fix user chroot issue + style

This commit is contained in:
prx 2021-10-21 11:41:22 +02:00
parent 843d1f0ab7
commit 15d09d2c01
1 changed files with 145 additions and 154 deletions

299
main.c
View File

@ -23,22 +23,22 @@
/* lenght of "gemini://" */ /* lenght of "gemini://" */
#define GEMINI_PART 9 #define GEMINI_PART 9
/* /*
* number of bytes to read with fgets() : 2014 + 1 * number of bytes to read with fgets() : 2014 + 1.
* fgets() reads at most size-1 (1024 here) * fgets() reads at most size-1 (1024 here).
* see https://gemini.circumlunar.space/docs/specification.html. * See https://gemini.circumlunar.space/docs/specification.html.
*/ */
#define GEMINI_REQUEST_MAX 1025 #define GEMINI_REQUEST_MAX 1025
void autoindex(const char *); void autoindex(const char *);
void cgi(const char *cgicmd); void cgi (const char *cgicmd);
void display_file(const char *); void display_file(const char *);
void drop_privileges(const char *, const char *); void drop_privileges(const char *, const char *);
void echdir(const char *); void echdir (const char *);
void status(const int, const char *); void status (const int, const char *);
void status_redirect(const int, const char *); void status_redirect(const int, const char *);
void status_error(const int, const char*); void status_error(const int, const char *);
int uridecode(char *); int uridecode (char *);
void void
@ -46,7 +46,7 @@ echdir(const char *path)
{ {
if (chdir(path) == -1) { if (chdir(path) == -1) {
switch (errno) { switch (errno) {
case ENOTDIR: /* FALLTHROUGH */ case ENOTDIR: /* FALLTHROUGH */
case ENOENT: case ENOENT:
status_error(51, "file not found"); status_error(51, "file not found");
break; break;
@ -64,36 +64,34 @@ echdir(const char *path)
int int
uridecode(char *uri) uridecode(char *uri)
{ {
int n = 0; int n = 0;
char c = '\0'; char c = '\0';
long l = 0; long l = 0;
char *pos = NULL; char *pos = NULL;
if ((pos = strchr(uri, '%')) == NULL) { if ((pos = strchr(uri, '%')) == NULL)
return n; return n;
}
while ((pos = strchr(pos, '%')) != NULL) {
if (strlen(pos) < 3) {
return n;
}
char hex[3] = {'\0'}; while ((pos = strchr(pos, '%')) != NULL) {
for (size_t i=0; i < 2; i++) { if (strlen(pos) < 3)
hex[i] = tolower(pos[i+1]); return n;
}
errno = 0; char hex[3] = {'\0'};
l = strtol(hex, 0, 16); for (size_t i = 0; i < 2; i++)
if (errno == ERANGE && (l == LONG_MAX || l == LONG_MIN)) { hex[i] = tolower(pos[i + 1]);
/* conversion failed */
continue; errno = 0;
} l = strtol(hex, 0, 16);
c = (char)l; if (errno == ERANGE && (l == LONG_MAX || l == LONG_MIN))
pos[0] = c; continue; /* conversion failed */
/* rewind of two char to remove %hex */
memmove(pos+1 , pos + 3, strlen(pos+3) + 1); /* +1 for \0*/ c = (char)l;
n++; pos[0] = c;
pos++; /* avoid infinite loop */ /* rewind of two char to remove %hex */
} memmove(pos + 1, pos + 3, strlen(pos + 3) + 1); /* +1 for \0 */
n++;
pos++; /* avoid infinite loop */
}
return n; return n;
} }
@ -109,17 +107,17 @@ drop_privileges(const char *user, const char *path)
if (strlen(user) > 0) { if (strlen(user) > 0) {
/* is root? */ /* is root? */
if (getuid() != 0) { if (getuid() != 0)
errlog("chroot requires program to be run as root"); errlog("chroot requires program to be run as root");
}
/* search user uid from name */ /* search user uid from name */
if ((pw = getpwnam(user)) == NULL) { if ((pw = getpwnam(user)) == NULL)
errlog("the user %s can't be found on the system", user); errlog("the user %s can't be found on the system", user);
}
/* chroot worked? */ /* chroot worked? */
if (chroot(path) != 0) { if (chroot(path) != 0)
errlog("the chroot_dir %s can't be used for chroot", path); errlog("the chroot_dir %s can't be used for chroot", path);
}
chrooted = 1; chrooted = 1;
echdir("/"); echdir("/");
/* drop privileges */ /* drop privileges */
@ -129,40 +127,39 @@ drop_privileges(const char *user, const char *path)
errlog("dropping privileges to user %s (uid=%i) failed", errlog("dropping privileges to user %s (uid=%i) failed",
user, pw->pw_uid); user, pw->pw_uid);
} }
} }
#ifdef __OpenBSD__ #ifdef __OpenBSD__
/* /*
* prevent access to files other than the one in path * prevent access to files other than the one in path
*/ */
if (chrooted) { if (chrooted)
eunveil("/", "r"); eunveil("/", "r");
} else { else
eunveil(path, "r"); eunveil(path, "r");
}
/* permission to execute what's inside cgidir */ /* permission to execute what's inside cgidir */
if (strlen(cgidir) > 0) { if (strlen(cgidir) > 0)
eunveil(cgidir, "rx"); eunveil(cgidir, "rx");
}
eunveil(NULL,NULL); /* no more call to unveil() */ eunveil(NULL, NULL); /* no more call to unveil() */
/* promise permissions */ /* promise permissions */
if (strlen(cgidir) > 0) { if (strlen(cgidir) > 0)
epledge("stdio rpath exec", NULL); epledge("stdio rpath exec", NULL);
} else { else
epledge("stdio rpath", NULL); epledge("stdio rpath", NULL);
}
#endif #endif
if (!chrooted)
echdir(path); /* move to the gemini data directory */
} }
void void
status(const int code, const char *file_mime) status(const int code, const char *file_mime)
{ {
if (strcmp(file_mime, "text/gemini") == 0) { if (strcmp(file_mime, "text/gemini") == 0)
printf("%i %s; %s\r\n", code, file_mime, lang); printf("%i %s; %s\r\n", code, file_mime, lang);
} else { else
printf("%i %s\r\n", code, file_mime); printf("%i %s\r\n", code, file_mime);
}
} }
void void
@ -176,21 +173,25 @@ void
status_error(const int code, const char *reason) status_error(const int code, const char *reason)
{ {
printf("%i %s\r\n", printf("%i %s\r\n",
code, reason); code, reason);
} }
void void
display_file(const char *fname) display_file(const char *fname)
{ {
FILE *fd = NULL; FILE *fd = NULL;
struct stat sb = {0}; struct stat sb = {0};
ssize_t nread = 0; ssize_t nread = 0;
const char *file_mime; const char *file_mime;
char *buffer[BUFSIZ]; char *buffer[BUFSIZ];
char target[FILENAME_MAX] = {'\0'}; char target[FILENAME_MAX] = {'\0'};
char tmp[PATH_MAX] = {'\0'}; /* used to build temporary path */ char tmp[PATH_MAX] = {'\0'}; /* used to build
* temporary path */
/* special case : fname empty. The user requested just the directory name */ /*
* special case : fname empty. The user requested just the directory
* name
*/
if (strlen(fname) == 0) { if (strlen(fname) == 0) {
if (stat("index.gmi", &sb) == 0) { if (stat("index.gmi", &sb) == 0) {
/* there is index.gmi in the current directory */ /* there is index.gmi in the current directory */
@ -204,17 +205,17 @@ display_file(const char *fname)
goto err; goto err;
} }
} }
/* this is to check if path exists and obtain metadata later */ /* this is to check if path exists and obtain metadata later */
if (stat(fname, &sb) == -1) { if (stat(fname, &sb) == -1) {
/* check if fname is a symbolic link /*
* if so, redirect using its target */ * check if fname is a symbolic link if so, redirect using
* its target
*/
if (lstat(fname, &sb) != -1 && S_ISLNK(sb.st_mode) == 1) if (lstat(fname, &sb) != -1 && S_ISLNK(sb.st_mode) == 1)
goto redirect; goto redirect;
else else
goto err; goto err;
} }
/* check if directory */ /* check if directory */
if (S_ISDIR(sb.st_mode) != 0) { if (S_ISDIR(sb.st_mode) != 0) {
/* no ending "/", redirect to "fname/" */ /* no ending "/", redirect to "fname/" */
@ -223,9 +224,9 @@ display_file(const char *fname)
status_redirect(31, tmp); status_redirect(31, tmp);
return; return;
} }
/* open the file requested */ /* open the file requested */
if ((fd = fopen(fname, "r")) == NULL) { goto err; } if ((fd = fopen(fname, "r")) == NULL)
goto err;
file_mime = get_file_mime(fname, default_mime); file_mime = get_file_mime(fname, default_mime);
@ -234,7 +235,7 @@ display_file(const char *fname)
/* read the file byte after byte in buffer and write it to stdout */ /* read the file byte after byte in buffer and write it to stdout */
while ((nread = fread(buffer, 1, sizeof(buffer), fd)) != 0) while ((nread = fread(buffer, 1, sizeof(buffer), fd)) != 0)
fwrite(buffer, 1, nread, stdout); fwrite(buffer, 1, nread, stdout);
goto closefd; /* close file descriptor */ goto closefd; /* close file descriptor */
syslog(LOG_DAEMON, "path served %s", fname); syslog(LOG_DAEMON, "path served %s", fname);
return; return;
@ -247,17 +248,15 @@ err:
redirect: redirect:
/* read symbolic link target to redirect */ /* read symbolic link target to redirect */
if (readlink(fname, target, FILENAME_MAX) == -1) { if (readlink(fname, target, FILENAME_MAX) == -1)
goto err; goto err;
}
status_redirect(30, target); status_redirect(30, target);
syslog(LOG_DAEMON, "redirection from %s to %s", fname, target); syslog(LOG_DAEMON, "redirection from %s to %s", fname, target);
closefd: closefd:
if (S_ISREG(sb.st_mode) != 0) { if (S_ISREG(sb.st_mode) != 0)
fclose(fd); fclose(fd);
}
} }
void void
@ -265,8 +264,8 @@ autoindex(const char *path)
{ {
/* display liks to files in path + a link to parent (..) */ /* display liks to files in path + a link to parent (..) */
int n = 0; int n = 0;
struct dirent **namelist; /* this must be freed at last */ struct dirent **namelist; /* this must be freed at last */
syslog(LOG_DAEMON, "autoindex: %s", path); syslog(LOG_DAEMON, "autoindex: %s", path);
@ -276,19 +275,18 @@ autoindex(const char *path)
errlog("Can't scan %s", path); errlog("Can't scan %s", path);
} else { } else {
status(20, "text/gemini"); status(20, "text/gemini");
printf("=> .. ../\n"); /* display link to parent */ printf("=> .. ../\n"); /* display link to parent */
for(int j = 0; j < n; j++) { for (int j = 0; j < n; j++) {
/* skip self and parent */ /* skip self and parent */
if ((strcmp(namelist[j]->d_name, ".") == 0) || if ((strcmp(namelist[j]->d_name, ".") == 0) ||
(strcmp(namelist[j]->d_name, "..") == 0)) { (strcmp(namelist[j]->d_name, "..") == 0)) {
continue; continue;
} }
/* add "/" at the end of a directory path */ /* add "/" at the end of a directory path */
if (namelist[j]->d_type == DT_DIR) { if (namelist[j]->d_type == DT_DIR)
printf("=> ./%s/ %s/\n", namelist[j]->d_name, namelist[j]->d_name); printf("=> ./%s/ %s/\n", namelist[j]->d_name, namelist[j]->d_name);
} else { else
printf("=> ./%s %s\n", namelist[j]->d_name, namelist[j]->d_name); printf("=> ./%s %s\n", namelist[j]->d_name, namelist[j]->d_name);
}
free(namelist[j]); free(namelist[j]);
} }
free(namelist); free(namelist);
@ -309,20 +307,20 @@ cgi(const char *cgicmd)
int int
main(int argc, char **argv) main(int argc, char **argv)
{ {
char request [GEMINI_REQUEST_MAX] = {'\0'}; char request [GEMINI_REQUEST_MAX] = {'\0'};
char user [_SC_LOGIN_NAME_MAX] = ""; char user [_SC_LOGIN_NAME_MAX] = "";
char hostname [GEMINI_REQUEST_MAX] = {'\0'}; char hostname [GEMINI_REQUEST_MAX] = {'\0'};
char query [PATH_MAX] = {'\0'}; char query [PATH_MAX] = {'\0'};
char chroot_dir[PATH_MAX] = DEFAULT_CHROOT; char chroot_dir[PATH_MAX] = DEFAULT_CHROOT;
char file [FILENAME_MAX] = DEFAULT_INDEX; char file [FILENAME_MAX] = DEFAULT_INDEX;
char dir [PATH_MAX] = {'\0'}; char dir [PATH_MAX] = {'\0'};
char *pos = NULL; char *pos = NULL;
int option = 0; int option = 0;
int virtualhost = 0; int virtualhost = 0;
int docgi = 0; int docgi = 0;
/* /*
* request : contain the whole request from client : gemini://...\r\n * request : contain the whole request from client : gemini://...\r\n
* user : username, used in drop_privileges() * user : username, used in drop_privileges()
* hostname : extracted from hostname. used with virtualhosts and cgi SERVER_NAME * hostname : extracted from hostname. used with virtualhosts and cgi SERVER_NAME
* query : file requested in cgi : gemini://...?query * query : file requested in cgi : gemini://...?query
@ -375,19 +373,17 @@ main(int argc, char **argv)
status(59, "request is too short and probably empty"); status(59, "request is too short and probably empty");
errlog("request is too short and probably empty"); errlog("request is too short and probably empty");
/* error before reading anything */ /* error before reading anything */
} else if (ferror(stdin)) { } else if (ferror(stdin)) {
status(59, "Error while reading request"); status(59, "Error while reading request");
errlog("Error while reading request: %s", request); errlog("Error while reading request: %s", request);
} }
} }
/* check if string ends with '\n', or to long */ /* check if string ends with '\n', or to long */
if (request[strnlen(request, GEMINI_REQUEST_MAX) - 1] != '\n') { if (request[strnlen(request, GEMINI_REQUEST_MAX) - 1] != '\n') {
status(59, "request is too long (1024 max)"); status(59, "request is too long (1024 max)");
errlog("request is too long (1024 max): %s", request); errlog("request is too long (1024 max): %s", request);
} }
/* remove \r\n at the end of string */ /* remove \r\n at the end of string */
pos = strchr(request, '\r'); pos = strchr(request, '\r');
if (pos != NULL) if (pos != NULL)
@ -405,95 +401,91 @@ main(int argc, char **argv)
syslog(LOG_DAEMON, "request %s", request); syslog(LOG_DAEMON, "request %s", request);
/* remove the gemini:// part */ /* remove the gemini:// part */
memmove(request, request + GEMINI_PART, strlen(request) +1 - GEMINI_PART); memmove(request, request + GEMINI_PART, strlen(request) + 1 - GEMINI_PART);
/* remove all "/.." for safety reasons */ /* remove all "/.." for safety reasons */
while ((pos = strstr(request, "/..")) != NULL ) { while ((pos = strstr(request, "/..")) != NULL)
memmove(request, pos+3, strlen(pos) +1 - 3); /* "/.." = 3 */ memmove(request, pos + 3, strlen(pos) + 1 - 3); /* "/.." = 3 */
}
echdir(chroot_dir); /* move to chroot */
/* look for hostname in request : first thing before first / if any */ /* look for hostname in request : first thing before first / if any */
pos = strchr(request, '/'); pos = strchr(request, '/');
if (pos != NULL) { if (pos != NULL) {
/* copy what's after hostname in dir */ /* copy what's after hostname in dir */
estrlcpy(dir, pos, strlen(pos)+1); estrlcpy(dir, pos, strlen(pos) + 1);
/* just keep hostname in request : stop the string with \0 */ /* just keep hostname in request : stop the string with \0 */
pos[0] = '\0'; pos[0] = '\0';
} }
/* check if client added :port at end of hostname and remove it */ /* check if client added :port at end of hostname and remove it */
pos = strchr(request, ':'); pos = strchr(request, ':');
if (pos != NULL) { if (pos != NULL) {
/* end string at :*/ /* end string at : */
pos[0] = '\0'; pos[0] = '\0';
} }
/* copy hostname from request */ /* copy hostname from request */
estrlcpy(hostname, request, sizeof(hostname)); estrlcpy(hostname, request, sizeof(hostname));
/* remove leading '/' in dir */ /* remove leading '/' in dir */
while (dir[0] == '/') { while (dir[0] == '/')
memmove(dir, dir+1, strlen(dir+1)+1); memmove(dir, dir + 1, strlen(dir + 1) + 1);
}
if (virtualhost) { if (virtualhost) {
/* add hostname at the beginning of the dir path */ /* add hostname at the beginning of the dir path */
char tmp[PATH_MAX] = {'\0'}; char tmp [PATH_MAX] = {'\0'};
estrlcpy(tmp, hostname, sizeof(tmp)); estrlcpy(tmp, hostname, sizeof(tmp));
estrlcat(tmp, "/", sizeof(tmp)); estrlcat(tmp, "/", sizeof(tmp));
estrlcat(tmp, dir, sizeof(tmp)); estrlcat(tmp, dir, sizeof(tmp));
estrlcpy(dir, tmp, sizeof(dir)); estrlcpy(dir, tmp, sizeof(dir));
} }
/* percent decode */ /* percent decode */
uridecode(dir); uridecode(dir);
/* /*
* split dir and filename. * split dir and filename. file is last part after last '/'. if none
* file is last part after last '/'. * found, then requested file is actually a directory
* if none found, then requested file is actually a directory
*/ */
if (strlen(dir) > 0) { if (strlen(dir) > 0) {
pos = strrchr(dir, '/'); pos = strrchr(dir, '/');
if (pos != NULL) { if (pos != NULL) {
estrlcpy(file, pos+1, sizeof(file)); /* +1 : no leading '/' */ estrlcpy(file, pos + 1, sizeof(file)); /* +1 : no leading '/' */
pos[0] = '\0'; pos[0] = '\0';
if (strlen(dir) > 0) {
echdir(dir); /* change directory to requested directory */ /* change directory to requested directory */
} if (strlen(dir) > 0)
echdir(dir);
} else { } else {
estrlcpy(file, dir, sizeof(file)); estrlcpy(file, dir, sizeof(file));
} }
} }
if (docgi) { if (docgi) {
/* check if directory is cgidir */ /* check if directory is cgidir */
char cgifp[PATH_MAX] = {'\0'}; char cgifp [PATH_MAX] = {'\0'};
estrlcpy(cgifp, chroot_dir, sizeof(cgifp)); estrlcpy(cgifp, chroot_dir, sizeof(cgifp));
if (cgifp[strlen(cgifp)-1] != '/') { if (cgifp[strlen(cgifp) - 1] != '/')
estrlcat(cgifp, "/", sizeof(cgifp)); estrlcat(cgifp, "/", sizeof(cgifp));
}
estrlcat(cgifp, dir, sizeof(cgifp)); estrlcat(cgifp, dir, sizeof(cgifp));
if (strcmp(cgifp, cgidir) != 0) {
/* not cgipath, display file content */ /* not cgipath, display file content */
if (strcmp(cgifp, cgidir) != 0)
goto file_to_stdout; goto file_to_stdout;
}
/* set env variables for CGI */ /* set env variables for CGI */
/* see https://lists.orbitalfox.eu/archives/gemini/2020/000315.html */ /*
* see
* https://lists.orbitalfox.eu/archives/gemini/2020/000315.htm
* l
*/
esetenv("GATEWAY_INTERFACE", "CGI/1.1", 1); esetenv("GATEWAY_INTERFACE", "CGI/1.1", 1);
esetenv("SERVER_PROTOCOL", "GEMINI", 1); esetenv("SERVER_PROTOCOL", "GEMINI", 1);
esetenv("SERVER_SOFTWARE", "vger/1", 1); esetenv("SERVER_SOFTWARE", "vger/1", 1);
/* look for "?" if any to set query for cgi, remove it*/ /* look for "?" if any to set query for cgi, remove it */
pos = strchr(file, '?'); pos = strchr(file, '?');
if (pos != NULL) { if (pos != NULL) {
estrlcpy(query, pos+1, sizeof(query)); estrlcpy(query, pos + 1, sizeof(query));
esetenv("QUERY_STRING", query, 1); esetenv("QUERY_STRING", query, 1);
pos[0] = '\0'; pos[0] = '\0';
} }
/* look for an extension to find PATH_INFO */ /* look for an extension to find PATH_INFO */
pos = strrchr(file, '.'); pos = strrchr(file, '.');
if (pos != NULL) { if (pos != NULL) {
@ -501,7 +493,7 @@ main(int argc, char **argv)
pos = strchr(pos, '/'); pos = strchr(pos, '/');
if (pos != NULL) { if (pos != NULL) {
setenv("PATH_INFO", pos, 1); setenv("PATH_INFO", pos, 1);
pos[0] = '\0'; /* keep only script name */ pos[0] = '\0'; /* keep only script name */
} }
} }
esetenv("SCRIPT_NAME", file, 1); esetenv("SCRIPT_NAME", file, 1);
@ -510,7 +502,6 @@ main(int argc, char **argv)
cgi(file); cgi(file);
return 0; return 0;
} }
file_to_stdout: file_to_stdout:
/* regular file to stdout */ /* regular file to stdout */
display_file(file); display_file(file);