op public repos

Blob

Date:: Tue Aug 29 09:26:14 2023 UTC
Message:: gemexp: save certs to $XDG_DATA_HOME/gemexp, not /gmid
Actions:: History | Blame | Raw File
1 /*
2  * Copyright (c) 2022, 2023 Omar Polo <op@omarpolo.com>
3  *
4  * Permission to use, copy, modify, and distribute this software for any
5  * purpose with or without fee is hereby granted, provided that the above
6  * copyright notice and this permission notice appear in all copies.
7  *
8  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15  */
16 
17 #include "gmid.h"
18 
19 #include <sys/stat.h>
20 #include <sys/wait.h>
21 
22 #include <errno.h>
23 #include <fcntl.h>
24 #include <getopt.h>
25 #include <locale.h>
26 #include <libgen.h>
27 #include <signal.h>
28 #include <string.h>
29 #include <syslog.h>
30 #include <unistd.h>
31 #include <vis.h>
32 
33 #include "log.h"
34 
35 int privsep_process;
36 
37 static const struct option opts[] = {
38 	{"help",	no_argument,	NULL,	'h'},
39 	{"version",	no_argument,	NULL,	'V'},
40 	{NULL,		0,		NULL,	0},
41 };
42 
43 void
44 log_request(struct client *c, int code, const char *meta)
45 {
46 	char b[GEMINI_URL_LEN];
47 	char cntmp[64], cn[64] = "-";
48 	char rfc3339[32];
49 	const char *t;
50 	struct tm *tm;
51 	time_t now;
52 
53 	if ((now = time(NULL)) == -1)
54 		fatal("time");
55 	if ((tm = localtime(&now)) == NULL)
56 		fatal("localtime");
57 	if (strftime(rfc3339, sizeof(rfc3339), "%FT%T%z", tm) == 0)
58 		fatal("strftime");
59 
60 	if (c->iri.schema != NULL) {
61 		/* serialize the IRI */
62 		strlcpy(b, c->iri.schema, sizeof(b));
63 		strlcat(b, "://", sizeof(b));
64 
65 		/* log the decoded host name, but if it was invalid
66 		 * use the raw one. */
67 		if (*c->domain != '\0')
68 			strlcat(b, c->domain, sizeof(b));
69 		else
70 			strlcat(b, c->iri.host, sizeof(b));
71 
72 		if (*c->iri.path != '/')
73 			strlcat(b, "/", sizeof(b));
74 		strlcat(b, c->iri.path, sizeof(b)); /* TODO: sanitize UTF8 */
75 		if (*c->iri.query != '\0') {	    /* TODO: sanitize UTF8 */
76 			strlcat(b, "?", sizeof(b));
77 			strlcat(b, c->iri.query, sizeof(b));
78 		}
79 	} else {
80 		if ((t = c->req) == NULL)
81 			t = "";
82 		strlcpy(b, t, sizeof(b));
83 	}
84 
85 	if (tls_peer_cert_provided(c->ctx)) {
86 		const char *subj;
87 		char *n;
88 
89 		subj = tls_peer_cert_subject(c->ctx);
90 		if ((n = strstr(subj, "/CN=")) != NULL) {
91 			strlcpy(cntmp, subj + 4, sizeof(cntmp));
92 			if ((n = strchr(cntmp, '/')) != NULL)
93 				*n = '\0';
94 			strnvis(cn, cntmp, sizeof(cn), VIS_WHITE|VIS_DQ);
95 		}
96 	}
97 
98 	fprintf(stderr, "%s %s %s %s %s 0 %d %s\n", rfc3339, c->rhost, cn,
99 	    *c->domain == '\0' ? c->iri.host : c->domain, b, code, meta);
100 }
101 
102 void
103 load_local_cert(struct vhost *h, const char *hostname, const char *dir)
104 {
105 	char *cert, *key;
106 
107 	if (asprintf(&cert, "%s/%s.pem", dir, hostname) == -1)
108 		fatal("asprintf");
109 	if (asprintf(&key, "%s/%s.key", dir, hostname) == -1)
110 		fatal("asprintf");
111 
112 	if (access(cert, R_OK) == -1 || access(key, R_OK) == -1)
113 		gen_certificate(hostname, cert, key);
114 
115 	h->cert = tls_load_file(cert, &h->certlen, NULL);
116 	if (h->cert == NULL)
117 		fatal("can't load %s", cert);
118 
119 	h->key = tls_load_file(key, &h->keylen, NULL);
120 	if (h->key == NULL)
121 		fatal("can't load %s", key);
122 
123 	strlcpy(h->domain, hostname, sizeof(h->domain));
124 }
125 
126 /* wrapper around dirname(3).  dn must be PATH_MAX+1 at least. */
127 static void
128 pdirname(const char *path, char *dn)
129 {
130 	char	 p[PATH_MAX+1];
131 	char	*t;
132 
133 	strlcpy(p, path, sizeof(p));
134 	t = dirname(p);
135 	memmove(dn, t, strlen(t)+1);
136 }
137 
138 static void
139 mkdirs(const char *path, mode_t mode)
140 {
141 	char	dname[PATH_MAX+1];
142 
143 	pdirname(path, dname);
144 	if (!strcmp(dname, "/"))
145 		return;
146 	mkdirs(dname, mode);
147 	if (mkdir(path, mode) != 0 && errno != EEXIST)
148 		fatal("can't mkdir %s", path);
149 }
150 
151 /* $XDG_DATA_HOME/gemexp */
152 char *
153 data_dir(void)
154 {
155 	const char *home, *xdg;
156 	char *t;
157 
158 	if ((xdg = getenv("XDG_DATA_HOME")) == NULL) {
159 		if ((home = getenv("HOME")) == NULL)
160 			fatalx("XDG_DATA_HOME and HOME both empty");
161 		if (asprintf(&t, "%s/.local/share/gemexp", home) == -1)
162 			fatalx("asprintf");
163 	} else {
164 		if (asprintf(&t, "%s/gemexp", xdg) == -1)
165 			fatal("asprintf");
166 	}
167 
168 	mkdirs(t, 0755);
169 	return t;
170 }
171 
172 static int
173 serve(struct conf *conf, const char *host, int port, const char *dir)
174 {
175 	struct addrinfo hints, *res, *res0;
176 	struct vhost *vh = TAILQ_FIRST(&conf->hosts);
177 	struct address *addr, *acp;
178 	int r, error, saved_errno, sock = -1;
179 	const char *cause = NULL;
180 	char service[32];
181 	int any = 0;
182 
183 	event_init();
184 
185 	r = snprintf(service, sizeof(service), "%d", port);
186 	if (r < 0 || (size_t)r >= sizeof(service))
187 		fatal("snprintf");
188 
189 	memset(&hints, 0, sizeof(hints));
190 	hints.ai_family = AF_UNSPEC;
191 	hints.ai_socktype = SOCK_STREAM;
192 	hints.ai_flags = AI_PASSIVE;
193 	error = getaddrinfo(host, service, &hints, &res0);
194 	if (error)
195 		fatalx("%s", gai_strerror(error));
196 	for (res = res0; res; res = res->ai_next) {
197 		sock = socket(res->ai_family, res->ai_socktype,
198 		    res->ai_protocol);
199 		if (sock == -1) {
200 			cause = "socket";
201 			continue;
202 		}
203 
204 		if (bind(sock, res->ai_addr, res->ai_addrlen) == -1) {
205 			cause = "bind";
206 			saved_errno = errno;
207 			close(sock);
208 			errno = saved_errno;
209 			continue;
210 		}
211 
212 		if (listen(sock, 5) == -1)
213 			fatal("listen");
214 
215 		any = 1;
216 
217 		addr = xcalloc(1, sizeof(*addr));
218 		addr->ai_flags = res->ai_flags;
219 		addr->ai_family = res->ai_family;
220 		addr->ai_socktype = res->ai_socktype;
221 		addr->ai_protocol = res->ai_protocol;
222 		addr->slen = res->ai_addrlen;
223 		memcpy(&addr->ss, res->ai_addr, res->ai_addrlen);
224 
225 		addr->conf = conf;
226 		addr->sock = sock;
227 		event_set(&addr->evsock, addr->sock, EV_READ|EV_PERSIST,
228 		    server_accept, addr);
229 
230 		if ((addr->ctx = tls_server()) == NULL)
231 			fatal("tls_server failure");
232 
233 		TAILQ_INSERT_HEAD(&conf->addrs, addr, addrs);
234 
235 		acp = xcalloc(1, sizeof(*acp));
236 		memcpy(acp, addr, sizeof(*acp));
237 		acp->sock = -1;
238 		memset(&acp->evsock, 0, sizeof(acp->evsock));
239 		TAILQ_INSERT_HEAD(&vh->addrs, addr, addrs);
240 	}
241 
242 	if (!any)
243 		fatal("%s", cause);
244 	freeaddrinfo(res0);
245 
246 	server_init(NULL, NULL, NULL);
247 	if (server_configure_done(conf) == -1)
248 		fatalx("server configuration failed");
249 
250 	log_info("serving %s on port %d", dir, port);
251 	event_dispatch();
252 	log_info("quitting");
253 	return 0;
254 }
255 
256 static __dead void
257 usage(void)
258 {
259 	fprintf(stderr,
260 	    "Version: " GE_STRING "\n"
261 	    "Usage: %s [-hVv] [-d certs-dir] [-H hostname] [-p port] [dir]\n",
262 	    getprogname());
263 	exit(1);
264 }
265 
266 int
267 main(int argc, char **argv)
268 {
269 	struct conf *conf;
270 	struct vhost *host;
271 	struct location *loc;
272 	const char *errstr, *certs_dir = NULL, *hostname = "localhost";
273 	char path[PATH_MAX];
274 	int ch, port = 1965;
275 
276 	setlocale(LC_CTYPE, "");
277 
278 	log_init(1, LOG_DAEMON);
279 	log_setverbose(0);
280 	conf = config_new();
281 
282 	/* ge doesn't do privsep so no privsep crypto engine. */
283 	conf->use_privsep_crypto = 0;
284 
285 	while ((ch = getopt_long(argc, argv, "d:H:hp:Vv", opts, NULL)) != -1) {
286 		switch (ch) {
287 		case 'd':
288 			certs_dir = optarg;
289 			break;
290 		case 'H':
291 			hostname = optarg;
292 			break;
293 		case 'h':
294 			usage();
295 			break;
296 		case 'p':
297 			port = strtonum(optarg, 0, UINT16_MAX, &errstr);
298 			if (errstr)
299 				fatalx("port number is %s: %s", errstr,
300 				    optarg);
301 			break;
302 		case 'V':
303 			puts("Version: " GE_STRING);
304 			return 0;
305 		default:
306 			usage();
307 			break;
308 		}
309 	}
310 	argc -= optind;
311 	argv += optind;
312 
313 	if (argc > 1)
314 		usage();
315 
316 	/* prepare the configuration */
317 	init_mime(&conf->mime);
318 
319 	if (certs_dir == NULL)
320 		certs_dir = data_dir();
321 
322 	/* set up the implicit vhost and location */
323 	host = xcalloc(1, sizeof(*host));
324 	TAILQ_INSERT_HEAD(&conf->hosts, host, vhosts);
325 
326 	loc = xcalloc(1, sizeof(*loc));
327 	loc->fcgi = -1;
328 	TAILQ_INSERT_HEAD(&host->locations, loc, locations);
329 
330 	load_local_cert(host, hostname, certs_dir);
331 
332 	strlcpy(host->domain, "*", sizeof(host->domain));
333 	loc->auto_index = 1;
334 	strlcpy(loc->match, "*", sizeof(loc->match));
335 
336 	if (*argv == NULL) {
337 		if (getcwd(path, sizeof(path)) == NULL)
338 			fatal("getcwd");
339 		strlcpy(loc->dir, path, sizeof(loc->dir));
340 	} else {
341 		char	*tmp;
342 
343 		tmp = absolutify_path(*argv);
344 		strlcpy(loc->dir, tmp, sizeof(loc->dir));
345 		free(tmp);
346 	}
347 
348 	/* start the server */
349 	signal(SIGPIPE, SIG_IGN);
350 	setproctitle("%s", loc->dir);
351 	return serve(conf, hostname, port, loc->dir);
352 }