From 15d09d2c0162f341aea9c7885859530e204d720d Mon Sep 17 00:00:00 2001 From: prx Date: Thu, 21 Oct 2021 11:41:22 +0200 Subject: [PATCH] fix user chroot issue + style --- main.c | 299 ++++++++++++++++++++++++++++----------------------------- 1 file changed, 145 insertions(+), 154 deletions(-) diff --git a/main.c b/main.c index e077856..b4f0707 100644 --- a/main.c +++ b/main.c @@ -23,22 +23,22 @@ /* lenght of "gemini://" */ #define GEMINI_PART 9 -/* - * number of bytes to read with fgets() : 2014 + 1 - * fgets() reads at most size-1 (1024 here) - * see https://gemini.circumlunar.space/docs/specification.html. +/* + * number of bytes to read with fgets() : 2014 + 1. + * fgets() reads at most size-1 (1024 here). + * See https://gemini.circumlunar.space/docs/specification.html. */ #define GEMINI_REQUEST_MAX 1025 -void autoindex(const char *); -void cgi(const char *cgicmd); +void autoindex(const char *); +void cgi (const char *cgicmd); void display_file(const char *); void drop_privileges(const char *, const char *); -void echdir(const char *); -void status(const int, const char *); -void status_redirect(const int, const char *); -void status_error(const int, const char*); -int uridecode(char *); +void echdir (const char *); +void status (const int, const char *); +void status_redirect(const int, const char *); +void status_error(const int, const char *); +int uridecode (char *); void @@ -46,7 +46,7 @@ echdir(const char *path) { if (chdir(path) == -1) { switch (errno) { - case ENOTDIR: /* FALLTHROUGH */ + case ENOTDIR: /* FALLTHROUGH */ case ENOENT: status_error(51, "file not found"); break; @@ -64,36 +64,34 @@ echdir(const char *path) int uridecode(char *uri) { - int n = 0; - char c = '\0'; - long l = 0; - char *pos = NULL; + int n = 0; + char c = '\0'; + long l = 0; + char *pos = NULL; - if ((pos = strchr(uri, '%')) == NULL) { - return n; - } - while ((pos = strchr(pos, '%')) != NULL) { - if (strlen(pos) < 3) { - return n; - } + if ((pos = strchr(uri, '%')) == NULL) + return n; - char hex[3] = {'\0'}; - for (size_t i=0; i < 2; i++) { - hex[i] = tolower(pos[i+1]); - } - errno = 0; - l = strtol(hex, 0, 16); - if (errno == ERANGE && (l == LONG_MAX || l == LONG_MIN)) { - /* conversion failed */ - continue; - } - c = (char)l; - pos[0] = c; - /* rewind of two char to remove %hex */ - memmove(pos+1 , pos + 3, strlen(pos+3) + 1); /* +1 for \0*/ - n++; - pos++; /* avoid infinite loop */ - } + while ((pos = strchr(pos, '%')) != NULL) { + if (strlen(pos) < 3) + return n; + + char hex[3] = {'\0'}; + for (size_t i = 0; i < 2; i++) + hex[i] = tolower(pos[i + 1]); + + errno = 0; + l = strtol(hex, 0, 16); + if (errno == ERANGE && (l == LONG_MAX || l == LONG_MIN)) + continue; /* conversion failed */ + + c = (char)l; + pos[0] = c; + /* rewind of two char to remove %hex */ + memmove(pos + 1, pos + 3, strlen(pos + 3) + 1); /* +1 for \0 */ + n++; + pos++; /* avoid infinite loop */ + } return n; } @@ -109,17 +107,17 @@ drop_privileges(const char *user, const char *path) if (strlen(user) > 0) { /* is root? */ - if (getuid() != 0) { - errlog("chroot requires program to be run as root"); - } + if (getuid() != 0) + errlog("chroot requires program to be run as root"); + /* search user uid from name */ - if ((pw = getpwnam(user)) == NULL) { - errlog("the user %s can't be found on the system", user); - } + if ((pw = getpwnam(user)) == NULL) + errlog("the user %s can't be found on the system", user); + /* chroot worked? */ - if (chroot(path) != 0) { - errlog("the chroot_dir %s can't be used for chroot", path); - } + if (chroot(path) != 0) + errlog("the chroot_dir %s can't be used for chroot", path); + chrooted = 1; echdir("/"); /* drop privileges */ @@ -129,40 +127,39 @@ drop_privileges(const char *user, const char *path) errlog("dropping privileges to user %s (uid=%i) failed", user, pw->pw_uid); } - } #ifdef __OpenBSD__ /* * prevent access to files other than the one in path */ - if (chrooted) { - eunveil("/", "r"); - } else { - eunveil(path, "r"); - } + if (chrooted) + eunveil("/", "r"); + else + eunveil(path, "r"); + /* permission to execute what's inside cgidir */ - if (strlen(cgidir) > 0) { - eunveil(cgidir, "rx"); - } - eunveil(NULL,NULL); /* no more call to unveil() */ + if (strlen(cgidir) > 0) + eunveil(cgidir, "rx"); + + eunveil(NULL, NULL); /* no more call to unveil() */ /* promise permissions */ - if (strlen(cgidir) > 0) { - epledge("stdio rpath exec", NULL); - } else { - epledge("stdio rpath", NULL); - } + if (strlen(cgidir) > 0) + epledge("stdio rpath exec", NULL); + else + epledge("stdio rpath", NULL); #endif + if (!chrooted) + echdir(path); /* move to the gemini data directory */ } void status(const int code, const char *file_mime) { - if (strcmp(file_mime, "text/gemini") == 0) { - printf("%i %s; %s\r\n", code, file_mime, lang); - } else { - printf("%i %s\r\n", code, file_mime); - } + if (strcmp(file_mime, "text/gemini") == 0) + printf("%i %s; %s\r\n", code, file_mime, lang); + else + printf("%i %s\r\n", code, file_mime); } void @@ -176,21 +173,25 @@ void status_error(const int code, const char *reason) { printf("%i %s\r\n", - code, reason); + code, reason); } void display_file(const char *fname) { - FILE *fd = NULL; - struct stat sb = {0}; - ssize_t nread = 0; - const char *file_mime; - char *buffer[BUFSIZ]; - char target[FILENAME_MAX] = {'\0'}; - char tmp[PATH_MAX] = {'\0'}; /* used to build temporary path */ + FILE *fd = NULL; + struct stat sb = {0}; + ssize_t nread = 0; + const char *file_mime; + char *buffer[BUFSIZ]; + char target[FILENAME_MAX] = {'\0'}; + char tmp[PATH_MAX] = {'\0'}; /* used to build + * temporary path */ - /* special case : fname empty. The user requested just the directory name */ + /* + * special case : fname empty. The user requested just the directory + * name + */ if (strlen(fname) == 0) { if (stat("index.gmi", &sb) == 0) { /* there is index.gmi in the current directory */ @@ -204,17 +205,17 @@ display_file(const char *fname) goto err; } } - /* this is to check if path exists and obtain metadata later */ if (stat(fname, &sb) == -1) { - /* check if fname is a symbolic link - * if so, redirect using its target */ + /* + * check if fname is a symbolic link if so, redirect using + * its target + */ if (lstat(fname, &sb) != -1 && S_ISLNK(sb.st_mode) == 1) - goto redirect; + goto redirect; else - goto err; + goto err; } - /* check if directory */ if (S_ISDIR(sb.st_mode) != 0) { /* no ending "/", redirect to "fname/" */ @@ -223,9 +224,9 @@ display_file(const char *fname) status_redirect(31, tmp); return; } - /* open the file requested */ - if ((fd = fopen(fname, "r")) == NULL) { goto err; } + if ((fd = fopen(fname, "r")) == NULL) + goto err; file_mime = get_file_mime(fname, default_mime); @@ -234,7 +235,7 @@ display_file(const char *fname) /* read the file byte after byte in buffer and write it to stdout */ while ((nread = fread(buffer, 1, sizeof(buffer), fd)) != 0) fwrite(buffer, 1, nread, stdout); - goto closefd; /* close file descriptor */ + goto closefd; /* close file descriptor */ syslog(LOG_DAEMON, "path served %s", fname); return; @@ -247,17 +248,15 @@ err: redirect: /* read symbolic link target to redirect */ - if (readlink(fname, target, FILENAME_MAX) == -1) { - goto err; - } + if (readlink(fname, target, FILENAME_MAX) == -1) + goto err; status_redirect(30, target); syslog(LOG_DAEMON, "redirection from %s to %s", fname, target); closefd: - if (S_ISREG(sb.st_mode) != 0) { - fclose(fd); - } + if (S_ISREG(sb.st_mode) != 0) + fclose(fd); } void @@ -265,8 +264,8 @@ autoindex(const char *path) { /* display liks to files in path + a link to parent (..) */ - int n = 0; - struct dirent **namelist; /* this must be freed at last */ + int n = 0; + struct dirent **namelist; /* this must be freed at last */ syslog(LOG_DAEMON, "autoindex: %s", path); @@ -276,19 +275,18 @@ autoindex(const char *path) errlog("Can't scan %s", path); } else { status(20, "text/gemini"); - printf("=> .. ../\n"); /* display link to parent */ - for(int j = 0; j < n; j++) { + printf("=> .. ../\n"); /* display link to parent */ + for (int j = 0; j < n; j++) { /* skip self and parent */ if ((strcmp(namelist[j]->d_name, ".") == 0) || (strcmp(namelist[j]->d_name, "..") == 0)) { continue; } /* add "/" at the end of a directory path */ - if (namelist[j]->d_type == DT_DIR) { - printf("=> ./%s/ %s/\n", namelist[j]->d_name, namelist[j]->d_name); - } else { - printf("=> ./%s %s\n", namelist[j]->d_name, namelist[j]->d_name); - } + if (namelist[j]->d_type == DT_DIR) + printf("=> ./%s/ %s/\n", namelist[j]->d_name, namelist[j]->d_name); + else + printf("=> ./%s %s\n", namelist[j]->d_name, namelist[j]->d_name); free(namelist[j]); } free(namelist); @@ -309,20 +307,20 @@ cgi(const char *cgicmd) int main(int argc, char **argv) { - char request [GEMINI_REQUEST_MAX] = {'\0'}; - char user [_SC_LOGIN_NAME_MAX] = ""; - char hostname [GEMINI_REQUEST_MAX] = {'\0'}; - char query [PATH_MAX] = {'\0'}; - char chroot_dir[PATH_MAX] = DEFAULT_CHROOT; - char file [FILENAME_MAX] = DEFAULT_INDEX; - char dir [PATH_MAX] = {'\0'}; - char *pos = NULL; - int option = 0; - int virtualhost = 0; - int docgi = 0; + char request [GEMINI_REQUEST_MAX] = {'\0'}; + char user [_SC_LOGIN_NAME_MAX] = ""; + char hostname [GEMINI_REQUEST_MAX] = {'\0'}; + char query [PATH_MAX] = {'\0'}; + char chroot_dir[PATH_MAX] = DEFAULT_CHROOT; + char file [FILENAME_MAX] = DEFAULT_INDEX; + char dir [PATH_MAX] = {'\0'}; + char *pos = NULL; + int option = 0; + int virtualhost = 0; + int docgi = 0; /* - * request : contain the whole request from client : gemini://...\r\n + * request : contain the whole request from client : gemini://...\r\n * user : username, used in drop_privileges() * hostname : extracted from hostname. used with virtualhosts and cgi SERVER_NAME * query : file requested in cgi : gemini://...?query @@ -375,19 +373,17 @@ main(int argc, char **argv) status(59, "request is too short and probably empty"); errlog("request is too short and probably empty"); - /* error before reading anything */ + /* error before reading anything */ } else if (ferror(stdin)) { status(59, "Error while reading request"); errlog("Error while reading request: %s", request); } } - /* check if string ends with '\n', or to long */ if (request[strnlen(request, GEMINI_REQUEST_MAX) - 1] != '\n') { status(59, "request is too long (1024 max)"); errlog("request is too long (1024 max): %s", request); } - /* remove \r\n at the end of string */ pos = strchr(request, '\r'); if (pos != NULL) @@ -405,95 +401,91 @@ main(int argc, char **argv) syslog(LOG_DAEMON, "request %s", request); /* remove the gemini:// part */ - memmove(request, request + GEMINI_PART, strlen(request) +1 - GEMINI_PART); + memmove(request, request + GEMINI_PART, strlen(request) + 1 - GEMINI_PART); /* remove all "/.." for safety reasons */ - while ((pos = strstr(request, "/..")) != NULL ) { - memmove(request, pos+3, strlen(pos) +1 - 3); /* "/.." = 3 */ - } - - echdir(chroot_dir); /* move to chroot */ + while ((pos = strstr(request, "/..")) != NULL) + memmove(request, pos + 3, strlen(pos) + 1 - 3); /* "/.." = 3 */ /* look for hostname in request : first thing before first / if any */ pos = strchr(request, '/'); if (pos != NULL) { /* copy what's after hostname in dir */ - estrlcpy(dir, pos, strlen(pos)+1); + estrlcpy(dir, pos, strlen(pos) + 1); /* just keep hostname in request : stop the string with \0 */ pos[0] = '\0'; } - /* check if client added :port at end of hostname and remove it */ pos = strchr(request, ':'); if (pos != NULL) { - /* end string at :*/ + /* end string at : */ pos[0] = '\0'; } - /* copy hostname from request */ estrlcpy(hostname, request, sizeof(hostname)); /* remove leading '/' in dir */ - while (dir[0] == '/') { - memmove(dir, dir+1, strlen(dir+1)+1); - } + while (dir[0] == '/') + memmove(dir, dir + 1, strlen(dir + 1) + 1); if (virtualhost) { /* add hostname at the beginning of the dir path */ - char tmp[PATH_MAX] = {'\0'}; + char tmp [PATH_MAX] = {'\0'}; estrlcpy(tmp, hostname, sizeof(tmp)); estrlcat(tmp, "/", sizeof(tmp)); estrlcat(tmp, dir, sizeof(tmp)); estrlcpy(dir, tmp, sizeof(dir)); } - /* percent decode */ uridecode(dir); - /* - * split dir and filename. - * file is last part after last '/'. - * if none found, then requested file is actually a directory + /* + * split dir and filename. file is last part after last '/'. if none + * found, then requested file is actually a directory */ if (strlen(dir) > 0) { pos = strrchr(dir, '/'); if (pos != NULL) { - estrlcpy(file, pos+1, sizeof(file)); /* +1 : no leading '/' */ + estrlcpy(file, pos + 1, sizeof(file)); /* +1 : no leading '/' */ pos[0] = '\0'; - if (strlen(dir) > 0) { - echdir(dir); /* change directory to requested directory */ - } + + /* change directory to requested directory */ + if (strlen(dir) > 0) + echdir(dir); } else { estrlcpy(file, dir, sizeof(file)); } } - if (docgi) { /* check if directory is cgidir */ - char cgifp[PATH_MAX] = {'\0'}; + char cgifp [PATH_MAX] = {'\0'}; estrlcpy(cgifp, chroot_dir, sizeof(cgifp)); - if (cgifp[strlen(cgifp)-1] != '/') { - estrlcat(cgifp, "/", sizeof(cgifp)); - } + if (cgifp[strlen(cgifp) - 1] != '/') + estrlcat(cgifp, "/", sizeof(cgifp)); + estrlcat(cgifp, dir, sizeof(cgifp)); - if (strcmp(cgifp, cgidir) != 0) { - /* not cgipath, display file content */ + + /* not cgipath, display file content */ + if (strcmp(cgifp, cgidir) != 0) goto file_to_stdout; - } + /* set env variables for CGI */ - /* see https://lists.orbitalfox.eu/archives/gemini/2020/000315.html */ + /* + * see + * https://lists.orbitalfox.eu/archives/gemini/2020/000315.htm + * l + */ esetenv("GATEWAY_INTERFACE", "CGI/1.1", 1); esetenv("SERVER_PROTOCOL", "GEMINI", 1); esetenv("SERVER_SOFTWARE", "vger/1", 1); - /* look for "?" if any to set query for cgi, remove it*/ + /* look for "?" if any to set query for cgi, remove it */ pos = strchr(file, '?'); if (pos != NULL) { - estrlcpy(query, pos+1, sizeof(query)); + estrlcpy(query, pos + 1, sizeof(query)); esetenv("QUERY_STRING", query, 1); pos[0] = '\0'; } - /* look for an extension to find PATH_INFO */ pos = strrchr(file, '.'); if (pos != NULL) { @@ -501,7 +493,7 @@ main(int argc, char **argv) pos = strchr(pos, '/'); if (pos != NULL) { setenv("PATH_INFO", pos, 1); - pos[0] = '\0'; /* keep only script name */ + pos[0] = '\0'; /* keep only script name */ } } esetenv("SCRIPT_NAME", file, 1); @@ -510,7 +502,6 @@ main(int argc, char **argv) cgi(file); return 0; } - file_to_stdout: /* regular file to stdout */ display_file(file);