189 lines
4.3 KiB
C
189 lines
4.3 KiB
C
#include <sys/stat.h>
|
|
|
|
#include <err.h>
|
|
#include <errno.h>
|
|
#include <pwd.h>
|
|
#include <stdarg.h>
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
#include <syslog.h>
|
|
#include <unistd.h>
|
|
|
|
#define BUFF_LEN_1 1000
|
|
#define BUFF_LEN_2 1025
|
|
#define BUFF_LEN_3 1024
|
|
#define DEFAULT_CHROOT "/var/gopher/"
|
|
|
|
|
|
void display_file(const char *);
|
|
void drop_privileges(const char *, const char *);
|
|
|
|
void
|
|
drop_privileges(const char *user, const char *path)
|
|
{
|
|
struct passwd *pw;
|
|
char chroot_dir[BUFF_LEN_2];
|
|
|
|
strlcpy(chroot_dir, path, sizeof(chroot_dir));
|
|
|
|
/*
|
|
* use chroot() if an user is specified requires root user to be
|
|
* running the program to run chroot() and then drop privileges
|
|
*/
|
|
if (strlen(user) > 0) {
|
|
|
|
/* is root? */
|
|
if (getuid() != 0) {
|
|
syslog(LOG_DAEMON, "chroot requires program to be run as root");
|
|
errx(1, "chroot requires root user");
|
|
}
|
|
/* search user uid from name */
|
|
if ((pw = getpwnam(user)) == NULL) {
|
|
syslog(LOG_DAEMON, "the user %s can't be found on the system", user);
|
|
err(1, "finding user");
|
|
}
|
|
/* chroot worked? */
|
|
if (chroot(chroot_dir) != 0) {
|
|
syslog(LOG_DAEMON, "the chroot_dir %s can't be used for chroot", chroot_dir);
|
|
err(1, "chroot");
|
|
}
|
|
if (chdir("/") == -1) {
|
|
syslog(LOG_DAEMON, "failed to chdir(\"/\")");
|
|
err(1, "chdir");
|
|
}
|
|
/* drop privileges */
|
|
if (setgroups(1, &pw->pw_gid) ||
|
|
setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) ||
|
|
setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) {
|
|
syslog(LOG_DAEMON, "dropping privileges to user %s (uid=%i) failed",
|
|
user, pw->pw_uid);
|
|
err(1, "Can't drop privileges");
|
|
}
|
|
strlcpy(chroot_dir, "/", sizeof(chroot_dir));
|
|
}
|
|
#ifdef __OpenBSD__
|
|
/*
|
|
* prevent access to files other than the one in path
|
|
*/
|
|
if (unveil(chroot_dir, "r") == -1) {
|
|
syslog(LOG_DAEMON, "unveil on %s failed", chroot_dir);
|
|
err(1, "unveil");
|
|
}
|
|
/*
|
|
* prevent system calls other parsing queryfor fread file and
|
|
* write to stdio
|
|
*/
|
|
if (pledge("stdio rpath", NULL) == -1) {
|
|
syslog(LOG_DAEMON, "pledge call failed");
|
|
err(1, "pledge");
|
|
}
|
|
#endif
|
|
|
|
|
|
|
|
}
|
|
|
|
void
|
|
display_file(const char *path)
|
|
{
|
|
size_t buflen = BUFF_LEN_1;
|
|
char *buffer[BUFF_LEN_1];
|
|
ssize_t nread;
|
|
struct stat sb;
|
|
FILE *fd;
|
|
|
|
/* this is to check if path is a directory */
|
|
if (stat(path, &sb) == -1)
|
|
goto err;
|
|
|
|
/* open the file requested */
|
|
if ((fd = fopen(path, "r")) == NULL)
|
|
goto err;
|
|
|
|
/* check if directory */
|
|
if (S_ISDIR(sb.st_mode) == 1)
|
|
goto err;
|
|
|
|
/* read the file and write it to stdout */
|
|
while ((nread = fread(buffer, sizeof(char), buflen, fd)) != 0)
|
|
fwrite(buffer, sizeof(char), nread, stdout);
|
|
fclose(fd);
|
|
syslog(LOG_DAEMON, "path served %s", path);
|
|
|
|
return;
|
|
|
|
err:
|
|
/* return an error code and no content */
|
|
printf("resource not found for %s\n", path);
|
|
syslog(LOG_DAEMON, "path invalid %s", path);
|
|
}
|
|
|
|
int
|
|
main(int argc, char **argv)
|
|
{
|
|
char buffer [BUFF_LEN_2];
|
|
char request [BUFF_LEN_2];
|
|
char path [BUFF_LEN_2] = DEFAULT_CHROOT;
|
|
char user [_SC_LOGIN_NAME_MAX] = "";
|
|
int option;
|
|
int chroot = 0;
|
|
char *pos;
|
|
|
|
while ((option = getopt(argc, argv, ":d:u:")) != -1) {
|
|
switch (option) {
|
|
case 'd':
|
|
strlcpy(path, optarg, sizeof(path));
|
|
break;
|
|
case 'u':
|
|
chroot = 1;
|
|
strlcpy(user, optarg, sizeof(user));
|
|
break;
|
|
}
|
|
}
|
|
|
|
/*
|
|
* do chroot if an user is supplied run pledge/unveil if OpenBSD
|
|
*/
|
|
drop_privileges(user, path);
|
|
if (chroot == 1)
|
|
strlcpy(path, "/", sizeof(path));
|
|
|
|
/*
|
|
* read 1024 chars from stdin
|
|
* to get the request
|
|
*/
|
|
fgets(request, BUFF_LEN_3, stdin);
|
|
|
|
/* remove \r\n at the end of string
|
|
* replace \n first and then \r
|
|
* because some client may only use
|
|
* \n instead of \r\n
|
|
*/
|
|
pos = strchr(request, '\n');
|
|
if (pos != NULL) *pos = '\n';
|
|
|
|
pos = strchr(request, '\r');
|
|
if (pos != NULL) *pos = '\0';
|
|
|
|
syslog(LOG_DAEMON, "request %s", request);
|
|
|
|
/*
|
|
* look for the first / after the hostname
|
|
* in order to split hostname and uri
|
|
*/
|
|
fprintf(stderr, "<%s %ld>\n", request, strlen(request));
|
|
if(strlen(request) == 0 || strcmp(request, "/") == 0) {
|
|
fprintf(stderr, "<%s %ld>\n", request, strlen(request));
|
|
strlcpy(request, "/gophermap", sizeof(request));
|
|
}
|
|
|
|
/* add the base dir to the file requested */
|
|
strlcat(path, request, sizeof(path));
|
|
|
|
/* open file and send it to stdout */
|
|
display_file(path);
|
|
|
|
return (0);
|
|
}
|