2 881a9dd9 2021-01-16 op * Copyright (c) 2021 Omar Polo <op@omarpolo.com>
4 881a9dd9 2021-01-16 op * Permission to use, copy, modify, and distribute this software for any
5 881a9dd9 2021-01-16 op * purpose with or without fee is hereby granted, provided that the above
6 881a9dd9 2021-01-16 op * copyright notice and this permission notice appear in all copies.
8 881a9dd9 2021-01-16 op * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 881a9dd9 2021-01-16 op * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 881a9dd9 2021-01-16 op * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 881a9dd9 2021-01-16 op * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 881a9dd9 2021-01-16 op * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 881a9dd9 2021-01-16 op * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 881a9dd9 2021-01-16 op * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 881a9dd9 2021-01-16 op #include <err.h>
18 881a9dd9 2021-01-16 op #include <errno.h>
20 881a9dd9 2021-01-16 op #include <fcntl.h>
21 881a9dd9 2021-01-16 op #include <signal.h>
22 881a9dd9 2021-01-16 op #include <string.h>
24 881a9dd9 2021-01-16 op #include "gmid.h"
27 881a9dd9 2021-01-16 op send_string(int fd, const char *str)
31 881a9dd9 2021-01-16 op if (str == NULL)
34 881a9dd9 2021-01-16 op len = strlen(str);
36 881a9dd9 2021-01-16 op if (write(fd, &len, sizeof(len)) != sizeof(len))
40 881a9dd9 2021-01-16 op if (write(fd, str, len) != len)
47 881a9dd9 2021-01-16 op recv_string(int fd, char **ret)
51 881a9dd9 2021-01-16 op if (read(fd, &len, sizeof(len)) != sizeof(len))
54 881a9dd9 2021-01-16 op if (len == 0) {
59 881a9dd9 2021-01-16 op if ((*ret = calloc(1, len+1)) == NULL)
62 881a9dd9 2021-01-16 op if (read(fd, *ret, len) != len)
68 881a9dd9 2021-01-16 op send_vhost(int fd, struct vhost *vhost)
72 881a9dd9 2021-01-16 op if (vhost < hosts || vhost > hosts + HOSTSLEN)
75 881a9dd9 2021-01-16 op n = hosts - vhost;
76 881a9dd9 2021-01-16 op return write(fd, &n, sizeof(n)) == sizeof(n);
80 881a9dd9 2021-01-16 op recv_vhost(int fd, struct vhost **vhost)
84 881a9dd9 2021-01-16 op if (read(fd, &n, sizeof(n)) != sizeof(n))
87 881a9dd9 2021-01-16 op if (n < 0 || n > HOSTSLEN)
90 881a9dd9 2021-01-16 op *vhost = &hosts[n];
91 881a9dd9 2021-01-16 op if ((*vhost)->domain == NULL)
96 881a9dd9 2021-01-16 op /* send d though fd. see /usr/src/usr.sbin/syslogd/privsep_fdpass.c
97 881a9dd9 2021-01-16 op * for an example */
99 881a9dd9 2021-01-16 op send_fd(int fd, int d)
101 881a9dd9 2021-01-16 op struct msghdr msg;
103 881a9dd9 2021-01-16 op struct cmsghdr hdr;
104 881a9dd9 2021-01-16 op unsigned char buf[CMSG_SPACE(sizeof(int))];
106 881a9dd9 2021-01-16 op struct cmsghdr *cmsg;
107 881a9dd9 2021-01-16 op struct iovec vec;
108 881a9dd9 2021-01-16 op int result = 1;
111 881a9dd9 2021-01-16 op memset(&msg, 0, sizeof(msg));
113 881a9dd9 2021-01-16 op if (d >= 0) {
114 881a9dd9 2021-01-16 op msg.msg_control = &cmsgbuf.buf;
115 881a9dd9 2021-01-16 op msg.msg_controllen = sizeof(cmsgbuf.buf);
116 881a9dd9 2021-01-16 op cmsg = CMSG_FIRSTHDR(&msg);
117 881a9dd9 2021-01-16 op cmsg->cmsg_len = CMSG_LEN(sizeof(int));
118 881a9dd9 2021-01-16 op cmsg->cmsg_level = SOL_SOCKET;
119 881a9dd9 2021-01-16 op cmsg->cmsg_type = SCM_RIGHTS;
120 881a9dd9 2021-01-16 op *(int*)CMSG_DATA(cmsg) = d;
124 881a9dd9 2021-01-16 op vec.iov_base = &result;
125 881a9dd9 2021-01-16 op vec.iov_len = sizeof(int);
126 881a9dd9 2021-01-16 op msg.msg_iov = &vec;
127 881a9dd9 2021-01-16 op msg.msg_iovlen = 1;
129 881a9dd9 2021-01-16 op if ((n = sendmsg(fd, &msg, 0)) == -1 || n != sizeof(int)) {
130 881a9dd9 2021-01-16 op fprintf(stderr, "sendmsg: got %zu but wanted %zu: (errno) %s",
131 881a9dd9 2021-01-16 op n, sizeof(int), strerror(errno));
137 881a9dd9 2021-01-16 op /* receive a descriptor via fd */
139 881a9dd9 2021-01-16 op recv_fd(int fd)
141 881a9dd9 2021-01-16 op struct msghdr msg;
143 881a9dd9 2021-01-16 op struct cmsghdr hdr;
144 881a9dd9 2021-01-16 op char buf[CMSG_SPACE(sizeof(int))];
146 881a9dd9 2021-01-16 op struct cmsghdr *cmsg;
147 881a9dd9 2021-01-16 op struct iovec vec;
151 881a9dd9 2021-01-16 op memset(&msg, 0, sizeof(msg));
152 881a9dd9 2021-01-16 op vec.iov_base = &result;
153 881a9dd9 2021-01-16 op vec.iov_len = sizeof(int);
154 881a9dd9 2021-01-16 op msg.msg_iov = &vec;
155 881a9dd9 2021-01-16 op msg.msg_iovlen = 1;
156 881a9dd9 2021-01-16 op msg.msg_control = &cmsgbuf.buf;
157 881a9dd9 2021-01-16 op msg.msg_controllen = sizeof(cmsgbuf.buf);
159 881a9dd9 2021-01-16 op if ((n = recvmsg(fd, &msg, 0)) != sizeof(int)) {
160 881a9dd9 2021-01-16 op fprintf(stderr, "read %zu bytes bu wanted %zu\n", n, sizeof(int));
164 881a9dd9 2021-01-16 op if (result) {
165 881a9dd9 2021-01-16 op cmsg = CMSG_FIRSTHDR(&msg);
166 881a9dd9 2021-01-16 op if (cmsg == NULL || cmsg->cmsg_type != SCM_RIGHTS)
168 881a9dd9 2021-01-16 op return (*(int *)CMSG_DATA(cmsg));
173 881a9dd9 2021-01-16 op static inline void
174 881a9dd9 2021-01-16 op safe_setenv(const char *name, const char *val)
176 881a9dd9 2021-01-16 op if (val == NULL)
178 881a9dd9 2021-01-16 op setenv(name, val, 1);
181 881a9dd9 2021-01-16 op /* fd or -1 on error */
183 881a9dd9 2021-01-16 op launch_cgi(const char *spath, const char *relpath, const char *query,
184 881a9dd9 2021-01-16 op const char *addr, const char *ruser, const char *cissuer, const char *chash,
185 881a9dd9 2021-01-16 op struct vhost *vhost)
187 881a9dd9 2021-01-16 op int p[2]; /* read end, write end */
189 881a9dd9 2021-01-16 op if (pipe2(p, O_NONBLOCK) == -1)
192 881a9dd9 2021-01-16 op switch (fork()) {
196 881a9dd9 2021-01-16 op case 0: { /* child */
197 881a9dd9 2021-01-16 op char *portno, *ex, *requri;
198 881a9dd9 2021-01-16 op char *argv[] = { NULL, NULL, NULL };
201 881a9dd9 2021-01-16 op if (dup2(p[1], 1) == -1)
202 881a9dd9 2021-01-16 op goto childerr;
204 881a9dd9 2021-01-16 op if (asprintf(&portno, "%d", conf.port) == -1)
205 881a9dd9 2021-01-16 op goto childerr;
207 881a9dd9 2021-01-16 op if (asprintf(&ex, "%s/%s", vhost->dir, spath) == -1)
208 881a9dd9 2021-01-16 op goto childerr;
210 881a9dd9 2021-01-16 op if (asprintf(&requri, "%s%s%s", spath,
211 568a09c2 2021-01-18 op (relpath != NULL && *relpath == '\0') ? "" : "/",
212 568a09c2 2021-01-18 op (relpath != NULL ? relpath : "")) == -1)
213 881a9dd9 2021-01-16 op goto childerr;
215 881a9dd9 2021-01-16 op argv[0] = argv[1] = ex;
217 881a9dd9 2021-01-16 op safe_setenv("GATEWAY_INTERFACE", "CGI/1.1");
218 28ec6178 2021-01-24 op safe_setenv("SERVER_PROTOCOL", "GEMINI");
219 881a9dd9 2021-01-16 op safe_setenv("SERVER_SOFTWARE", "gmid");
220 881a9dd9 2021-01-16 op safe_setenv("SERVER_PORT", portno);
222 881a9dd9 2021-01-16 op if (!strcmp(vhost->domain, "*"))
223 881a9dd9 2021-01-16 op safe_setenv("SERVER_NAME", vhost->domain);
225 881a9dd9 2021-01-16 op safe_setenv("SCRIPT_NAME", spath);
226 881a9dd9 2021-01-16 op safe_setenv("SCRIPT_EXECUTABLE", ex);
227 881a9dd9 2021-01-16 op safe_setenv("REQUEST_URI", requri);
228 881a9dd9 2021-01-16 op safe_setenv("REQUEST_RELATIVE", relpath);
229 881a9dd9 2021-01-16 op safe_setenv("QUERY_STRING", query);
230 881a9dd9 2021-01-16 op safe_setenv("REMOTE_HOST", addr);
231 881a9dd9 2021-01-16 op safe_setenv("REMOTE_ADDR", addr);
232 881a9dd9 2021-01-16 op safe_setenv("DOCUMENT_ROOT", vhost->dir);
234 881a9dd9 2021-01-16 op if (ruser != NULL) {
235 881a9dd9 2021-01-16 op safe_setenv("AUTH_TYPE", "Certificate");
236 881a9dd9 2021-01-16 op safe_setenv("REMOTE_USER", ruser);
237 881a9dd9 2021-01-16 op safe_setenv("TLS_CLIENT_ISSUER", cissuer);
238 881a9dd9 2021-01-16 op safe_setenv("TLS_CLIENT_HASH", chash);
241 0baf6bed 2021-01-24 op fchdir(vhost->dirfd);
243 881a9dd9 2021-01-16 op execvp(ex, argv);
244 881a9dd9 2021-01-16 op goto childerr;
253 881a9dd9 2021-01-16 op dprintf(p[1], "%d internal server error\r\n", TEMP_FAILURE);
258 881a9dd9 2021-01-16 op executor_main(int fd)
260 881a9dd9 2021-01-16 op char *spath, *relpath, *query, *addr, *ruser, *cissuer, *chash;
261 881a9dd9 2021-01-16 op struct vhost *vhost;
264 881a9dd9 2021-01-16 op #ifdef __OpenBSD__
265 881a9dd9 2021-01-16 op pledge("stdio sendfd proc exec", NULL);
269 881a9dd9 2021-01-16 op if (!recv_string(fd, &spath)
270 881a9dd9 2021-01-16 op || !recv_string(fd, &relpath)
271 881a9dd9 2021-01-16 op || !recv_string(fd, &query)
272 881a9dd9 2021-01-16 op || !recv_string(fd, &addr)
273 881a9dd9 2021-01-16 op || !recv_string(fd, &ruser)
274 881a9dd9 2021-01-16 op || !recv_string(fd, &cissuer)
275 881a9dd9 2021-01-16 op || !recv_string(fd, &chash)
276 881a9dd9 2021-01-16 op || !recv_vhost(fd, &vhost))
279 881a9dd9 2021-01-16 op d = launch_cgi(spath, relpath, query,
280 881a9dd9 2021-01-16 op addr, ruser, cissuer, chash, vhost);
281 881a9dd9 2021-01-16 op if (!send_fd(fd, d))
286 881a9dd9 2021-01-16 op free(relpath);
290 881a9dd9 2021-01-16 op free(cissuer);
294 881a9dd9 2021-01-16 op /* kill all process in my group. This means the listener and
295 881a9dd9 2021-01-16 op * every pending CGI script. */
296 881a9dd9 2021-01-16 op kill(0, SIGINT);
