Add simple cgi support +:
* read file byte after byte * format code (syslog + err) * move functions in utils.c
This commit is contained in:
parent
332a5cd1d6
commit
470e47a018
10 changed files with 268 additions and 67 deletions
9
Makefile
9
Makefile
|
@ -2,13 +2,18 @@ PREFIX?=/usr/local/
|
||||||
CFLAGS += -pedantic -Wall -Wextra -Wmissing-prototypes \
|
CFLAGS += -pedantic -Wall -Wextra -Wmissing-prototypes \
|
||||||
-Wstrict-prototypes -Wwrite-strings
|
-Wstrict-prototypes -Wwrite-strings
|
||||||
|
|
||||||
|
.SUFFIXES: .c .o
|
||||||
|
|
||||||
|
.c.o:
|
||||||
|
${CC} ${CFLAGS} -c $<
|
||||||
|
|
||||||
all: vger
|
all: vger
|
||||||
|
|
||||||
clean:
|
clean:
|
||||||
rm -f vger *.core *.o
|
rm -f vger *.core *.o
|
||||||
|
|
||||||
vger: main.o mimes.o opts.h
|
vger: main.o mimes.o utils.o opts.h
|
||||||
${CC} -o vger main.o mimes.o
|
${CC} ${CFLAGS} -o $@ main.o mimes.o utils.o
|
||||||
|
|
||||||
install: vger
|
install: vger
|
||||||
install -o root -g wheel vger ${PREFIX}/bin/
|
install -o root -g wheel vger ${PREFIX}/bin/
|
||||||
|
|
|
@ -55,7 +55,7 @@ without a `-d` parameter.
|
||||||
- `-u username`: enable chroot to the data directory and drop privileges to `username`.
|
- `-u username`: enable chroot to the data directory and drop privileges to `username`.
|
||||||
- `-m MIME` : use MIME as default instead of "application/octet-stream".
|
- `-m MIME` : use MIME as default instead of "application/octet-stream".
|
||||||
- `-i` : Enable auto index if no "index.gmi" file is found in a directory.
|
- `-i` : Enable auto index if no "index.gmi" file is found in a directory.
|
||||||
|
- `-c CGI_PATH` : Exec CGI_PATH instead of serving it.
|
||||||
|
|
||||||
|
|
||||||
# How to configure Vger using relayd and inetd
|
# How to configure Vger using relayd and inetd
|
||||||
|
|
184
main.c
184
main.c
|
@ -1,9 +1,11 @@
|
||||||
#include <sys/stat.h>
|
|
||||||
#include <sys/types.h>
|
#include <sys/types.h>
|
||||||
|
#include <sys/stat.h>
|
||||||
|
#include <sys/wait.h>
|
||||||
|
|
||||||
#include <dirent.h>
|
#include <dirent.h>
|
||||||
#include <err.h>
|
#include <err.h>
|
||||||
#include <errno.h>
|
#include <errno.h>
|
||||||
|
#include <fcntl.h>
|
||||||
#include <limits.h>
|
#include <limits.h>
|
||||||
#include <pwd.h>
|
#include <pwd.h>
|
||||||
#include <stdarg.h>
|
#include <stdarg.h>
|
||||||
|
@ -15,6 +17,7 @@
|
||||||
|
|
||||||
#include "mimes.h"
|
#include "mimes.h"
|
||||||
#include "opts.h"
|
#include "opts.h"
|
||||||
|
#include "utils.h"
|
||||||
|
|
||||||
#define GEMINI_PART 9
|
#define GEMINI_PART 9
|
||||||
#define GEMINI_REQUEST_MAX 1024 /* see https://gemini.circumlunar.space/docs/specification.html */
|
#define GEMINI_REQUEST_MAX 1024 /* see https://gemini.circumlunar.space/docs/specification.html */
|
||||||
|
@ -22,45 +25,11 @@
|
||||||
|
|
||||||
|
|
||||||
void autoindex(const char *);
|
void autoindex(const char *);
|
||||||
|
void cgi(const char *cgicmd);
|
||||||
void display_file(const char *);
|
void display_file(const char *);
|
||||||
void status(const int, const char *);
|
void status(const int, const char *);
|
||||||
void status_redirect(const int, const char *);
|
void status_redirect(const int, const char *);
|
||||||
void drop_privileges(const char *, const char *);
|
void drop_privileges(const char *, const char *);
|
||||||
void eunveil(const char *, const char *);
|
|
||||||
size_t estrlcat(char *, const char *, size_t);
|
|
||||||
size_t estrlcpy(char *, const char *, size_t);
|
|
||||||
|
|
||||||
void
|
|
||||||
eunveil(const char *path, const char *permissions)
|
|
||||||
{
|
|
||||||
if (unveil(path, permissions) == -1) {
|
|
||||||
syslog(LOG_DAEMON, "unveil on %s failed", path);
|
|
||||||
err(1, "unveil");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
size_t
|
|
||||||
estrlcpy(char *dst, const char *src, size_t dstsize)
|
|
||||||
{
|
|
||||||
size_t n = 0;
|
|
||||||
|
|
||||||
n = strlcpy(dst, src, dstsize);
|
|
||||||
if (n >= dstsize) {
|
|
||||||
err(1, "strlcyp failed for %s = %s", dst, src);
|
|
||||||
}
|
|
||||||
|
|
||||||
return n;
|
|
||||||
}
|
|
||||||
|
|
||||||
size_t
|
|
||||||
estrlcat(char *dst, const char *src, size_t dstsize)
|
|
||||||
{
|
|
||||||
size_t size;
|
|
||||||
if ((size = strlcat(dst, src, dstsize)) >= dstsize)
|
|
||||||
err(1, "strlcat on %s + %s", dst, src);
|
|
||||||
|
|
||||||
return size;
|
|
||||||
}
|
|
||||||
|
|
||||||
void
|
void
|
||||||
drop_privileges(const char *user, const char *path)
|
drop_privileges(const char *user, const char *path)
|
||||||
|
@ -76,31 +45,26 @@ drop_privileges(const char *user, const char *path)
|
||||||
|
|
||||||
/* is root? */
|
/* is root? */
|
||||||
if (getuid() != 0) {
|
if (getuid() != 0) {
|
||||||
syslog(LOG_DAEMON, "chroot requires program to be run as root");
|
errlog("chroot requires program to be run as root");
|
||||||
errx(1, "chroot requires root user");
|
|
||||||
}
|
}
|
||||||
/* search user uid from name */
|
/* search user uid from name */
|
||||||
if ((pw = getpwnam(user)) == NULL) {
|
if ((pw = getpwnam(user)) == NULL) {
|
||||||
syslog(LOG_DAEMON, "the user %s can't be found on the system", user);
|
errlog("the user %s can't be found on the system", user);
|
||||||
err(1, "finding user");
|
|
||||||
}
|
}
|
||||||
/* chroot worked? */
|
/* chroot worked? */
|
||||||
if (chroot(path) != 0) {
|
if (chroot(path) != 0) {
|
||||||
syslog(LOG_DAEMON, "the chroot_dir %s can't be used for chroot", path);
|
errlog("the chroot_dir %s can't be used for chroot", path);
|
||||||
err(1, "chroot");
|
|
||||||
}
|
}
|
||||||
chrooted = 1;
|
chrooted = 1;
|
||||||
if (chdir("/") == -1) {
|
if (chdir("/") == -1) {
|
||||||
syslog(LOG_DAEMON, "failed to chdir(\"/\")");
|
errlog("failed to chdir(\"/\")");
|
||||||
err(1, "chdir");
|
|
||||||
}
|
}
|
||||||
/* drop privileges */
|
/* drop privileges */
|
||||||
if (setgroups(1, &pw->pw_gid) ||
|
if (setgroups(1, &pw->pw_gid) ||
|
||||||
setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) ||
|
setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) ||
|
||||||
setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) {
|
setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) {
|
||||||
syslog(LOG_DAEMON, "dropping privileges to user %s (uid=%i) failed",
|
errlog("dropping privileges to user %s (uid=%i) failed",
|
||||||
user, pw->pw_uid);
|
user, pw->pw_uid);
|
||||||
err(1, "Can't drop privileges");
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#ifdef __OpenBSD__
|
#ifdef __OpenBSD__
|
||||||
|
@ -112,13 +76,20 @@ drop_privileges(const char *user, const char *path)
|
||||||
} else {
|
} else {
|
||||||
eunveil(path, "r");
|
eunveil(path, "r");
|
||||||
}
|
}
|
||||||
|
if (strlen(cgibin) > 0) {
|
||||||
|
char cgifullpath[PATH_MAX] = {'\0'};
|
||||||
|
estrlcpy(cgifullpath, path, sizeof(cgifullpath));
|
||||||
|
estrlcat(cgifullpath, cgibin, sizeof(cgifullpath));
|
||||||
|
eunveil(cgifullpath, "rx");
|
||||||
|
}
|
||||||
/*
|
/*
|
||||||
* prevent system calls other parsing queryfor fread file and
|
* prevent system calls other parsing queryfor fread file and
|
||||||
* write to stdio
|
* write to stdio
|
||||||
*/
|
*/
|
||||||
if (pledge("stdio rpath", NULL) == -1) {
|
if (strlen(cgibin) > 0) {
|
||||||
syslog(LOG_DAEMON, "pledge call failed");
|
epledge("stdio rpath exec proc", NULL);
|
||||||
err(1, "pledge");
|
} else {
|
||||||
|
epledge("stdio rpath", NULL);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
@ -168,8 +139,8 @@ display_file(const char *uri)
|
||||||
if (fp[strlen(fp) -1 ] != '/') {
|
if (fp[strlen(fp) -1 ] != '/') {
|
||||||
/* no ending "/", redirect to "path/" */
|
/* no ending "/", redirect to "path/" */
|
||||||
char new_uri[PATH_MAX] = {'\0'};
|
char new_uri[PATH_MAX] = {'\0'};
|
||||||
estrlcpy(new_uri, uri, sizeof(fp));
|
estrlcpy(new_uri, uri, sizeof(new_uri));
|
||||||
estrlcat(new_uri, "/", sizeof(fp));
|
estrlcat(new_uri, "/", sizeof(new_uri));
|
||||||
status_redirect(31, new_uri);
|
status_redirect(31, new_uri);
|
||||||
return;
|
return;
|
||||||
|
|
||||||
|
@ -199,8 +170,8 @@ display_file(const char *uri)
|
||||||
status(20, file_mime);
|
status(20, file_mime);
|
||||||
|
|
||||||
/* read the file and write it to stdout */
|
/* read the file and write it to stdout */
|
||||||
while ((nread = fread(buffer, sizeof(char), sizeof(buffer), fd)) != 0)
|
while ((nread = fread(buffer, 1, sizeof(buffer), fd)) != 0)
|
||||||
fwrite(buffer, sizeof(char), nread, stdout);
|
fwrite(buffer, 1, nread, stdout);
|
||||||
goto closefd;
|
goto closefd;
|
||||||
syslog(LOG_DAEMON, "path served %s", fp);
|
syslog(LOG_DAEMON, "path served %s", fp);
|
||||||
|
|
||||||
|
@ -257,6 +228,59 @@ autoindex(const char *path)
|
||||||
closedir(fd);
|
closedir(fd);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void
|
||||||
|
cgi(const char *cgicmd)
|
||||||
|
{
|
||||||
|
|
||||||
|
int pipedes[2] = {0};
|
||||||
|
pid_t pid;
|
||||||
|
|
||||||
|
if (pipe(pipedes) != 0) {
|
||||||
|
err(1, "pipe failed");
|
||||||
|
}
|
||||||
|
|
||||||
|
pid = fork();
|
||||||
|
|
||||||
|
if (pid < 0) {
|
||||||
|
close(pipedes[0]);
|
||||||
|
close(pipedes[1]);
|
||||||
|
err(1, "fork failed");
|
||||||
|
}
|
||||||
|
|
||||||
|
if (pid > 0) { /* parent */
|
||||||
|
char buf[3];
|
||||||
|
size_t nread = 0;
|
||||||
|
FILE *output = NULL;
|
||||||
|
|
||||||
|
close(pipedes[1]); /* make sure entry is closed so fread() gets EOF */
|
||||||
|
|
||||||
|
/* use fread/fwrite because are buffered */
|
||||||
|
output = fdopen(pipedes[0], "r");
|
||||||
|
if (output == NULL) {
|
||||||
|
err(1, "fdopen failed");
|
||||||
|
}
|
||||||
|
|
||||||
|
/* read pipe output */
|
||||||
|
while ((nread = fread(buf, 1, sizeof(buf), output)) != 0) {
|
||||||
|
fwrite(buf, 1, nread, stdout);
|
||||||
|
}
|
||||||
|
close(pipedes[0]);
|
||||||
|
fclose(output);
|
||||||
|
|
||||||
|
wait(NULL); /* wait for child to terminate */
|
||||||
|
|
||||||
|
exit(0);
|
||||||
|
|
||||||
|
} else if (pid == 0) { /* child */
|
||||||
|
dup2(pipedes[1], STDOUT_FILENO); /* set pipe output equal to stdout */
|
||||||
|
close(pipedes[1]); /* no need this file descriptor : it is now stdout */
|
||||||
|
execlp(cgicmd, cgicmd, NULL);
|
||||||
|
/* if execlp is ok, this will never be reached */
|
||||||
|
status(42, "text/plain");
|
||||||
|
errlog("error when trying to execlp %s", cgicmd);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
main(int argc, char **argv)
|
main(int argc, char **argv)
|
||||||
{
|
{
|
||||||
|
@ -268,7 +292,7 @@ main(int argc, char **argv)
|
||||||
int option = 0;
|
int option = 0;
|
||||||
char *pos = NULL;
|
char *pos = NULL;
|
||||||
|
|
||||||
while ((option = getopt(argc, argv, ":d:l:m:u:vi")) != -1) {
|
while ((option = getopt(argc, argv, ":d:l:m:u:c:vi")) != -1) {
|
||||||
switch (option) {
|
switch (option) {
|
||||||
case 'd':
|
case 'd':
|
||||||
estrlcpy(chroot_dir, optarg, sizeof(chroot_dir));
|
estrlcpy(chroot_dir, optarg, sizeof(chroot_dir));
|
||||||
|
@ -283,6 +307,9 @@ main(int argc, char **argv)
|
||||||
case 'u':
|
case 'u':
|
||||||
estrlcpy(user, optarg, sizeof(user));
|
estrlcpy(user, optarg, sizeof(user));
|
||||||
break;
|
break;
|
||||||
|
case 'c':
|
||||||
|
estrlcpy(cgibin, optarg, sizeof(cgibin));
|
||||||
|
break;
|
||||||
case 'v':
|
case 'v':
|
||||||
virtualhost = 1;
|
virtualhost = 1;
|
||||||
break;
|
break;
|
||||||
|
@ -303,8 +330,7 @@ main(int argc, char **argv)
|
||||||
*/
|
*/
|
||||||
if (fgets(request, GEMINI_REQUEST_MAX, stdin) == NULL) {
|
if (fgets(request, GEMINI_REQUEST_MAX, stdin) == NULL) {
|
||||||
status(59, "request is too long (1024 max)");
|
status(59, "request is too long (1024 max)");
|
||||||
syslog(LOG_DAEMON, "request is too long (1024 max): %s", request);
|
errlog("request is too long (1024 max): %s", request);
|
||||||
exit(1);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* remove \r\n at the end of string */
|
/* remove \r\n at the end of string */
|
||||||
|
@ -318,9 +344,8 @@ main(int argc, char **argv)
|
||||||
*/
|
*/
|
||||||
if (strncmp(request, "gemini://", GEMINI_PART) != 0) {
|
if (strncmp(request, "gemini://", GEMINI_PART) != 0) {
|
||||||
/* error code url malformed */
|
/* error code url malformed */
|
||||||
syslog(LOG_DAEMON, "request «%s» doesn't match gemini://",
|
errlog("request «%s» doesn't match gemini://",
|
||||||
request);
|
request);
|
||||||
exit(1);
|
|
||||||
}
|
}
|
||||||
syslog(LOG_DAEMON, "request %s", request);
|
syslog(LOG_DAEMON, "request %s", request);
|
||||||
|
|
||||||
|
@ -364,8 +389,47 @@ main(int argc, char **argv)
|
||||||
estrlcpy(uri, new_uri, sizeof(uri));
|
estrlcpy(uri, new_uri, sizeof(uri));
|
||||||
}
|
}
|
||||||
|
|
||||||
/* open file and send it to stdout */
|
/* check if uri is cgibin */
|
||||||
display_file(uri);
|
if ((strlen(cgibin) > 0) &&
|
||||||
|
(strncmp(uri, cgibin, strlen(cgibin)) == 0)
|
||||||
|
) {
|
||||||
|
char cgipath[PATH_MAX] = {'\0'};
|
||||||
|
estrlcpy(cgipath, chroot_dir, sizeof(cgipath));
|
||||||
|
estrlcat(cgipath, uri, sizeof(cgipath));
|
||||||
|
/* set env variables for CGI */
|
||||||
|
/* see https://lists.orbitalfox.eu/archives/gemini/2020/000315.html */
|
||||||
|
esetenv("GATEWAY_INTERFACE", "CGI/1.1", 1);
|
||||||
|
esetenv("SERVER_PROTOCOL", "GEMINI", 1);
|
||||||
|
esetenv("SERVER_SOFTWARE", "vger/1", 1);
|
||||||
|
|
||||||
|
/* look for "?" to set query */
|
||||||
|
pos = strchr(cgipath, '?');
|
||||||
|
if (pos != NULL) {
|
||||||
|
char query[PATH_MAX] = {'\0'};
|
||||||
|
estrlcpy(query, pos+1, sizeof(query));
|
||||||
|
esetenv("QUERY_STRING", query, 1);
|
||||||
|
pos[0] = '\0';
|
||||||
|
}
|
||||||
|
/* look for an extension to find PATH_INFO */
|
||||||
|
pos = strrchr(cgipath, '.');
|
||||||
|
if (pos != NULL) {
|
||||||
|
/* found a dot */
|
||||||
|
pos = strchr(pos, '/');
|
||||||
|
if (pos != NULL) {
|
||||||
|
setenv("PATH_INFO", pos, 1);
|
||||||
|
pos[0] = '\0'; /* keep only script name */
|
||||||
|
}
|
||||||
|
}
|
||||||
|
esetenv("SCRIPT_NAME", cgipath, 1);
|
||||||
|
esetenv("SERVER_NAME", hostname, 1);
|
||||||
|
|
||||||
|
cgi(cgipath);
|
||||||
|
|
||||||
|
} else {
|
||||||
|
//TODO: percent decoding here
|
||||||
|
/* open file and send it to stdout */
|
||||||
|
display_file(uri);
|
||||||
|
}
|
||||||
|
|
||||||
return (0);
|
return (0);
|
||||||
}
|
}
|
||||||
|
|
7
opts.h
7
opts.h
|
@ -6,7 +6,8 @@
|
||||||
#define DEFAULT_AUTOIDX 0
|
#define DEFAULT_AUTOIDX 0
|
||||||
|
|
||||||
/* longest is 56 so 64 should be enough */
|
/* longest is 56 so 64 should be enough */
|
||||||
static char default_mime[64] = DEFAULT_MIME;
|
static char default_mime[64] = DEFAULT_MIME;
|
||||||
static char chroot_dir[PATH_MAX] = DEFAULT_CHROOT;
|
static char chroot_dir[PATH_MAX] = DEFAULT_CHROOT;
|
||||||
static char lang[16] = DEFAULT_LANG;
|
static char lang[16] = DEFAULT_LANG;
|
||||||
static unsigned int doautoidx = DEFAULT_AUTOIDX;
|
static unsigned int doautoidx = DEFAULT_AUTOIDX;
|
||||||
|
static char cgibin[PATH_MAX] = {'\0'};
|
||||||
|
|
|
@ -72,7 +72,19 @@ if ! [ $OUT = "874f5e1af67eff6b93bedf8ac8033066" ] ; then echo "error" ; exit 1
|
||||||
|
|
||||||
# auto index in directory
|
# auto index in directory
|
||||||
OUT=$(printf "gemini://host.name/autoidx/\r\n" | ../vger -d var/gemini/ -i | tee /dev/stderr | $MD5)
|
OUT=$(printf "gemini://host.name/autoidx/\r\n" | ../vger -d var/gemini/ -i | tee /dev/stderr | $MD5)
|
||||||
if ! [ $OUT = "770a987b8f5cf7169e6bc3c6563e1570" ] ; then echo "error" ; exit 1 ; fi
|
if ! [ $OUT = "9cb7ef77cbcd74dadafdbff47d864152" ] ; then echo "error" ; exit 1 ; fi
|
||||||
|
|
||||||
|
# cgi simple script
|
||||||
|
OUT=$(printf "gemini://host.name/cgi-bin/test.cgi\r\n" | ../vger -d var/gemini/ -c /cgi-bin | tee /dev/stderr | $MD5)
|
||||||
|
if ! [ $OUT = "ed3552892cf7edac4f81178467f6c48a" ] ; then echo "error" ; exit 1 ; fi
|
||||||
|
|
||||||
|
# cgi with use of variables
|
||||||
|
OUT=$(printf "gemini://host.name/cgi-bin/who.cgi?user=jean-mi\r\n" | ../vger -d var/gemini/ -c /cgi-bin | tee /dev/stderr | $MD5)
|
||||||
|
if ! [ $OUT = "06f710962d6504b19cdfe77f5fcff29e" ] ; then echo "error" ; exit 1 ; fi
|
||||||
|
|
||||||
|
# cgi with error
|
||||||
|
OUT=$(printf "gemini://host.name/cgi-bin/nope\r\n" | ../vger -d var/gemini/ -c /cgi-bin | tee /dev/stderr | $MD5)
|
||||||
|
if ! [ $OUT = "babaa82d5b2bd4e8d21ab412e060c890" ] ; then echo "error" ; exit 1 ; fi
|
||||||
|
|
||||||
# must fail only on OpenBSD !
|
# must fail only on OpenBSD !
|
||||||
# try to escape from unveil
|
# try to escape from unveil
|
||||||
|
|
9
tests/var/gemini/cgi-bin/test.cgi
Executable file
9
tests/var/gemini/cgi-bin/test.cgi
Executable file
|
@ -0,0 +1,9 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
echo "20 cgi_test"
|
||||||
|
|
||||||
|
echo "env vars:"
|
||||||
|
echo $GATEWAY_INTERFACE
|
||||||
|
echo $SERVER_SOFTWARE
|
||||||
|
echo $PATH_INFO
|
||||||
|
echo $QUERY_STRING
|
9
tests/var/gemini/cgi-bin/who.cgi
Executable file
9
tests/var/gemini/cgi-bin/who.cgi
Executable file
|
@ -0,0 +1,9 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
echo "20 cgi_test"
|
||||||
|
u=""
|
||||||
|
if [ -n "${QUERY_STRING}" ]; then
|
||||||
|
u="$(printf "%s" "${QUERY_STRING}" | cut -d'=' -f2)" #yeah, it's awful..
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "hello $u"
|
78
utils.c
Normal file
78
utils.c
Normal file
|
@ -0,0 +1,78 @@
|
||||||
|
#include <err.h>
|
||||||
|
#include <errno.h>
|
||||||
|
#include <stdarg.h>
|
||||||
|
#include <stdio.h>
|
||||||
|
#include <stdlib.h>
|
||||||
|
#include <string.h>
|
||||||
|
#include <syslog.h>
|
||||||
|
#include <unistd.h>
|
||||||
|
|
||||||
|
#include "utils.h"
|
||||||
|
|
||||||
|
void
|
||||||
|
eunveil(const char *path, const char *permissions)
|
||||||
|
{
|
||||||
|
if (unveil(path, permissions) == -1) {
|
||||||
|
syslog(LOG_DAEMON, "unveil on %s failed", path);
|
||||||
|
err(1, "unveil on %s failed", path);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
void
|
||||||
|
epledge(const char *promises, const char *execpromises)
|
||||||
|
{
|
||||||
|
if (pledge(promises, execpromises) == -1) {
|
||||||
|
syslog(LOG_DAEMON, "pledge failed for: %s", promises);
|
||||||
|
err(1, "pledge failed for: %s", promises);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
size_t
|
||||||
|
estrlcpy(char *dst, const char *src, size_t dstsize)
|
||||||
|
{
|
||||||
|
size_t n = 0;
|
||||||
|
|
||||||
|
n = strlcpy(dst, src, dstsize);
|
||||||
|
if (n >= dstsize) {
|
||||||
|
err(1, "strlcyp failed for %s = %s", dst, src);
|
||||||
|
}
|
||||||
|
|
||||||
|
return n;
|
||||||
|
}
|
||||||
|
|
||||||
|
size_t
|
||||||
|
estrlcat(char *dst, const char *src, size_t dstsize)
|
||||||
|
{
|
||||||
|
size_t size;
|
||||||
|
if ((size = strlcat(dst, src, dstsize)) >= dstsize)
|
||||||
|
err(1, "strlcat on %s + %s", dst, src);
|
||||||
|
|
||||||
|
return size;
|
||||||
|
}
|
||||||
|
|
||||||
|
int
|
||||||
|
esetenv(const char *name, const char *value, int overwrite)
|
||||||
|
{
|
||||||
|
int ret = 0;
|
||||||
|
ret = setenv(name, value, overwrite);
|
||||||
|
|
||||||
|
if (ret != 0) {
|
||||||
|
err(1, "setenv %s:%s", name, value);
|
||||||
|
}
|
||||||
|
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
void
|
||||||
|
errlog(const char *format, ...)
|
||||||
|
{
|
||||||
|
char e[1024] = {'\0'};
|
||||||
|
va_list ap;
|
||||||
|
|
||||||
|
va_start(ap, format);
|
||||||
|
vsnprintf(e, sizeof(e), format, ap);
|
||||||
|
va_end(ap);
|
||||||
|
|
||||||
|
syslog(LOG_DAEMON, "%s", e);
|
||||||
|
err(1, "%s", e);
|
||||||
|
}
|
6
utils.h
Normal file
6
utils.h
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
void epledge(const char *, const char *);
|
||||||
|
void errlog(const char *format, ...);
|
||||||
|
void eunveil(const char *, const char *);
|
||||||
|
int esetenv(const char *, const char *, int);
|
||||||
|
size_t estrlcat(char *, const char *, size_t);
|
||||||
|
size_t estrlcpy(char *, const char *, size_t);
|
17
vger.8
17
vger.8
|
@ -9,6 +9,7 @@
|
||||||
.Op Fl l Ar lang
|
.Op Fl l Ar lang
|
||||||
.Op Fl v
|
.Op Fl v
|
||||||
.Op Fl i
|
.Op Fl i
|
||||||
|
.Op Fl c Ar cgi_path
|
||||||
.Op Fl d Ar path
|
.Op Fl d Ar path
|
||||||
.Op Fl u Ar username
|
.Op Fl u Ar username
|
||||||
.Op Fl m Ar mimetype
|
.Op Fl m Ar mimetype
|
||||||
|
@ -40,6 +41,22 @@ Enable virtualhost support, the hostname in the query will be considered as a di
|
||||||
As example, for request gemini://hostname.example/file.gmi
|
As example, for request gemini://hostname.example/file.gmi
|
||||||
.Nm
|
.Nm
|
||||||
will read the file /var/gemini/hostname.example/file.gmi
|
will read the file /var/gemini/hostname.example/file.gmi
|
||||||
|
.It Op Fl c
|
||||||
|
Enable CGI support.
|
||||||
|
.Ar cgi_path
|
||||||
|
will be executed as a cgi script. This path is relative to the served capsule. As example, for a request gemini://hostname.example/cgi-bin/hello.cgi, one must set:
|
||||||
|
.Bd -literal -offset indent
|
||||||
|
vger -c /cgi-bin/hello.cgi
|
||||||
|
.Ed
|
||||||
|
.Pp
|
||||||
|
In this case,
|
||||||
|
.Xr pledge 2
|
||||||
|
promises are set to "stdio proc exec"
|
||||||
|
and an additional
|
||||||
|
.Xr unveil 2
|
||||||
|
permission on the cgi script is set to "rx".
|
||||||
|
.Pp
|
||||||
|
Be very careful on how you write your CGI, it can read outside the chroot.
|
||||||
.It Op Fl m Ar mimetype
|
.It Op Fl m Ar mimetype
|
||||||
Use
|
Use
|
||||||
.Ar mimetype
|
.Ar mimetype
|
||||||
|
|
Loading…
Reference in a new issue