diff --git a/.envrc b/.envrc new file mode 100644 index 0000000..1d953f4 --- /dev/null +++ b/.envrc @@ -0,0 +1 @@ +use nix diff --git a/.gitignore b/.gitignore index 5562318..a7d9fff 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ -*.o -vger +*.hi +Vger +unit diff --git a/Gemini.hs b/Gemini.hs new file mode 100644 index 0000000..6e240a8 --- /dev/null +++ b/Gemini.hs @@ -0,0 +1,60 @@ +module Gemini where + +import Data.ByteString.UTF8 +import Data.Text +import Network.Mime +import System.Directory (doesFileExist, doesDirectoryExist) +import Text.Regex +import Text.Regex.PCRE + + +-- check :: FilePath -> IO Bool +-- check s = do +-- result <- doesFileExist +-- if result +-- then pure True +-- else pure False + +-- return components of the url +-- gemini:// | hostname | uri | ? | query +parse_url :: String -> [[String]] +parse_url url = + (sanitize_uri url) =~ "^(gemini:\\/\\/)([^\\/]*)\\/?([^\\?]*)(\\?)?(.*)?(\\r\\n)$" + +-- remove any .. in the uri that could escape the location +sanitize_uri :: String -> String +sanitize_uri path = + subRegex (mkRegex "\\.\\.\\/") path "" + + +-- return a file as a string +read_file :: String -> IO String +read_file path = do + text <- readFile path + pure text + +-- read from stdin +get_request :: IO String +get_request = do + stdin <- getContents + pure stdin + +data Gemini = MkGemini + { domain :: String + , file :: String + , query :: String + , mime :: String + } + +parse_to_gemini :: [[String]] -> Gemini +parse_to_gemini tab = + MkGemini + { domain = tab!!0!!2 + , file = tab!!0!!3 + , query = tab!!0!!5 + , mime = toString (defaultMimeLookup (pack (tab!!0!!3))) + } + +get_reply :: String -> Int -> String +get_reply mime 20 = + "20 " ++ mime ++ "\n" diff --git a/Makefile b/Makefile deleted file mode 100644 index 8ab26ac..0000000 --- a/Makefile +++ /dev/null @@ -1,33 +0,0 @@ -include config.mk - -PREFIX?=/usr/local/ -CFLAGS += -pedantic -Wall -Wextra -Wmissing-prototypes \ - -Wstrict-prototypes -Wwrite-strings ${EXTRAFLAGS} - -.SUFFIXES: .c .o - -.c.o: - ${CC} ${CFLAGS} -c $< - -all: vger - -clean: - find . \( -name vger -o \ - -name unit_test -o \ - -name "*.o" -o \ - -name "*.core" \) \ - -delete - -vger: main.c vger.c mimes.o utils.o opts.h - ${CC} ${CFLAGS} -o $@ main.c mimes.o utils.o - -install: vger - install -o root -g wheel vger ${PREFIX}/bin/ - install -o root -g wheel vger.8 ${PREFIX}/man/man8/ - -unit_test: tests.c vger.o - ${CC} ${CFLAGS} -o $@ vger.o tests.c mimes.o utils.o - -test: vger unit_test - ./unit_test - cd tests && sh test.sh diff --git a/Procfile b/Procfile new file mode 100644 index 0000000..6cbaaa5 --- /dev/null +++ b/Procfile @@ -0,0 +1,3 @@ +compilation: ls *c *h | entr make test +haskell: ls Vger.hs Gemini.hs | entr -s "ghc Vger.hs && printf 'gemini://perso.pw/../Vger.hs\r\n' | ./Vger" +haskell-unit: ls *hs | entr -s "ghc unit.hs && ./unit" diff --git a/Vger.hs b/Vger.hs new file mode 100644 index 0000000..f9d3d09 --- /dev/null +++ b/Vger.hs @@ -0,0 +1,9 @@ +import Gemini + +main :: IO () +main = do + url <- get_request + let request = parse_to_gemini (parse_url url) + content <- read_file (file request) + putStrLn (get_reply (mime request) 20) + putStrLn content diff --git a/config.mk b/config.mk deleted file mode 100644 index 2c254b2..0000000 --- a/config.mk +++ /dev/null @@ -1 +0,0 @@ -EXTRAFLAGS= diff --git a/configure b/configure deleted file mode 100755 index 0914d3d..0000000 --- a/configure +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/sh - -OS="$(uname -s)" - -case "$OS" in - Linux) - EXTRAFLAGS=-lbsd - ;; - *) - EXTRAFLAGS="" - ;; -esac - -echo "EXTRAFLAGS=${EXTRAFLAGS}" > config.mk diff --git a/main.c b/main.c deleted file mode 100644 index fae3d9e..0000000 --- a/main.c +++ /dev/null @@ -1,88 +0,0 @@ -#include "vger.c" - -int -main(int argc, char **argv) -{ - char request[GEMINI_REQUEST_MAX] = {'\0'}; - char user[_SC_LOGIN_NAME_MAX] = {'\0'}; - char hostname[GEMINI_REQUEST_MAX] = {'\0'}; - char query[PATH_MAX] = {'\0'}; - char path[PATH_MAX] = {'\0'}; - char chroot_dir[PATH_MAX] = DEFAULT_CHROOT; - char file[FILENAME_MAX] = DEFAULT_INDEX; - char dir[PATH_MAX] = {'\0'}; - int option = 0; - int virtualhost = 0; - - /* - * request : contain the whole request from client : gemini://...\r\n - * user : username, used in drop_privileges() - * hostname : extracted from hostname. used with virtualhosts and cgi SERVER_NAME - * query : file requested in cgi : gemini://...?query - * file : file basename to display. Emtpy is a directory has been requested - * dir : directory requested. vger will chdir() in to find file - * pos : used to parse request and split into interesting parts - */ - - while ((option = getopt(argc, argv, ":d:l:m:u:c:vi")) != -1) { - switch (option) { - case 'd': - estrlcpy(chroot_dir, optarg, sizeof(chroot_dir)); - break; - case 'l': - estrlcpy(lang, "lang=", sizeof(lang)); - estrlcat(lang, optarg, sizeof(lang)); - break; - case 'm': - estrlcpy(default_mime, optarg, sizeof(default_mime)); - break; - case 'u': - estrlcpy(user, optarg, sizeof(user)); - break; - case 'c': - estrlcpy(cgi_dir, optarg, sizeof(cgi_dir)); - break; - case 'v': - virtualhost = 1; - break; - case 'i': - doautoidx = 1; - break; - } - } - - /* - * do chroot if an user is supplied - */ - drop_privileges(user, chroot_dir, cgi_dir); - - check_request(request); - get_hostname(request, hostname, sizeof(hostname)); - get_path(request, path, sizeof(path), virtualhost, hostname); - get_query(path, query, sizeof(query)); - - /* percent decode */ - uridecode(query); - uridecode(path); - - /* is it cgi ? */ - if (*cgi_dir) - if (do_cgi(chroot_dir, cgi_dir, path, hostname, query) == 0) - stop(EXIT_SUCCESS, NULL); - - /* *** from here, cgi didn't run *** - * check if path available - */ - check_path(path, sizeof(path), hostname, virtualhost); - - /* split dir and filename */ - get_dir_file(path, dir, sizeof(dir), file, sizeof(file)); - - /* go to dir */ - echdir(dir); - - /* regular file to stdout */ - display_file(file); - - stop(EXIT_SUCCESS, NULL); -} diff --git a/mimes.c b/mimes.c deleted file mode 100644 index 7ee796c..0000000 --- a/mimes.c +++ /dev/null @@ -1,139 +0,0 @@ -#include -#include -#include - -#include "mimes.h" -#include "opts.h" - -/* extension to mimetype table */ -static const struct { - const char *extension; - const char *type; -} database[] = { - {"gmi", "text/gemini"}, - {"gemini", "text/gemini"}, - {"7z", "application/x-7z-compressed"}, - {"atom", "application/atom+xml"}, - {"avi", "video/x-msvideo"}, - {"bin", "application/octet-stream"}, - {"bmp", "image/x-ms-bmp"}, - {"cco", "application/x-cocoa"}, - {"crt", "application/x-x509-ca-cert"}, - {"css", "text/css"}, - {"deb", "application/octet-stream"}, - {"dll", "application/octet-stream"}, - {"dmg", "application/octet-stream"}, - {"doc", "application/msword"}, - {"eot", "application/vnd.ms-fontobject"}, - {"exe", "application/octet-stream"}, - {"flv", "video/x-flv"}, - {"fs", "application/octet-stream"}, - {"gif", "image/gif"}, - {"hqx", "application/mac-binhex40"}, - {"htc", "text/x-component"}, - {"html", "text/html"}, - {"ico", "image/x-icon"}, - {"img", "application/octet-stream"}, - {"iso", "application/octet-stream"}, - {"jad", "text/vnd.sun.j2me.app-descriptor"}, - {"jar", "application/java-archive"}, - {"jardiff", "application/x-java-archive-diff"}, - {"jng", "image/x-jng"}, - {"jnlp", "application/x-java-jnlp-file"}, - {"jpeg", "image/jpeg"}, - {"jpg", "image/jpeg"}, - {"js", "application/javascript"}, - {"json", "application/json"}, - {"kml", "application/vnd.google-earth.kml+xml"}, - {"kmz", "application/vnd.google-earth.kmz"}, - {"m3u8", "application/vnd.apple.mpegurl"}, - {"m4a", "audio/x-m4a"}, - {"m4v", "video/x-m4v"}, - {"md", "text/markdown"}, - {"mid", "audio/midi"}, - {"midi", "audio/midi"}, - {"mkv", "video/x-matroska"}, - {"mml", "text/mathml"}, - {"mng", "video/x-mng"}, - {"mov", "video/quicktime"}, - {"mp3", "audio/mpeg"}, - {"mp4", "video/mp4"}, - {"mpeg", "video/mpeg"}, - {"mpg", "video/mpeg"}, - {"msi", "application/octet-stream"}, - {"msm", "application/octet-stream"}, - {"msp", "application/octet-stream"}, - {"odb", "application/vnd.oasis.opendocument.database"}, - {"odc", "application/vnd.oasis.opendocument.chart"}, - {"odf", "application/vnd.oasis.opendocument.formula"}, - {"odg", "application/vnd.oasis.opendocument.graphics"}, - {"odi", "application/vnd.oasis.opendocument.image"}, - {"odm", "application/vnd.oasis.opendocument.text-master"}, - {"odp", "application/vnd.oasis.opendocument.presentation"}, - {"ods", "application/vnd.oasis.opendocument.spreadsheet"}, - {"odt", "application/vnd.oasis.opendocument.text"}, - {"ogg", "audio/ogg"}, - {"oth", "application/vnd.oasis.opendocument.text-web"}, - {"otp", "application/vnd.oasis.opendocument.presentation-template"}, - {"pac", "application/x-ns-proxy-autoconfig"}, - {"pdf", "application/pdf"}, - {"pem", "application/x-x509-ca-cert"}, - {"pl", "application/x-perl"}, - {"pm", "application/x-perl"}, - {"png", "image/png"}, - {"ppt", "application/vnd.ms-powerpoint"}, - {"ps", "application/postscript"}, - {"ra", "audio/x-realaudio"}, - {"rar", "application/x-rar-compressed"}, - {"rpm", "application/x-redhat-package-manager"}, - {"rss", "application/rss+xml"}, - {"rtf", "application/rtf"}, - {"run", "application/x-makeself"}, - {"sea", "application/x-sea"}, - {"sit", "application/x-stuffit"}, - {"svg", "image/svg+xml"}, - {"svgz", "image/svg+xml"}, - {"swf", "application/x-shockwave-flash"}, - {"tcl", "application/x-tcl"}, - {"tif", "image/tiff"}, - {"tiff", "image/tiff"}, - {"tk", "application/x-tcl"}, - {"ts", "video/mp2t"}, - {"txt", "text/plain"}, - {"war", "application/java-archive"}, - {"wbmp", "image/vnd.wap.wbmp"}, - {"webm", "video/webm"}, - {"webp", "image/webp"}, - {"wml", "text/vnd.wap.wml"}, - {"wmlc", "application/vnd.wap.wmlc"}, - {"wmv", "video/x-ms-wmv"}, - {"woff", "application/font-woff"}, - {"xhtml", "application/xhtml+xml"}, - {"xls", "application/vnd.ms-excel"}, - {"xml", "text/xml"}, - {"xpi", "application/x-xpinstall"}, - {"zip", "application/zip"} -}; - -#ifndef nitems -#define nitems(_a) (sizeof((_a)) / sizeof((_a)[0])) -#endif - -const char * -get_file_mime(const char *path, const char *default_mime) -{ - size_t i; - char *extension; - - /* search for extension after last '.' in path */ - if ((extension = strrchr(path, '.')) != NULL) { - /* look for the MIME in the database */ - for (i = 0; i < nitems(database); i++) { - if (strcmp(database[i].extension, extension + 1) == 0) - return (database[i].type); - } - } - - /* no MIME found, set a default one */ - return default_mime; -} diff --git a/mimes.h b/mimes.h deleted file mode 100644 index d6ae520..0000000 --- a/mimes.h +++ /dev/null @@ -1 +0,0 @@ -const char *get_file_mime(const char *, const char *); diff --git a/opts.h b/opts.h deleted file mode 100644 index d09f024..0000000 --- a/opts.h +++ /dev/null @@ -1,18 +0,0 @@ -#include /* PATH_MAX */ - -/* Defaults values */ -#define DEFAULT_MIME "application/octet-stream" -#define DEFAULT_LANG "" -#define DEFAULT_CHROOT "/var/gemini" -#define DEFAULT_INDEX "index.gmi" -#define DEFAULT_AUTOIDX 0 - -/* - * Options used later - */ -/* longest hardcoded mimetype is 56 long so 64 should be enough */ -static char default_mime[64] = DEFAULT_MIME; -static char lang[16] = DEFAULT_LANG; -static unsigned int doautoidx = DEFAULT_AUTOIDX; -static char cgi_dir[PATH_MAX] = {'\0'}; -static int chrooted = 0; diff --git a/shell.nix b/shell.nix index f7e7b3b..3608a63 100644 --- a/shell.nix +++ b/shell.nix @@ -8,9 +8,14 @@ mkShell { kakoune git-up gdb + cabal2nix (pkgs.haskellPackages.ghcWithPackages (self: [ haskellPackages.regex-pcre + haskellPackages.regex-compat + haskellPackages.mime-types + haskellPackages.HUnit + haskellPackages.utf8-string ] )) ]; diff --git a/tests.c b/tests.c deleted file mode 100644 index b740ca9..0000000 --- a/tests.c +++ /dev/null @@ -1,50 +0,0 @@ -#include -#include -#include -#include "vger.h" - -// to test -void test_status(void); -void test_status_error(void); -void test_uridecode(char*, const int); - - -void -test_uridecode(char *str, const int result) -{ - char reference[GEMINI_REQUEST_MAX] = {'\0'}; - strlcpy(reference, str, sizeof(reference)); - uridecode(str); - if (strncmp(reference, str, strlen(str)) != result) - { - printf("uridecode error\n"); - printf("Strings should be %s\n", (result == 0) ? "identical" : "different"); - printf("passed %s\n", reference); - printf("got %s\n", str); - exit(1); - } -} - -void -test_status(void) -{ - status(20, "text/gemini"); -} - -void -test_status_error(void) -{ - status(51, "file not found"); - status(50, "Forbidden path"); - status(50, "Internal server error"); -} - -int -main(void) -{ - test_status_error(); - test_status(); - //test_uridecode("host.name", 0); - //test_uridecode("host.name/percent%25-encode%3.gmi", 1); - return(0); -} diff --git a/unit.hs b/unit.hs new file mode 100644 index 0000000..4e1b2ff --- /dev/null +++ b/unit.hs @@ -0,0 +1,52 @@ +import Test.HUnit +import Gemini + + +regex_1 = TestCase (assertEqual + "single file request" + [["gemini://perso.pw/index.gmi\r\n", "gemini://", "perso.pw", "index.gmi", "", "", "\r\n"]] + (parse_url "gemini://perso.pw/index.gmi\r\n")) + +regex_2 = TestCase (assertEqual + "full request with file and query" + [["gemini://perso.pw/index.gmi?query=value\r\n", "gemini://", "perso.pw", "index.gmi", "?", "query=value", "\r\n"]] + (parse_url "gemini://perso.pw/index.gmi?query=value\r\n")) + +regex_3 = TestCase (assertEqual + "missing newline return" + [] + (parse_url "gemini://perso.pw/")) + +regex_4 = TestCase (assertEqual + "query without a file" + [["gemini://perso.pw/?query=value\r\n", "gemini://", "perso.pw", "", "?", "query=value", "\r\n"]] + (parse_url "gemini://perso.pw/?query=value\r\n")) + +regex_5 = TestCase (assertEqual + "domain only" + [["gemini://perso.pw\r\n", "gemini://", "perso.pw", "", "", "", "\r\n"]] + (parse_url "gemini://perso.pw\r\n")) + +regex_6 = TestCase (assertEqual + "directory requested" + [["gemini://perso.pw/directory/\r\n", "gemini://", "perso.pw", "directory/", "", "", "\r\n"]] + (parse_url "gemini://perso.pw/directory/\r\n")) + +regex_7 = TestCase (assertEqual + "path traversal attempt" + [["gemini://perso.pw/directory/\r\n", "gemini://", "perso.pw", "directory/", "", "", "\r\n"]] + (parse_url "gemini://perso.pw/../../directory/\r\n")) + +tests = TestList + [ regex_1 + , regex_2 + , regex_3 + , regex_4 + , regex_5 + , regex_6 + , regex_7 + ] + +main :: IO Counts +main = do + runTestTT tests diff --git a/utils.c b/utils.c deleted file mode 100644 index 50e2191..0000000 --- a/utils.c +++ /dev/null @@ -1,117 +0,0 @@ -#include -#include -#include -#include -#include -#include -#include - -#include "utils.h" -#include "vger.h" - -#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined( __NetBSD__) || defined(__DragonFly__) -#include -#else -#include -#endif - -/* e*foo() functions are the equivalent of foo() but handle errors. - * In case an error happens: - * The error is printed to stdout - * return 1 - */ - -#ifdef __OpenBSD__ -void -eunveil(const char *path, const char *permissions) -{ - if (unveil(path, permissions) == -1) { - status(41, "Error when unveil(), see logs"); - stop(EXIT_FAILURE, "unveil on %s failed", path); - } -} - -void -epledge(const char *promises, const char *execpromises) -{ - if (pledge(promises, execpromises) == -1) { - status(41, "Error when pledge(), see logs"); - stop(EXIT_FAILURE, "pledge failed for: %s", promises); - } -} -#endif - -size_t -estrlcpy(char *dst, const char *src, size_t dstsize) -{ - size_t n = 0; - - n = strlcpy(dst, src, dstsize); - if (n >= dstsize) { - status(41, "strlcpy failed, see logs"); - stop(EXIT_FAILURE, "strlcpy() failed for %s = %s", dst, src); - } - - return n; -} - -size_t -estrlcat(char *dst, const char *src, size_t dstsize) -{ - size_t size; - if ((size = strlcat(dst, src, dstsize)) >= dstsize) { - status(41, "strlcat() failed, see logs"); - stop(EXIT_FAILURE, "strlcat on %s + %s", dst, src); - } - - return size; -} - -int -esetenv(const char *name, const char *value, int overwrite) -{ - int ret = 0; - ret = setenv(name, value, overwrite); - - if (ret != 0) { - status(41, "setenv() failed, see logs"); - stop(EXIT_FAILURE, "setenv() %s:%s", name, value); - } - - return ret; -} - -void -echdir(const char *path) -{ - if (chdir(path) == -1) { - switch (errno) { - case ENOTDIR: /* FALLTHROUGH */ - case ENOENT: - status(51, "file not found"); - break; - case EACCES: - status(50, "Forbidden path"); - break; - default: - status(50, "Internal server error"); - break; - } - stop(EXIT_FAILURE, "chdir(%s) failed", path); - } -} - -/* read the file fd byte after byte in buffer and write it to stdout - * return number of bytes read - */ -size_t -print_file(FILE *fd) -{ - ssize_t nread = 0; - ssize_t datasent = 0; - char *buffer[BUFSIZ]; - - while ((nread = fread(buffer, 1, sizeof(buffer), fd)) != 0) - datasent += fwrite(buffer, 1, nread, stdout); - return datasent; -} diff --git a/utils.h b/utils.h deleted file mode 100644 index 982a3e0..0000000 --- a/utils.h +++ /dev/null @@ -1,8 +0,0 @@ -void echdir (const char *); -void epledge(const char *, const char *); -void eunveil(const char *, const char *); -int esetenv(const char *, const char *, int); -size_t estrlcat(char *, const char *, size_t); -size_t estrlcpy(char *, const char *, size_t); -size_t print_file(FILE *fd); -void set_errmsg(const char *, ...); diff --git a/vger.c b/vger.c deleted file mode 100644 index d02f420..0000000 --- a/vger.c +++ /dev/null @@ -1,505 +0,0 @@ -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "mimes.h" -#include "opts.h" -#include "utils.h" -#include "vger.h" - -void -stop(const int r, const char *fmt, ...) -{ - va_list ap, ap2; - - fflush(stdout); /* ensure all data is sent */ - - /* log the request and retcode */ - syslog(LOG_DAEMON, "\"%s\" %i %zd", _request, _retcode, _datasiz); - - if (r != EXIT_SUCCESS) { - /* log and print error */ - va_copy(ap2, ap); - - va_start(ap, fmt); - vsyslog(LOG_ERR, fmt, ap); - va_end(ap); - - va_start(ap2, fmt); - vfprintf(stderr, fmt, ap2); - va_end(ap2); - } - - exit(r); -} - -void -status(const int code, const char *fmt, ...) -{ - va_list ap; - - _datasiz += fprintf(stdout, "%i ", code); - - va_start(ap, fmt); - _datasiz += vfprintf(stdout, fmt, ap); - va_end(ap); - - _datasiz += fprintf(stdout, "\r\n"); /* make sure status end correctly */ - - _retcode = code; /* store return code for logs */ -} - -int -uridecode(char *uri) -{ - int n = 0; - char c = '\0'; - long l = 0; - char *pos = NULL; - - if ((pos = strchr(uri, '%')) == NULL) - return n; - - while ((pos = strchr(pos, '%')) != NULL) { - if (strlen(pos) < 3) - return n; - - char hex[3] = {'\0'}; - for (size_t i = 0; i < 2; i++) - hex[i] = tolower(pos[i + 1]); - - errno = 0; - l = strtol(hex, 0, 16); - if (errno == ERANGE && (l == LONG_MAX || l == LONG_MIN)) - continue; /* conversion failed */ - - c = (char)l; - pos[0] = c; - /* rewind of two char to remove %hex */ - memmove(pos + 1, pos + 3, strlen(pos + 3) + 1); /* +1 for \0 */ - n++; - pos++; /* avoid infinite loop */ - } - return n; -} - -void -drop_privileges(const char *user, const char *chroot_dir, const char *cgi_dir) -{ - struct passwd *pw; - - /* - * use chroot() if an user is specified requires root user to be - * running the program to run chroot() and then drop privileges - */ - if (*user) { - - /* is root? */ - if (getuid() != 0) { - status(41, "privileges issue, see logs"); - stop(EXIT_FAILURE, "%s", - "chroot requires program to be run as root"); - } - - /* search user uid from name */ - if ((pw = getpwnam(user)) == NULL) { - status(41, "privileges issue, see logs"); - stop(EXIT_FAILURE, - "the user %s can't be found on the system", user); - } - - /* chroot worked? */ - if (chroot(chroot_dir) != 0) { - status(41, "privileges issue, see logs"); - stop(EXIT_FAILURE, - "the chroot_dir %s can't be used for chroot", chroot_dir); - } - - chrooted = 1; - echdir("/"); - /* drop privileges */ - if (setgroups(1, &pw->pw_gid) || - setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) || - setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) { - status(41, "privileges issue, see logs"); - stop(EXIT_FAILURE, - "dropping privileges to user %s (uid=%i) failed", \ - user, pw->pw_uid); - } - } -#ifdef __OpenBSD__ - /* - * prevent access to files other than the one in chroot_dir - */ - if (chrooted) - eunveil("/", "r"); - else - eunveil(chroot_dir, "r"); - - /* permission to execute what's inside cgi_dir */ - if (*cgi_dir) - eunveil(cgi_dir, "rx"); - - eunveil(NULL, NULL); /* no more call to unveil() */ - - /* promise permissions */ - if (*cgi_dir) - epledge("stdio rpath exec", NULL); - else - epledge("stdio rpath", NULL); -#endif - if (!chrooted) - echdir(chroot_dir); /* move to the gemini data directory */ -} - -ssize_t -display_file(const char *fname) -{ - FILE *fd = NULL; - const char *file_mime; - - /* - * special case : fname empty. The user requested just a dir name - */ - if ((strlen(fname) == 0) && (doautoidx)) { - /* no index.gmi, so display autoindex if enabled */ - _datasiz += autoindex("."); - return _datasiz; - } - - /* open the file requested */ - if ((fd = fopen(fname, "r")) != NULL) { - file_mime = get_file_mime(fname, default_mime); - if (strcmp(file_mime, "text/gemini") == 0) - status(20, "%s; %s", file_mime, lang); - else - status(20, "%s", file_mime); - - _datasiz += print_file(fd); - fclose(fd); /* close file descriptor */ - } else { - /* return an error code and no content. - * seems unlikely to happen unless the file vanished - * since we checked with stat() if it exists - */ - status(51, "%s", "file not found and may have vanished"); - } - - return _datasiz; -} - -int -do_cgi(const char *chroot_dir, const char *cgi_dir, const char *path, const char *hostname, const char *query) -{ - - /* WARNING : this function is fragile since it - * compares path using the string to access them. - * It would be preferable to use stat() to check - * if two path refer to the same inode - */ - - char cgirp[PATH_MAX] = {'\0'}; /* cgi dir path in chroot */ - char cgifp[PATH_MAX] = {'\0'}; /* cgi file to execute */ - char *path_info = NULL; - - /* check if path starts with cgi_dir - * compare beginning of path with cgi_dir - * path + 2 : skip "./" - * cgi_dir + strlen(chrootdir) (skip chrootdir) - */ - - estrlcpy(cgirp, cgi_dir + strlen(chroot_dir), sizeof(cgirp)); - /* ensure there is no leading / if user didn't end chrootdir with */ - while (*cgirp == '/') - estrlcpy(cgirp, cgirp+1, sizeof(cgirp)); - - if (strncmp(cgirp, path+2, strlen(cgirp)) != 0) - return 1; /* not in cgi_dir, go to display_file */ - - /* set env variables for CGI - * see - * https://lists.orbitalfox.eu/archives/gemini/2020/000315.html - */ - esetenv("GATEWAY_INTERFACE", "CGI/1.1", 1); - esetenv("SERVER_PROTOCOL", "GEMINI", 1); - esetenv("SERVER_SOFTWARE", "vger/1", 1); - - if (*query) - esetenv("QUERY_STRING", query, 1); - - /* - * if in cgi_dir, only the first file after cgi_dir/FILE - * is to be executed - * the rest is PATH_INFO - */ - - /* find next item after cgi_dir in path: - * path + 2 (skip "./") + strlen(cgirp) + 1 (skip '/') - */ - - /* cgi file to execute */ - estrlcpy(cgifp, path + 2 + strlen(cgirp) + 1, sizeof(cgifp)); - if (!(*cgifp)) /* problem with cgi file, abort */ - return 1; - - /* check if there is something after cgi file for PATH_INFO */ - path_info = strchr(cgifp, '/'); - - if (path_info != NULL) { - esetenv("PATH_INFO", path_info, 1); - *path_info = '\0'; /* stop cgifp before PATH_INFO */ - } - - esetenv("SCRIPT_NAME", cgifp, 1); - esetenv("SERVER_NAME", hostname, 1); - - echdir(cgirp); - - cgi(cgifp); - return 0; -} - -ssize_t -autoindex(const char *path) -{ - /* display list of files in path + a link to parent (..) */ - - int n = 0; - struct dirent **namelist; /* this must be freed at last */ - size_t bs = 0; - - /* use alphasort to always have the same order on every system */ - if ((n = scandir(path, &namelist, NULL, alphasort)) < 0) { - status(50, "Can't scan %s", path); - } else { - status(20, "text/gemini"); - bs += fprintf(stdout, "=> .. ../\n"); /* display link to parent */ - for (int j = 0; j < n; j++) { - /* skip self and parent */ - if ((strcmp(namelist[j]->d_name, ".") == 0) || - (strcmp(namelist[j]->d_name, "..") == 0)) { - continue; - } - /* add "/" at the end of a directory path */ - if (namelist[j]->d_type == DT_DIR) { - bs += fprintf(stdout, "=> ./%s/ %s/\n", - namelist[j]->d_name, namelist[j]->d_name); - } else { - bs += fprintf(stdout, "=> ./%s %s\n", - namelist[j]->d_name, namelist[j]->d_name); - } - free(namelist[j]); - } - free(namelist); - } - - return bs; -} - -void -cgi(const char *cgicmd) -{ - /* TODO? cgi currently return the wrong data size unless we switch from execl to popen */ - - /* run cgicmd replacing current process */ - _datasiz = -1; /* bytes sent by cgi are unknown */ - execl(cgicmd, cgicmd, NULL); - /* if execl is ok, this will never be reached */ - status(42, "error when trying run cgi"); - stop(EXIT_FAILURE, "error when trying to execl %s", cgicmd); - -} - -void -strip_trailing_slash(char *path) -{ - size_t end = strlen(path); - if (end == 0) - return; - end--; - while (path[end] == '/') - path[end--] = '\0'; -} - -char * -check_request(char *request) -{ -/* -* read the request, check for errors and sanitize the input -*/ - char *pos = NULL; - - - /* read 1024 +1 chars from stdin to get the request (1024 + \0) */ - if (fgets(request, GEMINI_REQUEST_MAX, stdin) == NULL) { - /* EOF reached before reading anything */ - if (feof(stdin)) { - status(59, "%s", "request is too short and probably empty"); - stop(EXIT_FAILURE, "%s", "request is too short and probably empty"); - - /* error before reading anything */ - } else if (ferror(stdin)) { - status(59, "Error while reading request: %s", request); - stop(EXIT_FAILURE, "Error while reading request: %s", request); - } - } - - /* check if string ends with '\n', or to long */ - if (request[strnlen(request, GEMINI_REQUEST_MAX) - 1] != '\n') { - status(59, "request is too long (1024 max): %s", request); - stop(EXIT_FAILURE, "request is too long (1024 max): %s", request); - } - - /* remove \r\n at the end of string */ - request[strcspn(request, "\r\n")] = '\0'; - - /* - * check if the beginning of the request starts with - * gemini:// - */ - if (strncmp(request, "gemini://", GEMINI_PART) != 0) { - /* error code url malformed */ - status(59, "request «%s» doesn't match gemini://", request); - stop(EXIT_FAILURE, "request «%s» doesn't match gemini://", request); - } - - /* save request for logs */ - estrlcpy(_request, request, sizeof(_request)); - - /* remove the gemini:// part */ - memmove(request, request + GEMINI_PART, strlen(request) + 1 - GEMINI_PART); - - /* remove all "/.." for safety reasons */ - while ((pos = strstr(request, "/..")) != NULL) - memmove(request, pos + 3, strlen(pos) + 1 - 3); /* "/.." = 3 */ - - return request; -} - -char * -get_hostname(const char *request, char *hstnm, size_t hstnmsiz) -{ - char *pos = NULL; - - /* first make a copy of request */ - estrlcpy(hstnm, request, hstnmsiz); - - /* look for hostname : stops at first '/' if any */ - if ( (pos = strchr(hstnm, '/')) != NULL) - pos[0] = '\0'; /* end string at the end of hostname */ - - /* check if client added :port at end of hostname and remove it */ - if ( (pos = strchr(hstnm, ':')) != NULL) - pos[0] = '\0'; /* end string at : */ - - return hstnm; -} - -char * -get_path(const char *request, char *path, size_t pathsiz, int virtualhost, const char *hostname) -{ - char *pos = NULL; - - /* path must be relative to chroot */ - estrlcpy(path, "./", pathsiz); - - /* path is in a subdir named hostname */ - if (virtualhost) { - estrlcat(path, hostname, pathsiz); - estrlcat(path, "/", pathsiz); - } - - /* path is after hostname/ */ - pos = strchr(request, '/'); - if (pos != NULL) /* append the path. pos +1 to remove leading '/' */ - estrlcat(path, pos+1, pathsiz); - - return path; -} - -void -check_path(char *path, size_t pathsiz, const char *hstnm, int virtualhost) -{ - struct stat sb = {0}; - char tmp[PATH_MAX] = {'\0'}; - - if (stat(path, &sb) == -1) { - if (lstat(path, &sb) != -1 && S_ISLNK(sb.st_mode) == 1) { - if (readlink(path, tmp, sizeof(tmp)) > 0) { - status(30, "%s", tmp); - stop(EXIT_SUCCESS, NULL); - } - } - status(51, "%s", "file not found"); - stop(EXIT_SUCCESS, NULL); - } - - if (S_ISDIR(sb.st_mode)) { - /* check if dir path end with "/" */ - if (path[strlen(path) - 1] != '/') { - /* redirect to the dir with appropriate ending '/' */ - - /* remove leading '.' for redirection*/ - if (virtualhost) /* remove ./host.name */ - memmove(path, path+2+strlen(hstnm), - strlen(path + 2) + strlen(hstnm) + 1); - else - memmove(path, path+1, - strlen(path + 1) + 1); /* +1 for \0 */ - - estrlcat(path, "/", pathsiz); - status(31, "%s", path); - stop(EXIT_SUCCESS, NULL); - } - /* check if DEFAULT_INDEX exists in directory */ - estrlcpy(tmp, path, sizeof(tmp)); - estrlcat(tmp, "/", sizeof(tmp)); - estrlcat(tmp, DEFAULT_INDEX, sizeof(tmp)); - if (stat(tmp, &sb) == 0) - estrlcpy(path, tmp, pathsiz); - } -} - -void -get_dir_file(char *path, char *dir, size_t dirsiz, char *file, size_t filesiz) -{ - char *pos = NULL; - - pos = strrchr(path, '/'); - if (pos != NULL) { - estrlcpy(file, pos+1, filesiz); /* +1 : not heading / */ - pos[0] = '\0'; /* stop path at file */ - estrlcpy(dir, path, dirsiz); - } else { - estrlcpy(file, path, filesiz); - } -} - -char * -get_query(char *path, char *query, size_t querysiz) -{ - char *pos = NULL; - - /* remove a query string before percent decoding */ - /* look for "?" if any to set query for cgi, remove it */ - pos = strchr(path, '?'); - if (pos != NULL) { - estrlcpy(query, pos + 1, querysiz); - pos[0] = '\0'; /* path end where query begins */ - } - return query; -} diff --git a/vger.h b/vger.h deleted file mode 100644 index 0585e4a..0000000 --- a/vger.h +++ /dev/null @@ -1,37 +0,0 @@ -#ifndef vger_h_INCLUDED -#define vger_h_INCLUDED - -/* length of "gemini://" */ -#define GEMINI_PART 9 - -/* - * number of bytes to read with fgets() : 2014 + 1. - * fgets() reads at most size-1 (1024 here). - * See https://gemini.circumlunar.space/docs/specification.html. - */ -#define GEMINI_REQUEST_MAX 1025 - -/* global vars */ -static int _retcode = 0; -static ssize_t _datasiz = 0; -static char _request[GEMINI_REQUEST_MAX] = {'\0'}; - -/* functions */ -ssize_t autoindex(const char *); -void cgi(const char *); -char * check_request(char *); -void check_path(char *, size_t, const char *, int); -ssize_t display_file(const char *); -int do_cgi(const char *, const char *, const char *, const char *, const char *); -void drop_privileges(const char *, const char *, const char *); -void get_dir_file(char *, char *, size_t, char *, size_t); -char * get_hostname(const char *, char *, size_t); -char * get_path(const char *, char *, size_t, int, const char *); -char * get_query(char *, char *, size_t); -void status(const int, const char *, ...); -void strip_trailing_slash(char *); -int uridecode (char *); -void stop(const int, const char *, ...); - -#endif // vger_h_INCLUDED -