From 470e47a018a6568bb60810a67ecf5a9cf0d394d5 Mon Sep 17 00:00:00 2001 From: prx Date: Thu, 14 Jan 2021 13:31:51 +0100 Subject: [PATCH] Add simple cgi support +: * read file byte after byte * format code (syslog + err) * move functions in utils.c --- Makefile | 9 +- README.md | 2 +- main.c | 184 ++++++++++++++++++++---------- opts.h | 7 +- tests/test.sh | 14 ++- tests/var/gemini/cgi-bin/test.cgi | 9 ++ tests/var/gemini/cgi-bin/who.cgi | 9 ++ utils.c | 78 +++++++++++++ utils.h | 6 + vger.8 | 17 +++ 10 files changed, 268 insertions(+), 67 deletions(-) create mode 100755 tests/var/gemini/cgi-bin/test.cgi create mode 100755 tests/var/gemini/cgi-bin/who.cgi create mode 100644 utils.c create mode 100644 utils.h diff --git a/Makefile b/Makefile index c577aeb..790998a 100644 --- a/Makefile +++ b/Makefile @@ -2,13 +2,18 @@ PREFIX?=/usr/local/ CFLAGS += -pedantic -Wall -Wextra -Wmissing-prototypes \ -Wstrict-prototypes -Wwrite-strings +.SUFFIXES: .c .o + +.c.o: + ${CC} ${CFLAGS} -c $< + all: vger clean: rm -f vger *.core *.o -vger: main.o mimes.o opts.h - ${CC} -o vger main.o mimes.o +vger: main.o mimes.o utils.o opts.h + ${CC} ${CFLAGS} -o $@ main.o mimes.o utils.o install: vger install -o root -g wheel vger ${PREFIX}/bin/ diff --git a/README.md b/README.md index 8b76f7c..d335dea 100644 --- a/README.md +++ b/README.md @@ -55,7 +55,7 @@ without a `-d` parameter. - `-u username`: enable chroot to the data directory and drop privileges to `username`. - `-m MIME` : use MIME as default instead of "application/octet-stream". - `-i` : Enable auto index if no "index.gmi" file is found in a directory. - +- `-c CGI_PATH` : Exec CGI_PATH instead of serving it. # How to configure Vger using relayd and inetd diff --git a/main.c b/main.c index 9b73b05..0c9ccb0 100644 --- a/main.c +++ b/main.c @@ -1,9 +1,11 @@ -#include #include +#include +#include #include #include #include +#include #include #include #include @@ -15,6 +17,7 @@ #include "mimes.h" #include "opts.h" +#include "utils.h" #define GEMINI_PART 9 #define GEMINI_REQUEST_MAX 1024 /* see https://gemini.circumlunar.space/docs/specification.html */ @@ -22,45 +25,11 @@ void autoindex(const char *); +void cgi(const char *cgicmd); void display_file(const char *); void status(const int, const char *); void status_redirect(const int, const char *); void drop_privileges(const char *, const char *); -void eunveil(const char *, const char *); -size_t estrlcat(char *, const char *, size_t); -size_t estrlcpy(char *, const char *, size_t); - -void -eunveil(const char *path, const char *permissions) -{ - if (unveil(path, permissions) == -1) { - syslog(LOG_DAEMON, "unveil on %s failed", path); - err(1, "unveil"); - } -} - -size_t -estrlcpy(char *dst, const char *src, size_t dstsize) -{ - size_t n = 0; - - n = strlcpy(dst, src, dstsize); - if (n >= dstsize) { - err(1, "strlcyp failed for %s = %s", dst, src); - } - - return n; -} - -size_t -estrlcat(char *dst, const char *src, size_t dstsize) -{ - size_t size; - if ((size = strlcat(dst, src, dstsize)) >= dstsize) - err(1, "strlcat on %s + %s", dst, src); - - return size; -} void drop_privileges(const char *user, const char *path) @@ -76,31 +45,26 @@ drop_privileges(const char *user, const char *path) /* is root? */ if (getuid() != 0) { - syslog(LOG_DAEMON, "chroot requires program to be run as root"); - errx(1, "chroot requires root user"); + errlog("chroot requires program to be run as root"); } /* search user uid from name */ if ((pw = getpwnam(user)) == NULL) { - syslog(LOG_DAEMON, "the user %s can't be found on the system", user); - err(1, "finding user"); + errlog("the user %s can't be found on the system", user); } /* chroot worked? */ if (chroot(path) != 0) { - syslog(LOG_DAEMON, "the chroot_dir %s can't be used for chroot", path); - err(1, "chroot"); + errlog("the chroot_dir %s can't be used for chroot", path); } chrooted = 1; if (chdir("/") == -1) { - syslog(LOG_DAEMON, "failed to chdir(\"/\")"); - err(1, "chdir"); + errlog("failed to chdir(\"/\")"); } /* drop privileges */ if (setgroups(1, &pw->pw_gid) || setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) || setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) { - syslog(LOG_DAEMON, "dropping privileges to user %s (uid=%i) failed", + errlog("dropping privileges to user %s (uid=%i) failed", user, pw->pw_uid); - err(1, "Can't drop privileges"); } } #ifdef __OpenBSD__ @@ -112,13 +76,20 @@ drop_privileges(const char *user, const char *path) } else { eunveil(path, "r"); } + if (strlen(cgibin) > 0) { + char cgifullpath[PATH_MAX] = {'\0'}; + estrlcpy(cgifullpath, path, sizeof(cgifullpath)); + estrlcat(cgifullpath, cgibin, sizeof(cgifullpath)); + eunveil(cgifullpath, "rx"); + } /* * prevent system calls other parsing queryfor fread file and * write to stdio */ - if (pledge("stdio rpath", NULL) == -1) { - syslog(LOG_DAEMON, "pledge call failed"); - err(1, "pledge"); + if (strlen(cgibin) > 0) { + epledge("stdio rpath exec proc", NULL); + } else { + epledge("stdio rpath", NULL); } #endif } @@ -168,8 +139,8 @@ display_file(const char *uri) if (fp[strlen(fp) -1 ] != '/') { /* no ending "/", redirect to "path/" */ char new_uri[PATH_MAX] = {'\0'}; - estrlcpy(new_uri, uri, sizeof(fp)); - estrlcat(new_uri, "/", sizeof(fp)); + estrlcpy(new_uri, uri, sizeof(new_uri)); + estrlcat(new_uri, "/", sizeof(new_uri)); status_redirect(31, new_uri); return; @@ -199,8 +170,8 @@ display_file(const char *uri) status(20, file_mime); /* read the file and write it to stdout */ - while ((nread = fread(buffer, sizeof(char), sizeof(buffer), fd)) != 0) - fwrite(buffer, sizeof(char), nread, stdout); + while ((nread = fread(buffer, 1, sizeof(buffer), fd)) != 0) + fwrite(buffer, 1, nread, stdout); goto closefd; syslog(LOG_DAEMON, "path served %s", fp); @@ -257,6 +228,59 @@ autoindex(const char *path) closedir(fd); } +void +cgi(const char *cgicmd) +{ + + int pipedes[2] = {0}; + pid_t pid; + + if (pipe(pipedes) != 0) { + err(1, "pipe failed"); + } + + pid = fork(); + + if (pid < 0) { + close(pipedes[0]); + close(pipedes[1]); + err(1, "fork failed"); + } + + if (pid > 0) { /* parent */ + char buf[3]; + size_t nread = 0; + FILE *output = NULL; + + close(pipedes[1]); /* make sure entry is closed so fread() gets EOF */ + + /* use fread/fwrite because are buffered */ + output = fdopen(pipedes[0], "r"); + if (output == NULL) { + err(1, "fdopen failed"); + } + + /* read pipe output */ + while ((nread = fread(buf, 1, sizeof(buf), output)) != 0) { + fwrite(buf, 1, nread, stdout); + } + close(pipedes[0]); + fclose(output); + + wait(NULL); /* wait for child to terminate */ + + exit(0); + + } else if (pid == 0) { /* child */ + dup2(pipedes[1], STDOUT_FILENO); /* set pipe output equal to stdout */ + close(pipedes[1]); /* no need this file descriptor : it is now stdout */ + execlp(cgicmd, cgicmd, NULL); + /* if execlp is ok, this will never be reached */ + status(42, "text/plain"); + errlog("error when trying to execlp %s", cgicmd); + } +} + int main(int argc, char **argv) { @@ -268,7 +292,7 @@ main(int argc, char **argv) int option = 0; char *pos = NULL; - while ((option = getopt(argc, argv, ":d:l:m:u:vi")) != -1) { + while ((option = getopt(argc, argv, ":d:l:m:u:c:vi")) != -1) { switch (option) { case 'd': estrlcpy(chroot_dir, optarg, sizeof(chroot_dir)); @@ -283,6 +307,9 @@ main(int argc, char **argv) case 'u': estrlcpy(user, optarg, sizeof(user)); break; + case 'c': + estrlcpy(cgibin, optarg, sizeof(cgibin)); + break; case 'v': virtualhost = 1; break; @@ -303,8 +330,7 @@ main(int argc, char **argv) */ if (fgets(request, GEMINI_REQUEST_MAX, stdin) == NULL) { status(59, "request is too long (1024 max)"); - syslog(LOG_DAEMON, "request is too long (1024 max): %s", request); - exit(1); + errlog("request is too long (1024 max): %s", request); } /* remove \r\n at the end of string */ @@ -318,9 +344,8 @@ main(int argc, char **argv) */ if (strncmp(request, "gemini://", GEMINI_PART) != 0) { /* error code url malformed */ - syslog(LOG_DAEMON, "request «%s» doesn't match gemini://", + errlog("request «%s» doesn't match gemini://", request); - exit(1); } syslog(LOG_DAEMON, "request %s", request); @@ -364,8 +389,47 @@ main(int argc, char **argv) estrlcpy(uri, new_uri, sizeof(uri)); } - /* open file and send it to stdout */ - display_file(uri); + /* check if uri is cgibin */ + if ((strlen(cgibin) > 0) && + (strncmp(uri, cgibin, strlen(cgibin)) == 0) + ) { + char cgipath[PATH_MAX] = {'\0'}; + estrlcpy(cgipath, chroot_dir, sizeof(cgipath)); + estrlcat(cgipath, uri, sizeof(cgipath)); + /* set env variables for CGI */ + /* see https://lists.orbitalfox.eu/archives/gemini/2020/000315.html */ + esetenv("GATEWAY_INTERFACE", "CGI/1.1", 1); + esetenv("SERVER_PROTOCOL", "GEMINI", 1); + esetenv("SERVER_SOFTWARE", "vger/1", 1); + + /* look for "?" to set query */ + pos = strchr(cgipath, '?'); + if (pos != NULL) { + char query[PATH_MAX] = {'\0'}; + estrlcpy(query, pos+1, sizeof(query)); + esetenv("QUERY_STRING", query, 1); + pos[0] = '\0'; + } + /* look for an extension to find PATH_INFO */ + pos = strrchr(cgipath, '.'); + if (pos != NULL) { + /* found a dot */ + pos = strchr(pos, '/'); + if (pos != NULL) { + setenv("PATH_INFO", pos, 1); + pos[0] = '\0'; /* keep only script name */ + } + } + esetenv("SCRIPT_NAME", cgipath, 1); + esetenv("SERVER_NAME", hostname, 1); + + cgi(cgipath); + + } else { + //TODO: percent decoding here + /* open file and send it to stdout */ + display_file(uri); + } return (0); } diff --git a/opts.h b/opts.h index 60974fc..6fafe01 100644 --- a/opts.h +++ b/opts.h @@ -6,7 +6,8 @@ #define DEFAULT_AUTOIDX 0 /* longest is 56 so 64 should be enough */ -static char default_mime[64] = DEFAULT_MIME; +static char default_mime[64] = DEFAULT_MIME; static char chroot_dir[PATH_MAX] = DEFAULT_CHROOT; -static char lang[16] = DEFAULT_LANG; -static unsigned int doautoidx = DEFAULT_AUTOIDX; +static char lang[16] = DEFAULT_LANG; +static unsigned int doautoidx = DEFAULT_AUTOIDX; +static char cgibin[PATH_MAX] = {'\0'}; diff --git a/tests/test.sh b/tests/test.sh index 94d108c..c89a297 100644 --- a/tests/test.sh +++ b/tests/test.sh @@ -72,7 +72,19 @@ if ! [ $OUT = "874f5e1af67eff6b93bedf8ac8033066" ] ; then echo "error" ; exit 1 # auto index in directory OUT=$(printf "gemini://host.name/autoidx/\r\n" | ../vger -d var/gemini/ -i | tee /dev/stderr | $MD5) -if ! [ $OUT = "770a987b8f5cf7169e6bc3c6563e1570" ] ; then echo "error" ; exit 1 ; fi +if ! [ $OUT = "9cb7ef77cbcd74dadafdbff47d864152" ] ; then echo "error" ; exit 1 ; fi + +# cgi simple script +OUT=$(printf "gemini://host.name/cgi-bin/test.cgi\r\n" | ../vger -d var/gemini/ -c /cgi-bin | tee /dev/stderr | $MD5) +if ! [ $OUT = "ed3552892cf7edac4f81178467f6c48a" ] ; then echo "error" ; exit 1 ; fi + +# cgi with use of variables +OUT=$(printf "gemini://host.name/cgi-bin/who.cgi?user=jean-mi\r\n" | ../vger -d var/gemini/ -c /cgi-bin | tee /dev/stderr | $MD5) +if ! [ $OUT = "06f710962d6504b19cdfe77f5fcff29e" ] ; then echo "error" ; exit 1 ; fi + +# cgi with error +OUT=$(printf "gemini://host.name/cgi-bin/nope\r\n" | ../vger -d var/gemini/ -c /cgi-bin | tee /dev/stderr | $MD5) +if ! [ $OUT = "babaa82d5b2bd4e8d21ab412e060c890" ] ; then echo "error" ; exit 1 ; fi # must fail only on OpenBSD ! # try to escape from unveil diff --git a/tests/var/gemini/cgi-bin/test.cgi b/tests/var/gemini/cgi-bin/test.cgi new file mode 100755 index 0000000..bcc8104 --- /dev/null +++ b/tests/var/gemini/cgi-bin/test.cgi @@ -0,0 +1,9 @@ +#!/bin/sh + +echo "20 cgi_test" + +echo "env vars:" +echo $GATEWAY_INTERFACE +echo $SERVER_SOFTWARE +echo $PATH_INFO +echo $QUERY_STRING diff --git a/tests/var/gemini/cgi-bin/who.cgi b/tests/var/gemini/cgi-bin/who.cgi new file mode 100755 index 0000000..513f887 --- /dev/null +++ b/tests/var/gemini/cgi-bin/who.cgi @@ -0,0 +1,9 @@ +#!/bin/sh + +echo "20 cgi_test" +u="" +if [ -n "${QUERY_STRING}" ]; then + u="$(printf "%s" "${QUERY_STRING}" | cut -d'=' -f2)" #yeah, it's awful.. +fi + +echo "hello $u" diff --git a/utils.c b/utils.c new file mode 100644 index 0000000..413d30b --- /dev/null +++ b/utils.c @@ -0,0 +1,78 @@ +#include +#include +#include +#include +#include +#include +#include +#include + +#include "utils.h" + +void +eunveil(const char *path, const char *permissions) +{ + if (unveil(path, permissions) == -1) { + syslog(LOG_DAEMON, "unveil on %s failed", path); + err(1, "unveil on %s failed", path); + } +} + +void +epledge(const char *promises, const char *execpromises) +{ + if (pledge(promises, execpromises) == -1) { + syslog(LOG_DAEMON, "pledge failed for: %s", promises); + err(1, "pledge failed for: %s", promises); + } +} + +size_t +estrlcpy(char *dst, const char *src, size_t dstsize) +{ + size_t n = 0; + + n = strlcpy(dst, src, dstsize); + if (n >= dstsize) { + err(1, "strlcyp failed for %s = %s", dst, src); + } + + return n; +} + +size_t +estrlcat(char *dst, const char *src, size_t dstsize) +{ + size_t size; + if ((size = strlcat(dst, src, dstsize)) >= dstsize) + err(1, "strlcat on %s + %s", dst, src); + + return size; +} + +int +esetenv(const char *name, const char *value, int overwrite) +{ + int ret = 0; + ret = setenv(name, value, overwrite); + + if (ret != 0) { + err(1, "setenv %s:%s", name, value); + } + + return ret; +} + +void +errlog(const char *format, ...) +{ + char e[1024] = {'\0'}; + va_list ap; + + va_start(ap, format); + vsnprintf(e, sizeof(e), format, ap); + va_end(ap); + + syslog(LOG_DAEMON, "%s", e); + err(1, "%s", e); +} diff --git a/utils.h b/utils.h new file mode 100644 index 0000000..8d68748 --- /dev/null +++ b/utils.h @@ -0,0 +1,6 @@ +void epledge(const char *, const char *); +void errlog(const char *format, ...); +void eunveil(const char *, const char *); +int esetenv(const char *, const char *, int); +size_t estrlcat(char *, const char *, size_t); +size_t estrlcpy(char *, const char *, size_t); diff --git a/vger.8 b/vger.8 index 99e6559..bac49f5 100644 --- a/vger.8 +++ b/vger.8 @@ -9,6 +9,7 @@ .Op Fl l Ar lang .Op Fl v .Op Fl i +.Op Fl c Ar cgi_path .Op Fl d Ar path .Op Fl u Ar username .Op Fl m Ar mimetype @@ -40,6 +41,22 @@ Enable virtualhost support, the hostname in the query will be considered as a di As example, for request gemini://hostname.example/file.gmi .Nm will read the file /var/gemini/hostname.example/file.gmi +.It Op Fl c +Enable CGI support. +.Ar cgi_path +will be executed as a cgi script. This path is relative to the served capsule. As example, for a request gemini://hostname.example/cgi-bin/hello.cgi, one must set: +.Bd -literal -offset indent +vger -c /cgi-bin/hello.cgi +.Ed +.Pp +In this case, +.Xr pledge 2 +promises are set to "stdio proc exec" +and an additional +.Xr unveil 2 +permission on the cgi script is set to "rx". +.Pp +Be very careful on how you write your CGI, it can read outside the chroot. .It Op Fl m Ar mimetype Use .Ar mimetype