kore

An easy to use, scalable and secure web application framework for writing web APIs in C.
Commits | Files | Refs | README | LICENSE | git clone https://git.kore.io/kore.git

config.c (49313B)



      1 /*
      2  * Copyright (c) 2013-2022 Joris Vink <joris@coders.se>
      3  *
      4  * Permission to use, copy, modify, and distribute this software for any
      5  * purpose with or without fee is hereby granted, provided that the above
      6  * copyright notice and this permission notice appear in all copies.
      7  *
      8  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
      9  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
     10  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
     11  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
     12  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
     13  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
     14  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
     15  */
     16 
     17 #include <sys/param.h>
     18 #include <sys/types.h>
     19 #include <sys/stat.h>
     20 
     21 #include <stdio.h>
     22 #include <string.h>
     23 #include <stdint.h>
     24 #include <ctype.h>
     25 #include <limits.h>
     26 #include <fcntl.h>
     27 #include <pwd.h>
     28 
     29 #include "kore.h"
     30 #include "http.h"
     31 
     32 #if defined(KORE_USE_PGSQL)
     33 #include "pgsql.h"
     34 #endif
     35 
     36 #if defined(KORE_USE_TASKS)
     37 #include "tasks.h"
     38 #endif
     39 
     40 #if defined(KORE_USE_PYTHON)
     41 #include "python_api.h"
     42 #endif
     43 
     44 #if defined(KORE_USE_CURL)
     45 #include "curl.h"
     46 #endif
     47 
     48 #if defined(KORE_USE_ACME)
     49 #include "acme.h"
     50 #endif
     51 
     52 #if defined(__linux__)
     53 #include "seccomp.h"
     54 #endif
     55 
     56 /* XXX - This is becoming a clusterfuck. Fix it. */
     57 
     58 static int	configure_load(char *);
     59 static char	*configure_resolve_var(char *);
     60 static void	configure_check_var(char **, const char *, const char *);
     61 
     62 #if defined(KORE_SINGLE_BINARY)
     63 static FILE		*config_file_write(void);
     64 extern u_int8_t		asset_builtin_kore_conf[];
     65 extern u_int32_t	asset_len_builtin_kore_conf;
     66 #elif defined(KORE_USE_PYTHON)
     67 static int		configure_file(char *);
     68 #endif
     69 
     70 #if defined(KORE_USE_ACME)
     71 static int		configure_acme(char *);
     72 static int		configure_acme_email(char *);
     73 static int		configure_acme_provider(char *);
     74 #endif
     75 
     76 static int		configure_tls(char *);
     77 static int		configure_server(char *);
     78 static int		configure_include(char *);
     79 static int		configure_bind(char *);
     80 static int		configure_bind_unix(char *);
     81 static int		configure_attach(char *);
     82 static int		configure_domain(char *);
     83 static int		configure_privsep(char *);
     84 static int		configure_logfile(char *);
     85 static int		configure_workers(char *);
     86 static int		configure_pidfile(char *);
     87 static int		configure_rlimit_nofiles(char *);
     88 static int		configure_max_connections(char *);
     89 static int		configure_accept_threshold(char *);
     90 static int		configure_death_policy(char *);
     91 static int		configure_set_affinity(char *);
     92 static int		configure_socket_backlog(char *);
     93 static int		configure_privsep_skip(char *);
     94 static int		configure_privsep_root(char *);
     95 static int		configure_privsep_runas(char *);
     96 
     97 #if defined(KORE_USE_PLATFORM_PLEDGE)
     98 static int		configure_add_pledge(char *);
     99 #endif
    100 
    101 static int		configure_rand_file(char *);
    102 static int		configure_certfile(char *);
    103 static int		configure_certkey(char *);
    104 static int		configure_tls_version(char *);
    105 static int		configure_tls_cipher(char *);
    106 static int		configure_tls_dhparam(char *);
    107 static int		configure_client_verify(char *);
    108 static int		configure_client_verify_depth(char *);
    109 
    110 #if !defined(KORE_NO_HTTP)
    111 static int		configure_route(char *);
    112 static int		configure_route_methods(char *);
    113 static int		configure_route_handler(char *);
    114 static int		configure_route_on_free(char *);
    115 static int		configure_route_on_headers(char *);
    116 static int		configure_route_authenticate(char *);
    117 static int		configure_route_on_body_chunk(char *);
    118 static int		configure_filemap(char *);
    119 static int		configure_return(char *);
    120 static int		configure_redirect(char *);
    121 static int		configure_static_handler(char *);
    122 static int		configure_dynamic_handler(char *);
    123 static int		configure_accesslog(char *);
    124 static int		configure_http_header_max(char *);
    125 static int		configure_http_header_timeout(char *);
    126 static int		configure_http_body_max(char *);
    127 static int		configure_http_body_timeout(char *);
    128 static int		configure_filemap_ext(char *);
    129 static int		configure_filemap_index(char *);
    130 static int		configure_http_media_type(char *);
    131 static int		configure_http_hsts_enable(char *);
    132 static int		configure_http_keepalive_time(char *);
    133 static int		configure_http_request_ms(char *);
    134 static int		configure_http_request_limit(char *);
    135 static int		configure_http_body_disk_offload(char *);
    136 static int		configure_http_body_disk_path(char *);
    137 static int		configure_http_server_version(char *);
    138 static int		configure_http_pretty_error(char *);
    139 static int		configure_validator(char *);
    140 static int		configure_validate(char *);
    141 static int		configure_authentication(char *);
    142 static int		configure_authentication_uri(char *);
    143 static int		configure_authentication_type(char *);
    144 static int		configure_authentication_value(char *);
    145 static int		configure_authentication_validator(char *);
    146 static int		configure_websocket_maxframe(char *);
    147 static int		configure_websocket_timeout(char *);
    148 #endif
    149 
    150 #if defined(KORE_USE_PGSQL)
    151 static int		configure_pgsql_conn_max(char *);
    152 static int		configure_pgsql_queue_limit(char *);
    153 #endif
    154 
    155 #if defined(KORE_USE_TASKS)
    156 static int		configure_task_threads(char *);
    157 #endif
    158 
    159 #if defined(KORE_USE_PYTHON)
    160 static int		configure_deployment(char *);
    161 static int		configure_python_path(char *);
    162 static int		configure_python_import(char *);
    163 #endif
    164 
    165 #if defined(KORE_USE_CURL)
    166 static int		configure_curl_timeout(char *);
    167 static int		configure_curl_recv_max(char *);
    168 #endif
    169 
    170 #if defined(__linux__)
    171 static int		configure_seccomp_tracing(char *);
    172 #endif
    173 
    174 static struct {
    175 	const char		*name;
    176 	int			(*configure)(char *);
    177 } config_directives[] = {
    178 	{ "tls",			configure_tls },
    179 #if defined(KORE_USE_ACME)
    180 	{ "acme",			configure_acme },
    181 #endif
    182 	{ "bind",			configure_bind },
    183 	{ "load",			configure_load },
    184 	{ "domain",			configure_domain },
    185 	{ "privsep",			configure_privsep },
    186 	{ "server",			configure_server },
    187 	{ "attach",			configure_attach },
    188 	{ "certkey",			configure_certkey },
    189 	{ "certfile",			configure_certfile },
    190 	{ "include",			configure_include },
    191 	{ "unix",			configure_bind_unix },
    192 	{ "skip",			configure_privsep_skip },
    193 	{ "root",			configure_privsep_root },
    194 	{ "runas",			configure_privsep_runas },
    195 	{ "client_verify",		configure_client_verify },
    196 	{ "client_verify_depth",	configure_client_verify_depth },
    197 #if defined(KORE_USE_PYTHON)
    198 	{ "python_path",		configure_python_path },
    199 	{ "python_import",		configure_python_import },
    200 #endif
    201 #if !defined(KORE_NO_HTTP)
    202 	{ "route",			configure_route },
    203 	{ "handler",			configure_route_handler },
    204 	{ "on_headers",			configure_route_on_headers },
    205 	{ "on_body_chunk",		configure_route_on_body_chunk },
    206 	{ "on_free",			configure_route_on_free },
    207 	{ "methods",			configure_route_methods },
    208 	{ "authenticate",		configure_route_authenticate },
    209 	{ "filemap",			configure_filemap },
    210 	{ "redirect",			configure_redirect },
    211 	{ "return",			configure_return },
    212 	{ "static",			configure_static_handler },
    213 	{ "dynamic",			configure_dynamic_handler },
    214 	{ "accesslog",			configure_accesslog },
    215 	{ "validator",			configure_validator },
    216 	{ "validate",			configure_validate },
    217 	{ "authentication",		configure_authentication },
    218 	{ "authentication_uri",		configure_authentication_uri },
    219 	{ "authentication_type",	configure_authentication_type },
    220 	{ "authentication_value",	configure_authentication_value },
    221 	{ "authentication_validator",	configure_authentication_validator },
    222 #endif
    223 	{ NULL,				NULL },
    224 };
    225 
    226 static struct {
    227 	const char		*name;
    228 	int			(*configure)(char *);
    229 } config_settings[] = {
    230 	{ "logfile",			configure_logfile },
    231 	{ "workers",			configure_workers },
    232 	{ "worker_max_connections",	configure_max_connections },
    233 	{ "worker_rlimit_nofiles",	configure_rlimit_nofiles },
    234 	{ "worker_accept_threshold",	configure_accept_threshold },
    235 	{ "worker_death_policy",	configure_death_policy },
    236 	{ "worker_set_affinity",	configure_set_affinity },
    237 	{ "pidfile",			configure_pidfile },
    238 	{ "socket_backlog",		configure_socket_backlog },
    239 	{ "tls_version",		configure_tls_version },
    240 	{ "tls_cipher",			configure_tls_cipher },
    241 	{ "tls_dhparam",		configure_tls_dhparam },
    242 	{ "rand_file",			configure_rand_file },
    243 #if defined(KORE_USE_ACME)
    244 	{ "acme_email",			configure_acme_email },
    245 	{ "acme_provider",		configure_acme_provider },
    246 #endif
    247 #if defined(KORE_USE_PLATFORM_PLEDGE)
    248 	{ "pledge",			configure_add_pledge },
    249 #endif
    250 #if defined(__linux__)
    251 	{ "seccomp_tracing",		configure_seccomp_tracing },
    252 #endif
    253 #if !defined(KORE_NO_HTTP)
    254 	{ "filemap_ext",		configure_filemap_ext },
    255 	{ "filemap_index",		configure_filemap_index },
    256 	{ "http_media_type",		configure_http_media_type },
    257 	{ "http_header_max",		configure_http_header_max },
    258 	{ "http_header_timeout",	configure_http_header_timeout },
    259 	{ "http_body_max",		configure_http_body_max },
    260 	{ "http_body_timeout",		configure_http_body_timeout },
    261 	{ "http_hsts_enable",		configure_http_hsts_enable },
    262 	{ "http_keepalive_time",	configure_http_keepalive_time },
    263 	{ "http_request_ms",		configure_http_request_ms },
    264 	{ "http_request_limit",		configure_http_request_limit },
    265 	{ "http_body_disk_offload",	configure_http_body_disk_offload },
    266 	{ "http_body_disk_path",	configure_http_body_disk_path },
    267 	{ "http_server_version",	configure_http_server_version },
    268 	{ "http_pretty_error",		configure_http_pretty_error },
    269 	{ "websocket_maxframe",		configure_websocket_maxframe },
    270 	{ "websocket_timeout",		configure_websocket_timeout },
    271 #endif
    272 #if defined(KORE_USE_PYTHON)
    273 	{ "deployment",			configure_deployment },
    274 #endif
    275 #if defined(KORE_USE_PGSQL)
    276 	{ "pgsql_conn_max",		configure_pgsql_conn_max },
    277 	{ "pgsql_queue_limit",		configure_pgsql_queue_limit },
    278 #endif
    279 #if defined(KORE_USE_TASKS)
    280 	{ "task_threads",		configure_task_threads },
    281 #endif
    282 #if defined(KORE_USE_CURL)
    283 	{ "curl_timeout",		configure_curl_timeout },
    284 	{ "curl_recv_max",		configure_curl_recv_max },
    285 #endif
    286 #if !defined(KORE_SINGLE_BINARY) && defined(KORE_USE_PYTHON)
    287 	{ "file",			configure_file },
    288 #endif
    289 	{ NULL,				NULL },
    290 };
    291 
    292 static int				finalized = 0;
    293 
    294 #if !defined(KORE_SINGLE_BINARY)
    295 char					*config_file = NULL;
    296 #endif
    297 
    298 #if !defined(KORE_NO_HTTP)
    299 static struct kore_auth			*current_auth = NULL;
    300 static struct kore_route		*current_route = NULL;
    301 #endif
    302 
    303 extern const char			*__progname;
    304 static struct kore_domain		*current_domain = NULL;
    305 static struct kore_server		*current_server = NULL;
    306 static struct kore_privsep		*current_privsep = NULL;
    307 
    308 void
    309 kore_parse_config(void)
    310 {
    311 	FILE		*fp;
    312 	struct passwd	*pwd;
    313 	char		path[PATH_MAX];
    314 
    315 	if (finalized)
    316 		return;
    317 
    318 	fp = NULL;
    319 
    320 #if !defined(KORE_SINGLE_BINARY)
    321 	if (config_file != NULL) {
    322 		if ((fp = fopen(config_file, "r")) == NULL) {
    323 			fatal("configuration given cannot be opened: %s",
    324 			    config_file);
    325 		}
    326 	}
    327 #else
    328 	fp = config_file_write();
    329 #endif
    330 
    331 	if (fp != NULL) {
    332 		kore_parse_config_file(fp);
    333 		(void)fclose(fp);
    334 	}
    335 
    336 	kore_tls_dh_check();
    337 
    338 	if (!kore_module_loaded())
    339 		fatal("no application module was loaded");
    340 
    341 	if (worker_privsep.root == NULL) {
    342 		if (getcwd(path, sizeof(path)) == NULL)
    343 			fatal("getcwd: %s", errno_s);
    344 		worker_privsep.root = kore_strdup(path);
    345 
    346 		if (!kore_quiet)
    347 			kore_log(LOG_NOTICE, "privsep: no root path set");
    348 	}
    349 
    350 	if (worker_privsep.runas == NULL) {
    351 		if ((pwd = getpwuid(getuid())) == NULL)
    352 			fatal("getpwuid: %s", errno_s);
    353 
    354 		worker_privsep.runas = kore_strdup(pwd->pw_name);
    355 		if (!kore_quiet)
    356 			kore_log(LOG_NOTICE, "privsep: no runas user set");
    357 
    358 		endpwent();
    359 	}
    360 
    361 	configure_check_var(&keymgr_privsep.runas, worker_privsep.runas,
    362 		"privsep: no keymgr runas set");
    363 #if defined(KORE_USE_ACME)
    364 	configure_check_var(&acme_privsep.runas, worker_privsep.runas,
    365 		"privsep: no acme runas set");
    366 #endif
    367 
    368 	configure_check_var(&keymgr_privsep.root, worker_privsep.root,
    369 		"privsep: no keymgr root set");
    370 #if defined(KORE_USE_ACME)
    371 	configure_check_var(&acme_privsep.root, worker_privsep.root,
    372 		"privsep: no acme root set");
    373 #endif
    374 
    375 	if (skip_chroot) {
    376 		worker_privsep.skip_chroot = 1;
    377 		keymgr_privsep.skip_chroot = 1;
    378 #if defined(KORE_USE_ACME)
    379 		acme_privsep.skip_chroot = 1;
    380 #endif
    381 	}
    382 
    383 	if (skip_runas) {
    384 		worker_privsep.skip_runas = 1;
    385 		keymgr_privsep.skip_runas = 1;
    386 #if defined(KORE_USE_ACME)
    387 		acme_privsep.skip_runas = 1;
    388 #endif
    389 	}
    390 
    391 	if (skip_runas && !kore_quiet)
    392 		kore_log(LOG_NOTICE, "privsep: skipping all runas options");
    393 
    394 	if (skip_chroot && !kore_quiet)
    395 		kore_log(LOG_NOTICE, "privsep: skipping all chroot options");
    396 
    397 	finalized = 1;
    398 }
    399 
    400 void
    401 kore_parse_config_file(FILE *fp)
    402 {
    403 	int		i, lineno;
    404 	char		buf[BUFSIZ], *p, *t, *v;
    405 
    406 	lineno = 1;
    407 	while ((p = kore_read_line(fp, buf, sizeof(buf))) != NULL) {
    408 		if (strlen(p) == 0) {
    409 			lineno++;
    410 			continue;
    411 		}
    412 
    413 		if (!strcmp(p, "}") && current_privsep != NULL) {
    414 			lineno++;
    415 			current_privsep = NULL;
    416 			continue;
    417 		}
    418 
    419 		if (!strcmp(p, "}") && current_server != NULL) {
    420 			lineno++;
    421 			kore_server_finalize(current_server);
    422 			current_server = NULL;
    423 			continue;
    424 		}
    425 
    426 #if !defined(KORE_NO_HTTP)
    427 		if (!strcmp(p, "}") && current_route != NULL) {
    428 			lineno++;
    429 			current_route = NULL;
    430 			continue;
    431 		}
    432 
    433 		if (!strcmp(p, "}") && current_auth != NULL) {
    434 			if (current_auth->validator == NULL) {
    435 				fatal("no authentication validator for %s",
    436 				    current_auth->name);
    437 			}
    438 
    439 			lineno++;
    440 			current_auth = NULL;
    441 			continue;
    442 		}
    443 #endif
    444 
    445 		if (!strcmp(p, "}") && current_domain != NULL) {
    446 			if (current_domain->server == NULL) {
    447 				fatal("domain '%s' not attached to server",
    448 				    current_domain->domain);
    449 			}
    450 
    451 			if (current_domain->server->tls == 1) {
    452 #if defined(KORE_USE_ACME)
    453 				if (current_domain->acme) {
    454 					lineno++;
    455 					current_domain = NULL;
    456 					continue;
    457 				}
    458 #endif
    459 				if (current_domain->certfile == NULL ||
    460 				    current_domain->certkey == NULL) {
    461 					fatal("incomplete TLS setup for '%s'",
    462 					    current_domain->domain);
    463 				}
    464 			}
    465 
    466 			current_domain = NULL;
    467 		}
    468 
    469 		if (!strcmp(p, "}")) {
    470 			lineno++;
    471 			continue;
    472 		}
    473 
    474 		if ((t = strchr(p, ' ')) == NULL) {
    475 			kore_log(LOG_NOTICE,
    476 			    "ignoring \"%s\" on line %d", p, lineno++);
    477 			continue;
    478 		}
    479 
    480 		*(t)++ = '\0';
    481 
    482 		p = kore_text_trim(p, strlen(p));
    483 		t = kore_text_trim(t, strlen(t));
    484 
    485 		if (strlen(p) == 0 || strlen(t) == 0) {
    486 			kore_log(LOG_NOTICE,
    487 			    "ignoring \"%s\" on line %d", p, lineno++);
    488 			continue;
    489 		}
    490 
    491 		for (i = 0; config_directives[i].name != NULL; i++) {
    492 			if (!strcmp(config_directives[i].name, p)) {
    493 				if ((v  = configure_resolve_var(t)) == NULL)
    494 					fatal("variable %s does not exist", t);
    495 				if (config_directives[i].configure(v))
    496 					break;
    497 				fatal("configuration error on line %d", lineno);
    498 				/* NOTREACHED */
    499 			}
    500 		}
    501 
    502 		if (config_directives[i].name != NULL) {
    503 			lineno++;
    504 			continue;
    505 		}
    506 
    507 		for (i = 0; config_settings[i].name != NULL; i++) {
    508 			if (!strcmp(config_settings[i].name, p)) {
    509 				if ((v  = configure_resolve_var(t)) == NULL)
    510 					fatal("variable %s does not exist", t);
    511 				if (config_settings[i].configure(v))
    512 					break;
    513 				fatal("configuration error on line %d", lineno);
    514 				/* NOTREACHED */
    515 			}
    516 		}
    517 
    518 		if (config_settings[i].name == NULL) {
    519 			kore_log(LOG_NOTICE,
    520 			    "ignoring \"%s\" on line %d", p, lineno);
    521 		}
    522 
    523 		lineno++;
    524 	}
    525 }
    526 
    527 #if defined(KORE_USE_PYTHON)
    528 int
    529 kore_configure_setting(const char *name, char *value)
    530 {
    531 	int	i;
    532 
    533 	if (finalized)
    534 		return (KORE_RESULT_ERROR);
    535 
    536 	for (i = 0; config_settings[i].name != NULL; i++) {
    537 		if (!strcmp(config_settings[i].name, name)) {
    538 			if (config_settings[i].configure(value))
    539 				return (KORE_RESULT_OK);
    540 			fatal("bad value '%s' for '%s'", value, name);
    541 		}
    542 	}
    543 
    544 	kore_log(LOG_NOTICE, "ignoring unknown kore.config.%s setting", name);
    545 	return (KORE_RESULT_OK);
    546 }
    547 #endif
    548 
    549 static void
    550 configure_check_var(char **var, const char *other, const char *logmsg)
    551 {
    552 	if (*var == NULL) {
    553 		if (!kore_quiet)
    554 			kore_log(LOG_NOTICE, "%s", logmsg);
    555 		*var = kore_strdup(other);
    556 	}
    557 }
    558 
    559 static char *
    560 configure_resolve_var(char *var)
    561 {
    562 	char	*v;
    563 
    564 	if (var[0] == '$') {
    565 		if ((v = getenv(&var[1])) == NULL)
    566 			return (NULL);
    567 	} else {
    568 		v = var;
    569 	}
    570 
    571 	return (v);
    572 }
    573 
    574 static int
    575 configure_include(char *path)
    576 {
    577 	FILE		*fp;
    578 
    579 	if ((fp = fopen(path, "r")) == NULL)
    580 		fatal("failed to open include '%s'", path);
    581 
    582 	kore_parse_config_file(fp);
    583 	(void)fclose(fp);
    584 
    585 	return (KORE_RESULT_OK);
    586 }
    587 
    588 static int
    589 configure_server(char *options)
    590 {
    591 	struct kore_server	*srv;
    592 	char			*argv[3];
    593 
    594 	if (current_server != NULL) {
    595 		kore_log(LOG_ERR, "nested server contexts are not allowed");
    596 		return (KORE_RESULT_ERROR);
    597 	}
    598 
    599 	kore_split_string(options, " ", argv, 3);
    600 
    601 	if (argv[0] == NULL || argv[1] == NULL) {
    602 		kore_log(LOG_ERR, "server context invalid");
    603 		return (KORE_RESULT_ERROR);
    604 	}
    605 
    606 	if (strcmp(argv[1], "{")) {
    607 		kore_log(LOG_ERR, "server context not opened correctly");
    608 		return (KORE_RESULT_ERROR);
    609 	}
    610 
    611 	if ((srv = kore_server_lookup(argv[0])) != NULL) {
    612 		kore_log(LOG_ERR, "server with name '%s' exists", srv->name);
    613 		return (KORE_RESULT_ERROR);
    614 	}
    615 
    616 	current_server = kore_server_create(argv[0]);
    617 
    618 	return (KORE_RESULT_OK);
    619 }
    620 
    621 static int
    622 configure_tls(char *yesno)
    623 {
    624 	if (!kore_tls_supported()) {
    625 		current_server->tls = 0;
    626 
    627 		if (!strcmp(yesno, "yes")) {
    628 			kore_log(LOG_ERR, "TLS not supported in this build");
    629 			return (KORE_RESULT_ERROR);
    630 		}
    631 
    632 		return (KORE_RESULT_OK);
    633 	}
    634 
    635 	if (current_server == NULL) {
    636 		kore_log(LOG_ERR, "tls keyword not inside a server context");
    637 		return (KORE_RESULT_ERROR);
    638 	}
    639 
    640 	if (!strcmp(yesno, "no")) {
    641 		current_server->tls = 0;
    642 	} else if (!strcmp(yesno, "yes")) {
    643 		current_server->tls = 1;
    644 	} else {
    645 		kore_log(LOG_ERR, "invalid '%s' for yes|no tls option", yesno);
    646 		return (KORE_RESULT_ERROR);
    647 	}
    648 
    649 	return (KORE_RESULT_OK);
    650 }
    651 
    652 #if defined(KORE_USE_ACME)
    653 static int
    654 configure_acme(char *yesno)
    655 {
    656 	if (current_domain == NULL) {
    657 		kore_log(LOG_ERR, "acme keyword not inside a domain context");
    658 		return (KORE_RESULT_ERROR);
    659 	}
    660 
    661 	if (strchr(current_domain->domain, '*')) {
    662 		kore_log(LOG_ERR,
    663 		    "wildcards not supported due to lack of dns-01");
    664 		return (KORE_RESULT_ERROR);
    665 	}
    666 
    667 	if (!strcmp(yesno, "no")) {
    668 		current_domain->acme = 0;
    669 	} else if (!strcmp(yesno, "yes")) {
    670 		current_domain->acme = 1;
    671 
    672 		/* Override keyfile and certfile locations. */
    673 		kore_free(current_domain->certkey);
    674 		kore_free(current_domain->certfile);
    675 
    676 		kore_acme_get_paths(current_domain->domain,
    677 		    &current_domain->certkey, &current_domain->certfile);
    678 		acme_domains++;
    679 	} else {
    680 		kore_log(LOG_ERR, "invalid '%s' for yes|no acme option", yesno);
    681 		return (KORE_RESULT_ERROR);
    682 	}
    683 
    684 	return (KORE_RESULT_OK);
    685 }
    686 
    687 static int
    688 configure_acme_email(char *email)
    689 {
    690 	kore_free(acme_email);
    691 	acme_email = kore_strdup(email);
    692 
    693 	return (KORE_RESULT_OK);
    694 }
    695 
    696 static int
    697 configure_acme_provider(char *provider)
    698 {
    699 	kore_free(acme_provider);
    700 	acme_provider = kore_strdup(provider);
    701 
    702 	return (KORE_RESULT_OK);
    703 }
    704 
    705 #endif
    706 
    707 static int
    708 configure_bind(char *options)
    709 {
    710 	char		*argv[4];
    711 
    712 	if (current_server == NULL) {
    713 		kore_log(LOG_ERR, "bind keyword not inside a server context");
    714 		return (KORE_RESULT_ERROR);
    715 	}
    716 
    717 	kore_split_string(options, " ", argv, 4);
    718 	if (argv[0] == NULL || argv[1] == NULL)
    719 		return (KORE_RESULT_ERROR);
    720 
    721 	return (kore_server_bind(current_server, argv[0], argv[1], argv[2]));
    722 }
    723 
    724 static int
    725 configure_bind_unix(char *options)
    726 {
    727 	char		*argv[3];
    728 
    729 	if (current_server == NULL) {
    730 		kore_log(LOG_ERR,
    731 		    "bind_unix keyword not inside a server context");
    732 		return (KORE_RESULT_ERROR);
    733 	}
    734 
    735 	kore_split_string(options, " ", argv, 3);
    736 	if (argv[0] == NULL)
    737 		return (KORE_RESULT_ERROR);
    738 
    739 	return (kore_server_bind_unix(current_server, argv[0], argv[1]));
    740 }
    741 
    742 static int
    743 configure_load(char *options)
    744 {
    745 	char		*argv[3];
    746 
    747 	kore_split_string(options, " ", argv, 3);
    748 	if (argv[0] == NULL)
    749 		return (KORE_RESULT_ERROR);
    750 
    751 	kore_module_load(argv[0], argv[1], KORE_MODULE_NATIVE);
    752 	return (KORE_RESULT_OK);
    753 }
    754 
    755 #if defined(KORE_SINGLE_BINARY)
    756 static FILE *
    757 config_file_write(void)
    758 {
    759 	FILE		*fp;
    760 	ssize_t		ret;
    761 	int		fd, len;
    762 	char		fpath[MAXPATHLEN];
    763 
    764 	len = snprintf(fpath, sizeof(fpath), "%s/%s.XXXXXX", KORE_TMPDIR,
    765 	    __progname);
    766 	if (len == -1 || (size_t)len >= sizeof(fpath))
    767 		fatal("failed to create temporary path");
    768 
    769 	if ((fd = mkstemp(fpath)) == -1)
    770 		fatal("mkstemp(%s): %s", fpath, errno_s);
    771 
    772 	(void)unlink(fpath);
    773 
    774 	for (;;) {
    775 		ret = write(fd, asset_builtin_kore_conf,
    776 		    asset_len_builtin_kore_conf);
    777 		if (ret == -1) {
    778 			if (errno == EINTR)
    779 				continue;
    780 			fatal("failed to write temporary config: %s", errno_s);
    781 		}
    782 
    783 		if ((size_t)ret != asset_len_builtin_kore_conf)
    784 			fatal("failed to write temporary config");
    785 		break;
    786 	}
    787 
    788 	if ((fp = fdopen(fd, "w+")) == NULL)
    789 		fatal("fdopen(): %s", errno_s);
    790 
    791 	rewind(fp);
    792 
    793 	return (fp);
    794 }
    795 #elif defined(KORE_USE_PYTHON)
    796 static int
    797 configure_file(char *file)
    798 {
    799 	free(config_file);
    800 	if ((config_file = strdup(file)) == NULL)
    801 		fatal("strdup");
    802 
    803 	return (KORE_RESULT_OK);
    804 }
    805 #endif
    806 
    807 static int
    808 configure_tls_version(char *version)
    809 {
    810 	int	ver;
    811 
    812 	if (!strcmp(version, "1.3")) {
    813 		ver = KORE_TLS_VERSION_1_3;
    814 	} else if (!strcmp(version, "1.2")) {
    815 		ver = KORE_TLS_VERSION_1_2;
    816 	} else if (!strcmp(version, "both")) {
    817 		ver = KORE_TLS_VERSION_BOTH;
    818 	} else {
    819 		kore_log(LOG_ERR,
    820 		    "unknown value for tls_version: %s (use 1.3, 1.2, both)",
    821 		    version);
    822 		return (KORE_RESULT_ERROR);
    823 	}
    824 
    825 	kore_tls_version_set(ver);
    826 
    827 	return (KORE_RESULT_OK);
    828 }
    829 
    830 static int
    831 configure_tls_cipher(char *cipherlist)
    832 {
    833 	return (kore_tls_ciphersuite_set(cipherlist));
    834 }
    835 
    836 static int
    837 configure_tls_dhparam(char *path)
    838 {
    839 	return (kore_tls_dh_load(path));
    840 }
    841 
    842 static int
    843 configure_client_verify_depth(char *value)
    844 {
    845 	int	err, depth;
    846 
    847 	if (current_domain == NULL) {
    848 		kore_log(LOG_ERR,
    849 		    "client_verify_depth keyword not in domain context");
    850 		return (KORE_RESULT_ERROR);
    851 	}
    852 
    853 	depth = kore_strtonum(value, 10, 0, INT_MAX, &err);
    854 	if (err != KORE_RESULT_OK) {
    855 		kore_log(LOG_ERR, "bad client_verify_depth value: %s", value);
    856 		return (KORE_RESULT_ERROR);
    857 	}
    858 
    859 	current_domain->x509_verify_depth = depth;
    860 
    861 	return (KORE_RESULT_OK);
    862 }
    863 
    864 static int
    865 configure_client_verify(char *options)
    866 {
    867 	char		*argv[3];
    868 
    869 	if (current_domain == NULL) {
    870 		kore_log(LOG_ERR,
    871 		    "client_verify keyword not in domain context");
    872 		return (KORE_RESULT_ERROR);
    873 	}
    874 
    875 	kore_split_string(options, " ", argv, 3);
    876 	if (argv[0] == NULL) {
    877 		kore_log(LOG_ERR, "client_verify is missing a parameter");
    878 		return (KORE_RESULT_ERROR);
    879 	}
    880 
    881 	if (current_domain->cafile != NULL) {
    882 		kore_log(LOG_ERR, "client_verify already set for '%s'",
    883 		    current_domain->domain);
    884 		return (KORE_RESULT_ERROR);
    885 	}
    886 
    887 	current_domain->cafile = kore_strdup(argv[0]);
    888 	if (argv[1] != NULL)
    889 		current_domain->crlfile = kore_strdup(argv[1]);
    890 
    891 	return (KORE_RESULT_OK);
    892 }
    893 
    894 static int
    895 configure_rand_file(char *path)
    896 {
    897 	if (kore_rand_file != NULL)
    898 		kore_free(kore_rand_file);
    899 
    900 	kore_rand_file = kore_strdup(path);
    901 
    902 	return (KORE_RESULT_OK);
    903 }
    904 
    905 static int
    906 configure_certfile(char *path)
    907 {
    908 	if (current_domain == NULL) {
    909 		kore_log(LOG_ERR,
    910 		    "certfile keyword not specified in domain context");
    911 		return (KORE_RESULT_ERROR);
    912 	}
    913 
    914 	kore_free(current_domain->certfile);
    915 	current_domain->certfile = kore_strdup(path);
    916 	return (KORE_RESULT_OK);
    917 }
    918 
    919 static int
    920 configure_certkey(char *path)
    921 {
    922 	if (current_domain == NULL) {
    923 		kore_log(LOG_ERR,
    924 		    "certkey keyword not specified in domain context");
    925 		return (KORE_RESULT_ERROR);
    926 	}
    927 
    928 	kore_free(current_domain->certkey);
    929 	current_domain->certkey = kore_strdup(path);
    930 	return (KORE_RESULT_OK);
    931 }
    932 
    933 static int
    934 configure_privsep(char *options)
    935 {
    936 	char		*argv[3];
    937 
    938 	if (current_privsep != NULL) {
    939 		kore_log(LOG_ERR, "nested privsep contexts are not allowed");
    940 		return (KORE_RESULT_ERROR);
    941 	}
    942 
    943 	kore_split_string(options, " ", argv, 3);
    944 
    945 	if (argv[0] == NULL || argv[1] == NULL) {
    946 		kore_log(LOG_ERR, "invalid privsep context");
    947 		return (KORE_RESULT_ERROR);
    948 	}
    949 
    950 	if (strcmp(argv[1], "{")) {
    951 		kore_log(LOG_ERR, "privsep context not opened correctly");
    952 		return (KORE_RESULT_ERROR);
    953 	}
    954 
    955 	if (!strcmp(argv[0], "worker")) {
    956 		current_privsep = &worker_privsep;
    957 	} else if (!strcmp(argv[0], "keymgr")) {
    958 		current_privsep = &keymgr_privsep;
    959 #if defined(KORE_USE_ACME)
    960 	} else if (!strcmp(argv[0], "acme")) {
    961 		current_privsep = &acme_privsep;
    962 #endif
    963 	} else {
    964 		kore_log(LOG_ERR, "unknown privsep context: %s", argv[0]);
    965 		return (KORE_RESULT_ERROR);
    966 	}
    967 
    968 	return (KORE_RESULT_OK);
    969 }
    970 
    971 static int
    972 configure_privsep_runas(char *user)
    973 {
    974 	if (current_privsep == NULL) {
    975 		kore_log(LOG_ERR, "runas keyword not in privsep context");
    976 		return (KORE_RESULT_ERROR);
    977 	}
    978 
    979 	if (current_privsep->runas != NULL)
    980 		kore_free(current_privsep->runas);
    981 
    982 	current_privsep->runas = kore_strdup(user);
    983 
    984 	return (KORE_RESULT_OK);
    985 }
    986 
    987 static int
    988 configure_privsep_root(char *root)
    989 {
    990 	if (current_privsep == NULL) {
    991 		kore_log(LOG_ERR, "root keyword not in privsep context");
    992 		return (KORE_RESULT_ERROR);
    993 	}
    994 
    995 	if (current_privsep->root != NULL)
    996 		kore_free(current_privsep->root);
    997 
    998 	current_privsep->root = kore_strdup(root);
    999 
   1000 	return (KORE_RESULT_OK);
   1001 }
   1002 
   1003 static int
   1004 configure_privsep_skip(char *option)
   1005 {
   1006 	if (current_privsep == NULL) {
   1007 		kore_log(LOG_ERR, "skip keyword not in privsep context");
   1008 		return (KORE_RESULT_ERROR);
   1009 	}
   1010 
   1011 	if (!strcmp(option, "chroot")) {
   1012 		current_privsep->skip_chroot = 1;
   1013 	} else {
   1014 		kore_log(LOG_ERR, "unknown skip option '%s'", option);
   1015 		return (KORE_RESULT_ERROR);
   1016 	}
   1017 
   1018 	return (KORE_RESULT_OK);
   1019 }
   1020 
   1021 static int
   1022 configure_domain(char *options)
   1023 {
   1024 	char		*argv[3];
   1025 
   1026 	if (current_domain != NULL) {
   1027 		kore_log(LOG_ERR, "nested domain contexts are not allowed");
   1028 		return (KORE_RESULT_ERROR);
   1029 	}
   1030 
   1031 	kore_split_string(options, " ", argv, 3);
   1032 
   1033 	if (argv[0] == NULL || argv[1] == NULL) {
   1034 		kore_log(LOG_ERR, "invalid domain context");
   1035 		return (KORE_RESULT_ERROR);
   1036 	}
   1037 
   1038 	if (strcmp(argv[1], "{")) {
   1039 		kore_log(LOG_ERR, "domain context not opened correctly");
   1040 		return (KORE_RESULT_ERROR);
   1041 	}
   1042 
   1043 	if (strlen(argv[0]) >= KORE_DOMAINNAME_LEN - 1) {
   1044 		kore_log(LOG_ERR, "domain name '%s' too long", argv[0]);
   1045 		return (KORE_RESULT_ERROR);
   1046 	}
   1047 
   1048 	current_domain = kore_domain_new(argv[0]);
   1049 
   1050 	return (KORE_RESULT_OK);
   1051 }
   1052 
   1053 static int
   1054 configure_attach(char *name)
   1055 {
   1056 	struct kore_server	*srv;
   1057 
   1058 	if (current_domain == NULL) {
   1059 		kore_log(LOG_ERR, "attach keyword not in domain context");
   1060 		return (KORE_RESULT_ERROR);
   1061 	}
   1062 
   1063 	if (current_domain->server != NULL) {
   1064 		kore_log(LOG_ERR, "domain '%s' already attached to server",
   1065 		    current_domain->domain);
   1066 		return (KORE_RESULT_ERROR);
   1067 	}
   1068 
   1069 	if ((srv = kore_server_lookup(name)) == NULL) {
   1070 		kore_log(LOG_ERR, "server '%s' does not exist", name);
   1071 		return (KORE_RESULT_ERROR);
   1072 	}
   1073 
   1074 	if (!kore_domain_attach(current_domain, srv)) {
   1075 		kore_log(LOG_ERR, "failed to attach '%s' to '%s'",
   1076 		    current_domain->domain, name);
   1077 		return (KORE_RESULT_ERROR);
   1078 	}
   1079 
   1080 	return (KORE_RESULT_OK);
   1081 }
   1082 
   1083 #if !defined(KORE_NO_HTTP)
   1084 static int
   1085 configure_static_handler(char *options)
   1086 {
   1087 	kore_log(LOG_NOTICE, "static keyword removed, use route instead");
   1088 	return (KORE_RESULT_ERROR);
   1089 }
   1090 
   1091 static int
   1092 configure_dynamic_handler(char *options)
   1093 {
   1094 	kore_log(LOG_NOTICE, "dynamic keyword removed, use route instead");
   1095 	return (KORE_RESULT_ERROR);
   1096 }
   1097 
   1098 static int
   1099 configure_route(char *options)
   1100 {
   1101 	struct kore_route	*rt;
   1102 	int			type;
   1103 	char			*argv[4];
   1104 
   1105 	if (current_domain == NULL) {
   1106 		kore_log(LOG_ERR, "route keyword not in domain context");
   1107 		return (KORE_RESULT_ERROR);
   1108 	}
   1109 
   1110 	if (current_route != NULL) {
   1111 		kore_log(LOG_ERR, "nested route contexts not allowed");
   1112 		return (KORE_RESULT_ERROR);
   1113 	}
   1114 
   1115 	kore_split_string(options, " ", argv, 4);
   1116 
   1117 	if (argv[1] == NULL || strcmp(argv[1], "{")) {
   1118 		kore_log(LOG_ERR, "invalid route context");
   1119 		return (KORE_RESULT_ERROR);
   1120 	}
   1121 
   1122 	if (*argv[0] == '/')
   1123 		type = HANDLER_TYPE_STATIC;
   1124 	else
   1125 		type = HANDLER_TYPE_DYNAMIC;
   1126 
   1127 	if ((rt = kore_route_create(current_domain, argv[0], type)) == NULL) {
   1128 		kore_log(LOG_ERR,
   1129 		    "failed to create route handler for '%s'", argv[0]);
   1130 		return (KORE_RESULT_ERROR);
   1131 	}
   1132 
   1133 	current_route = rt;
   1134 
   1135 	return (KORE_RESULT_OK);
   1136 }
   1137 
   1138 static int
   1139 configure_route_handler(char *name)
   1140 {
   1141 	if (current_route == NULL) {
   1142 		kore_log(LOG_ERR,
   1143 		    "handler keyword not inside of route context");
   1144 		return (KORE_RESULT_ERROR);
   1145 	}
   1146 
   1147 	kore_route_callback(current_route, name);
   1148 
   1149 	return (KORE_RESULT_OK);
   1150 }
   1151 
   1152 static int
   1153 configure_route_on_headers(char *name)
   1154 {
   1155 	if (current_route == NULL) {
   1156 		kore_log(LOG_ERR,
   1157 		    "on_header keyword not inside of route context");
   1158 		return (KORE_RESULT_ERROR);
   1159 	}
   1160 
   1161 	if ((current_route->on_headers = kore_runtime_getcall(name)) == NULL) {
   1162 		kore_log(LOG_ERR, "on_headers callback '%s' for '%s' not found",
   1163 		    name, current_route->path);
   1164 		return (KORE_RESULT_ERROR);
   1165 	}
   1166 
   1167 	return (KORE_RESULT_OK);
   1168 }
   1169 
   1170 static int
   1171 configure_route_on_body_chunk(char *name)
   1172 {
   1173 	if (current_route == NULL) {
   1174 		kore_log(LOG_ERR,
   1175 		    "on_body_chunk keyword not inside of route context");
   1176 		return (KORE_RESULT_ERROR);
   1177 	}
   1178 
   1179 	current_route->on_body_chunk = kore_runtime_getcall(name);
   1180 	if (current_route->on_body_chunk == NULL) {
   1181 		kore_log(LOG_ERR,
   1182 		    "on_body_chunk callback '%s' for '%s' not found",
   1183 		    name, current_route->path);
   1184 		return (KORE_RESULT_ERROR);
   1185 	}
   1186 
   1187 	return (KORE_RESULT_OK);
   1188 }
   1189 
   1190 static int
   1191 configure_route_on_free(char *name)
   1192 {
   1193 	if (current_route == NULL) {
   1194 		kore_log(LOG_ERR,
   1195 		    "on_free keyword not inside of route context");
   1196 		return (KORE_RESULT_ERROR);
   1197 	}
   1198 
   1199 	if ((current_route->on_free = kore_runtime_getcall(name)) == NULL) {
   1200 		kore_log(LOG_ERR, "on_free callback '%s' for '%s' not found",
   1201 		    name, current_route->path);
   1202 		return (KORE_RESULT_ERROR);
   1203 	}
   1204 
   1205 	return (KORE_RESULT_OK);
   1206 }
   1207 
   1208 static int
   1209 configure_route_authenticate(char *name)
   1210 {
   1211 	if (current_route == NULL) {
   1212 		kore_log(LOG_ERR,
   1213 		    "authenticate keyword not inside of route context");
   1214 		return (KORE_RESULT_ERROR);
   1215 	}
   1216 
   1217 	current_route->auth = kore_auth_lookup(name);
   1218 
   1219 	if (current_route->auth == NULL) {
   1220 		kore_log(LOG_ERR, "no such authentication '%s' for '%s' found",
   1221 		    name, current_route->path);
   1222 		return (KORE_RESULT_ERROR);
   1223 	}
   1224 
   1225 	return (KORE_RESULT_OK);
   1226 }
   1227 
   1228 static int
   1229 configure_route_methods(char *options)
   1230 {
   1231 	int			i, cnt;
   1232 	char			*argv[10];
   1233 
   1234 	if (current_route == NULL) {
   1235 		kore_log(LOG_ERR,
   1236 		    "methods keyword not inside of route context");
   1237 		return (KORE_RESULT_ERROR);
   1238 	}
   1239 
   1240 	cnt = kore_split_string(options, " ", argv, 10);
   1241 	if (cnt < 1) {
   1242 		kore_log(LOG_ERR,
   1243 		    "bad methods option '%s', missing methods", options);
   1244 		return (KORE_RESULT_ERROR);
   1245 	}
   1246 
   1247 	current_route->methods = 0;
   1248 
   1249 	for (i = 0; i < cnt; i++) {
   1250 		if (!strcasecmp(argv[i], "post")) {
   1251 			current_route->methods |= HTTP_METHOD_POST;
   1252 		} else if (!strcasecmp(argv[i], "get")) {
   1253 			current_route->methods |= HTTP_METHOD_GET;
   1254 		} else if (!strcasecmp(argv[i], "put")) {
   1255 			current_route->methods |= HTTP_METHOD_PUT;
   1256 		} else if (!strcasecmp(argv[i], "delete")) {
   1257 			current_route->methods |= HTTP_METHOD_DELETE;
   1258 		} else if (!strcasecmp(argv[i], "head")) {
   1259 			current_route->methods |= HTTP_METHOD_HEAD;
   1260 		} else if (!strcasecmp(argv[i], "patch")) {
   1261 			current_route->methods |= HTTP_METHOD_PATCH;
   1262 		} else {
   1263 			kore_log(LOG_ERR, "unknown method: %s in method for %s",
   1264 			    argv[i], current_route->path);
   1265 			return (KORE_RESULT_ERROR);
   1266 		}
   1267 	}
   1268 
   1269 	return (KORE_RESULT_OK);
   1270 }
   1271 
   1272 static int
   1273 configure_return(char *options)
   1274 {
   1275 	char		*argv[3];
   1276 	int		elm, status, err;
   1277 
   1278 	if (current_domain == NULL) {
   1279 		kore_log(LOG_ERR, "return keyword not in domain context");
   1280 		return (KORE_RESULT_ERROR);
   1281 	}
   1282 
   1283 	elm = kore_split_string(options, " ", argv, 3);
   1284 	if (elm != 2) {
   1285 		kore_log(LOG_ERR, "missing parameters for return");
   1286 		return (KORE_RESULT_ERROR);
   1287 	}
   1288 
   1289 	status = kore_strtonum(argv[1], 10, 400, 600, &err);
   1290 	if (err != KORE_RESULT_OK) {
   1291 		kore_log(LOG_ERR,
   1292 		    "invalid status code on return (%s)", argv[1]);
   1293 		return (KORE_RESULT_ERROR);
   1294 	}
   1295 
   1296 	if (!http_redirect_add(current_domain, argv[0], status, NULL)) {
   1297 		kore_log(LOG_ERR, "invalid regex on return path");
   1298 		return (KORE_RESULT_ERROR);
   1299 	}
   1300 
   1301 	return (KORE_RESULT_OK);
   1302 }
   1303 
   1304 static int
   1305 configure_redirect(char *options)
   1306 {
   1307 	char		*argv[4];
   1308 	int		elm, status, err;
   1309 
   1310 	if (current_domain == NULL) {
   1311 		kore_log(LOG_ERR, "redirect keyword not in domain context");
   1312 		return (KORE_RESULT_ERROR);
   1313 	}
   1314 
   1315 	elm = kore_split_string(options, " ", argv, 4);
   1316 	if (elm != 3) {
   1317 		kore_log(LOG_ERR, "missing parameters for redirect");
   1318 		return (KORE_RESULT_ERROR);
   1319 	}
   1320 
   1321 	status = kore_strtonum(argv[1], 10, 300, 399, &err);
   1322 	if (err != KORE_RESULT_OK) {
   1323 		kore_log(LOG_ERR,
   1324 		    "invalid status code on redirect (%s)", argv[1]);
   1325 		return (KORE_RESULT_ERROR);
   1326 	}
   1327 
   1328 	if (!http_redirect_add(current_domain, argv[0], status, argv[2])) {
   1329 		kore_log(LOG_ERR, "invalid regex on redirect path");
   1330 		return (KORE_RESULT_ERROR);
   1331 	}
   1332 
   1333 	return (KORE_RESULT_OK);
   1334 }
   1335 
   1336 static int
   1337 configure_filemap(char *options)
   1338 {
   1339 	char		*argv[4];
   1340 
   1341 	if (current_domain == NULL) {
   1342 		kore_log(LOG_ERR, "filemap keyword not in domain context");
   1343 		return (KORE_RESULT_ERROR);
   1344 	}
   1345 
   1346 	kore_split_string(options, " ", argv, 4);
   1347 
   1348 	if (argv[0] == NULL || argv[1] == NULL) {
   1349 		kore_log(LOG_ERR, "missing parameters for filemap");
   1350 		return (KORE_RESULT_ERROR);
   1351 	}
   1352 
   1353 	if (kore_filemap_create(current_domain,
   1354 	    argv[1], argv[0], argv[2]) == NULL) {
   1355 		kore_log(LOG_ERR, "cannot create filemap for %s", argv[1]);
   1356 		return (KORE_RESULT_ERROR);
   1357 	}
   1358 
   1359 	return (KORE_RESULT_OK);
   1360 }
   1361 
   1362 static int
   1363 configure_accesslog(char *path)
   1364 {
   1365 	if (current_domain == NULL) {
   1366 		kore_log(LOG_ERR, "accesslog not specified in domain context");
   1367 		return (KORE_RESULT_ERROR);
   1368 	}
   1369 
   1370 	if (current_domain->accesslog != -1) {
   1371 		kore_log(LOG_ERR, "domain '%s' already has an open accesslog",
   1372 		    current_domain->domain);
   1373 		return (KORE_RESULT_ERROR);
   1374 	}
   1375 
   1376 	current_domain->accesslog = open(path,
   1377 	    O_CREAT | O_APPEND | O_WRONLY,
   1378 	    S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
   1379 	if (current_domain->accesslog == -1) {
   1380 		kore_log(LOG_ERR, "accesslog open(%s): %s", path, errno_s);
   1381 		return (KORE_RESULT_ERROR);
   1382 	}
   1383 
   1384 	return (KORE_RESULT_OK);
   1385 }
   1386 
   1387 static int
   1388 configure_filemap_ext(char *ext)
   1389 {
   1390 	kore_free(kore_filemap_ext);
   1391 	kore_filemap_ext = kore_strdup(ext);
   1392 
   1393 	return (KORE_RESULT_OK);
   1394 }
   1395 
   1396 static int
   1397 configure_filemap_index(char *index)
   1398 {
   1399 	kore_free(kore_filemap_index);
   1400 	kore_filemap_index = kore_strdup(index);
   1401 
   1402 	return (KORE_RESULT_OK);
   1403 }
   1404 
   1405 static int
   1406 configure_http_media_type(char *type)
   1407 {
   1408 	int		i;
   1409 	char		*extensions, *ext[10];
   1410 
   1411 	extensions = strchr(type, ' ');
   1412 	if (extensions == NULL) {
   1413 		kore_log(LOG_ERR, "bad http_media_type value '%s'", type);
   1414 		return (KORE_RESULT_ERROR);
   1415 	}
   1416 
   1417 	*(extensions)++ = '\0';
   1418 
   1419 	kore_split_string(extensions, " \t", ext, 10);
   1420 	for (i = 0; ext[i] != NULL; i++) {
   1421 		if (!http_media_register(ext[i], type)) {
   1422 			kore_log(LOG_ERR,
   1423 			    "duplicate extension found '%s'", ext[i]);
   1424 			return (KORE_RESULT_ERROR);
   1425 		}
   1426 	}
   1427 
   1428 	if (i == 0) {
   1429 		kore_log(LOG_ERR, "missing extensions in '%s'", type);
   1430 		return (KORE_RESULT_ERROR);
   1431 	}
   1432 
   1433 	return (KORE_RESULT_OK);
   1434 }
   1435 
   1436 static int
   1437 configure_http_header_max(char *option)
   1438 {
   1439 	int		err;
   1440 
   1441 	http_header_max = kore_strtonum(option, 10, 1, 65535, &err);
   1442 	if (err != KORE_RESULT_OK) {
   1443 		kore_log(LOG_ERR, "bad http_header_max value '%s'", option);
   1444 		return (KORE_RESULT_ERROR);
   1445 	}
   1446 
   1447 	return (KORE_RESULT_OK);
   1448 }
   1449 
   1450 static int
   1451 configure_http_header_timeout(char *option)
   1452 {
   1453 	int		err;
   1454 
   1455 	http_header_timeout = kore_strtonum(option, 10, 1, 65535, &err);
   1456 	if (err != KORE_RESULT_OK) {
   1457 		kore_log(LOG_ERR, "bad http_header_timeout value '%s'", option);
   1458 		return (KORE_RESULT_ERROR);
   1459 	}
   1460 
   1461 	return (KORE_RESULT_OK);
   1462 }
   1463 
   1464 static int
   1465 configure_http_body_max(char *option)
   1466 {
   1467 	int		err;
   1468 
   1469 	http_body_max = kore_strtonum(option, 10, 0, LONG_MAX, &err);
   1470 	if (err != KORE_RESULT_OK) {
   1471 		kore_log(LOG_ERR, "bad http_body_max value '%s'", option);
   1472 		return (KORE_RESULT_ERROR);
   1473 	}
   1474 
   1475 	return (KORE_RESULT_OK);
   1476 }
   1477 
   1478 static int
   1479 configure_http_body_timeout(char *option)
   1480 {
   1481 	int		err;
   1482 
   1483 	http_body_timeout = kore_strtonum(option, 10, 1, 65535, &err);
   1484 	if (err != KORE_RESULT_OK) {
   1485 		kore_log(LOG_ERR, "bad http_body_timeout value '%s'", option);
   1486 		return (KORE_RESULT_ERROR);
   1487 	}
   1488 
   1489 	return (KORE_RESULT_OK);
   1490 }
   1491 
   1492 static int
   1493 configure_http_body_disk_offload(char *option)
   1494 {
   1495 	int		err;
   1496 
   1497 	http_body_disk_offload = kore_strtonum(option, 10, 0, LONG_MAX, &err);
   1498 	if (err != KORE_RESULT_OK) {
   1499 		kore_log(LOG_ERR,
   1500 		    "bad http_body_disk_offload value '%s'", option);
   1501 		return (KORE_RESULT_ERROR);
   1502 	}
   1503 
   1504 	return (KORE_RESULT_OK);
   1505 }
   1506 
   1507 static int
   1508 configure_http_body_disk_path(char *path)
   1509 {
   1510 	if (strcmp(http_body_disk_path, HTTP_BODY_DISK_PATH))
   1511 		kore_free(http_body_disk_path);
   1512 
   1513 	http_body_disk_path = kore_strdup(path);
   1514 	return (KORE_RESULT_OK);
   1515 }
   1516 
   1517 static int
   1518 configure_http_server_version(char *version)
   1519 {
   1520 	http_server_version(version);
   1521 
   1522 	return (KORE_RESULT_OK);
   1523 }
   1524 
   1525 static int
   1526 configure_http_pretty_error(char *yesno)
   1527 {
   1528 	if (!strcmp(yesno, "no")) {
   1529 		http_pretty_error = 0;
   1530 	} else if (!strcmp(yesno, "yes")) {
   1531 		http_pretty_error = 1;
   1532 	} else {
   1533 		kore_log(LOG_ERR,
   1534 		    "invalid '%s' for yes|no http_pretty_error option", yesno);
   1535 		return (KORE_RESULT_ERROR);
   1536 	}
   1537 
   1538 	return (KORE_RESULT_OK);
   1539 }
   1540 
   1541 static int
   1542 configure_http_hsts_enable(char *option)
   1543 {
   1544 	int		err;
   1545 
   1546 	http_hsts_enable = kore_strtonum(option, 10, 0, LONG_MAX, &err);
   1547 	if (err != KORE_RESULT_OK) {
   1548 		kore_log(LOG_ERR, "bad http_hsts_enable value '%s'", option);
   1549 		return (KORE_RESULT_ERROR);
   1550 	}
   1551 
   1552 	return (KORE_RESULT_OK);
   1553 }
   1554 
   1555 static int
   1556 configure_http_keepalive_time(char *option)
   1557 {
   1558 	int		err;
   1559 
   1560 	http_keepalive_time = kore_strtonum(option, 10, 0, USHRT_MAX, &err);
   1561 	if (err != KORE_RESULT_OK) {
   1562 		kore_log(LOG_ERR,
   1563 		    "bad http_keepalive_time value '%s'", option);
   1564 		return (KORE_RESULT_ERROR);
   1565 	}
   1566 
   1567 	return (KORE_RESULT_OK);
   1568 }
   1569 
   1570 static int
   1571 configure_http_request_ms(char *option)
   1572 {
   1573 	int		err;
   1574 
   1575 	http_request_ms = kore_strtonum(option, 10, 0, UINT_MAX, &err);
   1576 	if (err != KORE_RESULT_OK) {
   1577 		kore_log(LOG_ERR, "bad http_request_ms value '%s'", option);
   1578 		return (KORE_RESULT_ERROR);
   1579 	}
   1580 
   1581 	return (KORE_RESULT_OK);
   1582 }
   1583 
   1584 static int
   1585 configure_http_request_limit(char *option)
   1586 {
   1587 	int		err;
   1588 
   1589 	http_request_limit = kore_strtonum(option, 10, 0, UINT_MAX, &err);
   1590 	if (err != KORE_RESULT_OK) {
   1591 		kore_log(LOG_ERR, "bad http_request_limit value '%s'", option);
   1592 		return (KORE_RESULT_ERROR);
   1593 	}
   1594 
   1595 	return (KORE_RESULT_OK);
   1596 }
   1597 
   1598 static int
   1599 configure_validator(char *name)
   1600 {
   1601 	u_int8_t	type;
   1602 	char		*tname, *value;
   1603 
   1604 	if ((tname = strchr(name, ' ')) == NULL) {
   1605 		kore_log(LOG_ERR, "missing validator name");
   1606 		return (KORE_RESULT_ERROR);
   1607 	}
   1608 
   1609 	*(tname)++ = '\0';
   1610 	tname = kore_text_trim(tname, strlen(tname));
   1611 	if ((value = strchr(tname, ' ')) == NULL) {
   1612 		kore_log(LOG_ERR, "missing validator value");
   1613 		return (KORE_RESULT_ERROR);
   1614 	}
   1615 
   1616 	*(value)++ = '\0';
   1617 	value = kore_text_trim(value, strlen(value));
   1618 
   1619 	if (!strcmp(tname, "regex")) {
   1620 		type = KORE_VALIDATOR_TYPE_REGEX;
   1621 	} else if (!strcmp(tname, "function")) {
   1622 		type = KORE_VALIDATOR_TYPE_FUNCTION;
   1623 	} else {
   1624 		kore_log(LOG_ERR,
   1625 		    "bad type '%s' for validator '%s'", tname, name);
   1626 		return (KORE_RESULT_ERROR);
   1627 	}
   1628 
   1629 	if (!kore_validator_add(name, type, value)) {
   1630 		kore_log(LOG_ERR, "bad validator specified for '%s'", name);
   1631 		return (KORE_RESULT_ERROR);
   1632 	}
   1633 
   1634 	return (KORE_RESULT_OK);
   1635 }
   1636 
   1637 static int
   1638 configure_validate(char *options)
   1639 {
   1640 	struct kore_validator		*val;
   1641 	struct kore_route_params	*param;
   1642 	char				*method, *argv[4];
   1643 	int				flags, http_method;
   1644 
   1645 	if (kore_split_string(options, " ", argv, 4) != 3) {
   1646 		kore_log(LOG_ERR,
   1647 		    "validate keyword needs 3 args: method param validator");
   1648 		return (KORE_RESULT_ERROR);
   1649 	}
   1650 
   1651 	flags = 0;
   1652 
   1653 	if ((method = strchr(argv[0], ':')) != NULL) {
   1654 		*(method)++ = '\0';
   1655 		if (!strcasecmp(argv[0], "qs")) {
   1656 			flags = KORE_PARAMS_QUERY_STRING;
   1657 		} else {
   1658 			kore_log(LOG_ERR,
   1659 			    "unknown validate method prefix '%s' for '%s'",
   1660 			    argv[0], current_route->path);
   1661 			return (KORE_RESULT_ERROR);
   1662 		}
   1663 	} else {
   1664 		method = argv[0];
   1665 	}
   1666 
   1667 	if ((val = kore_validator_lookup(argv[2])) == NULL) {
   1668 		kore_log(LOG_ERR, "unknown validator '%s'", argv[2]);
   1669 		return (KORE_RESULT_ERROR);
   1670 	}
   1671 
   1672 	if (!strcasecmp(method, "post")) {
   1673 		http_method = HTTP_METHOD_POST;
   1674 	} else if (!strcasecmp(method, "get")) {
   1675 		http_method = HTTP_METHOD_GET;
   1676 		/* Let params get /foo {} imply qs:get automatically. */
   1677 		flags |= KORE_PARAMS_QUERY_STRING;
   1678 	} else if (!strcasecmp(method, "put")) {
   1679 		http_method = HTTP_METHOD_PUT;
   1680 	} else if (!strcasecmp(method, "delete")) {
   1681 		http_method = HTTP_METHOD_DELETE;
   1682 	} else if (!strcasecmp(method, "head")) {
   1683 		http_method = HTTP_METHOD_HEAD;
   1684 	} else if (!strcasecmp(method, "patch")) {
   1685 		http_method = HTTP_METHOD_PATCH;
   1686 	} else {
   1687 		kore_log(LOG_ERR, "unknown method: %s in validator for %s",
   1688 		    method, current_route->path);
   1689 		return (KORE_RESULT_ERROR);
   1690 	}
   1691 
   1692 	if (!(current_route->methods & http_method)) {
   1693 		kore_log(LOG_ERR, "method '%s' not enabled for route '%s'",
   1694 		    method, current_route->path);
   1695 		return (KORE_RESULT_ERROR);
   1696 	}
   1697 
   1698 	param = kore_calloc(1, sizeof(*param));
   1699 
   1700 	param->flags = flags;
   1701 	param->validator = val;
   1702 	param->method = http_method;
   1703 	param->name = kore_strdup(argv[1]);
   1704 
   1705 	TAILQ_INSERT_TAIL(&current_route->params, param, list);
   1706 
   1707 	return (KORE_RESULT_OK);
   1708 }
   1709 
   1710 static int
   1711 configure_authentication(char *options)
   1712 {
   1713 	char		*argv[3];
   1714 
   1715 	if (current_auth != NULL) {
   1716 		kore_log(LOG_ERR, "previous authentication block not closed");
   1717 		return (KORE_RESULT_ERROR);
   1718 	}
   1719 
   1720 	kore_split_string(options, " ", argv, 3);
   1721 	if (argv[1] == NULL) {
   1722 		kore_log(LOG_ERR, "missing name for authentication block");
   1723 		return (KORE_RESULT_ERROR);
   1724 	}
   1725 
   1726 	if (strcmp(argv[1], "{")) {
   1727 		kore_log(LOG_ERR, "missing { for authentication block");
   1728 		return (KORE_RESULT_ERROR);
   1729 	}
   1730 
   1731 	if (!kore_auth_new(argv[0]))
   1732 		return (KORE_RESULT_ERROR);
   1733 
   1734 	current_auth = kore_auth_lookup(argv[0]);
   1735 
   1736 	return (KORE_RESULT_OK);
   1737 }
   1738 
   1739 static int
   1740 configure_authentication_type(char *option)
   1741 {
   1742 	if (current_auth == NULL) {
   1743 		kore_log(LOG_ERR,
   1744 		    "authentication_type keyword not in correct context");
   1745 		return (KORE_RESULT_ERROR);
   1746 	}
   1747 
   1748 	if (!strcmp(option, "cookie")) {
   1749 		current_auth->type = KORE_AUTH_TYPE_COOKIE;
   1750 	} else if (!strcmp(option, "header")) {
   1751 		current_auth->type = KORE_AUTH_TYPE_HEADER;
   1752 	} else if (!strcmp(option, "request")) {
   1753 		current_auth->type = KORE_AUTH_TYPE_REQUEST;
   1754 	} else {
   1755 		kore_log(LOG_ERR, "unknown authentication type '%s'", option);
   1756 		return (KORE_RESULT_ERROR);
   1757 	}
   1758 
   1759 	return (KORE_RESULT_OK);
   1760 }
   1761 
   1762 static int
   1763 configure_authentication_value(char *option)
   1764 {
   1765 	if (current_auth == NULL) {
   1766 		kore_log(LOG_ERR,
   1767 		    "authentication_value keyword not in correct context");
   1768 		return (KORE_RESULT_ERROR);
   1769 	}
   1770 
   1771 	if (current_auth->value != NULL)
   1772 		kore_free(current_auth->value);
   1773 	current_auth->value = kore_strdup(option);
   1774 
   1775 	return (KORE_RESULT_OK);
   1776 }
   1777 
   1778 static int
   1779 configure_authentication_validator(char *validator)
   1780 {
   1781 	struct kore_validator		*val;
   1782 
   1783 	if (current_auth == NULL) {
   1784 		kore_log(LOG_ERR,
   1785 		    "authentication_validator not in correct context");
   1786 		return (KORE_RESULT_ERROR);
   1787 	}
   1788 
   1789 	if ((val = kore_validator_lookup(validator)) == NULL) {
   1790 		kore_log(LOG_ERR,
   1791 		    "authentication validator '%s' not found", validator);
   1792 		return (KORE_RESULT_ERROR);
   1793 	}
   1794 
   1795 	current_auth->validator = val;
   1796 
   1797 	return (KORE_RESULT_OK);
   1798 }
   1799 
   1800 static int
   1801 configure_authentication_uri(char *uri)
   1802 {
   1803 	if (current_auth == NULL) {
   1804 		kore_log(LOG_ERR,
   1805 		    "authentication_uri keyword not in correct context");
   1806 		return (KORE_RESULT_ERROR);
   1807 	}
   1808 
   1809 	if (current_auth->redirect != NULL)
   1810 		kore_free(current_auth->redirect);
   1811 	current_auth->redirect = kore_strdup(uri);
   1812 
   1813 	return (KORE_RESULT_OK);
   1814 }
   1815 
   1816 static int
   1817 configure_websocket_maxframe(char *option)
   1818 {
   1819 	int	err;
   1820 
   1821 	kore_websocket_maxframe = kore_strtonum64(option, 1, &err);
   1822 	if (err != KORE_RESULT_OK) {
   1823 		kore_log(LOG_ERR,
   1824 		    "bad kore_websocket_maxframe value '%s'", option);
   1825 		return (KORE_RESULT_ERROR);
   1826 	}
   1827 
   1828 	return (KORE_RESULT_OK);
   1829 }
   1830 
   1831 static int
   1832 configure_websocket_timeout(char *option)
   1833 {
   1834 	int	err;
   1835 
   1836 	kore_websocket_timeout = kore_strtonum64(option, 1, &err);
   1837 	if (err != KORE_RESULT_OK) {
   1838 		kore_log(LOG_ERR,
   1839 		    "bad kore_websocket_timeout value '%s'", option);
   1840 		return (KORE_RESULT_ERROR);
   1841 	}
   1842 
   1843 	kore_websocket_timeout = kore_websocket_timeout * 1000;
   1844 
   1845 	return (KORE_RESULT_OK);
   1846 }
   1847 
   1848 #endif /* !KORE_NO_HTTP */
   1849 
   1850 static int
   1851 configure_logfile(char *path)
   1852 {
   1853 	kore_log_file(path);
   1854 	return (KORE_RESULT_OK);
   1855 }
   1856 
   1857 static int
   1858 configure_workers(char *option)
   1859 {
   1860 	int		err;
   1861 
   1862 	worker_count = kore_strtonum(option, 10, 1, KORE_WORKER_MAX, &err);
   1863 	if (err != KORE_RESULT_OK) {
   1864 		kore_log(LOG_ERR, "bad value for worker '%s'", option);
   1865 		return (KORE_RESULT_ERROR);
   1866 	}
   1867 
   1868 	return (KORE_RESULT_OK);
   1869 }
   1870 
   1871 static int
   1872 configure_pidfile(char *path)
   1873 {
   1874 	if (strcmp(kore_pidfile, KORE_PIDFILE_DEFAULT))
   1875 		kore_free(kore_pidfile);
   1876 	kore_pidfile = kore_strdup(path);
   1877 
   1878 	return (KORE_RESULT_OK);
   1879 }
   1880 
   1881 static int
   1882 configure_max_connections(char *option)
   1883 {
   1884 	int		err;
   1885 
   1886 	worker_max_connections = kore_strtonum(option, 10, 1, UINT_MAX, &err);
   1887 	if (err != KORE_RESULT_OK) {
   1888 		kore_log(LOG_ERR,
   1889 		    "bad value for worker_max_connections '%s'", option);
   1890 		return (KORE_RESULT_ERROR);
   1891 	}
   1892 
   1893 	return (KORE_RESULT_OK);
   1894 }
   1895 
   1896 static int
   1897 configure_rlimit_nofiles(char *option)
   1898 {
   1899 	int		err;
   1900 
   1901 	worker_rlimit_nofiles = kore_strtonum(option, 10, 1, UINT_MAX, &err);
   1902 	if (err != KORE_RESULT_OK) {
   1903 		kore_log(LOG_ERR,
   1904 		    "bad value for worker_rlimit_nofiles '%s'", option);
   1905 		return (KORE_RESULT_ERROR);
   1906 	}
   1907 
   1908 	return (KORE_RESULT_OK);
   1909 }
   1910 
   1911 static int
   1912 configure_accept_threshold(char *option)
   1913 {
   1914 	int		err;
   1915 
   1916 	worker_accept_threshold = kore_strtonum(option, 0, 1, UINT_MAX, &err);
   1917 	if (err != KORE_RESULT_OK) {
   1918 		kore_log(LOG_ERR,
   1919 		    "bad value for worker_accept_threshold '%s'\n", option);
   1920 		return (KORE_RESULT_ERROR);
   1921 	}
   1922 
   1923 	return (KORE_RESULT_OK);
   1924 }
   1925 
   1926 static int
   1927 configure_death_policy(char *option)
   1928 {
   1929 	if (!strcmp(option, "restart")) {
   1930 		worker_policy = KORE_WORKER_POLICY_RESTART;
   1931 	} else if (!strcmp(option, "terminate")) {
   1932 		worker_policy = KORE_WORKER_POLICY_TERMINATE;
   1933 	} else {
   1934 		kore_log(LOG_ERR,
   1935 		    "bad value for worker_death_policy '%s'\n", option);
   1936 		return (KORE_RESULT_ERROR);
   1937 	}
   1938 
   1939 	return (KORE_RESULT_OK);
   1940 }
   1941 
   1942 static int
   1943 configure_set_affinity(char *option)
   1944 {
   1945 	int		err;
   1946 
   1947 	worker_set_affinity = kore_strtonum(option, 10, 0, 1, &err);
   1948 	if (err != KORE_RESULT_OK) {
   1949 		kore_log(LOG_ERR,
   1950 		    "bad value for worker_set_affinity '%s'", option);
   1951 		return (KORE_RESULT_ERROR);
   1952 	}
   1953 
   1954 	return (KORE_RESULT_OK);
   1955 }
   1956 
   1957 static int
   1958 configure_socket_backlog(char *option)
   1959 {
   1960 	int		err;
   1961 
   1962 	kore_socket_backlog = kore_strtonum(option, 10, 0, UINT_MAX, &err);
   1963 	if (err != KORE_RESULT_OK) {
   1964 		kore_log(LOG_ERR, "bad socket_backlog value: '%s'", option);
   1965 		return (KORE_RESULT_ERROR);
   1966 	}
   1967 
   1968 	return (KORE_RESULT_OK);
   1969 }
   1970 
   1971 #if defined(KORE_USE_PGSQL)
   1972 static int
   1973 configure_pgsql_conn_max(char *option)
   1974 {
   1975 	int		err;
   1976 
   1977 	pgsql_conn_max = kore_strtonum(option, 10, 0, USHRT_MAX, &err);
   1978 	if (err != KORE_RESULT_OK) {
   1979 		kore_log(LOG_ERR, "bad value for pgsql_conn_max '%s'", option);
   1980 		return (KORE_RESULT_ERROR);
   1981 	}
   1982 
   1983 	return (KORE_RESULT_OK);
   1984 }
   1985 
   1986 static int
   1987 configure_pgsql_queue_limit(char *option)
   1988 {
   1989 	int		err;
   1990 
   1991 	pgsql_queue_limit = kore_strtonum(option, 10, 0, UINT_MAX, &err);
   1992 	if (err != KORE_RESULT_OK) {
   1993 		kore_log(LOG_ERR,
   1994 		    "bad value for pgsql_queue_limit '%s'", option);
   1995 		return (KORE_RESULT_ERROR);
   1996 	}
   1997 
   1998 	return (KORE_RESULT_OK);
   1999 }
   2000 #endif
   2001 
   2002 #if defined(KORE_USE_TASKS)
   2003 static int
   2004 configure_task_threads(char *option)
   2005 {
   2006 	int		err;
   2007 
   2008 	kore_task_threads = kore_strtonum(option, 10, 0, UCHAR_MAX, &err);
   2009 	if (err != KORE_RESULT_OK) {
   2010 		kore_log(LOG_ERR, "bad value for task_threads: '%s'", option);
   2011 		return (KORE_RESULT_ERROR);
   2012 	}
   2013 
   2014 	return (KORE_RESULT_OK);
   2015 }
   2016 #endif
   2017 
   2018 #if defined(KORE_USE_PYTHON)
   2019 static int
   2020 configure_deployment(char *value)
   2021 {
   2022 	if (!strcmp(value, "docker")) {
   2023 		kore_foreground = 1;
   2024 		skip_runas = 0;
   2025 		skip_chroot = 0;
   2026 	} else if (!strcmp(value, "dev") || !strcmp(value, "development")) {
   2027 		kore_foreground = 1;
   2028 		skip_runas = 1;
   2029 		skip_chroot = 1;
   2030 	} else if (!strcmp(value, "production")) {
   2031 		kore_foreground = 0;
   2032 		skip_runas = 0;
   2033 		skip_chroot = 0;
   2034 	} else {
   2035 		kore_log(LOG_NOTICE,
   2036 		    "kore.config.deployment: bad value '%s'", value);
   2037 		return (KORE_RESULT_ERROR);
   2038 	}
   2039 
   2040 	return (KORE_RESULT_OK);
   2041 }
   2042 
   2043 static int
   2044 configure_python_path(char *path)
   2045 {
   2046 	kore_python_path(path);
   2047 
   2048 	return (KORE_RESULT_OK);
   2049 }
   2050 
   2051 static int
   2052 configure_python_import(char *module)
   2053 {
   2054 	char		*argv[3];
   2055 
   2056 	kore_split_string(module, " ", argv, 3);
   2057 	if (argv[0] == NULL)
   2058 		return (KORE_RESULT_ERROR);
   2059 
   2060 	kore_module_load(argv[0], argv[1], KORE_MODULE_PYTHON);
   2061 	return (KORE_RESULT_OK);
   2062 }
   2063 #endif
   2064 
   2065 #if defined(KORE_USE_PLATFORM_PLEDGE)
   2066 static int
   2067 configure_add_pledge(char *pledge)
   2068 {
   2069 	kore_platform_add_pledge(pledge);
   2070 
   2071 	return (KORE_RESULT_OK);
   2072 }
   2073 #endif
   2074 
   2075 #if defined(KORE_USE_CURL)
   2076 static int
   2077 configure_curl_recv_max(char *option)
   2078 {
   2079 	int		err;
   2080 
   2081 	kore_curl_recv_max = kore_strtonum64(option, 1, &err);
   2082 	if (err != KORE_RESULT_OK) {
   2083 		kore_log(LOG_ERR, "bad curl_recv_max value '%s'\n", option);
   2084 		return (KORE_RESULT_ERROR);
   2085 	}
   2086 
   2087 	return (KORE_RESULT_OK);
   2088 }
   2089 
   2090 static int
   2091 configure_curl_timeout(char *option)
   2092 {
   2093 	int		err;
   2094 
   2095 	kore_curl_timeout = kore_strtonum(option, 10, 0, USHRT_MAX, &err);
   2096 	if (err != KORE_RESULT_OK) {
   2097 		kore_log(LOG_ERR, "bad kore_curl_timeout value: '%s'", option);
   2098 		return (KORE_RESULT_ERROR);
   2099 	}
   2100 
   2101 	return (KORE_RESULT_OK);
   2102 }
   2103 #endif
   2104 
   2105 #if defined(__linux__)
   2106 static int
   2107 configure_seccomp_tracing(char *opt)
   2108 {
   2109 	if (!strcmp(opt, "yes")) {
   2110 		kore_seccomp_tracing = 1;
   2111 	} else if (!strcmp(opt, "no")) {
   2112 		kore_seccomp_tracing = 0;
   2113 	} else {
   2114 		kore_log(LOG_ERR,
   2115 		    "bad seccomp_tracing value '%s' (expected yes|no)\n", opt);
   2116 		return (KORE_RESULT_ERROR);
   2117 	}
   2118 
   2119 	return (KORE_RESULT_OK);
   2120 }
   2121 #endif