f60ea88c8d
* follow style(9) for prototypes * move first most used extension for more effeciciency when looking for mime * add opts.h to deal with options * remove lang=en by default * add option to set default mimetype * add option to autoindex if no index.gmi found * redirect if ending "/" is missing * send appropriate status code if request too long * edit manpage and README for new options
371 lines
8.3 KiB
C
371 lines
8.3 KiB
C
#include <sys/stat.h>
|
|
#include <sys/types.h>
|
|
|
|
#include <dirent.h>
|
|
#include <err.h>
|
|
#include <errno.h>
|
|
#include <limits.h>
|
|
#include <pwd.h>
|
|
#include <stdarg.h>
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
#include <syslog.h>
|
|
#include <unistd.h>
|
|
|
|
#include "mimes.h"
|
|
#include "opts.h"
|
|
|
|
#define GEMINI_PART 9
|
|
#define GEMINI_REQUEST_MAX 1024 /* see https://gemini.circumlunar.space/docs/specification.html */
|
|
|
|
|
|
|
|
void autoindex(const char *);
|
|
void display_file(const char *);
|
|
void status(const int, const char *);
|
|
void status_redirect(const int, const char *);
|
|
void drop_privileges(const char *, const char *);
|
|
void eunveil(const char *, const char *);
|
|
size_t estrlcat(char *, const char *, size_t);
|
|
size_t estrlcpy(char *, const char *, size_t);
|
|
|
|
void
|
|
eunveil(const char *path, const char *permissions)
|
|
{
|
|
if (unveil(path, permissions) == -1) {
|
|
syslog(LOG_DAEMON, "unveil on %s failed", path);
|
|
err(1, "unveil");
|
|
}
|
|
}
|
|
|
|
size_t
|
|
estrlcpy(char *dst, const char *src, size_t dstsize)
|
|
{
|
|
size_t n = 0;
|
|
|
|
n = strlcpy(dst, src, dstsize);
|
|
if (n >= dstsize) {
|
|
err(1, "strlcyp failed for %s = %s", dst, src);
|
|
}
|
|
|
|
return n;
|
|
}
|
|
|
|
size_t
|
|
estrlcat(char *dst, const char *src, size_t dstsize)
|
|
{
|
|
size_t size;
|
|
if ((size = strlcat(dst, src, dstsize)) >= dstsize)
|
|
err(1, "strlcat on %s + %s", dst, src);
|
|
|
|
return size;
|
|
}
|
|
|
|
void
|
|
drop_privileges(const char *user, const char *path)
|
|
{
|
|
struct passwd *pw;
|
|
int chrooted = 0;
|
|
|
|
/*
|
|
* use chroot() if an user is specified requires root user to be
|
|
* running the program to run chroot() and then drop privileges
|
|
*/
|
|
if (strlen(user) > 0) {
|
|
|
|
/* is root? */
|
|
if (getuid() != 0) {
|
|
syslog(LOG_DAEMON, "chroot requires program to be run as root");
|
|
errx(1, "chroot requires root user");
|
|
}
|
|
/* search user uid from name */
|
|
if ((pw = getpwnam(user)) == NULL) {
|
|
syslog(LOG_DAEMON, "the user %s can't be found on the system", user);
|
|
err(1, "finding user");
|
|
}
|
|
/* chroot worked? */
|
|
if (chroot(path) != 0) {
|
|
syslog(LOG_DAEMON, "the chroot_dir %s can't be used for chroot", path);
|
|
err(1, "chroot");
|
|
}
|
|
chrooted = 1;
|
|
if (chdir("/") == -1) {
|
|
syslog(LOG_DAEMON, "failed to chdir(\"/\")");
|
|
err(1, "chdir");
|
|
}
|
|
/* drop privileges */
|
|
if (setgroups(1, &pw->pw_gid) ||
|
|
setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) ||
|
|
setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) {
|
|
syslog(LOG_DAEMON, "dropping privileges to user %s (uid=%i) failed",
|
|
user, pw->pw_uid);
|
|
err(1, "Can't drop privileges");
|
|
}
|
|
}
|
|
#ifdef __OpenBSD__
|
|
/*
|
|
* prevent access to files other than the one in path
|
|
*/
|
|
if (chrooted) {
|
|
eunveil("/", "r");
|
|
} else {
|
|
eunveil(path, "r");
|
|
}
|
|
/*
|
|
* prevent system calls other parsing queryfor fread file and
|
|
* write to stdio
|
|
*/
|
|
if (pledge("stdio rpath", NULL) == -1) {
|
|
syslog(LOG_DAEMON, "pledge call failed");
|
|
err(1, "pledge");
|
|
}
|
|
#endif
|
|
}
|
|
|
|
void
|
|
status(const int code, const char *file_mime)
|
|
{
|
|
printf("%i %s; %s\r\n",
|
|
code, file_mime, lang);
|
|
}
|
|
|
|
void
|
|
status_redirect(const int code, const char *url)
|
|
{
|
|
printf("%i %s\r\n",
|
|
code, url);
|
|
}
|
|
|
|
void
|
|
display_file(const char *uri)
|
|
{
|
|
FILE *fd = NULL;
|
|
struct stat sb = {0};
|
|
ssize_t nread = 0;
|
|
const char *file_mime;
|
|
char *buffer[BUFSIZ];
|
|
char target[FILENAME_MAX] = {'\0'};
|
|
char fp[PATH_MAX] = {'\0'};
|
|
|
|
/* build file path inside chroot */
|
|
estrlcpy(fp, chroot_dir, sizeof(fp));
|
|
estrlcat(fp, uri, sizeof(fp));
|
|
|
|
/* this is to check if path exists and obtain metadata later */
|
|
if (stat(fp, &sb) == -1) {
|
|
|
|
/* check if fp is a symbolic link
|
|
* if so, redirect using its target */
|
|
if (lstat(fp, &sb) != -1 && S_ISLNK(sb.st_mode) == 1)
|
|
goto redirect;
|
|
else
|
|
goto err;
|
|
}
|
|
|
|
/* check if directory */
|
|
if (S_ISDIR(sb.st_mode) != 0) {
|
|
if (fp[strlen(fp) -1 ] != '/') {
|
|
/* no ending "/", redirect to "path/" */
|
|
char new_uri[PATH_MAX] = {'\0'};
|
|
estrlcpy(new_uri, uri, sizeof(fp));
|
|
estrlcat(new_uri, "/", sizeof(fp));
|
|
status_redirect(31, new_uri);
|
|
return;
|
|
|
|
} else {
|
|
/* there is a leading "/", display index.gmi */
|
|
char index_path[PATH_MAX] = {'\0'};
|
|
estrlcpy(index_path, fp, sizeof(index_path));
|
|
estrlcat(index_path, "index.gmi", sizeof(index_path));
|
|
|
|
/* check if index.gmi exists or show autoindex */
|
|
if (stat(index_path, &sb) == 0) {
|
|
estrlcpy(fp, index_path, sizeof(fp));
|
|
} else if (doautoidx != 0) {
|
|
autoindex(fp);
|
|
return;
|
|
} else {
|
|
goto err;
|
|
}
|
|
}
|
|
}
|
|
|
|
/* open the file requested */
|
|
if ((fd = fopen(fp, "r")) == NULL) { goto err; }
|
|
|
|
file_mime = get_file_mime(fp, default_mime);
|
|
|
|
status(20, file_mime);
|
|
|
|
/* read the file and write it to stdout */
|
|
while ((nread = fread(buffer, sizeof(char), sizeof(buffer), fd)) != 0)
|
|
fwrite(buffer, sizeof(char), nread, stdout);
|
|
goto closefd;
|
|
syslog(LOG_DAEMON, "path served %s", fp);
|
|
|
|
return;
|
|
|
|
err:
|
|
/* return an error code and no content */
|
|
status(51, "text/gemini");
|
|
syslog(LOG_DAEMON, "path invalid %s", fp);
|
|
goto closefd;
|
|
|
|
redirect:
|
|
/* read symbolic link target to redirect */
|
|
if (readlink(fp, target, FILENAME_MAX) == -1) {
|
|
goto err;
|
|
}
|
|
|
|
status_redirect(30, target);
|
|
syslog(LOG_DAEMON, "redirection from %s to %s", fp, target);
|
|
|
|
closefd:
|
|
if (S_ISREG(sb.st_mode) != 0) {
|
|
fclose(fd);
|
|
}
|
|
}
|
|
|
|
void
|
|
autoindex(const char *path)
|
|
{
|
|
struct dirent *dp;
|
|
DIR *fd;
|
|
|
|
|
|
if (!(fd = opendir(path))) {
|
|
err(1,"opendir '%s':", path);
|
|
}
|
|
|
|
syslog(LOG_DAEMON, "autoindex: %s", path);
|
|
|
|
status(20, "text/gemini");
|
|
|
|
/* TODO : add ending / in name if directory */
|
|
while ((dp = readdir(fd))) {
|
|
/* skip self */
|
|
if (!strcmp(dp->d_name, ".")) {
|
|
continue;
|
|
}
|
|
if (dp->d_type == DT_DIR) {
|
|
printf("=> ./%s/ %s/\n", dp->d_name, dp->d_name);
|
|
} else {
|
|
printf("=> ./%s %s\n", dp->d_name, dp->d_name);
|
|
}
|
|
}
|
|
closedir(fd);
|
|
}
|
|
|
|
int
|
|
main(int argc, char **argv)
|
|
{
|
|
char request [GEMINI_REQUEST_MAX] = {'\0'};
|
|
char hostname [GEMINI_REQUEST_MAX] = {'\0'};
|
|
char uri [PATH_MAX] = {'\0'};
|
|
char user [_SC_LOGIN_NAME_MAX] = "";
|
|
int virtualhost = 0;
|
|
int option = 0;
|
|
char *pos = NULL;
|
|
|
|
while ((option = getopt(argc, argv, ":d:l:m:u:vi")) != -1) {
|
|
switch (option) {
|
|
case 'd':
|
|
estrlcpy(chroot_dir, optarg, sizeof(chroot_dir));
|
|
break;
|
|
case 'l':
|
|
estrlcpy(lang, "lang=", sizeof(lang));
|
|
estrlcat(lang, optarg, sizeof(lang));
|
|
break;
|
|
case 'm':
|
|
estrlcpy(default_mime, optarg, sizeof(default_mime));
|
|
break;
|
|
case 'u':
|
|
estrlcpy(user, optarg, sizeof(user));
|
|
break;
|
|
case 'v':
|
|
virtualhost = 1;
|
|
break;
|
|
case 'i':
|
|
doautoidx = 1;
|
|
break;
|
|
}
|
|
}
|
|
|
|
/*
|
|
* do chroot if an user is supplied run pledge/unveil if OpenBSD
|
|
*/
|
|
drop_privileges(user, chroot_dir);
|
|
|
|
/*
|
|
* read 1024 chars from stdin
|
|
* to get the request
|
|
*/
|
|
if (fgets(request, GEMINI_REQUEST_MAX, stdin) == NULL) {
|
|
status(59, "request is too long (1024 max)");
|
|
syslog(LOG_DAEMON, "request is too long (1024 max): %s", request);
|
|
exit(1);
|
|
}
|
|
|
|
/* remove \r\n at the end of string */
|
|
pos = strchr(request, '\r');
|
|
if (pos != NULL)
|
|
*pos = '\0';
|
|
|
|
/*
|
|
* check if the beginning of the request starts with
|
|
* gemini://
|
|
*/
|
|
if (strncmp(request, "gemini://", GEMINI_PART) != 0) {
|
|
/* error code url malformed */
|
|
syslog(LOG_DAEMON, "request «%s» doesn't match gemini://",
|
|
request);
|
|
exit(1);
|
|
}
|
|
syslog(LOG_DAEMON, "request %s", request);
|
|
|
|
/* remove the gemini:// part */
|
|
memmove(request, request + GEMINI_PART, sizeof(request) - GEMINI_PART);
|
|
|
|
/*
|
|
* look for the first / after the hostname
|
|
* in order to split hostname and uri
|
|
*/
|
|
pos = strchr(request, '/');
|
|
|
|
if (pos != NULL) {
|
|
/* if there is a / found */
|
|
/* separate hostname and uri */
|
|
estrlcpy(uri, pos, strlen(pos)+1);
|
|
/* just keep hostname in request */
|
|
pos[0] = '\0';
|
|
}
|
|
/* check if client added :port at end of request */
|
|
pos = strchr(request, ':');
|
|
if (pos != NULL) {
|
|
/* end string at :*/
|
|
pos[0] = '\0';
|
|
}
|
|
/* copy hostname from request */
|
|
estrlcpy(hostname, request, sizeof(hostname));
|
|
|
|
/*
|
|
* if virtualhost feature is actived looking under the chroot_path +
|
|
* hostname directory gemini://foobar/hello will look for
|
|
* chroot_path/foobar/hello
|
|
*/
|
|
if (virtualhost) {
|
|
if (strlen(uri) == 0) {
|
|
estrlcpy(uri, "/index.gmi", sizeof(uri));
|
|
}
|
|
char new_uri[PATH_MAX] = {'\0'};
|
|
estrlcpy(new_uri, hostname, sizeof(new_uri));
|
|
estrlcat(new_uri, uri, sizeof(new_uri));
|
|
estrlcpy(uri, new_uri, sizeof(uri));
|
|
}
|
|
|
|
/* open file and send it to stdout */
|
|
display_file(uri);
|
|
|
|
return (0);
|
|
}
|