diff --git a/main.c b/main.c index 68b8903..0b48179 100644 --- a/main.c +++ b/main.c @@ -20,24 +20,47 @@ #include "opts.h" #include "utils.h" +/* lenght of "gemini://" */ #define GEMINI_PART 9 -/* 2014 + 1 - * see https://gemini.circumlunar.space/docs/specification.html. + +/* + * number of bytes to read with fgets() : 2014 + 1 * fgets() reads at most size-1 (1024 here) + * see https://gemini.circumlunar.space/docs/specification.html. */ #define GEMINI_REQUEST_MAX 1025 -int virtualhost; - void autoindex(const char *); void cgi(const char *cgicmd); void display_file(const char *); +void drop_privileges(const char *, const char *); +void echdir(const char *); void status(const int, const char *); void status_redirect(const int, const char *); void status_error(const int, const char*); -void drop_privileges(const char *, const char *); int uridecode(char *); + +void +echdir(const char *path) +{ + if (chdir(path) == -1) { + switch (errno) { + case ENOTDIR: /* FALLTHROUGH */ + case ENOENT: + status_error(51, "file not found"); + break; + case EACCES: + status_error(50, "Forbidden path"); + break; + default: + status_error(50, "Internal server error"); + break; + } + errlog("failed to chdir(%s)", path); + } +} + int uridecode(char *uri) { @@ -78,7 +101,6 @@ void drop_privileges(const char *user, const char *path) { struct passwd *pw; - int chrooted = 0; /* * use chroot() if an user is specified requires root user to be @@ -99,9 +121,7 @@ drop_privileges(const char *user, const char *path) errlog("the chroot_dir %s can't be used for chroot", path); } chrooted = 1; - if (chdir("/") == -1) { - errlog("failed to chdir(\"/\")"); - } + echdir("/"); /* drop privileges */ if (setgroups(1, &pw->pw_gid) || setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) || @@ -110,8 +130,6 @@ drop_privileges(const char *user, const char *path) user, pw->pw_uid); } - /* base directory is now / */ - estrlcpy(chroot_dir, "/", sizeof(chroot_dir)); } #ifdef __OpenBSD__ /* @@ -122,25 +140,17 @@ drop_privileges(const char *user, const char *path) } else { eunveil(path, "r"); } - /* permission to execute what's inside cgipath */ - if (strlen(cgibin) > 0) { - /* first, build the full path of cgi (not in chroot) */ - char cgifullpath[PATH_MAX] = {'\0'}; - estrlcpy(cgifullpath, path, sizeof(cgifullpath)); - estrlcat(cgifullpath, cgibin, sizeof(cgifullpath)); - - eunveil(cgifullpath, "rx"); + /* permission to execute what's inside cgidir */ + if (strlen(cgidir) > 0) { + eunveil(cgidir, "rx"); } + eunveil(NULL,NULL); /* no more call to unveil() */ - /* - * prevent system calls other parsing queryfor fread file and - * write to stdio - */ - if (strlen(cgibin) > 0) { - /* cgi need execlp() (exec) */ + /* promise permissions */ + if (strlen(cgidir) > 0) { epledge("stdio rpath exec", NULL); } else { - epledge("stdio rpath", NULL); + epledge("stdio rpath unveil", NULL); } #endif } @@ -148,8 +158,11 @@ drop_privileges(const char *user, const char *path) void status(const int code, const char *file_mime) { - printf("%i %s; %s\r\n", - code, file_mime, lang); + if (strcmp(file_mime, "text/gemini") == 0) { + printf("%i %s; %s\r\n", code, file_mime, lang); + } else { + printf("%i %s\r\n", code, file_mime); + } } void @@ -167,7 +180,7 @@ status_error(const int code, const char *reason) } void -display_file(const char *uri) +display_file(const char *fname) { FILE *fd = NULL; struct stat sb = {0}; @@ -175,19 +188,28 @@ display_file(const char *uri) const char *file_mime; char *buffer[BUFSIZ]; char target[FILENAME_MAX] = {'\0'}; - char fp[PATH_MAX] = {'\0'}; char tmp[PATH_MAX] = {'\0'}; /* used to build temporary path */ - /* build file path inside chroot */ - estrlcpy(fp, chroot_dir, sizeof(fp)); - estrlcat(fp, uri, sizeof(fp)); + /* special case : fname empty. The user requested just the directory name */ + if (strlen(fname) == 0) { + if (stat("index.gmi", &sb) == 0) { + /* there is index.gmi in the current directory */ + display_file("index.gmi"); + return; + } else if (doautoidx) { + /* no index.gmi, so display autoindex if enabled */ + autoindex("."); + return; + } else { + goto err; + } + } /* this is to check if path exists and obtain metadata later */ - if (stat(fp, &sb) == -1) { - - /* check if fp is a symbolic link + if (stat(fname, &sb) == -1) { + /* check if fname is a symbolic link * if so, redirect using its target */ - if (lstat(fp, &sb) != -1 && S_ISLNK(sb.st_mode) == 1) + if (lstat(fname, &sb) != -1 && S_ISLNK(sb.st_mode) == 1) goto redirect; else goto err; @@ -195,61 +217,42 @@ display_file(const char *uri) /* check if directory */ if (S_ISDIR(sb.st_mode) != 0) { - if (fp[strlen(fp) -1 ] != '/') { - /* no ending "/", redirect to "path/" */ - if (virtualhost) - estrlcat(tmp, "gemini://", sizeof(tmp)); - estrlcat(tmp, uri, sizeof(tmp)); - estrlcat(tmp, "/", sizeof(tmp)); - status_redirect(31, tmp); - return; - - } else { - /* there is a leading "/", display index.gmi */ - estrlcpy(tmp, fp, sizeof(tmp)); - estrlcat(tmp, "index.gmi", sizeof(tmp)); - - /* check if index.gmi exists or show autoindex */ - if (stat(tmp, &sb) == 0) { - estrlcpy(fp, tmp, sizeof(fp)); - } else if (doautoidx != 0) { - autoindex(fp); - return; - } else { - goto err; - } - } + /* no ending "/", redirect to "fname/" */ + estrlcpy(tmp, fname, sizeof(tmp)); + estrlcat(tmp, "/", sizeof(tmp)); + status_redirect(31, tmp); + return; } /* open the file requested */ - if ((fd = fopen(fp, "r")) == NULL) { goto err; } + if ((fd = fopen(fname, "r")) == NULL) { goto err; } - file_mime = get_file_mime(fp, default_mime); + file_mime = get_file_mime(fname, default_mime); status(20, file_mime); /* read the file byte after byte in buffer and write it to stdout */ while ((nread = fread(buffer, 1, sizeof(buffer), fd)) != 0) fwrite(buffer, 1, nread, stdout); - goto closefd; - syslog(LOG_DAEMON, "path served %s", fp); + goto closefd; /* close file descriptor */ + syslog(LOG_DAEMON, "path served %s", fname); return; err: /* return an error code and no content */ status_error(51, "file not found"); - syslog(LOG_DAEMON, "path invalid %s", fp); + syslog(LOG_DAEMON, "path invalid %s", fname); goto closefd; redirect: /* read symbolic link target to redirect */ - if (readlink(fp, target, FILENAME_MAX) == -1) { + if (readlink(fname, target, FILENAME_MAX) == -1) { goto err; } status_redirect(30, target); - syslog(LOG_DAEMON, "redirection from %s to %s", fp, target); + syslog(LOG_DAEMON, "redirection from %s to %s", fname, target); closefd: if (S_ISREG(sb.st_mode) != 0) { @@ -260,33 +263,20 @@ closefd: void autoindex(const char *path) { + /* display liks to files in path + a link to parent (..) */ + int n = 0; - char *pos = NULL; struct dirent **namelist; /* this must be freed at last */ syslog(LOG_DAEMON, "autoindex: %s", path); - /* display link to parent */ - char parent[PATH_MAX] = {'\0'}; - /* parent is "path" without chroot_dir */ - estrlcpy(parent, path+strlen(chroot_dir), sizeof(parent)); - /* remove ending '/' */ - while (parent[strlen(parent)-1] == '/') { - parent[strlen(parent)-1] = '\0'; - } - /* remove last part after '/' */ - pos = strrchr(parent, '/'); - if (pos != NULL) { - pos[1] = '\0'; /* at worse, parent is now "/" */ - } - /* use alphasort to always have the same order on every system */ if ((n = scandir(path, &namelist, NULL, alphasort)) < 0) { status_error(50, "Internal server error"); errlog("Can't scan %s", path); } else { status(20, "text/gemini"); - printf("=> %s ../\n", parent); + printf("=> .. ../\n"); /* display link to parent */ for(int j = 0; j < n; j++) { /* skip self and parent */ if ((strcmp(namelist[j]->d_name, ".") == 0) || @@ -308,6 +298,7 @@ autoindex(const char *path) void cgi(const char *cgicmd) { + /* run cgicmd replacing current process */ execlp(cgicmd, cgicmd, NULL); /* if execlp is ok, this will never be reached */ status(42, "Couldn't execute CGI script"); @@ -318,13 +309,27 @@ cgi(const char *cgicmd) int main(int argc, char **argv) { - char request [GEMINI_REQUEST_MAX] = {'\0'}; - char hostname [GEMINI_REQUEST_MAX] = {'\0'}; - char uri [PATH_MAX] = {'\0'}; - char user [_SC_LOGIN_NAME_MAX] = ""; - char query[PATH_MAX] = {'\0'}; - int option = 0; - char *pos = NULL; + char request [GEMINI_REQUEST_MAX] = {'\0'}; + char user [_SC_LOGIN_NAME_MAX] = ""; + char hostname [GEMINI_REQUEST_MAX] = {'\0'}; + char query [PATH_MAX] = {'\0'}; + char chroot_dir[PATH_MAX] = DEFAULT_CHROOT; + char file [FILENAME_MAX] = DEFAULT_INDEX; + char dir [PATH_MAX] = {'\0'}; + char *pos = NULL; + int option = 0; + int virtualhost = 0; + int docgi = 0; + + /* + * request : contain the whole request from client : gemini://...\r\n + * user : username, used in drop_privileges() + * hostname : extracted from hostname. used with virtualhosts and cgi SERVER_NAME + * query : file requested in cgi : gemini://...?query + * file : file basename to display. Emtpy is a directory has been requested + * dir : directory requested. vger will chdir() in to find file + * pos : used to parse request and split into interesting parts + */ while ((option = getopt(argc, argv, ":d:l:m:u:c:vi")) != -1) { switch (option) { @@ -342,7 +347,8 @@ main(int argc, char **argv) estrlcpy(user, optarg, sizeof(user)); break; case 'c': - estrlcpy(cgibin, optarg, sizeof(cgibin)); + estrlcpy(cgidir, optarg, sizeof(cgidir)); + docgi = 1; break; case 'v': virtualhost = 1; @@ -354,13 +360,14 @@ main(int argc, char **argv) } /* - * do chroot if an user is supplied run pledge/unveil if OpenBSD + * do chroot if an user is supplied */ drop_privileges(user, chroot_dir); /* * read 1024 chars from stdin * to get the request + * (actually 1024 + \0) */ if (fgets(request, GEMINI_REQUEST_MAX, stdin) == NULL) { /* EOF reached before reading anything */ @@ -405,67 +412,90 @@ main(int argc, char **argv) memmove(request, pos+3, strlen(pos) +1 - 3); /* "/.." = 3 */ } - /* - * look for the first / after the hostname - * in order to split hostname and uri - */ - pos = strchr(request, '/'); + echdir(chroot_dir); /* move to chroot */ + /* look for hostname in request : first thing before first / if any */ + pos = strchr(request, '/'); if (pos != NULL) { - /* if there is a / found */ - /* separate hostname and uri */ - estrlcpy(uri, pos, strlen(pos)+1); - /* just keep hostname in request */ + /* copy what's after hostname in dir */ + estrlcpy(dir, pos, strlen(pos)+1); + /* just keep hostname in request : stop the string with \0 */ pos[0] = '\0'; } - /* check if client added :port at end of request */ + + /* check if client added :port at end of hostname and remove it */ pos = strchr(request, ':'); if (pos != NULL) { - /* end string at :*/ - pos[0] = '\0'; + /* end string at :*/ + pos[0] = '\0'; } + /* copy hostname from request */ estrlcpy(hostname, request, sizeof(hostname)); - /* look for "?" if any to set query for cgi, or remove it*/ - pos = strchr(uri, '?'); - if (pos != NULL) { - estrlcpy(query, pos+1, sizeof(query)); - esetenv("QUERY_STRING", query, 1); - pos[0] = '\0'; + /* remove leading '/' in dir */ + while (dir[0] == '/') { + memmove(dir, dir+1, strlen(dir+1)+1); } - /* - * if virtualhost feature is actived looking under the chroot_path + - * hostname directory gemini://foobar/hello will look for - * chroot_path/foobar/hello - */ if (virtualhost) { - if (strlen(uri) == 0) { - estrlcpy(uri, "/index.gmi", sizeof(uri)); - } + /* add hostname at the beginning of the dir path */ char tmp[PATH_MAX] = {'\0'}; estrlcpy(tmp, hostname, sizeof(tmp)); - estrlcat(tmp, uri, sizeof(tmp)); - estrlcpy(uri, tmp, sizeof(uri)); + estrlcat(tmp, "/", sizeof(tmp)); + estrlcat(tmp, dir, sizeof(tmp)); + estrlcpy(dir, tmp, sizeof(dir)); } - /* check if uri is cgibin */ - if ((strlen(cgibin) > 0) && - (strncmp(uri, cgibin, strlen(cgibin)) == 0)) { + /* percent decode */ + uridecode(dir); - /* cgipath with chroot_dir at the beginning */ - char cgipath[PATH_MAX] = {'\0'}; - estrlcpy(cgipath, chroot_dir, sizeof(cgipath)); - estrlcat(cgipath, uri, sizeof(cgipath)); + /* + * split dir and filename. + * file is last part after last '/'. + * if none found, then requested file is actually a directory + */ + if (strlen(dir) > 0) { + pos = strrchr(dir, '/'); + if (pos != NULL) { + estrlcpy(file, pos+1, sizeof(file)); /* +1 : no leading '/' */ + pos[0] = '\0'; + if (strlen(dir) > 0) { + echdir(dir); /* change directory to requested directory */ + } + } else { + estrlcpy(file, dir, sizeof(file)); + } + } + + if (docgi) { + /* check if directory is cgidir */ + char cgifp[PATH_MAX] = {'\0'}; + estrlcpy(cgifp, chroot_dir, sizeof(chroot_dir)); + if (cgifp[strlen(cgifp)-1] != '/') { + estrlcat(cgifp, "/", sizeof(chroot_dir)); + } + estrlcat(cgifp, dir, sizeof(chroot_dir)); + if (strcmp(cgifp, cgidir) != 0) { + /* not cgipath, display file content */ + goto file_to_stdout; + } /* set env variables for CGI */ /* see https://lists.orbitalfox.eu/archives/gemini/2020/000315.html */ esetenv("GATEWAY_INTERFACE", "CGI/1.1", 1); esetenv("SERVER_PROTOCOL", "GEMINI", 1); esetenv("SERVER_SOFTWARE", "vger/1", 1); + /* look for "?" if any to set query for cgi, remove it*/ + pos = strchr(file, '?'); + if (pos != NULL) { + estrlcpy(query, pos+1, sizeof(query)); + esetenv("QUERY_STRING", query, 1); + pos[0] = '\0'; + } + /* look for an extension to find PATH_INFO */ - pos = strrchr(cgipath, '.'); + pos = strrchr(file, '.'); if (pos != NULL) { /* found a dot */ pos = strchr(pos, '/'); @@ -474,16 +504,16 @@ main(int argc, char **argv) pos[0] = '\0'; /* keep only script name */ } } - esetenv("SCRIPT_NAME", cgipath, 1); + esetenv("SCRIPT_NAME", file, 1); esetenv("SERVER_NAME", hostname, 1); - cgi(cgipath); - - } else { - uridecode(uri); - /* open file and send it to stdout */ - display_file(uri); + cgi(file); + return 0; } +file_to_stdout: + /* regular file to stdout */ + display_file(file); + return (0); } diff --git a/mimes.c b/mimes.c index 62dd542..698bd61 100644 --- a/mimes.c +++ b/mimes.c @@ -5,6 +5,7 @@ #include "mimes.h" #include "opts.h" +/* extension to mimetype table */ static const struct { const char *extension; const char *type; @@ -124,6 +125,7 @@ get_file_mime(const char *path, const char *default_mime) size_t i; char *extension; + /* search for extension after last '.' in path */ if ((extension = strrchr(path, '.')) == NULL) goto out; diff --git a/opts.h b/opts.h index 6fafe01..c3c1957 100644 --- a/opts.h +++ b/opts.h @@ -1,13 +1,18 @@ #include /* PATH_MAX */ +/* Defaults values */ #define DEFAULT_MIME "application/octet-stream" #define DEFAULT_LANG "" #define DEFAULT_CHROOT "/var/gemini" +#define DEFAULT_INDEX "index.gmi" #define DEFAULT_AUTOIDX 0 - /* longest is 56 so 64 should be enough */ +/* + * Options used later + */ +/* longest hardcoded mimetype is 56 long so 64 should be enough */ static char default_mime[64] = DEFAULT_MIME; -static char chroot_dir[PATH_MAX] = DEFAULT_CHROOT; static char lang[16] = DEFAULT_LANG; static unsigned int doautoidx = DEFAULT_AUTOIDX; -static char cgibin[PATH_MAX] = {'\0'}; +static char cgidir[PATH_MAX] = {'\0'}; +static int chrooted = 0; diff --git a/tests/test.sh b/tests/test.sh index a3b4128..3f86c9e 100644 --- a/tests/test.sh +++ b/tests/test.sh @@ -29,23 +29,23 @@ if ! [ $OUT = "fcc5a293f316e01f7b3103f97eca26b1" ] ; then echo "error" ; exit 1 # redirect to uri with trailing / if directory OUT=$(printf "gemini://host.name/subdir\r\n" | ../vger -d var/gemini/ | tee /dev/stderr | MD5) -if ! [ $OUT = "84e5e7bb3eee0dfcc8db14865dc83e77" ] ; then echo "error" ; exit 1 ; fi +if ! [ $OUT = "b0e7e20db5ca7b80918025e7c15a8b02" ] ; then echo "error" ; exit 1 ; fi # redirect to uri with trailing / if directory and vhost enabled OUT=$(printf "gemini://perso.pw/cgi-bin\r\n" | ../vger -vd var/gemini | tee /dev/stderr | MD5) -if ! [ $OUT = "c782da4173898f57033a0804b8e96fc3" ] ; then echo "error" ; exit 1 ; fi +if ! [ $OUT = "827eef65a3cd71e2ce805bc1e05eac44" ] ; then echo "error" ; exit 1 ; fi # file from local directory with lang=fr and markdown MIME type OUT=$(printf "gemini://perso.pw/file.md\r\n" | ../vger -d var/gemini/ -l fr | tee /dev/stderr | MD5) -if ! [ $OUT = "e663f17730d5ddc24010c14a238e1e78" ] ; then echo "error" ; exit 1 ; fi +if ! [ $OUT = "09c82ffe243ce3b3cfb04c2bc4a91acb" ] ; then echo "error" ; exit 1 ; fi # file from local directory with lang=fr and unknown MIME type (default to application/octet-stream) OUT=$(printf "gemini://perso.pw/foobar.unknown\r\n" | ../vger -d var/gemini/ -l fr | tee /dev/stderr | MD5) -if ! [ $OUT = "a23b0053d759863a45da4afbffd847d2" ] ; then echo "error" ; exit 1 ; fi +if ! [ $OUT = "2c73bfb33dd2d12be322ebb85e03c015" ] ; then echo "error" ; exit 1 ; fi # file from local directory and unknown MIME type, default forced to text/plain OUT=$(printf "gemini://perso.pw/foobar.unknown\r\n" | ../vger -d var/gemini/ -m text/plain | tee /dev/stderr | MD5) -if ! [ $OUT = "383a5a5ddb7bb30e3553ecb666378ebc" ] ; then echo "error" ; exit 1 ; fi +if ! [ $OUT = "8169f43fbb2032f4054b153c38fe61d6" ] ; then echo "error" ; exit 1 ; fi # redirect file OUT=$(printf "gemini://perso.pw/old_location\r\n" | ../vger -d var/gemini/ | tee /dev/stderr | MD5) @@ -73,30 +73,26 @@ if ! [ $OUT = "e354a1a29ea8273faaf0cdc29c1d8583" ] ; then echo "error" ; exit 1 # auto index in directory without index.gmi must redirect OUT=$(printf "gemini://host.name/autoidx\r\n" | ../vger -d var/gemini/ -i | tee /dev/stderr | MD5) -if ! [ $OUT = "874f5e1af67eff6b93bedf8ac8033066" ] ; then echo "error" ; exit 1 ; fi +if ! [ $OUT = "5742b21d465e377074408045a71656dc" ] ; then echo "error" ; exit 1 ; fi # auto index in directory OUT=$(printf "gemini://host.name/autoidx/\r\n" | ../vger -d var/gemini/ -i | tee /dev/stderr | MD5) -if ! [ $OUT = "515bcb4ba5f8869360f53afe2841e044" ] ; then echo "error" ; exit 1 ; fi +if ! [ $OUT = "2d4a82fea3f10ab3e123e9f9d5dd1fbc" ] ; then echo "error" ; exit 1 ; fi # cgi simple script -OUT=$(printf "gemini://host.name/cgi-bin/test.cgi\r\n" | ../vger -d var/gemini/ -c /cgi-bin | tee /dev/stderr | MD5) +OUT=$(printf "gemini://host.name/cgi-bin/test.cgi\r\n" | ../vger -d var/gemini/ -c var/gemini/cgi-bin | tee /dev/stderr | MD5) if ! [ $OUT = "666e48200f90018b5e96c2cf974882dc" ] ; then echo "error" ; exit 1 ; fi # cgi with use of variables -OUT=$(printf "gemini://host.name/cgi-bin/who.cgi?user=jean-mi\r\n" | ../vger -d var/gemini/ -c /cgi-bin | tee /dev/stderr | MD5) +OUT=$(printf "gemini://host.name/cgi-bin/who.cgi?user=jean-mi\r\n" | ../vger -d var/gemini/ -c var/gemini/cgi-bin | tee /dev/stderr | MD5) if ! [ $OUT = "fa065a67d1f7c973501d4a9e3ca2ea57" ] ; then echo "error" ; exit 1 ; fi # cgi with error -OUT=$(printf "gemini://host.name/cgi-bin/nope\r\n" | ../vger -d var/gemini/ -c /cgi-bin | tee /dev/stderr | MD5) -if ! [ $OUT = "4156170c2aa8a6a8a0892ff5a61bf5f5" ] ; then echo "error" ; exit 1 ; fi - -# remove ?.* if any -OUT=$(printf "gemini://host.name/main.gmi?anything-here\r\n" | ../vger -d var/gemini/ | tee /dev/stderr | MD5) -if ! [ $OUT = "c7e352d6aae4ee7e7604548f7874fb9d" ] ; then echo "error" ; exit 1 ; fi +OUT=$(printf "gemini://host.name/cgi-bin/nope\r\n" | ../vger -d var/gemini/ -c var/gemini/cgi-bin | tee /dev/stderr | MD5) +if ! [ $OUT = "74ba4b36dcebec9ce9dae33033f3378a" ] ; then echo "error" ; exit 1 ; fi # virtualhost + cgi -OUT=$(printf "gemini://perso.pw/cgi-bin/test.cgi\r\n" | ../vger -v -d var/gemini/ -c perso.pw/cgi-bin | tee /dev/stderr | MD5) +OUT=$(printf "gemini://perso.pw/cgi-bin/test.cgi\r\n" | ../vger -v -d var/gemini/ -c var/gemini/perso.pw/cgi-bin | tee /dev/stderr | MD5) if ! [ $OUT = "666e48200f90018b5e96c2cf974882dc" ] ; then echo "error" ; exit 1 ; fi # percent-decoding diff --git a/utils.c b/utils.c index 6387552..fe9e245 100644 --- a/utils.c +++ b/utils.c @@ -14,6 +14,12 @@ #include #endif +/* e*foo() functions are the equivalent of foo() but handle errors. + * In case an error happens: + * The error is printed to stdout + * return 1 + */ + #ifdef __OpenBSD__ void eunveil(const char *path, const char *permissions) @@ -70,6 +76,7 @@ esetenv(const char *name, const char *value, int overwrite) return ret; } +/* send error in syslog, to stdout and die */ void errlog(const char *format, ...) { diff --git a/vger.8 b/vger.8 index 68bbde4..dde7509 100644 --- a/vger.8 +++ b/vger.8 @@ -44,17 +44,14 @@ will read the file /var/gemini/hostname.example/file.gmi .It Op Fl c Enable CGI support. .Ar cgi_path -will be executed as a cgi script instead of returning its content. -This path is relative to the directory set with -.Fl d -flag. If using virtualhost, you must insert the virtualhost directory in the cgi path. +files will be executed as a cgi script instead of returning their content. +.Ar cgi_path must not end with '/'. +If using virtualhost, you must insert the virtualhost directory in the cgi path. As example, for a request gemini://hostname.example/cgi-bin/hello.cgi, one must set: .Bd -literal -offset indent -vger -c /cgi-bin/hello.cgi +vger -c /var/gemini/hostname.example/cgi-bin/hello.cgi .Ed .Pp -Note you can define a directory instead of a single file. -.Pp In this case, .Xr pledge 2 promises and unveil permission are set to enable cgi execution.