solene
/
vger
5
10
Fork 4
Code Issues Pull Requests 2 Releases Activity

Merge pull request 'Reorganize vger code into functions' (#6) from nospaghettis into master 

Reviewed-on: #6
This commit is contained in:
solene 2022-08-12 12:51:35 +00:00
parent 76fafe0a9d fd0e70ab5b
commit bfd713c131
9 changed files with 476 additions and 373 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

202
main.c
View File

@ -3,17 +3,16 @@
int int
main(int argc, char **argv) main(int argc, char **argv)
{ {
char request [GEMINI_REQUEST_MAX] = {'\0'}; char request[GEMINI_REQUEST_MAX] = {'\0'};
char user [_SC_LOGIN_NAME_MAX] = ""; char user[_SC_LOGIN_NAME_MAX] = {'\0'};
char hostname [GEMINI_REQUEST_MAX] = {'\0'}; char hostname[GEMINI_REQUEST_MAX] = {'\0'};
char query [PATH_MAX] = {'\0'}; char query[PATH_MAX] = {'\0'};
char chroot_dir[PATH_MAX] = DEFAULT_CHROOT; char path[PATH_MAX] = {'\0'};
char file [FILENAME_MAX] = DEFAULT_INDEX; char chroot_dir[PATH_MAX] = DEFAULT_CHROOT;
char dir [PATH_MAX] = {'\0'}; char file[FILENAME_MAX] = DEFAULT_INDEX;
char *pos = NULL; char dir[PATH_MAX] = {'\0'};
int option = 0; int option = 0;
int virtualhost = 0; int virtualhost = 0;
int docgi = 0;
/* /*
* request : contain the whole request from client : gemini://...\r\n * request : contain the whole request from client : gemini://...\r\n
@ -41,8 +40,7 @@ main(int argc, char **argv)
estrlcpy(user, optarg, sizeof(user)); estrlcpy(user, optarg, sizeof(user));
break; break;
case 'c': case 'c':
estrlcpy(cgidir, optarg, sizeof(cgidir)); estrlcpy(cgi_dir, optarg, sizeof(cgi_dir));
docgi = 1;
break; break;
case 'v': case 'v':
virtualhost = 1; virtualhost = 1;
@ -56,171 +54,35 @@ main(int argc, char **argv)
/* /*
* do chroot if an user is supplied * do chroot if an user is supplied
*/ */
drop_privileges(user, chroot_dir); drop_privileges(user, chroot_dir, cgi_dir);
/* check_request(request);
* read 1024 chars from stdin get_hostname(request, hostname, sizeof(hostname));
* to get the request get_path(request, path, sizeof(path), virtualhost, hostname);
* (actually 1024 + \0) get_query(path, query, sizeof(query));
*/
if (fgets(request, GEMINI_REQUEST_MAX, stdin) == NULL) {
/* EOF reached before reading anything */
if (feof(stdin)) {
status(59, "request is too short and probably empty");
errlog("request is too short and probably empty");
/* error before reading anything */
} else if (ferror(stdin)) {
status(59, "Error while reading request");
errlog("Error while reading request: %s", request);
}
}
/* check if string ends with '\n', or to long */
if (request[strnlen(request, GEMINI_REQUEST_MAX) - 1] != '\n') {
status(59, "request is too long (1024 max)");
errlog("request is too long (1024 max): %s", request);
}
/* remove \r\n at the end of string */
pos = strchr(request, '\r');
if (pos != NULL)
*pos = '\0';
/*
* check if the beginning of the request starts with
* gemini://
*/
if (strncmp(request, "gemini://", GEMINI_PART) != 0) {
/* error code url malformed */
errlog("request «%s» doesn't match gemini://",
request);
}
syslog(LOG_DAEMON, "request %s", request);
/* remove the gemini:// part */
memmove(request, request + GEMINI_PART, strlen(request) + 1 - GEMINI_PART);
/* remove all "/.." for safety reasons */
while ((pos = strstr(request, "/..")) != NULL)
memmove(request, pos + 3, strlen(pos) + 1 - 3); /* "/.." = 3 */
/* look for hostname in request : first thing before first / if any */
pos = strchr(request, '/');
if (pos != NULL) {
/* copy what's after hostname in dir */
estrlcpy(dir, pos, strlen(pos) + 1);
/* just keep hostname in request : stop the string with \0 */
pos[0] = '\0';
}
/* check if client added :port at end of hostname and remove it */
pos = strchr(request, ':');
if (pos != NULL) {
/* end string at : */
pos[0] = '\0';
}
/* copy hostname from request */
estrlcpy(hostname, request, sizeof(hostname));
/* remove leading '/' in dir */
while (dir[0] == '/')
memmove(dir, dir + 1, strlen(dir + 1) + 1);
if (virtualhost) {
/* add hostname at the beginning of the dir path */
char tmp [PATH_MAX] = {'\0'};
estrlcpy(tmp, hostname, sizeof(tmp));
estrlcat(tmp, "/", sizeof(tmp));
estrlcat(tmp, dir, sizeof(tmp));
estrlcpy(dir, tmp, sizeof(dir));
}
/* remove a query string before percent decoding */
/* look for "?" if any to set query for cgi, remove it */
pos = strchr(dir, '?');
if (pos != NULL) {
estrlcpy(query, pos + 1, sizeof(query));
uridecode(query);
pos[0] = '\0';
}
/* percent decode */ /* percent decode */
uridecode(dir); uridecode(query);
uridecode(path);
/* /* is it cgi ? */
* split dir and filename. file is last part after last '/'. if none if (*cgi_dir)
* found, then requested file is actually a directory if (do_cgi(chroot_dir, cgi_dir, path, hostname, query) == 0)
stop(EXIT_SUCCESS, NULL);
/* *** from here, cgi didn't run ***
* check if path available
*/ */
if (strlen(dir) > 0) { check_path(path, sizeof(path), hostname, virtualhost);
/*
* if in cgidir, only the first file after cgidir/FILE is to be executed
* the rest is PATH_INFO
*/
/* find the string of cgidir without chroot_dir prefix */
char tmp [PATH_MAX] = {'\0'};
char *cgipp;
strip_trailing_slash(chroot_dir);
strip_trailing_slash(cgidir);
estrlcpy(tmp, cgidir + strlen(chroot_dir), sizeof(tmp));
cgipp = tmp;
if (tmp[0] == '/')
cgipp++;
if (docgi && strncmp(dir, cgipp, strlen(cgipp)) == 0) { /* split dir and filename */
pos = strchr(dir+strlen(cgipp), '/'); get_dir_file(path, dir, sizeof(dir), file, sizeof(file));
} else {
pos = strrchr(dir, '/');
}
if (pos != NULL) {
estrlcpy(file, pos + 1, sizeof(file)); /* +1 : no leading '/' */
pos[0] = '\0';
/* change directory to requested directory */ /* go to dir */
if (strlen(dir) > 0) echdir(dir);
echdir(dir);
} else {
estrlcpy(file, dir, sizeof(file));
}
}
if (docgi) {
/* check if directory is cgidir */
char cgifp [PATH_MAX] = {'\0'};
estrlcpy(cgifp, chroot_dir, sizeof(cgifp));
if (cgifp[strlen(cgifp) - 1] != '/')
estrlcat(cgifp, "/", sizeof(cgifp));
estrlcat(cgifp, dir, sizeof(cgifp)); /* regular file to stdout */
/* not cgipath, display file content */
if (strcmp(cgifp, cgidir) != 0)
goto file_to_stdout;
/* set env variables for CGI */
/*
* see
* https://lists.orbitalfox.eu/archives/gemini/2020/000315.htm
* l
*/
esetenv("GATEWAY_INTERFACE", "CGI/1.1", 1);
esetenv("SERVER_PROTOCOL", "GEMINI", 1);
esetenv("SERVER_SOFTWARE", "vger/1", 1);
if (*query)
esetenv("QUERY_STRING", query, 1);
/* if we've got here and file contains a '/', it should be interpreted as PATH_INFO */
pos = strchr(file, '/');
if (pos != NULL) {
setenv("PATH_INFO", pos, 1);
pos[0] = '\0'; /* keep only script name */
}
esetenv("SCRIPT_NAME", file, 1);
esetenv("SERVER_NAME", hostname, 1);
cgi(file);
return 0;
}
file_to_stdout:
/* regular file to stdout */
display_file(file); display_file(file);
return (0); stop(EXIT_SUCCESS, NULL);
} }

18
mimes.c
View File

@ -126,16 +126,14 @@ get_file_mime(const char *path, const char *default_mime)
char *extension; char *extension;
/* search for extension after last '.' in path */ /* search for extension after last '.' in path */
if ((extension = strrchr(path, '.')) == NULL) if ((extension = strrchr(path, '.')) != NULL) {
goto out; /* look for the MIME in the database */
for (i = 0; i < nitems(database); i++) {
/* look for the MIME in the database */ if (strcmp(database[i].extension, extension + 1) == 0)
for (i = 0; i < nitems(database); i++) { return (database[i].type);
if (strcmp(database[i].extension, extension + 1) == 0) }
return (database[i].type);
} }
out: /* no MIME found, set a default one */
/* if no MIME have been found, set a default one */ return default_mime;
return (default_mime);
} }

2
opts.h
View File

@ -14,5 +14,5 @@
static char default_mime[64] = DEFAULT_MIME; static char default_mime[64] = DEFAULT_MIME;
static char lang[16] = DEFAULT_LANG; static char lang[16] = DEFAULT_LANG;
static unsigned int doautoidx = DEFAULT_AUTOIDX; static unsigned int doautoidx = DEFAULT_AUTOIDX;
static char cgidir[PATH_MAX] = {'\0'}; static char cgi_dir[PATH_MAX] = {'\0'};
static int chrooted = 0; static int chrooted = 0;

6
tests.c
View File

@ -34,9 +34,9 @@ test_status(void)
void void
test_status_error(void) test_status_error(void)
{ {
status_error(51, "file not found"); status(51, "file not found");
status_error(50, "Forbidden path"); status(50, "Forbidden path");
status_error(50, "Internal server error"); status(50, "Internal server error");
} }
int int

12
tests/test.sh
View File

@ -29,11 +29,11 @@ if ! [ $OUT = "fcc5a293f316e01f7b3103f97eca26b1" ] ; then echo "error" ; exit 1
# redirect to uri with trailing / if directory # redirect to uri with trailing / if directory
OUT=$(printf "gemini://host.name/subdir\r\n" | ../vger -d var/gemini/ | tee /dev/stderr | MD5) OUT=$(printf "gemini://host.name/subdir\r\n" | ../vger -d var/gemini/ | tee /dev/stderr | MD5)
if ! [ $OUT = "b0e7e20db5ca7b80918025e7c15a8b02" ] ; then echo "error" ; exit 1 ; fi if ! [ $OUT = "84e5e7bb3eee0dfcc8db14865dc83e77" ] ; then echo "error" ; exit 1 ; fi
# redirect to uri with trailing / if directory and vhost enabled # redirect to uri with trailing / if directory and vhost enabled
OUT=$(printf "gemini://perso.pw/cgi-bin\r\n" | ../vger -vd var/gemini | tee /dev/stderr | MD5) OUT=$(printf "gemini://perso.pw/cgi-bin\r\n" | ../vger -vd var/gemini | tee /dev/stderr | MD5)
if ! [ $OUT = "827eef65a3cd71e2ce805bc1e05eac44" ] ; then echo "error" ; exit 1 ; fi if ! [ $OUT = "e0eb3a8e31bdb30c89d92d1d2b0a1fa1" ] ; then echo "error" ; exit 1 ; fi
# file from local directory with lang=fr and markdown MIME type # file from local directory with lang=fr and markdown MIME type
OUT=$(printf "gemini://perso.pw/file.md\r\n" | ../vger -d var/gemini/ -l fr | tee /dev/stderr | MD5) OUT=$(printf "gemini://perso.pw/file.md\r\n" | ../vger -d var/gemini/ -l fr | tee /dev/stderr | MD5)
@ -60,7 +60,7 @@ OUT=$(printf "gemini://perso.pw\r\n" | ../vger -v -d var/gemini/ | tee /dev/stde
if ! [ $OUT = "5e5fca557e79f4521b21d4b81dc964c6" ] ; then echo "error" ; exit 1 ; fi if ! [ $OUT = "5e5fca557e79f4521b21d4b81dc964c6" ] ; then echo "error" ; exit 1 ; fi
# file from local directory using virtualhosts without specifying a file using lang = fr # file from local directory using virtualhosts without specifying a file using lang = fr
OUT=$(printf "gemini://perso.pw\r\n" | ../vger -v -d var/gemini/ -l fr | tee /dev/stderr | MD5) OUT=$(printf "gemini://perso.pw/\r\n" | ../vger -v -d var/gemini/ -l fr | tee /dev/stderr | MD5)
if ! [ $OUT = "7db981ce93fee268f29324912800f00d" ] ; then echo "error" ; exit 1 ; fi if ! [ $OUT = "7db981ce93fee268f29324912800f00d" ] ; then echo "error" ; exit 1 ; fi
# file from local directory using virtualhosts and IRI # file from local directory using virtualhosts and IRI
@ -73,11 +73,11 @@ if ! [ $OUT = "e354a1a29ea8273faaf0cdc29c1d8583" ] ; then echo "error" ; exit 1
# auto index in directory without index.gmi must redirect # auto index in directory without index.gmi must redirect
OUT=$(printf "gemini://host.name/autoidx\r\n" | ../vger -d var/gemini/ -i | tee /dev/stderr | MD5) OUT=$(printf "gemini://host.name/autoidx\r\n" | ../vger -d var/gemini/ -i | tee /dev/stderr | MD5)
if ! [ $OUT = "5742b21d465e377074408045a71656dc" ] ; then echo "error" ; exit 1 ; fi if ! [ $OUT = "874f5e1af67eff6b93bedf8ac8033066" ] ; then echo "error" ; exit 1 ; fi
# auto index in directory # auto index in directory
OUT=$(printf "gemini://host.name/autoidx/\r\n" | ../vger -d var/gemini/ -i | tee /dev/stderr | MD5) OUT=$(printf "gemini://host.name/autoidx/\r\n" | ../vger -d var/gemini/ -i | tee /dev/stderr | MD5)
if ! [ $OUT = "2d4a82fea3f10ab3e123e9f9d5dd1fbc" ] ; then echo "error" ; exit 1 ; fi if ! [ $OUT = "765bbbe2add810be8eb191bbde59e258" ] ; then echo "error" ; exit 1 ; fi
# cgi simple script # cgi simple script
OUT=$(printf "gemini://host.name/cgi-bin/test.cgi\r\n" | ../vger -d var/gemini/ -c var/gemini/cgi-bin | tee /dev/stderr | MD5) OUT=$(printf "gemini://host.name/cgi-bin/test.cgi\r\n" | ../vger -d var/gemini/ -c var/gemini/cgi-bin | tee /dev/stderr | MD5)
@ -89,7 +89,7 @@ if ! [ $OUT = "fa065a67d1f7c973501d4a9e3ca2ea57" ] ; then echo "error" ; exit 1
# cgi with error # cgi with error
OUT=$(printf "gemini://host.name/cgi-bin/nope\r\n" | ../vger -d var/gemini/ -c var/gemini/cgi-bin | tee /dev/stderr | MD5) OUT=$(printf "gemini://host.name/cgi-bin/nope\r\n" | ../vger -d var/gemini/ -c var/gemini/cgi-bin | tee /dev/stderr | MD5)
if ! [ $OUT = "74ba4b36dcebec9ce9dae33033f3378a" ] ; then echo "error" ; exit 1 ; fi if ! [ $OUT = "31b98e160402a073298c12f763d5db64" ] ; then echo "error" ; exit 1 ; fi
# cgi with PATH_INFO # cgi with PATH_INFO
OUT=$(printf "gemini://host.name/cgi-bin/test.cgi/path/info\r\n" | ../vger -d var/gemini -c var/gemini/cgi-bin | tee /dev/stderr | MD5) OUT=$(printf "gemini://host.name/cgi-bin/test.cgi/path/info\r\n" | ../vger -d var/gemini -c var/gemini/cgi-bin | tee /dev/stderr | MD5)

69
utils.c
View File

@ -7,6 +7,7 @@
#include <unistd.h> #include <unistd.h>
#include "utils.h" #include "utils.h"
#include "vger.h"
#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined( __NetBSD__) || defined(__DragonFly__) #if defined(__OpenBSD__) || defined(__FreeBSD__) || defined( __NetBSD__) || defined(__DragonFly__)
#include <string.h> #include <string.h>
@ -25,8 +26,8 @@ void
eunveil(const char *path, const char *permissions) eunveil(const char *path, const char *permissions)
{ {
if (unveil(path, permissions) == -1) { if (unveil(path, permissions) == -1) {
syslog(LOG_DAEMON, "unveil on %s failed", path); status(41, "Error when unveil(), see logs");
err(1, "unveil on %s failed", path); stop(EXIT_FAILURE, "unveil on %s failed", path);
} }
} }
@ -34,8 +35,8 @@ void
epledge(const char *promises, const char *execpromises) epledge(const char *promises, const char *execpromises)
{ {
if (pledge(promises, execpromises) == -1) { if (pledge(promises, execpromises) == -1) {
syslog(LOG_DAEMON, "pledge failed for: %s", promises); status(41, "Error when pledge(), see logs");
err(1, "pledge failed for: %s", promises); stop(EXIT_FAILURE, "pledge failed for: %s", promises);
} }
} }
#endif #endif
@ -47,7 +48,8 @@ estrlcpy(char *dst, const char *src, size_t dstsize)
n = strlcpy(dst, src, dstsize); n = strlcpy(dst, src, dstsize);
if (n >= dstsize) { if (n >= dstsize) {
err(1, "strlcpy failed for %s = %s", dst, src); status(41, "strlcpy failed, see logs");
stop(EXIT_FAILURE, "strlcpy() failed for %s = %s", dst, src);
} }
return n; return n;
@ -56,11 +58,13 @@ estrlcpy(char *dst, const char *src, size_t dstsize)
size_t size_t
estrlcat(char *dst, const char *src, size_t dstsize) estrlcat(char *dst, const char *src, size_t dstsize)
{ {
size_t size; size_t size;
if ((size = strlcat(dst, src, dstsize)) >= dstsize) if ((size = strlcat(dst, src, dstsize)) >= dstsize) {
err(1, "strlcat on %s + %s", dst, src); status(41, "strlcat() failed, see logs");
stop(EXIT_FAILURE, "strlcat on %s + %s", dst, src);
}
return size; return size;
} }
int int
@ -70,25 +74,44 @@ esetenv(const char *name, const char *value, int overwrite)
ret = setenv(name, value, overwrite); ret = setenv(name, value, overwrite);
if (ret != 0) { if (ret != 0) {
err(1, "setenv %s:%s", name, value); status(41, "setenv() failed, see logs");
stop(EXIT_FAILURE, "setenv() %s:%s", name, value);
} }
return ret; return ret;
} }
/* send error in syslog, to stdout and die */
void void
errlog(const char *format, ...) echdir(const char *path)
{ {
char e[1024] = {'\0'}; if (chdir(path) == -1) {
va_list ap; switch (errno) {
case ENOTDIR: /* FALLTHROUGH */
fflush(stdout); /* make sure older messages are printed */ case ENOENT:
status(51, "file not found");
va_start(ap, format); break;
vsnprintf(e, sizeof(e), format, ap); case EACCES:
va_end(ap); status(50, "Forbidden path");
break;
syslog(LOG_DAEMON, "%s", e); default:
err(1, "%s", e); status(50, "Internal server error");
break;
}
stop(EXIT_FAILURE, "chdir(%s) failed", path);
}
}
/* read the file fd byte after byte in buffer and write it to stdout
* return number of bytes read
*/
size_t
print_file(FILE *fd)
{
ssize_t nread = 0;
ssize_t datasent = 0;
char *buffer[BUFSIZ];
while ((nread = fread(buffer, 1, sizeof(buffer), fd)) != 0)
datasent += fwrite(buffer, 1, nread, stdout);
return datasent;
} }

14
utils.h
View File

@ -1,6 +1,8 @@
void epledge(const char *, const char *); void echdir (const char *);
void errlog(const char *format, ...); void epledge(const char *, const char *);
void eunveil(const char *, const char *); void eunveil(const char *, const char *);
int esetenv(const char *, const char *, int); int esetenv(const char *, const char *, int);
size_t estrlcat(char *, const char *, size_t); size_t estrlcat(char *, const char *, size_t);
size_t estrlcpy(char *, const char *, size_t); size_t estrlcpy(char *, const char *, size_t);
size_t print_file(FILE *fd);
void set_errmsg(const char *, ...);

496
vger.c
View File

@ -21,25 +21,46 @@
#include "utils.h" #include "utils.h"
#include "vger.h" #include "vger.h"
void
stop(const int r, const char *fmt, ...)
{
va_list ap, ap2;
fflush(stdout); /* ensure all data is sent */
/* log the request and retcode */
syslog(LOG_DAEMON, "\"%s\" %i %zd", _request, _retcode, _datasiz);
if (r != EXIT_SUCCESS) {
/* log and print error */
va_copy(ap2, ap);
va_start(ap, fmt);
vsyslog(LOG_ERR, fmt, ap);
va_end(ap);
va_start(ap2, fmt);
vfprintf(stderr, fmt, ap2);
va_end(ap2);
}
exit(r);
}
void void
echdir(const char *path) status(const int code, const char *fmt, ...)
{ {
if (chdir(path) == -1) { va_list ap;
switch (errno) {
case ENOTDIR: /* FALLTHROUGH */ _datasiz += fprintf(stdout, "%i ", code);
case ENOENT:
status_error(51, "file not found"); va_start(ap, fmt);
break; _datasiz += vfprintf(stdout, fmt, ap);
case EACCES: va_end(ap);
status_error(50, "Forbidden path");
break; _datasiz += fprintf(stdout, "\r\n"); /* make sure status end correctly */
default:
status_error(50, "Internal server error"); _retcode = code; /* store return code for logs */
break;
}
errlog("failed to chdir(%s)", path);
}
} }
int int
@ -77,27 +98,36 @@ uridecode(char *uri)
} }
void void
drop_privileges(const char *user, const char *path) drop_privileges(const char *user, const char *chroot_dir, const char *cgi_dir)
{ {
struct passwd *pw; struct passwd *pw;
/* /*
* use chroot() if an user is specified requires root user to be * use chroot() if an user is specified requires root user to be
* running the program to run chroot() and then drop privileges * running the program to run chroot() and then drop privileges
*/ */
if (strlen(user) > 0) { if (*user) {
/* is root? */ /* is root? */
if (getuid() != 0) if (getuid() != 0) {
errlog("chroot requires program to be run as root"); status(41, "privileges issue, see logs");
stop(EXIT_FAILURE, "%s",
"chroot requires program to be run as root");
}
/* search user uid from name */ /* search user uid from name */
if ((pw = getpwnam(user)) == NULL) if ((pw = getpwnam(user)) == NULL) {
errlog("the user %s can't be found on the system", user); status(41, "privileges issue, see logs");
stop(EXIT_FAILURE,
"the user %s can't be found on the system", user);
}
/* chroot worked? */ /* chroot worked? */
if (chroot(path) != 0) if (chroot(chroot_dir) != 0) {
errlog("the chroot_dir %s can't be used for chroot", path); status(41, "privileges issue, see logs");
stop(EXIT_FAILURE,
"the chroot_dir %s can't be used for chroot", chroot_dir);
}
chrooted = 1; chrooted = 1;
echdir("/"); echdir("/");
@ -105,158 +135,159 @@ drop_privileges(const char *user, const char *path)
if (setgroups(1, &pw->pw_gid) || if (setgroups(1, &pw->pw_gid) ||
setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) || setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) ||
setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) { setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) {
errlog("dropping privileges to user %s (uid=%i) failed", status(41, "privileges issue, see logs");
user, pw->pw_uid); stop(EXIT_FAILURE,
"dropping privileges to user %s (uid=%i) failed", \
user, pw->pw_uid);
} }
} }
#ifdef __OpenBSD__ #ifdef __OpenBSD__
/* /*
* prevent access to files other than the one in path * prevent access to files other than the one in chroot_dir
*/ */
if (chrooted) if (chrooted)
eunveil("/", "r"); eunveil("/", "r");
else else
eunveil(path, "r"); eunveil(chroot_dir, "r");
/* permission to execute what's inside cgidir */ /* permission to execute what's inside cgi_dir */
if (strlen(cgidir) > 0) if (*cgi_dir)
eunveil(cgidir, "rx"); eunveil(cgi_dir, "rx");
eunveil(NULL, NULL); /* no more call to unveil() */ eunveil(NULL, NULL); /* no more call to unveil() */
/* promise permissions */ /* promise permissions */
if (strlen(cgidir) > 0) if (*cgi_dir)
epledge("stdio rpath exec", NULL); epledge("stdio rpath exec", NULL);
else else
epledge("stdio rpath", NULL); epledge("stdio rpath", NULL);
#endif #endif
if (!chrooted) if (!chrooted)
echdir(path); /* move to the gemini data directory */ echdir(chroot_dir); /* move to the gemini data directory */
} }
void ssize_t
status(const int code, const char *file_mime)
{
if (strcmp(file_mime, "text/gemini") == 0)
printf("%i %s; %s\r\n", code, file_mime, lang);
else
printf("%i %s\r\n", code, file_mime);
}
void
status_redirect(const int code, const char *url)
{
printf("%i %s\r\n",
code, url);
}
void
status_error(const int code, const char *reason)
{
printf("%i %s\r\n",
code, reason);
}
void
display_file(const char *fname) display_file(const char *fname)
{ {
FILE *fd = NULL; FILE *fd = NULL;
struct stat sb = {0};
ssize_t nread = 0;
const char *file_mime; const char *file_mime;
char *buffer[BUFSIZ];
char target[FILENAME_MAX] = {'\0'};
char tmp[PATH_MAX] = {'\0'}; /* used to build
* temporary path */
/* /*
* special case : fname empty. The user requested just the directory * special case : fname empty. The user requested just a dir name
* name
*/ */
if (strlen(fname) == 0) { if ((strlen(fname) == 0) && (doautoidx)) {
if (stat("index.gmi", &sb) == 0) { /* no index.gmi, so display autoindex if enabled */
/* there is index.gmi in the current directory */ _datasiz += autoindex(".");
display_file("index.gmi"); return _datasiz;
return;
} else if (doautoidx) {
/* no index.gmi, so display autoindex if enabled */
autoindex(".");
return;
} else {
goto err;
}
}
/* this is to check if path exists and obtain metadata later */
if (stat(fname, &sb) == -1) {
/*
* check if fname is a symbolic link if so, redirect using
* its target
*/
if (lstat(fname, &sb) != -1 && S_ISLNK(sb.st_mode) == 1)
goto redirect;
else
goto err;
}
/* check if directory */
if (S_ISDIR(sb.st_mode) != 0) {
/* no ending "/", redirect to "fname/" */
estrlcpy(tmp, fname, sizeof(tmp));
estrlcat(tmp, "/", sizeof(tmp));
status_redirect(31, tmp);
return;
} }
/* open the file requested */ /* open the file requested */
if ((fd = fopen(fname, "r")) == NULL) if ((fd = fopen(fname, "r")) != NULL) {
goto err; file_mime = get_file_mime(fname, default_mime);
if (strcmp(file_mime, "text/gemini") == 0)
status(20, "%s; %s", file_mime, lang);
else
status(20, "%s", file_mime);
file_mime = get_file_mime(fname, default_mime); _datasiz += print_file(fd);
fclose(fd); /* close file descriptor */
} else {
/* return an error code and no content.
* seems unlikely to happen unless the file vanished
* since we checked with stat() if it exists
*/
status(51, "%s", "file not found and may have vanished");
}
status(20, file_mime); return _datasiz;
/* read the file byte after byte in buffer and write it to stdout */
while ((nread = fread(buffer, 1, sizeof(buffer), fd)) != 0)
fwrite(buffer, 1, nread, stdout);
goto closefd; /* close file descriptor */
syslog(LOG_DAEMON, "path served %s", fname);
return;
err:
/* return an error code and no content */
status_error(51, "file not found");
syslog(LOG_DAEMON, "path invalid %s", fname);
goto closefd;
redirect:
/* read symbolic link target to redirect */
if (readlink(fname, target, FILENAME_MAX) == -1)
goto err;
status_redirect(30, target);
syslog(LOG_DAEMON, "redirection from %s to %s", fname, target);
closefd:
if (S_ISREG(sb.st_mode) != 0)
fclose(fd);
} }
void int
do_cgi(const char *chroot_dir, const char *cgi_dir, const char *path, const char *hostname, const char *query)
{
/* WARNING : this function is fragile since it
* compares path using the string to access them.
* It would be preferable to use stat() to check
* if two path refer to the same inode
*/
char cgirp[PATH_MAX] = {'\0'}; /* cgi dir path in chroot */
char cgifp[PATH_MAX] = {'\0'}; /* cgi file to execute */
char *path_info = NULL;
/* check if path starts with cgi_dir
* compare beginning of path with cgi_dir
* path + 2 : skip "./"
* cgi_dir + strlen(chrootdir) (skip chrootdir)
*/
estrlcpy(cgirp, cgi_dir + strlen(chroot_dir), sizeof(cgirp));
/* ensure there is no leading / if user didn't end chrootdir with */
while (*cgirp == '/')
estrlcpy(cgirp, cgirp+1, sizeof(cgirp));
if (strncmp(cgirp, path+2, strlen(cgirp)) != 0)
return 1; /* not in cgi_dir, go to display_file */
/* set env variables for CGI
* see
* https://lists.orbitalfox.eu/archives/gemini/2020/000315.html
*/
esetenv("GATEWAY_INTERFACE", "CGI/1.1", 1);
esetenv("SERVER_PROTOCOL", "GEMINI", 1);
esetenv("SERVER_SOFTWARE", "vger/1", 1);
if (*query)
esetenv("QUERY_STRING", query, 1);
/*
* if in cgi_dir, only the first file after cgi_dir/FILE
* is to be executed
* the rest is PATH_INFO
*/
/* find next item after cgi_dir in path:
* path + 2 (skip "./") + strlen(cgirp) + 1 (skip '/')
*/
/* cgi file to execute */
estrlcpy(cgifp, path + 2 + strlen(cgirp) + 1, sizeof(cgifp));
if (!(*cgifp)) /* problem with cgi file, abort */
return 1;
/* check if there is something after cgi file for PATH_INFO */
path_info = strchr(cgifp, '/');
if (path_info != NULL) {
esetenv("PATH_INFO", path_info, 1);
*path_info = '\0'; /* stop cgifp before PATH_INFO */
}
esetenv("SCRIPT_NAME", cgifp, 1);
esetenv("SERVER_NAME", hostname, 1);
echdir(cgirp);
cgi(cgifp);
return 0;
}
ssize_t
autoindex(const char *path) autoindex(const char *path)
{ {
/* display liks to files in path + a link to parent (..) */ /* display list of files in path + a link to parent (..) */
int n = 0; int n = 0;
struct dirent **namelist; /* this must be freed at last */ struct dirent **namelist; /* this must be freed at last */
size_t bs = 0;
syslog(LOG_DAEMON, "autoindex: %s", path);
/* use alphasort to always have the same order on every system */ /* use alphasort to always have the same order on every system */
if ((n = scandir(path, &namelist, NULL, alphasort)) < 0) { if ((n = scandir(path, &namelist, NULL, alphasort)) < 0) {
status_error(50, "Internal server error"); status(50, "Can't scan %s", path);
errlog("Can't scan %s", path);
} else { } else {
status(20, "text/gemini"); status(20, "text/gemini");
printf("=> .. ../\n"); /* display link to parent */ bs += fprintf(stdout, "=> .. ../\n"); /* display link to parent */
for (int j = 0; j < n; j++) { for (int j = 0; j < n; j++) {
/* skip self and parent */ /* skip self and parent */
if ((strcmp(namelist[j]->d_name, ".") == 0) || if ((strcmp(namelist[j]->d_name, ".") == 0) ||
@ -264,25 +295,33 @@ autoindex(const char *path)
continue; continue;
} }
/* add "/" at the end of a directory path */ /* add "/" at the end of a directory path */
if (namelist[j]->d_type == DT_DIR) if (namelist[j]->d_type == DT_DIR) {
printf("=> ./%s/ %s/\n", namelist[j]->d_name, namelist[j]->d_name); bs += fprintf(stdout, "=> ./%s/ %s/\n",
else namelist[j]->d_name, namelist[j]->d_name);
printf("=> ./%s %s\n", namelist[j]->d_name, namelist[j]->d_name); } else {
bs += fprintf(stdout, "=> ./%s %s\n",
namelist[j]->d_name, namelist[j]->d_name);
}
free(namelist[j]); free(namelist[j]);
} }
free(namelist); free(namelist);
} }
return bs;
} }
void void
cgi(const char *cgicmd) cgi(const char *cgicmd)
{ {
/* TODO? cgi currently return the wrong data size unless we switch from execl to popen */
/* run cgicmd replacing current process */ /* run cgicmd replacing current process */
_datasiz = -1; /* bytes sent by cgi are unknown */
execl(cgicmd, cgicmd, NULL); execl(cgicmd, cgicmd, NULL);
/* if execl is ok, this will never be reached */ /* if execl is ok, this will never be reached */
status(42, "Couldn't execute CGI script"); status(42, "error when trying run cgi");
errlog("error when trying to execl %s", cgicmd); stop(EXIT_FAILURE, "error when trying to execl %s", cgicmd);
exit(1);
} }
void void
@ -295,3 +334,172 @@ strip_trailing_slash(char *path)
while (path[end] == '/') while (path[end] == '/')
path[end--] = '\0'; path[end--] = '\0';
} }
char *
check_request(char *request)
{
/*
* read the request, check for errors and sanitize the input
*/
char *pos = NULL;
/* read 1024 +1 chars from stdin to get the request (1024 + \0) */
if (fgets(request, GEMINI_REQUEST_MAX, stdin) == NULL) {
/* EOF reached before reading anything */
if (feof(stdin)) {
status(59, "%s", "request is too short and probably empty");
stop(EXIT_FAILURE, "%s", "request is too short and probably empty");
/* error before reading anything */
} else if (ferror(stdin)) {
status(59, "Error while reading request: %s", request);
stop(EXIT_FAILURE, "Error while reading request: %s", request);
}
}
/* check if string ends with '\n', or to long */
if (request[strnlen(request, GEMINI_REQUEST_MAX) - 1] != '\n') {
status(59, "request is too long (1024 max): %s", request);
stop(EXIT_FAILURE, "request is too long (1024 max): %s", request);
}
/* remove \r\n at the end of string */
request[strcspn(request, "\r\n")] = '\0';
/*
* check if the beginning of the request starts with
* gemini://
*/
if (strncmp(request, "gemini://", GEMINI_PART) != 0) {
/* error code url malformed */
status(59, "request «%s» doesn't match gemini://", request);
stop(EXIT_FAILURE, "request «%s» doesn't match gemini://", request);
}
/* save request for logs */
estrlcpy(_request, request, sizeof(_request));
/* remove the gemini:// part */
memmove(request, request + GEMINI_PART, strlen(request) + 1 - GEMINI_PART);
/* remove all "/.." for safety reasons */
while ((pos = strstr(request, "/..")) != NULL)
memmove(request, pos + 3, strlen(pos) + 1 - 3); /* "/.." = 3 */
return request;
}
char *
get_hostname(const char *request, char *hstnm, size_t hstnmsiz)
{
char *pos = NULL;
/* first make a copy of request */
estrlcpy(hstnm, request, hstnmsiz);
/* look for hostname : stops at first '/' if any */
if ( (pos = strchr(hstnm, '/')) != NULL)
pos[0] = '\0'; /* end string at the end of hostname */
/* check if client added :port at end of hostname and remove it */
if ( (pos = strchr(hstnm, ':')) != NULL)
pos[0] = '\0'; /* end string at : */
return hstnm;
}
char *
get_path(const char *request, char *path, size_t pathsiz, int virtualhost, const char *hostname)
{
char *pos = NULL;
/* path must be relative to chroot */
estrlcpy(path, "./", pathsiz);
/* path is in a subdir named hostname */
if (virtualhost) {
estrlcat(path, hostname, pathsiz);
estrlcat(path, "/", pathsiz);
}
/* path is after hostname/ */
pos = strchr(request, '/');
if (pos != NULL) /* append the path. pos +1 to remove leading '/' */
estrlcat(path, pos+1, pathsiz);
return path;
}
void
check_path(char *path, size_t pathsiz, const char *hstnm, int virtualhost)
{
struct stat sb = {0};
char tmp[PATH_MAX] = {'\0'};
if (stat(path, &sb) == -1) {
if (lstat(path, &sb) != -1 && S_ISLNK(sb.st_mode) == 1) {
if (readlink(path, tmp, sizeof(tmp)) > 0) {
status(30, "%s", tmp);
stop(EXIT_SUCCESS, NULL);
}
}
status(51, "%s", "file not found");
stop(EXIT_SUCCESS, NULL);
}
if (S_ISDIR(sb.st_mode)) {
/* check if dir path end with "/" */
if (path[strlen(path) - 1] != '/') {
/* redirect to the dir with appropriate ending '/' */
/* remove leading '.' for redirection*/
if (virtualhost) /* remove ./host.name */
memmove(path, path+2+strlen(hstnm),
strlen(path + 2) + strlen(hstnm) + 1);
else
memmove(path, path+1,
strlen(path + 1) + 1); /* +1 for \0 */
estrlcat(path, "/", pathsiz);
status(31, "%s", path);
stop(EXIT_SUCCESS, NULL);
}
/* check if DEFAULT_INDEX exists in directory */
estrlcpy(tmp, path, sizeof(tmp));
estrlcat(tmp, "/", sizeof(tmp));
estrlcat(tmp, DEFAULT_INDEX, sizeof(tmp));
if (stat(tmp, &sb) == 0)
estrlcpy(path, tmp, pathsiz);
}
}
void
get_dir_file(char *path, char *dir, size_t dirsiz, char *file, size_t filesiz)
{
char *pos = NULL;
pos = strrchr(path, '/');
if (pos != NULL) {
estrlcpy(file, pos+1, filesiz); /* +1 : not heading / */
pos[0] = '\0'; /* stop path at file */
estrlcpy(dir, path, dirsiz);
} else {
estrlcpy(file, path, filesiz);
}
}
char *
get_query(char *path, char *query, size_t querysiz)
{
char *pos = NULL;
/* remove a query string before percent decoding */
/* look for "?" if any to set query for cgi, remove it */
pos = strchr(path, '?');
if (pos != NULL) {
estrlcpy(query, pos + 1, querysiz);
pos[0] = '\0'; /* path end where query begins */
}
return query;
}

30
vger.h
View File

@ -11,17 +11,27 @@
*/ */
#define GEMINI_REQUEST_MAX 1025 #define GEMINI_REQUEST_MAX 1025
void autoindex(const char *); /* global vars */
void cgi (const char *cgicmd); static int _retcode = 0;
void display_file(const char *); static ssize_t _datasiz = 0;
void drop_privileges(const char *, const char *); static char _request[GEMINI_REQUEST_MAX] = {'\0'};
void echdir (const char *);
void status (const int, const char *);
void status_redirect(const int, const char *);
void status_error(const int, const char *);
void strip_trailing_slash(char *path);
int uridecode (char *);
/* functions */
ssize_t autoindex(const char *);
void cgi(const char *);
char * check_request(char *);
void check_path(char *, size_t, const char *, int);
ssize_t display_file(const char *);
int do_cgi(const char *, const char *, const char *, const char *, const char *);
void drop_privileges(const char *, const char *, const char *);
void get_dir_file(char *, char *, size_t, char *, size_t);
char * get_hostname(const char *, char *, size_t);
char * get_path(const char *, char *, size_t, int, const char *);
char * get_query(char *, char *, size_t);
void status(const int, const char *, ...);
void strip_trailing_slash(char *);
int uridecode (char *);
void stop(const int, const char *, ...);
#endif // vger_h_INCLUDED #endif // vger_h_INCLUDED