mike/vger
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Compare commits

base: mike:1.08
Branches Tags
mike:master
mike:1.08
mike:1.07
mike:1.06
mike:1.05
mike:1.04
mike:1.03
mike:1.02
mike:1.01
mike:1.00
...
compare: mike:master
Branches Tags
mike:master
mike:1.08
mike:1.07
mike:1.06
mike:1.05
mike:1.04
mike:1.03
mike:1.02
mike:1.01
mike:1.00

3 commits
1.08 ... master

Author SHA1 Message Date
Mike Barnes 5a9b2518be Allow dropping privs on platforms without setresuid() 2022-01-29 16:14:37 +11:00
Mike Barnes 47e075383f Set facility with openlog, fix message priorites. 2022-01-29 16:01:29 +11:00
Solene Rapenne 01f2503376 fix NetBSD macro check 2022-01-26 13:04:04 +01:00
2 changed files with 26 additions and 10 deletions
Show stats Expand all files Collapse all files

28
main.c
View file

@ -20,7 +20,7 @@
#include "opts.h" #include "opts.h"
#include "utils.h" #include "utils.h"
/* lenght of "gemini://" */ /* length of "gemini://" */
#define GEMINI_PART 9 #define GEMINI_PART 9
/* /*
@ -121,12 +121,21 @@ drop_privileges(const char *user, const char *path)
chrooted = 1; chrooted = 1;
echdir("/"); echdir("/");
/* drop privileges */ /* drop privileges */
#if defined (__OpenBSD__) || defined(__FreeBSD__)
if (setgroups(1, &pw->pw_gid) || if (setgroups(1, &pw->pw_gid) ||
setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) || setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) ||
setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) { setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) {
errlog("dropping privileges to user %s (uid=%i) failed", errlog("dropping privileges to user %s (uid=%i) failed",
user, pw->pw_uid); user, pw->pw_uid);
} }
#else
if (setgroups(1, &pw->pw_gid) ||
setgid(pw->pw_gid) ||
setuid(pw->pw_uid)) {
errlog("dropping privileges to user %s (uid=%i) failed",
user, pw->pw_uid);
}
#endif
} }
#ifdef __OpenBSD__ #ifdef __OpenBSD__
/* /*
@ -236,14 +245,14 @@ display_file(const char *fname)
while ((nread = fread(buffer, 1, sizeof(buffer), fd)) != 0) while ((nread = fread(buffer, 1, sizeof(buffer), fd)) != 0)
fwrite(buffer, 1, nread, stdout); fwrite(buffer, 1, nread, stdout);
goto closefd; /* close file descriptor */ goto closefd; /* close file descriptor */
syslog(LOG_DAEMON, "path served %s", fname); syslog(LOG_INFO, "path served %s", fname);
return; return;
err: err:
/* return an error code and no content */ /* return an error code and no content */
status_error(51, "file not found"); status_error(51, "file not found");
syslog(LOG_DAEMON, "path invalid %s", fname); syslog(LOG_INFO, "path invalid %s", fname);
goto closefd; goto closefd;
redirect: redirect:
@ -252,7 +261,7 @@ redirect:
goto err; goto err;
status_redirect(30, target); status_redirect(30, target);
syslog(LOG_DAEMON, "redirection from %s to %s", fname, target); syslog(LOG_INFO, "redirection from %s to %s", fname, target);
closefd: closefd:
if (S_ISREG(sb.st_mode) != 0) if (S_ISREG(sb.st_mode) != 0)
@ -267,7 +276,7 @@ autoindex(const char *path)
int n = 0; int n = 0;
struct dirent **namelist; /* this must be freed at last */ struct dirent **namelist; /* this must be freed at last */
syslog(LOG_DAEMON, "autoindex: %s", path); syslog(LOG_INFO, "autoindex: %s", path);
/* use alphasort to always have the same order on every system */ /* use alphasort to always have the same order on every system */
if ((n = scandir(path, &namelist, NULL, alphasort)) < 0) { if ((n = scandir(path, &namelist, NULL, alphasort)) < 0) {
@ -356,6 +365,10 @@ main(int argc, char **argv)
break; break;
} }
} }
/*
* set logging options and defaults
*/
openlog("vger", LOG_PID, LOG_DAEMON);
/* /*
* do chroot if an user is supplied * do chroot if an user is supplied
@ -398,7 +411,7 @@ main(int argc, char **argv)
errlog("request «%s» doesn't match gemini://", errlog("request «%s» doesn't match gemini://",
request); request);
} }
syslog(LOG_DAEMON, "request %s", request); syslog(LOG_INFO, "request %s", request);
/* remove the gemini:// part */ /* remove the gemini:// part */
memmove(request, request + GEMINI_PART, strlen(request) + 1 - GEMINI_PART); memmove(request, request + GEMINI_PART, strlen(request) + 1 - GEMINI_PART);
@ -506,5 +519,8 @@ file_to_stdout:
/* regular file to stdout */ /* regular file to stdout */
display_file(file); display_file(file);
/* end logging */
closelog();
return (0); return (0);
} }

8
utils.c
View file

@ -8,7 +8,7 @@
#include "utils.h" #include "utils.h"
#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined( _NetBSD__) || defined(__DragonFly__) #if defined(__OpenBSD__) || defined(__FreeBSD__) || defined( __NetBSD__) || defined(__DragonFly__)
#include <string.h> #include <string.h>
#else #else
#include <bsd/string.h> #include <bsd/string.h>
@ -25,7 +25,7 @@ void
eunveil(const char *path, const char *permissions) eunveil(const char *path, const char *permissions)
{ {
if (unveil(path, permissions) == -1) { if (unveil(path, permissions) == -1) {
syslog(LOG_DAEMON, "unveil on %s failed", path); syslog(LOG_ERR, "unveil on %s failed", path);
err(1, "unveil on %s failed", path); err(1, "unveil on %s failed", path);
} }
} }
@ -34,7 +34,7 @@ void
epledge(const char *promises, const char *execpromises) epledge(const char *promises, const char *execpromises)
{ {
if (pledge(promises, execpromises) == -1) { if (pledge(promises, execpromises) == -1) {
syslog(LOG_DAEMON, "pledge failed for: %s", promises); syslog(LOG_ERR, "pledge failed for: %s", promises);
err(1, "pledge failed for: %s", promises); err(1, "pledge failed for: %s", promises);
} }
} }
@ -89,6 +89,6 @@ errlog(const char *format, ...)
vsnprintf(e, sizeof(e), format, ap); vsnprintf(e, sizeof(e), format, ap);
va_end(ap); va_end(ap);
syslog(LOG_DAEMON, "%s", e); syslog(LOG_ERR, "%s", e);
err(1, "%s", e); err(1, "%s", e);
} }