Solderpunk
eb85a6e94c
Another big refactor, splitting the Config struct in two.
...
The split reflects that between variables which can and cannot be
overridden by .molly files, and this greatly simplifies the
processing of said files, getting rid of the need for lots of
ugly temporary variable thrashing.
2023-02-25 11:29:13 +01:00
Solderpunk
212c9f79fb
A rather extensive refactor.
...
Basically the function formerly known as do_main() in main.go has
been renamed launch() and moved into launch.go. Now there are
main.go and main_unix.go files implementing minmial main()
functions which load a config and pass it to launch. This allows
separating unix-specific security stuff (both the actual system
calls which won't compile on other platforms and the definition
of command line switches) out from the platform agnostic
implementation of the main server logic. It also simplifies the
interaction of relative paths in config files with chrooting.
Docs still need updating...
2023-02-23 18:49:15 +01:00
Solderpunk
f63fcdb6d1
Do not request client certificates if we're never going to need them.
2023-02-19 15:17:45 +01:00
Solderpunk
7a89b307a1
Just use the log package's default logger as the error log.
2023-02-19 15:04:34 +01:00
Solderpunk
072669a167
Avoid use of log.Fatal() or os.Exit() in main so defers are guaranteed to run.
2023-02-19 14:40:54 +01:00
Solderpunk
7fad754ff2
Drop privileges much more thoroughly, thanks nervuri! (see issue #16 )
2023-02-19 13:17:24 +01:00
Solderpunk
182e58ffe3
Make unprivileged user configurable, thanks nervuri! (see issue #16 )
2023-02-15 21:16:49 +01:00
Solderpunk
8372142843
Add support for chroot()ing server early after startup, more work toward issue #16 .
2023-02-15 21:10:22 +01:00
Solderpunk
5258b29c6b
Big ol' gofmt.
2023-02-10 17:19:21 +01:00
Solderpunk
56d8dde14a
Chdir to / so that Molly doesn't interfere with unmounting.
2023-02-10 16:16:57 +01:00
Solderpunk
17d17a1629
Catch SIGTERM and shutdown gracefully.
2023-02-08 19:56:27 +01:00
Solderpunk
b16a8584a6
Merge pull request 'Added pledge(2) and unveil(2) system calls to improve security on OpenBSD.' ( #13 ) from kvothe/molly-brown:master into master
...
Reviewed-on: #13
2023-02-08 17:54:29 +00:00
Solderpunk
3be10b82d7
Allow no access logging with empty string log file path.
2023-02-07 19:59:43 +01:00
Solderpunk
443bfd4bbd
Change to error logging behaviour (stderr instead of stdout, by default).
2023-02-07 19:33:14 +01:00
Solderpunk
16bf8e0534
Refuse to use a world-readable TLS key.
2023-02-07 19:23:35 +01:00
Solderpunk
2d6f4db38e
Add -v flag to print version and exit. Closes #23 .
2023-02-05 15:36:18 +01:00
92cd40db12
Allow access and error logging to stdout by configuring a path of "-".
...
Thanks to @icedquinn@blob.cat for the suggestion.
2021-01-24 17:09:47 +01:00
kvothe.
03ca12d0c1
First pass at a pledge/unveil implementation for OpenBSD.
2020-09-14 22:21:05 -04:00
821a862036
Use standard library logging facilities for error log.
2020-07-01 19:57:39 +02:00
3c4c447bd3
Broader config file error handling.
2020-07-01 19:56:43 +02:00
990b7071d0
gofmt fixes.
2020-06-30 19:13:02 +02:00
77691d6983
Introduce error log.
2020-06-28 18:34:50 +02:00
b0b18971f4
Run gofmt on everything for the first time ever!
2020-06-10 21:31:13 +02:00
bec952c66a
Use log.Fatal instead of fmt.Println and os.Exit.
2020-06-08 20:02:29 +02:00
6f3887bdc4
Request client certificates, check validity dates of received certs and pass certs to handleCGI.
2020-06-05 19:39:28 +02:00
44d72c2bf2
Make it clear what is wrong with a config file.
2020-06-04 20:36:03 +02:00
d14198aeba
Add missing import from previous commit.
2020-05-21 22:50:33 +02:00
203c259e7f
Honour port setting from config file.
2020-05-19 22:05:48 +02:00
7566636c97
Add basic logging.
2019-11-06 18:38:41 +02:00
0ddf8ca2ae
Initial bare bones implementation.
2019-11-06 17:08:44 +02:00
Solderpunk
Solderpunk
kvothe.