Compare commits
30 commits
Author | SHA1 | Date | |
---|---|---|---|
Mike Barnes | 5a9b2518be | ||
Mike Barnes | 47e075383f | ||
01f2503376 | |||
ed6dc1ed12 | |||
0d3d453498 | |||
914a143c3f | |||
a319de23f7 | |||
15d09d2c01 | |||
843d1f0ab7 | |||
f8aff7fe05 | |||
4972df5999 | |||
365e99400a | |||
807d1b8409 | |||
02d2d1dc7d | |||
de52acecfc | |||
ee8569c6e6 | |||
16a5ed7b30 | |||
8454548b51 | |||
cbcf4ec9b6 | |||
7431d3eeec | |||
e9be1b73a7 | |||
e87b36c991 | |||
e3b5fb2ab3 | |||
9525d66afb | |||
d086262d1a | |||
7b0686bdfa | |||
fbacb35170 | |||
efa1f639fc | |||
458592594e | |||
31d384833f |
2
.gitignore
vendored
Normal file
2
.gitignore
vendored
Normal file
|
@ -0,0 +1,2 @@
|
|||
*.o
|
||||
vger
|
4
Makefile
4
Makefile
|
@ -1,6 +1,8 @@
|
|||
include config.mk
|
||||
|
||||
PREFIX?=/usr/local/
|
||||
CFLAGS += -pedantic -Wall -Wextra -Wmissing-prototypes \
|
||||
-Wstrict-prototypes -Wwrite-strings
|
||||
-Wstrict-prototypes -Wwrite-strings ${EXTRAFLAGS}
|
||||
|
||||
.SUFFIXES: .c .o
|
||||
|
||||
|
|
31
README.md
31
README.md
|
@ -1,12 +1,8 @@
|
|||
# A simplistic and secure Gemini server
|
||||
|
||||
**Vger** is a gemini server supporting chroot, virtualhosts, CGI,
|
||||
default language choice, redirections and MIME types detection.
|
||||
**Vger** is a gemini server supporting chroot, virtualhosts, CGI, default language choice, redirections and MIME types detection.
|
||||
|
||||
**Vger** design is relying on inetd and a daemon to take care of
|
||||
TLS. The idea is to delegate TLS and network to daemons which
|
||||
proved doing it correctly, so vger takes its request from stdin and
|
||||
output the result to stdout.
|
||||
**Vger** design is relying on inetd and a daemon to take care of TLS. The idea is to delegate TLS and network to daemons which proved doing it correctly, so vger takes its request from stdin and output the result to stdout.
|
||||
|
||||
The average setup should look like:
|
||||
|
||||
|
@ -19,15 +15,9 @@ The average setup should look like:
|
|||
vger on inetd
|
||||
```
|
||||
|
||||
**Vger** is perfectly secure if run on **OpenBSD**, using `unveil()`
|
||||
the filesystem access is restricted to one directory (default to
|
||||
`/var/gemini/`) and with `pledge()` only systems calls related to
|
||||
reading files and reading input/output are allowed. More explanations
|
||||
about Vger security can be found
|
||||
[on this link](https://dataswamp.org/~solene/2021-01-14-vger-security.html).
|
||||
**Vger** is perfectly secure if run on **OpenBSD**, using `unveil()` the filesystem access is restricted to one directory (default to `/var/gemini/`) and with `pledge()` only systems calls related to reading files and reading input/output are allowed. More explanations about Vger security can be found [on this link](https://dataswamp.org/~solene/2021-01-14-vger-security.html).
|
||||
|
||||
For all supported OS, it's possible to run **Vger** in a chroot
|
||||
and drop privileges to a dedicated user.
|
||||
For all supported OS, it's possible to run **Vger** in a chroot and drop privileges to a dedicated user.
|
||||
|
||||
|
||||
# Install
|
||||
|
@ -35,18 +25,18 @@ and drop privileges to a dedicated user.
|
|||
```
|
||||
git clone https://tildegit.org/solene/vger.git
|
||||
cd vger
|
||||
./configure (only really useful for Linux)
|
||||
make
|
||||
doas make install
|
||||
```
|
||||
|
||||
On GNU/Linux, make sure you installed `libbsd`.
|
||||
On GNU/Linux, make sure you installed `libbsd`, it has been reported that using clang was required too.
|
||||
|
||||
# Running tests
|
||||
|
||||
**Vger** comes with a test suite you can use with `make test`.
|
||||
|
||||
Some files under `/var/gemini/` are required to test the code path
|
||||
without a `-d` parameter.
|
||||
Some files under `/var/gemini/` are required to test the code path without a `-d` parameter.
|
||||
|
||||
|
||||
# Command line parameters
|
||||
|
@ -64,8 +54,7 @@ without a `-d` parameter.
|
|||
|
||||
# How to configure Vger using relayd and inetd
|
||||
|
||||
Create directory `/var/gemini/` (I'd allow this to be configured
|
||||
later), files will be served from there.
|
||||
Create directory `/var/gemini/` (I'd allow this to be configured later), files will be served from there.
|
||||
|
||||
Create an user `gemini_user`.
|
||||
|
||||
|
@ -101,6 +90,4 @@ On OpenBSD, enable inetd and relayd and start them:
|
|||
|
||||
Don't forget to open the TCP port 1965 in your firewall.
|
||||
|
||||
Vger will serve files named `index.gmi` if no explicit filename is given.
|
||||
If this file doesn't exist and auto index is enabled, an index file
|
||||
with a link to every file in the directory will be served.
|
||||
Vger will serve files named `index.gmi` if no explicit filename is given. If this file doesn't exist and auto index is enabled, an index file with a link to every file in the directory will be served.
|
||||
|
|
14
configure
vendored
Executable file
14
configure
vendored
Executable file
|
@ -0,0 +1,14 @@
|
|||
#!/bin/sh
|
||||
|
||||
OS="$(uname -s)"
|
||||
|
||||
case "$OS" in
|
||||
Linux)
|
||||
EXTRAFLAGS=-lbsd
|
||||
;;
|
||||
*)
|
||||
EXTRAFLAGS=""
|
||||
;;
|
||||
esac
|
||||
|
||||
echo "EXTRAFLAGS=${EXTRAFLAGS}" > config.mk
|
538
main.c
538
main.c
|
@ -2,6 +2,7 @@
|
|||
#include <sys/stat.h>
|
||||
#include <sys/wait.h>
|
||||
|
||||
#include <ctype.h>
|
||||
#include <dirent.h>
|
||||
#include <err.h>
|
||||
#include <errno.h>
|
||||
|
@ -19,23 +20,85 @@
|
|||
#include "opts.h"
|
||||
#include "utils.h"
|
||||
|
||||
/* length of "gemini://" */
|
||||
#define GEMINI_PART 9
|
||||
#define GEMINI_REQUEST_MAX 1024 /* see https://gemini.circumlunar.space/docs/specification.html */
|
||||
|
||||
/*
|
||||
* number of bytes to read with fgets() : 2014 + 1.
|
||||
* fgets() reads at most size-1 (1024 here).
|
||||
* See https://gemini.circumlunar.space/docs/specification.html.
|
||||
*/
|
||||
#define GEMINI_REQUEST_MAX 1025
|
||||
|
||||
|
||||
void autoindex(const char *);
|
||||
void cgi(const char *cgicmd);
|
||||
void autoindex(const char *);
|
||||
void cgi (const char *cgicmd);
|
||||
void display_file(const char *);
|
||||
void status(const int, const char *);
|
||||
void status_redirect(const int, const char *);
|
||||
void drop_privileges(const char *, const char *);
|
||||
void echdir (const char *);
|
||||
void status (const int, const char *);
|
||||
void status_redirect(const int, const char *);
|
||||
void status_error(const int, const char *);
|
||||
int uridecode (char *);
|
||||
|
||||
|
||||
void
|
||||
echdir(const char *path)
|
||||
{
|
||||
if (chdir(path) == -1) {
|
||||
switch (errno) {
|
||||
case ENOTDIR: /* FALLTHROUGH */
|
||||
case ENOENT:
|
||||
status_error(51, "file not found");
|
||||
break;
|
||||
case EACCES:
|
||||
status_error(50, "Forbidden path");
|
||||
break;
|
||||
default:
|
||||
status_error(50, "Internal server error");
|
||||
break;
|
||||
}
|
||||
errlog("failed to chdir(%s)", path);
|
||||
}
|
||||
}
|
||||
|
||||
int
|
||||
uridecode(char *uri)
|
||||
{
|
||||
int n = 0;
|
||||
char c = '\0';
|
||||
long l = 0;
|
||||
char *pos = NULL;
|
||||
|
||||
if ((pos = strchr(uri, '%')) == NULL)
|
||||
return n;
|
||||
|
||||
while ((pos = strchr(pos, '%')) != NULL) {
|
||||
if (strlen(pos) < 3)
|
||||
return n;
|
||||
|
||||
char hex[3] = {'\0'};
|
||||
for (size_t i = 0; i < 2; i++)
|
||||
hex[i] = tolower(pos[i + 1]);
|
||||
|
||||
errno = 0;
|
||||
l = strtol(hex, 0, 16);
|
||||
if (errno == ERANGE && (l == LONG_MAX || l == LONG_MIN))
|
||||
continue; /* conversion failed */
|
||||
|
||||
c = (char)l;
|
||||
pos[0] = c;
|
||||
/* rewind of two char to remove %hex */
|
||||
memmove(pos + 1, pos + 3, strlen(pos + 3) + 1); /* +1 for \0 */
|
||||
n++;
|
||||
pos++; /* avoid infinite loop */
|
||||
}
|
||||
return n;
|
||||
}
|
||||
|
||||
void
|
||||
drop_privileges(const char *user, const char *path)
|
||||
{
|
||||
struct passwd *pw;
|
||||
int chrooted = 0;
|
||||
|
||||
/*
|
||||
* use chroot() if an user is specified requires root user to be
|
||||
|
@ -44,68 +107,68 @@ drop_privileges(const char *user, const char *path)
|
|||
if (strlen(user) > 0) {
|
||||
|
||||
/* is root? */
|
||||
if (getuid() != 0) {
|
||||
errlog("chroot requires program to be run as root");
|
||||
}
|
||||
if (getuid() != 0)
|
||||
errlog("chroot requires program to be run as root");
|
||||
|
||||
/* search user uid from name */
|
||||
if ((pw = getpwnam(user)) == NULL) {
|
||||
errlog("the user %s can't be found on the system", user);
|
||||
}
|
||||
if ((pw = getpwnam(user)) == NULL)
|
||||
errlog("the user %s can't be found on the system", user);
|
||||
|
||||
/* chroot worked? */
|
||||
if (chroot(path) != 0) {
|
||||
errlog("the chroot_dir %s can't be used for chroot", path);
|
||||
}
|
||||
if (chroot(path) != 0)
|
||||
errlog("the chroot_dir %s can't be used for chroot", path);
|
||||
|
||||
chrooted = 1;
|
||||
if (chdir("/") == -1) {
|
||||
errlog("failed to chdir(\"/\")");
|
||||
}
|
||||
echdir("/");
|
||||
/* drop privileges */
|
||||
#if defined (__OpenBSD__) || defined(__FreeBSD__)
|
||||
if (setgroups(1, &pw->pw_gid) ||
|
||||
setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) ||
|
||||
setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) {
|
||||
errlog("dropping privileges to user %s (uid=%i) failed",
|
||||
user, pw->pw_uid);
|
||||
}
|
||||
#else
|
||||
if (setgroups(1, &pw->pw_gid) ||
|
||||
setgid(pw->pw_gid) ||
|
||||
setuid(pw->pw_uid)) {
|
||||
errlog("dropping privileges to user %s (uid=%i) failed",
|
||||
user, pw->pw_uid);
|
||||
}
|
||||
#endif
|
||||
}
|
||||
#ifdef __OpenBSD__
|
||||
/*
|
||||
* prevent access to files other than the one in path
|
||||
*/
|
||||
if (chrooted) {
|
||||
eunveil("/", "r");
|
||||
} else {
|
||||
eunveil(path, "r");
|
||||
}
|
||||
/* permission to execute what's inside cgipath */
|
||||
if (strlen(cgibin) > 0) {
|
||||
/* first, build the full path of cgi (not in chroot) */
|
||||
char cgifullpath[PATH_MAX] = {'\0'};
|
||||
estrlcpy(cgifullpath, path, sizeof(cgifullpath));
|
||||
estrlcat(cgifullpath, cgibin, sizeof(cgifullpath));
|
||||
if (chrooted)
|
||||
eunveil("/", "r");
|
||||
else
|
||||
eunveil(path, "r");
|
||||
|
||||
eunveil(cgifullpath, "rx");
|
||||
}
|
||||
/* forbid more unveil */
|
||||
eunveil(NULL, NULL);
|
||||
/* permission to execute what's inside cgidir */
|
||||
if (strlen(cgidir) > 0)
|
||||
eunveil(cgidir, "rx");
|
||||
|
||||
/*
|
||||
* prevent system calls other parsing queryfor fread file and
|
||||
* write to stdio
|
||||
*/
|
||||
if (strlen(cgibin) > 0) {
|
||||
/* cgi need execlp() (exec) and fork() (proc) */
|
||||
epledge("stdio rpath exec proc", NULL);
|
||||
} else {
|
||||
epledge("stdio rpath", NULL);
|
||||
}
|
||||
eunveil(NULL, NULL); /* no more call to unveil() */
|
||||
|
||||
/* promise permissions */
|
||||
if (strlen(cgidir) > 0)
|
||||
epledge("stdio rpath exec", NULL);
|
||||
else
|
||||
epledge("stdio rpath", NULL);
|
||||
#endif
|
||||
if (!chrooted)
|
||||
echdir(path); /* move to the gemini data directory */
|
||||
}
|
||||
|
||||
void
|
||||
status(const int code, const char *file_mime)
|
||||
{
|
||||
printf("%i %s; %s\r\n",
|
||||
code, file_mime, lang);
|
||||
if (strcmp(file_mime, "text/gemini") == 0)
|
||||
printf("%i %s; %s\r\n", code, file_mime, lang);
|
||||
else
|
||||
printf("%i %s\r\n", code, file_mime);
|
||||
}
|
||||
|
||||
void
|
||||
|
@ -116,138 +179,123 @@ status_redirect(const int code, const char *url)
|
|||
}
|
||||
|
||||
void
|
||||
display_file(const char *uri)
|
||||
status_error(const int code, const char *reason)
|
||||
{
|
||||
FILE *fd = NULL;
|
||||
struct stat sb = {0};
|
||||
ssize_t nread = 0;
|
||||
const char *file_mime;
|
||||
char *buffer[BUFSIZ];
|
||||
char target[FILENAME_MAX] = {'\0'};
|
||||
char fp[PATH_MAX] = {'\0'};
|
||||
char tmp[PATH_MAX] = {'\0'}; /* used to build temporary path */
|
||||
printf("%i %s\r\n",
|
||||
code, reason);
|
||||
}
|
||||
|
||||
/* build file path inside chroot */
|
||||
estrlcpy(fp, chroot_dir, sizeof(fp));
|
||||
estrlcat(fp, uri, sizeof(fp));
|
||||
void
|
||||
display_file(const char *fname)
|
||||
{
|
||||
FILE *fd = NULL;
|
||||
struct stat sb = {0};
|
||||
ssize_t nread = 0;
|
||||
const char *file_mime;
|
||||
char *buffer[BUFSIZ];
|
||||
char target[FILENAME_MAX] = {'\0'};
|
||||
char tmp[PATH_MAX] = {'\0'}; /* used to build
|
||||
* temporary path */
|
||||
|
||||
/* this is to check if path exists and obtain metadata later */
|
||||
if (stat(fp, &sb) == -1) {
|
||||
|
||||
/* check if fp is a symbolic link
|
||||
* if so, redirect using its target */
|
||||
if (lstat(fp, &sb) != -1 && S_ISLNK(sb.st_mode) == 1)
|
||||
goto redirect;
|
||||
else
|
||||
goto err;
|
||||
}
|
||||
|
||||
/* check if directory */
|
||||
if (S_ISDIR(sb.st_mode) != 0) {
|
||||
if (fp[strlen(fp) -1 ] != '/') {
|
||||
/* no ending "/", redirect to "path/" */
|
||||
estrlcpy(tmp, uri, sizeof(tmp));
|
||||
estrlcat(tmp, "/", sizeof(tmp));
|
||||
status_redirect(31, tmp);
|
||||
/*
|
||||
* special case : fname empty. The user requested just the directory
|
||||
* name
|
||||
*/
|
||||
if (strlen(fname) == 0) {
|
||||
if (stat("index.gmi", &sb) == 0) {
|
||||
/* there is index.gmi in the current directory */
|
||||
display_file("index.gmi");
|
||||
return;
|
||||
} else if (doautoidx) {
|
||||
/* no index.gmi, so display autoindex if enabled */
|
||||
autoindex(".");
|
||||
return;
|
||||
|
||||
} else {
|
||||
/* there is a leading "/", display index.gmi */
|
||||
estrlcpy(tmp, fp, sizeof(tmp));
|
||||
estrlcat(tmp, "index.gmi", sizeof(tmp));
|
||||
|
||||
/* check if index.gmi exists or show autoindex */
|
||||
if (stat(tmp, &sb) == 0) {
|
||||
estrlcpy(fp, tmp, sizeof(fp));
|
||||
} else if (doautoidx != 0) {
|
||||
autoindex(fp);
|
||||
return;
|
||||
} else {
|
||||
goto err;
|
||||
}
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
|
||||
/* this is to check if path exists and obtain metadata later */
|
||||
if (stat(fname, &sb) == -1) {
|
||||
/*
|
||||
* check if fname is a symbolic link if so, redirect using
|
||||
* its target
|
||||
*/
|
||||
if (lstat(fname, &sb) != -1 && S_ISLNK(sb.st_mode) == 1)
|
||||
goto redirect;
|
||||
else
|
||||
goto err;
|
||||
}
|
||||
/* check if directory */
|
||||
if (S_ISDIR(sb.st_mode) != 0) {
|
||||
/* no ending "/", redirect to "fname/" */
|
||||
estrlcpy(tmp, fname, sizeof(tmp));
|
||||
estrlcat(tmp, "/", sizeof(tmp));
|
||||
status_redirect(31, tmp);
|
||||
return;
|
||||
}
|
||||
/* open the file requested */
|
||||
if ((fd = fopen(fp, "r")) == NULL) { goto err; }
|
||||
if ((fd = fopen(fname, "r")) == NULL)
|
||||
goto err;
|
||||
|
||||
file_mime = get_file_mime(fp, default_mime);
|
||||
file_mime = get_file_mime(fname, default_mime);
|
||||
|
||||
status(20, file_mime);
|
||||
|
||||
/* read the file byte after byte in buffer and write it to stdout */
|
||||
while ((nread = fread(buffer, 1, sizeof(buffer), fd)) != 0)
|
||||
fwrite(buffer, 1, nread, stdout);
|
||||
goto closefd;
|
||||
syslog(LOG_DAEMON, "path served %s", fp);
|
||||
goto closefd; /* close file descriptor */
|
||||
syslog(LOG_INFO, "path served %s", fname);
|
||||
|
||||
return;
|
||||
|
||||
err:
|
||||
/* return an error code and no content */
|
||||
status(51, "text/gemini");
|
||||
syslog(LOG_DAEMON, "path invalid %s", fp);
|
||||
status_error(51, "file not found");
|
||||
syslog(LOG_INFO, "path invalid %s", fname);
|
||||
goto closefd;
|
||||
|
||||
redirect:
|
||||
/* read symbolic link target to redirect */
|
||||
if (readlink(fp, target, FILENAME_MAX) == -1) {
|
||||
goto err;
|
||||
}
|
||||
if (readlink(fname, target, FILENAME_MAX) == -1)
|
||||
goto err;
|
||||
|
||||
status_redirect(30, target);
|
||||
syslog(LOG_DAEMON, "redirection from %s to %s", fp, target);
|
||||
syslog(LOG_INFO, "redirection from %s to %s", fname, target);
|
||||
|
||||
closefd:
|
||||
if (S_ISREG(sb.st_mode) != 0) {
|
||||
fclose(fd);
|
||||
}
|
||||
if (S_ISREG(sb.st_mode) != 0)
|
||||
fclose(fd);
|
||||
}
|
||||
|
||||
void
|
||||
autoindex(const char *path)
|
||||
{
|
||||
int n = 0;
|
||||
char *pos = NULL;
|
||||
struct dirent **namelist; /* this must be freed at last */
|
||||
/* display liks to files in path + a link to parent (..) */
|
||||
|
||||
int n = 0;
|
||||
struct dirent **namelist; /* this must be freed at last */
|
||||
|
||||
syslog(LOG_DAEMON, "autoindex: %s", path);
|
||||
|
||||
status(20, "text/gemini");
|
||||
|
||||
/* display link to parent */
|
||||
char parent[PATH_MAX] = {'\0'};
|
||||
/* parent is "path" without chroot_dir */
|
||||
estrlcpy(parent, path+strlen(chroot_dir), sizeof(parent));
|
||||
/* remove ending '/' */
|
||||
while (parent[strlen(parent)-1] == '/') {
|
||||
parent[strlen(parent)-1] = '\0';
|
||||
}
|
||||
/* remove last part after '/' */
|
||||
pos = strrchr(parent, '/');
|
||||
if (pos != NULL) {
|
||||
pos[1] = '\0'; /* at worse, parent is now "/" */
|
||||
}
|
||||
printf("=> %s ../\n", parent);
|
||||
syslog(LOG_INFO, "autoindex: %s", path);
|
||||
|
||||
/* use alphasort to always have the same order on every system */
|
||||
if ((n = scandir(path, &namelist, NULL, alphasort)) < 0) {
|
||||
status(51, "text/gemini");
|
||||
status_error(50, "Internal server error");
|
||||
errlog("Can't scan %s", path);
|
||||
} else {
|
||||
for(int j = 0; j < n; j++) {
|
||||
status(20, "text/gemini");
|
||||
printf("=> .. ../\n"); /* display link to parent */
|
||||
for (int j = 0; j < n; j++) {
|
||||
/* skip self and parent */
|
||||
if ((strcmp(namelist[j]->d_name, ".") == 0) ||
|
||||
(strcmp(namelist[j]->d_name, "..") == 0)) {
|
||||
continue;
|
||||
}
|
||||
/* add "/" at the end of a directory path */
|
||||
if (namelist[j]->d_type == DT_DIR) {
|
||||
printf("=> ./%s/ %s/\n", namelist[j]->d_name, namelist[j]->d_name);
|
||||
} else {
|
||||
printf("=> ./%s %s\n", namelist[j]->d_name, namelist[j]->d_name);
|
||||
}
|
||||
if (namelist[j]->d_type == DT_DIR)
|
||||
printf("=> ./%s/ %s/\n", namelist[j]->d_name, namelist[j]->d_name);
|
||||
else
|
||||
printf("=> ./%s %s\n", namelist[j]->d_name, namelist[j]->d_name);
|
||||
free(namelist[j]);
|
||||
}
|
||||
free(namelist);
|
||||
|
@ -257,71 +305,38 @@ autoindex(const char *path)
|
|||
void
|
||||
cgi(const char *cgicmd)
|
||||
{
|
||||
|
||||
int pipedes[2] = {0};
|
||||
pid_t pid;
|
||||
|
||||
/* get a pipe to get stdout */
|
||||
if (pipe(pipedes) != 0) {
|
||||
status(42, "text/gemini");
|
||||
err(1, "pipe failed");
|
||||
}
|
||||
|
||||
pid = fork();
|
||||
|
||||
if (pid < 0) {
|
||||
close(pipedes[0]);
|
||||
close(pipedes[1]);
|
||||
status(42, "text/gemini");
|
||||
err(1, "fork failed");
|
||||
}
|
||||
|
||||
if (pid > 0) { /* parent */
|
||||
char buf[3];
|
||||
size_t nread = 0;
|
||||
FILE *output = NULL;
|
||||
|
||||
close(pipedes[1]); /* make sure entry is closed so fread() gets EOF */
|
||||
|
||||
/* use fread/fwrite because are buffered */
|
||||
output = fdopen(pipedes[0], "r");
|
||||
if (output == NULL) {
|
||||
status(42, "text/gemini");
|
||||
err(1, "fdopen failed");
|
||||
}
|
||||
|
||||
/* read pipe output */
|
||||
while ((nread = fread(buf, 1, sizeof(buf), output)) != 0) {
|
||||
fwrite(buf, 1, nread, stdout);
|
||||
}
|
||||
close(pipedes[0]);
|
||||
fclose(output);
|
||||
|
||||
wait(NULL); /* wait for child to terminate */
|
||||
|
||||
exit(0);
|
||||
|
||||
} else if (pid == 0) { /* child */
|
||||
dup2(pipedes[1], STDOUT_FILENO); /* set pipe output equal to stdout */
|
||||
close(pipedes[1]); /* no need this file descriptor : it is now stdout */
|
||||
execlp(cgicmd, cgicmd, NULL);
|
||||
/* if execlp is ok, this will never be reached */
|
||||
status(42, "text/gemini");
|
||||
errlog("error when trying to execlp %s", cgicmd);
|
||||
}
|
||||
/* run cgicmd replacing current process */
|
||||
execl(cgicmd, cgicmd, NULL);
|
||||
/* if execl is ok, this will never be reached */
|
||||
status(42, "Couldn't execute CGI script");
|
||||
errlog("error when trying to execl %s", cgicmd);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
int
|
||||
main(int argc, char **argv)
|
||||
{
|
||||
char request [GEMINI_REQUEST_MAX] = {'\0'};
|
||||
char hostname [GEMINI_REQUEST_MAX] = {'\0'};
|
||||
char uri [PATH_MAX] = {'\0'};
|
||||
char user [_SC_LOGIN_NAME_MAX] = "";
|
||||
char query[PATH_MAX] = {'\0'};
|
||||
int virtualhost = 0;
|
||||
char hostname [GEMINI_REQUEST_MAX] = {'\0'};
|
||||
char query [PATH_MAX] = {'\0'};
|
||||
char chroot_dir[PATH_MAX] = DEFAULT_CHROOT;
|
||||
char file [FILENAME_MAX] = DEFAULT_INDEX;
|
||||
char dir [PATH_MAX] = {'\0'};
|
||||
char *pos = NULL;
|
||||
int option = 0;
|
||||
char *pos = NULL;
|
||||
int virtualhost = 0;
|
||||
int docgi = 0;
|
||||
|
||||
/*
|
||||
* request : contain the whole request from client : gemini://...\r\n
|
||||
* user : username, used in drop_privileges()
|
||||
* hostname : extracted from hostname. used with virtualhosts and cgi SERVER_NAME
|
||||
* query : file requested in cgi : gemini://...?query
|
||||
* file : file basename to display. Emtpy is a directory has been requested
|
||||
* dir : directory requested. vger will chdir() in to find file
|
||||
* pos : used to parse request and split into interesting parts
|
||||
*/
|
||||
|
||||
while ((option = getopt(argc, argv, ":d:l:m:u:c:vi")) != -1) {
|
||||
switch (option) {
|
||||
|
@ -339,7 +354,8 @@ main(int argc, char **argv)
|
|||
estrlcpy(user, optarg, sizeof(user));
|
||||
break;
|
||||
case 'c':
|
||||
estrlcpy(cgibin, optarg, sizeof(cgibin));
|
||||
estrlcpy(cgidir, optarg, sizeof(cgidir));
|
||||
docgi = 1;
|
||||
break;
|
||||
case 'v':
|
||||
virtualhost = 1;
|
||||
|
@ -349,21 +365,38 @@ main(int argc, char **argv)
|
|||
break;
|
||||
}
|
||||
}
|
||||
/*
|
||||
* set logging options and defaults
|
||||
*/
|
||||
openlog("vger", LOG_PID, LOG_DAEMON);
|
||||
|
||||
/*
|
||||
* do chroot if an user is supplied run pledge/unveil if OpenBSD
|
||||
* do chroot if an user is supplied
|
||||
*/
|
||||
drop_privileges(user, chroot_dir);
|
||||
|
||||
/*
|
||||
* read 1024 chars from stdin
|
||||
* to get the request
|
||||
* (actually 1024 + \0)
|
||||
*/
|
||||
if (fgets(request, GEMINI_REQUEST_MAX, stdin) == NULL) {
|
||||
/* EOF reached before reading anything */
|
||||
if (feof(stdin)) {
|
||||
status(59, "request is too short and probably empty");
|
||||
errlog("request is too short and probably empty");
|
||||
|
||||
/* error before reading anything */
|
||||
} else if (ferror(stdin)) {
|
||||
status(59, "Error while reading request");
|
||||
errlog("Error while reading request: %s", request);
|
||||
}
|
||||
}
|
||||
/* check if string ends with '\n', or to long */
|
||||
if (request[strnlen(request, GEMINI_REQUEST_MAX) - 1] != '\n') {
|
||||
status(59, "request is too long (1024 max)");
|
||||
errlog("request is too long (1024 max): %s", request);
|
||||
}
|
||||
|
||||
/* remove \r\n at the end of string */
|
||||
pos = strchr(request, '\r');
|
||||
if (pos != NULL)
|
||||
|
@ -378,95 +411,116 @@ main(int argc, char **argv)
|
|||
errlog("request «%s» doesn't match gemini://",
|
||||
request);
|
||||
}
|
||||
syslog(LOG_DAEMON, "request %s", request);
|
||||
syslog(LOG_INFO, "request %s", request);
|
||||
|
||||
/* remove the gemini:// part */
|
||||
memmove(request, request + GEMINI_PART, strlen(request) +1 - GEMINI_PART);
|
||||
memmove(request, request + GEMINI_PART, strlen(request) + 1 - GEMINI_PART);
|
||||
|
||||
/* remove all "/.." for safety reasons */
|
||||
while ((pos = strstr(request, "/..")) != NULL ) {
|
||||
memmove(request, pos+3, strlen(pos) +1 - 3); /* "/.." = 3 */
|
||||
}
|
||||
while ((pos = strstr(request, "/..")) != NULL)
|
||||
memmove(request, pos + 3, strlen(pos) + 1 - 3); /* "/.." = 3 */
|
||||
|
||||
/*
|
||||
* look for the first / after the hostname
|
||||
* in order to split hostname and uri
|
||||
*/
|
||||
/* look for hostname in request : first thing before first / if any */
|
||||
pos = strchr(request, '/');
|
||||
|
||||
if (pos != NULL) {
|
||||
/* if there is a / found */
|
||||
/* separate hostname and uri */
|
||||
estrlcpy(uri, pos, strlen(pos)+1);
|
||||
/* just keep hostname in request */
|
||||
/* copy what's after hostname in dir */
|
||||
estrlcpy(dir, pos, strlen(pos) + 1);
|
||||
/* just keep hostname in request : stop the string with \0 */
|
||||
pos[0] = '\0';
|
||||
}
|
||||
/* check if client added :port at end of request */
|
||||
/* check if client added :port at end of hostname and remove it */
|
||||
pos = strchr(request, ':');
|
||||
if (pos != NULL) {
|
||||
/* end string at :*/
|
||||
pos[0] = '\0';
|
||||
/* end string at : */
|
||||
pos[0] = '\0';
|
||||
}
|
||||
/* copy hostname from request */
|
||||
estrlcpy(hostname, request, sizeof(hostname));
|
||||
|
||||
/* look for "?" if any to set query for cgi, or remove it*/
|
||||
pos = strchr(uri, '?');
|
||||
if (pos != NULL) {
|
||||
estrlcpy(query, pos+1, sizeof(query));
|
||||
esetenv("QUERY_STRING", query, 1);
|
||||
pos[0] = '\0';
|
||||
/* remove leading '/' in dir */
|
||||
while (dir[0] == '/')
|
||||
memmove(dir, dir + 1, strlen(dir + 1) + 1);
|
||||
|
||||
if (virtualhost) {
|
||||
/* add hostname at the beginning of the dir path */
|
||||
char tmp [PATH_MAX] = {'\0'};
|
||||
estrlcpy(tmp, hostname, sizeof(tmp));
|
||||
estrlcat(tmp, "/", sizeof(tmp));
|
||||
estrlcat(tmp, dir, sizeof(tmp));
|
||||
estrlcpy(dir, tmp, sizeof(dir));
|
||||
}
|
||||
/* percent decode */
|
||||
uridecode(dir);
|
||||
|
||||
/*
|
||||
* if virtualhost feature is actived looking under the chroot_path +
|
||||
* hostname directory gemini://foobar/hello will look for
|
||||
* chroot_path/foobar/hello
|
||||
* split dir and filename. file is last part after last '/'. if none
|
||||
* found, then requested file is actually a directory
|
||||
*/
|
||||
if (virtualhost) {
|
||||
if (strlen(uri) == 0) {
|
||||
estrlcpy(uri, "/index.gmi", sizeof(uri));
|
||||
if (strlen(dir) > 0) {
|
||||
pos = strrchr(dir, '/');
|
||||
if (pos != NULL) {
|
||||
estrlcpy(file, pos + 1, sizeof(file)); /* +1 : no leading '/' */
|
||||
pos[0] = '\0';
|
||||
|
||||
/* change directory to requested directory */
|
||||
if (strlen(dir) > 0)
|
||||
echdir(dir);
|
||||
} else {
|
||||
estrlcpy(file, dir, sizeof(file));
|
||||
}
|
||||
char tmp[PATH_MAX] = {'\0'};
|
||||
estrlcpy(tmp, hostname, sizeof(tmp));
|
||||
estrlcat(tmp, uri, sizeof(tmp));
|
||||
estrlcpy(uri, tmp, sizeof(uri));
|
||||
}
|
||||
if (docgi) {
|
||||
/* check if directory is cgidir */
|
||||
char cgifp [PATH_MAX] = {'\0'};
|
||||
estrlcpy(cgifp, chroot_dir, sizeof(cgifp));
|
||||
if (cgifp[strlen(cgifp) - 1] != '/')
|
||||
estrlcat(cgifp, "/", sizeof(cgifp));
|
||||
|
||||
/* check if uri is cgibin */
|
||||
if ((strlen(cgibin) > 0) &&
|
||||
(strncmp(uri, cgibin, strlen(cgibin)) == 0)) {
|
||||
estrlcat(cgifp, dir, sizeof(cgifp));
|
||||
|
||||
/* not cgipath, display file content */
|
||||
if (strcmp(cgifp, cgidir) != 0)
|
||||
goto file_to_stdout;
|
||||
|
||||
/* cgipath with chroot_dir at the beginning */
|
||||
char cgipath[PATH_MAX] = {'\0'};
|
||||
estrlcpy(cgipath, chroot_dir, sizeof(cgipath));
|
||||
estrlcat(cgipath, uri, sizeof(cgipath));
|
||||
/* set env variables for CGI */
|
||||
/* see https://lists.orbitalfox.eu/archives/gemini/2020/000315.html */
|
||||
/*
|
||||
* see
|
||||
* https://lists.orbitalfox.eu/archives/gemini/2020/000315.htm
|
||||
* l
|
||||
*/
|
||||
esetenv("GATEWAY_INTERFACE", "CGI/1.1", 1);
|
||||
esetenv("SERVER_PROTOCOL", "GEMINI", 1);
|
||||
esetenv("SERVER_SOFTWARE", "vger/1", 1);
|
||||
|
||||
/* look for "?" if any to set query for cgi, remove it */
|
||||
pos = strchr(file, '?');
|
||||
if (pos != NULL) {
|
||||
estrlcpy(query, pos + 1, sizeof(query));
|
||||
esetenv("QUERY_STRING", query, 1);
|
||||
pos[0] = '\0';
|
||||
}
|
||||
/* look for an extension to find PATH_INFO */
|
||||
pos = strrchr(cgipath, '.');
|
||||
pos = strrchr(file, '.');
|
||||
if (pos != NULL) {
|
||||
/* found a dot */
|
||||
pos = strchr(pos, '/');
|
||||
if (pos != NULL) {
|
||||
setenv("PATH_INFO", pos, 1);
|
||||
pos[0] = '\0'; /* keep only script name */
|
||||
pos[0] = '\0'; /* keep only script name */
|
||||
}
|
||||
}
|
||||
esetenv("SCRIPT_NAME", cgipath, 1);
|
||||
esetenv("SCRIPT_NAME", file, 1);
|
||||
esetenv("SERVER_NAME", hostname, 1);
|
||||
|
||||
cgi(cgipath);
|
||||
|
||||
} else {
|
||||
//TODO: percent decoding here
|
||||
/* open file and send it to stdout */
|
||||
display_file(uri);
|
||||
cgi(file);
|
||||
return 0;
|
||||
}
|
||||
file_to_stdout:
|
||||
/* regular file to stdout */
|
||||
display_file(file);
|
||||
|
||||
/* end logging */
|
||||
closelog();
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
|
2
mimes.c
2
mimes.c
|
@ -5,6 +5,7 @@
|
|||
#include "mimes.h"
|
||||
#include "opts.h"
|
||||
|
||||
/* extension to mimetype table */
|
||||
static const struct {
|
||||
const char *extension;
|
||||
const char *type;
|
||||
|
@ -124,6 +125,7 @@ get_file_mime(const char *path, const char *default_mime)
|
|||
size_t i;
|
||||
char *extension;
|
||||
|
||||
/* search for extension after last '.' in path */
|
||||
if ((extension = strrchr(path, '.')) == NULL)
|
||||
goto out;
|
||||
|
||||
|
|
11
opts.h
11
opts.h
|
@ -1,13 +1,18 @@
|
|||
#include <limits.h> /* PATH_MAX */
|
||||
|
||||
/* Defaults values */
|
||||
#define DEFAULT_MIME "application/octet-stream"
|
||||
#define DEFAULT_LANG ""
|
||||
#define DEFAULT_CHROOT "/var/gemini"
|
||||
#define DEFAULT_INDEX "index.gmi"
|
||||
#define DEFAULT_AUTOIDX 0
|
||||
|
||||
/* longest is 56 so 64 should be enough */
|
||||
/*
|
||||
* Options used later
|
||||
*/
|
||||
/* longest hardcoded mimetype is 56 long so 64 should be enough */
|
||||
static char default_mime[64] = DEFAULT_MIME;
|
||||
static char chroot_dir[PATH_MAX] = DEFAULT_CHROOT;
|
||||
static char lang[16] = DEFAULT_LANG;
|
||||
static unsigned int doautoidx = DEFAULT_AUTOIDX;
|
||||
static char cgibin[PATH_MAX] = {'\0'};
|
||||
static char cgidir[PATH_MAX] = {'\0'};
|
||||
static int chrooted = 0;
|
||||
|
|
4
shell.nix
Normal file
4
shell.nix
Normal file
|
@ -0,0 +1,4 @@
|
|||
with (import <nixpkgs> {});
|
||||
mkShell {
|
||||
buildInputs = [ gcc libbsd gnumake ];
|
||||
}
|
38
tests/test.sh
Normal file → Executable file
38
tests/test.sh
Normal file → Executable file
|
@ -29,19 +29,23 @@ if ! [ $OUT = "fcc5a293f316e01f7b3103f97eca26b1" ] ; then echo "error" ; exit 1
|
|||
|
||||
# redirect to uri with trailing / if directory
|
||||
OUT=$(printf "gemini://host.name/subdir\r\n" | ../vger -d var/gemini/ | tee /dev/stderr | MD5)
|
||||
if ! [ $OUT = "84e5e7bb3eee0dfcc8db14865dc83e77" ] ; then echo "error" ; exit 1 ; fi
|
||||
if ! [ $OUT = "b0e7e20db5ca7b80918025e7c15a8b02" ] ; then echo "error" ; exit 1 ; fi
|
||||
|
||||
# redirect to uri with trailing / if directory and vhost enabled
|
||||
OUT=$(printf "gemini://perso.pw/cgi-bin\r\n" | ../vger -vd var/gemini | tee /dev/stderr | MD5)
|
||||
if ! [ $OUT = "827eef65a3cd71e2ce805bc1e05eac44" ] ; then echo "error" ; exit 1 ; fi
|
||||
|
||||
# file from local directory with lang=fr and markdown MIME type
|
||||
OUT=$(printf "gemini://perso.pw/file.md\r\n" | ../vger -d var/gemini/ -l fr | tee /dev/stderr | MD5)
|
||||
if ! [ $OUT = "e663f17730d5ddc24010c14a238e1e78" ] ; then echo "error" ; exit 1 ; fi
|
||||
if ! [ $OUT = "09c82ffe243ce3b3cfb04c2bc4a91acb" ] ; then echo "error" ; exit 1 ; fi
|
||||
|
||||
# file from local directory with lang=fr and unknown MIME type (default to application/octet-stream)
|
||||
OUT=$(printf "gemini://perso.pw/foobar.unknown\r\n" | ../vger -d var/gemini/ -l fr | tee /dev/stderr | MD5)
|
||||
if ! [ $OUT = "a23b0053d759863a45da4afbffd847d2" ] ; then echo "error" ; exit 1 ; fi
|
||||
if ! [ $OUT = "2c73bfb33dd2d12be322ebb85e03c015" ] ; then echo "error" ; exit 1 ; fi
|
||||
|
||||
# file from local directory and unknown MIME type, default forced to text/plain
|
||||
OUT=$(printf "gemini://perso.pw/foobar.unknown\r\n" | ../vger -d var/gemini/ -m text/plain | tee /dev/stderr | MD5)
|
||||
if ! [ $OUT = "383a5a5ddb7bb30e3553ecb666378ebc" ] ; then echo "error" ; exit 1 ; fi
|
||||
if ! [ $OUT = "8169f43fbb2032f4054b153c38fe61d6" ] ; then echo "error" ; exit 1 ; fi
|
||||
|
||||
# redirect file
|
||||
OUT=$(printf "gemini://perso.pw/old_location\r\n" | ../vger -d var/gemini/ | tee /dev/stderr | MD5)
|
||||
|
@ -69,32 +73,36 @@ if ! [ $OUT = "e354a1a29ea8273faaf0cdc29c1d8583" ] ; then echo "error" ; exit 1
|
|||
|
||||
# auto index in directory without index.gmi must redirect
|
||||
OUT=$(printf "gemini://host.name/autoidx\r\n" | ../vger -d var/gemini/ -i | tee /dev/stderr | MD5)
|
||||
if ! [ $OUT = "874f5e1af67eff6b93bedf8ac8033066" ] ; then echo "error" ; exit 1 ; fi
|
||||
if ! [ $OUT = "5742b21d465e377074408045a71656dc" ] ; then echo "error" ; exit 1 ; fi
|
||||
|
||||
# auto index in directory
|
||||
OUT=$(printf "gemini://host.name/autoidx/\r\n" | ../vger -d var/gemini/ -i | tee /dev/stderr | MD5)
|
||||
if ! [ $OUT = "515bcb4ba5f8869360f53afe2841e044" ] ; then echo "error" ; exit 1 ; fi
|
||||
if ! [ $OUT = "2d4a82fea3f10ab3e123e9f9d5dd1fbc" ] ; then echo "error" ; exit 1 ; fi
|
||||
|
||||
# cgi simple script
|
||||
OUT=$(printf "gemini://host.name/cgi-bin/test.cgi\r\n" | ../vger -d var/gemini/ -c /cgi-bin | tee /dev/stderr | MD5)
|
||||
OUT=$(printf "gemini://host.name/cgi-bin/test.cgi\r\n" | ../vger -d var/gemini/ -c var/gemini/cgi-bin | tee /dev/stderr | MD5)
|
||||
if ! [ $OUT = "666e48200f90018b5e96c2cf974882dc" ] ; then echo "error" ; exit 1 ; fi
|
||||
|
||||
# cgi with use of variables
|
||||
OUT=$(printf "gemini://host.name/cgi-bin/who.cgi?user=jean-mi\r\n" | ../vger -d var/gemini/ -c /cgi-bin | tee /dev/stderr | MD5)
|
||||
OUT=$(printf "gemini://host.name/cgi-bin/who.cgi?user=jean-mi\r\n" | ../vger -d var/gemini/ -c var/gemini/cgi-bin | tee /dev/stderr | MD5)
|
||||
if ! [ $OUT = "fa065a67d1f7c973501d4a9e3ca2ea57" ] ; then echo "error" ; exit 1 ; fi
|
||||
|
||||
# cgi with error
|
||||
OUT=$(printf "gemini://host.name/cgi-bin/nope\r\n" | ../vger -d var/gemini/ -c /cgi-bin | tee /dev/stderr | MD5)
|
||||
if ! [ $OUT = "2c88347cfac44450035283a8508a29cb" ] ; then echo "error" ; exit 1 ; fi
|
||||
|
||||
# remove ?.* if any
|
||||
OUT=$(printf "gemini://host.name/main.gmi?anything-here\r\n" | ../vger -d var/gemini/ | tee /dev/stderr | MD5)
|
||||
if ! [ $OUT = "c7e352d6aae4ee7e7604548f7874fb9d" ] ; then echo "error" ; exit 1 ; fi
|
||||
OUT=$(printf "gemini://host.name/cgi-bin/nope\r\n" | ../vger -d var/gemini/ -c var/gemini/cgi-bin | tee /dev/stderr | MD5)
|
||||
if ! [ $OUT = "74ba4b36dcebec9ce9dae33033f3378a" ] ; then echo "error" ; exit 1 ; fi
|
||||
|
||||
# virtualhost + cgi
|
||||
OUT=$(printf "gemini://perso.pw/cgi-bin/test.cgi\r\n" | ../vger -v -d var/gemini/ -c perso.pw/cgi-bin | tee /dev/stderr | MD5)
|
||||
OUT=$(printf "gemini://perso.pw/cgi-bin/test.cgi\r\n" | ../vger -v -d var/gemini/ -c var/gemini/perso.pw/cgi-bin | tee /dev/stderr | MD5)
|
||||
if ! [ $OUT = "666e48200f90018b5e96c2cf974882dc" ] ; then echo "error" ; exit 1 ; fi
|
||||
|
||||
# percent-decoding
|
||||
OUT=$(printf "%s\r\n" "gemini://host.name/percent%25-encode%3f.gmi" | ../vger -d var/gemini/ | tee /dev/stderr | MD5)
|
||||
if ! [ $OUT = "83d59cca9ed7040145ac6df1992f5daf" ] ; then echo "error" ; exit 1 ; fi
|
||||
|
||||
# percent-decoding failing
|
||||
OUT=$(printf "%s\r\n" "gemini://host.name/percent%25-encode%3.gmi" | ../vger -d var/gemini/ | tee /dev/stderr | MD5)
|
||||
if ! [ $OUT = "c782da4173898f57033a0804b8e96fc3" ] ; then echo "error" ; exit 1 ; fi
|
||||
|
||||
# must fail only on OpenBSD !
|
||||
# try to escape from unveil
|
||||
if [ -f /bsd ]
|
||||
|
|
2
tests/var/gemini/percent%-encode?.gmi
Normal file
2
tests/var/gemini/percent%-encode?.gmi
Normal file
|
@ -0,0 +1,2 @@
|
|||
solene, here is a % for you
|
||||
and a λ of course :)
|
22
utils.c
22
utils.c
|
@ -3,18 +3,29 @@
|
|||
#include <stdarg.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <syslog.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#include "utils.h"
|
||||
|
||||
#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined( __NetBSD__) || defined(__DragonFly__)
|
||||
#include <string.h>
|
||||
#else
|
||||
#include <bsd/string.h>
|
||||
#endif
|
||||
|
||||
/* e*foo() functions are the equivalent of foo() but handle errors.
|
||||
* In case an error happens:
|
||||
* The error is printed to stdout
|
||||
* return 1
|
||||
*/
|
||||
|
||||
#ifdef __OpenBSD__
|
||||
void
|
||||
eunveil(const char *path, const char *permissions)
|
||||
{
|
||||
if (unveil(path, permissions) == -1) {
|
||||
syslog(LOG_DAEMON, "unveil on %s failed", path);
|
||||
syslog(LOG_ERR, "unveil on %s failed", path);
|
||||
err(1, "unveil on %s failed", path);
|
||||
}
|
||||
}
|
||||
|
@ -23,7 +34,7 @@ void
|
|||
epledge(const char *promises, const char *execpromises)
|
||||
{
|
||||
if (pledge(promises, execpromises) == -1) {
|
||||
syslog(LOG_DAEMON, "pledge failed for: %s", promises);
|
||||
syslog(LOG_ERR, "pledge failed for: %s", promises);
|
||||
err(1, "pledge failed for: %s", promises);
|
||||
}
|
||||
}
|
||||
|
@ -65,16 +76,19 @@ esetenv(const char *name, const char *value, int overwrite)
|
|||
return ret;
|
||||
}
|
||||
|
||||
/* send error in syslog, to stdout and die */
|
||||
void
|
||||
errlog(const char *format, ...)
|
||||
{
|
||||
char e[1024] = {'\0'};
|
||||
va_list ap;
|
||||
|
||||
fflush(stdout); /* make sure older messages are printed */
|
||||
|
||||
va_start(ap, format);
|
||||
vsnprintf(e, sizeof(e), format, ap);
|
||||
va_end(ap);
|
||||
|
||||
syslog(LOG_DAEMON, "%s", e);
|
||||
syslog(LOG_ERR, "%s", e);
|
||||
err(1, "%s", e);
|
||||
}
|
||||
|
|
13
vger.8
13
vger.8
|
@ -44,17 +44,14 @@ will read the file /var/gemini/hostname.example/file.gmi
|
|||
.It Op Fl c
|
||||
Enable CGI support.
|
||||
.Ar cgi_path
|
||||
will be executed as a cgi script instead of returning its content.
|
||||
This path is relative to the directory set with
|
||||
.Fl d
|
||||
flag. If using virtualhost, you must insert the virtualhost directory in the cgi path.
|
||||
files will be executed as a cgi script instead of returning their content.
|
||||
.Ar cgi_path must not end with '/'.
|
||||
If using virtualhost, you must insert the virtualhost directory in the cgi path.
|
||||
As example, for a request gemini://hostname.example/cgi-bin/hello.cgi, one must set:
|
||||
.Bd -literal -offset indent
|
||||
vger -c /cgi-bin/hello.cgi
|
||||
vger -c /var/gemini/hostname.example/cgi-bin/hello.cgi
|
||||
.Ed
|
||||
.Pp
|
||||
Note you can define a directory instead of a single file.
|
||||
.Pp
|
||||
In this case,
|
||||
.Xr pledge 2
|
||||
promises and unveil permission are set to enable cgi execution.
|
||||
|
@ -75,7 +72,7 @@ On
|
|||
.Nm
|
||||
will use
|
||||
.Xr unveil 2
|
||||
on this path in read-only to prevent file access outside this directory.
|
||||
on this path to only allow read-only file access within this directory.
|
||||
.It Op Fl u Ar username
|
||||
Enable
|
||||
.Xr chroot 2
|
||||
|
|
Loading…
Reference in a new issue