=\"%d\" name=\"%s\"%s>\n", n_svc++, svc.name, svc.disabled? " DISABLED": ""); else printf("<service index=\"%d\"%s>\n", n_svc++, svc.disabled? " DISABLED": ""); } else { @@ -228,7 +221,7 @@ memset(&cmd, 0, sizeof(cmd)); opterr = 0; i = 0; - while(!i && (c_opt = getopt(argc, argv, "c:LlSsBbNnXH")) > 0) + while(!i && (c_opt = getopt(argc, argv, "c:LlSsBbNnX")) > 0) switch(c_opt) { case 'c': sock_name = optarg; @@ -276,9 +269,6 @@ usage(arg0); d_sess = is_set = 1; break; - case 'H': - host_names = 1; - break; default: if(optopt == '1') { optind--; @@ -350,9 +340,8 @@ read(sock, &a, lstn.addr.ai_addrlen); lstn.addr.ai_addr = (struct sockaddr )&a; if(xml_out) - printf("<listener index=\"%d\" protocol=\"%s\" address=\"%s\" status=\"%s\">\n", - n_lstn++, lstn.ctx? "HTTPS": "http", - prt_addr(&lstn.addr), lstn.disabled? "DISABLED": "active"); + printf("<listener index=\"%d\" %s address=\"%s\"%s>\n", n_lstn++, lstn.ctx? "HTTPS": "HTTP", + prt_addr(&lstn.addr), lstn.disabled? " DISABLED": ""); else printf("%3d. %s Listener %s %s\n", n_lstn++, lstn.ctx? "HTTPS" : "http", prt_addr(&lstn.addr), lstn.disabled? "*D": "a");
[-] [+]	Changed	Pound-2.4.1.tar.bz2/svc.c ^
@@ -1,6 +1,6 @@ /* * Pound - the reverse-proxy load-balancer - * Copyright (C) 2002-2010 Apsis GmbH + * Copyright (C) 2002-2007 Apsis GmbH * * This file is part of Pound. * @@ -9,7 +9,7 @@ * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * - * Pound is distributed in the hope that it will be useful, + * Foobar is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. @@ -22,6 +22,7 @@ * P.O.Box * 8707 Uetikon am See * Switzerland + * Tel: +41-44-920 4904 * EMail: roseg@apsis.ch / @@ -73,10 +74,8 @@ TABNODE t, res; t.key = key; - if((res = (TABNODE )lh_retrieve(tab, &t)) != NULL) { - res->last_acc = time(NULL); + if((res = (TABNODE )lh_retrieve(tab, &t)) != NULL) return res->content; - } return NULL; } @@ -140,7 +139,7 @@ ALL_ARG a; a = (ALL_ARG )arg; - if(memcmp(t->content, a->content, a->cont_len) == 0) + if(memcmp(t->content, a->content, a->cont_len)) lh_delete(a->tab, t); return; } @@ -367,21 +366,16 @@ static int get_REQUEST(char res, const SERVICE svc, const char request) { - int n, s; + int n; regmatch_t matches[4]; - if(regexec(&svc->sess_start, request, 4, matches, 0)) { - res[0] = '\0'; - return 0; - } - s = matches[0].rm_eo; - if(regexec(&svc->sess_pat, request + s, 4, matches, 0)) { + if(regexec(&svc->sess_pat, request, 4, matches, 0)) { res[0] = '\0'; return 0; } if((n = matches[1].rm_eo - matches[1].rm_so) > KEY_SIZE) n = KEY_SIZE; - strncpy(res, request + s + matches[1].rm_so, n); + strncpy(res, request + matches[1].rm_so, n); res[n] = '\0'; return 1; } @@ -389,7 +383,7 @@ static int get_HEADERS(char res, const SERVICE svc, char const headers) { - int i, n, s; + int i, n; regmatch_t matches[4]; / this will match SESS_COOKIE, SESS_HEADER and SESS_BASIC / @@ -397,14 +391,11 @@ for(i = 0; i < (MAXHEADERS - 1); i++) { if(headers[i] == NULL) continue; - if(regexec(&svc->sess_start, headers[i], 4, matches, 0)) - continue; - s = matches[0].rm_eo; - if(regexec(&svc->sess_pat, headers[i] + s, 4, matches, 0)) + if(regexec(&svc->sess_pat, headers[i], 4, matches, 0)) continue; if((n = matches[1].rm_eo - matches[1].rm_so) > KEY_SIZE) n = KEY_SIZE; - strncpy(res, headers[i] + s + matches[1].rm_so, n); + strncpy(res, headers[i] + matches[1].rm_so, n); res[n] = '\0'; } return res[0] != '\0'; @@ -488,7 +479,7 @@ case SESS_IP: addr2str(key, KEY_SIZE, from_host, 1); if(svc->sess_ttl < 0) - res = hash_backend(svc->backends, svc->abs_pri, key); + return hash_backend(svc->backends, svc->abs_pri, key); else if((vp = t_find(svc->sessions, key)) == NULL) { / no session yet - create one / res = rand_backend(svc->backends, random() % svc->tot_pri); @@ -500,7 +491,7 @@ case SESS_PARM: if(get_REQUEST(key, svc, request)) { if(svc->sess_ttl < 0) - res = hash_backend(svc->backends, svc->abs_pri, key); + return hash_backend(svc->backends, svc->abs_pri, key); else if((vp = t_find(svc->sessions, key)) == NULL) { / no session yet - create one / res = rand_backend(svc->backends, random() % svc->tot_pri); @@ -515,7 +506,7 @@ / this works for SESS_BASIC, SESS_HEADER and SESS_COOKIE / if(get_HEADERS(key, svc, headers)) { if(svc->sess_ttl < 0) - res = hash_backend(svc->backends, svc->abs_pri, key); + return hash_backend(svc->backends, svc->abs_pri, key); else if((vp = t_find(svc->sessions, key)) == NULL) { / no session yet - create one / res = rand_backend(svc->backends, random() % svc->tot_pri); @@ -561,41 +552,32 @@ disable_only == -1: mark as enabled / void -kill_be(SERVICE const svc, const BACKEND be, const int disable_mode) +kill_be(SERVICE const svc, const BACKEND be, const int disable_only) { BACKEND b; int ret_val; - char buf[MAXBUF]; if(ret_val = pthread_mutex_lock(&svc->mut)) logmsg(LOG_WARNING, "kill_be() lock: %s", strerror(ret_val)); svc->tot_pri = 0; for(b = svc->backends; b; b = b->next) { if(b == be) - switch(disable_mode) { - case BE_DISABLE: + switch(disable_only) { + case 1: b->disabled = 1; - str_be(buf, MAXBUF - 1, b); - logmsg(LOG_NOTICE, "(%lx) BackEnd %s disabled", pthread_self(), buf); - break; - case BE_KILL: - b->alive = 0; - str_be(buf, MAXBUF - 1, b); - logmsg(LOG_NOTICE, "(%lx) BackEnd %s dead (killed)", pthread_self(), buf); - t_clean(svc->sessions, &be, sizeof(be)); break; - case BE_ENABLE: - str_be(buf, MAXBUF - 1, b); - logmsg(LOG_NOTICE, "(%lx) BackEnd %s enabled", pthread_self(), buf); + case -1: b->disabled = 0; break; default: - logmsg(LOG_WARNING, "kill_be(): unknown mode %d", disable_mode); + b->alive = 0; break; } if(b->alive && !b->disabled) svc->tot_pri += b->priority; } + if(disable_only >= 0) + t_clean(svc->sessions, &be, sizeof(be)); if(ret_val = pthread_mutex_unlock(&svc->mut)) logmsg(LOG_WARNING, "kill_be() unlock: %s", strerror(ret_val)); return; @@ -632,15 +614,10 @@ get_host(char const name, struct addrinfo res) { struct addrinfo chain, ap; - struct addrinfo hints; int ret_val; #ifdef HAVE_INET_NTOP - memset (&hints, 0, sizeof(hints)); - hints.ai_family = PF_UNSPEC; - hints.ai_socktype = SOCK_STREAM; - hints.ai_flags = AI_CANONNAME; - if((ret_val = getaddrinfo(name, NULL, &hints, &chain)) == 0) { + if((ret_val = getaddrinfo(name, NULL, NULL, &chain)) == 0) { for(ap = chain; ap != NULL; ap = ap->ai_next) if(ap->ai_socktype == SOCK_STREAM) break; @@ -763,8 +740,8 @@ * check if the Location points to the Listener but with the wrong port or protocol / if(memcmp(&be_addr.sin_addr.s_addr, &in_addr.sin_addr.s_addr, sizeof(in_addr.sin_addr.s_addr)) == 0 - && (memcmp(&be_addr.sin_port, &in_addr.sin_port, sizeof(in_addr.sin_port)) != 0 - \|\| strcasecmp(proto, (lstn->ctx == NULL)? "http": "https"))) { + && (memcmp(&be_addr.sin_port, &in_addr.sin_port, sizeof(in_addr.sin_port) != 0 + \|\| strcasecmp(proto, (lstn->ctx == NULL)? "http": "https")))) { free(addr.ai_addr); return 1; } @@ -775,8 +752,8 @@ check if the Location points to the Listener but with the wrong port or protocol / if(memcmp(&be6_addr.sin6_addr.s6_addr, &in6_addr.sin6_addr.s6_addr, sizeof(in6_addr.sin6_addr.s6_addr)) == 0 - && (memcmp(&be6_addr.sin6_port, &in6_addr.sin6_port, sizeof(in6_addr.sin6_port)) != 0 - \|\| strcasecmp(proto, (lstn->ctx == NULL)? "http": "https"))) { + && (memcmp(&be6_addr.sin6_port, &in6_addr.sin6_port, sizeof(in6_addr.sin6_port) != 0 + \|\| strcasecmp(proto, (lstn->ctx == NULL)? "http": "https")))) { free(addr.ai_addr); return 1; } @@ -904,8 +881,8 @@ default: continue; } - if(connect_nb(sock, &be->ha_addr, be->conn_to) != 0) { - kill_be(svc, be, BE_KILL); + if(connect_nb(sock, &be->ha_addr, be->to) != 0) { + kill_be(svc, be, 0); str_be(buf, MAXBUF - 1, be); logmsg(LOG_NOTICE, "BackEnd %s is dead (HA)", buf); } @@ -940,8 +917,8 @@ default: continue; } - if(connect_nb(sock, &be->ha_addr, be->conn_to) != 0) { - kill_be(svc, be, BE_KILL); + if(connect_nb(sock, &be->ha_addr, be->to) != 0) { + kill_be(svc, be, 0); str_be(buf, MAXBUF - 1, be); logmsg(LOG_NOTICE, "BackEnd %s is dead (HA)", buf); } @@ -995,7 +972,7 @@ } addr = &be->ha_addr; } - if(connect_nb(sock, addr, be->conn_to) == 0) { + if(connect_nb(sock, addr, be->to) == 0) { be->resurrect = 1; modified = 1; } @@ -1064,7 +1041,7 @@ } addr = &be->ha_addr; } - if(connect_nb(sock, addr, be->conn_to) == 0) { + if(connect_nb(sock, addr, be->to) == 0) { be->resurrect = 1; modified = 1; } @@ -1296,38 +1273,20 @@ do_RSAgen(void) { int n, ret_val; - RSA t_RSA512_keys[N_RSA_KEYS]; - RSA t_RSA1024_keys[N_RSA_KEYS]; - for(n = 0; n < N_RSA_KEYS; n++) { - t_RSA512_keys[n] = RSA_generate_key(512, RSA_F4, NULL, NULL); - t_RSA1024_keys[n] = RSA_generate_key(1024, RSA_F4, NULL, NULL); - } if(ret_val = pthread_mutex_lock(&RSA_mut)) logmsg(LOG_WARNING, "thr_RSAgen() lock: %s", strerror(ret_val)); for(n = 0; n < N_RSA_KEYS; n++) { RSA_free(RSA512_keys[n]); - RSA512_keys[n] = t_RSA512_keys[n]; + RSA512_keys[n] = RSA_generate_key(512, RSA_F4, NULL, NULL); RSA_free(RSA1024_keys[n]); - RSA1024_keys[n] = t_RSA1024_keys[n]; + RSA1024_keys[n] = RSA_generate_key(1024, RSA_F4, NULL, NULL); } if(ret_val = pthread_mutex_unlock(&RSA_mut)) logmsg(LOG_WARNING, "thr_RSAgen() unlock: %s", strerror(ret_val)); return; } -#include "dh512.h" -#include "dh1024.h" - -DH -DH_tmp_callback(/* not used /SSL s, /* not used /int is_export, int keylength) -{ - if(keylength == 512) - return get_dh512(); - else - return get_dh1024(); -} - static time_t last_RSA, last_rescale, last_alive, last_expire; / @@ -1385,19 +1344,19 @@ if((n_remain = n_wait - (cur_time - last_time)) > 0) sleep(n_remain); last_time = time(NULL); - if((last_time - last_RSA) >= T_RSA_KEYS) { + if((last_time - last_RSA) > T_RSA_KEYS) { last_RSA = time(NULL); do_RSAgen(); } - if((last_time - last_rescale) >= RESCALE_TO) { + if((last_time - last_rescale) > RESCALE_TO) { last_rescale = time(NULL); do_rescale(); } - if((last_time - last_alive) >= alive_to) { + if((last_time - last_alive) > alive_to) { last_alive = time(NULL); do_resurect(); } - if((last_time - last_expire) >= EXPIRE_TO) { + if((last_time - last_expire) > EXPIRE_TO) { last_expire = time(NULL); do_expire(); } @@ -1431,7 +1390,6 @@ write(a->control_sock, t->key, sz); return; } - IMPLEMENT_LHASH_DOALL_ARG_FN(t_dump, TABNODE , void ) /* @@ -1626,7 +1584,7 @@ if((be = sel_be(&cmd)) == NULL) logmsg(LOG_INFO, "thr_control() bad backend %d/%d/%d", cmd.listener, cmd.service, cmd.backend); else - kill_be(svc, be, BE_ENABLE); + kill_be(svc, be, -1); break; case CTRL_DE_BE: if((svc = sel_svc(&cmd)) == NULL) { @@ -1636,7 +1594,7 @@ if((be = sel_be(&cmd)) == NULL) logmsg(LOG_INFO, "thr_control() bad backend %d/%d/%d", cmd.listener, cmd.service, cmd.backend); else - kill_be(svc, be, BE_DISABLE); + kill_be(svc, be, 1); break; case CTRL_ADD_SESS: if((svc = sel_svc(&cmd)) == NULL) {
[-] [+]	Changed	Pound-2.4.3.tar.bz2/CHANGELOG ^
@@ -1,41 +1,4 @@ ------------------------------------------------------------------------ -r61 \| roseg \| 2009-06-29 17:53:55 +0200 (Mon, 29 Jun 2009) \| 13 lines - -Release 2.4.5 - -Stable release 2.4.5 - -Enhancements: - - log back-end killed/disabled/enabled (thanks to Joe Gooch and Jon Garvin) - - kill a BE on connection failure only if it has no HAport defined (thanks to Albert); the request may still fail! - -Bug fixes: - - fixed parantheses problems in need_rewrite (thanks to SBR) - - added call to free_headers in http.c (thanks to SBR) - - fixed maximal path length in UNIX domain sockets (thanks to Ricardo Gameiro) - ------------------------------------------------------------------------- -r60 \| roseg \| 2009-01-14 17:39:52 +0100 (Wed, 14 Jan 2009) \| 18 lines - -Release 2.4.4 - -Stable release 2.4.4 - -Enhancements: - - added support for UNSUBSCRIBE and NOTIFY in xHTTP 3 and 4 - - added support for BPROPFIND in xHTTP 4 - - on SSL connections always pass the cipher used to the back-end (thanks to Magnus Sandin) - -Bug fixes: - - save and restore errno value in cur_time() (thanks to Albert) - - fixed problem in timer thread (thanks to Albert) - - added shutdown for failed socket connection (thanks to Albert) - - fixed problem with CC containing spaces in Makefile.in (thanks to Elan Ruusamäe) - - increased MAXBUF to default 4096 - - increased T_RSA default to 30 minutes - - fixed a problem with Unix sockets back-ends (thanks to Ricardo Gameiro) - ------------------------------------------------------------------------- r59 \| roseg \| 2008-05-31 12:25:41 +0200 (Sat, 31 May 2008) \| 11 lines Release 2.4.3
[-] [+]	Changed	Pound-2.4.3.tar.bz2/Makefile.in ^
@@ -24,7 +24,7 @@ # Tel: +41-44-920 4904 # EMail: roseg@apsis.ch -CC=@PTHREAD_CC@ +CC="@PTHREAD_CC@" VERSION="@PACKAGE_VERSION@" C_SSL="@C_SSL@" C_T_RSA="@C_T_RSA@"
[-] [+]	Changed	Pound-2.4.3.tar.bz2/README ^
@@ -128,7 +128,7 @@ --disable-super -- disable supervisor process (default: enabled) --with-t_rsa=nnn -- timeout of the RSA ephemeral keys regeneration - (default: 1800 seconds). + (default: 300 seconds). --with-owner=owner -- name of installed binaries owner (default is system-dependent).
[-] [+]	Changed	Pound-2.4.3.tar.bz2/config.c ^
@@ -86,8 +86,8 @@ "^(GET\|POST\|HEAD) ([^ ]+) HTTP/1.[01]$", "^(GET\|POST\|HEAD\|PUT\|DELETE) ([^ ]+) HTTP/1.[01]$", "^(GET\|POST\|HEAD\|PUT\|DELETE\|LOCK\|UNLOCK\|PROPFIND\|PROPPATCH\|SEARCH\|MKCOL\|MOVE\|COPY\|OPTIONS\|TRACE\|MKACTIVITY\|CHECKOUT\|MERGE\|REPORT) ([^ ]+) HTTP/1.[01]$", - "^(GET\|POST\|HEAD\|PUT\|DELETE\|LOCK\|UNLOCK\|PROPFIND\|PROPPATCH\|SEARCH\|MKCOL\|MOVE\|COPY\|OPTIONS\|TRACE\|MKACTIVITY\|CHECKOUT\|MERGE\|REPORT\|SUBSCRIBE\|UNSUBSCRIBE\|BPROPPATCH\|POLL\|BMOVE\|BCOPY\|BDELETE\|BPROPFIND\|NOTIFY\|CONNECT) ([^ ]+) HTTP/1.[01]$", - "^(GET\|POST\|HEAD\|PUT\|DELETE\|LOCK\|UNLOCK\|PROPFIND\|PROPPATCH\|SEARCH\|MKCOL\|MOVE\|COPY\|OPTIONS\|TRACE\|MKACTIVITY\|CHECKOUT\|MERGE\|REPORT\|SUBSCRIBE\|UNSUBSCRIBE\|BPROPPATCH\|POLL\|BMOVE\|BCOPY\|BDELETE\|BPROPFIND\|NOTIFY\|CONNECT\|RPC_IN_DATA\|RPC_OUT_DATA) ([^ ]+) HTTP/1.[01]$", + "^(GET\|POST\|HEAD\|PUT\|DELETE\|LOCK\|UNLOCK\|PROPFIND\|PROPPATCH\|SEARCH\|MKCOL\|MOVE\|COPY\|OPTIONS\|TRACE\|MKACTIVITY\|CHECKOUT\|MERGE\|REPORT\|SUBSCRIBE\|BPROPPATCH\|POLL\|BMOVE\|BCOPY\|BDELETE\|CONNECT) ([^ ]+) HTTP/1.[01]$", + "^(GET\|POST\|HEAD\|PUT\|DELETE\|LOCK\|UNLOCK\|PROPFIND\|PROPPATCH\|SEARCH\|MKCOL\|MOVE\|COPY\|OPTIONS\|TRACE\|MKACTIVITY\|CHECKOUT\|MERGE\|REPORT\|SUBSCRIBE\|BPROPPATCH\|POLL\|BMOVE\|BCOPY\|BDELETE\|CONNECT\|RPC_IN_DATA\|RPC_OUT_DATA) ([^ ]+) HTTP/1.[01]$", }; static int log_level = 1; @@ -140,18 +140,11 @@ res->addr.ai_socktype = SOCK_STREAM; res->addr.ai_family = AF_UNIX; res->addr.ai_protocol = 0; - if((res->addr.ai_addr = (struct sockaddr )malloc(sizeof(struct sockaddr_un))) == NULL) { + if((res->addr.ai_addr = (struct sockaddr )strdup(lin + matches[1].rm_so)) == NULL) { logmsg(LOG_ERR, "line %d: out of memory", n_lin); exit(1); } - if((strlen(lin + matches[1].rm_so) + 1) > UNIX_PATH_MAX) { - logmsg(LOG_ERR, "line %d: UNIX path name too long (greater than %d)", n_lin, UNIX_PATH_MAX - 1); - exit(1); - } res->addr.ai_addrlen = strlen(lin + matches[1].rm_so) + 1; - res->addr.ai_addr->sa_family = AF_UNIX; - strcpy(res->addr.ai_addr->sa_data, lin + matches[1].rm_so); - res->addr.ai_addrlen = sizeof( struct sockaddr_un ); } has_addr = 1; } else if(!regexec(&Port, lin, 4, matches, 0)) {
[-] [+]	Changed	Pound-2.4.3.tar.bz2/configure ^
@@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.61 for pound 2.4.5. +# Generated by GNU Autoconf 2.61 for pound 2.4.3. # # Report bugs to <roseg@apsis.ch>. # @@ -574,8 +574,8 @@ # Identity of this package. PACKAGE_NAME='pound' PACKAGE_TARNAME='pound' -PACKAGE_VERSION='2.4.5' -PACKAGE_STRING='pound 2.4.5' +PACKAGE_VERSION='2.4.3' +PACKAGE_STRING='pound 2.4.3' PACKAGE_BUGREPORT='roseg@apsis.ch' ac_unique_file="pound.c" @@ -1204,7 +1204,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures pound 2.4.5 to adapt to many kinds of systems. +\`configure' configures pound 2.4.3 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1270,7 +1270,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short \| recursive ) echo "Configuration of pound 2.4.5:";; + short \| recursive ) echo "Configuration of pound 2.4.3:";; esac cat <<\_ACEOF @@ -1287,7 +1287,7 @@ --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) --with-ssl=directory location of OpenSSL package --with-t_rsa=nnn Time-out for RSA ephemeral keys generation - --with-maxbuf=nnn Value of the MAXBUF parameter (default: 4096) + --with-maxbuf=nnn Value of the MAXBUF parameter (default: 1024) --with-owner=name The account that will own the files installed by Pound --with-group=name The group that will own the files installed by Pound @@ -1366,7 +1366,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -pound configure 2.4.5 +pound configure 2.4.3 generated by GNU Autoconf 2.61 Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, @@ -1380,7 +1380,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by pound $as_me 2.4.5, which was +It was created by pound $as_me 2.4.3, which was generated by GNU Autoconf 2.61. Invocation command line was $ $0 $@ @@ -7539,7 +7539,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by pound $as_me 2.4.5, which was +This file was extended by pound $as_me 2.4.3, which was generated by GNU Autoconf 2.61. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -7588,7 +7588,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF ac_cs_version="\\ -pound config.status 2.4.5 +pound config.status 2.4.3 configured by $0, generated by GNU Autoconf 2.61, with options \\"`echo "$ac_configure_args" \| sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\"
[-] [+]	Changed	Pound-2.4.3.tar.bz2/http.c ^
@@ -443,11 +443,8 @@ #ifdef HAVE_GETTIMEOFDAY struct timeval tv; struct timezone tz; - int sv_errno; - sv_errno = errno; gettimeofday(&tv, &tz); - errno = sv_errno; return tv.tv_sec * 1000000.0 + tv.tv_usec; #else return time(NULL) * 1000000.0; @@ -487,8 +484,8 @@ int cl_11, be_11, res, chunked, n, sock, no_cont, skip, conn_closed, force_10, sock_proto; LISTENER lstn; SERVICE svc; - BACKEND backend, cur_backend, old_backend; - struct addrinfo from_host, z_addr; + BACKEND backend, cur_backend; + struct addrinfo from_host; struct sockaddr_storage from_host_addr; BIO cl, be, bb, b64; X509 x509; @@ -785,20 +782,9 @@ if(connect_nb(sock, &backend->addr, backend->to) < 0) { str_be(buf, MAXBUF - 1, backend); logmsg(LOG_WARNING, "(%lx) backend %s connect: %s", pthread_self(), buf, strerror(errno)); - shutdown(sock, 2); close(sock); - /* - * kill the back-end only if no HAport is defined for it - * otherwise allow the HAport mechanism to do its job - / - memset(&z_addr, 0, sizeof(z_addr)); - if(memcmp(&(backend->ha_addr), &(z_addr), sizeof(z_addr)) == 0) - kill_be(svc, backend, BE_KILL); - / - * ...but make sure we don't get into a loop with the same back-end - / - old_backend = backend; - if((backend = get_backend(svc, &from_host, url, &headers[1])) == NULL \|\| backend == old_backend) { + kill_be(svc, backend, BE_KILL); + if((backend = get_backend(svc, &from_host, url, &headers[1])) == NULL) { addr2str(caddr, MAXBUF - 1, &from_host, 1); logmsg(LOG_NOTICE, "(%lx) e503 no back-end \"%s\" from %s", pthread_self(), request, caddr); err_reply(cl, h503, lstn->err503); @@ -898,7 +884,6 @@ logmsg(LOG_WARNING, "(%lx) e500 error write HTTPSHeader to %s: %s (%.3f sec)", pthread_self(), buf, strerror(errno), (end_req - start_req) / 1000000.0); err_reply(cl, h500, lstn->err500); - free_headers(headers); clean_all(); pthread_exit(NULL); } @@ -909,20 +894,6 @@ if(cur_backend->be_type == 0 && ssl != NULL) { SSL_CIPHER cipher; - if((cipher = SSL_get_current_cipher(ssl)) != NULL) { - SSL_CIPHER_description(cipher, buf, MAXBUF - 1); - strip_eol(buf); - if(BIO_printf(be, "X-SSL-cipher: %s\r\n", buf) <= 0) { - str_be(buf, MAXBUF - 1, cur_backend); - end_req = cur_time(); - logmsg(LOG_WARNING, "(%lx) e500 error write X-SSL-cipher to %s: %s (%.3f sec)", - pthread_self(), buf, strerror(errno), (end_req - start_req) / 1000000.0); - err_reply(cl, h500, lstn->err500); - clean_all(); - pthread_exit(NULL); - } - } - if(lstn->clnt_check > 0 && x509 != NULL && (bb = BIO_new(BIO_s_mem())) != NULL) { X509_NAME_print_ex(bb, X509_get_subject_name(x509), 8, XN_FLAG_ONELINE & ~ASN1_STRFLGS_ESC_MSB); get_line(bb, buf, MAXBUF); @@ -1046,6 +1017,19 @@ } } #endif + if((cipher = SSL_get_current_cipher(ssl)) != NULL) { + SSL_CIPHER_description(cipher, buf, MAXBUF - 1); + strip_eol(buf); + if(BIO_printf(be, "X-SSL-cipher: %s\r\n", buf) <= 0) { + str_be(buf, MAXBUF - 1, cur_backend); + end_req = cur_time(); + logmsg(LOG_WARNING, "(%lx) e500 error write X-SSL-cipher to %s: %s (%.3f sec)", + pthread_self(), buf, strerror(errno), (end_req - start_req) / 1000000.0); + err_reply(cl, h500, lstn->err500); + clean_all(); + pthread_exit(NULL); + } + } BIO_free_all(bb); } }
[-] [+]	Changed	Pound-2.4.3.tar.bz2/pound.8 ^
@@ -340,8 +340,8 @@ CHECKOUT, MERGE, REPORT). .IP .I 3 -additionally allow MS extensions WebDAV verbs (SUBSCRIBE, UNSUBSCRIBE, -NOTIFY, BPROPFIND, BPROPPATCH, POLL, BMOVE, BCOPY, BDELETE, CONNECT). +additionally allow MS extensions WebDAV verbs (SUBSCRIBE, BPROPPATCH, +POLL, BMOVE, BCOPY, BDELETE, CONNECT). .IP .I 4 additionally allow MS RPC extensions verbs (RPC_IN_DATA, RPC_OUT_DATA).
[-] [+]	Changed	Pound-2.4.3.tar.bz2/pound.h ^
@@ -97,11 +97,6 @@ #error "Pound needs sys/un.h" #endif -#ifndef UNIX_PATH_MAX -/* on Linux this is defined in linux/un.h rather than sys/un.h - go figure / -#define UNIX_PATH_MAX 108 -#endif - #if HAVE_NETINET_IN_H #include <netinet/in.h> #else @@ -265,7 +260,7 @@ #endif / NO_EXTERNALS / #ifndef MAXBUF -#define MAXBUF 4096 +#define MAXBUF 1024 #endif #define MAXHEADERS 128 @@ -521,7 +516,7 @@ / #define N_RSA_KEYS 11 #ifndef T_RSA_KEYS -#define T_RSA_KEYS 1800 +#define T_RSA_KEYS 300 #endif /*
[-] [+]	Changed	Pound-2.4.3.tar.bz2/poundctl.c ^
@@ -55,36 +55,36 @@ static char * prt_addr(const struct addrinfo addr) { - static char res[UNIX_PATH_MAX]; - char buf[UNIX_PATH_MAX]; + static char res[64]; + char buf[64]; int port; void src; - memset(buf, 0, UNIX_PATH_MAX); + memset(buf, 0, 64); #ifdef HAVE_INET_NTOP switch(addr->ai_family) { case AF_INET: src = (void )&((struct sockaddr_in )addr->ai_addr)->sin_addr.s_addr; port = ntohs(((struct sockaddr_in )addr->ai_addr)->sin_port); - if(inet_ntop(AF_INET, src, buf, UNIX_PATH_MAX - 1) == NULL) - strncpy(buf, "(UNKNOWN)", UNIX_PATH_MAX - 1); + if(inet_ntop(AF_INET, src, buf, 63) == NULL) + strncpy(buf, "(UNKNOWN)", 63); break; case AF_INET6: src = (void )&((struct sockaddr_in6 )addr->ai_addr)->sin6_addr.s6_addr; port = ntohs(((struct sockaddr_in6 )addr->ai_addr)->sin6_port); - if(inet_ntop(AF_INET6, src, buf, UNIX_PATH_MAX - 1) == NULL) - strncpy(buf, "(UNKNOWN)", UNIX_PATH_MAX - 1); + if(inet_ntop(AF_INET6, src, buf, 63) == NULL) + strncpy(buf, "(UNKNOWN)", 63); break; case AF_UNIX: - strncpy(buf, (char )addr->ai_addr, UNIX_PATH_MAX - 1); + strncpy(buf, (char )addr->ai_addr, 63); port = 0; break; default: - strncpy(buf, "(UNKNOWN)", UNIX_PATH_MAX - 1); + strncpy(buf, "(UNKNOWN)", 63); port = 0; break; } - snprintf(res, UNIX_PATH_MAX - 1, "%s:%d", buf, port); + snprintf(res, 63, "%s:%d", buf, port); #else #error "Pound needs inet_ntop()" #endif
[-] [+]	Changed	Pound-2.4.3.tar.bz2/svc.c ^
@@ -558,7 +558,6 @@ { BACKEND b; int ret_val; - char buf[MAXBUF]; if(ret_val = pthread_mutex_lock(&svc->mut)) logmsg(LOG_WARNING, "kill_be() lock: %s", strerror(ret_val)); @@ -568,18 +567,12 @@ switch(disable_mode) { case BE_DISABLE: b->disabled = 1; - str_be(buf, MAXBUF - 1, b); - logmsg(LOG_NOTICE, "(%lx) BackEnd %s disabled", pthread_self(), buf); break; case BE_KILL: b->alive = 0; - str_be(buf, MAXBUF - 1, b); - logmsg(LOG_NOTICE, "(%lx) BackEnd %s dead (killed)", pthread_self(), buf); t_clean(svc->sessions, &be, sizeof(be)); break; case BE_ENABLE: - str_be(buf, MAXBUF - 1, b); - logmsg(LOG_NOTICE, "(%lx) BackEnd %s enabled", pthread_self(), buf); b->disabled = 0; break; default: @@ -756,8 +749,8 @@ check if the Location points to the Listener but with the wrong port or protocol / if(memcmp(&be_addr.sin_addr.s_addr, &in_addr.sin_addr.s_addr, sizeof(in_addr.sin_addr.s_addr)) == 0 - && (memcmp(&be_addr.sin_port, &in_addr.sin_port, sizeof(in_addr.sin_port)) != 0 - \|\| strcasecmp(proto, (lstn->ctx == NULL)? "http": "https"))) { + && (memcmp(&be_addr.sin_port, &in_addr.sin_port, sizeof(in_addr.sin_port) != 0 + \|\| strcasecmp(proto, (lstn->ctx == NULL)? "http": "https")))) { free(addr.ai_addr); return 1; } @@ -768,8 +761,8 @@ check if the Location points to the Listener but with the wrong port or protocol / if(memcmp(&be6_addr.sin6_addr.s6_addr, &in6_addr.sin6_addr.s6_addr, sizeof(in6_addr.sin6_addr.s6_addr)) == 0 - && (memcmp(&be6_addr.sin6_port, &in6_addr.sin6_port, sizeof(in6_addr.sin6_port)) != 0 - \|\| strcasecmp(proto, (lstn->ctx == NULL)? "http": "https"))) { + && (memcmp(&be6_addr.sin6_port, &in6_addr.sin6_port, sizeof(in6_addr.sin6_port) != 0 + \|\| strcasecmp(proto, (lstn->ctx == NULL)? "http": "https")))) { free(addr.ai_addr); return 1; } @@ -1360,19 +1353,19 @@ if((n_remain = n_wait - (cur_time - last_time)) > 0) sleep(n_remain); last_time = time(NULL); - if((last_time - last_RSA) >= T_RSA_KEYS) { + if((last_time - last_RSA) > T_RSA_KEYS) { last_RSA = time(NULL); do_RSAgen(); } - if((last_time - last_rescale) >= RESCALE_TO) { + if((last_time - last_rescale) > RESCALE_TO) { last_rescale = time(NULL); do_rescale(); } - if((last_time - last_alive) >= alive_to) { + if((last_time - last_alive) > alive_to) { last_alive = time(NULL); do_resurect(); } - if((last_time - last_expire) >= EXPIRE_TO) { + if((last_time - last_expire) > EXPIRE_TO) { last_expire = time(NULL); do_expire(); } @@ -1406,7 +1399,6 @@ write(a->control_sock, t->key, sz); return; } - IMPLEMENT_LHASH_DOALL_ARG_FN(t_dump, TABNODE , void ) /
[-] [+]	Deleted	Pound-2.5.tgz/GPL.txt ^
@@ -1,674 +0,0 @@ - GNU GENERAL PUBLIC LICENSE - Version 3, 29 June 2007 - - Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/> - Everyone is permitted to copy and distribute verbatim copies - of this license document, but changing it is not allowed. - - Preamble - - The GNU General Public License is a free, copyleft license for -software and other kinds of works. - - The licenses for most software and other practical works are designed -to take away your freedom to share and change the works. By contrast, -the GNU General Public License is intended to guarantee your freedom to -share and change all versions of a program--to make sure it remains free -software for all its users. We, the Free Software Foundation, use the -GNU General Public License for most of our software; it applies also to -any other work released this way by its authors. You can apply it to -your programs, too. - - When we speak of free software, we are referring to freedom, not -price. Our General Public Licenses are designed to make sure that you -have the freedom to distribute copies of free software (and charge for -them if you wish), that you receive source code or can get it if you -want it, that you can change the software or use pieces of it in new -free programs, and that you know you can do these things. - - To protect your rights, we need to prevent others from denying you -these rights or asking you to surrender the rights. Therefore, you have -certain responsibilities if you distribute copies of the software, or if -you modify it: responsibilities to respect the freedom of others. - - For example, if you distribute copies of such a program, whether -gratis or for a fee, you must pass on to the recipients the same -freedoms that you received. You must make sure that they, too, receive -or can get the source code. And you must show them these terms so they -know their rights. - - Developers that use the GNU GPL protect your rights with two steps: -(1) assert copyright on the software, and (2) offer you this License -giving you legal permission to copy, distribute and/or modify it. - - For the developers' and authors' protection, the GPL clearly explains -that there is no warranty for this free software. For both users' and -authors' sake, the GPL requires that modified versions be marked as -changed, so that their problems will not be attributed erroneously to -authors of previous versions. - - Some devices are designed to deny users access to install or run -modified versions of the software inside them, although the manufacturer -can do so. This is fundamentally incompatible with the aim of -protecting users' freedom to change the software. The systematic -pattern of such abuse occurs in the area of products for individuals to -use, which is precisely where it is most unacceptable. Therefore, we -have designed this version of the GPL to prohibit the practice for those -products. If such problems arise substantially in other domains, we -stand ready to extend this provision to those domains in future versions -of the GPL, as needed to protect the freedom of users. - - Finally, every program is threatened constantly by software patents. -States should not allow patents to restrict development and use of -software on general-purpose computers, but in those that do, we wish to -avoid the special danger that patents applied to a free program could -make it effectively proprietary. To prevent this, the GPL assures that -patents cannot be used to render the program non-free. - - The precise terms and conditions for copying, distribution and -modification follow. - - TERMS AND CONDITIONS - - 0. Definitions. - - "This License" refers to version 3 of the GNU General Public License. - - "Copyright" also means copyright-like laws that apply to other kinds of -works, such as semiconductor masks. - - "The Program" refers to any copyrightable work licensed under this -License. Each licensee is addressed as "you". "Licensees" and -"recipients" may be individuals or organizations. - - To "modify" a work means to copy from or adapt all or part of the work -in a fashion requiring copyright permission, other than the making of an -exact copy. The resulting work is called a "modified version" of the -earlier work or a work "based on" the earlier work. - - A "covered work" means either the unmodified Program or a work based -on the Program. - - To "propagate" a work means to do anything with it that, without -permission, would make you directly or secondarily liable for -infringement under applicable copyright law, except executing it on a -computer or modifying a private copy. Propagation includes copying, -distribution (with or without modification), making available to the -public, and in some countries other activities as well. - - To "convey" a work means any kind of propagation that enables other -parties to make or receive copies. Mere interaction with a user through -a computer network, with no transfer of a copy, is not conveying. - - An interactive user interface displays "Appropriate Legal Notices" -to the extent that it includes a convenient and prominently visible -feature that (1) displays an appropriate copyright notice, and (2) -tells the user that there is no warranty for the work (except to the -extent that warranties are provided), that licensees may convey the -work under this License, and how to view a copy of this License. If -the interface presents a list of user commands or options, such as a -menu, a prominent item in the list meets this criterion. - - 1. Source Code. - - The "source code" for a work means the preferred form of the work -for making modifications to it. "Object code" means any non-source -form of a work. - - A "Standard Interface" means an interface that either is an official -standard defined by a recognized standards body, or, in the case of -interfaces specified for a particular programming language, one that -is widely used among developers working in that language. - - The "System Libraries" of an executable work include anything, other -than the work as a whole, that (a) is included in the normal form of -packaging a Major Component, but which is not part of that Major -Component, and (b) serves only to enable use of the work with that -Major Component, or to implement a Standard Interface for which an -implementation is available to the public in source code form. A -"Major Component", in this context, means a major essential component -(kernel, window system, and so on) of the specific operating system -(if any) on which the executable work runs, or a compiler used to -produce the work, or an object code interpreter used to run it. - - The "Corresponding Source" for a work in object code form means all -the source code needed to generate, install, and (for an executable -work) run the object code and to modify the work, including scripts to -control those activities. However, it does not include the work's -System Libraries, or general-purpose tools or generally available free -programs which are used unmodified in performing those activities but -which are not part of the work. For example, Corresponding Source -includes interface definition files associated with source files for -the work, and the source code for shared libraries and dynamically -linked subprograms that the work is specifically designed to require, -such as by intimate data communication or control flow between those -subprograms and other parts of the work. - - The Corresponding Source need not include anything that users -can regenerate automatically from other parts of the Corresponding -Source. - - The Corresponding Source for a work in source code form is that -same work. - - 2. Basic Permissions. - - All rights granted under this License are granted for the term of -copyright on the Program, and are irrevocable provided the stated -conditions are met. This License explicitly affirms your unlimited -permission to run the unmodified Program. The output from running a -covered work is covered by this License only if the output, given its -content, constitutes a covered work. This License acknowledges your -rights of fair use or other equivalent, as provided by copyright law. - - You may make, run and propagate covered works that you do not -convey, without conditions so long as your license otherwise remains -in force. You may convey covered works to others for the sole purpose -of having them make modifications exclusively for you, or provide you -with facilities for running those works, provided that you comply with -the terms of this License in conveying all material for which you do -not control copyright. Those thus making or running the covered works -for you must do so exclusively on your behalf, under your direction -and control, on terms that prohibit them from making any copies of -your copyrighted material outside their relationship with you. - - Conveying under any other circumstances is permitted solely under -the conditions stated below. Sublicensing is not allowed; section 10 -makes it unnecessary. - - 3. Protecting Users' Legal Rights From Anti-Circumvention Law. - - No covered work shall be deemed part of an effective technological -measure under any applicable law fulfilling obligations under article -11 of the WIPO copyright treaty adopted on 20 December 1996, or -similar laws prohibiting or restricting circumvention of such -measures. - - When you convey a covered work, you waive any legal power to forbid -circumvention of technological measures to the extent such circumvention -is effected by exercising rights under this License with respect to -the covered work, and you disclaim any intention to limit operation or -modification of the work as a means of enforcing, against the work's -users, your or third parties' legal rights to forbid circumvention of -technological measures. - - 4. Conveying Verbatim Copies. - - You may convey verbatim copies of the Program's source code as you -receive it, in any medium, provided that you conspicuously and -appropriately publish on each copy an appropriate copyright notice; -keep intact all notices stating that this License and any -non-permissive terms added in accord with section 7 apply to the code; -keep intact all notices of the absence of any warranty; and give all -recipients a copy of this License along with the Program. - - You may charge any price or no price for each copy that you convey, -and you may offer support or warranty protection for a fee. - - 5. Conveying Modified Source Versions. - - You may convey a work based on the Program, or the modifications to -produce it from the Program, in the form of source code under the -terms of section 4, provided that you also meet all of these conditions: - - a) The work must carry prominent notices stating that you modified - it, and giving a relevant date. - - b) The work must carry prominent notices stating that it is - released under this License and any conditions added under section - 7. This requirement modifies the requirement in section 4 to - "keep intact all notices". - - c) You must license the entire work, as a whole, under this - License to anyone who comes into possession of a copy. This - License will therefore apply, along with any applicable section 7 - additional terms, to the whole of the work, and all its parts, - regardless of how they are packaged. This License gives no - permission to license the work in any other way, but it does not - invalidate such permission if you have separately received it. - - d) If the work has interactive user interfaces, each must display - Appropriate Legal Notices; however, if the Program has interactive - interfaces that do not display Appropriate Legal Notices, your - work need not make them do so. - - A compilation of a covered work with other separate and independent -works, which are not by their nature extensions of the covered work, -and which are not combined with it such as to form a larger program, -in or on a volume of a storage or distribution medium, is called an -"aggregate" if the compilation and its resulting copyright are not -used to limit the access or legal rights of the compilation's users -beyond what the individual works permit. Inclusion of a covered work -in an aggregate does not cause this License to apply to the other -parts of the aggregate. - - 6. Conveying Non-Source Forms. - - You may convey a covered work in object code form under the terms -of sections 4 and 5, provided that you also convey the -machine-readable Corresponding Source under the terms of this License, -in one of these ways: - - a) Convey the object code in, or embodied in, a physical product - (including a physical distribution medium), accompanied by the - Corresponding Source fixed on a durable physical medium - customarily used for software interchange. - - b) Convey the object code in, or embodied in, a physical product - (including a physical distribution medium), accompanied by a - written offer, valid for at least three years and valid for as - long as you offer spare parts or customer support for that product - model, to give anyone who possesses the object code either (1) a - copy of the Corresponding Source for all the software in the - product that is covered by this License, on a durable physical - medium customarily used for software interchange, for a price no - more than your reasonable cost of physically performing this - conveying of source, or (2) access to copy the - Corresponding Source from a network server at no charge. - - c) Convey individual copies of the object code with a copy of the - written offer to provide the Corresponding Source. This - alternative is allowed only occasionally and noncommercially, and - only if you received the object code with such an offer, in accord - with subsection 6b. - - d) Convey the object code by offering access from a designated - place (gratis or for a charge), and offer equivalent access to the - Corresponding Source in the same way through the same place at no - further charge. You need not require recipients to copy the - Corresponding Source along with the object code. If the place to - copy the object code is a network server, the Corresponding Source - may be on a different server (operated by you or a third party) - that supports equivalent copying facilities, provided you maintain - clear directions next to the object code saying where to find the - Corresponding Source. Regardless of what server hosts the - Corresponding Source, you remain obligated to ensure that it is - available for as long as needed to satisfy these requirements. - - e) Convey the object code using peer-to-peer transmission, provided - you inform other peers where the object code and Corresponding - Source of the work are being offered to the general public at no - charge under subsection 6d. - - A separable portion of the object code, whose source code is excluded -from the Corresponding Source as a System Library, need not be -included in conveying the object code work. - - A "User Product" is either (1) a "consumer product", which means any -tangible personal property which is normally used for personal, family, -or household purposes, or (2) anything designed or sold for incorporation -into a dwelling. In determining whether a product is a consumer product, -doubtful cases shall be resolved in favor of coverage. For a particular -product received by a particular user, "normally used" refers to a -typical or common use of that class of product, regardless of the status -of the particular user or of the way in which the particular user -actually uses, or expects or is expected to use, the product. A product -is a consumer product regardless of whether the product has substantial -commercial, industrial or non-consumer uses, unless such uses represent -the only significant mode of use of the product. - - "Installation Information" for a User Product means any methods, -procedures, authorization keys, or other information required to install -and execute modified versions of a covered work in that User Product from -a modified version of its Corresponding Source. The information must -suffice to ensure that the continued functioning of the modified object -code is in no case prevented or interfered with solely because -modification has been made. - - If you convey an object code work under this section in, or with, or -specifically for use in, a User Product, and the conveying occurs as -part of a transaction in which the right of possession and use of the -User Product is transferred to the recipient in perpetuity or for a -fixed term (regardless of how the transaction is characterized), the -Corresponding Source conveyed under this section must be accompanied -by the Installation Information. But this requirement does not apply -if neither you nor any third party retains the ability to install -modified object code on the User Product (for example, the work has -been installed in ROM). - - The requirement to provide Installation Information does not include a -requirement to continue to provide support service, warranty, or updates -for a work that has been modified or installed by the recipient, or for -the User Product in which it has been modified or installed. Access to a -network may be denied when the modification itself materially and -adversely affects the operation of the network or violates the rules and -protocols for communication across the network. - - Corresponding Source conveyed, and Installation Information provided, -in accord with this section must be in a format that is publicly -documented (and with an implementation available to the public in -source code form), and must require no special password or key for -unpacking, reading or copying. - - 7. Additional Terms. - - "Additional permissions" are terms that supplement the terms of this -License by making exceptions from one or more of its conditions. -Additional permissions that are applicable to the entire Program shall -be treated as though they were included in this License, to the extent -that they are valid under applicable law. If additional permissions -apply only to part of the Program, that part may be used separately -under those permissions, but the entire Program remains governed by -this License without regard to the additional permissions. - - When you convey a copy of a covered work, you may at your option -remove any additional permissions from that copy, or from any part of -it. (Additional permissions may be written to require their own -removal in certain cases when you modify the work.) You may place -additional permissions on material, added by you to a covered work, -for which you have or can give appropriate copyright permission. - - Notwithstanding any other provision of this License, for material you -add to a covered work, you may (if authorized by the copyright holders of -that material) supplement the terms of this License with terms: - - a) Disclaiming warranty or limiting liability differently from the - terms of sections 15 and 16 of this License; or - - b) Requiring preservation of specified reasonable legal notices or - author attributions in that material or in the Appropriate Legal - Notices displayed by works containing it; or - - c) Prohibiting misrepresentation of the origin of that material, or - requiring that modified versions of such material be marked in - reasonable ways as different from the original version; or - - d) Limiting the use for publicity purposes of names of licensors or - authors of the material; or - - e) Declining to grant rights under trademark law for use of some - trade names, trademarks, or service marks; or - - f) Requiring indemnification of licensors and authors of that - material by anyone who conveys the material (or modified versions of - it) with contractual assumptions of liability to the recipient, for - any liability that these contractual assumptions directly impose on - those licensors and authors. - - All other non-permissive additional terms are considered "further -restrictions" within the meaning of section 10. If the Program as you -received it, or any part of it, contains a notice stating that it is -governed by this License along with a term that is a further -restriction, you may remove that term. If a license document contains -a further restriction but permits relicensing or conveying under this -License, you may add to a covered work material governed by the terms -of that license document, provided that the further restriction does -not survive such relicensing or conveying. - - If you add terms to a covered work in accord with this section, you -must place, in the relevant source files, a statement of the -additional terms that apply to those files, or a notice indicating -where to find the applicable terms. - - Additional terms, permissive or non-permissive, may be stated in the -form of a separately written license, or stated as exceptions; -the above requirements apply either way. - - 8. Termination. - - You may not propagate or modify a covered work except as expressly -provided under this License. Any attempt otherwise to propagate or -modify it is void, and will automatically terminate your rights under -this License (including any patent licenses granted under the third -paragraph of section 11). - - However, if you cease all violation of this License, then your -license from a particular copyright holder is reinstated (a) -provisionally, unless and until the copyright holder explicitly and -finally terminates your license, and (b) permanently, if the copyright -holder fails to notify you of the violation by some reasonable means -prior to 60 days after the cessation. - - Moreover, your license from a particular copyright holder is -reinstated permanently if the copyright holder notifies you of the -violation by some reasonable means, this is the first time you have -received notice of violation of this License (for any work) from that -copyright holder, and you cure the violation prior to 30 days after -your receipt of the notice. - - Termination of your rights under this section does not terminate the -licenses of parties who have received copies or rights from you under -this License. If your rights have been terminated and not permanently -reinstated, you do not qualify to receive new licenses for the same -material under section 10. - - 9. Acceptance Not Required for Having Copies. - - You are not required to accept this License in order to receive or -run a copy of the Program. Ancillary propagation of a covered work -occurring solely as a consequence of using peer-to-peer transmission -to receive a copy likewise does not require acceptance. However, -nothing other than this License grants you permission to propagate or -modify any covered work. These actions infringe copyright if you do -not accept this License. Therefore, by modifying or propagating a -covered work, you indicate your acceptance of this License to do so. - - 10. Automatic Licensing of Downstream Recipients. - - Each time you convey a covered work, the recipient automatically -receives a license from the original licensors, to run, modify and -propagate that work, subject to this License. You are not responsible -for enforcing compliance by third parties with this License. - - An "entity transaction" is a transaction transferring control of an -organization, or substantially all assets of one, or subdividing an -organization, or merging organizations. If propagation of a covered -work results from an entity transaction, each party to that -transaction who receives a copy of the work also receives whatever -licenses to the work the party's predecessor in interest had or could -give under the previous paragraph, plus a right to possession of the -Corresponding Source of the work from the predecessor in interest, if -the predecessor has it or can get it with reasonable efforts. - - You may not impose any further restrictions on the exercise of the -rights granted or affirmed under this License. For example, you may -not impose a license fee, royalty, or other charge for exercise of -rights granted under this License, and you may not initiate litigation -(including a cross-claim or counterclaim in a lawsuit) alleging that -any patent claim is infringed by making, using, selling, offering for -sale, or importing the Program or any portion of it. - - 11. Patents. - - A "contributor" is a copyright holder who authorizes use under this -License of the Program or a work on which the Program is based. The -work thus licensed is called the contributor's "contributor version". - - A contributor's "essential patent claims" are all patent claims -owned or controlled by the contributor, whether already acquired or -hereafter acquired, that would be infringed by some manner, permitted -by this License, of making, using, or selling its contributor version, -but do not include claims that would be infringed only as a -consequence of further modification of the contributor version. For -purposes of this definition, "control" includes the right to grant -patent sublicenses in a manner consistent with the requirements of -this License. - - Each contributor grants you a non-exclusive, worldwide, royalty-free -patent license under the contributor's essential patent claims, to -make, use, sell, offer for sale, import and otherwise run, modify and -propagate the contents of its contributor version. - - In the following three paragraphs, a "patent license" is any express -agreement or commitment, however denominated, not to enforce a patent -(such as an express permission to practice a patent or covenant not to -sue for patent infringement). To "grant" such a patent license to a -party means to make such an agreement or commitment not to enforce a -patent against the party. - - If you convey a covered work, knowingly relying on a patent license, -and the Corresponding Source of the work is not available for anyone -to copy, free of charge and under the terms of this License, through a -publicly available network server or other readily accessible means, -then you must either (1) cause the Corresponding Source to be so -available, or (2) arrange to deprive yourself of the benefit of the -patent license for this particular work, or (3) arrange, in a manner -consistent with the requirements of this License, to extend the patent -license to downstream recipients. "Knowingly relying" means you have -actual knowledge that, but for the patent license, your conveying the -covered work in a country, or your recipient's use of the covered work -in a country, would infringe one or more identifiable patents in that -country that you have reason to believe are valid. - - If, pursuant to or in connection with a single transaction or -arrangement, you convey, or propagate by procuring conveyance of, a -covered work, and grant a patent license to some of the parties -receiving the covered work authorizing them to use, propagate, modify -or convey a specific copy of the covered work, then the patent license -you grant is automatically extended to all recipients of the covered -work and works based on it. - - A patent license is "discriminatory" if it does not include within -the scope of its coverage, prohibits the exercise of, or is -conditioned on the non-exercise of one or more of the rights that are -specifically granted under this License. You may not convey a covered -work if you are a party to an arrangement with a third party that is -in the business of distributing software, under which you make payment -to the third party based on the extent of your activity of conveying -the work, and under which the third party grants, to any of the -parties who would receive the covered work from you, a discriminatory -patent license (a) in connection with copies of the covered work -conveyed by you (or copies made from those copies), or (b) primarily -for and in connection with specific products or compilations that -contain the covered work, unless you entered into that arrangement, -or that patent license was granted, prior to 28 March 2007. - - Nothing in this License shall be construed as excluding or limiting -any implied license or other defenses to infringement that may -otherwise be available to you under applicable patent law. - - 12. No Surrender of Others' Freedom. - - If conditions are imposed on you (whether by court order, agreement or -otherwise) that contradict the conditions of this License, they do not -excuse you from the conditions of this License. If you cannot convey a -covered work so as to satisfy simultaneously your obligations under this -License and any other pertinent obligations, then as a consequence you may -not convey it at all. For example, if you agree to terms that obligate you -to collect a royalty for further conveying from those to whom you convey -the Program, the only way you could satisfy both those terms and this -License would be to refrain entirely from conveying the Program. - - 13. Use with the GNU Affero General Public License. - - Notwithstanding any other provision of this License, you have -permission to link or combine any covered work with a work licensed -under version 3 of the GNU Affero General Public License into a single -combined work, and to convey the resulting work. The terms of this -License will continue to apply to the part which is the covered work, -but the special requirements of the GNU Affero General Public License, -section 13, concerning interaction through a network will apply to the -combination as such. - - 14. Revised Versions of this License. - - The Free Software Foundation may publish revised and/or new versions of -the GNU General Public License from time to time. Such new versions will -be similar in spirit to the present version, but may differ in detail to -address new problems or concerns. - - Each version is given a distinguishing version number. If the -Program specifies that a certain numbered version of the GNU General -Public License "or any later version" applies to it, you have the -option of following the terms and conditions either of that numbered -version or of any later version published by the Free Software -Foundation. If the Program does not specify a version number of the -GNU General Public License, you may choose any version ever published -by the Free Software Foundation. - - If the Program specifies that a proxy can decide which future -versions of the GNU General Public License can be used, that proxy's -public statement of acceptance of a version permanently authorizes you -to choose that version for the Program. - - Later license versions may give you additional or different -permissions. However, no additional obligations are imposed on any -author or copyright holder as a result of your choosing to follow a -later version. - - 15. Disclaimer of Warranty. - - THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY -APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT -HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY -OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, -THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM -IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF -ALL NECESSARY SERVICING, REPAIR OR CORRECTION. - - 16. Limitation of Liability. - - IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING -WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS -THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY -GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE -USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF -DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD -PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), -EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF -SUCH DAMAGES. - - 17. Interpretation of Sections 15 and 16. - - If the disclaimer of warranty and limitation of liability provided -above cannot be given local legal effect according to their terms, -reviewing courts shall apply local law that most closely approximates -an absolute waiver of all civil liability in connection with the -Program, unless a warranty or assumption of liability accompanies a -copy of the Program in return for a fee. - - END OF TERMS AND CONDITIONS - - How to Apply These Terms to Your New Programs - - If you develop a new program, and you want it to be of the greatest -possible use to the public, the best way to achieve this is to make it -free software which everyone can redistribute and change under these terms. - - To do so, attach the following notices to the program. It is safest -to attach them to the start of each source file to most effectively -state the exclusion of warranty; and each file should have at least -the "copyright" line and a pointer to where the full notice is found. - - <one line to give the program's name and a brief idea of what it does.> - Copyright (C) <year> <name of author> - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. - -Also add information on how to contact you by electronic and paper mail. - - If the program does terminal interaction, make it output a short -notice like this when it starts in an interactive mode: - - <program> Copyright (C) <year> <name of author> - This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. - This is free software, and you are welcome to redistribute it - under certain conditions; type `show c' for details. - -The hypothetical commands `show w' and `show c' should show the appropriate -parts of the General Public License. Of course, your program's commands -might be different; for a GUI interface, you would use an "about box". - - You should also get your employer (if you work as a programmer) or school, -if any, to sign a "copyright disclaimer" for the program, if necessary. -For more information on this, and how to apply and follow the GNU GPL, see -<http://www.gnu.org/licenses/>. - - The GNU General Public License does not permit incorporating your program -into proprietary programs. If your program is a subroutine library, you -may consider it more useful to permit linking proprietary applications with -the library. If this is what you want to do, use the GNU Lesser General -Public License instead of this License. But first, please read -<http://www.gnu.org/philosophy/why-not-lgpl.html>.
	Added	debian.tar.gz ^
[-] [+]	Added	init.pound ^
@@ -0,0 +1,72 @@ +#! /bin/sh +# Copyright (c) 1995-1998 SuSE GmbH Nuernberg, Germany. +# +# Author: adrian@suse.de, template by ro@suse.de +# +# /etc/init.d/pound +# and its symbolic link +# /usr/sbin/rcpound +# +### BEGIN INIT INFO +# Provides: pound +# Required-Start: $time $remote_fs $named $syslog +# Required-Stop: +# Default-Start: 3 5 +# Default-Stop: 0 1 2 4 6 +# Description: A lightweight HTTP proxy +# Short-Description: A lightweight HTTP proxy +### END INIT INFO + +. /etc/rc.status + + +# Determine the base and follow a runlevel link name. +base=${0##/} +link=${base#[SK][0-9][0-9]} + +# Force execution if not called by a runlevel directory. +test -x /usr/sbin/pound \|\| exit 0 + +rc_reset +case "$1" in + start) + echo -n "Starting Pound HTTP Proxy" + startproc /usr/sbin/pound + rc_status -v + ;; + stop) + echo -n "Shutting down Pound HTTP Proxy" + killproc -TERM /usr/sbin/pound + rc_status -v + ;; + restart) + ## If first returns OK call the second, if first or + ## second command fails, set echo return value. + $0 stop && $0 start + rc_status + ;; + force-reload) + ## If first returns OK call the second, if first or + ## second command fails, set echo return value. + $0 stop; sleep 1 && $0 start + rc_status + ;; + reload) + $0 stop; sleep 1 && $0 start + rc_status + ;; + status) + echo -n "Checking for Pound HTTP Proxy Daemon: " + checkproc /usr/sbin/pound + rc_status -v + ;; + configtest) + echo "Checking Pound configuration ..." + eval /usr/sbin/pound -c + ;; + *) + echo "Usage: $0 {start\|stop\|status\|restart\|reload\|configtest}" + exit 1 + ;; +esac +rc_exit
[-] [+]	Changed	pound.cfg ^
@@ -1,35 +1,22 @@ -# -# Default pound.cfg -# -# Pound listens on port 80 for HTTP and port 443 for HTTPS -# and distributes requests to 2 backends running on localhost. -# see pound(8) for configuration directives. -# You can enable/disable backends with poundctl(8). -# +# This is a simple configuration example. +# It sends all requests from port 80 to port 8080 on the same machine. -User "pound" +# Start pound as User with Group +User "pound" Group "pound" -Control "/var/lib/pound/pound.cfg" +# Replace "localhost" by your IP or host name ListenHTTP - Address 0.0.0.0 - Port 80 -End + Address localhost + Port 80 -ListenHTTPS - Address 0.0.0.0 - Port 443 - Cert "/etc/pki/tls/certs/pound.pem" -End + Service + HeadRequire "Host: .localhost." -Service - BackEnd - Address 127.0.0.1 - Port 8000 - End - - BackEnd - Address 127.0.0.1 - Port 8001 + BackEnd + Address localhost + Port 8080 + End End End +
[-] [+]	Added	pound.dsc ^
@@ -0,0 +1,13 @@ +Format: 1.0 +Source: pound +Binary: pound +Architecture: any +Version: 2.4.1-1 +Maintainer: Michael Mende <debian@menole.net> +Uploaders: Michael Piefel <piefel@debian.org> +Homepage: http://www.apsis.ch/pound/ +Standards-Version: 3.7.3 +Build-Depends: autotools-dev, debhelper (>= 5), libpcre3-dev, libssl-dev (>= 0.9.7) +Files: + 16450962d535215719442955f6101829 169138 Pound-2.4.1.tar.gz + 28db12afac91ca5c28b09a7ead069e56 6188 pound_2.4-2.diff.gz
[-] [+]	Deleted	pound.init ^
@@ -1,62 +0,0 @@ -#!/bin/bash -# -# pound This shell script starts the Pound load-balancer -# -# Author: Ruben Kerkhof <ruben@rubenkerkhof.com> -# -# chkconfig: - 85 15 -# -# description: Pound is a reverse proxy and load-balancer -# processname: pound -# config: /etc/pound.cfg -# pidfile: /var/run/pound.pid -# - -# source function library -. /etc/rc.d/init.d/functions - -RETVAL=0 - -start() { - echo -n $"Starting Pound: " - daemon pound - RETVAL=$? - echo - [ $RETVAL -eq 0 ] && touch /var/lock/subsys/pound -} - -stop() { - echo -n $"Stopping Pound: " - killproc pound - echo - [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/pound -} - -restart() { - stop - start -} - -case "$1" in - start) - start - ;; - stop) - stop - ;; - restart\|force-reload\|reload) - restart - ;; - condrestart) - [ -f /var/lock/subsys/pound ] && restart - ;; - status) - status pound - RETVAL=$? - ;; - *) - echo $"Usage: $0 {start\|stop\|status\|restart\|reload\|force-reload\|condrestart}" - exit 1 -esac - -exit $RETVAL

Difference Between Revision 1 and home:jg / pound